The ongoing publication on Wikileaks of classified dispatches from military and diplomatic sources should be condemned.
The volume and scale of political scandals, despite the massive volume of documents released, was surprisingly little.
The international diplomatic cable network, so heavily relied on by governments worldwide, include accounts of meetings, conferences and media articles. They do not reflect official policy and are not public documents because such reports could put people at risk in the jurisdiction of origin.
It is the leaks for which Wikileaks is infamous, but this latest crop is not the whistleblowing kind. This is not a typical hacking offence, rather a plain theft of information. Whistleblowing may be a valid excuse for breach of confidentiality, but these are wholesale disclosures, including disclosure of many confidential and secret documents. Minimal released information is in the public interest, relating to evidence of corruption, fraud or other crimes.
What Wikileaks shows is that organisations should be attuned to the threat of data losses. We know that corporate systems hold valuable information, including customer identifying content and such is easy picking, often not requiring skill. But now it's time for governments to pick up their act. Their IT systems may be safe from hackers but what about the human element?
Cablegate, as it is known, emboldened free speech activitists who oppose any form of privacy and unleashed hackers on websites of companies and individuals they believe oppose the site's founder, Australian Julian Assange.
Governments selectively leak information when it serves their own political ambitions, such as budgets to particular journalists, and Wikileaks can't be blammed if the US Government won't protect its data. Regardless, this information should not have made its way into the public domain.
Wikileaks claims it publishes material of ethical, political and historical significance while keeping the identity of our sources anonymous. But this round of leaks is not journalism and breaches legitimate claims to confidentiality with the vast majority of information not passing the public-interest test, abusing the rights of those who have had their private conversations compromised. If Wikileaks is prepared to publish such information, imagine what would happen if they (or their ilk) came across genuine organisational-critical information?
If an Army private can allegedly download thousands of documents without getting sprung, you can bet this can also occur inside the majority of ASX 200 listed companies. Now that it is known how easily the official and sensitive information was removed commercial organisations should take note.
That's especially the case because data-protection laws centre on consumer information such as social security and credit card numbers, rather than protecting corporate intellectual property.
Wikileaks also shows how the internet makes it almost impossible to stop the theft and loss of critical information.
For governments, now is the time to start considering not just classifying and declassifying data but enforcing access and use policies.
And the policy that release cabinet-in-confidence documents after a glacial 30 years needs re-visiting.
Organisations of all stripes should understand employee concerns and head off problems that might drive staff to leak information to third parties. The should not assume employees will understand and cooperate on cyber security.
And the answer is not knee-jerk responses such as closing USB ports, banning access to websites or banning smartphones.
Education, policies and security tools will assist and although organisations use these to varying degrees, proactive monitoring of staff, technology and information is rarely carried out until it's too late.
Nigel Phair was the team leader of investigations at the Australian High Tech Crime Centre from 2003-2007. He is an author, recognised Australian IT security authority and SC Magazine Australia Awards judge. He speaks widely including at the upcomming 2011 e-Crime Symposium in Canberra.