People Are the Weakest Link

“The human factor” is the oldest problem with cybersecurity. No matter how much technological wizardry goes into a security system, the people who work in that system will be prone to leak things, whether by mistake or on purpose.

“Humans are the wildcard in most security ecosystems,” an information security engineer at an American university told me (he is not cleared to speak on his employer’s behalf). Any number of factors — ethics, morality, boredom, spite, revenge, frustration, laziness, carelessness, or narcissism — can enter into a person’s decision to buck security rules and release unauthorized information.

“People change their minds all the time,” the engineer said, “especially when it comes to applying our notions of propriety when they’re held up against compelling, contrasting narratives.”

Narrative — specifically, WikiLeaks’ political narrative — seems to have influenced Bradley Manning. In his court-martial, which began in June, Manning’s defense team said that he decided to send the purloined databases to WikiLeaks after he saw what was really happening in Iraq. His first leak, a video called “Collateral Murder,” showed a horrifying act sadly common in warfare: a U.S. Army helicopter firing on a group of known insurgents, among whom were actually a Reuters film crew. Then, while the pilots are recorded laughing and joking, they fire on a passenger van that arrived to pick up any wounded. A young boy is grievously injured.

One can understand how Manning’s outrage over the horrors of war overcame his training to keep secret information secret. His desire to expose what he saw as crimes against humanity overpowered any impulse to maintain legal secrecy, even if those actions could conceivably be defended as the regrettable horrors that accompany war.

Manning’s defenders insist that he is a brave whistleblower for exposing many secret abuses. Had he limited his leaking to the “Collateral Murder” video, that might be a compelling case. But Manning didn’t stop there: He released hundreds of thousands of other documents, detailing mundane but nevertheless sensitive operational details of the wars in Iraq and Afghanistan. He then leaked hundreds of thousands more secret diplomatic cables used by U.S. embassies to communicate with the State Department in Washington. Manning not only exposed potential abuses, he attacked the very system of international statecraft in the process.

There is a similar trajectory in how Snowden is orchestrating his leaks. The first revelation, of a court ordering Verizon to hand over its customer data, is worrying enough — sure, it might be legal, but the implications of that data being used improperly are frightening. But then Snowden, like Manning, leaked sensitive operational details — first about cyberwarfare contingencies against China, then about fairly normal surveillance operations against Russia.

These last revelations came in the middle of a cybersecurity summit between President Obama and Chinese Premier Xi Jinping — whose symbolism was lost on nobody. More recent leaks are even more puzzling, including the curious revelation that President Obama ended a surveillance program after a court found it to be unconstitutional. Beyond mere embarrassment, it’s difficult to see the real public value in these latest revelations.

Again, much like Manning, Snowden started with a possibly defensible act of whistleblowing but moved into a direct attack on the capacity of American agencies to function in the world. Unlike Manning, Snowden’s motivations are more difficult to pin down. What we know of his life story, and the evolution of his worldview, paints a much more complicated picture than the troubled young soldier exercising poor judgment from an intelligence outpost in Iraq.

Snowden recently told the South China Morning Post that he secured his NSA job with Booz Allen Hamilton for the sole purpose of exposing its surveillance activities. He made a premeditated decision to gain entry to the agency so he could expose its secrets. This action required not a sudden attack of conscience, as Manning claims, but detailed planning — a full-on intelligence operation.

A court will have to decide how many laws Snowden broke. But his emerging, still-evolving life story — opposing leaks (“leakers should be shot in the balls,” he told a chat room), then reacting against Obama’s failed promises, and finally acting repulsed as a transparency activist horrified at the idea of government surveillance — sheds some light on why he released so many top secret programs.

The Cultural Roots of Techno-Dissidence

Assuming the details about his life are actually true (he could have lied to Guardian reporter Glenn Greenwald, the same way he lied to security investigators at Booz Allen), Edward Snowden is the latest byproduct of a counterculture stretching back to the 1960s that’s taken modern form as an informal hacker culture. Its roots can be found in the anti-Vietnam war protest movement, which grew from opposing an appalling war into a generalized opposition to U.S. foreign policy.

The modern incarnation of this movement does not represent the same social cleavages it did in the sixties — there is no equivalent to the feminist, civil rights, and other movements that exploded into mass protests — but it does represent the same strain of political activism that sees the U.S. government as a force for evil in the world that must be opposed.

”The hacker ‘culture,’ such as one exists, is united around a main principle of distrusting of authority with an idealized commitment to civil liberties,” Gabriella Coleman, the Wolfe Chair in Scientific and Technological Literacy at McGill University, told me. “That ‘culture’ is incredibly diverse, and their secondary political affiliation spans from classical liberals, to libertarians, to radical anti-capitalists.”

WikiLeaks founder Julian Assange distilled the uniting goal of purified civil liberties and anti-authority philosophy in his online manifestos. By describing his belief that government is, by definition, a conspiracy founded on the protection of secrecy, Assange argues that leaking those secrets will break up the conspiracy, thus securing his ideal of liberty. Snowden’s own statements about government, and about the role those leaks will play in disrupting it, seem based on the same ideological foundation.

Since the original counterculture movement began five decades ago, public distrust in the government has grown considerably, and any number of trending topics (drones, NSA spying, the World Bank) can now become a synecdoche for a general dislike for the modern world and the power structures behind it. The support Snowden and Manning have received from technology activists is not terribly surprising. The movement supporting leakers is, therefore, quintessentially liberal. It is a product of Western norms and mores: A free press, checks and balances between the branches of government, and watchdog organizations are all based on the same commitment to distrusting authority and preserving civil liberties.

The Catalyst

One remarkable aspect of Edward Snowden’s case is his decision to go public. There are hints he did so in the hope that he could curry favor with other governments that might protect him from U.S. reprisal. But few leakers ever willingly make themselves public — they prefer the security that anonymity provides. If the government doesn’t know who you are, it can’t prosecute you for leaking.

Nevertheless, there is a common link connecting Snowden’s leaks, his support from WikiLeaks, and the hoards of Anonymous supporters online praising him for exposing secrets. “I do think something has shifted,” Coleman said. “WikiLeaks and Anonymous are important catalysts.”

Prior to the rise of WikiLeaks, Coleman said, many in the hacker subculture thought leaks and openness could be used to shift public perception. But their vision wasn’t very large. When WikiLeaks published its “Collateral Murder” video in early 2010, it demonstrated that the right kind of leaks could have a transformative effect on both public opinion and government policy — and spark a new pro-leaking movement.

It was the Geek Awakening. “The early Internet engineers were devoted to making it easy to transmit information, not to secure it,” Coleman said. The government had never caught up to this inherent insecurity: Even the secret networks used by the military and intelligence services were still built on the old TCP/IP protocols that are fiendishly difficult to keep closed. The result, Coleman said, is a one-two-punch for the public: They did not know how insecure their information is, and they did not realize how easily governments could access it. The geeks had changed the game.