Hacking and the Era of Fragile Secrets

Written with Christopher E. Whyte of George Mason University

What would it mean if a country couldn’t keep any secrets? 

The question may not be as outlandish as it seems. The hacks of the National Security Agency and the Democratic National Committee represent only the most recent signposts in our evolution toward a post-secrecy society. The ability of governments, companies, and individuals to keep information secret has been evaporating in lock step with the evolution of digital technologies. For individuals, of course, this development raises serious questions about government surveillance and people’s right to privacy. But more broadly, the inability for governments to keep secrets foreshadows a potential sea change in international politics.

To be sure, the U.S. government still maintains many secrets, but today it seems accurate to describe them as “fragile secrets.” The NSA hack is not the first breach of American computer networks, of course, but the nature of the hack reveals just how illusory is our ability to keep secrets. The Snowden affair made clear that the best defense isn’t proof against insider threats. The Shadow Brokers hack – against the NSA’s own top hacker group – has now shown that the best defense isn’t proof against outsider threats either. Even if the Shadow Brokers hack is a fabrication and the information was taken from the NSA in other ways – a traditional human intelligence operation, for instance, where a man with a USB drive managed to download some files – it seems clear that we’re in an era of informational vulnerability.

And what is true for the federal government is even more clearly true for private organizations like the Democratic National Committee. The theft and release of the DNC’s email traffic – likely carried out by Russian government hackers – illustrates that it’s not just official government information at risk. Past years have made it clear that civil society organizations – both venerable (political parties, interest groups, etc.) and questionable (the Church of Scientology, for instance, was the target of a range of disruptive attacks in 2008-‘09) – are as often the targets of digital intrusion as are government institutions.

At this point, it seems fair to think that there is no government or politically-relevant information that couldn’t, at some point, find its way into the hands of a hacker. From there, it is just a short hop into the public domain.

This is not to say, of course, that everything will wind up being made public. There is clearly too much information to wade through, most of it of little interest or value to anyone. And a great deal of information is so time sensitive that its value will evaporate long before anyone can steal it. But even there, as we know from the exposure of the NSA’s global surveillance programs, under the right circumstances hackers can monitor all manner of communications at the highest levels of government in real time. 

Nonetheless, as the frequency of broken secrets has risen, it has become clear that we have entered a new phase of “revelation warfare,” one in which revealed truths join disinformation and propaganda in the foreign policy toolkit. Disinformation, of course, remains an important weapon in the struggle for hearts and minds – witness Russia’s recent attempts to obfuscate the debate over NATO membership in Sweden, for example. But in many cases the truth may turn out to be even more powerful. Nations using disinformation campaigns always risk getting caught, thereby tarnishing their messages. Once a secret truth is revealed, however, it doesn’t matter whether the thief gets caught: the truth is out there.

The implications of this new era are profound. 

Leaks have traditionally been an insider’s threat of last resort, but the ability to steal information from a distance clearly provides exponentially greater opportunity for foreign nations to influence the political process here at home. Whether they come in the form of secrets about candidates’ personal lives, the shady dealings of political organizations, or deception by government officials, strategic revelations have the potential to destroy candidates, change the course of elections, and obstruct the making and implementation of public policy.

More fundamentally, too much transparency could seriously threaten the ability of governments to do things that require a certain amount of secrecy and discretion. Though most government operations do not require any special need for classified information or secrets, the conduct of foreign policy certainly does. Intelligence gathering, diplomacy, and the conduct of war all promise to become much more problematic if secrets become too difficult to keep.

Over time, we may be in store for an extended “Watergate effect,” in which the steady stream of hacked secrets leads to one ugly revelation after another, further eroding public confidence in our political institutions. On the other hand, a “sunlight effect” is also possible. The explosive potential of having one’s secrets revealed might just convince bureaucrats and politicians that the wisest course of action is to have nothing to hide.

However things turn out, it is clear that we need to get used to living in an era of increasingly fragile secrets.