A recent blog post on Wire.com by Kevin Poulsen, “Cyberwar Against Wikileaks? Good Luck With That” was brought to my attention by a good friend. She nominally just wanted my thoughts on the provocative article, but in effect, challenged me to blog on the subject. So here goes.
The genesis of the “controversy” was not the release of the mountain of leaked documents by the WikiLeaks folks, but rather, some of the response it had provoked, and that created a connection to cyber. A pundit had opined in the Washington Post that the U.S. Government had the cyber capability to “prevent WikiLeaks from disseminating those materials.” He was referring to the slightly smaller mountain of documents that have been so far held back (on the advice of newspaper leadership types). These specific articles are apparently potentially more injurious to innocent folks than those already released.
OK, so the pundit was suggesting that President Obama authorize government entities to turn WikiLeaks computers into silicon bricks? Come on folks, educated people should not talk nonsense. Could we “attack” the website’s servers, computers, and other digital infrastructure? Yes, we probably could. That defined a target is well within the capabilities of several different parts of the government, but why in the name of all that is anchored in reality would any President ever do it?!?
Even if you skip right over that pesky free speech and freedom of the press stuff, just from a policy standpoint, it would be entirely self defeating. Using cyber capabilities to silence those with whom we disagree is exactly what privacy and civil liberties advocates fear most about the development of our cyber defenses. If anyone in the administration convinced the President to do this, it would forever torpedo the efforts to husband these capabilities for use in protecting the nation from our external enemies.
Was the release of the Afghanistan documents harmful? Yes, but not hugely so. The documents are for the most part low-level tactical reports at the SECRET level – not exactly the Pentagon Papers of this generation.
What the young soldier who released the documents did was illegal. He had a security clearance and had signed numerous non-disclosure agreements that go with official access to classified material. He knowingly broke federal law and the Uniformed Code of Military Justice. He should and will be prosecuted. But the military failed in its screening of this individual and in its supervision of him. As a result, he took actions that he may regret in the future.
WikiLeaks, however, made no such non-disclosure agreements. I am not defending what they did, and I wish they had not done it. Their actions have hurt the reputation of this country, our efforts to free the Afghan People from an oppressive ideology (however imperfect those efforts may be), and may in the long run get innocent people killed. If the online outlet’s ambitions to publish the documents in full had not been tempered by more mature and experienced news people, it would have been worse.
Basically, the U.S. Military must suck this one up and do a better job of securing its classified documents (they are far easier to steal and transfer than ever before). Clearly, if we have legal recourse to keep other documents from being leaked, we should take them, but nothing more. We must also work even harder at screening our personnel and then monitoring them for signs (public Web postings for example) that they might be considering illegal actions. If anyone is considering taking extra-legal actions involving our cyber capabilities, PLEASE put that option aside. Nothing good would come of it, and lots of damage would be done.