The boffins at Xerox PARC (Palo Alto Research Center) have demonstrated a way to encrypt sections of a document so that sensitive information can be shielded from unauthorised readers.
The technology has an ugly name, ‘intelligent redaction,’ and the tricky bit of making such a system work is automatically identifying which bits of a document are confidential and how the sensitivity of one section might create dependencies in later parts of the same file.
Essentially, Xerox’s redaction uses partial document encryption, first analysing basic types of potentially sensitive information such as name of companies, people’s names, and addresses. This is checked by the document author before the sections are scrambled to anyone other than those with a software key.
“The tools available today can’t provide sufficient content analysis and security because it’s difficult to determine what is sensitive,” said PARC’s Jessica Staddon. “In a large organisation the level of sensitivity changes depending on the person accessing the document. The sheer numbers of documents to be tracked and sorted further complicates the problem,” she said.
The system – Xerox reckons there is nothing like it around today - might interest document-dependant industries such as financial services, which operate under strict guidelines on who can read what and when, she said.
There are two organisational objections to such a system. First, if a document is that sensitive, why not just encrypt the whole file and restrict its access to only those with authorisation? This is the principle on which many of today’s document security systems already work.
Second, is there not a risk that a system of partially encrypting documents might get out of hand and end up with documents being routinely scrambled ‘just in case’, leaving unauthorised readers struggling to find any readable material? Assuming the technology became more mainstream, government departments might be especially prone to such casual and self-defeating censorship.
Perhaps the biggest problem with Xerox’s intelligent redaction is that it is not quite in a commercial state. Innovative it might be, but it is still boffinware.