No, I am not talking about the obvious use of digital cameras to secretly take photos of confidential documents, of secret installations, or to record some activity which is supposed to remain unrecorded. With relatively high quality digital cameras being built into increasingly smaller cases or as part of mobile phones, it is clear how many organizations or government agencies are banning digital cameras or phones which have digital cameras altogether.

This article focuses on another aspect of digital photography - the Exif (Exchangeable image file format) [sample here]. As many readers know, this is a format used by digital cameras to store information about the photo (metadata) which can describe techinical aspects of the photo (e.g. camera manufacturer and model, exposure time, flash, date and time photo taken, etc.) Such technical information does not seem to pose much of a security risk - knowing the model of the camera taken may be relevant in some cases to show ownership of the camera or to somehow authenticate the picture, but such use is limited. However, many photographers, professional and amateur alike, use Exif data to "tag" their photos and to store photo description and other relevant information. The advantage of this method is that once a photo is taken and subsquently tagged by the photographer with location, description, and other relevant information, anyone who has the digital file can read the Exif information. The disadvantage, unfortunately, is that anyone can read the Exif information.

There are two types of Exif information - automatically stored and user-created. Both are potentially dangerous in different ways. Let’s focus on the user-created Exif information first.

More than a year ago, a high profile article on the WashingtonPost.com illustrated how Exif data can be misused. An article by Brian Kerbs, "Invasion of the Computer Snatchers" interviewed a hacker, known online as "0×80" and allegedly promised anonimity. The story included a nice photo of the alleged hacker taken from an angle and with light effects as to mask the identity of the hero of the story. However, the Washington Post editors forgot to remove the Exif information from the photo. Incidentally, it contained some very revealing information, one of them "LOCATION: Roland, OK" which is a small town with population of 2,842. By confessing to controlling thousands of compromised PCs for malicious use, and by having his location revealed, the alleged hacker’s identity is almost openly revealed which may tip the authorities and subject him to criminal prosecution for variety of computer crimes.

The Washington Post gaffe shows how Exif data can be inadvertently "leaked" onto the Internet and can lead to potentially disastrous effects. I am not aware of any adverse consequences to the hacker into Post story but hopefully the point is made.

The second type of Exif information is the automatically stored data that is created most often by the camera. As indicated above, such data may be the time and date when the photo was taken, flash, resolution, camera type and model. However, one additional piece of automatically stored information may be GPS location. Some modern cameras (and increasing number of new models) come with either GPS device built-in or capable of attaching to one. The result is that the camera now will automatically store the GPS coordinates of each photo into its Exif data. This could be a very convenient tool - after all, everybody would like to have his or her pictures neatly placed on a map based on where they were taken. Professional photographers would also appreciate the convenience. But as the Washington Post story suggests, taking a photo of a secret object and leaving the Exif data intact before posting the photo on the Internet may pose problems.

Exif also often contains a thumbnail image of the original photo. We see many digital photos on the Internet where the face or another part of the photo is blurred out or redacted in some way. Unfortunately, many of the posters of those photos do not realize that the digital photo’s Exif information may contain a thumbnail version of the original, unedited, photo. This is an example of a photo in which the subject of the photo’s identity was masked only to be left intact in the Exif thumbnail embedded in the photo.

So, what is the solution? There are two prongs. One of procedural and one is technical. First, check what type of Exif information your camera can store and make adjustments, if necessary. Second, think twice before tagging photos with keywords or other descriptions especially if you are in the business of posting images online or sharing digital image files with others. Don’t forget that once you post or send a digital image with "dangerous" Exif information, there is no way to get it back. Third, use Exif removal software.

Hopefully this article would raise the awareness of Exif and would prevent future embarassing "accidents" like the Washington Post one from last year.