The failure of governments to protect their own secrets raises concerns about data protection, writes KARLIN LILLINGTON
IN THE wake of the arrest last week of WikiLeaks founder Julian Assange, campaigners and supporters argued that the information held by WikiLeaks was something the public had a “right” to see.
Any attempt to block its distribution, restrict the website or impede the organisation’s founder struck at core democratic rights, went the complaint. The issues, said figures as varied as journalist John Pilger and celebrity Jemima Khan, are matters of freedom of information and freedom of speech.
But are they? If national governments should be subject to such a “right”, and their private, internal discussions and blunt appraisals be open to perusal as a matter of course, then why not the internal debates and strategy documents of any business? And why not include citizens? If you can read the government’s internal discussions, then what right should you have to keep your e-mail, records of your internet usage, even the contents of your conversations or your day-to-day activities private?
If you want to scrutinise the government, why shouldn’t the government have an equal right to scrutinise you? Or to look at it another way, is WikiLeaks a kind of reverse image of national data retention, the policy whereby many national governments, including Ireland’s, store people’s call data and internet and e-mail usage records for months to years? A key argument against data retention has been that assembling a large collection of information makes it tempting to trawl through. Already, we have seen numerous cases where people’s personal details kept on file in government departments – information that is supposed to be private and secure – proves overly tempting to civil servants to pore over. After all, private information and discussion are generally quite interesting, as anyone will know who has stumbled across documents they were not supposed to see.
Are we not collectively doing the same in gorging on hundreds of thousands of pages of private, revealingly blunt and raw government communications? No business would wish to see its internal communications and necessarily frank discussions and internal analysis on clients, partners, suppliers and rivals posted openly onto the web. How could businesses function without some guarantee of secrecy and privacy? And what about our own personal relationships? Most of us would not wish a sibling to know everything we have said about them to a parent.
UCD law lecturer and chairman of Digital Rights Ireland TJ McIntyre, whose organisation has campaigned against the Government’s data retention policies and is to challenge them in the European Court of Justice, agrees there may be some hypocrisy in claims that the public has an intrinsic “right” to see the documents obtained by WikiLeaks.
“Governments and individuals both have rights to secrecy,” he concedes. “But,” he cautions, “they are not the same.” Secrecy for the individual is more often about a right to privacy, he says, while secrecy for governments is often about the control of power.
He also makes a careful distinction between the categories of privacy and secrecy.
“You can’t equate personal privacy with government secrecy,” he says. “Government should be public by default and private only where necessary. Whereas citizens should have a right to privacy by default and have their information made public only where necessary.” He feels that many of the WikiLeaks revelations have been important to bring out into the open, regardless of whether they were meant to be kept secret or not.
“It’s about accountability, power, and the abuse of power, and holding government accountable for what it does in our name.” This is the salient point. If leaked documents bring needed insight and proper scrutiny, shining a light into improperly hidden recesses, without jeopardising lives, then they should be published.
Yet some of the revelations so far fall more on the side of a titillating insider view than probing investigative reporting. And much that has been printed, while interesting, will not have overly surprised anyone familiar with the politics of certain international situations – and surely will not have come as any great shock to the people or institutions or governments they are about.
Setting aside international espionage, which in many cases must have kept countries informed about what rival diplomats and other officials were thinking and saying, some of the commentary is rather obvious, if bluntly expressed. McIntyre agrees: “With much that has come out, it isn’t really harm that has been caused, but embarrassment. But I don’t think we should be protecting governments against embarrassment.”
Governments should be protecting themselves. If one accepts that governments must, even if accountable and open, still be conceded some level of secretive discussion, then adequate protocols and security measures must be in place to safeguard that information.
The fact that such large tranches of sensitive information could be collectively copied and removed raises serious doubts about the nature of the US government’s current digital security programme.
Any conference on corporate security stresses the measures a responsible company should take to lock down sensitive data, restrict access, and block the ability to copy data onto removable storage media.
The leaks are certainly an indictment of American security. The internet has been around for about 15 years now as a publicly accessible, popular medium. Digital storage has never been so cheap or so portable. If such huge stores of data were left available to be copied and carried away, the big surprise is not thatWikiLeaks got access to hundreds of thousands of pages of documents, but that big data dumps like this haven’t been made to organisations like WikiLeaks many times before.
One has to hope that the ultimate outcome will be more government caution worldwide in what is said and how, more state openness and accountability even if motivated by fear of further embarrassing exposure, and better security to protect the truly sensitive data.
And that includes our own, detailed information held by governments and their agencies – our financial, health and social details. As McIntyre puts it: “If the US can’t secure its own communications, what evidence is there that they can protect our personal information?” To his mind, the leaks are nothing if not a sterling argument against national data retention regimes.
