This is a short post addressing some of the appropriate security protocols that could be followed when publishing leaked information, in order to better protect the identity of a leaker.
A printed document can be connected to its source in at least two different ways:
The physical medium (e.g. paper) might contain invisible tracing inks or microscopic markers. For example, many modern printers will mark the paper with tiny patterns that capture a device’s serial number along with the date of a printout. By publishing a scan of the original documents (related to election hacking) in June of 2016, The Intercept may have inadvertently revealed the identity of their source.1 Similarly, metadata embedded in a Microsoft Word file may contain identifying information including names, places, and dates.
The formatting of the text itself may include invisible characters, small spacing alterations, purposeful misalignment, signature letter deformities, or letter substitutions (the Cyrillic “а” instead of an English “a”) that make even a digital copy (copy and paste) of the text not safe for reproduction.
To address such a variety of potential attack vectors, a publisher can take steps to minimize exposure to original media and formatting. While it is possible to apply sophisticated computational techniques such as image filters or fuzzing to add to or remove noise from original documents—simple, low-cost, low-fidelity methods would likely be more robust and more effective in the long term.
Do not publish originals. Re-mediation is key. The safest course is to retype and re-typeset the document by hand, using one’s own equipment. When authenticity of documents is desired, original scans may be printed and rescanned using a copy machine’s lowest quality “noisy” settings. Documents received in Microsoft Word format may be converted to PDF, and the other way around. Making a crumpled “ball of paper” out of a document and then flattening it out (roughly) and rescanning introduces new variations in spacing and line alignment.
It is important to understand that no single method or combination of methods can guarantee complete security. The best course of action is to institute a protocol consisting of several steps and to adhere to it as a matter of policy.
For example, a reasonable course of action might involve (a) converting received digital content into another format, (b) printing it locally, (c) physical deformation, and (c) quality reduction pass via low-fidelity scanning. The order of protocol steps and the tools used for the task matter. For this reason it is important for your staff to receive appropriate training and to have your protocols audited independently.