This is aThis blog is about the “public intelligence” scene. It is a anwer for a appel by John Young’s Cryptome on more “For Official Use Only” documents.
WikiLeaks posted a (SECRET/NOFORN) document – a classified 32 page U.S. counterintelligence investigation into the site.
Acording to the United States Army Counterintelligence Center, Cyber Counterintelligence Assessments Branch: “The leakage of sensitive and classified DoD information also calls attention to the insider threat, when a person or persons motivated by a particular cause or issue wittingly provides information to domestic or foreign personnel or organizations to be published by the news media or on the Internet” and “The possibility that current employees or moles within DoD or elsewhere in the U.S. government are providing sensitive or classified information to WikiLeaks.org cannot be ruled out’‘
This is possible but, as a GAO report atests “Significant weaknesses in information security policies and practices expose sensitive data to significant risk, as illustrated by recent incidents at various agencies.”
And GAO’s report continues: “For example, our analysis of inspector general, agency, and our own reports reveals that agencies did not have adequate controls in place to ensure that only authorized individuals could access or manipulate data on their systems and networks. Weaknesses were reported in such controls at 23 of 24 major agencies for fiscal year 2008. Agencies did not consistently (1) identify and authenticate users to prevent unauthorized access, (2) enforce the principle of least privilege to ensure that authorized access was necessary and appropriate, (3) establish sufficient boundary protection mechanisms, (4) apply encryption to protect sensitive data on networks and portable devices, and (5) log, audit, and monitor security-relevant events.”
On our experience the documents are leaked, more and more, for poor enforcement of safety rules, negligence, carelessness, etc. This happens primarily in purchase requests, as shown in the case of Transportation Security Administration operating manual leaked.
We welcome documents and archives on this situation. We will post it.
For the Army Counterintelligence Center this may be ilegal : “Some contend that the leaking and posting of information is constitutionally protected free speech, supports open society and open government initiatives, and serves the greater public good in such a manner that outweighs any illegal acts that arise from the posting of sensitive or classified government or business information. Others believe that the Web site or persons associated with Wikileaks.org will face legal challenges in some countries over privacy issues, revealing sensitive or classified government information, or civil lawsuits for posting information that is wrong, false, slanderous, libelous, or malicious in nature.”
We thing that the “US Supreme Court ruling regarding the unauthorized release of the Pentagon Papers by Daniel Ellsberg, which stated that ―only a free and unrestrained press can effectively expose deception in government” is more correct.
Other hints are:
Digital Security & Privacy for Human Rights Defenders manual, by Irish NGO Frontline Defenders.
Everyone’s Guide to By-Passing Internet Censorship for Citizens Worldwide (.pdf – 31 pages), by the Citizenlab at the University of Toronto.
Please feel free to email us at firstname.lastname@example.org