Skip to main content
All articles
Legal
9 min read

The Epstein PDF Redaction Failure: What It Means for Document Sharing

In 2019, court filings with 'redacted' names became public because PDF black-box redaction doesn't remove underlying text. Here's what that means for anyone sharing PDFs.

What happened

In December 2019, court documents from Virginia Giuffre v. Ghislaine Maxwell were filed in the Southern District of New York with portions of the text redacted. The redactions were intended to conceal the names of individuals referenced in the case — individuals whose identities the court had ordered to remain sealed.

Within hours, the names were public.

The redactions had been applied by placing opaque black rectangles over the text in the PDF. To anyone viewing the document in a standard PDF reader, the names appeared hidden. But the underlying text objects remained in the document's data layer. Anyone who selected the "redacted" text and pressed Ctrl+C could copy the names directly. No special tools were required. No forensic expertise. Just a PDF reader and a clipboard.

The names spread across social media and news outlets within the same day the filing was published.

Why it happened

To understand why this failure occurred, you need to understand how PDFs store content.

A PDF is not a flat image. It is a structured container with multiple layers. The visible rendering — what you see on screen or in print — is just one of those layers. Beneath the visual surface, a PDF contains:

  • Text objects: The actual character data, stored as positioned strings with font references. This is what screen readers read, what search indexes, and what copy-paste extracts.
  • Annotations: Comments, highlights, sticky notes, form fields, and drawing objects — including rectangles.
  • Metadata: Author name, creation date, application version, keywords, and custom properties.
  • Embedded resources: Fonts, images, attachments, JavaScript actions.
  • Incremental save history: Previous versions of the document, stored as revision layers.

When someone draws a black rectangle over text in a PDF — using annotation tools in Adobe Acrobat, Preview, or any other PDF editor — they are adding a new drawing object on top of the existing text. The rectangle is rendered above the text visually, but the text object remains unchanged in the document's data layer.

This is not a bug. It is how PDFs work. The annotation layer and the text layer are separate data structures. Drawing on top of text does not modify or remove the text.

The difference between visual redaction and structural redaction

There are two fundamentally different approaches to redacting content in a PDF:

Visual redaction (what happened in the Epstein filing): A black rectangle or highlight is placed over the text. The visual rendering hides the content. The text data remains in the file. Anyone with access to the PDF can extract the text by:

  • Selecting and copying the text under the rectangle
  • Opening the PDF in a text editor and reading the raw text streams
  • Using any PDF parsing library to extract text objects by position
  • Using accessibility tools or screen readers that read the text layer, not the visual layer

Structural redaction (what should have happened): The text objects themselves are removed from the PDF's content stream. The characters are deleted from the data layer. A black rectangle may still be placed for visual indication that content was removed, but the underlying text no longer exists in the file. When someone copies the area, nothing is there. When a parser reads the content stream, the characters are gone.

Adobe Acrobat Pro has a dedicated "Redact" tool (under Tools > Redact) that performs structural redaction — it removes the text objects, not just covers them. But many users use the drawing tools or comment tools instead, believing the visual result is the same. It is not.

Why this keeps happening

The Epstein filing was not an isolated incident. It was a high-profile example of a pattern that repeats across legal, government, and corporate document workflows:

  1. The tools don't communicate the difference. Drawing a black box over text looks identical to applying a structural redaction. The user sees the same visual result. Nothing in the interface warns them that one method removes content and the other merely hides it.

  2. Visual inspection is misleading. If you look at the document and the text appears hidden, the natural assumption is that the text is gone. Visual inspection is not verification.

  3. Time pressure overrides process. Court filings have deadlines. Document preparation happens under time constraints. When a paralegal or attorney needs to redact a 200-page filing before a 5 PM deadline, they reach for the fastest available tool. If that tool is a drawing rectangle, that is what gets used.

  4. Training gaps are invisible until they are not. Law schools do not teach PDF internals. Most legal technology training covers how to use software features, not how file formats store data. The knowledge gap between "I drew a black box" and "the text is still there" is invisible until a failure occurs.

The broader pattern

The Epstein filing was the most publicized example, but similar failures have occurred in other contexts:

  • In 2005, the Italian military intelligence agency SISMI released a PDF with "redacted" portions that were extractable, revealing details about the CIA's extraordinary rendition program.
  • U.S. government agencies have published PDFs with inadequate redactions multiple times, including TSA security screening procedures and NSA surveillance documents.
  • Law firms regularly encounter situations where opposing counsel extracts metadata or hidden text from documents that were believed to be sanitized.

The common thread is the same: the document looked correct on screen. The data was still in the file. The damage was real.

What proper document safety looks like

Preventing this type of failure requires more than better redaction tools. It requires a workflow that includes verification.

Step 1: Structural removal, not visual overlay

Any redaction must operate at the data layer, not the visual layer. Text objects must be removed from the content stream. Annotations used for visual indication must not contain the original text.

Step 2: Metadata and revision history removal

Even if the visible text is properly redacted, the document may contain:

  • Author metadata identifying who created or edited the document
  • Revision history containing previous versions of the text
  • Comment threads discussing the content
  • Embedded attachments or linked documents

These must be removed as part of the sanitization process.

Step 3: Verification by re-scanning

After sanitization, the output file must be re-parsed and re-scanned using the same detection rules that identified the original findings. If a finding persists — if text is still extractable under a redaction rectangle, or if metadata fields still contain data — the verification fails and the issue is flagged.

This verification step is what separates a sanitization workflow from a hopeful cleanup.

Step 4: A record of what was done

The person responsible for the document — the attorney, the compliance officer, the filing clerk — should have a written record of what the tool found, what it changed, and whether the verification passed. This record serves as evidence that due diligence was performed, which matters if the adequacy of the redaction is later questioned.

What you should check before any document goes out

If you share documents professionally — as a lawyer, consultant, compliance officer, healthcare administrator, or anyone handling sensitive information — consider this checklist before sending:

  1. Author and metadata fields: Does the document's "Properties" panel contain names, company names, or application identifiers you don't want to share?
  2. Revision history and tracked changes: If this is a Word document converted to PDF, does it still contain editing history?
  3. Comments and annotations: Are there comment threads, sticky notes, or review markup still in the file?
  4. Hidden text under redactions: If portions of the document are redacted, has the text been structurally removed — or just covered?
  5. Embedded attachments: Does the document contain attached files, embedded images with their own metadata, or linked external resources?
  6. GPS and device data: If the document contains images, do those images carry EXIF data with GPS coordinates, camera identifiers, or timestamps?

Checking each of these manually is possible but time-consuming. It requires opening the file in specialized viewers, inspecting XML structures, and understanding format internals. Most professionals don't have time for this — which is why the problem persists.

A structural problem needs a structural solution

The Epstein redaction failure was not caused by incompetence. It was caused by a tool that did not communicate the difference between hiding content and removing it, used by a professional under time pressure who had no reason to doubt the visual result, in a workflow that did not include a verification step.

That combination — unclear tools, reasonable assumptions, no verification — is present in every organization that shares documents. The question is not whether your documents contain hidden data. The question is whether you have checked.

Purgit scans documents for hidden metadata, verifies redaction safety, and re-scans the output to confirm every finding was resolved. Run your documents through Purgit before they leave your desk.

[Scan a File Free]

Scan before you share.

Try Purgit free — no account required.

Scan a File Free