Phil Zimmerman first wrote the PGP encryption program in 1991. Great uproar. Individuals would be able to protect their data from outside spying! Horrors!! In 1993 the US Government made itself a laughing stock by launching a criminal investigation of Zimmerman for “munitions export without a license.” Charges were quietly dropped after several years of attempting to intimidate Zimmerman.
Today, PGP is a standard part of the corporate security arsenal and was recently purchased by Symantec.
With the meteoric rise of social networking, security has largely fallen by the wayside. Every once in a while there is an uproar – Google is invading people’s private space with its street cam, etc. – but by and large security concerns are ignored. Trying to obtain any privacy on Facebook is an adventure. And the government, including the Obama administration, still insists on being able to spy at will on anyone it doesn’t like (“warrentless wiretaps”).
This has given rise to a lot of pseudo debates – if someone posts nude pictures of themselves on Facebook, can a potential employer use them in evaluating job candidates? Can lawyers “friend” adversaries (or get someone to do it for them) to find out information? I call these are pseudo debates because the obvious answer is that if it can be done, it will be done. It is the inverse of the warnings on a wide variety of products, all of which are structurally identical: “We will not be responsible if you do anything incredibly stupid that nobody in their right mind would do.”
So there is a delicious irony on the government being hoist on its own petard, so to speak. Sharon’s Nelson’s Ride the Lightning blog has an extensive analysis of how it came to be that some Private could download all those files, entitled “WikiLeaks: How Bad is U.S. Cybersecurity? (Bad - Really, Really Bad)”
“How did a mere private gain access to so much data and then copy and transport it? Regrettably, it was child's play.
He brought in a CD-RW labeled something like "Lady Gaga," erased the music and wrote a compressed split file. Private Manning rather accurately observed the total absence of security noting that there were "weak servers, weak logging, weak physical security, weak counter-intelligence, inattentive signal analysis... a perfect storm."
In short, the military/state department or whatever has zero security. This is not new. Government agencies (including Homeland Security) have gotten very poor grades on security for a number of years. Yet they act surprised and outraged when somebody exploits the weaknesses.
When addressing law firm security needs, I typically advise clients that there are three levels of types security. First (and most simple), security against intrusion by disgruntled employees. Second, protection from random hackers. Last, and most complex, protection against organized, targeted intrusion. It would appear that downloading the files falls into the first category, and that there was not even the most elemental protection against it. Is it any wonder that trust in the government is probably at an all-time low?