So-called “cablegate” and all related fall-out from the PFC Manning debacle have advocates on both sides of the security vs sharing debate up in arms, but the real lessons that need to be learned are lost on most.
1. Let’s be realistic about the real impact of the “information sharing” craze of the last decade. None of the classified ‘nets that Manning allegedly ran rough-shod over, in and of themselves were big sharing mechanisms. No agency posts information they’re not already prepared to disseminate (and consequently lose control over). Which leads me to . . .
2. Real sharing happens at a personal level, after a level of trust is established. If classified ‘nets did anything it allowed people to identify colleagues working on different aspects of a mission and facilitated more person-to-person contact. Closing or restricting ‘net connections, anonymizing or masking online entities just means people will have to go back to working in their own bubbles; a recipe for future failures.
3. The info-age is not a threat to security if you adapt security to the info-age. Spies, people who have done real, demonstrable damage to national security, accomplished their mission without using removable media. Manning wasn’t a spy, he was an misfit who struck out blindly and happened to hit a home run. Which leads me to . . .
4. If the Army had done its job, there wouldn’t be a cablegate, wikileaks would be a more obscure version of Cryptome, and Bradley Manning would either have been re-greened or administratively separated, walking the earth a free man. The problem – and the solution – has nothing to do with technology and everything to do with human resources.
5. Cablegate and related exposures wouldn’t be such a disaster if we didn’t label so much information as “intelligence” and we had a decent classification and declassification system. Information, especially classified information, has a half-life, and its a lot shorter than 25 years.