Monday, December 13, 2010
Internet vandalism
Been pondering about the Wikileaks business. Or, to be more precise, three aspects. First, when is it proper to publish intended-to-be-private government papers? Second, what might one need to do to stop this sort of thing? Third, how far might one go in pursuing the individuals thought to be involved?
The freedom of information people have established a sort of presumption that public business should be conducted in public. Ironically, at about the same time as another bunch have established that private business should be conducted in private. Now it is true that government got a bit lazy (if not worse) and conducted a lot of business in private that should have been more public. So, a lot of the time, it seems entirely sensible that the arguments for and against some policy decision - perhaps to scrap the Red Deer Commission - should be made public. And a lot of the time this might be before the event rather than after the event. If one is sure that one is right, what has one to fear from a bit of barracking from the plebs; and it one is not sure, maybe it is only prudent to seek a bit of help?
In this particular case I have no idea what was done, although the outcome was a hostile takeover by Scottish Natural Heritage. I expect some support staff left to pursue other interests.
However, I am quite sure that a lot of the time it is not appropriate for public business to be conducted in public - sometimes for the same sort of reasons that it is thought proper for private business to be conducted in private. Sometimes for reasons of security: it is clearly not sensible to put the details of, for example, munition dump physical security, in the public domain. All the public need to know is that there is munition dump physical security.
So, if one is sent a whole lot of stuff which has been marked 'SECRET' by the government, presumably for some reason, it is entirely irresponsible to stick the whole lot up on the internet. And it is rather presumptuous to read the stuff and stick up a selection, on the grounds that the public has the right to know. Who is some deranged retired hacker to make such a judgement? Having got the stuff, would not a better course be to consult some trustworthy chap or chappess on the fringe of the establishment? Say a professor at a reputable university? Or a retired judge? And if one really thought that something dodgy was going on that ought to see the light of day one but was paranoid about the men in unmarked rain coats loitering in one's street, one could always lodge a copy for safekeeping with someone or other.
But sadly, I think that there are plenty of bad and irresponsible people and that stopping them is going to be difficult.
One dodge which was explained to me yesterday was that you zip your lurid material up into a file which you then encrypt using the first half of a key pair. Plenty of software about which will do this sort of two-key encryption business for you. You then post lots of copies of the encrypted file all over the internet, very clearly labelled 'lurid material', but which, at this point, cannot be read. It is then going to be very hard for the security people to disappear the file. Hard to see how they are going to be able to deal with all the people that download the file, even supposing they can trace them at all. I then lodge the other half of the key with a bunch of people that I trust, with instructions to publish the key if I fail to check in. So if the men in the unmarked rain coats bundle me into their unmarked van and by a process of secure rendition have me dispatched to the south pole without proper clothing, I can freeze, comforted by the thought that the lurid material is now out there for all to read. I suppose a weakness in all this is that they might get the names of the people that I trust out of me by a process of enhanced interrogation. But that is a detail. I am sure that with a little thought I could beef up the process to deal with it.
Another dodge might be that you are not allowed to post files onto or through the internet which the security chaps can't read. I recall that the US government was quite keen on doing something of this sort. One then reads everything that is posted, before it is posted as it were, and blocks obnoxious material. One might make things a bit easier by having trusted sources whose material one did not have to check. Maybe decent people like myself could apply for a license to post which would mean that I did not have to pass my material through the censor. One catch would be getting everyone to agree to the regime. The US might be happy about there being no material that they could not read, but I can't see the Chinese buying into that. Perhaps a regime whereby recognised state and corporate players were allowed to post files which other people cannot read. But odds and sods could not; they had to go through the licensing regime.
A regime which would need to be instantly revokable. So if I was a villain without track record who was therefore able to get a license, that license could be turned off the moment I got a track record. With turning off perhaps resulting in any material labelled with that license being deleted if it attempted to pass through internet hubs.
All in all, it seems likely that there is going to be a lot of money to made here. Gimme my degree in internet security now.
And then there is the question of how nasty are you allowed to be to perpetrators. If you have a perpetrator, but one who has not committed a crime that you can pin on him, is it OK to give him ten year's solitary for the income tax irregularity you have managed to pin on him?
A good start would be to make sure that perpetration was a crime. That handling stolen information was the same has handling stolen goods. Maybe with exceptions for honourable journalists. Or perhaps just rely on honourable prosecutors not to prosecute where there was a public interest defence.
Another good step would be not to publish sensitive information all over corporate networks where all kinds of people can get at it - and leak it if they have a grudge. Perhaps dressing up the theft in the clothes of whistle-blowing. Not practical to vet everybody. So you have to ration access.
Having got that lot off my chest, time for the cup that cheers. And I admit to using tea bags. The fight to retain loose tea has been lost.