US Military Bans Physical Media To Curb Leaks


In the wake of recent high-profile leaks, some branches of the US military have taken a step that may be end up being as controversial as its cause. Ironically, the news comes via a leaked memo obtained by Wired’s Danger Room that insists that everyone from grunts to techs “immediately cease use of removable media on all systems, servers, and stand alone machines residing on SIPRNET,” under pain of court-martial.

SIPRNet would be the military’s internal network internet-like network used by the Department of Defense for some secure communications, cordoned off from the rest of the world by, I have assume, the most sophisticated firewalls and electronic countermeasures available. Otherwise, how could they think that a simple and unenforceable ban on removable media could possibly stop leaks? But I am facetious. The flip side of this TSA-like response to profound hemorrhaging of information is that perhaps we’ll see some interesting developments in cloud and connective services.

Sometimes it takes a bull in a china shop to effect a change in inventory. That’s not an actual saying, but I think there’s some wisdom to it. The military is a strange combination of cutting-edge tech and fossil systems, being upgraded as-needed from the tape drives and command-line interfaces of the 80s. A catastrophic change in connectivity requirements might just be the thing that brings the fragmented military systems into harmony.

Try completely removing paper from an office, for instance, and you soon find exactly where and how you needed it. That particular step is usually taken as peremptorily as the military’s was, and with as little preparation. If this ban sticks (though physical media have been banned before, only to be restored), the result would be interesting to observe if it weren’t classified. In the field, especially, I can see this injunction wreaking havoc, though to be sure, a medic probably isn’t using SIPRNet to transfer patient information.

I watched a nature documentary the other day in which a group of ants took down a well-armored grasshopper, or at least drove it off, by biting it all over until they found the soft joints. The military, like all organizations, has those joints, and was apparently unaware of this one in particular until a private loaded a few hundred megs of classified text onto a disc (labeled “Lady Gaga,” I just learned, how entertaining) and passed it on. Very well, the military says, we’ll close that gap. But I think they will find that their sense of security is built on shifting sands.

Burning data to a disc and passing it on is literally the crudest form of leaking I can think of, unless you count calling someone from within a base and dictating the classified info. And banning physical media is almost as crude a response, though understandable. Although I’m sure that SIPRNET and its associated networks are reasonably well-protected, I suspect that a little creative thinking by the best minds in the business would (and will) produce more leaks.

At all events, the ban is in place and the guys on the ground are already complaining. Sure, the military has a lot of great plans for battlefield communication, secure transfer of rich data, and so on, but a more comprehensive and imaginative approach to preventing leaks may be in order. Perhaps they should consult Apple.

Actually, they should probably consult Google or Facebook. The creation from the ground up of a secure yet inherently “social” system like that of a world-spanning military data network has a lot of similarities with what those world-spanning networks have been doing for some time. And they’ve already learned from mistakes that the military can’t afford to make. Either way, the Wikileaks affair seems to have been kindling for quite a pile of internet- and tech-related issues, mainly with the wages of inactive defense against an active and fast-moving online world.

I should add that the reason I think this worth posting, aside from its simply being interesting, is that the modernization on a system like this will almost certainly bear fruit relevant to daily internet life. In time, anyway, as defense research often results in civilian gain, if at a few years’ remove. The challenges they face are similar to those faced by internet giants, and the development of systems to accommodate a worldwide secure network should be of interest to anyone in the business.

[image: Life/Paula Bronstein]