Online Snafu exposes CIA names
Kevin Poulsen, SecurityFocus 2000-06-22

The text uncovered within an electronic document airs old secrets.

A classified 1954 CIA file recently released on the web in redacted form by the New York Times, is being re-released by a noted cypherpunk archivist with the names of foreign agents restored, courtesy of a blunder in the method the newspaper used to conceal that information.

The Times released the report titled "Overthrow of Premier Mossadeq of Iran" on their web site Sunday. The document details the secret history of CIA and British officials' successful efforts to engineer the 1953 coup that overthrew Iran's elected leadership. It sheds light on the genesis of the CIA's use of illegal covert operations throughout the cold war.

But before releasing the 200-page document in Adobe's "Portable Document File" (PDF) format, the Times cut out the names of Iranians who helped with the plot. "The editing was done after consultations with historians who believed there might be serious risk that the families of some of those named as foreign agents would face retribution in Iran," the paper wrote of its decision to redact the document.

Sixty-five-year-old architect and government transparency advocate John Young discovered Monday that the Times had merely obscured portions of the document. When viewed on Young's slow 166-megahertz PC, all the text was clearly visible for a moment before black lines and boxes dropped in to cover the names of the CIA's Iranian agents. "I had a lot of windows open, which slowed things down," said Young, "and there was second or so when the text was clear before the block came in."

"Endangering Lives"
Tim Sullivan, CEO of activePDF, a maker of server side PDF tools, analyzed a page of the original file at SecurityFocus.com's request. "The application that created it was Adobe Photoshop for the Mac," said Sullivan. "They created another layer in Photoshop, and drew a black box over it. And so what's happening is you have one layer that's the content, which is the scanned-in page, and then another layer that's overlaid on top. On a slow machine, you see it displayed."

Someone using a binary editor could modify the document to prevent the opaque black lines and boxes from appearing at all, said Sullivan, and an Adobe plug-in might allow someone to simply slide the black boxes away. "They [the Times] should have used the eraser tool to erase all the pixels, and then draw the box over it," said Sullivan, "or merged the two layers."

By interrupting the page-load before the top layer dropped over it, Young was able to transcribe a portion of the hidden names, which he emailed to the New York Times on Monday. The paper promptly yanked the report and re-released it with a more thorough redaction.

Young runs the web site Cryptome, well regarded in certain circles as a public repository for government information, particularly focusing on encryption and intelligence matters. After learning that participants on a public Internet mailing list were using his technique to retrieve the redacted names themselves, on Wednesday Young began transcribing and posting the de-edited document on his site. "When I had evidence that other people were duplicating my feat, then I knew that we had to get that information out right away, rather than have it used covertly," said Young. "Those folks who are named have a stake in knowing about it."

New York Times reporter Jim Risen, who first obtained the classified document and made the decision to release a redacted version, is unsparing in his assessment of Young and Cryptome. "I think that what they are doing is endangering people's lives," said Risen.

"It's the operations that put lives at risk, not the names," responded Young. "I'm sure most of the names in this report are well known."

Young plans to release the remainder of the document Friday and over the weekend. He mused that the speed of the New York Times computers prevented them from spotting the blunder themselves. "As the crypto people say, it's the unexpected access that always breaks these things."