Documents related to a classified database, used by the U.S. government to track terrorist suspects around the world, have been published on the internet, after being leaked to The Intercept.
Your first thought might be that the document on The Intercept, and its accompanying article about the 680,000 people said to be on the watchlist of “known or suspected terrorists”, have come about because of new revelations by Edward Snowden.
After all, the site’s founder Glenn Greenwald is a close confidante of the NSA whistleblower and has broken many earlier related stories based upon Snowden’s leaks.
But, fascinatingly, we can tell that because the document, entitled “Directorate of Terrorist Identities (DTI) Strategic Accomplishments 2013”, simply did not originate from Snowden as it cites numerous events after the NSA contractor abruptly left his job in May 2013.
In short, as CNN reports, this leads us to the conclusion that there is another mole leaking secret U.S. national security documents to the media.
Clearly U.S. government agencies, smarting from over a year’s worth of revelations from the 1.7 million documents extracted by Edward Snowden without authorisation, won’t be pleased to hear that they continue to have a leaking problem.
The challenge is that any large organisation, working with a wide range of other parties, will sometimes need to share sensitive data — whether between staff, external partners, contractors and so forth.
If you didn’t let workers share information at all, and clamped down on collaboration, it’s going to be hard for them to be effective at their jobs. Worse still, they might secretly start using unsanctioned consumer file-sharing services in an attempt to be more productive, and potentially expose your organisation’s security further.
Earlier this year, I described how companies should try to “stop the Edward Snowden in their organisation”.
Because whether you applaud Snowden’s actions or condemn him, it’s clear that what he did went against the wishes of his employers.
All companies would probably benefit from greater security regarding the safe sharing of documents and databases, allowing authorised parties to work on them, but with measures in place to protect the data from falling into the wrong hands.
Such solutions can allow companies to control who (inside and outside) can access sensitive information and whether it can be saved or printed. In some cases, they can even prevent the user from taking illicit screen captures of the information.
Crucially, the best solutions give you the ability to “unshare” previously shared information, preventing it from being accessible after a project is completed or if it is no longer required.
It’s too late for the U.S. government to put the stopper in the bottle for this particular leak, but there will surely be tough questions asked as to how such an embarrassing leak has happened again.