Your Microsoft Word Documents Can Rat on You
posted by Daniel Solove
Many people don’t realize that Microsoft Word encodes information about the authors and editors of each document. It’s called “metadata.” For example, some of this data is contained under the “Properties” section of the “File” pull down menu.
An article in the New York Times describes what can be revealed when metadata is examined:
It hardly ranks in the annals of “gotcha!” but right-wing blogs were buzzing for at least a few days last week when an unsigned Microsoft Word document was circulated by the Democratic National Committee. The memo referred to the “anti-civil rights and anti-immigrant rulings” of Samuel A. Alito Jr., a federal appeals court judge who has been nominated to the Supreme Court by President Bush.
The stern criticisms of Judge Alito rubbed some commentators the wrong way (Chris Matthews of MSNBC called it “disgusting” last Monday). But whatever the memo’s rhetorical pitch, right-leaning bloggers revealed that it contained a much more universal, if unintended, message: It pays to mind your metadata. . . .
According to some technologists, including Dennis M. Kennedy, a lawyer and consultant based in St. Louis, (denniskennedy.com), metadata might include other bits of information like notes and questions rendered as “comments” within a document (“need to be more specific here,” for example, or in the case of my editors, “eh??”), or the deletions and insertions logged by such features as “track changes” in Microsoft Word.
A blogger searched the Alito memo for metadata and could figure out some of the authors of the document. According to the NYT story:
None of these amounted to earth-shattering revelations, of course, but taken together they offered a level of detail into the Alito memo that the D.N.C. had not intended.
Josh Earnest, a spokesman for the Democratic committee, pointed out that the origins of the document were never really a secret, even if it was circulated as background material that was not intended to be sourced.
“Based on the fact that the D.N.C. was known to be circulating the document,” Mr. Earnest said, “I’m not sure that RedState is breaking any news here.”
The article goes on to describe some incidents where more major revelations were made in the metadata. Here’s one example:
At about the same time, California’s attorney general, Bill Lockyer, floated a letter calling peer-to-peer file-sharing software – long the bane of the entertainment industry’s interests – “a dangerous product.” But a peek at the document’s properties revealed that someone dubbed “stevensonv” had a hand in its creation.
Vans Stevenson, a senior vice president with the Motion Picture Association of America, said later that he had offered input on the document but had not written it.
November 7, 2005 at 9:23 pm
Posted in: Privacy, Technology
Print This Post
Responses (5)
Mike - November 7, 2005 at 10:55 pm
Funny story. (From a reliable but source, i.e., not an associate who didn’t make partner. Of course it, like all stories could be an urban legend.) L.A. BigFirm had been using boilerplate operating agreements (or articles of incorp. – whatever) for years. They’d bill clients dozens of other hours for entity formation documents and opinion letters. A couple of years ago, they sent Tech Company the documents in Word.
Now, we all know that you if you go off a good template, you can write a small company’s OA in an hour or two, and if you’ve helped out with a few start-ups, you can crank out everything you need in under 12 hours. Of course, Tech Company was billed for several dozens of hours of work. So Tech Company pulled out the meta data and figured out that it only took 45 minutes to create some of the same documents there were billed many hours for. They threatened to sue, and BigFirm (rather than be exposed as crooks) gave them a nice amount of start-up capital.
BigFirm reformed its practices. No, it didn’t tell its associates that overbilling was theft. Rather, it now ensures its employees strip all metadata from outgoing documents.
Dave! - November 8, 2005 at 12:03 pm
1. A good reason to use OpenOffice.
2. There are a number of ways to minimize metadata in Office documents:
http://office.microsoft.com/en-us/assistance/HA010776461033.aspx
3. Microsoft even has info specifically for lawyers:
http://office.microsoft.com/en-us/assistance/HA011400341033.aspx
Frankly, if you are a lawyer or a law firm who hasn’t implemented something to mitigate potential metadata disasters, you need to seriously rethink your skillz.
Simon - November 8, 2005 at 2:32 pm
Isn’t this a salutory warning against using .doc – which is a drafting format – as a document exchange format? If you’re going to circulate documents, print then to PDF.
John Feeney - November 10, 2005 at 5:15 pm
Thank you Simon !! HELLO!!!! This story has posted on numerous blogs. Simon your the first one I have come across that even mentioned PDF.
This story should be used as the marketing tool for any manufacture of PDF. Imagine how many proposals I get as a disc duplicator, we’re in the business…WE LOOK AT METADATA…
Concurring Opinions - November 14, 2005 at 10:40 pm
Metadata Redux
An update on my earlier post, Your Microsoft Word Documents Can Rat on You. Bruce Schneier has an interesting discussion of the issue along with links to how to cleanse documents of metadata….
Leave a Reply