Wednesday, 1 December 2010

Wikileaks, a symptom, not a disease

As it stands the latest round of Wikileaks material (link down, possibly due to DDoS attack at the time of writing) it seems to me that there are likely two primary consequences:

1) Public: People are likely to realise that the rarified atmosphere of diplomacy is not actually about handing out ferrero rocher, but is pretty much the same back biting, nastiness and drama which everyone experiences in the workplace on a daily basis. Albeit most of us arent exposed to billion dollar budgets, nor do we have the power to approve drone strikes (even when we really think we should). In this country certainly I doubt that'll come as much of a surprise to anyone. We've already had our faith in politics pretty much comprehensively shattered by last year's scandals around MP's expenses. The long term impact will be pretty minimal, but will cause a shift in general opinion in the short term certainly.

2) Private/diplomatic: The public won't be exposed to a great deal of this, and its uncertain how much damage control the US was able to do before the leak, but revelations about China's view on Korean Unification, or Saudi backing for bombing Iran, will have long lasting impact on relations between states. Rob Dover over at KoW sums it up thusly:
A former colleague of mine at Bristol was asked about the impact of 9/11 on the international system: he said it would take 30years to know. I don’t think we need to wait that long, but we will need to observe a little bit of soak time.
I have to say I agree, I think over the next few months we'll see some interesting moves in the diplomatic sphere. It'll be interesting to see how North Korea treat the one ally they have left when their honest support is now in doubt.

Robert Haddick
over at Small Wars Journal makes some good points here, both about how we've ended up in this situation and the possible responses which might have to be undertaken:
The Wikileaks scandal reinforces what should be an instinct to be circumspect with anything transmitted in digital form. No doubt a battalion or more of counterintelligence specialists warned Defense Department network administrators about the security risks presented by the post 9/11 data-sharing arrangements. To apparently no avail – it seemed ridiculously simple for PFC Manning to extract (allegedly) hundreds of thousands of classified files. With the horse out of the barn and galloping into the next county, the Pentagon is only now tightening its computer security procedures. But there are still those million who have Secret access; the new security procedures are not likely to ward off a few trained and determined infiltrators...

We should expect “Balkanization” of digital communications, with those needing high security dropping out of the existing system and setting up their own. The Defense Department’s SIPRNet has been an inadequate attempt at this answer, as the Wikileaks affair has revealed. DARPA (ironically the original inventor of the internet) now recommends that the Defense Department establish its own network hardware and software, a system that would emphasize security and would presumably be incompatible with the existing internet.

Users who need high security but who can’t afford their own custom network would be wise to revert to the pre-Internet age of the courier, the telephone, and for the most sensitive of thoughts, the face-to-face meeting. This should not be much of an adjustment for those possessing either suspicious minds or experience.

Of course private networks are not new, ironically the internet evolved from an attempt to create a redundant, secure method of communciations, primarily in response to military need. Civilian style darknets are also an option if you need a secure network which only a few hundred people need access to.

The problem fundamentally is that if you want data hundreds of thousands of people can access, you can't make it secure. Even if you took it over to a new network there would need to be common protocols so that different terminals could access it across the world, and sooner or later, someone is going to write a document in Microsoft Word and then its game over. Some bastard with a USB stick is still going to be able to screw you over.

Movie piracy is a good model to look at. Avatar, one of the most hotly anticipated films of the last year leaked after promotional copies of the screener were sent out for the Academy Awards. Its a simple supply/demand equation, albeit with no prices. Someone has a product that lots of people want (movie screener/secret government data), it costs them nothing but time to steal it, and they get the vicarious pleasure of sharing it with thousands, or tens of thousands of people. They even get to be in the media if what they share is big enough.

Putting people like Julian Assange in jail, as advocated by Sarah Palin, also won't work. As proven by the dramatic failure of prosecuting filesharers in preventing the sharing of illegal copies of pretty much everything. This is the issue with dealing with distributed networks, you shut down one node (which is a cruel way of describing Assange and Wikileaks) and other nodes will simply emerge.

As always when dealing with networked systems the trick will be to make things substantially more difficult whilst also accepting that 100% security simply isnt possible. Things will leak, you just have to take every reasonable step to ensure its as inconvenient as possible. Allowing people to download thousands of documents in one hit is a bit of a disaster waiting to happen, so fixing that might be a good start.

As always when cats are out of bags, there will be a collosal overreaction, so I'll leave you with the wise words of Bill Kristol, proving that he believes sage debate is the way forward:
Why can't we act forcefully against WikiLeaks? Why can't we use our various assets to harass, snatch or neutralize Julian Assange and his collaborators, wherever they are? Why can't we disrupt and destroy WikiLeaks in both cyberspace and physical space, to the extent possible? Why can't we warn others of repercussions from assisting this criminal enterprise hostile to the United States?
Just an FYI on this, "extent possible" is the same "not at all" in this context.

No comments:

Post a Comment