It's funny seeing this play out because in my personal life anytime I'm sharing a sensitive document where someone needs to see part of it but I don't want them to see the rest that's not relevant, I'll first block out/redact the text I don't want them to see (covering it, using a redacting highlighter thing, etc.), and then I'll screenshot the page and make that image a PDF.
I always felt paranoid (without any real evidence, just a guess) that there would always be a chance that anything done in software could be reversed somehow.
it's absolutely bewildering how ridiculous everything has been so far in terms of competence and this really takes the cherry on the top near Christmas too.
This is what I do while sharing such images. I crop out those parts first and then take another screenshot. I do not even risk painting over and then take another screenshot. I have been doing this forever.
Befuddling that this happened again. It’s not the first time
- Paul Manafort court filing (U.S., 2019)
Manafort’s lawyers filed a PDF where the “redacted” parts were basically black highlighting/boxes over live text. Reporters could recover the hidden text (e.g., via copy/paste).
- TSA “Standard Operating Procedures” manual (U.S., 2009)
A publicly posted TSA screening document used black rectangles that did not remove the underlying text; the concealed content could be extracted. This led to extensive discussion and an Inspector General review.
- UK Ministry of Defence submarine security document (UK, 2011)
A MoD report had “redacted” sections that could be revealed by copying/pasting the “blacked out” text—because the text was still present, just visually obscured.
- Apple v. Samsung ruling (U.S., 2011)
A federal judge’s opinion attempted to redact passages, but the content was still recoverable due to the way the PDF was formatted; copying text out revealed the “redacted” parts.
- Associated Press + Facebook valuation estimate in court transcript (U.S., 2009)
The AP reported it could read “redacted” portions of a court transcript by cut-and-paste (classic overlay-style failure). Secondary coverage notes the mechanism explicitly.
A broader “history of failures” compilation (multiple orgs / years)
The PDF Association collected multiple incidents (including several above) and describes the common failure mode: black shapes drawn over text without deleting/sanitizing the underlying content.
https://pdfa.org/wp-content/uploads/2020/06/High-Security-PD...
> - Associated Press + Facebook valuation estimate in court transcript (U.S., 2009) The AP reported it could read “redacted” portions of a court transcript by cut-and-paste (classic overlay-style failure). Secondary coverage notes the mechanism explicitly.
What happens in a court case when this occurs? Does the receiving party get to review and use the redacted information (assuming it’s not gagged by other means) or do they have to immediately report the error and clean room it?
Edit: after reading up on this it looks like attorneys have strict ethical standards to not use the information (for what little that may be worth), but the Associated Press was a third party who unredacted public court documents in a separate Facebook case.
> What happens in a court case when this occurs? Does the receiving party get to review and use the redacted information (assuming it’s not gagged by other means) or do they have to immediately report the error and clean room it?
Typically, two copies of a redacted document are submitted via ECF. One is an unredacted but sealed copy that is visible to the judge and all parties to the case. The other is a redacted copy that is visible to the general public.
So, to answer what I believe to be your question: the opposing party in a case would typically have an unredacted copy regardless of whether information is leaked to the general public via improper redaction, so the issue you raise is moot.
> Edit: after reading up on this it looks like attorneys have strict ethical standards to not use the information (for what little that may be worth), but the Associated Press was a third party who unredacted public court documents in a separate Facebook case.
Curious. I am not a litigator but this is surprising if you found support for it. My gut was that the general obligation to be a zealous advocate for your client would require a litigant to use inadvertently disclosed information unless it was somehow barred by the court. Confidentiality obligations would remain owed to the client, and there might be some tension there but it would be resolvable.
My recollection is that it varies quite a bit between jurisdictions. The ABA's model rules require you to notify the other party when they accidentally send you something but leave unspecified what else, if anything, you might have to do.
My guess would be that if the benefitting legal party didn't need to declare they also benefitted from this (because they legally can't be caught, etc.) they wouldn't.
I know and am friends with a lot of lawyers. They're pretty ruthless when it comes to this kind of thing.
Legally, I would think both parties get copies of everything. I don't know if that was the case here.
The covid origins Slack messages discovery material (Anderson & Holmes) were famously poorly redacted pdfs, allowing their unredacting by Gilles Demaneuf, benefiting all of us.
Given the context and the baldly political direction behind the redactions, it's not at all unlikely that this is the result of deliberate sabotage or malicious compliance. Bondi isn't blacking these things out herself, she's ordering people to do it who aren't true believers. Purges take time (and often blood). She's stuck with the staff trained under previous administrations.
"There are major differences between the Trump 1.0 and 2.0 administrations. In the Trump 1.0 administration, many of the most important officials were very competent men. One example would be then-Attorney General William Barr. Barr is contemptible, yes, but smart AF. When Barr’s DOJ released a redacted version of the Mueller Report, they printed the whole thing, made their redactions with actual ink, and then re-scanned every page to generate a new PDF with absolutely no digital trace of the original PDF file. There are ways to properly redact a PDF digitally, but going analog is foolproof.
The Trump 2.0 administration, in contrast, is staffed top to bottom with fools."
It's like Russian spies being caught in the Netherlands with taxi receipts showing they took a taxi from their Moscow HQ to the airport: corrupt organizations attract/can only hire incompetent people...
Anyone remember how the Trump I regime had staff who couldn't figure out the lighting in the White House, or mistitled Australia's Prime Minister as President?
It’s easy to appear competent when you’re sitting on your butt doing nothing. Had exactly did Barr and Co. accomplish in terms of moving forward the agenda people voted for? These guys were so eager to win accolades from liberals they couldn’t even pick the lowest hanging fruit. Totally pathetic effort after the stellar performance by the legal eagles in the Obama administration. Trump 2.0 is pursing a very aggressive legal strategy. It has a bunch of very smart people racking up wins in areas such as funding cuts, education, civil rights, deployment of national guard, etc. It also has people that are… struggling. But, unlike with Trump 1.0, they’re actually trying to move the ball forward for their team.
The bigger difference from my perspective is that they have competent people doing the strategy this time. The last Trump administration failed to use the obvious levers available to accomplish fascism, while this one has been wildly successful on that end. In a few years they will have realigned the whole power dynamic in the country, and unfortunately more and more competent people will choose to work for them in order to receive the benefits of doing so.
> but smart AF. When Barr’s DOJ released a redacted version of the Mueller Report, they printed the whole thing, made their redactions with actual ink, and then re-scanned every page to generate a new PDF with absolutely no digital trace of the original PDF file.
This is a dumb way of doing that, exactly what "stupid" people do when their are somewhat aware of the limits of their competence or only as smart as the tech they grew up with. Also, this type of redaction eliminates the possibility to change text length, which is a very common leak when especially for various names/official positions. And it doesn't eliminate the risk of non-redaction since you can't simply search&replace with machine precision, but have to do the manual conversion step to printed position
I'm not so sure it's about knowing his own limitations, rather it's about building a reliable process and trusting that process more than either technology or people.
Any process that relies on 100% accuracy from either people or technology will eventually fail. It's just a basic matter of statistics. However, there are processes that CAN, at least in theory, be 100% effective.
So following that strange logic if a dumb person knows he's dumb, he's suddenly become intelligent? Or is that impossible by your peculiar definition of intelligence?
Wisdom would be knowing not to try and exceed those limits
Intelligence would be knowing they exist (I know that I cannot fly by flapping my arms, it took intelligence to deduce that, wisdom tells me not to try and jump from a height and flap my arms to fly. Further intelligence can be applied, deducing that there are artificial means by which I can attain flight)
Knowing your limits has to be a sign of intelligence.
"Dumb" people (FTR the description actually refers to something rather than that which you think it does...) run around on the internet getting mad because they haven't thought things through...
It's an interesting question though. I know quite some "smart" people who lack self awareness to an almost fatal degree yet can outdo the vast majority of the population at solving logic puzzles. It tends to be a rather frustrating condition to deal with.
> this type of redaction eliminates the possibility to change text length, which is a very common leak when especially for various names/official positions
Increasing the size of the redaction box to include enough of the surrounding text to make that very difficult.
Not at all. It's a procedure that's very difficult to unintentionally screw up. Sometimes that's what you want.
> you can't simply search&replace with machine precision
Sure you can. Search and somehow mark the text (underline or similar) to make keywords hard to miss. Then proceed with the manual print, expunge, scan process.
You process doesn't make sense, why wouldn't you just black box redact right away and print and scan? What does underline then ink give you? But it's also not the process described in the blog
> that's very difficult to unintentionally screw up.
You've already screwed up by leaking length and risking errors in manual search&replace
Why would I settle for a rough equivalence? The point was about the chance of making mistakes in redaction, so sure, if you ignore the difference in the chance of making mistakes (which the underline process increases), everything becomes equivalent!
They're equivalent in security. The digital method is more convenient (albeit more error prone). What confers the security is the print-scan step. Whether one is redacting in between or before doesn't change much.
You'd still want to do a tabula rasa and manual post-pass with both methods.
> point was about the chance of making mistakes in redaction
Best practice is humans redacting in multiple passes for good reason. It's less error prone than relying on a "smart" redactor, which is mostly corporate CYA kit.
They aren't, security is defined as the amount of information you leak. If you have an inferior process where you're substituting the correct digital match with an in incorrect manual match, you're reducing security
> albeit more error prone
The opposite, you can't find all 925 cases of the word Xyz as efficiently on paper without the ease of a digital text search, my guess is you just have made up a different comparison (e.g., a human spending 100hrs reading paper vs some "smart" app doing 1 min of redactions) vs. the actual process quoted and criticized in my original comment
> Whether one is redacting in between or before doesn't change much
It does, the chance to make a mistake differs in these cases! Printing & scanning can't help you here, it's a totally set of mistakes
> Best practice
But this conversation is about a specific blogged-about reality, not your best practice theory!
Absolutely. The other comments replying to your original comment that are nitpicking over implementation details miss the purpose and importance of this step.
The fact that this release process is missing this key step is significant too imho. It makes it really clear that the people running this didn't understand all of the dimensions involved in releasing a redacted document like this and/or that they weren't able to get expert opinions on how to do this the right way, which just seems fantastical to me given who we're talking about.
In other threads people are discussing the possibility of this being intentional, by disaffected subordinates, poorly vetted and rushed in to work on this against their will. And that's certainly plausible in subordinates but I have a hard time believing that it's the case for the people running this who, if they understood what they were tasked with would have prevented an entire category of errors by simply tasking subordinates to do what you described regardless of how they felt about the task.
So to me that leaves the only possibility that the people running this particular operation are incompetent, and given the importance of redacting that is dismaying.
Regardless of how you feel about the action of redacting these documents, the extent to which it's done and the motives behind doing it, the idea that the people in charge of this aren't competent to do it is not good at all.
The blog has no relevance to your claim that the print and scan procedure somehow fundamentally precludes automated search and replace. I refuted that. You remain free to perform automated search and replace prior to printing the document. You also have the flexibility to perform manual redactions both digitally as well as physically with ink.
It's clearly a superior process that provides ease of use, ease of understanding, and is exceedingly difficult to screw up. Barr's DoJ should be commended for having selected a procedure that minimizes the risk of systemic failure when carried out by a collection of people with such diverse technical backgrounds and competence levels.
Notably, had the same procedure been followed for the Epstein files then the headline we are currently commenting under presumably wouldn't exist.
> The blog has no relevance to your claim that the print and scan procedure somehow fundamentally precludes automated search and replace.
It has direct relevance since it describes the process as lacking the automated search and replace
> I refuted that
You didn't, you created a meaningless process of underlinig text digitally to waste time redacting it on paper for no reason but add more mistakes, and also replaced the quoted reality with your made up situation to "refute".
> and is exceedingly difficult to screw up.
It's trivial, and I've told you how in the previous comment
> Notably, had the same procedure been followed for the Epstein files then the headline we are currently commenting under presumably wouldn't exist.
Nope, this is generic "hack" headline, so guessing a redacted name by comparing the length of plaintext to unmask would fit the headline just as well as a copy&paste hack
> this type of redaction eliminates the possibility to change text length
This is the only weakness of Barr's method.
> it doesn't eliminate the risk of non-redaction since you can't simply search&replace with machine precision
Anyong relying on automated tools to redact is doing so performatively. At the end of the day, you need people who understand the context to sit down and read through the documents and strike out anything that reveals–directly or indirectly, spelled correctly or incorrectly–too much.
Of course it isn't, the other weakness you just dismiss is the higher risk of failed searches. People already fail with digital, it's even harder to do in print or translate digital to print (something a machine can do with 100% precision, now you've introduced a human error)
> At the end of the day, you need people who understand the context
Before the end of the day there is also the whole day, and if you have to waste the attention of such people on doing ink redactions instead of dedicating all of their time to focused reading, you're just adding mistakes for no benefit
Forget about typoes. Until recent LLMs, machines couldn't detect oblique or identifying references. (And with LLMs, you still have the problem of hallucinations. To say nothing of where you're running the model.)
> if you have to waste the attention of such people on doing ink redactions instead of dedicating all of their time to focused reading
You've never read a text with a highlighter or pen?
Out of curiosity, have you worked with sensitive information that needed to be shared across security barriers?
Reading through material in context and actively removing the telling bits seems very focused to me.
Furthermore, reading through long winded, dry legalese (or the like) and then occasionally marking it up seems like an excellent way to give the brain short breaks to continue on rather than to let the mind wander in a sea of text.
I am for automating all the things but I can see pros and cons for both digital and manual approaches.
The reading is focused, but that focus is wasted on menial work, which makes it easier to miss something more important
> give the brain short breaks
Set a timer if you feel that's of any use? Why does the break have to depend on the random frequency of terms to be redacted? What if there is nothing to redact for pages, why let the mind wander?
> I am for automating
But you're arguing against it. What's the pro of manually replacing all 1746 occurrences of "Trump" instead of spending 0.01% of that time with a digital search & replace and then spending the other 1% digitally searching for variants with typos and then spending the last 99% in focused reading trying to find that you've missed "the owner of Mar-a-Lago Club" reference or something more complicated (and then also replace that variant digitally rather than hoping you'd notice it every single time you wade through walls of legalese!)
> What's the pro of manually replacing all 1746 occurrences of "Trump" instead of spending 0.01% of that time with a digital search & replace and then spending the other 1% digitally searching for variants with typos
Because none of this involves a focussed reading. It's the same reason why Level 3 can be less safe than Level 4. If you're skimming, you're less engaged than if you're reading in detail. (And if you're skipping around, you're missing context. You may catch Trump and Trup, but will you catch POTUD? Alternatively, if you just redact every mention of the President, you may wind up creating a President ***, thereby confirming what you were trying to redact.)
If it doesn't matter, automate it. If you care, have a team do a proper redaction.
They're not 'hacks' it's the people doing the redaction making beginner mistakes of not properly removing the selectable text under the redactions. They're either drawing black rectangles over the text or highlighting it black neither of which prevents the underlying text from being selected.
Keeping that secret would require sponaneous silence from everyone looking at these docs which is just not possible.
This was my initial reaction to this news. I mean think about it
The Trump team knows that nobody is gonna buy whatever they put out as being the full story. Isn't this just the perfect way to make people feel like they got something they weren't supposed to see? They can increase trust in the output without having to increase trust in the source of it
And as far as I've heard there hasn't been anything "unredacted" that's been of any consequence. It all just feels a little too perfect.
Black square vs redaction tool difference is well known if someone's job involves redacting PDF or just working with PDF. It's most likely that additional staffs were pulled in and weren't given enough training.
Colleagues whose full time job is doing this sort of thing for various bits of the government have told me this is exactly the case here. People from all over the government have been deputized to redact these documents with little or no prior training.
I wonder if this activity is being used as a kind of loyalty test. Keep track of who is assigned to redact what, and then if certain files leak or are insufficiently redacted, they indicate who isn't all in on Dear Leader.
It's not like a few more stories of Trump raping $whomever are going to move the needle at all, especially with how the media is on board with burying negative coverage of the regime.
Also if you're wondering how this activity isn't some kind of abuse of government resources, keep in mind that thanks to the Supreme Council's embrace of the Unitary Executive Theory (ie Sparkling Autocracy), covering up evidence about Donald Trump raping under-aged sex trafficking victims is now an official priority of the United States Government.
Let people believe it's deliberate sabotage. Unfortunately, in real life, minions of a dictator serve the dictator; they don't risk their live or safety for a noble cause. Any screw-ups are a result of gross incompetence that is typical for every dictatorship.
Totalitarianism in power invariably replaces all first-rate talents, regardless of their sympathies, with those crackpots and fools whose lack of intelligence and creativity is still the best guarantee of their loyalty.
I wouldn’t go so far as to call it a dictatorship, but it’s definitely trending toward authoritarianism.
Wasn't too hard to put together a quick graph of the past decade for the U.S. using the World Press Freedom Index (relative ranking and score) - an annual ranking of 180 countries published by Reporters Without Borders that measures the level of press freedom.
what is the US exactly currently if not dictatorship? is there a single
thing “President” cannot do right now and if so who would be stopping him? so perhaps on paper US is not dictatorship much like Russia and China are not… We spend decades trying to fight these regimes and lost so much that now we are worse than them :)
it is not a setback, they have to play a little game now and again to entertain the masses. scotus as it was before doesn’t exist anymore and won’t for decades, it now just rubberstamps
I quoted the media. The main point in this context is the "rare" part. I'm well aware of the nature of the GOP operatives on the SCOTUS. Thomas, Alito, and Gorsuch all voted in Trump's favor. That Beerhead, Ms. IDreamOfGilead, and "Citizens United/I hate the VRA/worst chief justice since Taney" voted to temporarily uphold the stay actually surprised me (Bart O' said he would have given Trump more leeway) but yes, it's theater.
You said "right now". If you want to change to "will be able to do in the near future, before the end of his second term", that's a (slightly?) different list. But it's also a different comment.
You said "anything", in the context of dictatorship. I only used items in this list which IMO you can reasonably say Putin, an actual dictator, can do. Right now. Except the first one! Because that was a joke, a reference to something he himself said he could do.
If you want to change to "anything which has backroom deal importance, not just bread and games for the masses, but the real things, if you know you know", that's a (slightly) different list.
Pretty much everything he's tried to enact (besides name changes of monuments) has been shot down by the supreme court. This is the exact opposite of a dictatorship. You need to educate yourself on our current system of government. But I know, orange man bad.
Want to see a real dictatorship? Ukraine jailed all opposing politicians during the war with Russia and stopped having elections. Yet, it's still supported by a large percentage of the population in the US.
The last administration not only tried to jail Trump on bogus charges, but any lawyer that supported him (and his supporters were fired from their jobs).
In addition to this, we are now seeing that large counties in states like Georgia violated laws with hundreds and thousands of votes in the 2020 election. These all point to a dictatorship, that we lived through, yet nobody like you is complaining about it on HN.
I truly believe we're headed that direction. I've lived long enough to have seen a wide variety of presidents, both good and bad. This one is easily the worst one, in terms of bare naked power grabs.
I believe Trump will manufacture a crisis before he's out of office in a bid to maintain control. I believe he will have learned from Bush Jr. that a simple war isn't good enough, and it needs to be a genuine emergency.
I believe he'll do whatever he can to make that happen. Native born terrorist, or war with a close country, or absolutely over the top financial crash. Something awful that lets him invoke some obscure rule that lets him stay in power with congressional approval - he'll just skip the congressional approval part like he already does.
Its exactly equivalent to a dictatorship by the head of the CIA, unless the CIA is effectively answerable to some other authority despite not being answerable to the law, and then it is equivalent to a dictatorship by that higher authority.
Yes, and if the hypothetical were that the CIA was effectively outside of control of the law for actions committed in private by CIA personnel in their homes, then the conclusion would be different (even though an agency the scale of the CIA would still have different implications than an individual even then), but that wasn't the hypothetical under discussion, which had much fewer—as in zero—qualifications on the CIA’s lack of accountability.
> if the hypothetical were that the CIA was effectively outside of control of the law for actions committed in private by CIA personnel in their homes
My point is their actions are committed outside the law. They've just been able to avoid punishment by covering it up. What they are not is above the law, at least not in the long run. (There are absolutely short bouts where the CIA acts above the law overseas, and rare cases where it has done so domestically. But the fact that they're covering it up betrays that they're crafty bastards, not invincible ones.)
The CIA ran torture prisons, got caught, then there was a congressional inquiry, and they hacked into the computers of the congresspeople to delete the evidence of torture.
Then they got caught hacking congressional computers to delete evidence.
> CIA ran torture prisons, got caught, then there was a congressional inquiry, and they hacked into the computers of the congresspeople to delete the evidence of torture
One, source?
Two, this above reproach. Not above the law. They deleted the evidence, they didn't just blow the scandal off. (Historically, our IC was popular. Right now, it's the deep state. You're seeing political appointees at the FBI and CIA exert control.)
The pendulum swings. It always does. And all the powers SCOTUS gave the executive branch will eventually be in the hands of the Loyal Opposition.
If it swings as far back you might even see universal health care, sane gun laws, fair wages, campaign finance reform, reproductive freedom, science based policy making, reigning in billionaires, etc.
I have very little faith that scotus will have any consistency in their decisions going forward - they seem to be nakedly political, and backing trump. If the elections swing the other direction (despite their aid in gerrymandering), expect them to cry about the power of the presidency and start rolling it back as fast as they can push decisions through the shadow docket.
I'd love to limit the semi-auto rifles like the infamous AR-15. Useless for hunting, useless for self-defense. In exchange for country-wide reciprocity for concealed carry and firearm transportation.
I'm not a 1A guy, I think that for instance people with a history of domestic violence shouldn't be armed (that is what I would cite as "common sense"), but this statement really damages your credibility. Of course semiautomatic rifles are useful for both hunting and for self defense. They are effective weapons. That's the problem.
> I'm not a 1A guy, I think that for inference people with a history of domestic violence shouldn't be armed
Whut? How the fuck did you make that jump?
AR-15 rifles are useless for hunting. They are too small to reliably kill large game (deer) and too large for small game (rabbits). Sure, they're fine for coyotes, but if you're buying an AR-15 to hunt coyotes, then you should just stop.
AR-15s are also useless for self-defense. They are too bulky for indoor use, and the bullets can penetrate multiple walls. A regular semi-auto handgun is far superior if you're looking to protect yourself against domestic violence.
The domestic violence thing was about a potential gun regulation, not a scenario. People with domestic violence convictions are overrepresented among murderers and mass shooters. So it would make sense to prevent them from obtaining guns.
It's useless for hunting, but you identify circumstances it's useful in. You say it's useless for self defense because it's bulky, I've heard a hundred people say it's ideal because it's easier to be proficient with a rifle than with a pistol.
Say whatever you want, but when you make absolute statements like that, it damages your credibility. That's my feedback for you.
I don't really care to have an in depth discussion of self defense scenarios because I don't think that helps us understand common sense gun regulation any better. I'm sure you can find people making that argument if you are curious. My point is not that the AR-15 is an appropriate self defense weapon but that there are better arguments you could have made, and that the one you did make lost someone who is already sympathetic to your position.
Reporting is that they had a basically impossible deadline and they took lawyers off of counterintelligence work to do this. So a conscious act of resistance is possible, but it's a situation where mistakes are likely - people working very quickly trying to meet a deadline and doing work they aren't that familiar with and don't really want to be doing.
It seems like a common tactic by this administration is to just not do what they are required to do until they have been told 50 times and criminal charges are being filed. I suspect the actual truth here is 'don't do this' turned into 'you have 1 day to do this and keep my name out of the release' which led to lots of issues. They probably spent more time deciding the order of pages to release, and how to avoid releasing the things damaging to the administration, than actually doing the work needed to release it. Now they will say 'look, see! You didn't give us enough time and our incompetence is the proof'
Any major documents/files have been removed all together. Then the rest was farmed out to anyone they could find with basic instructions to redact anything embarrassing.
Since there's absolutely zero chance anyone in the administration will ever be held accountable for what's left, they're not overly concerned.
The thing that I've been waiting to see for years is the actual video recordings. There were supposedly cameras everywhere, for years. I'm not even talking about the disgusting stuff, I'm talking security for entrances, hallways, etc.
The FBI definitely has them, where are they?
What about Maxwell's media files? There was nothing found there? Did they subpoena security companies and cloud providers?
The documents are all deniable. Yes video evidence can now be easily faked, but real video will have details that are hard to invent. Regardless, videos are worth millions of words.
Given the sheer number of people they had to pull in and work overtime to redact Trump's name as well as those of prominent Republicans and donors as per numerous sources within the FBI and the administration itself, incompetence is likely for a chunk of it.
It’s funny that this effort, the largest exertion of FBI agents second only to 9/11, seems to be unprepared to redact. Cynically, I’m prepared for it to be part of a generative set of PDFs derived from the prompt “create court documents consistent with these 16 PDFs which obscure the role of Donald Trump between 1993 and 1998.”
For context, lawyers deal with this all the time. In discovery, there is an extensive document ("doc") review process to determine if documents are responsive or non-responsive. For example, let's say I subpoenaed all communication between Bob and Alice between 1 Jan 2019 and 1 Jan 2020 in relation to the purchase of ABC Inc as part of litigation. Every email would be reviewed and if it's relevant to the subpoena, it's marked as responsive, given an identifier and handed over to the other side. Non-responsive communication might not be eg attorney-client communications.
It can go further and parts of documents can be viewed as non-responsive and otherwise be blacked out eg the minutes of a meeting that discussed 4 topics and only 1 of them was about the company purchase. That may be commercially sensitive and beyond the scope of the subpoena.
Every such redaction and exclusion has to be logged and a reason given for it being non-responsive where a judge can review that and decide if the reason is good or not, should it ever be an issue. Can lawyers find something damaging and not want to hand it over and just mark it non-responsive? Technically, yes. Kind of. It's a good way to get disbarred or even jailed.
My point with this is that lawyers, which the Department of Justice is full of, are no strangers to this process so should be able to do it adequately. If they reveal something damaging to their client this way, they themselves can get sued for whatever the damages are. So it's something they're careful about, for good reason.
So in my opinion, it's unlikely that this is an act of resistance. Lawyers won't generally commit overt illegal acts, particularly when the only incentive is keeping their job and the downside is losing their career. It could happen.
What I suspect is happening is all the good lawyers simply aren't engaging in this redaction process because they know better so the DoJ had the wheel out some bad and/or unethical ones who would.
What they're doing is in blatant violation to the law passed last month and good lawyers know it.
There's a lot of this going on at the DoJ currently. Take the recent political prosecutions of James Comey, Letitia James, etc. No good prosecutor is putting their name to those indictments so the administration was forced to bring in incompetent stooges who would. This included former Trump personal attorneys who got improerly appointed as US Attorneys. This got the Comey indictment thrown out.
The law that Ro Khanna and Thomas Massey co-sponsored was sweeping and clear about what needs to be released. The DoJ is trying to protect both members of the administration and powerful people, some of whom are likely big donors and/or foreign government officials or even heads of state.
That's also why this process is so slow I imagine. There are only so many ethically compromised lackeys they can find.
Fine, but the teeth of this act belong to some future justice department. I predict Trump will issue blanket pardons for everyone involved, up to Bondi; and that none of them will respect a congressional subpoena.
Its not a hack to copy and paste text that is part of the document data. The incompetence of the people responsible to comply with the law doesnt mean its reasonable to label something a hack.
If someone sends me a document with text in it that they meant to remove but didn't and then I read that text, I haven't hacked anything they're just incompetent.
Hacking is unauthorised use of a system. Reading a document that was not adequately redacted can hardly be considered hacking.
Or in case some folks find the addition of a computer confusing here, if someone sends you a physical letter and they've used correction tape or a black marker to obscure some parts of the letter, and you scratch away the correction tape or hold the letter up to a light source to read what's underneath, have you committed a crime?
I'm not a lawyer, so I don't know what the law has to say about this. But I do have at least a small handful of brain cells to rub together, so I know what the law _should_ say about this.
If this were prior to 2021, I would say the CFAA could be violated so long as the property owner's _intentions_ were for that information to only be accessible to certain users. But I think the CFAA has been sufficiently reduced in scope after Van Buren v United States [0]
Precisely. If someone wants me to sign a contract on acceptable use of resources (like an agreement not to reverse engineer their software) they send me then that's another thing.
Absent that excluding other default protections like copyright, what I do with it should fall under the assumption of "basically anything".
I’m not an attorney or anything, but the relevant federal statute is explicitly about unauthorized access of computer systems (18 USC 1030).
Opening someone else’s laptop and guessing the password would absolutely fall under that definition, but I think it’s very much questionable if poking around a document that you have legitimately obtained would do so.
Yes, this is the digital equivalent of sticking a blank Post-it over text and calling it “redacted”. Mind-boggling that the same mistake has been made over and over again.
Also had this first thought, but then a hack could just be a way around a limit/lack of authorization, doesn't have to be unknown/sophisticated, so copy of black boxes fits
By serving up the PDF file I am being authorized to receive, view, process, etc etc the entire contents. Not just some limited subset. If I wasn't authorized to receive some portion of the file then that needed to be withheld to begin with.
That's entirely different from gaining unauthorized entry to a system and copying out files that were never publicly available to begin with.
To put it simply, I am not responsible for the other party's incompetence.
That's not true, you can mistakenly receive data you're not authorized to have (might even be criminal to have!)
> That's entirely different from gaining unauthorized entry to a system and copying out files that were never publicly available to begin with.
That's not the sum total of hacks, if you have publicly accessible password-protected PDF and guess the password as 1234, that's a hack. Copy& paste of black boxes is similarly a hack around content protection
> To put it simply, I am not responsible for the other party's incompetence.
To put it even simpler, this conversation is not about you and your responsibility, but about the different meanings of the word "hack "
> you can mistakenly receive data you're not authorized to have (might even be criminal to have!)
Not the layman, at least to the best of my knowledge.
Yes, certain licensed professionals can be subject to legal obligations in very specific situations. But in general, if you screw up and mail something to me (electronic or otherwise) then that is on you. I am not responsible for your actions.
> if you have publicly accessible password-protected PDF and guess the password as 1234, that's a hack
Sure, I'll agree that the software to break the DRM qualifies as a hack (in the technical work sense). It also might (or might not) rise to the level of "lack of legal authorization". I don't think it should, but the state of laws surrounding DRM make it clear that one probably wouldn't go in my favor.
However that isn't what (I understood) us to be talking about - ie legal authorization as it relates to black box redaction and similar fatally flawed approaches that leave the plain text data directly accessible (and thus my access plainly facilitated by the sender, if inadvertently).
> this conversation is not about ...
You are the only one using the term "hack" here. Please note that I had responded to your "limit/lack of authorization" phrasing. Nothing more.
That said, while we're on the topic I'll note the ambiguity of the term "hack" in this context. Illegal access versus clever but otherwise mundane bit of code (no laws violated). You seem to be failing to clearly differentiate.
> Not the layman, at least to the best of my knowledge.
Are you not aware of content that is criminal to possess? Like CP is the most common example.
> I am not responsible for your actions.
I've already addressed this confusion of yours - this is NOT about your responsibility for someone else's actions, but about your own actions and whether they constitute a "hack".
> You are the only one using the term "hack" here. Please note that I had responded to your "limit/lack of authorization" phrasing. Nothing more.
Please open a dictionary for the word hack to understand this conversation! And note the word "authorization" in the definition.
> However that isn't what (I understood) us to be talking about - ie legal authorization
Understandably you're confused, the legal limit is your own making, authorization is way broader than that.
> I'll note the ambiguity of the term "hack" in this context
Exactly!!! Keep looking into the definition to resolve the ambiguity!
You realize we just went from (the legal equivalent of) "I accidentally mailed you my tax return" to "I accidentally mailed you a bomb". Like yeah, it remains illegal to retain possession of said bomb irrespective of the fact that someone intentionally sent it. That is ... not at all surprising?
Beyond that you're clearly just trolling at this point, going to great lengths to manufacture an argument about a term that I never used to begin with. "Lack of authorization" has a clear legal meaning whereas "hack" does not.
For the 3rd time, this conversation is not about YOU and not about what surprises you!
> "Lack of authorization" has a clear legal meaning whereas "hack" does not.
No, you've made up this limit to some "legal meaning" (also wrong here, large variety there as well but wouldn't want to endulge you further). Again, open up a dictionary on "hack", then follow the definition of "authorization" from there, if you only find "legal" in there, get a better dictionary, journalists / commenters are usually not lawyers, so they wouldn't accept your artificial legal limits on meaning!
Stupid question: why is the government even allowed to redact stuff? Isn’t the government keeping secrets from the people totally antithetical to democracy?
It's not the government, it's the department of justice. To name two: protection of witnesses, protection of state secrets ("the people" is not a person who can keep secrets).
Right, I’m aware of the excuses the government uses to keep secrets.
But on principle, what right does the government have to keep secrets from its own people? I don’t believe we had that button at the founding, it was added somewhere along the way. I’m asking what is the justification for this, and whether in the grand scheme of things that outweighs the principle of the government not being a separate entity from the people.
There are multiple ways to approach witness protection. For example if we have a problem with witnesses being harmed we could make being involved with witness harm at any layer of indirection a capital offense. We can probably think of other options besides the government being allowed to keep secrets from its own people.
Competence and possibility of malicious compliance are interesting questions, but I think the more appropriate question is if DoJ will be sued for violating the law by redacting unrelated content?
There is a book by Richard Dawkins- I am me I am free or something like that, and it has a main picture of Richard standing naked and having a private part being covered by black rectangle but somehow my laptop back then was slow and when you scrolled it would temporary remove the square for a split second
Are you sure? I can't find any trace of any book by Richard Dawkins with a title much like that, and that doesn't seem like a very on-brand sort of cover pic for a book by him, and an image search for "Richard Dawkins book cover" doesn't turn up anything like it.
The average office worker has it on their computer, illustrating how commonplace unredacting could be. Any text tool will work, even some designed to detect bad redactions in PDFs via drag and drop (now specifically trained on these known bad redactions). https://github.com/freelawproject/x-ray
Apart from the technological and procedural question, I would love to learn why the DOJ found it important to protect Indyke. He was Epstein's lawyer, and now we learn that he was personally involved. He is not a Washington person. We expected there to be politically motivated protection of certain people, but is the DOJ just going to blanket protect anybody in the docs?
Indyke works for other powerful people, runs in MAGA circles.
Two things come to mind:
* Some things Indyke did fall outside the scope of lawyer-client privilege. It would be bad for certain people to get him on a stand and force him to spill the beans. He was never interviewed re: Epstein [1]
* He's a very talented lawyer, insofar as a competent lawyer with, at least, extreme discretion, is talented.
He was Epstein’s lawyer, he almost certainly has the dirt on anyone the DoJ wants to protect, and may be the kind of person that would be inclined to burn whoever DoJ was protecting if he wasn't getting treatment at least as favorable.
Regardless of the content itself, naive redaction of a high profile PDF still exposing the text contents is something that seems relevant to the community. Maybe you are in the wrong place?
PDF is an absurdly complex file format. It's part of the reason there is no single "good" PDF reader, just a lot of mediocre PDF readers that are all terrible in their own way. Which is a topic for another day.
There are several ways to remove data in a PDF:
- Remove the data. This is much harder than it sounds. Many PDF tools won't let you change the content of a PDF, not because it isn't possible, but because you'll likely massively screw up the formatting, and the tools don't want to deal with that.
- Replace the data. This what what all the "blackout" tools do, find "A" and replace with "🮋". This is effective and doesn't break formatting since it's a 1-to-1 replacement. The problem with "replacing" is that not every PDF tool works the same way, and some, instead, just change the foreground and background color to black; it looks nearly the same, but the power of copy-and-paste still functions.
- Then you have the computer illiterate, who think changing the foreground and background color to black is good enough anyway.
> - Remove the data. This is much harder than it sounds. Many PDF tools won't let you change the content of a PDF, not because it isn't possible, but because you'll likely massively screw up the formatting, and the tools don't want to deal with that.
Compared to other formats this is actually relatively easy in a PDF since the way the text drawing operators work they don't influence the state for arbitrary other content. A lot of positioning in a PDF is absolute (or relative to an explicitly defined matrix which has hardcoded values). Usually this makes editing a PDF harder (since when changing text the related text does not adapt automatically), but when removing data it makes it much easier since you can mostly just delete it without affecting anything else. (There are exceptions for text immediately after the removed data, but that's limited and relatively easy to control.)
> - Replace the data. This what what all the "blackout" tools do, find "A" and replace with "🮋". This is effective and doesn't break formatting since it's a 1-to-1 replacement.
That's actually rather tricky in PDFs since they usually contain embedded subset fonts and these usually do not have "🮋" as part of the subset. Also doing this would break the layout since "🮋" has a different width than most letters in a typical font, so it would not lead to less formatting issues than the previous option. Unless the "🮋" is stretched for each letter to have the same dimensions, but then the stretched characters allow to recover the text.
> The problem with "replacing" is that not every PDF tool works the same way, and some, instead, just change the foreground and background color to black; it looks nearly the same, but the power of copy-and-paste still functions.
PDF does not have a concept of a background color. If it looks like a background color in PDF, you have a rectangle drawn in one color and something in the foreground color in front of it. What you usually see in badly redacted PDF files is exactly this, but in opposite color: Someone just draws a black box on top of the characters. You could argue that this is smarter since it would still work even if someone would chnage colors, but of course, PDF is a vector format. If you just add a rectangle, someone else can remove it again. (And also copy & paste doesn't care about your rectangle)
>- Remove the data. This is much harder than it sounds. Many PDF tools won't let you change the content of a PDF, not because it isn't possible, but because you'll likely massively screw up the formatting, and the tools don't want to deal with that.
>- Replace the data. This what what all the "blackout" tools do, find "A" and replace with "🮋". This is effective and doesn't break formatting since it's a 1-to-1 replacement. The problem with "replacing" is that not every PDF tool works the same way, and some, instead, just change the foreground and background color to black; it looks nearly the same, but the power of copy-and-paste still functions.
You're making it sound way harder than it is, when both adobe acrobat and the built-in preview app on mac can both competently redact documents. I'm not aware of instances of either (or any other purpose-made redaction tools) failing. I wouldn't homebrew a python script to do my redaction either, but that doesn't mean doing redactions properly in some insurmountable task for some intern.
Thanks for this. Really quells the urge I get every so often to just code my own PDF editor, because they all suck and certainly it couldn't be THAT hard. Such hubris!
> PDF includes eight basic types of objects: Boolean values, Integer and Real numbers, Strings, Names, Arrays, Dictionaries, Streams, and the null object
Wait, this is more complete than SOAP. It may be a good idea to redo the IPC protocol with a different serialization format!
7.5.6 "Incremental updates" from the specification is an interesting section too, speaking about accessing data people didn't think to remove from PDF files properly.
I did a bunch of work creating pdfs using a low-level API, object goes here stuff.
As far as I understand it, at its core, pdf is just a stream of instructions that is continually modifying the document. You can insert a thousand objects before you start the next word in a paragraph. And this is just the most basic stuff. Anything on a page can be anywhere in the stream. I don't know if you can go back and edit previous pages, you might have a shot at least trying to understand one page at a time.
Did you know you can have embedded XML in PDFs? You can have a paper form with all the data filled in and include an XML version of that for any computer systems that would like an easier way to read it.
I remember reading the recommendation for journalists to redact documents is to black them out in the digital version, print it out, and re-scan it. Anything else has too many potential ways by which it might be possible to smuggle data.
Even that might leak to length attacks: one reasonable plaintext would lead to black bars of 1135 px, another to 1138 px, and with enough redactions you can converge on what the plaintext might be.
The only safe way for journalists is to paraphrase what the document said and to say "an unnamed source claims that ..." and to guarantee with your reputation, and the reputation of your publisher, that you are being faithful to what the original source said. For even better results, combine multiple sources.
Unfortunately paraphrasing things and taking editorial responsibility have both been deprecated in favour of rereleasing press releases in the house style, so it's difficult to get the actual journalism these days.
Mistaking redaction tool (replaces data with black square) and black highlighter (adds black square as another layer). If people doing redactions are computer-illiterate, they won't see the difference.
They drew black boxes over the text. The text is still underneath. On OCR'd scanned documents, the text you'd copy is actually stored in metadata and just linked by position to the image.
Anyway, if you click on a "redaction", you're clicking on the box and can't select the text underneath, but if you just highlight the text around it, you can copy all the original text.
PDF is less like an image, and more like a web page where elements can be stacked on top of each other. You can visually obscure things by sticking a black rectangle over the top, but anyone who inspects inside the pdf can remove it or see the text in the source.
There would also be a mix of text documents, and image scans. The way to censor each is different.
Perfectly censoring documents, particularly digital ones is actually surprisingly difficult.
I love how the entire internet thinks that this is a big deal when all that happened is that USDOJ re-posted some poorly-redacted court documents that were poorly redacted by non-USDOJ attorneys more than three years ago.
Yes, USDOJ is incompetent and dysfunctional, but this is not why. But sure, whatever, carry on...
ah, found it - this is from the 'Court Records' part.
https://www.justice.gov/multimedia/Court Records/Matter of the Estate of Jeffrey E. Epstein, Deceased, No. ST-21-RV-00005 (V.I. Super. Ct. 2021)/2022.03.17-1 Exhibit 1.pdf
They are unredacted because either those in charge are not familiar with basic office tasks, or someone wanted this stuff to leak and nobody checked thier work. Either brand of incompetance should cause heads to roll. But, just like the signal fiasco, nothing will happen. When your brand is perfection, you cannot ever admit a mistake.
Copying and pasting doesn't work. Unless your PDF viewer does OCR. And if the redaction is just a black rectangle overlaid on top, that can still be removed.
Probably the Underhanded C Contest (https://www.underhanded-c.org/_page_id_17.html) but yeah. Obfuscated C Contest entries usually aren't underhanded, just intentionally obscure about what they do or how they do it.
So is the data extracted the names of the victims that were supposed to be hidden to protect them? Or is there something else that might be worthy of exposing?
The downvoters assume that it is a bad faith question. The downvoters are 99% right with that. If the 1% hit then OP is just exceedingly naive and did not followed the scandal in which case they should maybe first do some reading.
The names of involved powerful people were NOT supposed to be censored. All those names except Bill Clinton name were redacted. To protect Trump and everybody else involved in the scandal except said Bill Clinton. But especially to protect Trump.
I assume that de facto federal "law" now makes it illegal to be raped, and those men are the victims. That would be a logical conclusion of edgelord vice signalling, right?
It's certainly possible that some of the underlings are deliberately sabotaging orders from above. It's also possible that they're incompetent, as so many of the Trump team are. How would we know which it is?
Did we learn anything useful or is it exactly as I said in the other thread, which got downvoted to hell, that all the really juicy blackmail material is with the CIA and will never see the light of day?
Won't know until all the documents are released. The blackmail is undeniable. But what's more interesting is who else was involved. Who purchased his services? That's what they are trying to hide.
“Like you guys have had this stuff for a year. Doesn’t it seem like you could just throw all that into AI at this stage of the game? And just redact the names of the victims, and let’s go.” Joe Rogan
I think this is a good thing. I think the people talking dictator this and that do not understand we have the ability to critique the administration. What we lack is control of the underhanded lobbyism. It is a warped democracy but still a democracy.
I always felt paranoid (without any real evidence, just a guess) that there would always be a chance that anything done in software could be reversed somehow.
how much lower can they go ?!
- Paul Manafort court filing (U.S., 2019) Manafort’s lawyers filed a PDF where the “redacted” parts were basically black highlighting/boxes over live text. Reporters could recover the hidden text (e.g., via copy/paste).
- TSA “Standard Operating Procedures” manual (U.S., 2009) A publicly posted TSA screening document used black rectangles that did not remove the underlying text; the concealed content could be extracted. This led to extensive discussion and an Inspector General review.
- UK Ministry of Defence submarine security document (UK, 2011) A MoD report had “redacted” sections that could be revealed by copying/pasting the “blacked out” text—because the text was still present, just visually obscured.
- Apple v. Samsung ruling (U.S., 2011) A federal judge’s opinion attempted to redact passages, but the content was still recoverable due to the way the PDF was formatted; copying text out revealed the “redacted” parts.
- Associated Press + Facebook valuation estimate in court transcript (U.S., 2009) The AP reported it could read “redacted” portions of a court transcript by cut-and-paste (classic overlay-style failure). Secondary coverage notes the mechanism explicitly.
A broader “history of failures” compilation (multiple orgs / years) The PDF Association collected multiple incidents (including several above) and describes the common failure mode: black shapes drawn over text without deleting/sanitizing the underlying content. https://pdfa.org/wp-content/uploads/2020/06/High-Security-PD...
What happens in a court case when this occurs? Does the receiving party get to review and use the redacted information (assuming it’s not gagged by other means) or do they have to immediately report the error and clean room it?
Edit: after reading up on this it looks like attorneys have strict ethical standards to not use the information (for what little that may be worth), but the Associated Press was a third party who unredacted public court documents in a separate Facebook case.
Typically, two copies of a redacted document are submitted via ECF. One is an unredacted but sealed copy that is visible to the judge and all parties to the case. The other is a redacted copy that is visible to the general public.
So, to answer what I believe to be your question: the opposing party in a case would typically have an unredacted copy regardless of whether information is leaked to the general public via improper redaction, so the issue you raise is moot.
Curious. I am not a litigator but this is surprising if you found support for it. My gut was that the general obligation to be a zealous advocate for your client would require a litigant to use inadvertently disclosed information unless it was somehow barred by the court. Confidentiality obligations would remain owed to the client, and there might be some tension there but it would be resolvable.
I know and am friends with a lot of lawyers. They're pretty ruthless when it comes to this kind of thing.
Legally, I would think both parties get copies of everything. I don't know if that was the case here.
The Trump 2.0 administration, in contrast, is staffed top to bottom with fools."
https://daringfireball.net/linked/2025/12/23/trump-doj-pdf-r...
https://www.vice.com/en/article/russian-spies-chemical-weapo...
Anyone remember how the Trump I regime had staff who couldn't figure out the lighting in the White House, or mistitled Australia's Prime Minister as President?
Please tell me they were saving them for expensing.
You mean the guy who covered up for Epstein's 'suicide' and expected us morons to believe it?
I may have disagreed with them on virtually every policy point, but they seemed to disagree with the most harmful Trump policies as well.
We would have never agreed on the right policy, but we definitely agreed that his policy was not the right one.
They had a great playbook in Project 2025. I'm not convinced Trump ever had the smartest people executing it.
This is a dumb way of doing that, exactly what "stupid" people do when their are somewhat aware of the limits of their competence or only as smart as the tech they grew up with. Also, this type of redaction eliminates the possibility to change text length, which is a very common leak when especially for various names/official positions. And it doesn't eliminate the risk of non-redaction since you can't simply search&replace with machine precision, but have to do the manual conversion step to printed position
Being aware of one's limitations is the strongest hallmark of intelligence I've come across...
Any process that relies on 100% accuracy from either people or technology will eventually fail. It's just a basic matter of statistics. However, there are processes that CAN, at least in theory, be 100% effective.
Intelligence would be knowing they exist (I know that I cannot fly by flapping my arms, it took intelligence to deduce that, wisdom tells me not to try and jump from a height and flap my arms to fly. Further intelligence can be applied, deducing that there are artificial means by which I can attain flight)
"Dumb" people (FTR the description actually refers to something rather than that which you think it does...) run around on the internet getting mad because they haven't thought things through...
Increasing the size of the redaction box to include enough of the surrounding text to make that very difficult.
> you can't simply search&replace with machine precision
Sure you can. Search and somehow mark the text (underline or similar) to make keywords hard to miss. Then proceed with the manual print, expunge, scan process.
> that's very difficult to unintentionally screw up.
You've already screwed up by leaking length and risking errors in manual search&replace
These are roughly equivalent. The point is having a hard copy in between the digital ones.
They're equivalent in security. The digital method is more convenient (albeit more error prone). What confers the security is the print-scan step. Whether one is redacting in between or before doesn't change much.
You'd still want to do a tabula rasa and manual post-pass with both methods.
> point was about the chance of making mistakes in redaction
Best practice is humans redacting in multiple passes for good reason. It's less error prone than relying on a "smart" redactor, which is mostly corporate CYA kit.
They aren't, security is defined as the amount of information you leak. If you have an inferior process where you're substituting the correct digital match with an in incorrect manual match, you're reducing security
> albeit more error prone
The opposite, you can't find all 925 cases of the word Xyz as efficiently on paper without the ease of a digital text search, my guess is you just have made up a different comparison (e.g., a human spending 100hrs reading paper vs some "smart" app doing 1 min of redactions) vs. the actual process quoted and criticized in my original comment
> Whether one is redacting in between or before doesn't change much
It does, the chance to make a mistake differs in these cases! Printing & scanning can't help you here, it's a totally set of mistakes
> Best practice
But this conversation is about a specific blogged-about reality, not your best practice theory!
The fact that this release process is missing this key step is significant too imho. It makes it really clear that the people running this didn't understand all of the dimensions involved in releasing a redacted document like this and/or that they weren't able to get expert opinions on how to do this the right way, which just seems fantastical to me given who we're talking about.
In other threads people are discussing the possibility of this being intentional, by disaffected subordinates, poorly vetted and rushed in to work on this against their will. And that's certainly plausible in subordinates but I have a hard time believing that it's the case for the people running this who, if they understood what they were tasked with would have prevented an entire category of errors by simply tasking subordinates to do what you described regardless of how they felt about the task.
So to me that leaves the only possibility that the people running this particular operation are incompetent, and given the importance of redacting that is dismaying.
Regardless of how you feel about the action of redacting these documents, the extent to which it's done and the motives behind doing it, the idea that the people in charge of this aren't competent to do it is not good at all.
It's clearly a superior process that provides ease of use, ease of understanding, and is exceedingly difficult to screw up. Barr's DoJ should be commended for having selected a procedure that minimizes the risk of systemic failure when carried out by a collection of people with such diverse technical backgrounds and competence levels.
Notably, had the same procedure been followed for the Epstein files then the headline we are currently commenting under presumably wouldn't exist.
It has direct relevance since it describes the process as lacking the automated search and replace
> I refuted that
You didn't, you created a meaningless process of underlinig text digitally to waste time redacting it on paper for no reason but add more mistakes, and also replaced the quoted reality with your made up situation to "refute".
> and is exceedingly difficult to screw up.
It's trivial, and I've told you how in the previous comment
> Notably, had the same procedure been followed for the Epstein files then the headline we are currently commenting under presumably wouldn't exist.
Nope, this is generic "hack" headline, so guessing a redacted name by comparing the length of plaintext to unmask would fit the headline just as well as a copy&paste hack
Can't leak a file that doesn't exist.
This is the only weakness of Barr's method.
> it doesn't eliminate the risk of non-redaction since you can't simply search&replace with machine precision
Anyong relying on automated tools to redact is doing so performatively. At the end of the day, you need people who understand the context to sit down and read through the documents and strike out anything that reveals–directly or indirectly, spelled correctly or incorrectly–too much.
Of course it isn't, the other weakness you just dismiss is the higher risk of failed searches. People already fail with digital, it's even harder to do in print or translate digital to print (something a machine can do with 100% precision, now you've introduced a human error)
> At the end of the day, you need people who understand the context
Before the end of the day there is also the whole day, and if you have to waste the attention of such people on doing ink redactions instead of dedicating all of their time to focused reading, you're just adding mistakes for no benefit
Forget about typoes. Until recent LLMs, machines couldn't detect oblique or identifying references. (And with LLMs, you still have the problem of hallucinations. To say nothing of where you're running the model.)
> if you have to waste the attention of such people on doing ink redactions instead of dedicating all of their time to focused reading
You've never read a text with a highlighter or pen?
Out of curiosity, have you worked with sensitive information that needed to be shared across security barriers?
Furthermore, reading through long winded, dry legalese (or the like) and then occasionally marking it up seems like an excellent way to give the brain short breaks to continue on rather than to let the mind wander in a sea of text.
I am for automating all the things but I can see pros and cons for both digital and manual approaches.
> give the brain short breaks
Set a timer if you feel that's of any use? Why does the break have to depend on the random frequency of terms to be redacted? What if there is nothing to redact for pages, why let the mind wander?
> I am for automating
But you're arguing against it. What's the pro of manually replacing all 1746 occurrences of "Trump" instead of spending 0.01% of that time with a digital search & replace and then spending the other 1% digitally searching for variants with typos and then spending the last 99% in focused reading trying to find that you've missed "the owner of Mar-a-Lago Club" reference or something more complicated (and then also replace that variant digitally rather than hoping you'd notice it every single time you wade through walls of legalese!)
Because none of this involves a focussed reading. It's the same reason why Level 3 can be less safe than Level 4. If you're skimming, you're less engaged than if you're reading in detail. (And if you're skipping around, you're missing context. You may catch Trump and Trup, but will you catch POTUD? Alternatively, if you just redact every mention of the President, you may wind up creating a President ***, thereby confirming what you were trying to redact.)
If it doesn't matter, automate it. If you care, have a team do a proper redaction.
Let all the files get released first.
Then show your hacks.
Keeping that secret would require sponaneous silence from everyone looking at these docs which is just not possible.
The Trump team knows that nobody is gonna buy whatever they put out as being the full story. Isn't this just the perfect way to make people feel like they got something they weren't supposed to see? They can increase trust in the output without having to increase trust in the source of it
And as far as I've heard there hasn't been anything "unredacted" that's been of any consequence. It all just feels a little too perfect.
And yes, I've heard of Hanlon's Razor haha
https://en.wikipedia.org/wiki/Hanlon%27s_razor
It's not like a few more stories of Trump raping $whomever are going to move the needle at all, especially with how the media is on board with burying negative coverage of the regime.
Also if you're wondering how this activity isn't some kind of abuse of government resources, keep in mind that thanks to the Supreme Council's embrace of the Unitary Executive Theory (ie Sparkling Autocracy), covering up evidence about Donald Trump raping under-aged sex trafficking victims is now an official priority of the United States Government.
Totalitarianism in power invariably replaces all first-rate talents, regardless of their sympathies, with those crackpots and fools whose lack of intelligence and creativity is still the best guarantee of their loyalty.
Wasn't too hard to put together a quick graph of the past decade for the U.S. using the World Press Freedom Index (relative ranking and score) - an annual ranking of 180 countries published by Reporters Without Borders that measures the level of press freedom.
https://imgur.com/a/4liEqqi
Stand in the middle of fifth Avenue and shoot someone :)
Have political enemies executed
Get his face on Mount Rushmore
Disband congress
Disband the Supreme Court
Keep Jimmy Kimmel off air
Get Jon Stuart to shut up
Get James comey indicted
Get a national holiday named after him
Etc.
Even when we focus on things he tried to do, there is a lot he couldn’t. Let alone when you look at things he didn’t try to do.
lots of these are of course also just a distraction to discuss at Thanksgiving and Christmas dinner vs you know, other things
You said "anything", in the context of dictatorship. I only used items in this list which IMO you can reasonably say Putin, an actual dictator, can do. Right now. Except the first one! Because that was a joke, a reference to something he himself said he could do.
If you want to change to "anything which has backroom deal importance, not just bread and games for the masses, but the real things, if you know you know", that's a (slightly) different list.
But, it's also a different comment.
Want to see a real dictatorship? Ukraine jailed all opposing politicians during the war with Russia and stopped having elections. Yet, it's still supported by a large percentage of the population in the US.
The last administration not only tried to jail Trump on bogus charges, but any lawyer that supported him (and his supporters were fired from their jobs).
In addition to this, we are now seeing that large counties in states like Georgia violated laws with hundreds and thousands of votes in the 2020 election. These all point to a dictatorship, that we lived through, yet nobody like you is complaining about it on HN.
I believe Trump will manufacture a crisis before he's out of office in a bid to maintain control. I believe he will have learned from Bush Jr. that a simple war isn't good enough, and it needs to be a genuine emergency.
I believe he'll do whatever he can to make that happen. Native born terrorist, or war with a close country, or absolutely over the top financial crash. Something awful that lets him invoke some obscure rule that lets him stay in power with congressional approval - he'll just skip the congressional approval part like he already does.
The CIA, for example, is entirely above the law.
Its exactly equivalent to a dictatorship by the head of the CIA, unless the CIA is effectively answerable to some other authority despite not being answerable to the law, and then it is equivalent to a dictatorship by that higher authority.
No it's not. I can commit all manner of illegal acts in my home unnoticed, that doesn't make me a dictator.
Analogies don't work when they aren't analogous.
My point is their actions are committed outside the law. They've just been able to avoid punishment by covering it up. What they are not is above the law, at least not in the long run. (There are absolutely short bouts where the CIA acts above the law overseas, and rare cases where it has done so domestically. But the fact that they're covering it up betrays that they're crafty bastards, not invincible ones.)
Then they got caught hacking congressional computers to delete evidence.
Nothing happened to them.
They are above the law. You are not.
One, source?
Two, this above reproach. Not above the law. They deleted the evidence, they didn't just blow the scandal off. (Historically, our IC was popular. Right now, it's the deep state. You're seeing political appointees at the FBI and CIA exert control.)
If it swings as far back you might even see universal health care, sane gun laws, fair wages, campaign finance reform, reproductive freedom, science based policy making, reigning in billionaires, etc.
I love these.
I'm not a 1A guy, I think that for instance people with a history of domestic violence shouldn't be armed (that is what I would cite as "common sense"), but this statement really damages your credibility. Of course semiautomatic rifles are useful for both hunting and for self defense. They are effective weapons. That's the problem.
Whut? How the fuck did you make that jump?
AR-15 rifles are useless for hunting. They are too small to reliably kill large game (deer) and too large for small game (rabbits). Sure, they're fine for coyotes, but if you're buying an AR-15 to hunt coyotes, then you should just stop.
AR-15s are also useless for self-defense. They are too bulky for indoor use, and the bullets can penetrate multiple walls. A regular semi-auto handgun is far superior if you're looking to protect yourself against domestic violence.
It's useless for hunting, but you identify circumstances it's useful in. You say it's useless for self defense because it's bulky, I've heard a hundred people say it's ideal because it's easier to be proficient with a rifle than with a pistol.
Say whatever you want, but when you make absolute statements like that, it damages your credibility. That's my feedback for you.
Could you describe a specific scenario one of those hundred people might be imagining?
So a shotgun then?
One of my favorite trivia questions is: how long has it been since Congress has had staff scientists?
Any major documents/files have been removed all together. Then the rest was farmed out to anyone they could find with basic instructions to redact anything embarrassing.
Since there's absolutely zero chance anyone in the administration will ever be held accountable for what's left, they're not overly concerned.
The thing that I've been waiting to see for years is the actual video recordings. There were supposedly cameras everywhere, for years. I'm not even talking about the disgusting stuff, I'm talking security for entrances, hallways, etc.
The FBI definitely has them, where are they?
What about Maxwell's media files? There was nothing found there? Did they subpoena security companies and cloud providers?
The documents are all deniable. Yes video evidence can now be easily faked, but real video will have details that are hard to invent. Regardless, videos are worth millions of words.
For context, lawyers deal with this all the time. In discovery, there is an extensive document ("doc") review process to determine if documents are responsive or non-responsive. For example, let's say I subpoenaed all communication between Bob and Alice between 1 Jan 2019 and 1 Jan 2020 in relation to the purchase of ABC Inc as part of litigation. Every email would be reviewed and if it's relevant to the subpoena, it's marked as responsive, given an identifier and handed over to the other side. Non-responsive communication might not be eg attorney-client communications.
It can go further and parts of documents can be viewed as non-responsive and otherwise be blacked out eg the minutes of a meeting that discussed 4 topics and only 1 of them was about the company purchase. That may be commercially sensitive and beyond the scope of the subpoena.
Every such redaction and exclusion has to be logged and a reason given for it being non-responsive where a judge can review that and decide if the reason is good or not, should it ever be an issue. Can lawyers find something damaging and not want to hand it over and just mark it non-responsive? Technically, yes. Kind of. It's a good way to get disbarred or even jailed.
My point with this is that lawyers, which the Department of Justice is full of, are no strangers to this process so should be able to do it adequately. If they reveal something damaging to their client this way, they themselves can get sued for whatever the damages are. So it's something they're careful about, for good reason.
So in my opinion, it's unlikely that this is an act of resistance. Lawyers won't generally commit overt illegal acts, particularly when the only incentive is keeping their job and the downside is losing their career. It could happen.
What I suspect is happening is all the good lawyers simply aren't engaging in this redaction process because they know better so the DoJ had the wheel out some bad and/or unethical ones who would.
What they're doing is in blatant violation to the law passed last month and good lawyers know it.
There's a lot of this going on at the DoJ currently. Take the recent political prosecutions of James Comey, Letitia James, etc. No good prosecutor is putting their name to those indictments so the administration was forced to bring in incompetent stooges who would. This included former Trump personal attorneys who got improerly appointed as US Attorneys. This got the Comey indictment thrown out.
The law that Ro Khanna and Thomas Massey co-sponsored was sweeping and clear about what needs to be released. The DoJ is trying to protect both members of the administration and powerful people, some of whom are likely big donors and/or foreign government officials or even heads of state.
That's also why this process is so slow I imagine. There are only so many ethically compromised lackeys they can find.
Please change the title.
You don't need to do some sophisticated thing for it to be considered hacking
Hacking is unauthorised use of a system. Reading a document that was not adequately redacted can hardly be considered hacking.
I'm not a lawyer, so I don't know what the law has to say about this. But I do have at least a small handful of brain cells to rub together, so I know what the law _should_ say about this.
[0] https://en.wikipedia.org/wiki/Van_Buren_v._United_States
Absent that excluding other default protections like copyright, what I do with it should fall under the assumption of "basically anything".
Opening someone else’s laptop and guessing the password would absolutely fall under that definition, but I think it’s very much questionable if poking around a document that you have legitimately obtained would do so.
By serving up the PDF file I am being authorized to receive, view, process, etc etc the entire contents. Not just some limited subset. If I wasn't authorized to receive some portion of the file then that needed to be withheld to begin with.
That's entirely different from gaining unauthorized entry to a system and copying out files that were never publicly available to begin with.
To put it simply, I am not responsible for the other party's incompetence.
> That's entirely different from gaining unauthorized entry to a system and copying out files that were never publicly available to begin with.
That's not the sum total of hacks, if you have publicly accessible password-protected PDF and guess the password as 1234, that's a hack. Copy& paste of black boxes is similarly a hack around content protection
> To put it simply, I am not responsible for the other party's incompetence.
To put it even simpler, this conversation is not about you and your responsibility, but about the different meanings of the word "hack "
Not the layman, at least to the best of my knowledge.
Yes, certain licensed professionals can be subject to legal obligations in very specific situations. But in general, if you screw up and mail something to me (electronic or otherwise) then that is on you. I am not responsible for your actions.
> if you have publicly accessible password-protected PDF and guess the password as 1234, that's a hack
Sure, I'll agree that the software to break the DRM qualifies as a hack (in the technical work sense). It also might (or might not) rise to the level of "lack of legal authorization". I don't think it should, but the state of laws surrounding DRM make it clear that one probably wouldn't go in my favor.
However that isn't what (I understood) us to be talking about - ie legal authorization as it relates to black box redaction and similar fatally flawed approaches that leave the plain text data directly accessible (and thus my access plainly facilitated by the sender, if inadvertently).
> this conversation is not about ...
You are the only one using the term "hack" here. Please note that I had responded to your "limit/lack of authorization" phrasing. Nothing more.
That said, while we're on the topic I'll note the ambiguity of the term "hack" in this context. Illegal access versus clever but otherwise mundane bit of code (no laws violated). You seem to be failing to clearly differentiate.
Are you not aware of content that is criminal to possess? Like CP is the most common example.
> I am not responsible for your actions.
I've already addressed this confusion of yours - this is NOT about your responsibility for someone else's actions, but about your own actions and whether they constitute a "hack".
> You are the only one using the term "hack" here. Please note that I had responded to your "limit/lack of authorization" phrasing. Nothing more.
Please open a dictionary for the word hack to understand this conversation! And note the word "authorization" in the definition.
> However that isn't what (I understood) us to be talking about - ie legal authorization
Understandably you're confused, the legal limit is your own making, authorization is way broader than that.
> I'll note the ambiguity of the term "hack" in this context
Exactly!!! Keep looking into the definition to resolve the ambiguity!
> You seem to be failing to clearly differentiate
No, your differentiation is wrong
Beyond that you're clearly just trolling at this point, going to great lengths to manufacture an argument about a term that I never used to begin with. "Lack of authorization" has a clear legal meaning whereas "hack" does not.
For the 3rd time, this conversation is not about YOU and not about what surprises you!
> "Lack of authorization" has a clear legal meaning whereas "hack" does not.
No, you've made up this limit to some "legal meaning" (also wrong here, large variety there as well but wouldn't want to endulge you further). Again, open up a dictionary on "hack", then follow the definition of "authorization" from there, if you only find "legal" in there, get a better dictionary, journalists / commenters are usually not lawyers, so they wouldn't accept your artificial legal limits on meaning!
But on principle, what right does the government have to keep secrets from its own people? I don’t believe we had that button at the founding, it was added somewhere along the way. I’m asking what is the justification for this, and whether in the grand scheme of things that outweighs the principle of the government not being a separate entity from the people.
There are multiple ways to approach witness protection. For example if we have a problem with witnesses being harmed we could make being involved with witness harm at any layer of indirection a capital offense. We can probably think of other options besides the government being allowed to keep secrets from its own people.
As of February, it’s sensible to ask if there’s an OIG.
Two things come to mind:
* Some things Indyke did fall outside the scope of lawyer-client privilege. It would be bad for certain people to get him on a stand and force him to spill the beans. He was never interviewed re: Epstein [1]
* He's a very talented lawyer, insofar as a competent lawyer with, at least, extreme discretion, is talented.
[1] https://www.finance.senate.gov/imo/media/doc/letter_to_doj-f...
That's also why a mafia extorts and doesn't run complex businesses in general.
Perhaps the US can survive this administration. But somewhere down the line it will become broken.
PDF is an absurdly complex file format. It's part of the reason there is no single "good" PDF reader, just a lot of mediocre PDF readers that are all terrible in their own way. Which is a topic for another day.
There are several ways to remove data in a PDF:
- Remove the data. This is much harder than it sounds. Many PDF tools won't let you change the content of a PDF, not because it isn't possible, but because you'll likely massively screw up the formatting, and the tools don't want to deal with that.
- Replace the data. This what what all the "blackout" tools do, find "A" and replace with "🮋". This is effective and doesn't break formatting since it's a 1-to-1 replacement. The problem with "replacing" is that not every PDF tool works the same way, and some, instead, just change the foreground and background color to black; it looks nearly the same, but the power of copy-and-paste still functions.
- Then you have the computer illiterate, who think changing the foreground and background color to black is good enough anyway.
> - Remove the data. This is much harder than it sounds. Many PDF tools won't let you change the content of a PDF, not because it isn't possible, but because you'll likely massively screw up the formatting, and the tools don't want to deal with that.
Compared to other formats this is actually relatively easy in a PDF since the way the text drawing operators work they don't influence the state for arbitrary other content. A lot of positioning in a PDF is absolute (or relative to an explicitly defined matrix which has hardcoded values). Usually this makes editing a PDF harder (since when changing text the related text does not adapt automatically), but when removing data it makes it much easier since you can mostly just delete it without affecting anything else. (There are exceptions for text immediately after the removed data, but that's limited and relatively easy to control.)
> - Replace the data. This what what all the "blackout" tools do, find "A" and replace with "🮋". This is effective and doesn't break formatting since it's a 1-to-1 replacement.
That's actually rather tricky in PDFs since they usually contain embedded subset fonts and these usually do not have "🮋" as part of the subset. Also doing this would break the layout since "🮋" has a different width than most letters in a typical font, so it would not lead to less formatting issues than the previous option. Unless the "🮋" is stretched for each letter to have the same dimensions, but then the stretched characters allow to recover the text.
> The problem with "replacing" is that not every PDF tool works the same way, and some, instead, just change the foreground and background color to black; it looks nearly the same, but the power of copy-and-paste still functions.
PDF does not have a concept of a background color. If it looks like a background color in PDF, you have a rectangle drawn in one color and something in the foreground color in front of it. What you usually see in badly redacted PDF files is exactly this, but in opposite color: Someone just draws a black box on top of the characters. You could argue that this is smarter since it would still work even if someone would chnage colors, but of course, PDF is a vector format. If you just add a rectangle, someone else can remove it again. (And also copy & paste doesn't care about your rectangle)
>- Replace the data. This what what all the "blackout" tools do, find "A" and replace with "🮋". This is effective and doesn't break formatting since it's a 1-to-1 replacement. The problem with "replacing" is that not every PDF tool works the same way, and some, instead, just change the foreground and background color to black; it looks nearly the same, but the power of copy-and-paste still functions.
You're making it sound way harder than it is, when both adobe acrobat and the built-in preview app on mac can both competently redact documents. I'm not aware of instances of either (or any other purpose-made redaction tools) failing. I wouldn't homebrew a python script to do my redaction either, but that doesn't mean doing redactions properly in some insurmountable task for some intern.
To be fair, this works if you print out those copies and then re-scan them.
Should take... a weekend tops? ;) PDF is crazy and scary
Wait, this is more complete than SOAP. It may be a good idea to redo the IPC protocol with a different serialization format!
Society would probably never recover if we started implementing RPC-in-Postscript though.
As far as I understand it, at its core, pdf is just a stream of instructions that is continually modifying the document. You can insert a thousand objects before you start the next word in a paragraph. And this is just the most basic stuff. Anything on a page can be anywhere in the stream. I don't know if you can go back and edit previous pages, you might have a shot at least trying to understand one page at a time.
Did you know you can have embedded XML in PDFs? You can have a paper form with all the data filled in and include an XML version of that for any computer systems that would like an easier way to read it.
Not kidding - it's a ~~~billion dollar market haha
Make an MVP/Show HN :-)
The only safe way for journalists is to paraphrase what the document said and to say "an unnamed source claims that ..." and to guarantee with your reputation, and the reputation of your publisher, that you are being faithful to what the original source said. For even better results, combine multiple sources.
Unfortunately paraphrasing things and taking editorial responsibility have both been deprecated in favour of rereleasing press releases in the house style, so it's difficult to get the actual journalism these days.
Anyway, if you click on a "redaction", you're clicking on the box and can't select the text underneath, but if you just highlight the text around it, you can copy all the original text.
It's a bizarre oversight.
There would also be a mix of text documents, and image scans. The way to censor each is different.
Perfectly censoring documents, particularly digital ones is actually surprisingly difficult.
But the difficult part is easily repeatable once it's figured out, which is why it surprises me that it's not built into Acrobat as a tool already.
Yes, USDOJ is incompetent and dysfunctional, but this is not why. But sure, whatever, carry on...
https://www.justice.gov/multimedia/Court Records/Matter of the Estate of Jeffrey E. Epstein, Deceased, No. ST-21-RV-00005 (V.I. Super. Ct. 2021)/2022.03.17-1 Exhibit 1.pdf
They are unredacted because either those in charge are not familiar with basic office tasks, or someone wanted this stuff to leak and nobody checked thier work. Either brand of incompetance should cause heads to roll. But, just like the signal fiasco, nothing will happen. When your brand is perfection, you cannot ever admit a mistake.
copy and paste people, the idiots have taken over
Great contest. And a great entry, I had a big chuckle running it and unredacting my documents, even photos!
We Just Unredacted the Epstein Files
https://news.ycombinator.com/item?id=46364121
I tried to ascertain, but am not certain, this is the original blog source. Maybe they made some prior X posts.
Victim?
You can't possibly know that!
(Sorry, watching Grinch, Jim Carrey spoke through me).
The names of involved powerful people were NOT supposed to be censored. All those names except Bill Clinton name were redacted. To protect Trump and everybody else involved in the scandal except said Bill Clinton. But especially to protect Trump.
Every slide towards authoritarianism is gradual, there is no announcement.