T 3.13 Passing on false or internal information
Information other than the desired information is disclosed time and time again when information is passed on to other people. Confidential information or information not intended for the public constantly falls into the wrong hands in this manner. This can happen when mailing or otherwise handing over data media as well as when exchanging information in person, over the telephone, and when using any other form of data transmission. Another way in which data is unintentionally given to other people is when handing over, selling or disposing of data media that were supposedly erased.
It is possible for a data medium to be sent or otherwise passed on to contain data from earlier transactions that is not intended to be disclosed to the recipient. This data can be read by the recipient if it is not specifically and physically deleted beforehand by the sender.
If the data to be transferred is located in a directory together with additional data that also requires protection, then there is a risk that this data will be transferred accidentally on the data media together with the rest of the data (e.g. because the entire directory was copied for the sake of simplicity) and disclosed to the recipient unnecessarily (in an unauthorised manner).
Data records are often transferred directly over a data network, for example via email on the Internet, a modem connection, internal company networks or a X.400 service instead of using a physical data media. Many communication programs offer the ability to use short abbreviations or codes for complex address structures and distribution lists for sending multiple copies at the same time. If such distribution lists are not administered at a central location or updated at regular intervals, data records may be sent to addresses belonging to people who are no longer authorised to receive such data.
Time and time again, data media are passed on, sold or disposed of without completely erasing the information stored on them. The simple delete commands available on most operating systems can be undone or the data deleted can be reconstructed using freely available software tools. Data that has supposedly been destroyed can be read and used without authorisation in this case.
Confidential documents are accidentally sent to the wrong recipients, and letters are printed out with internal comments and placed in the envelope without noticing the comments all the time, even when sending documents via traditional mail. Documents in which only a few pieces of confidential information need to be removed, such as people's names, are also often transferred. In such cases, it may be that the information was not removed or only removed in part, for example because some passages were overlooked or the wrong removal method was chosen.
Examples:
- In a government agency, the data stored on data media taken out of service was not completely and irreversibly erased because an unsuitable tool was used to erase the data media. It was therefore possible to reconstruct the data using freely available software tools. After the IT systems and data media were sold, the purchasers were able to read confidential data and make it public.
A method often used to make some of the information in a document illegible is to black out the document. However, a lot can go wrong when redacting a document:- With writing on paper confidential passages are often covered up with black marker. In such cases, the original information can often be seen by holding the paper up to the light.
- In May 2005 the Pentagon published an investigative report on the internet, in which names of people and information on military locations in Iraq were blacked out. However, the blacked out information could be made visible again by simply copying and pasting from the PDF file onto the clipboard. In the original Word document the Pentagon had just covered the passages with a black background. The text beneath was preserved in the PDF export.
-