INFORMS Online
Privacy (Yours) and Security (Ours)
By Matthew Saltzman
It is frequently said that security is a process, not a state. Security and privacy require constant attention to new threats. INFORMS staff and officers have been discussing two issues that I believe should be relayed to our members.
Confidentiality of word processing documents. In INFORMS publications, referees' identities are confidential. Before electronic documents became commonplace, it was easy to check for and correct obvious violations of confidentiality. If the referee's name appeared in a paper document, it could be masked out and the report photocopied. Of course, not much can be done about more subtle identifying characteristics such as writing style, predominance of citations or membership in a small community of experts on a particular topic.
With electronic documents, however, there are new opportunities to inadvertently reveal a document's authorship or other confidential properties. INFORMS publications and IT staff are working to identify combinations of programs, operating systems and file formats that have these issues and to develop policies and procedures to protect referees' confidentiality. Meanwhile, this is an issue that anyone who writes referee reports or other confidential documents should be made aware. If you know of programs with similar issues not listed here, please write to me at iol_editor@mail.informs.org.
Microsoft Word records the author's name in an undisplayed field embedded in the document (such hidden information is referred to as "metadata"). Deleted passages are also saved in hidden form in the file. This information can be viewed with a text editor or programmer's editor, or by opening the document in Word using certain options. A set of instructions for managing this metadata in your documents can be found on the Microsoft Developer Network Web site: http://msdn.microsoft.com/library/
default.asp?url=/library/en-us/dnword2k2/html/odc_ProtectWord.asp.
Saving in alternate formats may preserve or re-introduce revealing metadata. Adobe Acrobat records identifying information about the document creator. When printing from Word to a PostScript file, identifying information may be included in comments in the file. Such information can be found and removed using a text editor.
The source file of a report written using TeX or LaTeX is plain text and contains no hidden metadata. But some tools used in the translation process that produces formatted output may introduce metadata of their own. The dvips command in some Windows TeX distributions saves information about the user running the command, and Acrobat Distiller may also.
Linux and Unix users are not immune. OpenOffice saves metadata by default, though it can be deleted. The dvips command usually used in Unix and Linux does not add metadata, nor do Acrobat Distiller and ps2pdf. But the Xfig drawing program saves the userid when exporting encapsulated PostScript, and it is preserved when dvips incorporates the figure into the document.
Of course, reports can always be sent by hard copy or you can submit the file with a request that the editor check to be sure it is sanitized.
Is what you see what your reader gets? Another problem related to the broader issue of whether an electronic document reflects the author's intentions is that a document that uses any unusual fonts may look different in a different format or on the reader's computer than the original did on the author's computer. The differences may be subtle and may change the meaning of the document. Authors and referees should be sure to save in a format in which all fonts can be saved with the document or submit hard copy for verification.
Unauthorized access to PubsOnline. Many institutional subscriptions (including those from INFORMS) allow any computer on campus to access published material. But certain services that can be run on desktop computers may allow access to campus subscriptions from off-campus computers.
A "proxy server" program relays requests from a client program to the intended server, possibly processing the request in some way. For example, Squid is a Web proxy server that caches page requests. Privoxy can filter banner ads and masquerade personal information sent to Web servers. Proxy servers are also used to pass data through firewalls. A proxy server is called "open" if access to it is not restricted to authorized machines or users.
University networks traditionally have been fairly open, allowing access from outside to campus machines without firewalls. In such configurations, administrators of individual machines must secure them against unauthorized use. Frequently, students or less experienced system administrators may run proxies without properly securing them. Crackers ("black-hat" hackers) systematically seek out such machines, use them to access electronic subscriptions, and resell the downloaded articles. Open mail servers are also sought out and used to relay spam.
Although INFORMS publications are relatively inexpensive, hence less attractive than some prime targets, INFORMS is nevertheless concerned about this theft of service, and we believe our members should be as well. What can you do? If you administer your own machine, you can make sure that you are not running proxies or that access to them is restricted to authorized machines and users. If not, you can raise the issue with department and campus system administrators. In the long run, campuses will have to implement more secure boundary controls on their networks and use VPNs to provide authorized outside access.
Matthew Saltzman is an associate professor of Mathematical Sciences at Clemson University and IOL editor.
OR/MS Today copyright © 2003 by the Institute for Operations Research and the Management Sciences. All rights reserved.
Lionheart Publishing, Inc.
506 Roswell Rd., Suite 220, Marietta, GA 30060 USA
Phone: 770-431-0867 | Fax: 770-432-6969
E-mail: lpi@lionhrtpub.com
URL: http://www.lionhrtpub.com
Web Site © Copyright 2003 by Lionheart Publishing, Inc. All rights reserved.