On Wikileaks

I am torn on the latest dump from Wikileaks. On the one hand, the United States needs to be able to conduct its dealings on a world stage with the security standbys of “integrity, confidentiality and availability.” Diplomats need to be able to prove they are who they are, have confidential communications with other parties, and do so securely. This is basic security: they need to be able to have the dealings they need to have, no matter the content, without fear of unauthorized prying eyes. Otherwise, it is very difficult for people who have to have sensitive conversations as a routine part of their job to have these sensitive conversations. A government needs to work behind closed doors from time to time to function properly.

On the other hand, this is the same United States government that wants to read my email and see me naked if I want to fly to Detroit. I want to have sensitive conversations too.* I want to not have the government peer at my daughter’s body “for her own good.” I find my sympathy a bit limited. When I see heads of state complaining of feeling their privacy has been violated, I want to give them a Club Membership and a Beanie. It has a propeller. Welcome to the Club: it’s nice of over here.

We live in a data-centric world and, if data wants anything, it wants to be free. It’s like pollution: pour a little into a stream and the whole fish stock is contaminated. We generate so much data even on a daily basis as individual human beings that simply attempting to analyze it all or even record it is currently prohibitive.** Data is just noise, for the most part; a denial of service attack on our higher brain functions. To do anything with data, it has to be correlated and sifted and sorted. To get the right data across the right functions, the data has to be, above everything else, shared.

This is where the government is way behind the curve. Most of the three-letter agencies have been working in absolute silence for their entire existence. But now, data has to be shared to make any sense of it. There’s just too much data coming from too many points and it all needs to make sense. And going from a full confidentiality environement to one with availability of data is actually and honestly a hard problem. Data is going to get everywhere. It is going to leak. It is going to pour out the cracks. This is what data does.

Hard problems are hard.

The DoD immediately banned USB drives***. Lots of people started screaming and yelling about espionage or treason****. There’s a few hair shirts. From what I have seen — and I admit I haven’t sat down to read the cables, only the NYT summaries of the cables — there’s nothing really amazing or breathtaking in there. The Chinese Government attacked Google. People think Iran getting the Bomb is Bad. I have seen people yelling with hands clutched over their chests that it will end transparency in government — although this is staggeringly unlikely. The government is not particularly transparent to begin with; that’s the entire point.

So ANYWAY, To Sum Up, My feelings in Exciting Bullet Point Form:

* When journalists get juicy information they publish it. Where they get it doesn’t matter. As long as it’s verifiable, it gets published. That’s what journalists do. Or at least they did once upon a time. And not all foreign journalists are super nice to the People In Power.

* … and this is healthy, because Democratic Governments really and truly need an adversarial press to keep it honest. This is why we have enshrined the freedom of speech and the freedom of the press as some of our highest cultural ideals. The government needs to be exposed and of course a government will do anything they can to repress information that got out of their control. That is what governments do. These sort of things are good for governments. It’s like getting a flu shot. Sure, yeah, we’ll have a few months of retrenching but it might make some people think. It is the job of the people to keep their elected officials plausibly honest and it is the job of journalists to pour data into the heads of the people.

* And it is not like foreign countries are going to stop hosting systems with Wiki software. In fact, it’s kinda fun! Except for the DDOS parts; those are a little annoying.

* Meanwhile, the Federal Government is learning what lots of us in industry have learned: defending data while still making it usable and useful and safe is really freaking hard.***** What do I always say? Security is hard and encryption is slow. Yes, I absolutely believe that people who need AIC should get AIC while sharing data between two parties. Yes, I feel the State Department should be able to work in a confidential atmosphere. Yes, I feel this is important for the security of the United States. But see points A, B and C, above.

* There’s a balance to be struck between what the governments can do and what the people know. We need to rediscover that balance.

* Ta-da! Behold what the Slashdot crowd and security crowd has been yelling about for years: privacy is important. And not just for people in the public sector. For everyone. FBI back doors into ISPs and unauthorized wiretapping and tracking cookies and naked scanners and you name it. Privacy is important. It is. It really is.


* Sure, I can. I know how. It’s not that difficult but it is time consuming and nonstandard and key sharing/rotation is annoying.

** Although, dear God, who knows for how long. I can run a MySQL DB on my laptop and mine hundreds of gigs of data. I can buy a T from Best Buy. A T! And I made a fool out of myself in graduate school asking: “Why would you ever need a T of space?” Why indeed.

*** Yeah. Well, good luck with that. Physical security of teeny devices that can look like bananas or coke cans is a bit challenging. I hear the TSA has some new machines to search people for plastics, I guess. I would fill all the USB ports with rubber cement but I know that’s really not workable because it blows up service contracts.

**** Not sure how treason works with a foreign citizen living in a foreign country but whatever. We don’t let details get in the way of a good soundbyte.

***** I know this initiative has been going on for a while now, actually.