I am a firm believer in taking care of people that take care of people. One of the things I have advocated for is the provision of a thermal imaging drone for every single fire department in the world. It would need to be a hardened drone (against fire) so that it could fly over the burning building and return live video of the roof showing hot spots. If we save one firefighter, it is a start. If we save 100 firefighters, we have more to save, but we are well begun.
There are other applications of technology that are interesting. As the reality of what is the internet and the many connected devices now called the Internet of Things (I also note that there is a broader definition of IoT, developed by NIST (the National Institute of Standards and Technology in the US) call CPS or Cyber Physical Systems that includes the concepts of management and security for the IoT devices).
The recent WikiLeaks release of CIA tools is interesting. First, because the concept of information has changed radically. We do and should support whistleblowers. But in revealing tools that governments use, do we benefit everyone?
There has to be a line, a point where we release information and a point where people stop and say, yeah we shouldn’t release the information. It will take the various companies in the WikiLeaks release with compromised security more than a year to get a fix built and deployed to all phones. However, WikiLeaks has nicely pointed out to everyone blackhat in the universe that in fact, the hacks are possible thereby creating a zero-day bug for everyone. Seriously, at some point that is beyond wrong.
I understand the need for sharing information. I do also wholly and completely support the concept of whistleblowing. But when the whistle you are blowing not only ends a bad thing but calls attention to a lot of innocent people and then gives bad actors a roadmap of how they can attack those people, well that is irresponsible.
This post, which is much more political that I usually post, is going to get me a negative response. I understand that. I am writing this to appeal to those who are considering becoming whistleblowers and considering how they will blow the metaphorical whistle. Organizations like WikiLeaks have demonstrated a great platform for Whistle Blowers. I think them for that. But they have also shown a wiliness to put everyone at risk, regardless of the potential impact. That is something that in the end isn’t good.
There is a proverb I like that isn’t old but fits here. “Check yourself, before you wreck yourself.” While I am sure there are many ways to interpret the line, I always have felt it meant to make sure you don’t do the things you are pointing the finger at others for. Yes, it is bad that the US CIA attempts to devices that are in the wild around us. It is naïve to think if the CIA has those tools that other governments do not have them, in fact, WikiLeaks, it is dangerous to publish one and not all. I understand that your source only had tools from one, but still, you created a danger for consumers around the world for the next 5 to 6 or more months. You brought to light a bad thing done by one government. But you didn’t turn on the lights and force all the cockroaches to flee the room. You turned on the laser pointer and revealed a small part of one cockroach.
I have no problem with, support and applaud those who risk what they love to share that organizations are doing bad things. I do, however, wish that organizations that are focused on helping whistleblowers would at least take a look at the potential impact.
There are three rules that I think should apply to all organizations releasing information that isn’t their information.
1. Does the information, in being released impact people that are not involved in any process that the information details?
2. Will the release of this information cause a mass panic?
3. Does the release of the information benefit me, the releaser more than it helps those impacted by the release?
Three simple rules. If it hurts others, think about it first. It is ok to release information generically, I.e.; bad things are happening. In this case, the WikiLeaks release of information could impact more than a billion people. Not, by the way, in a good way.