Windows Vista, the next version of Microsoft's Windows client operating system, will give users the ability to search for files by looking for information in the file's metadata tags. However, a report by I.T. research firm Gartner warned that allowing users to search for metadata tags in this manner could result in private information being inadvertently disclosed.
Metadata consists of "data about data." It is supplementary information about the author of a document, its various revisions, and any changes that have been made, explained Neil MacDonald, Gartner's vice president and distinguished analyst of information security, privacy, and risk.
For example, users will be able to search easily in Windows Vista for any files that contain the name of a document's author, which means the search will turn up any earlier versions of documents created by that author, even if those documents were not originally intended to be read by the public.
The Gartner report, "Plan To Deal with Metadata Issues with Windows Vista," written by MacDonald and Gartner analyst Michael Silver, outlines one example in which an employee might give a document about a client the metadata tag "bad client." If that document were then sent to the client, considerable embarrassment, even loss of business, could result.
MacDonald said that most computer users are not aware even of what metadata is. He cited a current lawsuit against pharmaceutical giant Merck about its Vioxx drug as an example of a situation in which documents carrying metadata can cause problems for the creator.
According to a report published on on December 8, 2005, by U.S. magazine Forbes, a Merck research document submitted to the court was revealed to have been altered with critical information having been deleted. "This was discovered as a result of the document's metadata being examined," MacDonald said.
The Gartner report suggested that firms must have a strategy in place for dealing with metadata before adopting Windows Vista. "The metadata problem is going to get worse with Windows Vista," MacDonald said. "Firms need some way of ensuring that they do not suffer embarrassment."
MacDonald also said potential solutions might range from deleting metadata in outbound e-mail to installing third-party software tools to manage disclosure of metadata. Windows Vista will include a Microsoft-developed tool to remove metadata, but the report said that the tool will not entirely resolve the problem.
To use the metadata-removal tool, a copy of the document has to be generated. But the report warned that even if the metadata is removed in one document, there is a risk that the wrong document could be sent out. Also, the file's creator has to remember to use the tool.
"Part of the problem is that Microsoft Office handles metadata in one way and Windows Vista handles it in another way," MacDonald said. "Office and Vista are managed by different business groups within Microsoft."
Microsoft needs to find a way of ensuring that its Office and Vista development teams talk to each other and sort out the potential problems that Windows Vista will cause with metadata, MacDonald said.