Document security – how to find who’s leaked a confidential document?

I am legally obliged to distribute a document (probably by email, probably saved as MS word, or a PDF) to several hundred recipients.

The recipients are legally obliged to keep it confidential. However, based on past experience I’m pretty sure it’s going to end up publicly leaked pretty quickly. (in the past it’s been freely distributed verbatim)

This has happened before, it’s a serious problem and causes us financial damage and I’d really like to put a stop to this and identify the miscreant.

I’m aware of the John Le Carre technique of making each document very slightly different (missing full stop here, minor typo there etc etc) but with several hundred recipients making several hundred uniquely identifiable copies of the same basic document would be a non-trivial task.

Is there a way to automate this? or is there a better way of finding who’s doing the leaking?

UPDATES – documents published 2 or 3 times a year. In the past the whole pdf has been published verbatim on public or semi-public forums, often within days (sometimes hours) of being distributed. On other occasions the documents have been re-distributed via email from ‘burner’ accounts (normally gmail)

  • The document is released to meet various legal obligations, so the information HAS to be accurate. It also HAS to go to the various recipients. So changing any of the data is not an option, but there’s no law against making a spelling/grammar error

Multi-user document encryption: access to user private keys

I am attempting to implement these solutions for multi-user document encryption:

  • https://security.stackexchange.com/a/71915

  • https://owncloud.com/wp-content/uploads/2014/10/Overview_of_ownCloud_Encryption_Model_1.1.pdf

The user’s private key is stored in a database and encrypted using a symmetrical cipher, the key to which is the user’s password.

My question is how should the private key be kept around so it can be used in subsequent requests? The user’s plaintext password is only available during the initial login request so that’s the only time it can be used to decrypt the private key.

The options I have thought of include:

  • Decrypt the private key on login, keep it in memory, then look it up on subsequent requests
  • sending back the private key in the user’s JWT (also ensuring the JWT is encrypted)

How can I preserve the uniqueness of a document without a database?

I’m willing to create a system of transferable documents (identified by it’s ID) whose author can transfer his ownership of that document to another person (identified by his/her ID).

For example:

  1. Alice; owner of document 1.
  2. Alice transfers his ownership of that document to Bob.
  3. Now: Bob is owner of document 1. 4. Alice says she is the owner of document 1, but she fails.

(Item 4 is very important)

We can make sure that the system with it’s author remains untouched by using digital signature. But if Alice made a copy of that document signed when she was the owner, there would be no way to prevent her from saying she is not the owner of the document.

So we would need something to make a signature to expire whenever it is transferred.

IF I HAD A DATABASE: I would simply add that signature to a ban list.

Are there any solutions to preserve the uniqueness of this document?

How to make code examples accessible in a document?

I’m creating a MS Word document (and will probably convert it to PDF later on) for a visually impaired programming student.

I’m following all the guidelines about text semantics, like correctly using headers, paragraph, tables, avoiding blank lines, etc. But I don’t know what to do when it comes to code examples. I’m particularly using Python for this document, so not only there are code snippets but also interpreter examples, including the “>>>” symbols. What’s the best way to add these in my document? Should I enclose these examples in a table containing just one cell, and then adding a title to the table along the lines of “this is a code example:”? Should I add line numbers? Any other markup that I should add?

Moving Document Library to a subsite in SharePoint

Currently, we have Document Libraries created in SharePoint Online and would like to move them using Powershell to its own Subsite. The reason we would like to move them is that we would like to keep the version history. Since we are dealing with 1000s of files, I would like to use Powershell to complete this task.

I am currently connecting to my SharePoint site using:

Connect-PnPOnline -Url “Sitename” -UseWebLogin

Here is where I need assistance. I am trying to use Move-PnPFolder but I am not sure how to write a command that would define the source, destination, and move of all files in the document library to a subsite that I have manually created.

Help please?

SPO – Set Document Library as Site’s Homepage

I want users to automatically be directed to the Document Library when visiting a Sharepoint Site (sites/sitename/Shared%20Documents/Forms/AllItems.aspx). These are Office 365 group sites being used primarily for file sharing/syncing.

Using a page that contains the document library web part does not suffice as the web part does not include all the file and folder functions.

If I use Pages > +New > Link and use the document library URL, the resulting link opens a download of the URL shortcut when set as the homepage.

I see no available SPO cmdlets or parameters of existing cmdlets that allow setting the home page similar to Set-SPOHomeSite. This cmdlet seems to only set the global home site for the tenant, not for a specific site, and if I try to use Connect-SPOService on a specific /sites/ it fails to authenticate. I was hoping for something like:

Set-SPOSite -Identity https://tenant.sharepoint.com/sites/sitename -HomePageURL https://tenant.sharepoint.com/sites/sitename/Shared%20Documents/Forms/AllItems.aspx