WikiLeaks upends digital security assumptions

The leaking of tens of thousands of classified reports about the Afghan War raises policy, IT security questions

As pundits debate the military, legal and political fallout from thousands of classified military documents about the war in Afghanistan being made public by WikiLeaks, one conclusion seems indisputable: Information technology has changed the nature of the government leak.

In announcing the release of the documents, the Web site WikiLeaks said they were in several computer languages (HTML, CSV and SQL), as well as rendered in KML to be compatible with Google Earth.

Although the documents were shared with the New York Times, The Guardian and Der Spiegel ahead of time, it’s all a far cry from the days of the famed Pentagon Papers episode that some have compared this massive leak. IT has played a prominent role at every turn of this story that’s dominated international headlines for days.

“It’s clear that it’s easier than ever to circumvent classification restrictions and to broadcast secret information around the world, and that is a serious challenge to the classification system,” said Steven Aftergood, director of the Project on Government Secrecy at the Federation of American Scientists. Technology makes it easier to leak on a larger scale, he added.

Patrice McDermott, director of OpenTheGovernment.org organization, said, “In some ways the risk was the same in that it was taking documents, but it’s much easier to do it electronically.”

The source of the 90,000-plus documents made public by WikiLeaks remains unknown. However, according to news reports, investigators are exploring whether Pfc.  Bradley Manning, an Army intelligence analyst who was charged earlier this month with leaking classified information, is involved. According to an article in the Wall Street Journal, Col. Dave Lapan, a Pentagon spokesman, said investigators are exploring where the material was taken from, but acknowledged that Manning was a person of interest in the investigation.

Earlier this month, the military announced it would press criminal charges against Manning for allegedly transferring classified military information to his computer and delivering data to an unauthorized source. Those charges, the Journal article said, appear to be connected to the leak of a classified video that WikiLeaks also made public.

McDermott said although it’s not known if Manning was involved in the more recent release of the thousands of reports, his case exposes “some real vulnerabilities.”

“I think what it points [out] for government is – and, again, this causes some concern for us on the outside – is that they have not fully understood, at least in the Manning situation, how vulnerable their computer systems really are,” she said.

Aftergood noted that although there regularly are stories in the news about classified documents, it was very rare to see a classified document made public.

“Within the past 10 years that has started to change, and a number of Web sites have from time to time published classified records,” he said. “There has never been a release of currently classified documents as large as the WikiLeaks release on the Afghanistan war.”

Aftergood said one thing that hasn’t changed is the role of the insider who chooses to disclose information and transmit it to a publisher. “This is not a purely technology story in the sense that this information was not hacked [nor] it was not inadvertently released; all indications are that this was a deliberate leak and that’s not a new problem.”

However, McDermott noted that the person who leaked the information didn’t take the traditional path. Instead of going through their agency and their [agency's] inspector general] and potentially to Congress and then eventually going to a news outlet, the person seems to have gone much more directly to an Internet repository that then went to the news media, she said.

“What that says, I think, is that people are relating to the media differently and, perhaps, if this is from Manning, that younger people see the Internet as a more reliable way of getting the information that they want out, out, that there might be less of a screen, less of filter there,” she added.

The complete government response to the massive leak of classified information remains to be seen. Aftergood said possible responses could involve increasing operational security and leak investigations, improving document tracking technology or trying to reduce the scope of the secrecy system.

So far the leak has produced a lot of debate on Capitol Hill about information security policy and the war in general. As a sign of the times, government response to the leak has also made use of social media technology.

A tweet sent July 27 from the Twitter account of Navy Adm. Mike Mullen, chairman of the Joint Chiefs of Staff, said, “Appalled by classified docs leak to WikiLeaks & decision to post. It changes nothing on Afghanistan strategy or our relationship w/Pakistan.”

Reader comments

Fri, Aug 27, 2010 Michael D. Long Knoxville, TN

The technology to prevent access to teh released information does not need to be developed, as it already exists in the operating system. The problem is a pervasive issue within DoD components - lax security procedures because it is far easier to grant cleared personnel attached to the command access to everything than to take the extra few minutes to add explicit permissions by named individual as NEED TO KNOW is established. There are no technical controls that cannot be defeated by laziness and complacency. While it is appropriate to punish PFC Manning for his actions, it is only just that those who were grossly derelict in their duties also suffer recourse. The senior enlisted men and officers up the chain of command all the way to the top brass should be discharged under less than honorable terms for their failure to do their duty.

Tue, Aug 3, 2010

The information leaked was apparently not operational so the notion that it harms operational personnel is just that. I have not seen where anyone has monetarily gained by the leak (has Manning - if he is involved - said he was paid?). It appears to have been, as was said in the article, along the lines of exposing the true nature of the Afghanistan conflict as was the video of the killing of the Reuters reporters.

Mon, Aug 2, 2010 Paul

Sure the leaks aren't on par with Ames or Walker but the intent remains the same and the potential damage to troop security is unknown. I agree with Starliner. This was not a case of accidental release but an intentional violation of OPSEC for personal gain and the offender should face the death penalty. At the very least, they should be dropped into the field with the troops they endangered and let them sort it out.

Thu, Jul 29, 2010

A Pfc with access to make this happen? That's a chain of command problem.

Thu, Jul 29, 2010 bill

As long a the government uses Power Point and other public software. As long as the secret information is acessable to the public internet....as long as no effort is made to develope a secret network that is completly isolated from the public sector...with out specific government format secure applications for secret data, security breaches are only a mater of when.

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above