The Foreign Service Journal, February 2011

The ongoing debate about the WikiLeaks release of more than 250,000 State De- partment cables has mainly focused on whether making volumes of sensitive diplo- matic reporting public was justified. One side applauds the documents’ release in the name of freedom of speech and transparency, while the other cites the responsibility not to divulge stolen classified informa- tion, as well as privacy rights. A parallel debate continues on the impact of the documents’ release. Some welcome it, arguing that the ben- efits of greater understanding of diplo- macy and diplomats outweigh the costs of inhibiting diplomatic dialogue with Foreign interlocutors. Many also em- phasize the leak’s potential to endanger sources and make the work of diplo- mats that much harder. Wherever each of us comes down on these questions, we can all agree that the theft of this incredible volume of diplomatic correspondence is a real blow to the Department of State. And it raises serious questions about the risks of compiling shared databases of sensitive information. The best way to minimize the dan- ger of future disclosures on this scale, while still sharing vital information across organizational lines, is to understand how the leak happened. A good place to start is a Dec. 31 Washington Post article titled “WikiLeaks Reveals Flaws of Informa- tion-Sharing Tool,” which tells the story of an obscure State Department database called Net- Centric Diplomacy. Established in 2006 and connected to a giant Defense Department system known as the Se- cret Internet Protocol Router Network, Net-Centric Diplomacy became “the conduit for what was perhaps the biggest heist of sensitive U.S. govern- ment information in modern times.” As reporter Jory Warrick explains, after 9/11 sharing information relevant to terrorist plots and other threats be- came a priority for all federal agencies, including State. But because of design flaws and confusion among its users, the database became a repository for a vast array of reporting cables and other materials that were never meant to be shared outside the department. Thorough as the article is, here are just a few of the many questions it does not answer: How and at whose initia- tive did we decide to establish the Net- Centric Database? How was it fund- ed? Which key stakeholders were in- volved? If some were not, why not? What criteria for including classified re- porting were established and by whom? Did the concept go through the usual review process? How were Foreign Service person- nel briefed about Net-Centric Diplo- macy and trained in the use of the SIPDIS caption (automatically distrib- uting secret cables into SIPRNet)? What about other agency users? If the goal was to pre-empt terrorist threats, were the cables captioned SIPDIS rel- evant to this objective? Did we at State ask hard questions about SIPRNet and its protections against unauthorized downloading? Did reporting officers, deputy chiefs of mission and ambassa- dors understand that whenever they added the SIPDIS caption, their audi- ence became ridiculously large? Post-9/11 pressures to share infor- mation about potential terrorist threats were understandable. But did we ever identify the risks involved and propose measures to manage and minimize them? If so, was the problem with im- plementation, and can it be fixed? In the end, we at the Department of State are responsible for both sharing and protecting our sensitive informa- tion effectively. Before the Internet, accessing and spiriting away a quarter of a million cables would have been un- thinkable. Now it is not. Clearly, we failed to grasp just how dynamic cyberspace is. Our future de- cisions must take into account the im- plications of digital information and cyberspace management for the con- duct of diplomacy. Susan R. Johnson is the president of the American Foreign Service Association. P RESIDENT ’ S V IEWS WikiLeaks and Diplomacy in the Digital Age B Y S USAN R. J OHNSON F E B R U A R Y 2 0 1 1 / F O R E I G N S E R V I C E J O U R N A L 5