Yes, we should be grateful for Wikileaks.
The website, which recently boasted responsibility for some the largest leaks of classified military documents in history, is raising a deafening alarm that should ring in the ears of any corporation, government agency or individual with information worth protecting.
Decision makers in the public and private sectors have made some dangerous assumptions about the security of their documents.
By assuming that email is secure enough, that password protection and encryption solutions are adequate safety measures and that mobile devices and tablet computers offer the same protection as desktop machines, they are putting their most sensitive information, intellectual property and sometimes people’s identities at risk. These beliefs are dangerous, and we should demand more of those who hold sensitive data.
Such misguided ideas about document security likely played a role in the recent publication of nearly 400,000 confidential military reports on Wikileaks , followed by an even bigger leak of sensitive and sometime embarrassing diplomatic cables, as well as in countless other high-profile data loss incidents. And we must not mistake Wikileaks to be a single incident. Another incident from the last year that is worth remembering in light of the heightened awareness to airline security, is the leakage of the TSA manuals describing the security procedures that were accidentally posted online.
Responsible parties should have been on the defensive against these kinds of extreme data loss related to national and international security. After all, they have had plenty of warnings from other sectors regarding flawed assumptions in document protection. In the past six months alone, we saw a medical employee in Pennsylvania selling patient names and social security numbers.
We saw the unintentional mailing of a file with thousands of social security numbers. We saw a leak at Major League Baseball that exposed team financial records. We saw the theft of customer records, the loss of a California health department CD with tens of thousands of names, the leak of next-generation iPod specifications and many, and many other instances in which the public saw information that the owner believed to be private and secure.
Given recent history, how can we conclude anything but the fact that it is past time for decision makers to take responsibility for their actions and stem the flow of unacceptable data leaks?
We are all owners of sensitive data. We have bank accounts, credit cards and social security numbers. Some of us have product information that could make or break our companies’ positions in competitive markets. And others have hundreds of thousands of documents detailing operations in a war zone. We should all be concerned about the way we store, share and deliver digital data.
By exposing the security flaws in the presumably impermeable walls of the Pentagon, this purveyor of leaked data has raised a pressing question: Is it even possible to protect intellectual property and sensitive documents?
The answer is “yes,” and that is why massive data leaks should make the public feel angry, not powerless. Data leaks are unacceptable because they are avoidable. No, we can’t completely lock down our information; individuals, businesses and governments must share documents in the course of daily matters.
However, collaborating with confidence is possible when electronic documents are protected by new technologies that allow much greater control over documents, such as restricting recipients’ ability to copy, print and forward these documents at all times; watermarking them; and tracking who views these documents, as well as when and where they are accessed. All of these capabilities are within reach for any organization, regardless of size. Those in power must simply be aware and pro-active enough to implement them.
Change is often triggered by education. Government agencies, businesses and individuals are learning a painful and public lesson on the subject of document security, but hopefully, it is one that will also be memorable and actionable. We are not at the mercy of Wikileaks (or disgruntled employees, insecure mobile platforms or myriad other elements that compromise document security), and we should take back control of our sensitive data. If we don’t, we can hardly blame malicious parties for helping themselves to whatever information they want.