With Better Sharing of Intel Comes Danger 287
Hugh Pickens writes "Ellen Nakashima writes in the Washington Post that after the intelligence community came under heavy criticism after 9/11 for having failed to share data, officials sought to make it easier for various agencies to share sensitive information giving intelligence analysts wider access to government secrets but WikiLeaks has proved that there's a downside to better information-sharing. To prevent further breaches, the Pentagon has ordered that a feature that allows material to be copied onto thumb drives or other removable devices be disabled on its classified computer systems and will limit the number of classified systems from which material can be transferred to unclassified systems, as well as require that two people be involved in moving data from classified to unclassified systems. The bottom line is that recent leaks 'have blown a hole' in the framework by which governments guard their secrets. According to British journalist Simon Jenkins 'words on paper can be made secure, electronic archives not.'"
Headline total fail (Score:3, Insightful)
And so Wikileaks wins (Score:5, Insightful)
This is precisely the outcome that Wikileaks was looking for [wordpress.com]: Assange's plan has been to leak information in order to make those who wish to keep secrets paranoid, so that they clamp down on their own internal communications and become less effective:
The more secretive or unjust an organization is, the more leaks induce fear and paranoia in its leadership and planning coterie. This must result in minimization of efficient internal communications mechanisms (an increase in cognitive “secrecy tax”) and consequent system-wide cognitive decline resulting in decreased ability to hold onto power as the environment demands adaption. Hence in a world where leaking is easy, secretive or unjust systems are nonlinearly hit relative to open, just systems. Since unjust systems, by their nature induce opponents, and in many places barely have the upper hand, mass leaking leaves them exquisitely vulnerable to those who seek to replace them with more open forms of governance.
the problem is to much marked classified (Score:3, Insightful)
Why doesn't anyone mention the actual problem (Score:5, Insightful)
Fools at the Washington Post... (Score:2, Insightful)
Of course it has to be a binary switch. You must either share all documents and be insecure, or not share any documents and be totally secure. Any middle ground is impossible. Thus the correct response to WikiLeaks must be to lock down all the documents and make sure nobody reads them at all. Only this will keep us safe!
That sounds like the same kind of logic that comes from a town that sends troops to Iraq in response to a threat from a man in Afghanistan, or that would like to repeat the policies of Herbert Hoover in response to a big recession, or would rather raise the retirement age on working stiffs than tax billionaires at 1999 rates. As always, these conclusions are treated as an inevitability -- there's just no other way to go.
Re:Why doesn't anyone mention the actual problem (Score:5, Insightful)
Ah, so because you don't like how a particular combat event played out, you think it's appropriate for diplomats dealing with very difficult foreign governments to not be allowed to frankly discuss the situation with their co-workers, out of the public eye (and away from monitoring by the very government being discussed)? You don't think that an important protest and opposition figure in Iran should be able to retain his anonymity while discussing circumstances inside that regime's thugocracy, because
Re:Why doesn't anyone mention the actual problem (Score:3, Insightful)
Re:Leak DRM? (Score:2, Insightful)
How are they going to block usb flash media? In the old days you could epoxy the usb ports and then just use ps/2 keyboard/mouse. But those are legacy now and you are forced to use USB on modern systems. Also, it's not exactly difficult to gain access to the usb headers to install unbroken ports.
I suppose you could write a filter driver to prevent access to removeable media... of course then all you have to do is make hardware that doesn't report itself as removeable.....
Alternately you could write a filter driver to only allow access to whitelisted volume guids, though that's pretty easy to workaround as well...
You're not going to achieve a technical solution.
As others have posted, two of the largest contributing factors to this are a) far too much data that should never be classified is, and the current system doesn't really allow you to unclassify the garbage, and b) use of of classified status to cover up illegal activity is or should be illegal, so it's only natural for people to blow the whistle in that case.
Re:Why doesn't anyone mention the actual problem (Score:4, Insightful)
Re:And so Wikileaks wins (Score:3, Insightful)
This is precisely the outcome that Wikileaks was looking for [wordpress.com]: Assange's plan has been to leak information in order to make those who wish to keep secrets paranoid, so that they clamp down on their own internal communications and become less effective:
So the point is to make the United States' efforts to stop terrorist attacks less effective?
I know that's not what you're trying to say; it's not even what Assange is trying to say. But it's *one* of the effects of this process -- not the only one, I know, and people will argue that more good than harm has been done by these leaks. But it can't realistically be questioned that harm has been done. The question is essentially whether one believes that governments should ever keep secrets. The position of Assange, and most people here, appears to be "no, they shouldn't, ever." The kindest thing I can say about that position is that it's naive.
Re:Leak DRM? (Score:5, Insightful)
Or just don't participate in corrupt activities. Whistleblowers almost always leak information because they feel morally obligated to do so (leaking information puts one's future and safety at risk, no one does it for kicks or b/c they hope to make money). Many whistleblowers (especially in the corporate world) fall victim to strange accidents or they find themselves blacklisted from employment. When people decide to leak information like this they've made a conscious decision that doing so is more important than their own life.
Whistleblowers aren't spies, they're just people with morals. If our government is concerned with protecting itself against the ethically conscious, then perhaps there's no hope. The government has become everything it was designed to prevent: a tyranny. The only reason I haven't reached this conclusion yet is b/c Obama has been so hands-off with this Wikileaks mess. It's been the usual band of psychos that have called for Assange's arrest/assassination: Lieberman, McConnell, ect.
Re:Cryptography is the answer (Score:3, Insightful)
That all _WAS_ there in the days when military systems ran on DGUX and Trusted Solaris. Things like not being cut-n-paste down data from a higher level security app into a lower level are just one of the basic features in both and are backed all the way to the OS level to ensure it is not easily bypassed.
It all WENT AWAY with the windows infestation of the networks. The military should not blame anyone but themselves here. Security levels and "colour" books were defined for a reason and no Windows system has ever managed to comply to them while connected to a network (NT had a C cert while disconnected and stripped of floppies and removable media).
As Gregg Lake used to sing: You get whatever Christmas you deserve and no knee jerk reaction can help against the fact that the system is no longer secure and no longer has a sufficient audit trail in the first place.