Strengthening trust in government through secure digital documents
Image source: greenbutterfly, Adobe Stock.
As government agencies move more services online, what they say on the web and how they correspondingly execute their missions feed into the public’s perception of their credibility. Developing a trustworthy online presence has perhaps never been as important and challenging as it is now. Digital content continues to be susceptible to bad actors who can misappropriate information at great expense to society. In this article, we are going to discuss a specific and ubiquitous type of content, PDF, which like other technologies, can be vulnerable to misuse if proper steps to secure it are not taken. In this article we will cover how government agencies can mitigate the risks.
Challenges with securing digital documents
Government services are about trust. There are various types of trust. Trust may be in the form of competence – can the government can perform its mission satisfactorily? Trust may be in the form of values – does the government share the values of its stakeholders and citizens? For citizen-facing government services such as public transit, waste collection and tax administration, the public expects that publicly financed busses run on time, that trash is collected, and that taxes are processed accurately.
In the digital age, one of the primary ways government agencies establish trust with citizens is through their websites and digital media, which represent the various agencies, offices and brands. Online content is the core of all websites, and PDF is one of the most common and useful types of digital files for conveying information about government services. PDFs are so useful to government agencies because anyone can open them and read them, no matter what computer operating system they use. Additionally, PDFs are a ‘fixed’ document format, which prevents changes to look and feel. In other words, an important tax form looks the same on the computer screen as it does when it’s printed, thanks to PDF.
Unfortunately, bad actors can take advantage of improperly secured content to damage the reputation of government agencies. This abuse can have serious consequences for governments, its agencies, and the citizens they serve. In December 2021, for example, according to the World Trademark Review, a company outside of the U.S. defrauded trademark applicants "by improperly altering official USPTO (United States Patent and Trademark Office) correspondence... misappropriating the USPTO’s trademarks, and impersonating the USPTO.”
Government impersonation fraud has also been reported at government heath and human services agencies. As a result of the COVID-19 pandemic, there has been an increase in fraudulent actors running phishing* schemes with digital documents to insert malware on individual or corporate computer networks. According to the United States Sentencing Commission, the median loss for healthcare fraud offenses in 2020 was more than $1.2 million.
Most government websites have a variety of PDF content that is branded and formatted specifically to convey critical information about key programs and services. Yet, PDFs can be vulnerable to manipulation if they are not properly secured. PDFs lacking certificate-based encryption can be impersonated and susceptible to malicious edits.
Considering the variety of mixed media used on government websites, PDFs can get overlooked in an organization’s overall online security framework. Government agencies should assess the requisite security features that travel with digital documents to prevent unintended data spillage, unauthorized document access, or malicious manipulation. According to a recent report from Forbes, a lack of organizational processes around document-level restrictions is a major risk across all industries. This is where Adobe can help.
Mitigating reputational risk
Use the right document tools: Government organizations can leverage a variety of tools within Adobe Acrobat DC to certify, encrypt, and remove or redact sensitive data before publication. Using the security features in Acrobat will mitigate the potential risk of PDFs being manipulated, and can prevent sensitive data spillage.
Conduct document process health checks: Government organizations should consider conducting periodic “health checks” of its PDFs and other web content to ensure that they have not been altered by bad actors and continue to stay secure.
Implement a digital governance model for documents: The U.S. General Services Administration has published a Digital Governance Policy template that provides an excellent starting point for government agencies interested in developing or maturing their digital governance models. Developing internal policies and procedures around digital document governance can strengthen the overall risk posture of government organizations. Government agencies might consider expanding their digital governance policies to include additional guidelines on digital media control processes.
Securing digital documents is about maintaining trust with the public. Government organizations need to accurately communicate information about their programs and services, and they can’t afford to have their reputations tarnished by scammers manipulating their documents.
Trust as the cornerstone
Adobe is proud to be the leader in secure digital documents and we continue to work closely with governments around the globe to strengthen their trust with citizens. More broadly, Adobe is spearheading the cross-industry Content Authenticity Initiative (CAI) to fight misinformation and add a layer of verifiable trust to other types of digital content such as images and videos, through provenance and attribution solutions.
Given the integral role digital content plays in engendering trust in society, Adobe has made trust the cornerstone of all our products, and we’re committed to working with public and private institutions to build more trustworthy and authentic digital content.
(*What is Phishing: the fraudulent practice of sending fake emails claiming to be from reputable sources, in order to get people to reveal personal information, such as passwords and credit card numbers.)