A simple computer error has landed the British Ministry of Defence in deep water after it published a sensitive report on nuclear submarine security and failed to properly conceal classified information meant to be hidden from view.
After a recent request under the Freedom of Information Act, the PDF, which contains confidential secrets about Britain’s nuclear submarines and expert opinions about how the fleet could handle a catastrophe, was published online, the Daily Telegraph reports.
The confidential information, however, was blacked out, a computer technique called redaction. It’s a simple process, the security firm Sophos explains, but one that “needs to be done properly if you care about privacy and avoiding a potentially damaging data leak.”
It is advice the Ministry of Defence failed to heed; when posting the sensitive PDF to the Internet, authorities only redacted the confidential data, but did not erase it from the original document. So when it went online, the censored passages could be read simply by cutting and pasting the blacked-out text.
“This was a real school-boy error to make — as anyone with even an elementary knowledge of computers would know how to read the ‘redacted’ content,” Sophos wrote.
The document has since been replaced with a secure version.
The Daily Telegraph dug a little deeper and found more glaring examples of poorly protected sensitive documents posted online by the Ministry of Defence, including confidential Department of Health documents pertaining to contaminated blood.
Member of Parliament Patrick Mercer told the Telegraph, “Clearly there are issues which are sensitive and should be concealed. If they are supposed to be concealed then for God’s sake conceal them.”