SIPRNet was a carelessly administered database. We’ll come back to that. Bradley Manning couldn’t possibly have read all of the documents he allegedly pilfered, so he did not fully care what he was taking and could not have evaluated the possible impact of his actions. In his own estimation he thought the revelation of these documents could result in, “Worldwide anarchy in CSV format.”
Julian Assange and WikiLeaks? Why would they accept responsibility for this information? It’s vast. And what controls are they using to insure that un-redacted copies of the documents don’t fall into the hands of vengeful entities? Thus far, WikiLeaks has redacted to a lesser and greater degree for varied reasons. That’s to say, they are inconsistent. Also, it isn’t much of a stretch to imagine that the organization members are probably a bit paranoid about being arrested. So are they distributing the raw documents to friends and family for safekeeping? The considerate assumption is that no one mentioned in any of these 250,000 plus documents is safe from targeting and retribution. From all that I’ve read—from multiple sources covering a range of positions—Assange seems to have no more judgment that a length of network cable. He isn’t a reporter: he’s a recorder. He isn’t a rock star: he’s a conduit. His petty threat to drop a “thermonuclear” file of information if anything happens to him, or his staff, shows that his interests concern himself rather than the public. It doesn’t seem very altruistic or objective.
SIPRNet is the real star of this farce. Forget about Manning, Assange, and WikiLeaks. How did an Army Specialist at a command post in Iraq gain access to, and copy, the entire database? It demonstrates how vulnerable we are… and how honest. The overarching thing that one gleans from the cables is that the U.S. really does believe in human rights and democracy, but—according to two French journalists, one right leaning and one left leaning—our diplomacy "lacks cynicism," and though we might be "naive," we probably should not accept demands for absolute transparency. I would add that we seem to suck at developing secure databases. I just hope that this deflates some of the more virulent conspiracy theorists like Alex Jones. Surprise! The government believes in its founding principles, Alex. Buy all of the damned guns and gold you want!
Jeff, I'm not sure I understand where you're coming from here. I'm particularly interested in the statement "The overarching thing that one gleans from the cables is that the U.S. really does believe in human rights and democracy[...]"
ReplyDeleteI'm not assuming this observation to be incorrect, but if you could post some links in support of that assertion, I'd be interested to read them.
Cheers,
JT
Thanks for the call out, JT! It presented an opportunity to clarify things. I added a link that leads to all of the supporting statements. But, don't you agree, that we shouldn't be all that surprised that information was leaked from a system that has 2.5 million users? And then there
ReplyDeletes; http://www.zdnet.com/blog/perlow/wikileaks-how-our-government-it-failed-us/14988
I read the zdnet article and yes, one could conclude three things:
ReplyDelete1. A system with 2.5 million users is probably well beyond critical mass with respect to "absolute security."
2. In any situation that involves secrecy, keys, combinations or maintenance access to keep the system running, access to that system requires limited "trusts" i.e. exceptions to the published/official/strict sets of rules that are applied to the system. These established trusts are vulnerable entry points.
3. One could say that this is the fundamental paradox of Information Technology: i.e its intrinsic value is to categorize, organize, store and make data *available*--to make it useful to large numbers of people in organizations. It's information that can help people gain/form insights into what is happening in a complex system or organization. When a security layer is applied to this information we are now working in the opposite direction: we are placing constraints on who can see what. I'm not saying this is wrong, but in many ways, the forces that drive the output of IT are at odds with the forces of security that are applied to the data that is produced in a system.