Sensitive and classified information is routinely and unwittingly compromised by hidden data in electronic documents like Word documents, Excel workbooks, and PowerPoint presentations. Computer generated documents and files often contain hidden information. If you're working on the document, you probably never see this information, but you should be aware that this hidden information could be exploited by knowledgeable third parties. Microsoft's Object Linking and Embedding (OLE) standard permits seamless integration of software applications to produce professional looking products commonly described as desktop publishing. Unfortunately, this standard does not take into account the need for privacy or security, which leads to significant vulnerabilities.

While there are a couple of methods available for eliminating the transfer of hidden data, these technologies have not been proven to be 100% effective. Keyword scanners commonly used to screen information are inadequate, compounding the problem and significantly increasing the risk. Guard technology, which is supposed to be screening electronic documents crossing security boundaries, relies heavily on keyword scanners and is not properly screening the electronic documents being processed.

The Institute of Electrical and Electronics Engineers (IEEE) Computer Society published an article in their new Security and Privacy magazine that indicates the incidence of hidden data in electronic documents is extremely high. The article by Simon Byers, a Senior Member of the AT&T Lab's Technical Staff, is entitled, "Information Leakage Caused by Hidden Data in Published Documents . "Approximately half of the "first" 100,000 documents contained between 10 and 50 hidden words, one-third contained 50 to 500 hidden words, and one-tenth contained over 500 hidden words. That's a 93% incident rate of information being transmitted that is not intended for the recipient. This statistic is even more alarming when you consider that this article only addresses well-known Meta data issues. It does not address the other lesser known and often overlooked problems cited in SRS briefings and reports.  Click on the Downloads tab at the top of this page to request copies of this information.

Shortly after the events of 9/11, SRS recognized the need for a rigorous electronic document reviewing tool to be used by commercial industry, Government contractors, and Government Agencies to protect sensitive information.  Our original work was funded by a National Science Foundation (NSF) Small Business Innovative Research (SBIR) grant.  SRS continued our research and product development using Independent Research and Development (IRAD) funds, which will lead to a commercial product very soon.  SRS has also been working with other Government Agencies to develop electronic document scanning capabilities.  Our Program Manager frequently presents a detailed threat presentation entitled, "Electronic Document Security: The Desktop Publishing Threat to Information Security" at national security conferences around the country.  SRS remains committed to helping our customers control the information content of their electronic documents.

SRS maintains an online suggested reading list that contains articles and information regarding electronic document security and incidents that occurred because of improper or incomplete reviews.  Use The Threat tab at the top of this page to locate this information.