The disclosure of 92,000 Afghanistan war documents by Wikileaks was made possible partly by a relatively recent effort by the military to get fresh intelligence data to frontline forces. The idea was that the information would better prepare the troops for ever-changing guerilla conditions in places like Iraq and Afghanistan.
Defense Secretary Robert Gates has said the breach probably will lead the Pentagon to limit the distribution of such material. Although that could help prevent future leaks, it could also restrict the flow of potentially lifesaving information to soldiers.
Prior to the release of the documents, access to the network for classified information, known as the Secret Internet Protocol Router Network (SIPRNet), was quite loose. Soldiers would need a security clearance to log in. But once logged in, they might not have met any further controls–such as a brake on how many documents any individual could download. “Technical safeguards that are in place stateside were not necessarily implemented downrange,” says John Pike, director of GlobalSecurity.org, a defense and security think-tank.
What’s more, the dedicated SIPRNet terminals used by soldiers in the field were not necessarily available only to people with credentials. Brian Slaughter, who was a lieutenant and platoon leader in Iraq, says soldiers might log in but not log out, which meant other soldiers could go in and view data. “So who knows who is really accessing it at this point?” he says. “There is a certain level of trust at the lower tactical echelons that users accessing data via SIPRNet have the best interests of their fellow soldiers at heart.”
He added: “The nature of the environment we operate in forces leaders to place a certain amount of trust in their soldiers. With that trust comes a small amount of risk. In this case a soldier may have taken advantage of that.”
Data is subject to different classification levels. SIPRNet carries data labeled “secret” but not more sensitive “top secret” data. One application built on SIPRNet is called TIGR, or “tactical ground reporting system.” In Iraq, it is used as a mapping and visualization application that lets soldiers see the latest intelligence and incidents on a planned patrol route. A soldier can click icons to read reports, see photos, and even watch short videos or hear transcripts of interviews.
TIGR requires its own log-in system, atop the SIPRNet one, so it’s not likely that TIGR itself will be curtailed, Slaughter says. But other access points to SIPRNet are far looser, he adds. “There are numerous sites on SIPRNet that are ‘free’ sites that you can access without any permissions required,” adds Slaughter. “Unfortunately some of those sites might have value to someone looking to harm our efforts.”
Pike notes that information systems can either be ultra-secure or ultra-usable, but not both. “By definition there is a trade-off between security and operability. It’s just a question of where you want to make the trade,” he says.
It’s likely that inside the war zone, if not back in Pentagon offices, the bar on SIPRNet is set in favor of giving soldiers information that might save their lives, Pike says. “That would go to the question of why they took off technical protections of computers that are downrange. They are getting shot at, they are in the wire. ‘There’s nobody in here but us chickens, so we’re going to move the margin and move it in the direction of less secure and more operable.’ “
Bradley Manning, an Army private who served in Iraq, is a “person of interest” for investigators examining the release of the latest documents, according to the Army. Even before this episode, Manning had been arrested by military authorities and charged with releasing other classified information, including a video of a 2007 Apache helicopter attack that killed 12 people in Iraq.