Acrobat user gaffe exposes classified info

A public military report on an investigation into the shooting death of an Italian security agent includes blocks of classified data that can be deciphered as easily as copying and pasting text.

Multinational Forces-Iraq issued the report in Adobe Acrobat Portable Document Format April 30 as an unclassified document, with blocks of classified redacted information obscured from public view. But copying and pasting the classified sections into Microsoft Notepad reveals the blocked text.

The breach was discovered by an Italian blogger shortly after the report was posted, and news of the gaffe has circulated among the global blogging community.

Officials of MNF-I took down the report from its own site over the weekend, according to a story posted on European and Pacific Stars and Stripes.

"The procedures that we used [to safeguard the classified information] were inadequate," Air Force Col. C. Donald Alston, MNF-I's chief of strategic communications, told Stars and Stripes. "We consider this a very serious matter."

A U.S. military investigation cleared American troops in the March 4 shooting death of Nicola Calipari, an Italian security agent in Baghdad. Calipari, 50, who had just secured the release of hostage Giuliana Sgrena, an Italian journalist, was killed at a U.S. checkpoint en route to the Baghdad airport.

According to the redacted information, the checkpoint had been set up earlier in the evening as part of preparations for a VIP traveling to Camp Victory outside Baghdad. Among other issues, investigators learned that problems with voice over IP communications prevented members of the command chain from informing troops that the VIP returned to Baghdad by helicopter rather than car.

John Landwehr, group manager for security solutions and strategy at Adobe Systems Inc. in San Jose, Calif., said the information security breach arose from not using a third-party redaction tool in Adobe Acrobat, the application that prepared the PDF.

It seems the document's author "simply changed the background color of the text to match the font," Landwehr said. "The underlying ASCII text is still there. Had they used an actual redaction tool on the PDF, the text would have been completely removed."

Dawn S. Onley and Patience Wait are staff writers with Government Computer News. Onley can be reached at donley@postnewsweektech.com; Wait can be reached at pwait@postnewsweektech.com.