The U.S. government announced plans to put in place within the next five years measures designed to make it impossible to pass on sensitive information to the likes of WikiLeaks. They hope to accomplish this by “tagging” information so it can be tracked in case someone shares it to outsiders.
The idea of creating “information-rich information” is obviously the right way to go in addressing privacy and security concerns in the Digital Age. It is possible, technically at least, to attach rules to individual pieces of information, such as who is allowed to do what with it and what happens if someone who isn’t authorized tries to access them or pass them on illegally. In fact, that is the whole idea of “information-centric IT security, a buzzword that is gaining popularity among Digital Identity Management experts and privacy advocates.
But by publically announcing their aim of stopping another WikiLeaks-style exposure of classified information just shows that the Official Mind has yet to grasp full dimension of the Digital Revolution. “Information wants to be free” was once a clarion call by Internet activists who believed that transparency should be the hallmarks of an open society. In fact, the real motto is best encompassed in what I once dubbed “Cameron’s Law”, after Microsoft’s “identity guru” Kim Cameron, who once postulated that “sensitive information will be leaked”.
Yes, we all need to do all we can to protect privacy and guard crucial bits of information. But we should also be prepared for the worst. IT Security can create a false sense of confidence in our own defense mechanisms. At least as important as plugging holes in the dyke is to prepare oneself for the moment when the levees break and the floodwater rise. Maybe “Remember New Orleans” would be a good slogan for security professionals to hang on their walls.
I found it particularly poignant to read the name of the official in charge of U.S. government efforts to create the Totally Secure System: Jim Clapper, the Director of National Intelligence, the mention of whom bring irresistibly to mind the old nautical expression about “clapping a stopper” over something, meaning to stop something effectively. “Clapper” is actually the word for a safety valve – and as any engineer will tell you, the function of a valve is to let something out before the pressure reaches dangerous levels. Controlling the release of data so that only authorized individuals are able to see and use them is in fact what Identity Management is all about – or should be.