Bradley Manning Is the Poster Child for Failing to Prevent Leaks
Technology, not laws, may be the best way to prevent leaks
July 31, 2013
Is Bradley Manning a hero or traitor? In many ways that question is less important than finding a way to stop the next leaker from compromising this nation's most sensitive secrets. Manning's guilty verdict is an occasion to think about how to better protect classified information. The law has an important role to play here, but technological controls are likely to prove more effective.
Criminal sanctions are blunt instruments that don't always offer adequate protection to military and intelligence secrets. Even if the leakers are sentenced to spend the rest of their lives in jail, that won't repair the damage their revelations have done.
Leaks can cause vital intelligence sources and methods to dry up. (If Osama bin Laden knows we're tapping his satellite phone, he'll stop using it.) Leaks can cause diplomatic rows, even between close allies. (Remember how Europeans reacted to allegations about the NSA spying on them?) Worst of all, revealing the names of covert intelligence assets – which WikiLeaks has done remorselessly – can result in their deaths. Preventing leaks, not punishing them, has to be the aim.
The criminal law can't always accomplish that. Bradley Manning notwithstanding, the number of leakers successfully prosecuted over the years is vanishingly small. And the prospect of a lengthy jail term won't discourage a determined leaker, especially if he thinks he can do it anonymously or otherwise get away with it. Moreover, criminal investigations can raise serious First Amendment problems. Authorities might subpoena a reporter or even charge him as a leaker's co-conspirator, as we've seen in recent years.
A more promising way to prevent leaks is to rely on technological safeguards that restrict access to sensitive information and watch what officials do with it. A few lines of computer code can substitute for the brute force of the law.
For instance, the government should make extensive use of permissioning and authentication technologies to limit classified databases to the officials who truly need them. Monitoring and auditing tools should track who accesses the information, when, in what manner, and for what purposes. If a low-level enlisted man is downloading more than 700,000 classified diplomatic cables and battlefield reports, that ought to set off alarms somewhere.
These kinds of safeguards have helped track down wrongdoers in the past. In 2008, access logs let the State Department quickly identify and discipline the employees who improperly accessed the private passport files of various presidential candidates.
Not only are technological controls good for security, they're also good for privacy. In an era where counterterrorism efforts depend on ever larger troves of data, safeguards against misuse become increasingly vital. These tools can ensure that officials only use the information at their fingertips to find terrorists and not, for instance, to intimidate dissenters or harm political adversaries.
Bradley Manning's conviction will likely keep him behind bars for years to come. What it won't do is cure the harm his leaks have caused; that genie can't be put back in the bottle. Looking to the future, the goal must be to prevent leaks from happening in the first place. Technology, not law, may be the best way to achieve it.