Joi Ito's Web

Joi Ito's conversation with the living web.

Cryptome is one of my primary sources of documents that get released to the public through a variety of sources. I link to it quite often from my blog. ABC News questions the value of the public's right to know, vs the risk of "helping the enemy." I have a feeling that terrorists are pretty good at using the Internet and probably already have access to most of the stuff on Cryptome. I think that it could be argued that they are helping terrorists by making the information so easy to find, but I personally think that Cryptome and other sites like it are important in fighting against the natural tendency to hide behind secrecy.


I think that defining what John Young does i.e. providing publicly available information to public as "helping the enemy" sounded short sighted. To me this is typical make-up of commercial news media rant.

A short question: if Cryptome drops those information from the website, does that help to make terrorists unable to obtain those information? .... No, I don't think so.

Those information were publicly available even before John Young compiled. If he could do that so do terrorists. And anyone who read Kevin Mitnick's book "the Art of Deception" can understand that hyper focused group of people with high intention to do a harm can obtain such information even from non-public sources.

Ah, one more thing. If any law enforcement or spy agency have been sniffing packets going to Cryptome site, their operation could have been blown by this ABC news story. Because if some of terrorist groups have been using Cryptome as an infomation source, they certainly will stop accessing to the site after they saw the news. There was a good recent example of US officials named Mohammad Naeem Noor Khan and blew Pakistan's undercover operation.

Hmmm, but this leads to an idea of that mass news media making information public may be creating the risk of "helping the enemy". Duh, I get confused. :p

There's room for a geniune difference of opinion about compilation of publicly available information into a sensitive finished product. A decade or so ago, the U.S. Government went so far as to create a class of information called "Sensitive But Unclassified" in an attempt to help them get a handle on this. That was for information generated in the context of government work, as I understand from reading the news about it.

As far as products generated by citizens on their own time, I think it's a different story. The U.S. isn't England. (I think we even fought a war over that.) We don't have "D Notices" or the Official Secrets Act, rules that allow the government to tell the entire media: "There's nothing to see here, move along." and actually expect to be obeyed.

I have managed security at a number of enterprises, and I think this sort of story is an example of paranoia, not sound security policy. Security decisions should be made rationally, and in the context of a threat assessment, not just because something makes someone "feel funny."

As far a public safety goes, some of the post 9/11 responses have done more harm than good. There are many laws in the U.S. that require certain industries to file reports with what sorts of hazardous materials they manage, the potential risks of their working with them, and plans for helping the community in case of an accident. Most of these are called "Right To Know" laws. In the aftermath of 9/11 the U.S. Environmental Protection Agency pulled down much of this information from their web site, though it was posted in direct response to a legal mandate for the protection of the public.

Getting back to the rationality of security measures...Anyone with the slightest background in probability theory or actuarial science can tell you that you're far more likely (in the U.S.) to be hit by a car or affected by some industrial accident than by a terrorist attack. If I have to receive information to mitigate my risks, I'd prefer it be useful for mitigating the ones I ACTUALLY EXPECT TO ENCOUNTER, rather than those that sound the most frightening. But that's just me.

That entire article was about a live website... yet the reporter failed to mention what the URL (or even the title) of the site is! Does ABC seriously still not "get" this WWW thing yet?

BTW John Young lives in NYC and he experienced 9/11. the first report about 9/11 I read was written by him posted to Declan's list at 11:14 am EST. I still remember I was impressed by his analysis of how WTC collapsed. It was quite detailed because he is an architect.

FC: Firsthand reports from NYC and Washington DC after attacks

Hey Joi, I read/link to Cryptome quite a bit myself. If you like Cryptome you might also like Cloaks-and-Daggers which is more or less an academic community's "intelligence community" mailing list, if that makes any sense. Check out some of the email addresses that subscribe and post :-)

Wow. I love Cryptome. Of course, it really would be quite easy for an entry-level analyst in the DIA, CIA, FBI, or Military Intelligence to plant something there. Not issuing a conspiracy theory -- just a disclaimer of sorts.

2 TrackBacks

Listed below are links to blogs that reference this entry: ABC on Cryptome.

TrackBack URL for this entry:

Cryptome takes publicly availalbe info - some of it considered sensitive (like aerial photos of Nuclear plants) - and posts it on the web. Some critics, like the FBI, consider the site to be a possible help to terrorists. At the very least it provides ... Read More

Cryptome takes publicly availalbe info - some of it considered sensitive (like aerial photos of Nuclear plants) - and posts it on the web. Some critics, like the The Deparment Of Homeland Security, worry the site might be a possible help to terrorists.... Read More