There’s already debate about whether Wikileaks’s release of 92,000 classified documents on the war in Afghanistan was more of a milestone in the annals of national security and the press than the 1971 leak of the Pentagon Papers, the U.S. government’s classified report on the Vietnam War. It’s clear enough, though, that today’s technological landscape severely limits the government’s range of options to fight back against such leaks, but also provides a range of tools to protect against future ones.
Confronted with the release of classified documents on the Wikileaks website–followed by nearly as many news reports on the phenomenon–the U.S. government’s reaction was calculatedly mild. Government officials appear to have concluded that there was no way to put the genie back in the bottle. Instead of raging against the storm, the government emphasized its displeasure while suggesting there wasn’t much to see there–the documents didn’t say much that the public didn’t already know. And for the many military field reports contained within, the Pentagon intimated that the reports weren’t taken as containing instant, literal truth at the time they were lodged.
In the Pentagon Papers case, the executive branch was not as resigned–and the newspapers effectuating the leak, while fiercely defending their rights to do it, understood that the courts had a role in resolving the conflict. An injunction was briefly issued preventing the Times from publishing more, and the Times respected the order, implicitly allowing that it was for the U.S. government–in the form of the judiciary–to decide what counted as secrets so grave that they could not be published. (Of course, during that period the Washington Post took up the mantle of publishing from the Pentagon Papers, and was then drawn into the litigation.)
Wikileaks is not only more difficult to sue in practice, with its principals outside U.S. borders and its servers located in Sweden, but also in theory: its founder seems uninterested in what the U.S. courts might have to say about its activities. The site is surprisingly Web 1.0ish. Despite the tip of the hat to wikis, where anyone can edit, its fame lies in simply having acquired the documents and then publishing them, using technologies and server configurations unchanged in the past 10 or 15 years. But the Internet around it has changed, and a 1971 approach to dealing with the leak would likely have been doomed: once the information was out there, more and more sites could mirror it, or it could find its way to peer-to-peer networks. That Wikileaks says it does not publish everything it encounters is a small silver lining: should its servers be shut down through, say, a Swedish court order or even a hostile cyber- or other attack, future leaks might go straight to the peer-to-peer nets, with no mediating presence to whom to appeal. (Wikileaks says it held some documents back to minimize “collateral damage.”)
What sort of damage might that be? With military field reports, there could be easy ways of identifying sources of intelligence, who might then face reprisal for having cooperated with U.S. authorities. In that sense, the U.S. government is right in observing that the documents might not be very interesting, but their release could indeed damage national security–and the security of people who tried to help. That’s the worst of both worlds. It’s too easily lost in the current analyses that even in a democracy there can exist information that should genuinely remain secret.
What, then, should the U.S. government do over the longer term to deal with the problem? One response would be to make it easier to identify and prosecute the leakers. Digital documents can move around easily, and even classified documents are typically more useful the more people there are within government who can see them. Instead of further restricting distribution–exacerbating a problem with intelligence sharing–there could be more assiduous on-the-fly watermarking. One official’s view of a document may be subtly, unnoticeably different than everyone else’s, in a way that doesn’t change its use and meaning. Should the document be leaked, its very existence could then help identify whose particular copy was the upstream source. This is a medium term technology fix–steganographic watermarking–and one that would put whistle-blowers in the position of preparing to accept the consequences that could flow from being known as the leaker. (Even here, the sheer volume of documents, along with examining what wasn’t released, likely puts the authorities in a good position to triangulate on who shared them.)
Gain the insight you need on security at EmTech Digital.