Comment by cmarschner
1 day ago
Befuddling that this happened again. It’s not the first time
- Paul Manafort court filing (U.S., 2019) Manafort’s lawyers filed a PDF where the “redacted” parts were basically black highlighting/boxes over live text. Reporters could recover the hidden text (e.g., via copy/paste).
- TSA “Standard Operating Procedures” manual (U.S., 2009) A publicly posted TSA screening document used black rectangles that did not remove the underlying text; the concealed content could be extracted. This led to extensive discussion and an Inspector General review.
- UK Ministry of Defence submarine security document (UK, 2011) A MoD report had “redacted” sections that could be revealed by copying/pasting the “blacked out” text—because the text was still present, just visually obscured.
- Apple v. Samsung ruling (U.S., 2011) A federal judge’s opinion attempted to redact passages, but the content was still recoverable due to the way the PDF was formatted; copying text out revealed the “redacted” parts.
- Associated Press + Facebook valuation estimate in court transcript (U.S., 2009) The AP reported it could read “redacted” portions of a court transcript by cut-and-paste (classic overlay-style failure). Secondary coverage notes the mechanism explicitly.
A broader “history of failures” compilation (multiple orgs / years) The PDF Association collected multiple incidents (including several above) and describes the common failure mode: black shapes drawn over text without deleting/sanitizing the underlying content. https://pdfa.org/wp-content/uploads/2020/06/High-Security-PD...
Never trust a lawyer with a redact tool any more complicated than a marker.
I've seen lawyers at major, high-priced law firms make this same mistake. Once it was a huge list of individuals names and bank account balances. Fortunately I was able to intervene just before the uploaded documents were made public.
Folks around here blame incompetence, but I say the frequency of this kind of cock-up is crystal clear telemetry telling you the software tools suck.
If the software is going to leverage the familiarity of using a blackout marker to give you a simple mechanism to redact text, it should honour that analogy and work the way any regular user would expect, by killing off the underlying text you're obscuring, and any other correponding, hidden bits. Or it should surface those hidden bits so you can see what could come back to bite you later. E.g. It wouldn't be hard to make the redact tool simultaneously act as a highlighter that temporarily turns proximate text in the OCR layer a vibrant yellow as you use it.
Apple’s Preview app (which has a very thorough PDF markup tool) does this right: it has an explicit “redact” tool which deletes the content it’s used on.
I want to believe this is malicious compliance.
Lots of loyalists have replaced people there. It's for sure incompetence.
There are hundreds of thousands of documents being reviewed by probably a thousand or more FBI agents. There is zero chance they are all loyalists.
Indeed, incompetence is basically guaranteed if the organization selects for allegiance rather than competence. But I prefer to think that at least part of this was malicious compliance, because that suggests that at least some people at the FBI still have their soul.
Since hundreds of people were involved the most likely explanation is incompetence
Once I worked for a company that got a quote in the form of a Word document. Turned out it had history turned on and quotes to competitors could be recovered.
There is a lot of incompitence when it comes to file formats.
5 replies →
I'm sure not all those hundreds have been involved with every document.
I'm kinda surprised (and disappointed) nobody has done a Snowden on it though.
Having lots of people involved means that it's more likely to be malicious compliance or deniable sabotage. It only needs one person who disagrees with the redactions to start doing things that they know will allow info to leak.
2 replies →
> Since hundreds of people were involved the most likely explanation is incompetence
Hundreds of people might be involved, but the only key factor required for a single point of failure to propagate to the deliverable is lack of verification.
And God knows how the Trump administration is packed with inexperiente incompetents assigned to positions where they are way way over their head, and routinely commit the most basic mistakes.
And here we are again rediscovering Hanlon's Razor.
It wouldn't be malicious though. Well, it's malicious towards the Trump administration, but not towards the people. Quite the opposite.
1 reply →
Never attribute to malice that which is adequately explained by stupidity
https://en.wikipedia.org/wiki/Hanlon%27s_razor
The other side of that same coin is to never admit to malice if your actions can be adequately excused by stupidity.
In 2025, never attribute to incompetence what you could to a conspiracy. [sarcasm]
They fired/drove away/reassigned most of those who are competent in the executive branch generally, it is pretty easy to believe that none of those managing the document release and few of those working on it are actually experienced or skilled in how you do omissions in a document release correctly. Those people are gone.
> - Associated Press + Facebook valuation estimate in court transcript (U.S., 2009) The AP reported it could read “redacted” portions of a court transcript by cut-and-paste (classic overlay-style failure). Secondary coverage notes the mechanism explicitly.
What happens in a court case when this occurs? Does the receiving party get to review and use the redacted information (assuming it’s not gagged by other means) or do they have to immediately report the error and clean room it?
Edit: after reading up on this it looks like attorneys have strict ethical standards to not use the information (for what little that may be worth), but the Associated Press was a third party who unredacted public court documents in a separate Facebook case.
> What happens in a court case when this occurs? Does the receiving party get to review and use the redacted information (assuming it’s not gagged by other means) or do they have to immediately report the error and clean room it?
Typically, two copies of a redacted document are submitted via ECF. One is an unredacted but sealed copy that is visible to the judge and all parties to the case. The other is a redacted copy that is visible to the general public.
So, to answer what I believe to be your question: the opposing party in a case would typically have an unredacted copy regardless of whether information is leaked to the general public via improper redaction, so the issue you raise is moot.
> strict ethical standards to not use the information (for what little that may be worth)
If it's worth so little to your eyes/comprehension you will have no problem citing a huge count of cases where lawyers do not respect their obligations towards the courts and their clients...
That snide remark is used to discredit a profession in passing, but the reason you won't find a lot of examples of this happening is because the trust clients have to put in lawyers and the legal system in general is what makes it work, and betraying that trust is a literal professional suicide (suspension, disbarment, reputational ruin, and often civil liability) for any lawyer... that's why "strict" doesn't mean anything "little" in this case.
Well, also the lawyer would have to really badly fuck up for it to become public news that they had actually used the information.
> you will have no problem citing a huge count of cases where lawyers do not respect their obligations towards the courts and their clients...
There are almost 2000 disbarments annually in the US.
The california bar recieves 1 compliant for every 10 law licenses in the state every year.
There's a wikipedia page on notable disbarments.
Legal malpractice suites are on the rise.
If you are going to assert that legal malpractice is not legitimate concern, I think the burden of evidence is on you.
Here in NL if confidential information about offenders leaks from court documents, it usually leads to a reduction in sentencing because the leak of classified information is weighed as part of the punishment. If the leak was proven to be intentional, it might lead to a mistrial or even acquittal. Leaking of victims' information usually only results in a groveling public apology from the Minister/Secretary of Justice du jour.
My guess would be that if the benefitting legal party didn't need to declare they also benefitted from this (because they legally can't be caught, etc.) they wouldn't.
I know and am friends with a lot of lawyers. They're pretty ruthless when it comes to this kind of thing.
Legally, I would think both parties get copies of everything. I don't know if that was the case here.
> Edit: after reading up on this it looks like attorneys have strict ethical standards to not use the information (for what little that may be worth), but the Associated Press was a third party who unredacted public court documents in a separate Facebook case.
Curious. I am not a litigator but this is surprising if you found support for it. My gut was that the general obligation to be a zealous advocate for your client would require a litigant to use inadvertently disclosed information unless it was somehow barred by the court. Confidentiality obligations would remain owed to the client, and there might be some tension there but it would be resolvable.
My recollection is that it varies quite a bit between jurisdictions. The ABA's model rules require you to notify the other party when they accidentally send you something but leave unspecified what else, if anything, you might have to do.
1 reply →
I’m unclear why this is downvoted given the below. While it would theoretically be jurisdiction-specific, if the ABA model rules don’t provide some specific guidance, it’s clear that the lawyers would be ethically obligated to use whatever info they obtained if it helped their client and as otherwise consistent with their ethical obligations in the jurisdictions that follow those. I’m admitted in New York, and I don’t recall any kind of bar on the usage of this type of info there. Seems like in a lot of jurisdictions they’d have a duty to notify, but that may not even be the case in all.
What a joke…
Not to mention when the White House published Obama's birth certificate as a PDF. I remember being able to open it and turn the different layers off and on.
Are you trying to suggest that indicated it was fraudulent? That has very much been debunked -- it's just an artifact of OCR and compression, something that many scanners do automatically [1].
You can still open it with Illustrator if you want to see: https://obamawhitehouse.archives.gov/sites/default/files/rss...
[1] https://www.snopes.com/fact-check/birth-certificate/
This has happened so many times I feel like the DoJ must have some sort of standardised redaction pipeline to prevent it by now. Assuming they do, why wasn't it used?
I am happy with their lack of expertise and hope it stays that way, because I cannot remember a single case where redactions put the citizenry at a better place for it.
Of course if it's in the middle of an investigation it can spoil the investigation, allow criminals to cover their tracks, allow escape.
In such case the document should be vetted by competent and honest officials to judge whether it is timely to release it, or whether suppressing it just ensures that investigation is never concluded, extending a forever renewed cover to the criminals.
there are FOIA lawsuits seeking the redaction training videos, one by https://bsky.app/profile/muellershewrote.com so maybe one day we will know more.
Secure systems are not exactly the right environment for quick release and handling. So documents invariably get onto regular desktops with off the shelf software used by untrained personnel.
Of course there is a process.
There was also a process on how to communicate top secret information, but these idiots prefered to use signal.
I'm completly lost on how you can be surprised by this at all? Trump is in there, tells some FBI faboon to black everything out, they collect a group of people they can find and start going through these files as fast as they can.
"When a clown moves into a palace, he doesn't become a king; the palace instead becomes a circus."
DOGE
Typically these folks use standard redaction software. Has anyone explored the fact that the software is just a buggy, silly mess?
"There are major differences between the Trump 1.0 and 2.0 administrations. In the Trump 1.0 administration, many of the most important officials were very competent men. One example would be then-Attorney General William Barr. Barr is contemptible, yes, but smart AF. When Barr’s DOJ released a redacted version of the Mueller Report, they printed the whole thing, made their redactions with actual ink, and then re-scanned every page to generate a new PDF with absolutely no digital trace of the original PDF file. There are ways to properly redact a PDF digitally, but going analog is foolproof.
The Trump 2.0 administration, in contrast, is staffed top to bottom with fools."
https://daringfireball.net/linked/2025/12/23/trump-doj-pdf-r...
> made their redactions with actual ink, and then re-scanned every page
That's not very competent.
> going analog is foolproof
Absolutely not. There are many way's to f this up. Just the smallest variation in places that have been inked twice will reveal the clear text.
Case study: https://www.theverge.com/2023/6/28/23777298/sony-ftc-microso...
> Just the smallest variation in places that have been inked twice will reveal the clear text
Sure. But anyone can visually examine this. That means everyone with situational context can directly examine the quality of the redaction.
Contrast that with a digital redation. You have to trust the tool works. Or you have to separate the folks with context from the folks with techical competence. (There is the third option of training everyone in the DoJ how to examine the inner workings of a PDF. That seems wasteful.)
5 replies →
I suppose the best process would be this, and then after rescanning putting a black bar over each redacted text with image editing.
2 replies →
It's not fool proof:
https://www.theverge.com/2023/6/28/23777298/sony-ftc-microso...
It's like Russian spies being caught in the Netherlands with taxi receipts showing they took a taxi from their Moscow HQ to the airport: corrupt organizations attract/can only hire incompetent people...
https://www.vice.com/en/article/russian-spies-chemical-weapo...
Anyone remember how the Trump I regime had staff who couldn't figure out the lighting in the White House, or mistitled Australia's Prime Minister as President?
Yes I remember that incident. It was big over here.
However I'm 100% sure that that was not a real spy incident. But rather just a 'message' to be sent from the Russian govt. The same way they have infiltrated our airspace with TU-95 bombers nearly every month for decades. Just a message "Hey we are still watching you".
When you see how ridiculously incompetent they were, not just their phone history but also the gear they had with them. It amounts to nothing more than a scriptkiddy's pineapple. There's no way they would have been able to do any serious infiltration into any kind of even remotely competent organisation.
Also the visible fumbling about in a carpark with overly complex antennas instead of something more hidden (e.g. an apartment across the street, a cabling tent or something). IMO the objective here was to get caught and stir a fuss.
Reminds of the time Russian security services showed copies of the Sims as evidence of an Ukranian Nazi plot.
> with taxi receipts
Please tell me they were saving them for expensing.
2 replies →
Or the passports discovered intact after a particularly heinous terrorist attack.
1 reply →
I would just do the digital version of that: add 100% black bars then screenshot page by page and probably increase the contrast too.
The bigger difference from my perspective is that they have competent people doing the strategy this time. The last Trump administration failed to use the obvious levers available to accomplish fascism, while this one has been wildly successful on that end. In a few years they will have realigned the whole power dynamic in the country, and unfortunately more and more competent people will choose to work for them in order to receive the benefits of doing so.
>In a few years they will have realigned the whole power dynamic in the country
I disagree. It felt that way for the first few months, but the wheels are coming off. Trump is too old and unpopular to steal a 3rd term. Therefore everyone around him has to worry about what will happen in 3 years, and plan for post-Trump rather than forever-Trump.
His last administration was filled with traditional Republicans.
I may have disagreed with them on virtually every policy point, but they seemed to disagree with the most harmful Trump policies as well.
We would have never agreed on the right policy, but we definitely agreed that his policy was not the right one.
3 replies →
> they have competent people doing the strategy this time
They had a great playbook in Project 2025. I'm not convinced Trump ever had the smartest people executing it.
1 reply →
[flagged]
> Had exactly did Barr and Co. accomplish in terms of moving forward the agenda people voted for? These guys were so eager to win accolades from liberals they couldn’t even pick the lowest hanging fruit.
Are you talking about the same Bill Barr? "Eager to win accolades from liberals" is a hilariously Trump-after-he-fired-someone thing to say.
Have you read his Wikipedia page? Do you know who he actually is?
1 reply →
> William Barr. Barr is contemptible, yes, but smart AF
You mean the guy who covered up for Epstein's 'suicide' and expected us morons to believe it?
> You mean the guy who covered up for Epstein's 'suicide' and expected us morons to believe it?
Let's assume that's true. How does it clash with him being "contemptible...but smart AF"?
1 reply →
> but smart AF. When Barr’s DOJ released a redacted version of the Mueller Report, they printed the whole thing, made their redactions with actual ink, and then re-scanned every page to generate a new PDF with absolutely no digital trace of the original PDF file.
This is a dumb way of doing that, exactly what "stupid" people do when their are somewhat aware of the limits of their competence or only as smart as the tech they grew up with. Also, this type of redaction eliminates the possibility to change text length, which is a very common leak when especially for various names/official positions. And it doesn't eliminate the risk of non-redaction since you can't simply search&replace with machine precision, but have to do the manual conversion step to printed position
>exactly what "stupid" people do when their are somewhat aware of the limits of their competence
Being aware of one's limitations is the strongest hallmark of intelligence I've come across...
6 replies →
> This is a dumb way of doing that, exactly what "stupid" people do when their are somewhat aware of the limits of their competence or only as smart as the tech they grew up with.
No, this is an example of someone understanding the limits of the people they delegate to, and putting in a process so that delegation to even a very dumb person still has successful outcomes.
"Smart" people like to believe that knowing enough minutiae is enough to result in a successful outcome.
Actual smart people know that the process is more important than the minutiae, and proceed accordingly.
1 reply →
Not at all. It's a procedure that's very difficult to unintentionally screw up. Sometimes that's what you want.
> you can't simply search&replace with machine precision
Sure you can. Search and somehow mark the text (underline or similar) to make keywords hard to miss. Then proceed with the manual print, expunge, scan process.
15 replies →
> this type of redaction eliminates the possibility to change text length
This is the only weakness of Barr's method.
> it doesn't eliminate the risk of non-redaction since you can't simply search&replace with machine precision
Anyong relying on automated tools to redact is doing so performatively. At the end of the day, you need people who understand the context to sit down and read through the documents and strike out anything that reveals–directly or indirectly, spelled correctly or incorrectly–too much.
5 replies →
> this type of redaction eliminates the possibility to change text length, which is a very common leak when especially for various names/official positions
Increasing the size of the redaction box to include enough of the surrounding text to make that very difficult.
2 replies →
FTC vs Microsoft: https://www.theverge.com/2023/6/28/23777298/sony-ftc-microso...
Follow the letter of the law, but not the spirit.
It already seems that they blacked out more than the law allowed, so following neither.
Not that it matters much what the law says if the goal is to protect the man who hands out pardons...
Given the context and the baldly political direction behind the redactions, it's not at all unlikely that this is the result of deliberate sabotage or malicious compliance. Bondi isn't blacking these things out herself, she's ordering people to do it who aren't true believers. Purges take time (and often blood). She's stuck with the staff trained under previous administrations.
Or it is just the result of firing people who were competent and giving insufficient training to people who had never done this before.
Also the pedophile that tried to obscure his face in pictures with a swirl effect that they were able to reverse enough to identify him:
https://www.minnpost.com/politics-policy/2007/11/you-can-swi...
IIRC there was a Slashdot discussion about it that went "Oh yeah, obviously you need to black out the face entirely, or use a randomized Gaussian blur." "Yeah, or just not molest kids."
The covid origins Slack messages discovery material (Anderson & Holmes) were famously poorly redacted pdfs, allowing their unredacting by Gilles Demaneuf, benefiting all of us.
[flagged]
You mean the layers that were, in fact, just side effects of scanning the (non-authoritative) short form certificate?