Mark Felt-Tipped

Feb 25, 2018

On Saturday, the House Intelligence Committee released the Democratic (PDF) rebuttal to the Nunes Memo.

While the full release of Nune’s memo was was approved by President Trump, the White House denied a similar request to publish the minority party’s response, citing concerns about the release of classified information. The version of the new memo released to the public was therefore heavily redacted.

While the document still lays out the pieces of evidence used in FISA applications for the surveillance of Trump campaign advisor Carter Page, the individual claims’ details have been omitted. So while, for example, his meetings in Moscow are mentioned, the specific identities of his contacts at those meetings have been redacted.

The document was released as a PDF that appears to be a scan of a printed copy that was manually redacted using a black felt-tipped pen or text marker.

Felt-tipped pen redactions in the released memo.

While this method of redaction effectively obscures the relevant sentence fragments, the text’s layout remains unchanged. This opens up the tantalizing opportunity to reconstruct top-secret information by correctly guessing fragments that result in the flow of text after each redaction to align to the released version.

While most redactions appear to be too long to guess and manually check, there is one significant single-word redaction where the process described above leads to success with trivial ease.

On page 3, the first paragraph contains the sentence “By then, the FBI had already opened sub-inquiries into [REDACTED] individuals linked to the Trump campaign”. The size of the redaction and context of the sentence strongly suggest the classified information to be a numeral.

Original release: a single, redacted numeral

In the following illustractions, versions of the line with different numerals as the redacted word are overlayed the original release. Trial-and-error determined Times New Roman at 17pt to be a good fit for the original fiint and size. The original was slightly rotated to provide the best possible fit, since it was apparently scanned at a slight angle. A perfect recreation will diverge little from just the original, with the tested text lying directly on top of the original. Wrong guesses lead to clearly visible offsets. The software used is Pixelmator, a Photoshop-like image editor.

Only the numerals “zero” to “ten” roughly fit the size of the redacted word, with “zero” and “one” being excluded because the resulting text would be nonsensical. Trying the remaining numerals “two” to “ten” results in the following.

'two' leads to a bad fit past the redaction
Larger view showing the clear tracking error after 'two'
Larger view showing constant fit before and after 'four'

It is clearly visible that the numeral “four” gives us far higher accuracy for the text overlays that follow. We have defeated some three-letter agency’s tradecraft, and exposed top-secret information with a $30 graphics program.

I am working on automating this process and trying to find similar hits for the remaining redactions.

Follow me on Twitter for updates: @whereismatthi. Send inquiries to

Other Articles

Mark Felt-Tipped Feb 25, 2018

Building Tensorflow 1.5.0 on MacOS with CUDA GPU Jan 21, 2018

Contact Jan 1, 2018

iTunes crashes with MediaControlSender AVSystemController_GetAirPlayInfo Aug 18, 2017

Add iterm2 marks to long-running outputs Jun 1, 2017

Trump Documents Atbash Decoded May 23, 2017

Polkit? WTF is this again? Actually... May 23, 2017

osacompile: no such component "JavaScript" May 2, 2017

" glxQueryVersion failed" with a headless chrome on alpine Mar 17, 2017

lighthouse/chromium/alpine/docker image Mar 9, 2017

Don't know how to build task '# Mar 6, 2017

sfdp: Error: Graphviz not built with triangulation library Jan 7, 2017

link_directory must be a directory Jan 2, 2017

Deactivating the Z170N's internal bluetooth in Clover Jul 3, 2016

Autogenerate a Dash Docset with Object Graph and documentation Statistics on Rails Migrate Jun 13, 2016

Massdrop is the worst spammer I've seen since the 90ies May 23, 2016

Verifying NGINX configurations in ansible May 23, 2016

ANSIBLE-MODULE-PATH and more Apr 29, 2016

'' is not a git command Apr 23, 2016

I rule (.svg) Mar 8, 2016

React and Relay error scrapbook Mar 3, 2016

Get a Grid, at least vertically Feb 17, 2016

Uncaught TypeError: Iterator value meps is not an entry object Nov 14, 2015

Controlled Jekyll Republishing with git Commit Messages Nov 2, 2015