With Better Sharing of Intel Comes Danger

Hugh Pickens writes "Ellen Nakashima writes in the Washington Post that after the intelligence community came under heavy criticism after 9/11 for having failed to share data, officials sought to make it easier for various agencies to share sensitive information giving intelligence analysts wider access to government secrets but WikiLeaks has proved that there's a downside to better information-sharing. To prevent further breaches, the Pentagon has ordered that a feature that allows material to be copied onto thumb drives or other removable devices be disabled on its classified computer systems and will limit the number of classified systems from which material can be transferred to unclassified systems, as well as require that two people be involved in moving data from classified to unclassified systems. The bottom line is that recent leaks 'have blown a hole' in the framework by which governments guard their secrets. According to British journalist Simon Jenkins 'words on paper can be made secure, electronic archives not.'"

Next time, skip the "Intel Inside" sticker

[tomhudson]

The approaches do need to be more sophisticated.

You mean like using a cell-phone camera to take a picture of a screen?

You can also encode a LOT of info into just one jpg or png of the family dog.

As for printing, you can use a 600dpi laser to output the whole bible in encoded format on 5 sheets of paper. So yes, you could walk out with 250,000 cables pretty quickly.

Re:Leak DRM?

[AJWM]

feature that allows material to be copied onto thumb drives or other removable devices be disabled on its classified computer systems

Here's a question: Why the hell was that stuff ever enabled in the first place?

A place I worked a while back -- we did QA for voting systems and for games -- was a lot more secure than that. Only one system on the LAN had a CD burner, and that was passworded and the media use logged. Cameras everywhere. Firing offense to have your own thumb drives (or to plug in a device like an MP3 player), etc. Cell phones forbidden without express authorization. Everything logged. Air-gap -- and you had to know the passwords, including to the cypherlock on the door -- on the machine that could access customers' code servers. Defeatable? Sure, but not without leaving a trail a mile wide. And this was on the voting side of the company, security on the gaming side was even tougher. (Hey, now we're talking about real money!)

Apparently the government doesn't take security as seriously as game software companies do.

Re:Why doesn't anyone mention the actual problem

[mdsolar]

It is illegal to use classification to cover up a crime or even a mistake. But you are really supposed to take the issue up with the classifying authority and then their superiors if that does not work. Each branch has an Office of Inspector General which ought to be able to deal with the misuse of classification. Further,. a person with a clearance is sworn not to reveal secrets. But, there have certainly been times when the abuse of classification has been so pervasive that only leaking could serve to rectify the wrongs. Don't know it this is one of those times. Most of what has been reveal so far seems to have been secret for a good reason: protecting sources or methods. Another aspect is that it is pretty hard for someone in the Army to object to the misuse of classification by the State Department. It is not in the chain of command. One could be right of wrong that classification has been abused but have no internal way of addressing the issue and perhaps be frustrated enough to leak.

Danger. Really. Danger?

[paulsnx2]

"With better sharing of Intel Comes Danger"

I love this stuff. What Danger?

We are being told that this release of information has harmed the ability of the U.S. to carry out diplomacy. In what way? That we tell lies and other governments tell lies, and now some of these lies have been exposed? What was the "Danger"? Wasn't the danger in the telling of the lies in the first place? Better sharing of Intel didn't bring about this danger.

Besides, if this data dump was so easily acquired (I am assuming the obvious here, that Wikileaks never had to go all "Tom Cruise/Mission Impossible" to get it), surely the data dump was no surprise to various other governments. I'd even guess that this is a fraction of what our enemies know about what we have been saying to ourselves for decades. How could it be otherwise?

So the "Danger" is that increase sharing might also include the public? If there is a change here, it is that the public got into the loop. Is it possible that they might have to abide by a higher level of ethics to avoid embarrassing lies coming out in future leaks? Is it possible that this is the "Danger"?

I am struggling here. So far I haven't heard about anything leaked which can be properly described as a "Danger" appeared with the leak itself. All of the best tidbits I have heard so far that might cause some diplomatic ruffle are due to actions that either 1) Should not have occurred (agreements to lie to the public), or 2) Need not have occurred (Let's call Putin "Batman").

I don't like to negotiate in business with people that live in secret worlds. I don't like the fact that our government loves secrets. The default for government should be to play their cards on TOP of the table, face up. When secrets are really necessary, they become easier to keep if their numbers are few, and the period of secrecy is of very short duration.

Which downsides?

[ljw1004]

So far we haven't actually seen ANY downsides of the wikileaks...

* We saw a german official get fired for leaking information to a foreign state
* We saw the Yemeni government conspiring to lie to its people
* We saw the UK foregin office trying to lie to the UK parliament about breaking international commitments on cluster bombs
* US secretary of defense Bob Gates explained that the leaks haven't hurt the US

There have ben only upsides so far.

Re:Next time, skip the "Intel Inside" sticker

[dargaud]

As for printing, you can use a 600dpi laser to output the whole bible in encoded format on 5 sheets of paper. So yes, you could walk out with 250,000 cables pretty quickly.

Do you know of any printer/scanner software that can do the encoding/decoding so as to do printed backups ? Something with redundancy like rar or turbo codes that prints out a page of pixel soup... I'm not sure how useful it would really be, just curious.