On August 15, 2007, Associated Press reported on a story detailing how confidential competitive strategies designed by Whole Foods to take market share from low-cost leader Wal-Mart were revealed in a PDF document the Federal Trade Commission's legal organization filed with the court electronically.
SAN FRANCISCO - On August 15, 2007, Associated Press reported on a story detailing how confidential competitive strategies designed by Whole Foods to take market share from low-cost leader Wal-Mart were revealed in a PDF document the Federal Trade Commission's legal organization filed with the court electronically. In the document, words intended to be inaccessible were just electronically shaded black -- a common mistake when using many commercially available PDF converters. The suppressed words in versions downloaded from court computer servers can be copied and pasted into Notepad or Microsoft Word and then read.
"Once more, the myth that PDF is a 'secure' format has come back to bite users," said Joe Fantuzzi, CEO of Workshare, an internet security company. PDFs are not leak proof in and of themselves. Like any other file type, they
must be secured through the deployment of affordable and available technology that stops costly information leaks like this one."
Fantuzzi says losing control of critical confidential information is a growing problem; both both embarrassing and posing a significant competitive risk for corporations that are bound to share documents. Corporations are required to send information to federal and state organizations, and they often choose to share information with valued customers and partners to gain competitive advantage. The risk of a third party seeing only what was intended to be viewed by the designated recipients is significant -- and a problem that has yet to completely resolved in most global organizations.
Fantuzzi makes the following recommendations to support greater data content control:
1. Never cover text with highlight boxes of the same color when creating or revising documents.
2. Never convert documents from one format to another without first understanding and eliminating content exposure risks.
3. Never assume that a PDF is What You See Is What You Get, and always assume that information that appears to be obscured may not be.
4. Remove hidden information from native file formats before converting files to PDF.
5. When evaluating and purchasing software that converts documents to PDF, insist that configurable, auditable and policy-enforced hidden data discovery and removal are part of the solution.