WikiLeaks
I don’t have a lot to say about WikiLeaks, but I do want to make a few points.
1. Encryption isn’t the issue here. Of course the cables were encrypted, for transmission. Then they were received and decrypted, and—so it seems—put into an archive on SIPRNet, where lots of people had access to them in their unencrypted form.
2. Secrets are only as secure as the least trusted person who knows them. The more people who know a secret, the more likely it is to be made public.
3. I’m not surprised these cables were available to so many people. We know access control is hard, and it’s impossible to know beforehand what information people will need to do their jobs. What is surprising is that there weren’t any audit logs kept about who accessed all these cables. That seems like a no-brainer.
4. This has little to do with WikiLeaks. WikiLeaks is just a website. The real story is that “least trusted person” who decided to violate his security clearance and make these cables public. In the 1970s, he would have mailed them to a newspaper. Today, he used WikiLeaks. Tomorrow, he will have his choice of a dozen similar websites. If WikiLeaks didn’t exist, he could have made them available via BitTorrent.
5. I think the government is learning what the music and movie industries were forced to learn years ago: it’s easy to copy and distribute digital files. That’s what’s different between the 1970s and today. Amassing and releasing that many documents was hard in the paper and photocopier era; it’s trivial in the Internet era. And just as the music and movie industries are going to have to change their business models for the Internet era, governments are going to have to change their secrecy models. I don’t know what those new models will be, but they will be different.
EDITED TO ADD (12/10): Me in The Economist:
The State Department has learned what the music and film industries learned long ago: that digital files are easy to copy and distribute, says Bruce Schneier, a security expert. Companies are about to make that discovery, too. There will be more leaks, and they will be embarrassing.
Toby Speight • December 9, 2010 6:01 AM
Actually, I find that the interesting thing about the current Wikileaks events is the cat-and-mouse game of moving hosting and DNS around. With all the DOS attacks and counter-attacks, it’s a very public playing out of the kind of “cyber-war” we keep being told to expect more of in future.