The Unsolvable Problem

When you think about the security of digital content, you likely think of things like robust passwords and firewalls, but as Bradley Manning and Edward Snowden have demonstrated, not all security failures are technical challenges or user error. Is there any way to control intentional content leaks?

Manning and Snowden are not the first to leak information, but they have become the darlings of a technology-centric movement of transparency activists. Whether you see these content leakers as heroes or villains, it’s vital to recognize how a cultural shift in the perception of information flow is affecting and will increasingly affect security.

The Motivation to Leak

According to Danah Boyd, a senior researcher at Microsoft Research and a prolific educator, Snowden’s release of NSA surveillance information was a form of activism. “What it means to protest is changing,” Boyd said. Information is power, so information is the currency of activism.

Many disagree with Boyd’s sentiment and see Snowden as either malicious or naïve. The debate is ongoing if his act compromised the ability of the U.S. to protect its citizens from terrorism.

The motivation for the leak, however, can be linked back to our evolving perspective on information access. Caused partly by the open access of internet technologies, loyalty is taking a back seat to transparency in the up and coming American ethos—secrecy itself, regardless of what is secret, can be seen as a violation of a core value.

Protecting Your Information

The problem for many organizations is not the airing of dirty laundry; it’s the airing of everything. How can an organization limit the release of sensitive information when people increasingly anticipate openness?

This question is, as yet, unresolved. Nondisclosure agreements don’t always prevent disclosure (though they’re still an important legal necessity that most will respect and honor). The burden has shifted in favor of openness and the tools are in place to make it easy to disseminate information. Employers could try to include workers in the negotiation of what is and should be secret, but it isn’t always feasible to negotiate a shared worldview with every person who has access to information.

Here are a few options that could help discourage information leaks:

• Be as open as possible. Be clear with your employees that openness is part of your business philosophy, and the secrets you keep are kept to protect your organization (and therefore your employees) from competitors. Write a value statement on your nondisclosure agreement to this effect, as this will place your desire for silence into a reasonable context.
• Ensure there are open, safe, internal grievance channels. Providing a formal communication structure to give employees a voice in the organization can reduce the chance they’ll use informal, public channels.
• Hold people accountable for misuse of information. It has now come to light that the NSA broke its own rules. NSA employees were spying on exes—a clear misuse of the information to which they had access. This kind of misuse without obvious consequences could encourage more ethical individuals to blow the whistle.

These options won’t work for all organizations, but the take-home lesson here is that you’re dealing with an evolving value system and new tools that will make information more difficult than ever to keep secret, but you probably don’t need to go so far as replacing your computers with typewriters.