This has been a busy month for John Young of Cryptome.org. Not only did he post a slew of not-for-public-distribution compliance guides for law enforcement seeking subscriber or customer data, but he also posted an unredacted version of a Transportation Security Administration manual that had been inadequately redacted. To top things off, Cryptome published some government FOUO (For Official Use Only) documents this week, leading to the receipt of correspondence from the Army, an attempt to trick him into downloading a virus attached to an email from a fake Pentagon address, and then a phone call from the Army offering “to help” whoever was providing the documents.
While the Army spun its wheels with Cryptome, Representative Peter King and others on the Homeland Security Committee thumped their chests over the TSA incident and sent an inquiry to Janet Napolitano about what the government could do to stop people from re-posting material that the government never should have made available on the Internet, an approach that I described as legislative whack-a-mole.
Michael Cummings posted an open letter he sent Representative King in response to their letter to Napolitano on his blog that on some level, reiterates a point John Young has made as well: instead of trying to penalize or criminalize those who reveal such poorly secured documents, recognize that those documents may have already been in the hands of terrorists who simply kept quiet about the government’s security failures. If you don’t want unclassified documents being reposted, don’t post them. The Internet is not your enemy, but it is not the friend of government secrecy or governmental incompetence.