Exposing Redaction

By Robert D. Brownstone, Todd R. Gregorian
and Michael A. Sands

      Disclosures to government regulators always have posed risks to trade secrets and other proprietary information. It came as little surprise, therefore, when the Federal Trade Commission's mishandling of confidential information in its antitrust challenge to the merger of Whole Foods and Wild Oats came to light in September in an Associated Press article.

      Secrecy Difficulties
      An unsound approach to electronic redaction in FTC v. Whole Foods Market Inc., 07cv-01021, FTC File No. 071 0114 (D. D.C.), resulted in an electronically filed FTC brief exposing significant operational and strategic business information considered confidential by Whole Foods. By the time the error was discovered by the court, the horses were out of the barn: The Associated Press, and presumably others, had obtained a copy of the brief. Too late for Whole Foods, the FTC filed a corrected copy that had been printed to paper and scanned into image format.
      The U.S. District Court for the District of Columbia's Aug. 16, 2007, order denying the FTC's motion for a preliminary injunction did not mention the redaction error. In fact, the order praised both sides for litigating the matter on a tight schedule. The FTC's disclosure, then, appears not to have prejudiced either side with respect to the merits of the merger challenge. However, it very much remains to be seen whether Whole Foods faces any potential negative blowback from its aggressive stance toward competitors or site-selection criteria revealed by the FTC's error.
      The mistake made by the FTC was basic. In preparing its brief for filing, FTC staff presumed that the metadata in its word processing file would not migrate on direct conversion from native format to portable document format (.pdf). In particular, they wrongly assumed that using Microsoft's "Highlight" (or "Borders and Shading") tool to black out text removed the text from the bowels of the file. It does not - it "covers up" the text, but the text itself remains in the file, fully searchable and available for copying.
      The resulting .pdf appears at first glance to contain only black boxes in place of the redacted content. That content, however, is present in the .pdf file and can be revealed easily either by copying and pasting the blacked-out text into a word-processing file or an e-mail message or by viewing the .pdf file in a reader such as Preview or Xpdf.

      Blooper Reel
      The FTC is not the first litigant to make this type of mistake to the detriment of another party. Redaction faux pas and other types of metadata-handling errors are, regrettably, fairly common. Famous entities bitten by the metadata cobra in recent years include the United Nations, the British prime minister's office (in the "Downing Street Memo"), the current Republican administration, the Democratic National Committee, the California attorney general's office, the Motion Picture Association of America and SCO Group.
      One such victim - Derrick A. Max, the head of two business groups in favor of President Bush's plans to privatize Social Security - expressed his chagrin as follows: "'The real scandal here,' Max told The Los Angeles Times after Democrats expressed outrage over the White House's fingerprints on [Max's Senate] testimony, 'is that after 15 years of using Microsoft Word, I don't know how to turn off track changes.'"
      The publicized snafu most analogous to the FTC's recent error occurred in May 2006, in a case filed by the Electronic Frontier Foundation and the American Civil Liberties Union regarding National Security Administration surveillance activity. In Hepting v. AT&T, 3:06cv-00672 (N.D. Cal.), a law firm representing AT&T filed a redacted reply brief suffering the same deficiency as the FTC's Whole Foods brief. That reply brief - still posted on multiple Web sites - listed potential uses AT&T might have for a "secret" switching room designed to monitor telephone calls and Internet transmissions, aside from alleged illegal surveillance at the behest of the NSA. That disclosure was especially ironic given that the NSA had recently published "Redacting With Confidence: How to Safely Publish Sanitized Reports Converted From Word to PDF" (Feb. 2, 2006).
      One month later, in June 2006, a brief filed in connection with the investigation of leaked grand-jury testimony from the BALCO steroid case also contained faulty redactions. That gaffe resulted in the disclosure of eight pages of e-mails between Victor Conte, the primary criminal defendant, and Mark Fainaru-Wada, a Chronicle reporter whose articles had referenced the leaked materials. The e-mails show Fainaru-Wada aggressively pursuing a CD-ROM containing the record of the grand-jury proceedings.

      Enhancing Privacy
      Fortunately, the particular redaction error made in these cases is avoided easily under a variety of methods, one or more of which should be adopted as a strict protocol at the outset of a proceeding. Here is just one such protocol for Office 2003 users in the e-filing context:
      (1) Make sure that the applicable local rules, "under seal" order or judge's procedures require e-filing a redacted version of the document (as opposed to just filing a physical copy at the clerk's office and/or in chambers).
      (2) Do not use the "Highlight" or "Borders and Shading" features in Word for redactions unless you then print the document to paper and scan it into an image file.
      (3) Instead, follow these steps:

     (a) Download and install the Word Redaction tool from the Microsoft Web site.
      (b) Copy the "to-be-redacted" Word file, and, once in the copy, follow the "how to" instructions provided with the Redaction tool.
      (c) Use metadata-removal software to clean (or "scrub") file-system data and embedded data from the redacted copy.
      (d) Convert the scrubbed and redacted copy to .pdf.
      Adobe Acrobat Professional 8.0 now has its own redaction tool, which also may provide a workable solution to this problem. One low-tech solution is simply to print the document to paper, redact the confidential portions manually with black marker or tape, then scan the document into an image file. If necessary, text-searching, as well as copy-and-paste capability, can be restored to a scanned document using OCR software or Acrobat's Capture feature. Alternatively, Word's highlighter or borders/shading feature, or any electronic redaction tool, can be used before printing. Either way, the scan of the paper printout will not carry the metadata from the original file.

      Judicial Procedures
      Even once a protocol is established and adopted by litigants, however, the problem of the court's own procedures remains. A separate but often overlooked source of disclosure risk is the court itself, typically the most overburdened and understaffed participant in the litigation process. Disclosure may occur in the context of an inadvertent mention on the record at a public hearing or a reference in a written order.
      In the Whole Foods case, the court's novel solution to the latter problem was to provide a nonpublic draft order to the parties and have them lodge suggested redactions with chambers before the release of the public version. Other courts may be willing to take similar precautions, but the onus likely will be on parties desiring such relief to make the court aware of the issue and affirmatively ask for it. Litigants truly concerned about safeguarding confidential information should not assume sua sponte protective action by courts struggling to get through their dockets.
      Litigants and entities facing government inquiry are always susceptible to risks associated with mistreatment of their confidential information. Often, disclosures result from simple inadvertence regarding the nature of the information itself. The above examples of technological mistakes are especially vexing, however, because the attorneys in question both recognized the need for confidential treatment and implemented a method that they believed would protect the confidence.
      Unfortunately, this type of disclosure is just as persistent and damaging as plain inadvertence or intentional violations. As document-generating software and other technological tools used by parties and regulators are constantly updated, with new holes appearing in each subsequent version, generating a one-size-fits-all protocol may prove difficult, if not impossible. But for now, at least, the suggestions discussed above will help avoid the most egregious forms of mistaken disclosures.
     
      Robert D. Brownstone is the law and technology director at Fenwick & West in Mountain View. Todd R. Gregorian is an associate in the firm's litigation group and a member of its electronic information management group. Michael A. Sands is a partner in Fenwick's litigation group and the chair of the firm's electronic information management group.