With Better Sharing of Intel Comes Danger

Hugh Pickens writes "Ellen Nakashima writes in the Washington Post that after the intelligence community came under heavy criticism after 9/11 for having failed to share data, officials sought to make it easier for various agencies to share sensitive information giving intelligence analysts wider access to government secrets but WikiLeaks has proved that there's a downside to better information-sharing. To prevent further breaches, the Pentagon has ordered that a feature that allows material to be copied onto thumb drives or other removable devices be disabled on its classified computer systems and will limit the number of classified systems from which material can be transferred to unclassified systems, as well as require that two people be involved in moving data from classified to unclassified systems. The bottom line is that recent leaks 'have blown a hole' in the framework by which governments guard their secrets. According to British journalist Simon Jenkins 'words on paper can be made secure, electronic archives not.'"

Headline total fail

Come on, using a headline with Intel in it meaning something other than the company, on a geek site? Avoid the jargon and it becomes unambiguous: "With Better Sharing of Gov. Intelligence Comes Danger" (though using the words intelligence and government in the same sentence keeps making me do a double-take)

And so Wikileaks wins

[Homburg]

This is precisely the outcome that Wikileaks was looking for: Assange's plan has been to leak information in order to make those who wish to keep secrets paranoid, so that they clamp down on their own internal communications and become less effective:

The more secretive or unjust an organization is, the more leaks induce fear and paranoia in its leadership and planning coterie. This must result in minimization of efficient internal communications mechanisms (an increase in cognitive “secrecy tax”) and consequent system-wide cognitive decline resulting in decreased ability to hold onto power as the environment demands adaption. Hence in a world where leaking is easy, secretive or unjust systems are nonlinearly hit relative to open, just systems. Since unjust systems, by their nature induce opponents, and in many places barely have the upper hand, mass leaking leaves them exquisitely vulnerable to those who seek to replace them with more open forms of governance.

Re:And so Wikileaks wins

[Bootsy+Collins]

This is precisely the outcome that Wikileaks was looking for: Assange's plan has been to leak information in order to make those who wish to keep secrets paranoid, so that they clamp down on their own internal communications and become less effective:

So the point is to make the United States' efforts to stop terrorist attacks less effective?

I know that's not what you're trying to say; it's not even what Assange is trying to say. But it's *one* of the effects of this process -- not the only one, I know, and people will argue that more good than harm has been done by these leaks. But it can't realistically be questioned that harm has been done. The question is essentially whether one believes that governments should ever keep secrets. The position of Assange, and most people here, appears to be "no, they shouldn't, ever." The kindest thing I can say about that position is that it's naive.

the problem is to much marked classified

[cenobyte40k]

If we didn't mark everything under the sun as classified it would be a lot easier to keep the stuff we need to keep secret that way. Only about 5% of what WikiLeaks has put out ever needed to be classified to begin with, and 95% of that didn't need to be classified anymore.

Why doesn't anyone mention the actual problem

[kawabago]

The real problem is the US government killed innocent people and covered it up. A soldier with a conscience decided his government should fess up and released all the documents. If the US government had been honest about it's mistakes and misdeeds, there would have been no motivation for a leak. When the US government breaks it's own laws and goes to great lengths to obstruct justice, it can expect this kind of release of confidential information because American soldiers have also been taught to do what is right. Forcing the government to admit it's illegal actions is the right thing to do.

Re:Why doesn't anyone mention the actual problem

[ScentCone]

A soldier with a conscience decided his government should fess up and released all the documents

Ah, so because you don't like how a particular combat event played out, you think it's appropriate for diplomats dealing with very difficult foreign governments to not be allowed to frankly discuss the situation with their co-workers, out of the public eye (and away from monitoring by the very government being discussed)? You don't think that an important protest and opposition figure in Iran should be able to retain his anonymity while discussing circumstances inside that regime's thugocracy, because ... what, it's better he's dead at the hand of that government than that he rely on non-public communication with foreign diplomats and supporters? So glad you have the big picture, here.

Re:Why doesn't anyone mention the actual problem

[NoSig]

So because you don't like how some frank discussions were revealed, you think it's appropriate to cover up killings and who knows what else under a veil of "classified"? So glad you have the big picture, here. That's a particularly unproductive way of arguing as perhaps you now appreciate.

Re:Why doesn't anyone mention the actual problem

[ScentCone]

No. Non-public communication and record keeping is a necessary part of running a government. It's absolutely productive to point that out and recognize that it's true. The argument being passed around, here, is that nothing the government does should be out of instant, continual public reach. That's wrong in principle and in practice. It's not that I don't like how some frank discussions were revealed ... it's that I don't like the contention that no diplomats should be allowed to have frank discussions at all. That bit of absurdity is so sophomoric that it has to treated as a troll.

Fools at the Washington Post...

Of course it has to be a binary switch. You must either share all documents and be insecure, or not share any documents and be totally secure. Any middle ground is impossible. Thus the correct response to WikiLeaks must be to lock down all the documents and make sure nobody reads them at all. Only this will keep us safe!

That sounds like the same kind of logic that comes from a town that sends troops to Iraq in response to a threat from a man in Afghanistan, or that would like to repeat the policies of Herbert Hoover in response to a big recession, or would rather raise the retirement age on working stiffs than tax billionaires at 1999 rates. As always, these conclusions are treated as an inevitability -- there's just no other way to go.

Re:Leak DRM?

How are they going to block usb flash media? In the old days you could epoxy the usb ports and then just use ps/2 keyboard/mouse. But those are legacy now and you are forced to use USB on modern systems. Also, it's not exactly difficult to gain access to the usb headers to install unbroken ports.

I suppose you could write a filter driver to prevent access to removeable media... of course then all you have to do is make hardware that doesn't report itself as removeable.....
Alternately you could write a filter driver to only allow access to whitelisted volume guids, though that's pretty easy to workaround as well...

You're not going to achieve a technical solution.

As others have posted, two of the largest contributing factors to this are a) far too much data that should never be classified is, and the current system doesn't really allow you to unclassify the garbage, and b) use of of classified status to cover up illegal activity is or should be illegal, so it's only natural for people to blow the whistle in that case.

Re:Leak DRM?

[RazorSharp]

Or just don't participate in corrupt activities. Whistleblowers almost always leak information because they feel morally obligated to do so (leaking information puts one's future and safety at risk, no one does it for kicks or b/c they hope to make money). Many whistleblowers (especially in the corporate world) fall victim to strange accidents or they find themselves blacklisted from employment. When people decide to leak information like this they've made a conscious decision that doing so is more important than their own life.

Whistleblowers aren't spies, they're just people with morals. If our government is concerned with protecting itself against the ethically conscious, then perhaps there's no hope. The government has become everything it was designed to prevent: a tyranny. The only reason I haven't reached this conclusion yet is b/c Obama has been so hands-off with this Wikileaks mess. It's been the usual band of psychos that have called for Assange's arrest/assassination: Lieberman, McConnell, ect.

Re:Cryptography is the answer

[arivanov]

That all _WAS_ there in the days when military systems ran on DGUX and Trusted Solaris. Things like not being cut-n-paste down data from a higher level security app into a lower level are just one of the basic features in both and are backed all the way to the OS level to ensure it is not easily bypassed.

It all WENT AWAY with the windows infestation of the networks. The military should not blame anyone but themselves here. Security levels and "colour" books were defined for a reason and no Windows system has ever managed to comply to them while connected to a network (NT had a C cert while disconnected and stripped of floppies and removable media).

As Gregg Lake used to sing: You get whatever Christmas you deserve and no knee jerk reaction can help against the fact that the system is no longer secure and no longer has a sufficient audit trail in the first place.