Metadata Spy Blooper

Essay by Ralph Losey

Metadata, the hidden data contained in computer files, makes many people nervous, but especially lawyers. They are uncomfortable with anything hidden, or for that matter anything poorly understood, and metadata qualifies as both. Adding to this discomfort are the horror stories, well known in the profession, of other counsel accidentally producing documents to opposing counsel that contain embarrassing metadata. For instance, a Word document containing secret comments they added, then hid, and then forgot to delete or "scrub" before production.

Mistake by Top Spy Agency in U.S.

This can be very serious for attorneys because of the high ethical duty they are under to maintain the secrecy of the confidential information disclosed to them by their clients. For this reason, attorneys, more than most, tend to worry about inadvertently disclosing these secrets by metadata. The concern is magnified for litigation attorneys who have opposing counsel watching their every move for mistakes. That is one of the reasons for the advent of "clawback" agreements and new Rule 26(b)(5)(B). If a privileged communication in a computer file is accidentally disclosed, say because it was contained in metadata that they did not see, they want to get it back, and prevent a waiver.

For these reasons it is especially troubling to lawyers to hear that even the best professionals at secret keeping, our country's top spies, mess up on metadata. If anyone is serious about secrecy, it is espionage professionals. Their very lives may be at stake. So if James Bond types accidentally reveal state secrets because of metadata, then it could happen to anyone.

Metadata is by definition out of sight. And what is out of sight is out of mind, and so easily forgotten. The latest metadata mistake story proves this point in classic "spy versus spy" fashion.

The Office of the Director of National Intelligence ("DNI") is the highest intelligence agency in the United States. The DNI oversees all federal intelligence agencies, including the CIA. The size of the total US intelligence budget that DNI oversees is one of the government's most closely guarded secrets.

On May 14, 2007, a Senior Procurement Executive of DNI gave an unclassified presentation to a group of outside contractors in Colorado entitled "Procuring the Future." Her PowerPoint included a slide with two graphics depicting the trend of award dollars to contractors from 1995 to 2006. Because these figures are highly classified, a scale of the total number of award dollars was omitted from the Y-axis of the bar chart. The government contractors were only shown the graphical bars, and were left to guess what the actual expenditures were that the bars depicted. A copy of this unclassified slide is shown below.

chart with classifed metadata (here omitted)

Apparently the DNI employee had used this same PowerPoint slide before to make classified presentations to persons with top secret clearance. I presume this because the slide contains metadata revealing the actual amount of the award dollars. It would have been simple to reconfigure the graphic in PowerPoint to display the actual numbers to an audience with clearance.

The metadata revealing the classified information is not visible when the unclassified version of the PowerPoint is shown. But when you open the native file using PowerPoint software, it is easy to make this embedded information visible. All you have to do is double click on the bar chart shown above and a spreadsheet is revealed. It is that easy.

The spreadsheet embedded as metadata in the graphic image controls the appearance of the bar graph. If you change the numbers in the spreadsheet, the columns change. Further, if you change the configuration of the graphic, the numbers will not be revealed at all. This is exactly what they did in the unclassified version of the PowerPoint shown in Colorado. In this way the secret numbers in the graphic were not displayed when the PowerPoint was shown.

So far, so good. The secrecy of the nation's total intelligence budget was maintained at the conference. The big mistake was made after the conference when someone in the agency posted the PowerPoint file on the Defense Intelligence Agency website in native format. There anyone could (and did) download the PowerPoint file onto their own computers. (Spies are like litigation counsel, they have opposing spies that watch their every move and look for mistakes.) Once the file was downloaded and opened in PowerPoint, the embedded numbers underlying the expenditure graphic were quickly uncovered. One of America's top secrets was lost due to careless handling of metadata.

The key mistake was to have posted the PowerPoint in its original native format. The file should have been flattened first and posted as an image file. Then the metadata would have been stripped, and the secret would have been safe. Alternatively, the graphic in slide eleven should have had the secret spreadsheet removed. But the top spies forgot to do that. Out of sight, out of mind. Metadata like that is a time bomb waiting to happen.

Do not look for the PowerPoint on the Defense Intelligence Agency website. It was removed as soon as the press reported the error, and reported the once-secret intelligence budget. Still, I had no difficulty finding another copy of it based on later press reports and a quick search on Google. Information in today's Internet Age is like a cat; once it is out of the bag, you can never get it back in. This is the stuff of nightmares for spies and lawyers alike.

 


 

Even James Bond movies have bloopers that are overlooked, as the You Tube video below shows.