Metadata In Documents

Metadata—information contained in a document about the document itself—is present in all MS Office documents. It includes document properties and document history. It can also include things you deleted from the document, but which are still contained unseen in the document when you, for example, sent it across to someone! Naturally, from a security standpoint, you wouldn’t want to share metadata, in most cases: you send across that which is final, and there’s no rea- son for the other person to know what you did with the docu- ment before you finalised it.

In Word documents—and, in fact, in all Office files—meta- data is stored in the Properties and Custom Properties of the document. These are stored internally within the document file in a special format called “OLE structured storage.”

5.3.1 Get Paranoid!

As an example, most Word document contain a revision log, a listing of the last 10 edits of a document, showing the names of the people who worked with the document and the names of the files that the document went under. Revision logs are hid- den and cannot be viewed in Microsoft Word itself—you need a metadata viewer to do that. In many cases, you wouldn’t want to divulge this information.

Here’s something that could terrify the paranoiacs: in 2003, the British government published a dossier on Iraq’s security and intelligence organisations, which was cited by Colin Powell in his address to the UN the same month. Dr Glen Rangwala, a lecturer, discovered that much of the material in the dossier had been plagiarised from a US researcher on Iraq.

The following is some of what appeared in the metadata for that file, which the British government published as an MS Word document on their Web site:

Rev. #1: “cic22” edited file

“C:\DOCUME~1\phamill\LOCALS~1

\Temp\AutoRecovery save of Iraq—security.asd” Rev. #3: “cic22” edited file

“C:\DOCUME~1\phamill\LOCALS~1\

Temp\AutoRecovery save of Iraq—security.asd” Rev. #5: “JPratt” edited file “A:\Iraq—security.doc”

Rev. #6: “ablackshaw” edited file “C:\ABlackshaw\Iraq—secu- rity.doc”

Rev. #7: “ablackshaw” edited file “C:\ABlackshaw\A;Iraq— security.doc”

Rev. #10: “MKhan” edited file “C:\WINNT\Profiles\mkhan\ Desktop\Iraq.doc”

Notice the names? P Hamill, J Pratt, A Blackshaw, M Khan! Of course, your documents probably aren’t as sensitive as those published by the British government, but they could be sensi- tive nevertheless.

5.3.2 Metadata In Word

Taking Word as an example, the metadata contained in a docu- ment includes your name and initials, your organisation name, the name of your computer, the name of the network server or hard disk where you saved the document, the names of previ- ous document authors document revisions and versions, tem- plate information, hidden text, and comments!

Open Word. Then go to File > Open. In the “Files of type” list, click “Recover Text from Any File”, locate a Word file, and click Open. The document will open without any formatting. Look at the information at the end of the document—you may see stuff such as the name of the author and path of the document.

Microsoft themselves say that before you provide others with a copy of your document, it’s a good idea to view any hid- den information and decide whether it’s appropriate to store that information. We’re wondering why there isn’t an option that says “Store no metadata”!

5.3.3 What To Do

The following are some steps you can take if you want to avoid sending metadata.

❍ Go to Tools > Options, then click the Security tab. Select the “Remove personal information from this file on save” checkbox in the Privacy options area, and click OK. Then save the docu- ment.

❍ You can also manually remove information from an already- stored document. Go to File > Properties. The Summary, Statistics, Contents, and Custom tabs may each contain infor- mation that you will want to remove. To remove it, highlight the information in each box and press [Del].

❍ Trying to remember the above for each of your documents, or ensuring that the others in your company do this, isn’t always practical. Fortunately, Word also provides the RemovePersonalInformation property, which, when set to True, removes all user information from comments, revisions, and the Properties dialog box when the user saves a document.

The following procedure creates a new document and adds code to the document’s Open “event” that sets RemovePersonalInformation to True. This ensures that person-

al information will be removed from the document whenever the user saves it. For the procedure to take effect, you must close and then re-open the document. Follow these steps:

Create a new blank document. Go to Tools > Macro and click Visual Basic Editor. In the Project Explorer window, under the folder for the current document, double-click “ThisDocument” under the “Microsoft Word Objects” folder. Then in the Code window, click the arrow beside the Object drop-down list, and click Document. Click the arrow beside the Procedure drop-down list, and click Open. Insert the following between “Sub Document_Open()”and “End Sub”:

ThisDocument.RemovePersonalInformation = True

Close the Visual Basic Editor by clicking Close and Return to Microsoft Word on the File menu. Save and close the document. When you re-open the document, the document’s Open event will execute. Personal information will then be removed from the document whenever the user saves it.

❍ Word can save one or more versions of your document in the same file. Those versions are saved as hidden information. Because these hidden versions are available to others and because they do not remain hidden if the document is saved in another format, you may want to remove these versions before you share the document. Here’s how to delete the unwanted versions and then distribute the document: Go to File > Versions. Click the version of the document you want to delete. To select more than one version, press and hold [Ctrl]as you click each version, and then click Delete.

5.3.4 Going Paid

If you’re sceptical of what you can do all by yourself, or if you want to be more thorough—or if you just plain want the peace of mind that a piece of software is doing the work for you, you’ll have to be willing to spend. You might also want to go the

third-party way if you’re managing a business and are worried (by now!) about metadata in documents.

Here’s one site to take a look at: www.payneconsulting.com/ products/metadataretail. Note that this is not a recommenda- tion on Digit’spart, but only an example of what’s available.

Available at that site is The Metadata Assistant, which analy- ses Office files to determine the type and amount of metadata that exists. The software allows you to analyse and clean files of metadata. The Metadata Assistant can also be used to batch- process multiple files on a local or network folder. Additionally, you can analyse and clean files attached to mail messages and convert them to the PDF format for extra protection.

Metadata Assistant costs $79 (Rs 3,500).