When they first came to office, the Obama team had a mantra: "Never waste a good crisis". They then spent the next two years doing exactly the opposite. In the past few months we've seen a couple of decent crises – the first involving WikiLeaks, the second involving the political upheavals in Tunisia and Egypt. Both involve the internet in one way or another. So, in the spirit of Obama Mk I, let us ponder what might be learned from them.
As far as the leaked US cables are concerned, the fury of the US administration and of certain US politicians was, for a time, positively comical. It stopped being funny when they began talking about prosecuting Julian Assange for "espionage", given the draconian penalties that a conviction would carry. But the State Department's indignation over the leaks of allegedly valuable secrets was, and remains, preposterous.
Why? Because there is absolutely no way that a huge database containing 250,000 "secret" documents that can be lawfully accessed by more than a million officials can ever be secure. Any security engineer will tell you that it cannot be done: if you want to keep things secret online then the only way to do it is by compartmentalising the system. Huge, monolithic systems are intrinsically insecure.
Ironically, that is how the Americans used to do it. They kept stuff in data silos. But in the recriminations after 9/11 there was a great deal of angst about the government's failure to "join up the dots", because it turned out that some of these silos had contained useful intelligence about the hijackers. So the silos were breached and linked – which is how Private Manning was able to access the system and download a quarter of a million documents on to the CD-Rom which eventually found its way to WikiLeaks.
The moral of the story: if governments want to keep information secure, then they have to think architecturally about system design. And if the UK government thinks that the NHS can put all our health information into a single, national system that can be accessed by more than 100,000 staff, and still keep it secure, then they ought to think again.
The WikiLeaks story has lessons for the rest of us too. The speed with which Amazon and PayPal dropped WikiLeaks should be a wake-up call to anyone who thinks that Cloud Computing services can be trusted to protect the interests of their customers when the government cuts up rough. The idealistic kids who signed up to participate in denial-of-service attacks on PayPal and the credit-card companies as retribution for cutting off WikiLeaks's funding need to learn how to conceal their IP addresses before they engage in "hacktivism" – as many of them discovered this week when the police came knocking.
For hardcore geeks, the WikiLeaks saga should serve as a stimulant to a new wave of innovation which will lead to a new generation of distributed, secure technologies (like the TOR networking system used by WikiLeaks) which will enable people to support movements and campaigns that are deemed subversive by authoritarian powers. A really good example of this kind of technological innovation was provided last week by Google engineers, who in a few days built a system that enabled protesters in Egypt to send tweets even though the internet in their country had been shut down. "Like many people", they blogged, "we've been glued to the news unfolding in Egypt and thinking of what we can do to help people on the ground. Over the weekend we came up with the idea of a speak-to-tweet service – the ability for anyone to tweet using just a voice connection."
They worked with a small team of engineers from Twitter and SayNow (a company Google recently acquired) to build the system. It provides three international phone numbers and anyone can tweet by leaving a voicemail. The tweets appear on twitter.com/speak2tweet.
What's exciting about this kind of development is that it harnesses the same kind of irrepressible, irreverent, geeky originality that characterised the early years of the internet, before the web arrived and big corporations started to get a grip on it. Events in Egypt make one realise how badly this kind of innovation is needed. The way in which the Mubarak regime was able to shut down the net provided a sobering reminder of the power of governments that are prepared to take extreme measures. As the country disappeared from cyberspace I was suddenly struck by the thought that if PCs still came with steam-age built-in dial-up modems, Egyptians could have logged on to servers abroad and stayed connected. The only way of stopping that would be to shut down the entire phone system. And even Mubarak might have balked at that.
The Guardian
No comments:
Post a Comment