http://www.digitaljournal.com/article/301337

Op-Ed: Learning the lessons after the WikiLeaks disaster

Posted Dec 12, 2010 by Michael Cosgrove
Now that the cable leaks are settling down into a predictable and humdrum pattern of gradual release that no-one will even notice a couple of weeks from now it is time to plug the gaping holes which allowed them to occur in the first place.
The Air Force Cyberspace Command.
The Air Force Cyberspace Command.
U.S. Air Force photo / Tech. Sgt. Cecilio Ricardo
Remember the Afghan war documents leak? It all seems so long ago now, and despite the breathlessly hyperbolic claims of US wrongdoing which were made at the time by those papers that published the majority of them it all just kind of faded away, neglected and unnoticed. No heads rolled, nothing changed, and the “innocents will die” claims have never been substantiated or disproved. It’s almost as if it never even happened, and the world has shrugged its shoulders and moved on since then.
The same fate awaits the cable leaks in all probability, and The Guardian has already scaled back its Sun-style shock-horror presentation of what people said to each other years ago about issues we already knew about for the most part.
On a wider level, the “people’s” revolution for the right to know everything about everything has not spread, WikiLeaks seems intent on destroying itself by means of internal dissent, Assange is in jail, and the DDoS attacks on certain corporate websites carried out by Anonymous have backfired on it and further alienated the whole movement in the eyes of the public at large.
However, the fact that these leaks, like the last ones, may well turn out to be a bit of a damp squib does not mean that it’s time for governments around the world to start popping champagne corks and eating canapés. On the contrary, these leaks have demonstrated that the whole mechanism of protecting sensitive information is seriously outdated and that it needs to be overhauled, from top to bottom. But most importantly, they also demonstrate that if Wikileaks can get a hold of all this information, so can any government in the world.
I read somewhere that the cable leaks were the Internet equivalent of 9/11. Whether that is true or not depends on how you see things but it does have the merit of reminding us that the technological threats facing the West’s computer security do not, by definition, take national borders into consideration. This in turn means that they need to be combated by using the same borderless approach in the three key areas of offensive cyber war technology, legal options and much internal security. The Pentagon is tinkering with its data protection systems, but mere tinkering and tweaking will not be enough to stop foreign governments from accessing sensitive information.
The first of these areas has already been addressed to a certain degree, and several countries are actively developing cyber warfare capabilities along the same lines of those which have been put together by the US Cyber Command, although direct cyber warfare has not been used in any meaningful way against WikiLeaks. The decision not to use it was a wise one. After all, it is probably capable of bringing down WikiLeaks and the mirror sites in no time at all if it were decided to do so, but the current legal realities surrounding its eventual use are fraught with issues.
The US Cyber Command logo
The US Cyber Command logo
Wikicommons
In other words, the legal weapons at the disposition of America and other countries are woefully inadequate. Firstly, and despite all his errors, Julian Assange should not be extradited back to the US to face trial if only because his work has actually rendered service to America by reminding it that it needs to tighten up its security capabilities. Assange’s legal defense relies heavily upon the fact that he is not an American citizen and that he was not operating from inside America and that defense would be hard to crack.
But it is precisely because that defense exists that the law should be changed. A country cannot rely on outdated legislation which is completely unable to be used on a worldwide scale against a threat which is exactly that – worldwide. The idea that a country cannot defend itself against hackers and thieves who profit from the fact that they are based abroad is ludicrous. Now that the cable leaks dust is settling it is urgent that western governments get together to thrash out an updated legal framework which would be able to extradite and prosecute cyber criminals who put a country’s security at risk.
Finally of course there is the question of the implications of the enormous number of internal security lapses such as those which have been highlighted by the presumed actions of Bradley Manning. Blaming him – and Assange - for the failure of computer security systems and moving on is not an option, and several highly-important changes need to be made. After all, both Bradley and Assange are symptoms of an illness, not the illness itself.
American congressman Ron Paul was quite right to ask most of the 9 embarrassing questions concerning government mishandling of this issue he did, and apart from very pertinently wanting to know why the ire of the government is being directed uniquely at Assange, he is also right to want to know how an army private can access and steal so much information and how the future of the first amendment and the Internet are being addressed.
Western governments must start finding ways to prevent this kind of massive security failure in the future by finding much more secure methods of compartmentalizing information and restricting the number of people who have access to it. This necessarily implies that less information may be released to the public in the future, but that need not be a bad thing if the lines between what can and cannot be released are more firmly drawn by a bipartisan approach to the public's legitimate concerns about the first amendment and the public’s right to know.
Work to be done includes doing some serious research into what motivates people to steal documents in the first place (and there is some excellent reading on that subject to be found here), reinforcing the use of a need-to-know policy and inventing much more sophisticated technological means of preventing sensitive information from seeping out onto the Internet.
Yes Assange has made some serious errors, yes he is antipathetic to the United States to say the least, and yes he will prove to be the inspiration for future whistle-blowers and cyber criminals. He may even be guilty of transgressing certain laws. But he should not be used as a scapegoat for the glaring failure of the American government to better protect its classified information.
On the contrary, his actions should be interpreted as being both a wake-up call and a lesson, and as a reminder that America's computer networks are vulnerable to infiltration by foreign governments. That is why he will surely – and ironically - turn out to be the man responsible for more controls being applied to information, not less, and the sooner the better.