What’s Hiding in Your Documents: the Dangers of Metadata

Tweet about this on TwitterShare on FacebookShare on LinkedInShare on Google+Email this to someone

Reprinted with permission from: New York State Bar Association Journal, October 2017, Vol. 89, No. 8, One Elk Street, Albany, NY 12207.

 

Click to download the PDF

 

Have you ever repurposed a contract or other largely boilerplate document by changing some names, dates, and a few other specifics? We’ve all done it, and that’s OK. It’s perfectly reasonable to avoid duplicating work.

The practice, however, carries hidden dangers that should make attorneys wary. The risks do not lie in the clearly visible aspects of a document, but in its metadata. Documents such as contracts and deals, which undergo various rounds of revisions, are also particularly susceptible.

Metadata is data about data, and it is embedded in digital information like emails, SMS messages, and – since nowadays they are created and transferred exclusively using computers – legal documents. Metadata had a long moment in the spotlight following Edward Snowden’s revelations in 2013 that the NSA was collecting the metadata of millions of citizens’ communications.  The widespread concern following the revelation was justifiable; while metadata doesn’t reveal the substance of a message or document (the data itself), it does give away a surprising amount of sensitive information. This may include the current and previous author(s) of a document, timestamps showing when it was created and modified, and, perhaps most worryingly, tracked changes and comments that you may have thought you cleared before sending off your work product to a client or opposing counsel.

Needless to say, this can result in embarrassment or, more seriously, a breach of confidentiality. Some e-filing websites even show a warning that the filer is responsible for scrubbing metadata prior to submission.

Some metadata, such as timestamps, can be found by looking at the “properties” on a document. Most hidden metadata can only be found using special software, but it can also be exposed if a file is corrupted – and risk of corruption rises significantly with repurposed documents – or not converted properly.

Don’t panic. This doesn’t mean that you have to start every document from scratch or revert to using paper. There are precautions you can take using what you already have on your desktop as well as several products that cater to the need for metadata scrubbing among attorneys.

Scrubbing Tools

Several software solutions check legal documents for metadata that should be wiped before sending. They offer various levels of integration with email applications like Outlook and document management systems like iManage and NetDocs.

Workshare and Litera offer similar metadata-scrubbing features and are probably the most popular tools among law firms. These tools are designed specifically for the legal industry. The latest versions run quietly alongside your email and document applications, with minimal bothersome popups. They do have a different look and feel, and it would be worth trying a demo of each to see which you prefer.

Litera allows attorneys to have comprehensive control over document scrubbing at the cost of a few extra steps in their workflows.

Similarly, Docscorp, which you may know for its PDF document management, offers a popular solution called cleanDocs, which promises to clean a 100-page document in under half-a-second. BigHand also offers a product called Scrub, and PayneGroup sells Metadata assistant for the metadata-wary.

While a specialized scrubbing tool is your best bet for removing metadata, there are also ways to be cautious with what you already have. Consider disabling or avoiding the “fast save” function in Microsoft Word – that’s the kind of save we perform by clicking CTRL+S or on the plain floppy disk icon as opposed to “save as.” This kind of save only registers the appended or changed information and leaves a map of edits behind. Certain versions of office products also allow you to specify that certain metadata not be saved in the security settings. As for PDFs, always save them in the “locked” form in Adobe Acrobat before sending.

Keep in mind that metadata is subject to discovery in litigation and sometimes needs to be preserved. The most important thing is to know when to scrub and when to preserve it.