jump to navigation

WikiLeaks’ Cablegate Links State Dept. Bureau of Diplomatic Security to Madness 2011/09/28

Posted by nydawg in Archives, Digital Archives, Digital Preservation, Electronic Records, Information Technology (IT), Media, Privacy & Security, Records Management, WikiLeaks.
Tags: , , , ,
add a comment

For the last year or so, I’ve been fascinated by the whole WikiLeaks Cablegate story.  As I posted previously, there are a number of factors that contribute to this story which make it particularly interesting for people concerned with records  management and best practices for accessing and sharing information.   In my opinion, Private first class Bradley Manning is a fall guy (lipsynching to Lady Gaga), but problems revealed serious systemic malfunctions.  So I was very interested to read this article by Andy Kroll: “The Only State Dept. Employee Who May Be Fired Over WikiLeaks“.

Peter Van Buren is no insurgent. Quite the opposite: For 23 years he’s worked as a foreign service officer at the State Department, and a damn good one from the looks of it. He speaks Japanese, Mandarin Chinese, and Korean; served his country from Seoul to Sydney, Tokyo to Baghdad; and has won multiple awards for his disaster relief work. So why was Van Buren treated like a terror suspect by his own employer? For linking to a single leaked cable dumped online by WikiLeaks earlier this month.”

Well, this led me to read a TomDispatch.com posting by Van Buren himself which offers a clear-headed look at the madness!  For one thing, Van Buren got into a heap of trouble and was “under investigation for allegedly disclosing classified information” for LINKING to a WikiLeaks document which was already on the Web!  As he put it: “two DS agents stated that the inclusion of that link amounted to disclosing classified material. In other words, a link to a document posted by who-knows-who on a public website available at this moment to anyone in the world was the legal equivalent of me stealing a Top Secret report, hiding it under my coat, and passing it to a Chinese spy in a dark alley.”

Van Buren goes on to analyze the situation by stating: “Let’s think through this disclosure of classified info thing, even if State won’t. Every website on the Internet includes links to other websites. It’s how the web works. If you include a link to say, a CNN article about Libya, you are not “disclosing” that information — it’s already there. You’re just saying: “Have a look at this.”  It’s like pointing out a newspaper article of interest to a guy next to you on the bus.  (Careful, though, if it’s an article from the New York Times or the Washington Post.  It might quote stuff from Wikileaks and then you could be endangering national security.)”

And, for me, the cherry on the top, and something I’ve been trying to state for most of the last year (including at the Archivists Round Table of Metropolitan New York meeting in January 2011), is the fact that “No one will ever be fired at State because of WikiLeaks — except, at some point, possibly me. Instead, State joined in the Federal mugging of Army Private Bradley Manning, the person alleged to have copied the cables onto a Lady Gaga CD while sitting in the Iraqi desert. That all those cables were available electronically to everyone from the Secretary of State to a lowly Army private was the result of a clumsy post-9/11 decision at the highest levels of the State Department to quickly make up for information-sharing shortcomings. Trying to please an angry Bush White House, State went from sharing almost nothing to sharing almost everything overnight. They flung their whole library onto the government’s classified intranet, SIPRnet, making it available to hundreds of thousands of Federal employees worldwide. . . . . State did not restrict access. If you were in, you could see it all. There was no safeguard to ask why someone in the Army in Iraq in 2010 needed to see reporting from 1980s Iceland. . . . . Most for-pay porn sites limit the amount of data that can be downloaded. Not State. Once those cables were available on SIPRnet, no alarms or restrictions were implemented so that low-level users couldn’t just download terabytes of classified data. If any activity logs were kept, it does not look like anyone checked them.

In other words, by pointing the finger of blame at a few (two) bad apples (Pfc Manning and Foreign Services Officer/ Author Van Buren), “… gets rid of a “troublemaker,” and the Bureau of Diplomatic Security people can claim that they are “doing something” about the WikiLeaks drip that continues even while they fiddle.”  Yet, the State Department and the Department of Defense still refuse to acknowledge the systemic problems of trying to provide UNRESTRICTED and UNTRACEABLE ACCESS to ALL CABLES to all LEVELS of employees from the highest administrative levels at State and Defense  to the lowliest of the low  (Private first class on probation or a contractor, like Aaron Barr, working in White Hat or Black Hat Ops.)  Okay, according to Homeland Security Today, there’s 3 million people (not just Americans, btw) with “secret” clearance and “only” half a million with access to SIPRNet!

This still strikes me as an example of the US acting like ostriches and burying its head so we will not have to acknowledge the serious problems that are all around us.  Mark my words: the system is still broken, and even though certain changes have been instituted (thumb drive bans), we have a much more serious and systemic problem which few dare to acknowledge.  What’s the solution?  Better appraisal and better records management!

No one will ever be fired at State because of WikiLeaks — except, at some point, possibly me. Instead, State joined in the Federal mugging of Army Private Bradley Manning, the person alleged to have copied the cables onto a Lady Gaga CD while sitting in the Iraqi desert. That all those cables were available electronically to everyone from the Secretary of State to a lowly Army private was the result of a clumsy post-9/11 decision at the highest levels of the State Department to quickly make up for information-sharing shortcomings. Trying to please an angry Bush White House, State went from sharing almost nothing to sharing almost everything overnight. They flung their whole library onto the government’s classified intranet, SIPRnet, making it available to hundreds of thousands of Federal employees worldwide.

Advertisements

DMCA, DRM and The unFair Use Act 2011/09/09

Posted by nydawg in Archives, Copyright, Digital Preservation, Information Literacy, Intellectual Property, Media, Privacy & Security.
Tags: , , , , , , , ,
add a comment

A few weeks ago, I reserved a copy of a Clay Shirky e-Book to take with me to Chicago.  When the book became available from NYPL, I was excited and hoped it would be a DRM (Digital Rights Management)-free PDF copy so I could download it (click the emailed link) to my netbook and transfer it to my eReader Tablet.  (It was my first time, so I was clueless.)  Oh well.  Obviously you can’t do that. . . .  or maybe you can, on a Sony eReader and the York Library.

Yesterday an old friend on facebook asked about borrowing eComic Books with the intent of ultimately preserving on some portable medium.  So I was intrigued enough to do a little research on DRM and found this informative piece from the ASIS&T Bulletin website: “Digital rights management (DRM) is commonly defined as the set of technological protection measures (TPM) by which rights holders prevent the use of digital content they license in ways that could compromise the commercial value of their products.  Restrictions on such uses as downloading, printing, saving and emailing content are encoded directly in the products or the hardware needed to use them and are therefore in immediate effect.”

The whole article is worth reading, but this one part caught my eye: “The New York Public Library (NYPL), for instance, has been considering bringing its digitized collection of dance and performance videos closer to the public outside the NYPL system as long as it is possible to restrict access to this online content to library locations only. These examples show that DRM may actually provide opportunities to expand access to online materials in ways previously not possible.”  The essay continues by examining the DMCA and its relation to DRM, pointing out that “Since the DMCA was enacted in 1998, the Library of Congress has enforced exceptions three times – in 2000, 2003 and 2006 – and was scheduled to do so again in 2009. Of the six exceptions passed in 2006, one specifically allows film and media studies professors to circumvent TPM to make film clip compilations for coursework using DVD copies held by their institution’s film-studies library. A movement has been underway to expand this exception to include K-12 educators, all subject areas and all legally obtained copies.”

And to give you a sense of what is at stake, the author writes “In February 2007, the Fair Use Act was introduced in Congress, but never passed. It would have codified into law all six exceptions from 2006, which are currently rule-made and remain subject to periodic reviews. The Fair Use Act would have permitted the circumvention of TPM for, among other cases, (1) access to public domain works, (2) access to works of public interest for criticism, scholarship, reporting or research, (3) compilations of educational film clips and (4) preservation in libraries. The latter is of particular importance as the various media with historical content, including DVDs, begin to deteriorate. Smith argued that what frightens publishers about the Fair Use Act is that, if implemented, it would render ineffectual the anti-circumvention rules. Fair use would constitute an exception so broad that decisions regarding the right to circumvent would often be made after the actual circumvention. If a content owner objected, the user could take the matter to court, and only then would a judge decide whether fair use can justify that particular circumvention. The Fair Use Act would thus defeat the anti-circumvention rule’s self-help purpose.”

So in other words, the encryption that libraries are using is controlling access to their eBooks, and the anti-copy encryption that companies are using on their deteriorating DVDs are conspiring with the law to keep libraries from providing open access in the future to our resources.  I say instead of “Fair Use Act”, we need a “Fair Copy Act” so libraries will be free to begin their media refreshment, digital migration and whatever they need to do to make sure their media collections do not become time capsules, moments of time captured on obsolete media formats.

 

NARA, Why Is the Government Destroying Our History? 2011/09/07

Posted by nydawg in Archives, Electronic Records, Intellectual Property, Privacy & Security, Records Management.
Tags: , , , , , , , ,
add a comment

A colleague posted this sad (but true) story about the National Archives asking “Why Is the Government Destroying Our History?” and I noticed this set-up, “The U.S. National Archives and Records Administration (NARA) said it will destroy millions of federal court records and bankruptcy files from 1970 through 1995 but will hold those records the government deems “historically valuable.” . . . Ok, for those of you who think archivists and information purists are dirty curmudgeons who toil away amid dust balls to avoid socializing (on say, Facebook!), consider what is actually lost when these records are destroyed:

. . . Incrimination.  You are about to hire an executive. You call us to do a background check.  We find out he was charged with running a prostitution ring in the ’80s. Or, you are about to hire a new CFO.  You call us and during our research we find he has filed for personal bankruptcy protection three times in the last 15 years. ”

So, this is very troubling.  Offhand I don’t know what the retention schedules for court records and bankruptcy files are, but now it seems like the historians at NARA are convinced that they can describe these files as having “historic” value, but they won’t go near the “evidential” or “transactional” value.   Professional records managers are not making these decisions at NARA, because they would recognize the legal value.   So NARA, in its “infinite wisdom” will decide whether or not large parts of our shared legal history have “historical value”, at the same time that they believe that redundant digital junk (e.g. 250 million George W. Bush emails) merit long-term preservation, but court records related to criminal activity may not have value in the eyes of a .  They’re going to throw out the original, authentic records and create a black hole in our shared knowledge of our judicial system!

Anyone remember when George W. Bush signed Executive Order 132333 to limit access to President Reagan’s records?  Well, now imagine that NARA is doing the same thing with federal records.  So what does the Federal Records Act (FRA) have to say about court records, or how does NARA deal with court records and bankruptcy files?

Well, in Spring 2008,this power was held by the federal records centers (FRCs) of the National Archives and Records Administration (NARA).  In a promotional piece, “Ready Access NARA’s Federal Records Centers Offer Agencies Storage, Easy Use for 80 Billion Pages of Documents they were providing ready access.   “However, the majority of federal records—approximately 95 percent—are considered “temporary records.” Every temporary record has an official records retention schedule—that is, the amount of time it must legally be preserved for use before it is destroyed (usually by recycling). Retention schedules for temporary federal records vary widely, ranging from a few months to more than a century. For example, most agency information request correspondence is kept for less than a year. Individual tax returns are preserved for seven years. Corporate tax returns, while not considered “permanent,” must be retained for 75 years. And certain aircraft certification engineering files must be kept for 100 years.”

I’m not exactly sure what they are doing ,but I assume it’s something like saying that since the papers were digitized (scanned), the originals are no longer needed.  But for public records, NARA is steward.   “The public can also access federal court records held by FRCs. These records include files from U.S. bankruptcy courts, the U.S. court of appeals, and U.S. district court civil and criminal files. FRCs make court documents available for researchers such as reporters writing stories on high-profile cases, former bankruptcy court litigants applying for mortgages or other loans, companies conducting background checks on individuals, and legal professionals researching precedents.”

Okay, so it’s an interesting piece from NARA, but this part really stopped me in my tracks: “The federal records centers have ably served the federal government and the citizens of the United States for more than 50 years. As the needs of federal agencies change and grow, NARA’s FRCs are also changing and growing to ensure that they will continue to protect the information assets of the federal government.”

I hope I’m not the only person to cry foul on this!  It drives me crazy especially when you check the FRC website and see how heavily invested they are in having a social media presence (Twitter, Facebook).

 

WikiLeaks’ Cablegate and Systemic Problems 2011/09/06

Posted by nydawg in Best Practices, Digital Archives, Electronic Records, Information Technology (IT), Media, Privacy & Security, Records Management, WikiLeaks.
Tags: , , , , ,
1 comment so far

WikiLeaks Cablegate

Since late November of last year, the whole world has been watching as WikiLeaks got its hands on and slowly released thousands of classified cables created and distributed by the US over the last four decades.  As you may recall, the suspected leaker was Army Private First Class Pfc Bradley Manning who, undetected, was able to locate all the cables, copy them to his local system, burn them to CD-R (while allegedly lipsyncing Lady Gaga), and uploading an encrypted file to WikiLeaks.  (I’ve written previously , so I won’t get too detailed here.)

But last week, the story changed dramatically when The Guardian revealed that “A security breach has led to the WikiLeaks archive of 251,000 secret US diplomatic cables being made available online, without redaction to protect sources.  WikiLeaks has been releasing the cables over nine months by partnering with mainstream media organisations.  Selected cables have been published without sensitive information that could lead to the identification of informants or other at-risk individuals.”  To further confuse matters related to the origin of this newest leak, “A Twitter user has now published a link to the full, unredacted database of embassy cables. The user is believed to have found the information after acting on hints published in several media outlets and on the WikiLeaks Twitter feed, all of which cited a member of rival whistleblowing website OpenLeaks as the original source of the tipoffs.”  The Cablegate story, with all its twists and turns over the months, has left a big impression on me and, as an archivist and records manager, I think it is important to strip this story of all its emotionality and look at it calmly and rationally so that we can get to the bottom of this madness.

The first problem I have with the story, or more specifically, with the records management practices of the Defense Department is the scary fact that a low-level Private first class (Pfc) would have full access to the Army’s database.  This became a bit scarier when we learned that Pfc Manning used SIPRNet (Secret Internet Protocol Router Network) to gain full access to JWICS (Joint Worldwide Intelligence Communications System) as well as the [cilivian/non-military] diplomatic cables generated by the State Department.

So the first question I had to ask was: why does DoD have access to the State Department’s diplomatic cables, are they spying on the State Department?!  Well, maybe, but even if not, this staggering fact from a different Guardian article sent shivers down my spine:  “The US general accounting office identified 3,067,000 people cleared to “secret” and above in a 1993 study. Since then, the size of the security establishment has grown appreciably. Another GAO report in May 2009 said: “Following the terrorist attacks on September 11 2001 the nation’s defence and intelligence needs grew, prompting increased demand for personnel with security clearances.” A state department spokesman today refused to say exactly how many people had access to Siprnet.”

Other factors that scare the heck out of me related to “bad records management” and WikiLeaks Cablegate are the fact that there is a lack of CONTROL of these assets (they store everything online?!  Really?!); the DoD and State Department don’t use ENCRYPTION or cryptographic keys or protected distribution systems; the names of confidential sources were  not REDACTED in the embassy before uploading and sharing the cables with the world; their RETENTION SCHEDULES do not allow for some cables to be declassified and/or destroyed (so they keep everything online for decades and/or years); the majority of cables were UNCLASSIFIED suggesting that so many cables are created that they don’t even have enough staff to describe and CLASSIFY them in a better way?  The DoD didn’t have a method for setting ACCESS PRIVILEGES, or PERMISSIONS or AUTHORIZATION to ensure that a Pfc who is on probation would not be able to access (and copy and burn to portable media) all those cables undetected?!  There’s a question about password protection and authorization, but those problems could probably be covered with better ACCESS PRIVILEGES and PERMISSIONS.  Another question that leaves archivists confused is the idea that there seems to be limited version control.  In other words, it seems as if once a cable is completed, someone immediately uploads it, and then if the cable is updated and revised, a second cable will be created and uploaded.  This doesn’t seem to be a very smart way of trying to control the information when multiple copies may suggest differing viewpoints.

But perhaps the scariest part of the whole WikiLeaks’ Cablegate madness is simply that there was no TRACKING or TRACING mechanism so that the DoD could, through LOGS, trace data flows to show that one person (or one machine or one room in one building or whatever) had just downloaded a whole collection of CLASSIFIED materials!  [From the IT perspective, large flows of data may actually impact data flow speeds for other soldiers on the same network!]  And the fact that Pfc Manning was able to burn the data to CD-R suggests that when IT deployed the systems they forgot or neglected to DISABLE the burn function on a classified network!  (Okay, they’ve made some recent changes, but is it too late?!)

Many assume that Digital Forensics will provide a new way to authenticate data.  Well, if so, then why can’t they run a program on the cables and find out which system was used to burn the data and then trace the information back to the person who was using the machine at that time, as opposed to putting a soldier in jail, in solitary confinement, awaiting trial, convicted merely on a hearsay online chat he had with a known hacker?!  One other important consideration that also scares me: The military uses Outlook for their email correspondences, and Outlook creates multiple PST files.  As the National Journal puts it: “So how did Manning allegedly manage to get access to the diplomatic cables? They’re transmitted via e-mail in PDF form on a State Department network called ClassNet, but they’re stored in PST form on servers and are searchable. If Manning’s unit needed to know whether Iranian proxies had acquired some new weapon, the information might be contained within a diplomatic cable. All any analyst has to do is to download a PST file with the cables, unpack them, SNAP them up or down to a computer that is capable of interacting with a thumb drive or a burnable CD, and then erase the server logs that would have provided investigators with a road map of the analyst’s activities.”

Obviously the system was broken, informants’ security was compromised, our secrets are exposed, and the cat is out of the bag!  Yet even now, many are unwilling to listen to or heed the lessons we need to learn from this debacle.  Back in January, I attended a WikiLeaks panel discussion hosted by the Archivists Round Table of Metropolitan New York and was surprised to hear that most of these issues raised above were ignored.  I tried to ask a question regarding the systemic problems (don’t blame Manning), but even that was mostly ignored (or misunderstood) and not answered by everyone on the panel.

In my opinion, we have very serious problems related to best practices for records management.  If you look closely at DoD 5015.2, you can see that the problems are embedded in the language for software reqs, and nobody is looking at these problems in the ways that many archivists or records managers do (or should).  But honestly, the most insightful analysis and explanation were confessed by Manning himself: ““I would come in with music on a CD-RW labeled with something like ‘Lady Gaga,’ erase the music then write a compressed split file,” he was quoted in the logs as saying. “[I] listened and lip-synced to Lady Gaga’s ‘Telephone’ while exfiltrating possibly the largest data spillage in American history. Weak servers, weak logging, weak physical security, weak counter-intelligence, inattentive signal analysis … a perfect storm.

So maybe it is time for the military, the US National Archives, and all computer scientists and IT professionals to stop relying on computer processing and automated machine actions and start thinking of better ways to actually protect and control their classified and secret data.   Perhaps a good first move would be to hire more archivists and try to minimize the backlog quantity of Unclassified cables!  Or maybe it’s time to make sure that the embassies take responsibility for redacting the names of their sources before uploading the cables to a shared network?  And maybe it is time to consider a different model than the life cycle model which will account for the fact that often these cables will be used for different functions by different stakeholders through the course of its existence.

Disaster Plan: Mystery Surrounds Loss of Digital 9/11 Records, Docs & Art 2011/08/21

Posted by nydawg in Archives, Best Practices, Digital Preservation, Education, Electronic Records, Intellectual Property, Privacy & Security.
Tags: , , , , , , , ,
add a comment

A few weeks ago, nydawg member NYU Professor Howard Besser shared this article from the AP.  As an archivist and records manager, I shudder to think that all copies of each lost asset was only stored in one place, and that no copies were stored offsite, stored in at least two geographically different locations.

“Besides ending nearly 3,000 lives, destroying planes and reducing buildings to tons of rubble and ash, the Sept. 11, 2001, attacks destroyed tens of thousands of records, irreplaceable historical documents and art.  In some cases, the inventories were destroyed along with the records. And the loss of human life at the time overshadowed the search for lost paper. A decade later, agencies and archivists say they’re still not completely sure what they lost or found, leaving them without much of a guide to piece together missing history.

“You can’t get the picture back, because critical pieces are missing,” said Kathleen D. Roe, operations director at the New York State Archives and co-chairwoman of the World Trade Center Documentation Project. “And so you can’t know what the whole picture looks like.”  . . . . “The trade center was home to more than 430 companies, including law firms, manufacturers and financial institutions. Twenty-one libraries were destroyed, including that of The Journal of Commerce. Dozens of federal, state and local government agencies were at the site, including the Equal Employment Opportunity Commission and the Securities and Exchange Commission.

from Northeast Document Conservation Center

But the story goes on to point out that nobody notified NARA!  I would think that most of these federal agencies would have disaster plans and policies, (check out the Library of Congress’s 404 page not found, or here or NARA and NARA from 1993 but maybe I’m wrong.   Fortunately, you can probably find assistance at NDECC dPlan….

 . .  . “Federal agencies are required by law to report the destruction of records to the U.S. National Archives and Records Administration — but none did. Federal archivists called the failure understandable, given the greater disaster.  After Sept. 11, “agencies did not do precisely what was required vis-à-vis records loss,” said David S. Ferriero, the Archivist of the United States, in an email to The Associated Press. “Appropriately, agencies were more concerned with loss of life and rebuilding operations — not managing or preserving records.”  He said off-site storage and redundant electronic systems backed up some records; but the attacks spurred the archives agency to emphasize the need for disaster planning to federal records managers.

Said Steven Aftergood, the director of the project on government secrecy at the watchdog group the Federation of American Scientists: “Under extreme circumstances, like those of 9/11, ordinary record keeping procedures will fail. Routine archival practices were never intended to deal with the destruction of entire offices or buildings.”

Read “Mystery Surrounds Loss of Records, Art on 9/11” , and when you’re ready and think you can get some institutional support, you might want to check out some great resources including:
the Society of American Archivists’ [SAA] annotated resources site for disaster plan templates, articles and other useful information; or a
useful guide from NARA Emergency Preparedness Bibliography (which is only 5 years old) or this from
NARA Disaster Preparation Primer from 1993
which doesn’t mention digital or electronic.

dk
###

Freed: The West Memphis Three 2011/08/20

Posted by nydawg in Archives, Information Technology (IT), Privacy & Security, Records Management.
Tags: ,
add a comment

Jason Baldwin, left, Damien Echols, center, and Jessie Misskelley, Jr., right, served nearly two decades in prison.

For the last 18 years, many artists, musicians, filmmakers and people of conscience have been concerned about the Robin Hood Hills killers, three teenagers falsely accused of killing three young boys , in Arkansas.  Well, now there’s closure.  As yesterday’s NYTimes put it: “The end, if it can be called that, came all of a sudden.  After nearly two decades in prison for the murder of three young boys, Damien Echols, Jason Baldwin and Jessie Misskelley Jr., commonly known as the West Memphis Three, stood up in a courtroom here on Friday, proclaimed their innocence even as they pleaded guilty, and, minutes later, walked out as free men.

So I did a little research and found that there’s some relevance to records management.  As per Wikipedia: “According to Mara Leveritt, investigative journalist and author of Devil’s Knot, “Police records were a mess. To call them disorderly would be putting it mildly.”[10] Leveritt speculated that the small local police force was overwhelmed by the crime, which was unlike any they had ever investigated. Police refused an unsolicited offer of aid and consultation from the violent crimes experts of the Arkansas State Police, and critics suggested this was due to the WMPD being investigated by the Arkansas State Police for suspected theft from the Crittenden County drug task force.[10] Leveritt further noted that some of the physical evidence was stored in paper sacks obtained from a supermarket (with the supermarket’s name pre-printed on the bags) rather than in containers of known and controlled origin.

Free the West Memphis Three

Hmm.   So I was interested to learn about the specific maneuver which allows a man on death row to go free.  From the Times: “

Under the seemingly contradictory deal, Judge David Laser vacated the previous convictions, including the capital murder convictions for Mr. Echols and Mr. Baldwin. After doing so, he ordered a new trial, something the prosecutors agreed to if the men would enter so-called Alford guilty pleas. These pleas allow people to maintain their innocence and admit frankly that they are pleading guilty because they consider it in their best interest.  The three men did just that, standing in court and quietly proclaiming their innocence but at the same time pleading guilty to charges of first- and second-degree murder. The judge then sentenced them to 18 years and 78 days, the amount of time they had served, and also levied a suspended sentence of 10 years.”

So for future confusion, court record has them admitting guilt.


Whistleblowers & Leakers and Records Management @ the SEC 2011/08/18

Posted by nydawg in Archives, Digital Archives, Digital Preservation, Education, Electronic Records, Information Technology (IT), Privacy & Security, Records Management.
Tags: , ,
add a comment

Does it seem like whistleblowers and leakers have been in the news more and more over the last decade?  Perhaps it’s because I’m more tuned in and looking at things from an  archivist’s or records manager’s point of view, but there have been some high-profile intriguing cases with whistleblowers.  And I’m not just talking about Private first class (Pfc) Bradley Manning who leaked to WikiLeaks copies of diplomatic cable communications, classified documents, prison dossiers, classified war logs, embassy reports and a video, “Collateral Murder”, known as “a classified US military video depicting the indiscriminate slaying of over a dozen people in the Iraqi suburb of New Baghdad — including two Reuters news staff.

Meanwhile, Manning is in jail somewhere and may possibly face the death penalty because he copied, zipped, and uploaded a classified video: ” Specification 11 covers the release of “a file named ‘BE22 PAX.zip‘ containing a video named ‘BE22 PAX.wmv.'”  This likely is the video of the 2009 Afghani airstrike that Wikileaks published.
This morning I heard about a brief mention about an SEC whistleblower revealing how a poor records management (in this case, document disposal and destruction) policy cover up Wall Street crimes.  From Matt Taibbi’s excellent piece in Rolling Stone:

“That, it now appears, is exactly how the Securities and Exchange Commission has been treating the Wall Street criminals who cratered the global economy a few years back. For the past two decades, according to a whistle-blower at the SEC who recently came forward to Congress, the agency has been systematically destroying records of its preliminary investigations once they are closed. By whitewashing the files of some of the nation’s worst financial criminals, the SEC has kept an entire generation of federal investigators in the dark about past inquiries into insider trading, fraud and market manipulation against companies like Goldman Sachs, Deutsche Bank and AIG. With a few strokes of the keyboard, the evidence gathered during thousands of investigations – “18,000 … including Madoff,” as one high-ranking SEC official put it during a panicked meeting about the destruction – has apparently disappeared forever into the wormhole of history.”

In other words, they gather records, take the evidence and then destroy it!  But since these are the nation’s records, there must be some connection to National Archives, and there is.   “Under a deal the SEC worked out with the National Archives and Records Administration, all of the agency’s records – “including case files relating to preliminary investigations” – are supposed to be maintained for at least 25 years. But the SEC, using history-altering practices that for once actually deserve the overused and usually hysterical term “Orwellian,” devised an elaborate and possibly illegal system under which staffers were directed to dispose of the documents from any preliminary inquiry that did not receive approval from senior staff to become a full-blown, formal investigation.” but

“The enforcement division of the SEC even spelled out the procedure in writing, on the commission’s internal website. “After you have closed a MUI that has not become an investigation,” the site advised staffers, “you should dispose of any documents obtained in connection with the MUI.”  Read all about it in Taibbi’s “Is the SEC Covering Up Wall Street Crimes?

My impression is that this is obviously all about Records Management policies, processes, procedures and etc.  Like Manning, the SEC whistleblower saw mixed messages and witnessed wrongdoing and stepped forward and leaked copies of the records.  Until we figure out what is the difference between records and copies of records, this story may go nowhere.  But it seems likely that even if the SEC thought it had deleted the MUIs, there still may be traces that could provide evidence from past investigations.  IT probably has backup tapes (which have been over-written frequently), but the data could be extracted (at great expense).  The question really is: Does SEC Want to preserve all of its agency records?

My guess is: probably not.   My other thought is that there’s an easy answer: post-custodial control.  Agencies need to take responsibility for managing their record, even before they are handed off to an archivist or the NARA.   SEC needs its own department of archivists and records managers and needs a workable strategy and plan with IT for managing their own authentic records.  They also need somebody with a conscience, who is trustworthy enough to deliver accurate records with a life span of 25 years(!) to NARA in a timely fashion.

FYI: EMR = EHR 2011/08/17

Posted by nydawg in Archives, Digital Archives, Electronic Records, Information Technology (IT), Privacy & Security, Records Management.
Tags: , ,
add a comment

This news story from Reuters seems bizarre given known limitations (and challenges) of iPads such as no USB drives, doesn’t read or edit PowerPoints, doesn’t stream Flash video, and etc. (is there more?)

“The iPad may help electronic medical records (EMR, sometimes also referred to as electronic health records, or EHR) finally gain wide adoption, thanks in part to a new program that will see the federal government dispersing grants to doctors who make use of a free native EMR iPad app.” Here’s the article: “Electronic Medical Records Get a Boost from iPad, Federal Funding” .

So ultimately the question will be: if doctors are using portable iPads for their EMR (EHR) duties, how will they distribute the information?  Email?  Shared network?  And what will the security risks be?  And will the copy of the “record” be stored as a read/write version, and will it be shareable with other systems and, if so, in what format and what software version, etc.?!

WikiLeaks Cablegate: Minister Adrian Lamo Promised Bradley Manning Confidence 2011/08/13

Posted by nydawg in Archives, Privacy & Security, WikiLeaks.
Tags: ,
add a comment
WikiLeaks

WikiLeaks Is WikiLeaking

WikiLeaks Plot Thickens :
Wth reluctance, after a
year, Wired released
hearsay transcripts
from 
FBI informant/minister,
hacker & journalist Adrian
Lamo & part stuck out:

“Just consider some
of what Wired concealed.
First we have this, from early:

in the first Manning-Lamo
conversation (emphasis added):

MANNING:  uhm, trying to keep a
low profile for now though, just a
warning

LAMO: I’m a journalist and a minister. You can pick either, and
treat this as a confession or an interview (never to be published)
& enjoy a modicum of legal protection.

In subsequent conversation, Lamo again promised: “i told you, none of
this is for print.” and to explain how Manning was undetected while
distributing mass volumes of cables to WikiLeaks, Lamo told The NY
Times
last December that Manning  “did an actual physical dropoff
when he was back in the United States in January of this year” —
something we now know Manning never even
 alluded to, let
alone told Lamo.

and “Then there’s the national security secrets Poulsen claimed to be
valiantly safeguarding until he could “vet” them.  What happened to those?
Did Wired vet them (such as Manning’s statement, concealed by  Wired
until yesterday, that “approximately 85-90% of global transmissions are
sifted through by NSA” or that ” 85% of [U.S. aid to  Pakistan] is for
F-16 fighters and munitions to aid in the Afghanistan effort, so the
US can call in Pakistanis to do aerial bombing instead  of americans
potentially killing civilians and creating a PR  crisis”)?

Read lawyer Glenn Greenwald’s excellent analysis:
http://www.salon.com/news/opinion/glenn_greenwald/2011/07/14/wired/in…

and check out Wired’s Editor in Chief Evan Hansen attempt at Manning character assassination:
“His motives appear to spring from a far more complex place than a desire to right a clear wrong. At times he seems to verge on hopes for worldwide revolution.”
http://www.huffingtonpost.com/evan-hansen/bradley-manning-traitor-her…

or read the logs yourself, but keep in mind, as my lawyer friend tells  me, these are hearsay.  I don’t know if it’s “illegal” to claim to be  a “minister” in a chat, but it certainly seems unethical to turn  someone in after doing that, right?!

“(02:14:50 PM) bradass87: From an award recommendation (never completed): “SPC Manning’s persistence led to the disruption of “Former Special Groups” in the New Baghdad area. SPC Manning’s tracking of targets led to the identification of previously unknown enemy support zones. His analysis led to heavy targeting of insurgent leaders in the area that consistently disrupted their operations. SPC Manning’s dedication led to the detainment of Malik Fadil al-Ugayli, a
Tier 2 level target within the Commando OE.””

“(02:47:07 PM) bradass87: the CM video came from a server in our domain! and not a single person noticed”

. . . “(03:10:32 PM) bradass87: at first glance… it was just a bunch of guys getting shot up by a helicopter… no big deal… about two dozen more where that came from right… but something struck me as odd with the van thing… and also the fact it was being stored in a JAG officer’s directory… so i looked into it… eventually tracked down the date, and then the exact GPS co-ord… and i was like… ok, so thats what happened… cool… then i went to the regular internet… and it was still  on my mind… so i typed into goog… the date, and the location… and then i see this

http://www.nytimes.com/2007/07/13/world/middleeast/13iraq.html

http://www.wired.com/threatlevel/2011/07/manning-lamo-logs/

dk
###