Failure to Eliminate Metadata May Cause Confidential Source Breach

An article published recently in the Washington Post gives an in-depth look at the life of one hacker running botnets. While the article is fascinating in its own right, the most interesting part may be a photo published online, since removed, with the article.

Vocab Update

Botnets are robot networks consisting of a bunch of internet computers used to spread viruses and spam. These computers become part of the botnet unbeknownst to their owners. The ruler of the botnet is, of course, a hacker. While spam and viruses are certainly problematic, these botnets seem to be at the root of most cyber evils.

Metadata is data that is used to describe other data. Metadata is often stored with documents and images and identifies such details as who created the document or image, when and in what format. Metadata is good stuff for the future of the internet. But Metadata can also put private information in the public eye.

The Photo

In the Washington Post article, the hacker reportedly would only submit to the interview if his name and home town were not identified. Unfortunately, the photo published with the article included metadata identifying the city and state of the hacker. Given the city is relatively small and the article already reveals the sex and age of the hacker, anyone interested in tracking down this individual shouldn’t have much trouble. Which may well mean, from the way the article was drafted, that the hacker had an expectation of privacy and the newspaper failed to keep its source confidential.

Keep in mind this metadata issue isn’t a function of traditional print journalist. This problem only exists in the electronic or online world. So when looking to an insurance policy to protect the reporter and the publication for their failure to protect the source, there are two important factors: 1) The policy should include confidential source language, such as coverage for “breach of or failure to protect a confidential source.” Note: many true media liability policies do contain this language but standard internet liability policies do not. And 2) The policy’s confidential source protection should extend to online activities. Note: not all standard media liability policies include coverage for website activities.

Don’t forget bloggers may be considered journalists too. It may be a good idea to secure the confidential source (not to mention internet liability) protection for your clients with blogs as well.


If you have never seen metadata. Just open one of your Word documents and click on File > Properties. As you click through the tabs, you’ll see the types of data that can be attached to your files. If you’re interested in tips to help you keep your own metadata out of the wrong hands, software developers do provide details. Just type “metadata” into the search functions of the help features on Word and Acrobat Professional to get an introduction to removing personal info from your documents.