Thursday, April 24, 2008

Let's not give away all our secrets on the Web

Andre Oboler
THE JERUSALEM POST
Apr. 23, 2008

The front-page article The Jerusalem Post headlined "Classified IDF information open to the world on Facebook" (April 13) highlighted the growing problem of sensitive military information leaking into the public domain through social networking sites. The ability to easily capture people, terrain and facilities through digital photography, combined with the speed of transmission and improved approaches to organizing and searching digital information, mean that military secrets are now harder than ever to protect. On Google Earth, satellite imagery highlights the location and layout of Israel's military bases, and Palestinians use the system to plan rocket attacks. On Flickr, Photobucket and Webshot photographs of soldiers and military equipment can easily be found. Facebook gives richer data, allowing a person's friends, job and current "status" to be examined - but it also provides more protection, if people choose to use it.

The IDF and the Israeli government need to improve their information security, not just at the technical level, but at the levels of policy, procedure and education. The most effective defense must come from soldiers themselves. Reminding them of the danger they create when leaking information into the public domain is the first and most effective preventative measure.

THE Post story contributes significantly in this regard. While the publicizing of security leaks always encourages similar attempts, the computer security community has for a long time maintained that once a solution is found, public awareness is the best security.

In this case the solution is simple, though the implementation may require some effort. It is far easier to prevent the release of sensitive information before pictures leave the army base. Better still is to prevent problematic pictures being taken in the first place.

However, the IDF must be wary of going overboard. A complete ban is unlikely to be respected, even with serious penalties for noncompliance.

A more sensible approach would be to establish a system whereby soldiers get permission from their officers before taking pictures, and officers then check the pictures before they leave the security of the base. A clearance procedure would include a checklist of things that must not be shown, as well as guidelines for soldiers indicating the types of pictures that are unlikely to be problematic - such as pictures with open terrain in the background and an absence of military hardware, infrastructure or identifying landmarks. Once guidelines are prepared and issued, the IDF should declare an amnesty period for those who have pictures on-line, allowing them to check their pictures against the guidelines and resolve any problems. Assistance in removing problematic material should be available without penalty.

These measures would resolve the immediate threat and reduce, though not eliminate, future risk.

IN THE long term, the IDF's best defense against leaked information is the soldiers themselves. The two Facebook groups "Guarding our IDF" and "Can't you see you're helping the enemy," set up by soldiers, are a good start. Going a step further, two people in each IDF-related group on Facebook should be asked to join one of these groups and be designated "clearance officers" in their own group. This approach, undertaken informally by the community, would act as a safety net and damage control mechanism outside the formal IDF structures.

While prevention is the best cure, there will always be mistakes. Once the material is on-line, a community-based approach is the only response.

In planning for the future, more attention needs to be paid to Web 2.0 and specially to sites like Facebook. The importance of secrecy is clear when it comes to the IDF, yet on-line privacy is something all Israelis should be taught well before entering the army. The threat resulting from leaked information on Facebook and other social networking sites stretches from national security right through to personal relationships.

Employers today regularly use social networking sites as well as search engines to build up a profile of potential interview candidates. Jobs have been gained and lost over information found on the Internet. And the amount of information found on-line is likely to grow, as is the ease with which it can be found.

To cope with the potential threat, education must begin in the schools. In an increasingly globalized world where the boundaries of personal privacy, as well as of government and corporate secrecy, are increasingly under attack, education can help protect the Israeli public, both individually and collectively.

The threat is real, but together we can prepare for it.

The writer is a Legacy Heritage Fellow at NGO Monitor in Jerusalem. He holds a PhD in computer science and is currently a postdoctoral fellow in political science at Bar-Ilan University.

No comments: