Schneier on Security
A blog covering security and security technology.
« Risk-Based Authentication |
| Another Snowden Lesson: People Are the Weak Security Link »
November 8, 2013
Why the Government Should Help Leakers
In the Information Age, it's easier than ever to steal and publish data. Corporations and governments have to adjust to their secrets being exposed, regularly.
When massive amounts of government documents are leaked, journalists sift through them to determine which pieces of information are newsworthy, and confer with government agencies over what needs to be redacted.
Managing this reality is going to require that governments actively engage with members of the press who receive leaked secrets, helping them secure those secrets -- even while being unable to prevent them from publishing. It might seem abhorrent to help those who are seeking to bring your secrets to light, but it's the best way to ensure that the things that truly need to be secret remain secret, even as everything else becomes public.
The WikiLeaks cables serve as an excellent example of how a government should not deal with massive leaks of classified information.
WikiLeaks has said it asked US authorities for help in determining what should be redacted before publication of documents, although some government officials have challenged that statement. WikiLeaks' media partners did redact many documents, but eventually all 250,000 unredacted cables were released to the world as a result of a mistake.
The damage was nowhere near as serious as government officials initially claimed, but it had been avoidable.
Fast-forward to today, and we have an even bigger trove of classified documents. What Edward Snowden took -- "exfiltrated" is the National Security Agency term -- dwarfs the State Department cables, and contains considerably more important secrets. But again, the US government is doing nothing to prevent a massive data dump.
The government engages with the press on individual stories. The Guardian, the Washington Post, and the New York Times are all redacting the original Snowden documents based on discussions with the government. This isn't new. The US press regularly consults with the government before publishing something that might be damaging. In 2006, the New York Times consulted with both the NSA and the Bush administration before publishing Mark Klein's whistle-blowing about the NSA's eavesdropping on AT&T trunk circuits. In all these cases, the goal is to minimize actual harm to US security while ensuring the press can still report stories in the public interest, even if the government doesn't want it to.
In today's world of reduced secrecy, whistleblowing as civil disobedience, and massive document exfiltrations, negotiations over individual stories aren't enough. The government needs to develop a protocol to actively help news organizations expose their secrets safely and responsibly.
Here's what should have happened as soon as Snowden's whistle-blowing became public. The government should have told the reporters and publications with the classified documents something like this: "OK, you have them. We know that we can't undo the leak. But please let us help. Let us help you secure the documents as you write your stories, and securely dispose of the documents when you're done."
The people who have access to the Snowden documents say they don't want them to be made public in their raw form or to get in the hands of rival governments. But accidents happen, and reporters are not trained in military secrecy practices.
Copies of some of the Snowden documents are being circulated to journalists and others. With each copy, each person, each day, there's a greater chance that, once again, someone will make a mistake and some -- or all -- of the raw documents will appear on the Internet. A formal system of working with whistle-blowers could prevent that.
I'm sure the suggestion sounds odious to a government that is actively engaging in a war on whistle-blowers, and that views Snowden as a criminal and the reporters writing these stories as "helping the terrorists." But it makes sense. Harvard law professor Jonathan Zittrain compares this to plea bargaining.
The police regularly negotiate lenient sentences or probation for confessed criminals in order to convict more important criminals. They make deals with all sorts of unsavory people, giving them benefits they don't deserve, because the result is a greater good.
In the Snowden case, an agreement would safeguard the most important of NSA's secrets from other nations' intelligence agencies. It would help ensure that the truly secret information not be exposed. It would protect US interests.
Why would reporters agree to this? Two reasons. One, they actually do want these documents secured while they look for stories to publish. And two, it would be a public demonstration of that desire.
Why wouldn't the government just collect all the documents under the pretense of securing them and then delete them? For the same reason they don't renege on plea bargains: No one would trust them next time. And, of course, because smart reporters will probably keep encrypted backups under their own control.
We're nowhere near the point where this system could be put into practice, but it's worth thinking about how it could work. The government would need to establish a semi-independent group, called, say, a Leak Management unit, which could act as an intermediary. Since it would be isolated from the agencies that were the source of the leak, its officials would be less vested and -- this is important -- less angry over the leak. Over time, it would build a reputation, develop protocols that reporters could rely on. Leaks will be more common in the future, but they'll still be rare. Expecting each agency to develop expertise in this process is unrealistic.
If there were sufficient trust between the press and the government, this could work. And everyone would benefit.
This essay previously appeared on CNN.com.
Posted on November 8, 2013 at 6:58 AM
• 49 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
How would a semi-independent agency, isolated from the source of the leak, be able to identify what is really sensitive and should be redacted and what is not?
There is also a risk that a leak comes from this agency itself, after all "With each copy, each person, each day, there's a greater chance that, once again, someone will make a mistake".
Snowden claimed he only gave out docs that exposed illegal surveillance so nothing should be redacted. He has hinted he has some stuff as insurance he didnt leak to protect himself from ending up polonium poisoned. A F/T leaking gov agency would be pretty hilarious tho
Damn. Raw documents is *exactly* what we want. Any redacted information is manipulation.
Redacting is pointless as any time classified information is removed from the secure networks they reside on they can reliably assumed to be compromised. Media organizations have no duty of confidentiality nor any loyalty to any particular nation state or political administration or ideology. They are responsible to their globalized shareholders and customers and nobody else. Any show of "responsible disclosure" is exactly that, a show that is designed to minimize negative political consequences. The public is best served in the Wikileaks scenario as the real consequences of these sorts of disclosures can be see in the daylight instead of being swept under the rug.
There may be more barriers from the part of government: in these cases too many officials see the whistleblowers acts as a (personal) insult. Just look at the body language of some officials in their reactions to Snowden, Manning etc. There's a vengeance there, a wish to retaliate. This emotionality clouds rational arguments such as those you are suggesting.
"Here's what should have happened as soon as Snowden's whistle-blowing became public. "
The point here is that the stuff Snowden got shows that the NSA et al have operated as an criminal militia.
How can you negotiate about redaction when the very document is evidence you should be jailed. Jailed in most of the countries in the world.
Power corrupt, uncontrolled power corrupt to the core.
By the way, regarding Bruce's claim of special independent prosecutor to investigate NSA.
I have two candidates to work together:
Pat Fitzgerald (put in jail two corrupt Governors of different parties) and El Spitzer (fought as the dog the most poweful lobby - bankers).
Put aside the personal problem of the latter, their both professional expertise what is required in this case.
Anyone considering "whistleblowing" needs to first read the book, "Giant Killers; The teams and the law that help whistle-blower recover America's stolen billions," by Henry Scammell.
Find it at: http://www.amazon.com/...
Mr. Schneier's following remark is ludicrous relative to the real world and how things work in the real world:
"The government needs to develop a protocol to actively help news organizations expose their secrets safely and responsibly. Here's what should have happened as soon as Snowden's whistle-blowing became public. The government should have told the reporters and publications with the classified documents something like this: "OK, you have them. We know that we can't undo the leak. But please let us help. Let us help you secure the documents as you write your stories, and securely dispose of the documents when you're done." "
A nice philosophy, perhaps, but simply out of touch with the way things are, or will be.
We all need to stay grounded in the real world, and, recognize the limits of what reality will bring and recognize when visionary possibilities, however feasible they might conceivably be, are in reality fanciful musings.
One reality that will never change is that people in power get to be in power via a host of machinations; the path to power is hard fought and the fight is by no means "fair" by any standard. A disproportionate number of such people have bona fide personality disorders (PDs), with Narcissistic and Borderline PDs (NPD & BPD) dominant. Such people do not think, feel or act like the majority.
While its said that "power corrupts, and absolute power corrupts absolutely" that is only a description of the obvious symptoms. The reality is that damaged people, people lacking full, or any, consciences & intrinsic values most take for granted (though they are masters at masquerading as normal) strive & fight vigorously to have power. It is not that the power corrupts them, the acquisition of power provides the means to exert their nature to the fuller, or, fullest.
Understand that and deal with it. But don't dream about what might be if only people & institutions acted honestly & reasonably -- especially any government or government institution. That world does not & never will exist (unless structures exist to force it into compliance -- so-called "checks & balances").
I'm very pessimistic about things changing with respect to whistle blowers. I see the trend going to more and more secretive government. Hell, in congress they can't even negotiate bills in public; if our so-called representatives are going to do everything in secret, how can we expect the agencies they oversee to be more open?
This argument rests on a shaky assumption -- that national security trumps political optics.
Planning for inevitable leaks, though clearly wise, can be easily framed as being unable or unwilling to stop them. (Nothing is inevitable in America -- check out the movies we make and watch.)
Here's the analogy. Compare "Keep calm and carry on." to "Never again!" as a response to 9/11. Which one makes sense and which one plays better politically in the US?
The NSA has taken the position that all information pertains to it's mission, giving it the widest possible latitude in surveillance operations.
A consequence of this is that it has taken possession of the general context within which people live. Judging by their actions, they are attempting to keep individuals isolated within silos of information.
A leak management agency would give the government a strategic weapon to use for context dropping, giving it more leverage to spin information in a way that negates general situational awareness.
"The NSA has taken the position that all information pertains to it's mission, giving it the widest possible latitude in surveillance operations."
Let that sink in.
This means they will store any conversation between you and your spouse.
It also includes conversations between Merkel and her husband. The same for any head of state and their relatives (e.g., the current Pope).
To that end, they have broken into the national telecom networks of "allies" and "friendly" nations (the UK in Belgium).
How could you redact that?
This is ludicrous: If you were a reporter, would you trust the NSA if they promised to protect all the data stolen from them but still provide you perfect access ("Yes, we lied before about what we were doing, and you have the proof, but we're not lying now when we say you can trust us to give you the proof back.")? Could this possibly work enough times to build enough trust?
Second, if the reporter keeps a copy anyway (and obviously, given the CIA's reach, multiple copies with different people would be wise), how does the NSA 'protecting' the data help? For that matter, how, operationally, does the NSA keep the data completely safe, while providing access to a reporter (say, one based in Brazil)?
I guess this article is Bruce just attempting to shake government managers out of the 'fight the press, always' box many of them are in, using something that even he knows is ridiculous. Though my paranoid side says this is so crazy that it must be Bruce trying to signal to his readers that the NSA has gotten to him and he can't really be trusted anymore.
rogue agencies will release the pronouns and conjunctives and redact the nouns and verbs
who really gets hurt by the truth? people who respect the constitution or criminals with impunity granted by corrupt officials who do not know of the constitution. we need to really look at the motives and morals of those supposedly "hurt"by their own actions being exposed.
The government doesn't want to help the press in any way whatsoever. The government wants to arrest all free press and quash it. It's obvious from the news. The government considers a free press its enemy, as well as the general public too. Therefore the government actually wants to help the press mess things up so it has a good excuse to close the press down and further its war on the press, you see.
For the government to agree, they would have to admit that a document was overclassified, and I could see that as being a non-starter for them.
From the government's point of view, release of any of the information is "damaging" so they would naturally begin the bargaining process by claiming all of it must be redacted. I don't see that we'd really get to a good balance.
They could also hinder the reporting by doing something arbitrary, like insisting that the code names remain secret. On a massive dump, like the Snowden leaks, not having normalized names for referring to the different programs would make the reporting and analysis difficult to follow. If you must refer to PRISM as "the database where the intelligence agencies keep all the data they've ever gotten from the ISPs via court orders", that's going to make it more difficult for your readers to correlate your analysis with what they've read in the Guardian or the Washington Post.
Thinking about it... Does it really matter? The news agencies are being way too conservative about what they are releasing, IMO. If the government was going to be honest and tell them what actually needs to be kept secret for the sake of national security, you would probably see 100-1000 times the amount of documents made public.
"whistleblowing as civil disobedience"
I take exception to that phrase because it makes a prejudicial presumption that all whistleblowing is a violation of law.
Since Snowden's case is inconclusive, let's consider Gina Gray: Everything she reported was either malfeasance or a violation of law. I don't think anyone could make a case that her reporting of these breaches was a violation of law, yet the statement above presumes that it must be, just because her superiors were annoyed and called her a whistleblower.
"Why wouldn't the government just collect all the documents under the pretense of securing them and then delete them? For the same reason they don't renege on plea bargains: No one would trust them next time. And, of course, because smart reporters will probably keep encrypted backups under their own control."
This paragraph undercuts the entire thesis, because (in combination with other statements) it boils down to: The government should cooperate to safeguard secrets; and in case it doesn't reporters should keep a copy that...can be exposed by anyone at any time.
Which is an oxymoron.
Certainly, it helps if the government cooperates, but either the reporters keep a copy that can be exposed, or simply hand in all copies in and trust the government.
And we know the government cannot be trusted because it already did its best to ensure that not one word of these documents ever would see the light of day.
MKULTRA should have taught them [and us]
It's one of the cases I cite when people say (a) the govt wouldn't conspire against us or (b) too many people would be involved so leak was necessary. Neither was true in its case. (Leak came from family of "suicided" researcher who passionately fought the info out followed by intense Congressional investigation.) Disinformation was also used after knowledge of the program started getting out so that people would just think it was about drugs. Anyone reading the documents would know otherwise: hypnosis, brain implants, "non-lethal weapons," truth serums, brainwashing techniques, effects of RF energies on the brain, etc.
It was a large undertaking with over 100 subprojects, half a dozen focusing on children. Many "subjects" were tested without their knowledge. Doctors involved were top minds in the fields of medicine, psychiatry and hypnosis. Large institutions, including Harvard Med and a top children's hospital, supposedly supported the program by doing experiments on adults and kids who thought they were there for treatment & trusted the therapists. Brain damaged patients talking about govt mind control were easily written off as paranoid schizophrenic per standard psychiatry diagnoses. The few successful cases we know about included certain emotions caused remotely with ESB, completion of hypnotically delivered tasks from trusted source followed by amnesia of event, and the Canadian wiping people's memory. There were many wilder one's with debatable source reliability so I just mentioned the few specifically. They still made my skin crawl as I have enough imagination to see how they can be expanded upon or fielded.
MKULTRA was a personal turning point for me. It showed me how much evil can come out of our government if its allowed to operate in secret, mostly immune to criminal prosecution, access to black budgets, and especially with private sector cooperation. I already thought these bad things. Reading the declassified files [that weren't destroyed] just made it certain. Combined with the Pentagon Papers, this gave me reason to follow a certain mantra when reading about military-industrial complex activity: there's a public reason for what they're doing, there's a real reason for what they're doing, and you better hope the real reason isn't plain evil.
Hence, the value of leakers.
Note: Even if we buy the argument that "we needed it b/c another country would develop it," one must remember that most of this was CIA's internal work. Let's imagine they did develop manchurian candidates. At that point, two men (Helms and Gottlieb) would have the power to make people divulge their secrets & covertly act on their behalf. Two men in a shady govt agency would have that power and nobody would know about it. That's scary. Like NSA's technical omniscience, certain powers should never be concentrated into hands of a few in secret.
There is no government in the United States. And now the corporate shadow is going global. We are all missing the big picture and trying to build a park inside a totalitarian concrete wasteland.
and I am tired of trolling, anything good on tv? game over
This is a very interesting suggestion and one I find myself mostly in agreement with.
Trust is certainly a major issue.
I do not think that trust would be as difficult to achieve as some here believe, however. The US media has enjoyed very strong protection by law and by social norm for some time now. When they consult with the government to confirm the accuracy of a leak of classified information (at which point the government may make a case to the journalists for withholding certain parts, or all of it), they are not then the subject of numerous unexplained burglaries and threats. Their material does not mysteriously disappear. In fact they're more likely to win a Pulitzer and get an assignment covering the White House. No less important to understanding the history between the USG and media organizations would be cognizance of the numerous instances in which a journalist has been kidnapped in a war zone and required rescue by the USG. These experiences all build institutional trust.
And as Bruce argues, it would not be in government interests to so blatantly renege on a deal.
With all that in mind, personally I suspect that the USG has arranged some type of security for Snowden material in the United States with the cooperation of media organizations. The mutual interests here are simply too powerful. Journalists are human beings and citizens as well as reporters, and their obligations go beyond that of mindlessly pushing every bit of information into the public; and the media organizations involved also have to consider the security of their property beyond that of the Snowden material. When one publicly announces that a basket of diamonds is being stored in one's closet, one endangers the entire house.
These leaks would no doubt have been received less ambivalently had there been no doubt as to the security of the Snowden material.
And yeah, security might mean that working from Brazil isn't a possibility, though not necessarily, and even if that's the case, there are some very nice hotels in the United States.
I don't think you'd need the creation of a new organization within the USG to do this, though. You simply need a policy supporting these actions to be ordered at a level high enough to coordinate the different agencies involved and to provide assurance that the agreement will be followed. In short, you'd probably need a Presidential order of one type or another.
Bruce, I am confused on something. I have worked with Trusted Solaris, and it is damn hard to get around its prohibitions and controls, even when you are authorized. I simply can't grasp how Snowden was able to do that so easily, even with access to co-workers' passwords. Forget Write Up-Read Down, compartmentalization, auditing, etc.; these guys exhibited control failures that were fixed at a technical level in Windows 3.1. Do you really expect coherence on something as foreign to them as what you suggest.
Sure, the Republic is being replaced with a Rearistocracy, and yes Democracy is being replaced with Plutocracy, and yes the corporate/goverment cooperative is seeing themselves more and more as being in opposition to the public, but there are more important things going on, like celebrities getting haircuts. We have to prioritize.
Trusted Solaris is an EAL4 operating system. That's low to medium assurance. An EAL4 system isn't thoroughly source audited, can use risky libraries, doesn't have total mediation, will have many covert channels, lacks certain lifecycle protections, etc. Govt's certification body says EAL4 is meant to protect against "casual or inadvertent attempts to breach security." So, such products (despite marketing claims) aren't intended to protect against well-funded, smart, insider or highly sophisticated adversaries. Such adversaries, if they even can be stopped, require defences rated at "High Robustness" and extra controls.
Additionally, "trusted" extensions to mainstream OS's such as Linux or Solaris still have all that kernel code in their TCB. Remember that kernel code can read or write all memory including security enforcing functionality. A kernel exploit can bypass all the protections. This is how Argus Pitbull, very similar to TS, was beaten by security researchers. Here's is their presentation on potential weaknesses in "trusted" operating systems. I give them credit for making a presentation where they're honest about the risks of a B1/EAL4 trusted operating system.
Far as Snowden situation, most of those systems were probably running a vanilla OS like Windows or Linux. Snowden was also an administrator meaning he had control of software/hardware. If you read Protection Profiles, *all* of the general purpose OS's assume both physical security and a trusted administrator. If either isn't true, your OS controls don't mean squat. If both aren't true & the guy has network access too, then your system is owned. If the guy is further getting other employees passwords, then it's owned from several fronts at once.
Reality is that government doesn't know how to run these complicated systems without trusting the people running them. They have to trust them. There's ways to do it to varying degrees which I once posted on this blog. I just don't see how the government could work within those limitations and still have the flexibility they need. So, there's always going to be potential Snowdens so long as they keep operating the way they do.
And, just one example of redacted info: document containing the list of backdoored products and equipment. Damn, do any involved parties deserve any protection, privacy and politeness? The answer is NO.
There would not be so many leaks of secret documents if the government used some brains to properly classify documents. The US federal government probably classifies more than 100 times as many documents as it should. This results in many leaks, though the dilution effect means that most leaked documents are unimportant and uninteresting. (The Snowden situation is different: he knew what documents to take and avoided most of the dross.)
Proper classification would reduce the numbers of secret documents, and their security would be less difficult based on access alone.
Here's a novel idea -- how about instead of journalists working with governments and corproations to review materials whistelblowers have released, we instead have those same governments and corporations stop doing the very things that whistlebnlowers expose? If goernments and corporations didn't participate or support underhanded or illegal activities , there would be no need for whislteblowers...
@Nick P "Snowden was also an administrator meaning he had control of software/hardware"
For an administrator who is managing quotas... scheduling backups... writing scripts... shouldn't full administrator (omniscient) login actually be a rare need?
Thus you can implement tons of organisational controls around those accounts (one-use-passwords, user pairing, signoffs) because it will not be unduly onerous due to the rarity of need.
This is the puzzling thing to me about Snowden - I've worked a long time at major financial institutions who are on top of the minimum-privilege principle, I am truly surprised about the apparent lack of it at NSA
Funny that while people in general seems to accept that US government did something like MKULTRA against its own citizens, yet very few are willing to question The Official 9/11 Story.
Considering what this government has done in the past and how they managed to keep other projects (such as Manhattan) under wraps for a long time...
...it should not be much of a surprise if 9/11 was a false flag from start to end.
--I question it. Building 7. At the same time, our gov't could be just that incompetent. That is totally plausible too.
@ Funny Man
There's nothing unusual about it. The 9/11 inside job theory is hotly debated even within the 9/11 truth movement. From govt to their factions, each side can be shown to cherry pick evidence which still has one or two counterpoints to each supposed proof. There's also outright BS on both sides. The jury is still out on what exactly went down far as hard, undeniable evidence goes.
On the other hand, MKULTRA was exposed, the project heads grilled by Congress admitting a little bit, the data was destroyed (indicating more guilt), and many details like I mentioned survived as backups of memos mixed with the financial data which was stored separately from data that was destroyed (oops). Those documents have been independently verified by many through the ability of citizens to obtain copies (30,000+ pages) via FOIA requests. They're heavily redacted but still had quite a bit of damning information.
So, unlike 9/11 conspiracy claim, the case that MKULTRA happened and such evil stuff went down is proven by govt docs, eye witnesses, project heads, MKULTRA researchers, a Congressional hearing, and many court cases investigating the above. They were pretty consistent for many aspects of it, too. That there can be no doubt or argument about MKULTRA's existence makes it one of the perfect examples of conspiracy by intelligence agencies within our borders.
Contrast this to the common result of pushing a particular 9/11 theory: a flame war. The blog owner (or Mod) wouldn't enjoy that so much. It's happened here before at least once. It wasn't productive in the slightest. So, I avoid such an example here in favor of something with potentially more effect.
Side note: Manhattan project you referenced IS a good example of keeping a huge undertaking pretty secret. I've referenced it here before too. Difference is that it was seen as something positive for American people by those involved and essentially just building a bigger bomb for us. If anything, it was a conspiracy that set a positive precedent for the military industrial complex benefiting our status of power over the world. Easier to see govt employees keeping secrecy. Quite different than "NSA and others will destroy democracy" meme.
For that, I've focused on related references such as Hoover's FBI doing similar things. Then, in this thread, CIA trying to secretly control American's minds with tech derived through illegal experimentation, torture and possibly murder of Americans. Cooperation of any American in such efforts is much harder to justify as anything good for this country. That American govt workers *did* cooperate and carry out the work is [more] evidence we must watch out for spooks getting power mad. NSA is certainly in that category.
Most people who believe 9/11 was an inside job have serious mental illnesses. Arguing with a paranoid schizophrenic suffering from hallucinations may be entertaining, but you're not likely to get anywhere.
Nick P: yes MKULTRA reminded me of the Nazi hypothermia experiments (the results of which are used despite being "tainted"). Re 9/11 we can't conclusively determine whether it was an "inside job" or not but no doubt there /was/ a cover up esp with the farcical 9/11 commission that was supposed to somehow settle the matter. That's all I will say on this subject.
The government /should/ encourage leakers. Having some kind of whistleblower protection law would be helpful. No doubt if they indemnify them if they make their disclosures to a special investigative committee they will be able to at least avoid an embarrassing uncontrolled public disclosure.
That said I doubt this would work with today's government. You have to trust that the committee itself isn't corrupt themselves.
Probably right lol.
"For an administrator who is managing quotas... scheduling backups... writing scripts... shouldn't full administrator (omniscient) login actually be a rare need?"
I agree. There's definitely lax security at NSA no doubt. Far as trusted admin problems go, even giving them one opportunity to perform a malicious action might give them lasting control. This is especially true if they have physical access to their or other machines which allows a ridiculous amount of attacks. So, the point about their problem still stands in that even if you reduce admin permissions they're still a threat in certain common scenarios.
I think the financial institutions you mentioned could definitely teach the NSA a lesson or two on internal controls. They seem superior in my experience with them too. However, we must also remember that they must trust people with physical access to their machines too. All the mainframe and web portal security in the world can't protect them from those that control their physical machines. I can't say for sure why they seem to be doing so much better except to say that (a) they're trying hard to deal with insider threats and (b) their threat model is a bit different from NSA's internal collection programs.
It might also help that mainframes, RPG, and COBOL are so utterly boring that it scares off most potential inside attackers. They just keep their focus on the Windows networks and banking apps. ;)
--Leave it to simple minded folk w/ a weak grasp on the reality of the world to classify skepticism as a mental illness.
Of course, the "paranoid schizophrenic" one was probably the only one you know of.
--Wooga Booga..."I see dead people" lol.
You seriously expect some attacker to wade his or her way through the documentation for JCL?
Not forgetting working out how to escalate privileges from lowest to highest? It's far from obvious, and trying to get a JCL script to escalate privileges ... naturally they'd prefer to be doing something more rewarding, like fishing for whales in buckets, or picking their noses using rubber hoses.
@ Wesley Parish
I think you missed quite a bit of my comment. I said the admins could be restricted more. I agreed with a comparison to financial institutions' approaches. I also mentioned that many admin functions involve hardware access or privileged access to the software. These allow plenty of ways to subvert it. Regardless of how often these functions are performed, that they can be performed by the admin means the person and his/her tools must be trusted not to subvert the system. Or thoroughly vetted, monitored, etc. by independent people.
What I didn't do is suggest evil admins should wade through JCL looking for ways to use it as an attack vector. There are much better options available.
I usually ask people who "question" 9/11 official story: "did you actually READ the publicly available technical report"?
I cannot remember even single one case when I hear anything except "why bother to read it, it is *obvious* that it is all fake".
And then I have no more questions to ask, sorry.
"reporters are not trained in military secrecy practices"
Apparently, neither is the NSA
Are all the major financial institutions using two factor authentication or are some still allowing their employees to login with just a password?
Since it would be isolated from the agencies that were the source of the leak, its officials would be less vested and -- this is important -- less angry over the leak.
In theory, such a "leak unit" is a good idea, and for the reasons you mention. In practice it would most probably be staffed with government lackeys only, totally bugged by the NSA and other TLA's and with as prime mission objective the minimisation and stalling of whatever secret information is brought out. Look at a fig leaf committee like the PCOLB. Or the Select Committees on Intelligence that are supposed to oversee the NSA but whose chairs Rogers and Feinstein are among their biggest fans.
I don't possibly see what good would come from it, other than that we would get (even) less information from the Snowden documents than we are seeing now. I also doubt that in the current context anyone with half a brain would consider such an option in view of the Obama administration's disposition to and track record on whistleblowers and other "inside threats".
@Fix the Root Cause!
You are correct that the proper solution is for these practices to stop.
The fact is, government and corporations are willfully dishonest, inhumane, unjust, oppressive, contentious, and corrupt; and they see nothing wrong with that, so long as these antisocial acts are hidden behind a facade of civility.
To change it, the acts must be exposed. But instead of these acts being seen as the problem, instead of accepting responsibility, the edifices see the reporting as the problem: "It's okay if we [steal-lie-kill-maim-enslave-destroy-bribe-poison-pollute-violate the Constitution-etc.] so long as no one reports that we are doing those things. If someone has the nerve to report on us, they must be destroyed so that we can go back to pretending we are good citizens."
That needs to change, but I have no idea how; and I don't think anyone else does either.
But it starts with protecting whistleblowers, who are often our only avenue to discovery.With companies and ordinary government agencies, where whistleblower "protection" is merely inadequate, the situation is bad enough. It is a real issue with something like the NSA, which can (and does) punish whistleblowing by automatically declaring it "treason" (whether it really is or not).
Which brings us back to the parent article: Mr Schneier asserts that the wolf should willingly assist the lamb to expose the wolf's bad behavior, so that the lamb won't keep a copy of the evidence that can be "accidentally released". That's not going to happen; because the only thing the wolf will accept is the return of the evidence and a meal of the lamb, so he can continue his bad acts in secret.
So a fine fantasy, unworkable in the real world.
Remote connections are always password+PIN+SecurID token. But once you're in these firms' offices, I've so far only seen passwords used. (Well, I saw one dept at one firm using fingerprint readers).
So yeah, pretty tough on access control, not so tough on authentication.
"Why wouldn't the government just collect all the documents under the pretense of securing them and then delete them? For the same reason they don't renege on plea bargains: No one would trust them next time."
But no one trusts them this time, goodwill has already been thrown away: NSA, GCHQ etc. are intimidating journalists and trying to seize their archives, which is the freedom-of-press equivalent of reneging on plea bargains.
Immediate and indiscriminate public disclosure of espionage secrets is the safest course of action for whistleblowers and journalists, and this sad and dangerous situation is the NSA's choice.
I think the whole exercise is utterly pointless. For each Manning or Snowden who acted on conscience, there are probably dozens who gathered the same documents but sold them to the highest bidder instead.
I don't think plea bargaining actually works that way anymore. I get the impression that the modern practice is to find ways to charge the suspect that theoretically expose them to threat of a grossly disproportionate punishment, then offer a plea deal that's only a little worse than they deserve.
In other words, the government is used to dealing from a position of power, not to having to accept the inevitability of undesired consequences and compromise.
I agree it'd be better for everyone if the government did get used to the idea.
But from the other direction, as many folks have pointed out above, it sounds at best a bit suspicious to say that news organizations, on receiving shocking proof that important government institutions are untrustworthy, should react by... trusting that proof to the care of government institutions. In a way, it's another version of saying that whistleblowers should just report their findings to their superiors. Though, hopefully with the power relationship somewhat changed...
A brilliant idea that the government will never actually adopt due to the incentives pointing in the opposite direction. As we've seen, US and UK agencies are going after both whistleblowers and journalists, not working with them. I don't see this trend changing. Journalists will likely face greater scrutiny and intimidation moving forward. The journalists who are both tech savvy and fearless are the ones leakers should seek out for responsible information disclosure.
I'd say skip the process an go straight to BitTorrent!
The journalists can then do their actual job by reading the evidence from there and explaining what it means instead of asking: "is it safe?", "should we do this?".
Being responsible only aids the crooks, like when Bank of America had everything collected on them deleted from wiki leaks, so now no one of the taxpayers who donated trillions of USD to that fine institution may know the real reason for it.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.