Confusion reigns regarding legitimacy of Wikileaks but they may have done the world a favour by opening a Pandora’s box of hypocrisy over secrecy, privacy and information security.
Wikileaks have been dispersing information “leaked” by government or corporate employees for years now. However, what really put the cat amongst the pigeons when they released details from thousands of “cables” between United States Embassies around the world. The Americans responded by getting Paypal and Mastercard to stop processing payment transactions for Wikileaks though apparently these companies agreed without any legal intervention.
Meanwhile, the Swedish government is trying to extradite Wikileaks editor in chief Julian Assange from the United Kingdom under charges of rape. In accordance with Swedish law, the names of the alleged rape victims are confidential but Naomi Wolf in The Guardian is calling for the names to be published.
The U.S. authorities then issued a court order to get details of private Twitter messages for seven people whom they believe to be involved with Wikileaks. The original order stipulated that the court order must be kept secret so that even the people whose messages were being accessed would not be told. Wikileaks challenged this in the courts and we now know that the court order exists and that one of the people being investigated is an Icelandic Member of Parliament named Birgitta Jonsdottir.
A blogger who appeared on Channel 4 News on the 7th January complained that the U.S. authorities were spying on everyone and that nothing was really “private”. A lawyer interviewed worried that journalists were being prevented from defending the anonymity of their sources.
Then we have The Daily Telegraph sting where Business Secretary Vince Cable was prodded into a conversation where he discussed threatening to bring down the coalition. The Telegraph initially omitted to mention that Mr. Cable also claimed to have “declared war on Mr Murdoch”. This last tidbit was later leaked to the BBC.
We must not forget that the debate over information security takes place amidst a climate of fear of terrorism. Under New Labour the United Kingdom suffered more and more intrusive security measures justified by the need to confront the threat of terrorism. Police encourage this hysteria by preventing members of the public from taking photographs in public places.
The rational conclusion from this rumpus is that the concepts of privacy and freedom of information are under strain, that none of our data is secure and that all parties are behaving hypocritically.
However, Wikileaks may have done us all a favour by bringing the arguments to a head and this could be good for democracy if governments acknowledge and address the underlying issues.
The driving force behind the rise of Wikileaks and the challenges to privacy and freedom of information is modern information technology. In the past information has been stored on paper and was therefore difficult to copy and disperse. Though this may have been comparatively inefficient it meant that keeping information secure was relatively easy. Today’s technology allows vast amounts of data to be stored in devices no bigger than a postage stamp. It provides that data can be easily analysed and it facilitates easy dispersal via The Internet.
There are two aspects to the current chaos over information security. Firstly the data is obviously not adequately secured and secondly there is no agreement on what data should be freely available.
While securing information is technically possible, human factors make the process extremely difficult. Further, as data has become so concentrated, once a system is compromised the quantity of information dispersed can me enormous. All this has been known to information security professional for years yet we have not faced up to the fact that our efforts to secure information are not working.
All bureaucracies, such as governments, have a tendency toward secrecy. Rather than selecting information to be kept secret they prefer blanket regulations which keeps everything secret. Following pressure to release information the British Government responded with the Freedom Of Information Act 2000 which allows that some information can be released dependant on a public interest test. This is the wrong way around.
Rather than keeping everything secret and then allowing exceptions we should make everything freely available and only keep secret selected information.
Two things need to happen.
Firstly democratic countries need to define more clearly the information which can legitimately be categorised as secret or confidential and what information individuals can expect to keep private. All other information should then be freely available.
Secondly government and corporations should wake up to the responsibilities that is theirs because they hold vast amounts of other people’s information. This realisation should feed into some high level thinking about how to carry out effective information security and this should put a greater emphasis on professionalism together with standardisation of systems and processes. This will probably accelerate the current trend toward cloud computing.
Greater clarity over the rules on information security together with greater realisation of the challenges in securing that data can only be a good thing.