I'm very conflicted about WikiLeaks' decision to publish confidential U.S. diplomatic cables. On the one hand, I'm a huge proponent of the free, legal flow of information and a supporter of private citizens gathering and releasing facts documenting illegal acts committed by a ruling government. On the other hand, I'm troubled by the fact that Julian Assange and WikiLeaks are making decisions that are harming people -- with no accountability. Suppose they got their hands on active nuclear bomb codes, jet fighter radio codes, or plans on how to make a portable atomic bomb? I'd like to think that even Assange and WikiLeaks would show restraint. But would they?
Some readers have asked how to prevent future WikiLeaks-like events, either in the government or in their own private corporations. The short answer: It's difficult to accomplish because you essentially have to defend against all attack types. Nothing would be off the table. For example, in at least one case, a trusted insider is suspected of downloading information and providing it to WikiLeaks. That's hard to defend against.
[ Robert X. Cringely sees the start of Web War III in the WikiLeaks scandal. | Get the spin on key tech news that you'll find nowhere else at InfoWorld's Tech Watch blog. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]
Stop data leaks through the use of encryption
An organization could implement a few mechanisms to provide potential protections. Certainly, encryption is one option. Encryption makes it harder for unauthorized persons to view or use confidential information. Cryptographically protected documents are a good start -- but not by themselves. If a trusted insider has the cryptographic keys, it's game over if you're relying solely on encryption.
For example, the WikiLeaks cables release is proving that access to information should be limited to as few people as absolutely necessary. In the few confidential cables I've seen in the public media, many of them had hundreds to possibly thousands of recipients. It's hard for me to believe that any truly worthwhile, confidential information should ever be sent out to hundreds of people. That's just asking for a leak.
Other advanced cryptographic solutions show promise. One is the use of digital watermarks, which uniquely imprints a protected document so that each copy can be traced back to the user who retrieved it. At the same time, users and reviewers should have a hard time finding out how the protected document was branded, and they would be deterred from sharing such documents, as it would put their jobs and reputations at risk.
But watermarking doesn't work in all cases. For one, there are still ways to share the information without releasing or copying the original document, such as through screenshots, photographs, simple retyping, and so on. Second, some people simply won't care if they are caught. And finally, some users are plain dense. Even if they're told digital watermarking is in use, they'll forget and share the document regardless. The Screen Actors Guild has been digitally watermarking film review copies for years, with strong penalties for improper distribution -- yet people get caught leaking documents.
In any case, even if a document is digitally watermarked, it can be shared and the confidential information revealed. Digital watermarking is not access control.