File menu, Fingerprint command

As every good James Bond fan knows, the essential tool of the trade used to be a sub-miniature Minox camera. The spy’s daily drudge would be to sneak into an office in the dead of night, draw the blinds, turn on the mandatory desk light, dip into a pocket to retrieve the Minox, and make copious copies of secret documents.

By the Thatcher era, the ubiquity of photocopiers had not entirely replaced the Minox, but made spying and leaking very different trades. Key documents could now be duplicated near-perfectly in the course of a few minutes seized during a lunch hour. Predictably, the Iron Lady was incensed at the series of damaging leaks, to the point where administrative processes required to make a copy consumed more time and effort than the copying itself – a desperate but ever-futile bid to stem the outflow of secrets.

Now the spy or leaker has only to bring in a USB stick, blank DVD or similar in order to make off with gigabytes of governmental embarrassment. As Wikileaks has shown for corporations and governments alike, those rich pickings do not even have to be passed to an enemy, merely placed in the public domain. Whether it is a modest collection of emails between climatologists or a huge database of US military intelligence from Afghanistan, it can be internationally influential.

The problem is not one of security – many secrets that end up in the hands of spies, or on Wikileaks, have been stolen by those working inside their organisations, who would have had legitimate access to them in the first place – it is of traceability. While many printers and copiers, particularly those that support colour, leave hidden signatures on their output, hardly any digital documents contain any information as to their provenance, except in easily stripped or forged metadata.

Most of us have documents or data that we would rather were not seen by others, such as commercial competitors. Even if you use a high-end document management system, there will probably be no indelible fingerprint applied to each copy of a document, or export from a database, that establishes by whom and when that material was checked out of the system’s control.

Outside specific sectors such as healthcare, uncontrolled content is easily passed around authorised users. When sensitive documents appear in the hands of competitors or on a publicly-accessible website, it is beyond the abilities of even the sharpest Miss Marple to prove who released them.

The answer may lie with steganography, the ability to hide data inside a file without the concealment being apparent. All it needs is a document management system that fingerprints each released copy of sensitive content so that the transaction can be identified against its access logs. When a sensitive PDF or Word document surfaces on Wikileaks, with it would then come the stigmata that could trace the leak back to those responsible. There are some specialist developers who appear to offer such features, but few of us use document management systems, and even fewer of them offer traceability as standard.

You might of course think Wikileaks a good thing, so long as it does not damage you. Given the furore that resulted from its release of US military intelligence reports from Afghanistan, it is surprising that little effort seems to have gone into making sensitive documents more traceable. Perhaps this is because those who could enable traceability want to retain their own ability to leak should they feel the need to.

Meanwhile the largely anonymous, unrepresentative, and unaccountable group behind Wikileaks can continue to ride roughshod through world politics.

This article was first published in MacUser volume 26 issue 20, 2010. I remain puzzled by the fact that all attempts to prevent continuing leaks over the last five years have remained so ineffective, confirming my suspicion that ‘those in control’ don’t actually want to stop them after all.