Sunday, June 25, 2006

Disclosure of confidential information through metadata a disciplinary rule violation?

Every time a Microsoft Word document is created, metadata is automatically added to it. Some of the information stored in the document may also be confidential (i.e., previous versions or information that may have been rejected or accepted) and may also expose businesses and individuals to hidden risks when it is communicated to people outside the firm or the company. And because this type of information travels with the document every time it is electronically communicated to others, sensitive or confidential information may be transmitted unknowingly.

The New York State Bar has already tackled the metadata issue:

Lawyers have a duty under DR 4-101 to use reasonable care when transmitting documents by e-mail to prevent the disclosure of metadata containing client confidences or secrets.

Of course, it is not just transmitting through email that can be a problem. Posting an electronic document can be an issue.

A footnote to Ethics Opinion 782 observed: Richard M. Smith, “Microsoft Word bytes Tony Blair in the butt,” June 30, 2003, at (describing how the British government was embarrassed in February 2003 when 10 Downing Street published a dossier on Iraq’s security and intelligence organizations and posted it as a Microsoft Word document on their Web site, which through its metadata revealed the identities of the four civil servants who worked on the document as well as various other documents that contained the same information).

An article in the March 2005 issue of the Nebraska Lawyer explicitly noted that Adobe Acrobat had similar issues with metadata. Thus, the DOJ's recent screw-up is hard to fathom.

The DOJ’s Redaction Gaffe
Posted by Peter Lattman

The Justice Department suffered an embarrassment this week when the New York Sun’s Josh Gerstein discovered that he could read electronically redacted sections of a government court filing in Adobe Acrobat format by pasting them into Microsoft Word.

Gerstein, reporting on the Major League Baseball steroid investigation, discovered underneath the blacked-out lines a juicy e-mail correspondence between the San Francisco Chronicle reporter and Victor Conte, the founder of BALCO, the drug lab that has been implicated in the probe. The email exchange suggests that Conte might have leaked information to the reporter, which he has denied in sworn testimony.

The New York Times’s Adam Liptak has a follow-up story on the government’s gaffe. A DOJ spokesman said, “The electronic filing by the Department of Justice — which appropriately redacted certain material — was not as secure as it should have been. It is an unfortunate error, one that we regret.”

***Previous issues with disclosure of metadata

In March 2004, a gaffe by the SCO Group revealed which companies it had considered targeting in its legal campaign against Linux users.

Lawyers for AT&T accidentally released sensitive information while defending a lawsuit that accuses the company of facilitating a government wiretapping program

[IPBiz post 1699]


Post a Comment

<< Home