| ▲ | eviks 8 hours ago |
| You process doesn't make sense, why wouldn't you just black box redact right away and print and scan? What does underline then ink give you? But it's also not the process described in the blog > that's very difficult to unintentionally screw up. You've already screwed up by leaking length and risking errors in manual search&replace |
|
| ▲ | JumpCrisscross 7 hours ago | parent | next [-] |
| > why wouldn't you just black box redact right away and print and scan? What does underline then ink give you? These are roughly equivalent. The point is having a hard copy in between the digital ones. |
| |
| ▲ | eviks 6 hours ago | parent | next [-] | | Why would I settle for a rough equivalence? The point was about the chance of making mistakes in redaction, so sure, if you ignore the difference in the chance of making mistakes (which the underline process increases), everything becomes equivalent! | | |
| ▲ | JumpCrisscross 6 hours ago | parent [-] | | > Why would I settle for a rough equivalence? They're equivalent in security. The digital method is more convenient (albeit more error prone). What confers the security is the print-scan step. Whether one is redacting in between or before doesn't change much. You'd still want to do a tabula rasa and manual post-pass with both methods. > point was about the chance of making mistakes in redaction Best practice is humans redacting in multiple passes for good reason. It's less error prone than relying on a "smart" redactor, which is mostly corporate CYA kit. | | |
| ▲ | eviks 6 hours ago | parent [-] | | > They're equivalent in security They aren't, security is defined as the amount of information you leak. If you have an inferior process where you're substituting the correct digital match with an in incorrect manual match, you're reducing security > albeit more error prone The opposite, you can't find all 925 cases of the word Xyz as efficiently on paper without the ease of a digital text search, my guess is you just have made up a different comparison (e.g., a human spending 100hrs reading paper vs some "smart" app doing 1 min of redactions) vs. the actual process quoted and criticized in my original comment > Whether one is redacting in between or before doesn't change much It does, the chance to make a mistake differs in these cases! Printing & scanning can't help you here, it's a totally set of mistakes > Best practice But this conversation is about a specific blogged-about reality, not your best practice theory! |
|
| |
| ▲ | Teever 6 hours ago | parent | prev [-] | | Absolutely. The other comments replying to your original comment that are nitpicking over implementation details miss the purpose and importance of this step. The fact that this release process is missing this key step is significant too imho. It makes it really clear that the people running this didn't understand all of the dimensions involved in releasing a redacted document like this and/or that they weren't able to get expert opinions on how to do this the right way, which just seems fantastical to me given who we're talking about. In other threads people are discussing the possibility of this being intentional, by disaffected subordinates, poorly vetted and rushed in to work on this against their will. And that's certainly plausible in subordinates but I have a hard time believing that it's the case for the people running this who, if they understood what they were tasked with would have prevented an entire category of errors by simply tasking subordinates to do what you described regardless of how they felt about the task. So to me that leaves the only possibility that the people running this particular operation are incompetent, and given the importance of redacting that is dismaying. Regardless of how you feel about the action of redacting these documents, the extent to which it's done and the motives behind doing it, the idea that the people in charge of this aren't competent to do it is not good at all. | | |
| ▲ | TheOtherHobbes 4 hours ago | parent [-] | | This is one of the biggest document collections ever released to the public (...or will be when it's finally done) and the redactions were done in a hurry by a government agency with limited resources which would usually be doing more useful things. So it's likely there simply isn't the time to do extended multi-step redactions. What's happening is a mix of malicious compliance, incompetence, and time pressure. It's very on-brand for it to be confused, chaotic, and self-harming. |
|
|
|
| ▲ | fc417fc802 7 hours ago | parent | prev | next [-] |
| The blog has no relevance to your claim that the print and scan procedure somehow fundamentally precludes automated search and replace. I refuted that. You remain free to perform automated search and replace prior to printing the document. You also have the flexibility to perform manual redactions both digitally as well as physically with ink. It's clearly a superior process that provides ease of use, ease of understanding, and is exceedingly difficult to screw up. Barr's DoJ should be commended for having selected a procedure that minimizes the risk of systemic failure when carried out by a collection of people with such diverse technical backgrounds and competence levels. Notably, had the same procedure been followed for the Epstein files then the headline we are currently commenting under presumably wouldn't exist. |
| |
| ▲ | eviks 6 hours ago | parent [-] | | > The blog has no relevance to your claim that the print and scan procedure somehow fundamentally precludes automated search and replace. It has direct relevance since it describes the process as lacking the automated search and replace > I refuted that You didn't, you created a meaningless process of underlinig text digitally to waste time redacting it on paper for no reason but add more mistakes, and also replaced the quoted reality with your made up situation to "refute". > and is exceedingly difficult to screw up. It's trivial, and I've told you how in the previous comment > Notably, had the same procedure been followed for the Epstein files then the headline we are currently commenting under presumably wouldn't exist. Nope, this is generic "hack" headline, so guessing a redacted name by comparing the length of plaintext to unmask would fit the headline just as well as a copy&paste hack |
|
|
| ▲ | TylerE 6 hours ago | parent | prev [-] |
| It gets you the non-existance of a PDF full of reversible black boxes. Can't leak a file that doesn't exist. |
| |
| ▲ | eviks 6 hours ago | parent [-] | | But you can leak the content of a file that you printed out and couldn't redact properly by using an inferior method | | |
| ▲ | TylerE 2 hours ago | parent [-] | | But such a document is obviously unredacted. A black boxed PDF appears to be redacted, but isn't. Accidents happen. | | |
| ▲ | eviks an hour ago | parent [-] | | Now that you've shifted the goalposts back closer to the original discussion, what's your point? Yes, you can leak the "nonexisting" file in multiple ways, including the printed one, and yes, "accidents" happen. So are they more likely to happen if you ban digital search and force paper and ink redaction instead? Are they more likely to happen if you black out digitally before printing or underline digitally and ink out physically? And the "obvious word needle in a haystack of many thousands of pages" isn't as self-healing as you appear to think it is. |
|
|
|
