The big news today is the release of US diplomatic cables via WikiLeaks. I’ve read somewhere–sorry can’t produce a link because today’s been a blur of Wikileak-related stories–that the leaked embassy missives are classified as “secret,” at least. What this means is that the communiqués were protected with data encryption.
A friend asked me, if encryption works so well, how can you explain WikiLeaks producing all this information?
Insider Leak? Vulnerability in the System? Who Knows?
It’s obvious that someone leaked the information to WikiLeaks. What’s not so obvious is whether an insider to the US government did so or otherwise. This observation is in sync with how encryption software can protect data…and how it cannot.
Encryption cannot protect against data breaches when insiders that have access to the data are involved. For example, an IT administrator working at the highest echelons of the CIA with the appropriate security clearance decides that he’ll leak all this info before calling it quits, a decision that he came to just today. The man has access to the data because he knows the passwords for accessing the encrypted content.
This data breach cannot be prevented, short of someone figuring out the soon-to-quit employee’s motives and stopping him from copying the data to another medium, such as a distant server, a USB stick, a DVD, etc.
Even if insiders are not involved, however, it is possible for outsiders to gain information (possible but unlikely in this case). A common way is to plant keystroke logging software in a computer, recording a computer-user’s click-clacks from beginning to end. This way, one can either gain access to the passwords required for accessing data, or one can just dispense with breaking in because he already has a copy of all the words typed.
Is Encryption Useful At All?
Yes, of course it is. The reason why WikiLeaks’s diplomatic cables are so fascinating is not because it comes from the government. I mean, would you find DMV paperwork as enthralling? Are you a regular viewer of C-SPAN? Instead, everyone wants to take a peek because they couldn’t do so before. Because it was secret.
What kept it secret all this time? Encryption, plus other data protection technologies and policies. Anyone who’s involved in the encryption business knows there is no such thing as 100% security, in this industry or any other, for that matter.
Remember, the only secret that is 100% is the one that you keep to yourself and share with no one.