For what else is Private First Class Bradley Manning, the man who may or may not have leaked the material, that’s to say possibly 90,000 pages of US Army stuff on the Afghan War, the terrifying video nasty of the helicopter gunship attack on civilians in Iraq, the 260,000 classified diplomatic cables and maybe more, but that horrifying thing – the disgruntled employee with access to stuff that can damage his employer if leaked and who has a grudge to justify himself doing so?
Is Manning a ‘traitor,’ along the lines of an Aldrich Ames, a Robert Hanssen or even a Guy Burgess? These scum betrayed their countries for a mix of monetary or so-called ideological motives; Manning, as we’ll see in a minute, has more complex, perhaps more prosaic, motivations, apparently. I’m less interested in that aspect as seeing what he did as breaking the policies of his organisation (the US Army) and the trust of his employer (his country), with huge consequences for both.
As anyone who follows these CBR Rolling blogs will know, I write a lot about information security as a topic, generally taking the line that the biggest issue is never the external hacker but the internal threat. Thus, Manning. So his organisation has to take some blame for putting insufficient structure and safeguards in place to stop secrets walking out the door. Though they do; apparently every day, by my recent clippings; and there’s no legislating for human nature, as we know.
In fact if you look specifically at what he allegedly did do, the parallels with corporate data leaks become clearer and clearer. Manning was an intelligence analyst assigned to a support battalion with the 2nd Brigade Combat Team, 10th Mountain Division at Contingency Operating Station Hammer, in Iraq. He has boasted in an IM that he was the one who’d leaked the "Collateral Murder" video of a helicopter airstrike on July 12, 2007, in Baghdad, and all the rest of the data and that as a result he is facing charges under US military law for, and I quote, "transferring classified data onto his personal computer and adding unauthorised software to a classified computer system," and "communicating, transmitting and delivering national defence information to an unauthorised source".
Why did he do it? He seems to be a very unhappy young man. As a gay man, it seems he wasn’t that happy about not being allowed to tell his comrades he was such under the ‘don’t ask, don’t tell’ policy. We are also told he felt he was being given demeaning jobs, like being made to fetch the coffee in the workplace. Apart from these features of personal discontent, he also has, it seems, some sort of political grievance too, being recorded as expressing disillusionment with American foreign policy, the diplomatic documents he filched detailing, in his view, "almost criminal political back dealings" and that he wanted their release to cause large-scale scandals and lead to "worldwide discussion, debates, and reforms."
Manning’s superior officers – his managers – can’t be blamed for not worrying that much that he wasn’t fitting in. They can be blamed – and should be – for appalling security weakness. The bloke’s a bloody Private, for God’s sake! What kind of a system lets a Pfc access some of the most sensitive secrets of your country? OK, not nuclear, but that clip of civilians being mowed down like zombies in a video game’s done as much damage to US reputation as a battlefield nuke, right?
And I don’t even have to tell you how he got the stuff out – yes, on DVDs and CD-ROMs, without anyone batting an eyelid or checking what he was up to.
Two things are going to happen. Either we start figuring out a way to stop this happening, and the fact that the CIOs of the world’s biggest military force haven’t bothered trying leaves me little basis for confidence. Or two – we accept the fact that we have no secrets and that everything is porous.
Maybe that wouldn’t be such a bad world, on the macro, geopolitical level. But dunno about you, but I don’t want you reading my email, my post or my text messages.
Welcome to the real world: the one where people do what they’ve always done, sell secrets, despite all the ISO27001s you can throw at it.