Paul Manafort has a horrible track record when it comes to digital security. The latest reminder came this week, when his defense lawyers failed to sufficiently redact portions of a court filing submitted on Tuesday, responding to Robert Mueller’s claims that Manafort violated his plea agreement with the special counsel by lying to prosecutors. The redacted portions of the filing are “hidden” by black bars but can easily be revealed by simply highlighting those bars and copying and pasting the text into a new document. (The error is especially troubling given that it’s relatively easy to properly redact documents, though lawyers in high-profile corporate and even government cases have made similar mistakes in recent years.)

In this redacting fail, Manafort’s lawyers revealed that Mueller alleges the former Trump campaign chair shared polling data “related to the 2016 presidential campaign” with Konstantin Kilimnik, a political consultant the FBI says is connected to Russian intelligence. The “hidden” paragraphs also indicate that the government believes Manafort initially lied to the special counsel and investigators about discussing a Ukraine peace plan with Kilimnik and meeting with him in Spain.

At this point, Manafort’s complicated legal battle with Mueller’s office has dragged on for over a year. But this latest wrinkle is evidence of a problem that has plagued the former lobbyist even longer than that: He appears to be very bad at using technology, at least according to evidence that has been made public in court and in leaked documents.

He Reused His Password

In October 2017, we learned Manafort’s password practices are apparently subpar. That month, special counsel Robert Mueller first charged Manafort with committing a series of financial crimes. After he turned himself in to the FBI, security researchers discovered that Manafort allegedly used variations of the phrase “Bond007” for both his former Adobe and Dropbox accounts. The researchers connected him to the accounts using hacked text messages belonging to Manafort’s daughter, Andrea, which had been released on the dark web earlier that year. (At the time, Manafort confirmed that his daughter experienced a breach and that at least some of the messages were authentic.) The correspondence contained what is believed to be Manafort’s former email address. By searching for it in caches of data from past breaches—Adobe was hacked in 2013 and Dropbox in 2012— the researchers discovered that Manafort allegedly used a James Bond–themed password for both accounts. Security experts strongly advise using a complicated, unique password for every account you have.

He Forgot Track Changes Don't Lie

In a court filing from December 2017, Mueller accused Manafort of ghostwriting an op-ed by Ukrainian operative Oleg Voloshyn that was published in the Kyiv Post that month. The article painted Manafort's lobbying work in the country in a flattering light. According to the filing, the FBI learned of Manafort's involvement after obtaining an email he sent to his associate Kilimnik. Attached to the email was a Microsoft Word draft of the op-ed, which included track changes, or edits, made by "paul manafort." The file contained data showing he had spent over 30 minutes altering portions of the article on the night of November 29.

After finding out about the op-ed, the FBI requested the judge in Manafort's case revisit a bond agreement it had reached with Manafort's lawyers. Mueller's team argued the op-ed was part of a public relations campaign Manafort was attempting to orchestrate, which violated the judge's order to refrain from discussing his case in the press. Manafort's lawyers said he was simply exercising his right to free speech and Voloshyn denied that anyone helped him write the article.1