You are currently viewing the printable version of this article, to return to the normal page, please click here.

Data-sharing tools exploited in leaks

Army Private First Class Bradley E. Manning, a low-level military intelligence analyst accused of downloading three massive databases of secret U.S. documents while serving in Iraq, exploited information-sharing tools put in place after the September 11 attacks in what has become the largest leak of classified data in U.S. history.

The information-sharing protocols were designed to ensure that those in the front lines of the war on terror have access to classified U.S. intelligence reporting. But now the large-scale document release he is accused of providing to WikiLeaks has led information-sharing advocates to fret that the Washington policy pendulum may start to swing back toward tighter controls on access to low-level intelligence reporting.

There already have been calls for a scaling back of information-sharing measures.

"This was bound to happen and it's bound to happen again," said Jeffrey F. Addicott, a legal academic who spent 20 years in the U.S. military and was the senior legal adviser to the Green Berets. "We're going to have to be much more stingy about granting access" to the kinds of government databases Pfc. Manning is accused of mining as part of his WikiLeaks document dump, he told The Washington Times.

"We need tighter security measures," said Mr. Addicott, who is now the director of the Center for Terrorism Law at the St. Mary's University School of Law in San Antonio.

Pfc. Manning was charged in May with unauthorized access to a classified Defense Department computer system called SIPRNet - the Secret Internet Protocol Router Network - a secret Internet for cleared Defense Department users. The charging document says he downloaded, among other classified material, "more than 150,000 diplomatic cables."

In an Internet chat with former hacker Adrian Lamo - who subsequently reported him to U.S. military authorities - Pfc. Manning boasted of having copied 250,000 of the cables onto CDs and shared them with WikiLeaks. The number corresponds to the figure cited by WikiLeaks as the total in the trove of documents it began to place on the Web over the weekend.

A former State Department official told The Times that the headers on the documents released so far show they come from SIPDIS, the State Department's Secret Internet Protocol Distribution system.

"It's the network where embassies can go to see what other embassies have reported, even though they weren't on the initial distribution," said the former official, adding that the system was linked with SIPRNet, which would have given Pfc. Manning access to it.

Christopher Grey, a spokesman for the Army's Criminal Investigation Command at Fort Belvoir, Va., told The Times that the latest release was being investigated as part of the probe targeting Pfc. Manning.

"The large amount of classified government information that was released to the public this week is also being considered by our investigators and is a continuation of the original investigation," Mr. Grey said. He declined comment on whether there were other persons of interest: "We will not release any further details to protect the integrity of the investigation and any future legal proceedings."

The huge dumps of raw military intelligence reporting from Iraq and Afghanistan WikiLeaks put on the Web earlier this year were also drawn from databases accessible by SIPRNet users, and investigators said at the time that Pfc. Manning was the prime suspect as the source for those leaks, too.

A Pentagon spokesman told reporters during the weekend that the Defense Department had put in place a series of measures to prevent a recurrence of the leak. "It is now much more difficult for a determined actor to get access to and move information outside of authorized channels," as Pfc. Manning is accused of doing, said Bryan Whitman.

But some experts are questioning the management practices that allowed anyone to download entire databases of documents in the first place.

"The mass copying of data from sensitive databases ought to be one of the most closely limited kinds of access" on any information sharing network, said Paul Wormeli, executive director of the Integrated Justice Information Systems Institute, an industry group that advocates for information-sharing among law enforcement and intelligence agencies.

Mr. Wormeli said that information sharing rules developed for use by domestic law enforcement and intelligence agencies used a system called "federated identity and privilege management ... to deal with this exact issue ... the privileges any individual has in the system are dictated by their role."

No one in Pfc. Manning's position ought to be able to download the amount of data he had without setting off alarm bells, Mr. Wormeli said, "No one without a very high level of privileged access ought to be able to do that."

Mr. Wormeli said he feared a "chilling effect" on information sharing from the "psychological impact" of the latest round of disclosures, both at an individual and an institutional level.

"It raises people's concern about the kind of open and transparent information sharing we are advocating for," he said.

c Bill Gertz contributed to this report.

© Copyright 2014 The Washington Times, LLC. Click here for reprint permission.

Comments
blog comments powered by Disqus
TWT Video Picks