The clash between freedom of information requirements, particularly in the public sector, and a continuing need for privacy has created a burgeoning market for local company Onstream Systems and its RapidRedact suite.
RapidRedact performs redaction — the secure erasure of confidential information — on documents destined for release beyond the originating organisation.
The problem of insecure redaction was highlighted last year by Computerworld’s report of imperfectly deleted confidential portions of a proposal to fund a new partly government-financed umbrella ICT industry group. Detailed financial projections as well as officials’ comments on the reasons for the lack of success of a previous embryonic group, ICT-NZ, were readily readable simply by “selecting” those portions, copying them and pasting them to a blank document.
This is typical of the mistakes that arise from giving the redaction task to staffers with no specialist knowledge of the field or specialist software, says Onstream CEO Glyn Williams. Unfortunately it’s the board and top management that is usually accountable for any disastrous consequences.
Spotting and removing visible confidential data is only half the problem, he says. Information that records past changes to the document and metadata revealing such details as authorship must also be removed. When images of the pages of the final Harry Potter book were released through the internet before publication, particularly inquisitive readers soon knew the make, model and serial number of the camera used.
Freedom of information statutes and laws such as the US Sarbanes-Oxley Act are one set of factors boosting the need for redaction, Williams says.
RapidRedact allows various “regular expressions” such as a credit-card number or social security number to be automatically recognised by their format, while others can be deduced from surrounding text; but it is impossible to perform the entire task automatically. There has to be a stage of manually “picking through” the text, Williams says, to identify the last 10% or so of information that needs deleting.
The software can also replace terms consistently, for example in the transcript of a court case where people are not to be named but referred to as Witness A and Witness B. Having made the alterations, RapidRedact reissues the document with the requested parts securely deleted.
Onstream began as a document image processing company but saw the redaction need and produced the original desktop version of RapidRedact three years ago. A server version was released earlier this month.
OnStream has a staff of 15, most of whom are based in Palmerston North, “because it has good computer science schools,” says Williams. A minimal marketing presence is in Wellington, but most selling is done through channels.
RapidRedact has users in New Zealand, the US, the UK and Canada. The biggest government user here is the Ministry of Social Development.