Event

On 28 November 2010, WikiLeaks published the first 220 of more than 250,000 confidential messages sent by U.S. diplomats around the world (see http://cablegate.wikileaks.org/ ). The release of the materials has upset and embarrassed U.S. and other government officials.

Analysis

In a digital age, governments or private enterprises cannot count on privacy. Any digital information is discoverable whether by the deliberate action of people inside the enterprise, the hacking of people outside, or simple human error or system failure. Disclosure is almost inevitable because:

• Material published on the Internet instantly reaches audiences around the globe.
• It can't be deleted.
• The sources who provided the information can be hidden.

Additional technical or procedural measures may reduce future disclosures but cannot prevent them entirely. Conventional computer systems connected to the Internet will always be vulnerable to external attack. And the recent Stuxnet virus demonstrated that a determined and expert hacker can penetrate any computer system, even when it is supposedly protected by an "air gap" between it and the outside world.

Governments officials who take heavy-handed steps to prevent further embarrassment may fuel the public's suspicions and motivate more leaks. Private enterprises that do not prepare for leaks may suffer significant commercial damage. For more on the implications of digital information on secrecy, see Richard Hunter's book "World Without Secrets: Business, Crime and Privacy in the Age of Ubiquitous Computing."

Recommendations

Government and business leaders:

• Understand the risks associated with any assumption of privacy related to information and move toward an expectation that every action or decision will be recorded and could be made public.
• Use this WikiLeaks event as an opportunity to war-game with your business colleagues the impact that might be created by similar leaks from your own enterprise.
• Extend risk management strategies to include issues arising from the unplanned release of information. Take into account the extent to which such a release will affect the trust in, and reputation of, your enterprise.
• Consider pre-empting leaks by releasing more information yourself to increase your enterprise's transparency.
• If a leak of what you are discussing could cripple your enterprise, prevent any recording of it, including minutes typed on a computer.
• Train users on how to spot inflammatory content in e-mails and other documents.

• "Business Leaders Must Prepare for a Surveillance Society" — Greater transparency should lead to better decision making and more-effective responses to changes in market conditions, but this requires a cultural shift inside the management of many enterprises. By Steve Prentice
• "Transparency Provides Opportunities and Threats in the 21st Century" — Most business executives have developed well-rationalized positions on the issue of transparency, but increased risk and the ubiquity of information have changed the assumptions on which these positions were formed. By Michael Smith and others

(You may need to sign in or be a Gartner client to access the documents referenced in this First Take.)