The damage done by the leaking of the UK Ambassador's correspondence about the President of the United States is a timely reminder that there are always risks in communicating in a digital world.
Sir Kim Darroch's thoughts of President Trump's White House (from 2017) were never supposed to be made public, as these were blunt and honest communications, as is the style used by UK ambassadors. Whoever leaked the information was clearly hoping to cause damage of some sort, be it internationally or within UK politics. If discovered, the perpetrator(s) should face the full force of the law; this much is clear.
However, this incident might well have have been prevented, if the UK Government and in particular the FCO had learnt the lessons from other high profile digital communication leaks, such as the US Wikileaks scandal, the NSA Edward Snowden leaks, or the hacking of Hilary Clinton's emails. The lesson is that there is no such thing as a complete security guarantee to electronic communications, no matter however secure, however well encrypted and how well sent and stored. In this Information Age, the consequences of sensitive information 'getting out' is huge, both in terms of the speed at which the news will travel, the amount of people that can receive that information and how it is received (tempo, scale and perception). And when, in this case, that information contains criticisms of the leader of the UK's closest ally, then the consequences can be all the more damaging.
Now the FCO will have 'state of the art' IT security systems in place and aligned procedures that ensure that sensitive information is handled with the appropriate security classification caveats. However, alongside this, ambassadors are encouraged to 'say it how it is' and to speak truth to power. This frank and honest approach allows the UK Government to assess situations and then make its mind up about decisions and policy. The problem with this approach is that fails to take into consideration the new risks that digital communications have brought to governments. Once an ambassador clicks 'send', he or she must trust that the system will protect the information and that relies on both the technology employed and the trust in the very people that have access to it. Given that very similar leaks (on a much larger scale) happened to the US Government over the Wikileaks scandal, one would have thought that this incident alone would have been enough to change the way UK Ambassadors reported back to London, especially in high profile embassies. It is clear that this has not happened.
Thus 'the very finest of traditions' whereby Her Majesty's Ambassadors can electronically upload their frank assessments in the knowledge that their candidness will not be compromised and the information will stay secure, is at odds with the new risks that the digital era has brought us. It is time for the FCO to look very carefully at how these dispatches are transmitted, the manner in how they are written and who has access to them. A little bit more 'Need to Know Basis' would not go amiss and 'less is sometimes more'.
Lessons for Everyone
There is no such thing as totally secure communication systems. Above and beyond the technology that underpins secure IT, there will always be a human that reads it and a human that might possibly do something not intended. The minute the writer presses the Return Button, or clicks the 'send' icon, they immediately lose control of where that data may end up and how it may be used.
You don't need to be an ambassador to fall victim to communications leaks. So before 'pressing return' of sensitive, confidential or in some way classified information, users should ask themselves the questions:
- How sensitive is the information that I am about to send?
- Does it need to be sent at all?
- Is it written in a way that will be understood and not offend?
- Is this the right means to send such information?
- Who will have access to this information and what can be done to restrict its wider distribution?
- What might be the consequences if this information were more widely circulated?
- What can be done to ensure that any leak is traceable?
SixFigureGrid - Navigation in the Information Age
Know where you are; understand what is going on
Perception | Scale | Tempo | Ethics | Security | Innovation | Uncertainty