Scientists come up with self-encrypting document
- — 19 October, 2007 08:10
The boffins at Xerox PARC (Palo Alto Research Center) have demonstrated a way to encrypt sections of a document so that sensitive information can be shielded from unauthorized readers.
The technology has an ugly name, 'intelligent redaction,' and the tricky bit of making such a system work is automatically identifying which bits of a document are confidential and how the sensitivity of one section might create dependencies in later parts of the same file.
Essentially, Xerox's redaction uses partial document encryption, first analyzing basic types of potentially sensitive information such as name of companies, people's names, and addresses. This is checked by the document author before the sections are scrambled to anyone other than those with a software key.
"The tools available today can't provide sufficient content analysis and security because it's difficult to determine what is sensitive," said PARC's Jessica Staddon. "In a large organization the level of sensitivity changes depending on the person accessing the document. The sheer numbers of documents to be tracked and sorted further complicates the problem," she said.
The system -- Xerox reckons there is nothing like it around today - might interest document-dependant industries such as financial services, which operate under strict guidelines on who can read what and when, she said.
There are two organizational objections to such a system. First, if a document is that sensitive, why not just encrypt the whole file and restrict its access to only those with authorization? This is the principle on which many of today's document security systems already work.
Second, is there not a risk that a system of partially encrypting documents might get out of hand and end up with documents being routinely scrambled 'just in case', leaving unauthorized readers struggling to find any readable material? Assuming the technology became more mainstream, government departments might be especially prone to such casual and self-defeating censorship.
Perhaps the biggest problem with Xerox's intelligent redaction is that it is not quite in a commercial state.