Skip to content

Outlook 2002 Privacy Busting "Feature"

Outlook 2002 doesn’t respect any of Word’s settings – even if you’ve told Word 2002 to remove any personally identifiable information.

If you’ve been following along with the privacy revelations in the latest issues of Office Watch, you know that any Office file sent as an attachment to an Outlook 2002 or Outlook 11 message contains a ten digit number that can be easily traced to the machine on which the message originated. The originating PC has a file called c:Documents and SettingsApplication DataMicrosoftOfficeAdHoc.rcd which contains the ten-digit “brand” number.

Outlook 2002 and 11 also put your Email address and your name in the Office file’s File | Properties | Custom variables.

Outlook 2002 doesn’t respect any of Word’s settings. That ten digit number, and your email address and name appear even if you’ve told Word 2002 to remove any personally identifiable information (Tools | Options | Security | “Remove personal information from this file on save”). They appear even if you’ve told Word 2002 to not assign a merge number (Tools | Options | Security | “Store random number to improve merge accuracy”). Outlook 2002 runs roughshod over your Word settings, and the only way to stop its privacy-busting behavior is by digging down five levels and disabling one of the most obscure options in Outlook (Tools | Options | Preferences | Email Options | Advanced, uncheck “Add properties to attachments to enable Reply with Changes”).

As far as I can tell, none of this is documented anywhere, so I’m going to give it a shot here in Office Watch.

This only happens in Outlook 2002 and Outlook 11.

1. When you compose a message and press Send in Outlook 2002 or Outlook 11, Outlook looks to see if there are any Office files (Word documents, Excel spreadsheets, or PowerPoint presentations) attached to the current message.

2. If there are Office files present, Outlook looks at Tools | Options | Preferences | Email Options | Advanced, and if the box marked “Add properties to attachments to enable Reply with Changes” is checked, it “brands” all of the Office files attached to the message. The “Add properties to attachments to enable Reply with Changes” is checked by default – that is, your files will be branded, unless you specifically go in and turn that setting off.

3. Outlook brands the files by inserting your email address, your email “display” name, and the Subject line of the message into File | Properties | Custom variables. (Valerie Mallinson, Microsoft’s planted “Mac to PC Convert” lady, had one of her files branded with her display name.) Then Outlook looks for a File | Properties | Custom variable called _AdHocReviewCycleID.

3.A. If there is no _AdHocReviewCycleID variable, Outlook generates a random 10-digit number, and sets up a variable called _AdHocReviewCycleID, assigning it the value of that 10-digit number. The _AdHocReviewCycleID number and the full file name of the attached file (including its path) is placed in the file AdHoc.rcd. AdHoc.rcd is an old-fashioned INI file that can hold 100 entries, so it keeps track of the last 100 files that have been attached to email messages.

3.B. If there is an _AdHocReviewCycleID variable, Outlook looks to see if the 10-digit _AdHocReviewCycleID value is already in AdHoc.rcd. If it’s already there, Outlook doesn’t change anything. If the 10-digit number isn’t in AdHoc.rcd, Outlook creates a new File | Properties | Custom variable called _PreviousAdHocReviewCycleID and assigns it that 10-digit value. Then Outlook creates a new random 10-digit number, puts it in File | Properties | Custom | _AdHocReviewCycleID inside the file, and adds the 10-digit number to AdHoc.rcd.

4. After the Office file is branded with this 10-digit number, the message with attachment gets sent along to the output queue, where it will ultimately go to the intended recipient.

5. When Word opens a file, it immediately looks for a File | Properties | Custom _AdHocReviewCycleID value (or, I assume, a _PreviousAdHocReviewCycleID value). Word looks up the 10-digit number in AdHoc.rcd. If Word finds the value in AdHoc.rcd, it retrieves the original file name and path, and asks if you want to merge changes back into the original file.

The rules for branding files that are sent from inside Word, Excel or PowerPoint (using File | Send To | Email recipient as attachment) appear to be different. Not sure what’s happening there.

Trustworthy computing.

“Mitigating factors”: Anyone who wants to trace an Office document back to the PC that originally sent it must have access to the AdHoc.rcd file on the originating PC.

Outlook only keeps track of the last 100 Office files sent as attachments to email messages.

“Unmitigating factors”: Ask Valerie Mallinson.

Bottom line: This is different from the “unique identifier” problem that Richard Smith discovered in Office 97 (more details here). But there are a lot of chilling similarities. Microsoft promised it wouldn’t permit “unique identifiers” into Office files in Office 2000. Why did it relapse in Office XP? And will the problem continue in Office 11?

 

About this author