Not much of a surprise, the Occupy Wall Street movement has been infiltrated. A New York-based security consultant called Thomas Ryan and a team of IT security professionals managed to access systems used by the movement.
As part of their intelligence-gathering operation, the group gained access to a listserv used by Occupy Wall Street organizers called September17discuss. On September17discuss, organizers hash out tactics and plan events, conduct post-mortems of media appearances, and trade the latest protest gossip. On Friday, Ryan leaked thousands of September17discuss emails to conservative blogger Andrew Breitbart, who is now using them to try to smear Occupy Wall Street as an anarchist conspiracy to disrupt global markets.
What may much more alarming to Occupy Wall Street organizers is that while Ryan was monitoring September17discuss, he was forwarding interesting email threads to contacts at the NYPD and FBI, including special agent Jordan T. Loyd, a member of the FBI’s New York-based cyber security team. (…) …Loyd cited Occupy Wall Street as an example of a “newly emerging threat to U.S. information systems.”
The incident highlights structural weaknesses of open collaborative platforms in social environments with detrimental perceptions and interests. A group that wants to become a mass movement doesn’t have the choice of operating and planning in secrecy. Nor does it have the means to sanction – from the perspective of the group – anti-social behaviour. At yet another frontier, Generation Openness is learning the hard way that sharing can come with costs. It’ll be interesting to observe the institutional innovations, the OWS movement will inevitably come up with.
Tim Yeaton on mashable.com. Let’s ignore the fact that this the article is a piece of journalism in which the author implicitly praises one of his business outlets.
Another pivotal change is the fact that enterprise IT organizations are now discovering the need to “go social” and join communities as a strategy for leveraging and using more open source software, especially mission-critical components. This significant trend reflects the reality that open source use is becoming a competitive requirement. Even within the firewall of an enterprise, the trend toward collaborative development to share best practices, facilitate code reuse, and enhance developer productivity is escalating rapidly. …
While social development isn’t a challenge for Gen Y developers, it still presents management challenges for enterprises, especially larger ones. Moving at web speed and using social tools still requires some adjustment. For example, new college hires expect to be community participants, yet large enterprises may not be comfortable with this level of transparency. Although open source projects are based on the notion of transparency, collaboration and meritocracy, some corporate policies may prohibit or limit this philosophy, just like some corporate cultures may resist the trend toward openness in development.
Abstracting from software development: We’ll observe that functional units of larger organisations ever more connate with distinct communities and attempt to reap the fruits of theses communities. The trick is to identify your organisation’s gems and me-too’s to achieve the maximum degree of openness without compromsing your business model.
Interesting argument by David Eaves regarding the Open Government Partnership:
The OGP is part of a 21st century containment policy. And I’d go further, it is a effort to forge a new axis around which America specifically, and a broader democratic camp more generally, may seek to organize allies and rally its camp. (…)
Who is being contained? [China, Iran, Russia, Saudi Arabia, Pakistan] (…)
It’s no trivial coincidence that on the day of the OGP launch the President announced the United States first fulfilled commitment would be its decision to join the Extractive Industries Transparency Initiative (EITI). (…)
This is America essentially signalling to African people and their leaders – do business with us, and we will help prevent corruption in your country. We will let you know if officials get paid off by our corporations.
More data would certainly help to substantiate the argument, which in its current state is absorbing, but not compelling.
It would be interesting to link strategic US foreign policy thinking to ‘openness’ in governance – I’m thinking of, e.g., Anne-Marie Slaughter’s recent Foreign Affairs article, in which she proposed for the U.S. to take the role of a central node in a highly networked and, governance-wise, deconstructed world. The OGP could be one element in the operationalisation of this strategy.
The Baltic TImes reports:
Estonia’s defense minister has said he plans to create a volunteer “cyber defense league”… “We are thinking of introducing this conscript service, a cyber service,” Defense Minister Jaak Aaviksoo said in an interview with NPR. “[Our] league brings together specialists in cyberdefense who work in the private sector as well as in different government agencies.”
[…]
Mike Elgan compares the alleged openness of Google an with the notoriously secretive Jobsian empire. Suprising discovery is that every company has its secret sauce, the recipe of which is stored in iron boxes or, modern times, in encrypted databases:
The companies are different, and what they’re “open” about reflects that difference. For example, Trump is very secretive about pending real estate transactions, but would probably be happy to share the details of food served at one of his golf courses. McDonald’s on the other hand, isn’t all that secretive about real estate transactions but they’re very secretive or “closed” about their Secret Sauce.
In other words, companies are very closed, secretive, and controlling about the part of their business that makes the money. (via gruber)
Reminds me of the interesting question who has or wants which secret sauce in the area internet security?
It doesn’t come as a surprise that the Pentagon doesn’t heartily embrace the leakage of some 400,000 classified records covering unfavourable Iraq incidents. The line is familiar among students of security institutions: Openness would be detrimental to security by creating new vulnerabilities. In the words of Pentagon press secretary Geoff Morell:
“Potentially what one could mine from a huge data base like this are vulnerabilities in terms of how we operate, our tactics, our techniques, our procedures, the capabilities of our equipment, how we respond in combat situations, response times — indeed how we cultivate sources,” Morrell said. “All of that, [given the] thinking and adaptive enemy we’ve been facing in Iraq and Afghanistan, can be used against us.”
(Source: Smallwarjournal.com; similar in an press conference early August)
Openness, i.e. sharing operational and tactical information with adversaries, can create opportunities for adversaries to mitigate attack or defence capabilities. Can. Potentially. But what are the real costs of openness? And how do they compare to societal, political, and humanitarian costs of closure?
I’ve pointed out earlier some of the research questions for social scientific internet governance research. The main issues I described there are:
- There is a lack of empirical analysis undertaken by social scientists, who are not affiliated with biased agencies engaged in turf-wars or the fear-mongering security industry, about the scale, quality and impact of internet security issues. Furthermore, existing institutions have hardly been researched.
- Ongoing debates in the political sphere often refer to an lack-of-enforceability argument. More often than not, these arguments fail to be backed by scientific findings.
- The geopolitical dimension of internet security is under-researched.
- The potentially disruptive impact of internet-based collaboration on traditional security provisioning processes is to be explored. We can observe these discourses about new forms of distributed collaboration everywhere, but not in the field internet security governance.
The main issue for social sciences however to provide guidance for institutional and organisation design for internet security governance.
Ad-hoc defense system protecting railway embankment against Danube flood
[…]