Several electronic layers exist in most documents, a fact overlooked
by many writers. Probing these sublayers often reveals information
not intended for release by the author. Documents in electronic formats
create a “palimpsest” that even semiskilled investigators can probe for
sensitive data.
Palimpsest seems like an exotic word. But literally, it means “scraped
again” from the Greek word roots. In ancient and medieval Europe,
writers often scraped off previous writing on a manuscript and wrote
new text. (Writing media were in short supply and were expensive.)
With modern forensic techniques like ultraviolet light and photography
researchers uncover the original layer of writing.
Using computer forensic techniques, twenty-first century sleuths discover
text and data in electronic documents thought erased by previous
users. Modern electronic media are inherently palimpsestuous.
Secrets become visible through metadata in documents, slack space in
files, magnetic remanence, and other thorny ironies of information retention.
They disclose information often, under the radar, by unintentionally
making sensitive information Web-facing or not encrypting data
on a laptop, which results in information leakage.
Overconfidence that one’s sensitive data is not leaking through to the
outside world will vex security professionals in the twenty-first century.
Immense security resources go to prevent deliberate network intrusion.
However, content security is not always on the forefront of security
thinking. More information leaks out of organizations unintentionally
than corporate America would like to think about. Many of the most
recent headline-grabbers about security breaches involve documents or
files leaked by a stolen laptop or by “misplaced” computer tapes or by
being inadvertently Web-facing. The text identifies common pitfalls in
document security and suggests remedies to prevent future headlines.