Comment by JumpCrisscross

13 hours ago

> why wouldn't you just black box redact right away and print and scan? What does underline then ink give you?

These are roughly equivalent. The point is having a hard copy in between the digital ones.

5 comments

JumpCrisscross

Why would I settle for a rough equivalence? The point was about the chance of making mistakes in redaction, so sure, if you ignore the difference in the chance of making mistakes (which the underline process increases), everything becomes equivalent!

JumpCrisscross 12 hours ago
> Why would I settle for a rough equivalence?
They're equivalent in security. The digital method is more convenient (albeit more error prone). What confers the security is the print-scan step. Whether one is redacting in between or before doesn't change much.
You'd still want to do a tabula rasa and manual post-pass with both methods.
> point was about the chance of making mistakes in redaction
Best practice is humans redacting in multiple passes for good reason. It's less error prone than relying on a "smart" redactor, which is mostly corporate CYA kit.
- eviks 12 hours ago
  
  > They're equivalent in security
  They aren't, security is defined as the amount of information you leak. If you have an inferior process where you're substituting the correct digital match with an in incorrect manual match, you're reducing security
  > albeit more error prone
  The opposite, you can't find all 925 cases of the word Xyz as efficiently on paper without the ease of a digital text search, my guess is you just have made up a different comparison (e.g., a human spending 100hrs reading paper vs some "smart" app doing 1 min of redactions) vs. the actual process quoted and criticized in my original comment
  > Whether one is redacting in between or before doesn't change much
  It does, the chance to make a mistake differs in these cases! Printing & scanning can't help you here, it's a totally set of mistakes
  > Best practice
  But this conversation is about a specific blogged-about reality, not your best practice theory!

Teever 11 hours ago

Absolutely. The other comments replying to your original comment that are nitpicking over implementation details miss the purpose and importance of this step.

The fact that this release process is missing this key step is significant too imho. It makes it really clear that the people running this didn't understand all of the dimensions involved in releasing a redacted document like this and/or that they weren't able to get expert opinions on how to do this the right way, which just seems fantastical to me given who we're talking about.

In other threads people are discussing the possibility of this being intentional, by disaffected subordinates, poorly vetted and rushed in to work on this against their will. And that's certainly plausible in subordinates but I have a hard time believing that it's the case for the people running this who, if they understood what they were tasked with would have prevented an entire category of errors by simply tasking subordinates to do what you described regardless of how they felt about the task.

So to me that leaves the only possibility that the people running this particular operation are incompetent, and given the importance of redacting that is dismaying.

Regardless of how you feel about the action of redacting these documents, the extent to which it's done and the motives behind doing it, the idea that the people in charge of this aren't competent to do it is not good at all.

TheOtherHobbes 10 hours ago

This is one of the biggest document collections ever released to the public (...or will be when it's finally done) and the redactions were done in a hurry by a government agency with limited resources which would usually be doing more useful things.
So it's likely there simply isn't the time to do extended multi-step redactions.
What's happening is a mix of malicious compliance, incompetence, and time pressure.
It's very on-brand for it to be confused, chaotic, and self-harming.