What businesses should learn from Wikileaks

Cablegate forces us to question computer security and the stability of the Internet

The Wikileaks Cablegate affair has been entertaining us now for two weeks as we see diplomats and politicians around the world squirming with embarrassment as we learn what US diplomats really think about the foreign powers they deal with.

Both the leak of the cables and the treatment of Wikileaks and its founder, Julian Assange, by various Internet companies raises some important questions about the Internet, cloud computing and office security in the digital era.

Security

It’s believed the source of the leaked cables is Private First Class Bradley Manning, who is alleged to be responsible for leaking the Iraq tapes released by Wikileaks earlier this year.

The lesson is don’t give junior staff unrestricted access to your data, access to important information such as bank account details, staff salaries and other matters best kept confidential needs to be protected.

You can stop data leaving the building by locking USB ports, CDs and DVDs through either software or hardware settings on your computers and you should ask your IT support about this, keep in mind that locking down systems may affect some of your staff’s productivity.

Locking the physical means though doesn’t stop the possibility of data being sent across the Internet and access logs may only tell you this has happened after the fact. So it’s important to review your organisation’s acceptable use policy. Check with your lawyers and HR specialists that your staff are aware of the consequences of accessing company data without permission.

Incidentally, the idea that Pfc Manning was just one US Army staffer of thousands who were able to access these cables raises the suspicion that the information Wikileaks is now releasing was long ago delivered to the desks of interested parties in London, Moscow, Tel Aviv, Beijing and cave hideouts in remote mountain ranges.

Don’t rely on one platform

Wikileaks found itself hounded from various web hosting and payment providers. As we’ve discussed previously, relying on other people’s services to deliver your product raises a number of risks. Make sure you have alternatives should one of your service providers fail and never allow an external supplier to become your single point of failure.

Concerns about the cloud

This column has been an unabashed fan of cloud computing, but the Wikileaks saga shows the cloud is not necessarily secure or trustworthy. Not only is there the risk of a PFC Manning working at the data center compromising your passwords or data, but the arbitrary shutdown of Wikileaks’ services is a stark lesson of relying on another company’s Terms of Service.

Within most terms of service are clauses that allow the provider to shut down your service if you are accused of breaking the law or straying outside of the providers’ definition of acceptable use. As we saw with Amazon’s treatment of Wikileaks, you can be cut off at any time and without notice.

Amazon’s shutting down of Wikileaks is a pivotal point in the development of cloud services. Trust is essential to moving your operations to the cloud, and Amazon’s actions shown much of that trust may be misplaced.

Should you be considering moving to the cloud, you’ll need to ensure your data and services are being backed up locally and not held hostage to the arbitrary actions of your business partner.

Don’t put your misgivings in writing

So your business partner is a control freak? Great but don’t put it in writing.

Be careful of gossip and big noting

One interesting aspect of Wikileaks to date is how senior politicians like gossip and showing how worldly they are to US diplomats.

That’s great, but it probably isn’t a good idea to tell your best friend they should consider beating up your most important customer. As mentioned earlier, this little gem was probably on polished desks of the Chinese Politburo long before the cables found their way to Wikileaks.

Resist the temptation to gossip, remember your grandmother’s line about not saying anything if you can’t say something nice.

Ultimately what Wikileaks shows us is all digital communications are capable of being copied and endlessly distributed. In a digital economy, the assumption has to be that everything you do is likely to become public and you should carry out your business conduct as if you will be exposed on Wikileaks or the six o’clock news.

Wikileaks is a lesson on transparency, we are entering an era of accountability and the easiest way to deal with this is to be more honest and open. That’s the big lesson for us in our business and home lives.

Similar posts:

Other peoples’ platforms

The risks in the privately owned web range from obscure terms of service to arbitrary payment problems. This is why you need to control as much of your business’ online presence as possible.

“We have successfully established an online business, but we have run into problems with Ebay (indefinite suspension – unfairly I might add)” wrote Ralph*, an old client.

“We are pretty desperate, as this is now our sole business and we are now without an income.”

The Privately Owned Web

Ralph’s problem is typical of thousands of businesses that rely on one Internet service. Some months back we looked at “Nipplegate”, the story of a Sydney jeweller who had her Facebook page closed down because of her anatomically correct dolls.

All of these services are privately owned with their own terms and conditions along with their own corporate objectives. If you choose to use their product, you have to follow their rules – just like a shopping mall management can order you off their premises because they don’t like the colour of your socks.

The most glaring example of this is Wikileaks where Amazon, Paypal, Mastercard and Visa all threw the whistleblower site off their services for allegedly breaching their terms of services in various obscure ways.

The Terms of Service Trap

A business’ Terms of Service usually feature clauses wide enough to catch even the most honest and diligent business, this is by design as it gives management the excuse to throw anyone who makes their lives difficult, which is exactly what has happened with Wikileaks.

While Ralph’s problem is nothing like the scale of Julian Assange’s, all of these stories illustrate the dangers of relying on one service for your livelihood. Should that service change the way it operates, then any business that relies on that could be broke in hours, as many businesses that rely on Google search results have found.

Most of the Internet is not a public space, almost all of it is privately run along similar lines to that shopping mall or a walled estate.

Ralph and Julian Assange have shown us the limitations and risks of the privately operated web. As citizens and business owners we have to understand these corporations’ objectives are not always the same as ours and make judgements on how we live with the risk of finding ourselves in breach of a Term of Service in our business or personal lives.

We’re still in relatively early days of the net and all of us are still learning. One lesson is clear though, we can’t allow our livelihoods to be held hostage by a small number of big technology companies. Make sure you have alternatives to your online channels.

*Ralph is not his real name

Similar posts: