No one had to “hack” the Epstein Files. DOJ failed to actually redact them.

When the U.S. Department of Justice released millions of documents under the Epstein Files Transparency Act, many news headlines and social media posts quickly described what followed as “internet sleuths” “hacking” the release to read redacted documents. It wasn’t hacking—it was a shambolic failure of redaction by the DOJ.

What happened was not sophisticated hacking or a DOJ security breach. As multiple outlets reported, members of the public were able to reveal information in some of the released files by highlighting and copying the text “hidden” under a black box.

For anyone who works in eDiscovery, this episode was shocking, but familiar. It was a textbook example of visual masking being mistaken for true redaction.

Back in the day, redactions were done with a black marker, a sticker, or tape. Savvy paralegals knew to photocopy the redacted document and produce the photocopy, so that the original type didn’t show through under backlighting, and the slight rise of printed type could not be recovered using a rubbing technique.

It’s the same for digital documents: Data does not disappear because at first blush, you cannot see it. Drawing black boxes over text, or adding a black background to a spreadsheet cell, does not fully conceal the information. Redaction requires permanent removal of content, which is best done with tools built for the job.

When we redact information in litigation or criminal matters, it’s because there are serious stakes. Attorney-client privileged advice, critical trade secrets, the names of criminal informants, or the private information of victims—we redact things that need to be protected.

The impact of these failures was not theoretical. For the Epstein Files, redaction errors exposed the Personal Identifying Information (PII, including names, addresses, phone numbers, dates of birth, and bank account or credit card numbers) of women who were victimized as minors, leaving them once again vulnerable to the predations and cruelty of MAGA keyboard warriors.

Even when you are not exposing victims and cooperating witnesses to retaliation, you might be exposing yourself (or your client) to an expensive data breach. One of my clients, under pressure, once produced a spreadsheet full of individuals’ financial data; they’d simply changed the color of each cell to black before producing the Native file to opposing counsel. Another successfully removed data from a Google Sheets document, but then shared the original via Google Drive, allowing the recipients to explore the version history of the file.

One of the clearest lessons from the Epstein Files release is that redaction requires tools designed for the job.

Redaction tools in eDiscovery platforms like Everlaw are built to redact not just what you see, but the underlying content and associated metadata—and then, to produce a brand new “clean” document that strips out the ability to hit “undo.”

I particularly like Everlaw’s tool because it images and OCRs documents when they are processed into the program. That allows you to select text in a PDF and redact it, and then find the same text across the database and mass-redact it. In Relativity, by contrast, mass-redaction can be hit or miss because the extracted text might not line up to the image when it comes time to redact. Both programs now allow Native redactions that allow you to bleep out audio or video files, or replace an entire spreadsheet column of bank account numbers with the text “[Redacted - PII]”. Both tools will also “flatten” images and Native files to remove metadata, OCR, version history, and any other way in which the removed information might be smuggled out the door.

This is especially important when producing documents publicly, where errors are irreversible.

Adobe Acrobat was not DOJ’s problem, either. Adobe provides a dedicated redaction tool that, when used correctly, permanently removes content from PDFs. If you are using that tool, it will walk you through the process of drawing your redactions, applying them, and removing all traces of the underlying data.

When teams skip these steps—or rely on annotations, shapes, or highlight tools instead—the document may appear redacted while still containing all of its original information.

The Epstein Files episode is not a story about hacking. It is a reminder of a lesson the eDiscovery community has learned repeatedly: If your redactions can be reversed, they were never redactions.

Whether you use a full‑scale eDiscovery platform like Relativity or Everlaw, or Adobe Acrobat’s built‑in redaction tools, the job cannot be left to inexperienced and unsupervised people. In civil litigation, we all know a clawback is not as good as never having produced the information in the first place. And with public releases, there is no such thing as a clawback—once it hits the Internet, there is no telling how far the information will travel, or in what ways it will harm those you were supposed to protect.