Although many WikiLeaks disclosures came from the military, city government IT officials concede a similar data breach could happen to them.
In November, The New York Times published private U.S. diplomatic information gleaned from leaked documents — only 220 of more than 250,000 — from more than 270 U.S. embassies and consulates. Called “diplomatic cables” by several news outlets, these documents and messages were confidential government property obtained from WikiLeaks, a “not-for-profit media organization” that publishes media submissions from anonymous sources.
WikiLeaks became a household name, and the organization’s periodic release of confidential government information has shed light on a pesky issue: how to keep private information private, and what to do if it gets out. Thus far, the bulk of the leaks have come from federal and private sources.
But local government officials are also aware of the danger. The embarrassing WikiLeaks disclosures could serve as a reminder that all levels of governments can be vulnerable to data breaches.
“I’m looking at it from a perspective of the city, saying, ‘What is the response of the elected official?’ That’s really, to me, what sets the tone for the next cyber-offense,” said Hap Cluff, IT director of Norfolk, Va. “If you want to stop it, obviously, you’ve got to go after the person that leaked the information. For me, that’s the highest priority.
According to WikiLeaks’ submission policy, the site accepts “restricted or censored material of political, ethical, diplomatic or historical significance” and accepts both electronic submissions via the Internet and physical submissions via postal mail. Since WikiLeaks itself receives information from willing participants, no actual hacking or manipulation is thought to be involved.
Cluff thinks that preventing that information flow is tough to do. “If there is an individual [who] is willing to sacrifice themselves and go in and get the data and get it out, there’s almost nothing you can do about it,” he said.
Public officials recognize the power and danger of these types of leaks, but much of information isn’t top secret.
“There’s very little that is secret within state and local government,” said Gary Cook, CIO of Sacramento, Calif., who cited public records requests laws. “Those are open records that anybody can get to. So from that perspective, I don’t know that there’s anything that [would be] released that, for the most part, folks can’t already get to with just a public records request.”
However, Cook believes such concerns may prompt jurisdictions to re-evaluate how they manage document security and storage. “There’s a cost-benefit equation that we have to go through. Obviously we can always be more secure than we are, but is the cost of that next level of security worth the information that we’re trying to secure?” Cook asked.
It also might be possible for jurisdictions to make their information less attractive to those who are motivated to leak material. One strategy simply could be to make documents public in the first place. “If they had just been declassified, they probably would have gone completely unnoticed,” Cluff said.
Despite that, Cluff said he believes that WikiLeaks’ creator, Julian Assange, has adopted a radical approach to open data. The Guardian reported in December that WikiLeaks faced aggressive investigation by the U.S. government. Assange hasn’t been prosecuted yet for the organization’s activities and is currently out on bail for unrelated sexual assault allegations brought forth in Sweden, which he claims are politically motivated.
Although WikiLeaks technically does no actual hacking itself, news outlets reported in December that the organization’s website was under constant attack by hackers. The White House has condemned the site, and Amazon and EveryDNS.net stopped hosting it soon after the November leak. The site was still up as of Jan. 7, but wasn’t accepting new submissions.