View profile

Leaking, ft. Lady Gaga [Collision Course #5]

Hello and welcome to the fifth issue of Collision Course, a newsletter about tech policy, consumer pr
Leaking, ft. Lady Gaga [Collision Course #5]
By Tommy Collison • Issue #5 • View online
Hello and welcome to the fifth issue of Collision Course, a newsletter about tech policy, consumer privacy, and the future. 
This issue’s on leaking, Lady Gaga, and data security.

I’m not convinced people appreciate just how easy it is to leak information today. Or, to turn it on its head, how hard it is to keep information secure. Put simply, it is no longer logistically prohibitive to leak huge amounts of documents, and that’s why we’ve seen so many information leaks and database breaches in the last decade.
What’s striking about these leaks isn’t just their volume, but how spread out they are. It’s not just one sector of society: individuals have their identities or their intimate photos stolen or posted online, businesses (remember Ashley Madison, Equifax, and Sony?) have to deal with hackers in their systems, and governments have to deal with the Ed Snowdens and Chelsea Mannings of the world.
On balance, it’s much easier to leak information today than decades prior, and this is where Manning comes in. Let’s look at two famous leaks and show you why.
Let’s start with what’s easier.
When someone stole a document in decades past,  it was possible (in theory at least) to track down each copy of a stolen document and destroy it. Find the guy who stole the thing, and get the thing back. That becomes infinitely harder if the guy emails something — now Google has it, plus however received the email.
It’s a two-edged sword: thanks to technology, it’s easier to design, deploy, and maintain these big databases. If you’re the NSA, it’s easier to put a bunch of slides on a server or an intranet somewhere, so all your analysts can access them. But then one of those analysts is named Edward Snowden, and you start having a bad day because it’s so easy for him to go in and copy them onto a hard drive.
Let’s go deeper and look at two famous leaks: the Pentagon Papers, leaked in 1971, and the Afghan War Logs, which were leaked by Chelsea Manning and published by WikiLeaks in 2010.
Last year, Spielberg’s movie The Post dramatized the Pentagon Papers story, which was maybe the first huge government leak. A defense contractor, Daniel Ellsberg, made a copy of a confidential Department of Defense report about US involvement in Vietnam from 1945 to 1967. He leaks the document to the New York Times.
In Secrets, Ellsberg’s memoir, he devotes a chapter to describing the logistical nightmare that faced him as made just one copy of the 7,000 pages of the report. He describes his attempts to copy a section of the documents, pertaining to the 1963-4 period of American involvement in Vietnam, in “just a few nights.” To those of us who grew up copying and pasting text in an instant, it’s almost unbelievable.
Compare this to what Chelsea Manning’s experience of leaking around 90,000 documents about the War in Afghanistan in the 21st century. Here’s what she said about the actual process:
“I would come in with music on a CD-RW labelled with something like ‘Lady Gaga’ … erase the music … then write a compressed split file. No one suspected a thing … [I] listened and lip-synched to Lady Gaga’s Telephone while exfiltrating possibly the largest data spillage in American history.”
Another problem was that Ellsberg was only making one copy. If he wanted to provide documents to various newspapers, he would need more than various copies. This posed a huge logistical problem that neither Snowden nor Manning faced.
Today, we can make infinite perfect copies of essentially any document. And individuals, businesses, and governments have to react accordingly.
Bonus round: is that the whole story?
Is it ever?
The same technical advances that make leaking also make catching leakers somewhat easier.
Accessing these huge databases, downloading data, and sharing that data with journalists leaves traces, and the US government totally does use these traces to track down the sources of leaks.
In 2013, the Department of Justice subpoenaed telephone data of some 20 phones over a two-month period in April and May of 2012. Some of the numbers belonged to office phones at the AP, while others were journalists’ cellphones. The government had gotten the data from  Verizon Wireless, which didn’t dispute the subpoena or alert the reporters.
The same technology that benefits the mice in this game also benefits the cats catching up with them. Leaking can still be done anonymously (to the best of my knowledge, we have zero idea who leaked the Panama Papers), but it’s quite difficult, and requires technical sophistication, the right circumstances, and a ton of luck.
As always, I welcome your feedback, and I’d love to hear your suggestions for what you’d like to see covered in this newsletter. I’m @tommycollisonon Twitter, or you can email tommy@collison.ie. Please get in touch! 📩📬
Did you enjoy this issue?
Tommy Collison

A newsletter about tech policy, consumer privacy, and the future.

If you don't want these updates anymore, please unsubscribe here
If you were forwarded this newsletter and you like it, you can subscribe here
Powered by Revue
Seattle, WA