Ministry of Defense's "How To Stop Leaks" Document Is Leaked

samzenpus writes "A restricted 2,400 page-document put out by the MoD designed to help intelligence personnel with information security has been leaked onto the internet. Wikileaks notes that Joint Services Protocol 440 (JSP 440), was published in 2001 and lays out protocols to defend against hackers, journalists, and foreign spies. it says, 'Leaks usually take the form of reports in the public media which appear to involve the unauthorized disclosure of official information (whether protectively marked or not) that causes political harm or embarrassment to either the UK Government or the Department concerned... The threat [of leakage] is less likely to arise from positive acts of counter-espionage, than from leakage of information through disaffected members of staff, or as a result of the attentions of an investigative journalist, or simply by accident or carelessness.' " Looks like it's time to write JSP 441.

May I be the first to say

[pecosdave]

Documentation security - you're doing it wrong.

Re:May I be the first to say

[ImNotAtWork]

that causes political harm or embarrassment

Other than military secrets like we have a spy in such and such position. I'm going to call upon.. "If you don't act in a manner that would embarrass yourself/department you should have nothing to worry about." They have been using it to justify countless forms of monitoring.. let's see how they like it when the positions are switched.. Yes I know I'm living in fantasy land.

Re:

[mrrudge]

I'm sorry citizen. 'If you've done nothing wrong then you have nothing to hide' is a rule we made for the hoi-polloi, we've been very careful to include exemptions for the ruling classes, now, please place a dna sample in the cup provided and move right along.

Flippantly aside, for some good examples of what ( has been allowed to be published about what ) goes on in the name of the people, a 'history' of MI5 ( Military Intelligence, Section 5. Counter Intelligence and Security in the UK. ) has just been p

Re:

[Shakrai]

now, please place a dna sample in the cup provided and move right along.

I might need some magazines or an internet connection before I can accommodate your request ;)

Re:

[Philip K Dickhead]

The article on th efront page does not draw attention to the most remarkable - and horrible - aspect of the MoD document.

It consistently groups "investigative journalists" into a category with "terrorists", "criminals" and "computer hackers".

The document states "the "enemy" is unwelcome publicity of any kind, and through any medium". This is the military. "Enemy" is not a metaphor to these people.

Re:

[Runaway1956]

That really hit me, as I read the article. By extension, any taxpaying citizen who would read the work of an investigative reporter would also be an enemy of the state. There is simply no way to justify the logic of their classification. Expect a new expose' in the US - people who request information under the FOI act are investigated by FBI/NSA/CIA etc ad nauseum.

Re:

[eyrieowl]

If I am trying to prevent leaks of some type of information, anyone who might be actively attempting to get that information SHOULD be grouped together in a gross classification scheme. Or, to put another spin on it, let's say that I find it offensive that you grouped "computer hackers" with "terrorists" and "criminals".... You should stop seeing the grouping as a set of moral equivalences and recognize them as functional equivalences for a narrowly defined function (actively trying to get secret informat

Re:

[Philip K Dickhead]

They have placed the lawful activity of public interest journalism into the functional category of hostile, combat action.

They are not "your" military, any more, are they?

Re:

[the_womble]

The next step from saying that journalists are functionally equivalent to terrorists, is to say that by exposing information the government wants hidden they are helping terrorists. Then they are practically terrorists.

Re:

[eyrieowl]

I specifically said for a narrowly defined function: actively trying to suss out secret information. There are many other functions which make them very different. Intent matters when determining what, if any, punitive response is required. Intent doesn't matter when figuring out what means people may use to gain access.

Re:May I be the first to say

[Chrisq]

that causes political harm or embarrassment

Other than military secrets like we have a spy in such and such position. I'm going to call upon.. "If you don't act in a manner that would embarrass yourself/department you should have nothing to worry about." They have been using it to justify countless forms of monitoring.. let's see how they like it when the positions are switched.. Yes I know I'm living in fantasy land.

I think the UK government reached an all time low in this is when Thatcher's government tried to use the official secrets act to prevent it becoming public knowledge that they had encouraged Matrix Churchill and Sheffield Forgemasters to make Saddam Hussain's supergun [millbanksystems.com], even though keeping it quiet would have resulted in the directors going to prison. So they were prepared to see innocent men who had cooperated with the intelligence services (even offering to fit a tracking device) go to prison rather than be embarrassed.

Re:

[Shakrai]

I think they reached their new all time low each time they took [wikipedia.org] rights [wikipedia.org] away [schneier.com] from their own citizens.

Re:

[internettoughguy]

Pah!, guns are irrelevant if the SIS are deceiving us as to who should be shot! We would need Govt transparency to figure out that, and a sack of NH4NO3 (readily available in the UK, AFAIK) would take care of the rest.

Re:

[alexo]

You, sir, are either trolling or have just arrived on this planet.
For the sake of the discussion I'll assume the second option, but please be advised that my arguments are homo-centric and only pertain to Terra.

I see no reason for a Civilized society to require guns.

Please give me a real-world example of what you consider "a Civilized society".

What is freedom?? Is it being free to do anything you wish??Cut that tree down??Forcibly Mate with that Woman because hey she looked good??Bear Arms??

Some say that fr

Re:

[koolfy]

can't stop laughing... tears... can't breathe... heart stopped... death by Recursive Fail.

October 6, 2009. Today, a comedian died in Slashdot.

Re:

[Hucko]

October 6, 2009. Today, a comedian died in Slashdot.

yep, that was a recursive fail

Learn from history

[abbynormal brain]

This problem has already been solved (by the Dutch no less). Put your finger in the dike!

Re:

[NotBornYesterday]

But her girlfriend doesn't like it when I do that.

Not twisted enough

[gmuslera]

Declare an inexistent document the ultimate reference on how to stop leaks, put references to it in selected internal documents and even build fake leaks about its existence. As noone will be able to find it, will really work, even against the human factor. You can make a gigantic library of such documents, and put all of them in the unexistent parallel library of congress, where noone will be able to see what countain all those leak-proof documents against sensible matters of national security. Next time someone will try to make problems, will be so sure that will be a full non-existent document about him in that library where everything is afraid of become known is written that will discard that idea, making the world a safer place.

Re:

[Hurricane78]

This Noone must be a real good agent then. If he's on weed, is he then called "High Noone"? And is he in any way related to the German singer "Heinoone"? Or rather to "Nooneien Soong"?

Re:

[st0nes]

Noone is the one who left his laptop with the secrets in a taxicab.

Re:

[ravenlock]

Noone knows.

Re:

[kalirion]

Those documents make a very interesting reading too, though you need a thaumic computer to get at them. It's a pain dealing with all the Out Of Cheese errors though...

Re:

[phantasmagoric]

If they had been clever, it would have been Joint Services Protocol 404. No one can find THAT file, let alone leak it

Britain

[gijoel]

Now with 50% more irony.

Re:

[Jurily]

Unfortunately they still don't understand it.

Re:

[ShakaUVM]

Our anti-leak memo leaked.

That... that's ironic, right?

Yeah, that's the motherfucking definition of irony.

(http://www.penny-arcade.com/comic/2007/3/9/)

Re:

[WoRLoKKeD]

But...But...That makes 150%!

Re:

[Abstrackt]

The ironing is delicious.

Re:

[MickyTheIdiot]

it's like raaaaaaaaaaaaaaaaaain on your wedding day

Re:

[grcumb]

Now with 50% more irony.

New tourist slogan:

BRITAIN - Ironic Yet Rustic

Outdated spook mentality

[1s44c]

These people are unable to adapt to a world where information can be sent around the world in seconds. They are the stupid, violent policemen who might punch you for looking at them but won't stop crime, terrorism, or anything else because they belong to some WW2 era not the current world.

They want to play stupid games with hidden codewords so they can pretend they are more important than 'civilians', all they really do is waste resources.

Re:

[Dhalka226]

I'm sorry that you struggle to accept the fact that not all information belongs in public view. Perhaps you can explain your position to me while you hand over your bank account numbers and routing codes.

I hate to shatter your world view, but sometimes keeping things from certain groups of people is the right thing to do and that doesn't change just because one of the entities is a government. Yes, it will be abused. Yes, abuse should be punished. No, that does not mean the concept is without merit or

Re:Outdated spook mentality

[internettoughguy]

I'm sorry that you struggle to accept the fact that not all information belongs in public view. Perhaps you can explain your position to me while you hand over your bank account numbers and routing codes.

Don't be ridiculous, they just admitted they were hiding dirty secrets "political harm or embarrassment", and generally destroying political transparency, and that is corrupt and undemocratic. Also using your bank account analogy their job Is not just to protect their account number, but also to steal yours (they call this information gathering). and all without any public or even legal oversight into their actions.

Re:

[internettoughguy]

Also see the Ahmed Zaoui [wikipedia.org]case for some insight into how this lack of legal transparency is so fucked up.

Re:

[Anonymous Coward]

Duh. You do realise that political embarrassment in the context of the military generally doesn't mean the Permanent Undersecretary having an affair, rather that they're doing things that they'd rather other countries didn't know about (and therefore there is the risk of embarrassment if the other country does find out) or that need to be secret and would simply look incompetent if they leaked, e.g the position of the on-watch SSBN. Or construction details of a particular kind of armour, which would be emb

Re:

[Anne Thwacks]

You do realise that political embarrassment in the context of the military generally doesn't mean the Permanent Undersecretary having an affair,

You are obviously unfamilar with UK politics. That is indeed the most frequent meaning.

Other meanings include, but are not limited to, minsters being caught beaking the law they themselves are responsible for enacting, and various assorted high-ups being caught in various forms of large scale corruption, or acts which could reasonably be desribed as treason, whil

Re:Outdated spook mentality

[slarrg]

Gee, it seems to me that the banks already give your account information to reporting agencies who will sell it to anyone with the money to buy it. So, despite my desire to keep the information secret, the governemt has already decided that we do not deserve this privacy.

The problem with government secrecy is that rather than concentrating their efforts on information that is vital to keep secret, they mark almost everything as secret with very little justification. The more pieces of information you claim are secret, the more likely that some of that information will leak through the cracks. Meanwhile the attempt to keep many secrets removes focus from the truly vital pieces which makes any given secret more likely to slip out from divided attention.

Couple this with the technology and recent government directives and we end up collecting even more public and private information, networking the information together for easy retrieval, and not focusing on the most important secrets which leads to a total mess.

Re:

[mpe]

The problem with government secrecy is that rather than concentrating their efforts on information that is vital to keep secret, they mark almost everything as secret with very little justification. The more pieces of information you claim are secret, the more likely that some of that information will leak through the cracks. Meanwhile the attempt to keep many secrets removes focus from the truly vital pieces which makes any given secret more likely to slip out from divided attention.

On the other hand you

Re:

[slarrg]

Actually, the best way to keep a secret is to hide its very existence. To use your example, it's much better to have a small bag of trash that no one knows exists and kept hidden until it can be properly destroyed. This is far preferable to mixing your secret stuff in with the rest of your garbage on the curb in a big can marked "secret."

As far as your assertion that nothing will fail to be processed because you label everything secret, this is just not true. If you only deal with a small amount of data m

Re:

[1s44c]

I hate to shatter your world view, but sometimes keeping things from certain groups of people is the right thing to do and that doesn't change just because one of the entities is a government. Yes, it will be abused. Yes, abuse should be punished. No, that does not mean the concept is without merit or that it's not worth trying.

Hiding evidence that western governments have funded racist killers and dictators isn't in anyone's interest. If they have done wrong the evidence should be given to the public so democracy can work its magic. This document is about how to keep dirty secrets private from the very people who funded them, i.e. me and you.

If people are allowed to hide wrongdoing it will only encourage them to do wrong.

Re:

[koolfy]

because they belong to some WW2 era not the current world.

If you are also referring to the inability to keep an information secret, I should point out that during that WWII, the research on Enigma done by Alan Turing [wikipedia.org] was kept secret for years after the end of the war, including to his close friends or relatives.

Re:

[dword]

This reminds me of the last released episode of Family Guy (S08E02) when Quagmire finds out about Internet Porn. We should make these people more aware of the fact that there is lots and lots of porn on the Internet and maybe they'll learn a thing or two about it out of "need".

Oh man

[Intoblivion]

The Irony Department is going to get it for this.

Re:

[NotBornYesterday]

Come on doesn't anyone else see it? A ginormous 2400 page secret document about preventing leaks is leaked just after Monty Python's 40th anniversary? We're all being meta-trolled by the British government.

Well played.

2400 pages?

[DamienNightbane]

Seriously? Who the fuck would read something that long? How can they expect a document that long to have any effect on anything aside from bureaucracy? If the document had only been two or three pages people probably would have read and understood it.

Whoever drafted and approved the document should be shot. Same with all the people that write bills that are hundreds or thousands of pages long, and doubly so for the people that vote for and sign them without having ever read them.

Re:2400 pages?

[Entropius]

I ran the text of the DMCA -- yes, all untold pages of it -- through an advanced semantic data compression algorithm.

The output was just the string "CITIZENBENDOVER".

Re:

[Hurricane78]

Let me guess: It went something like this (pseudo-code):

while (!stdin.eof) buf = stdin.read();
print("CITIZENBENDOVER");

Re:

[known_ID]

There is a thing called index....

Re:

[DamienNightbane]

There's an even more important thing called tl;dr

Re:

[ace123]

This strategy to stop leaks is brilliant! While we waste our time reading and discussing this document, we won't have time to notice any other leaked documents.

Re:

[IBBoard]

I could be wrong, but I don't think the intention is for anyone to read all of it. I think in general even people who are Security Checked [wikipedia.org] tend not to have access to all of the document, even though it is only Restricted and SC lets you have regular access to Secret material.

Doesn't quite excuse 2400 pages, but it does make it seem more like "we've mashed what could have been lots of documents in to one".

Re:

[cbiltcliffe]

Doesn't quite excuse 2400 pages, but it does make it seem more like "we've mashed what could have been lots of documents in to one".

So essentially, they're making the document leak process more efficient?

Instead of having to leak 15 different documents, you can do it all in one fell swoop?

Re:

[tcdk]

I stopped on a random page and read six page of nonsense on how to make a security taskforce of some kind - it was mostly concerned with titles of the members...

Re:2400 pages?

[Adambomb]

Robert Jordan fans.

Re:

[Aladrin]

Ow. That hit close to home. I'm re-reading the entire series in prep for the final books. ;D

Re:

[Abcd1234]

It's okay... masochism is becoming more and more accepted these days. As such, there's no need to be ashamed of your choice of lifestyle. ;)

Re:

[Jesus_666]

2400 pages is barely enough for introducing the basic premise. A 2400 page volume is nice and everything but where are the volumes 2 through 13? And, of course, the diminutive (at just 300ish pages) volume 0?

Seriously, it's no wonder this was leaked. 2400 pages would barely be enough to describe the proper procedures for the handling of braids, much less information security.

Re:

[DarthVain]

Also:

Terry Goodkind fans. (11 Books)
Steven Erikson fans. (8 Large books)
L. Ron Hubbard fans. (10 Books)

(Jordan had 11)

and not to be insensitive by Goodkind and Erikson are still alive and writing more in those series.

Also the later wheel of time books were really hurtin' near the end, I couldn't even force myself to read the last one (just to say I completed the damn thing) as I found it so bad and nauseating. Goodkind also suffers from this to a certain extent, but IMO not as bad. Erikson series in my view

Re:

[hAckz0r]

How do you think WikiLeaks got a hold of it in the first place? Obviously someone fell a sleep reading the fine manual, and someone else came along and lifted it from them. Unfortunately for the reader, he hadn't gotten to that chapter yet. I'm absolutely sure that chapter 2 would have covered that topic thoroughly. </sarcasm>

Re:

[hughk]

You have got it wrong.

The MOD produced this document that apparently nobody was reading. It doesn't really contain much that is contentious, so why not leak it and have everyone reading it.

Re:

[L4t3r4lu5]

Seriously? Who the fuck would read something that long?

Nobody in the DoJ. Obviously.

Re:

[NSN A392-99-964-5927]

I would read the full 2,400 pages. If you want to understand something fully, you have to read all of it, not just read a few pages and think you understand something when clearly you don't! IMHO this is the difference between a professional soldier and one that is amateur and cannot be arsed. Can you be arsed? http://www.arrse.co.uk/ [arrse.co.uk] you will find more indepth banter about this topic there than on wikileaks from people who really are in the know :) Regards, NSN

Re:

[damburger]

I've become convinced that long government/corporate/thinktank documents exist so as to conceal unpleasant information. For example, the notorious 'Rebuilding Americas Defences' document bleats on about nothing for ages before it gets to "wouldn't another Pearl Harbor be awesome" and "lets make ethnically-targeted biological weapons".

Re:

[andy1307]

Who the fuck would read something that long?

Nobody..Hence the leak.

Re:

[mpe]

Seriously? Who the fuck would read something that long? How can they expect a document that long to have any effect on anything aside from bureaucracy? If the document had only been two or three pages people probably would have read and understood it.
Whoever drafted and approved the document should be shot.

Or maybe their document should be printed out and dropped on them. Which might encourage them to write less or at least get them use duplexing printers :).

Quick solution

[s1lverl0rd]

A quick solution would be to just have less secrets. Telling everyone what you are doing isn't that hard - and the foreign spies, hackers and journalists will find out anyway.

Re:

[1s44c]

A quick solution would be to just have less secrets. Telling everyone what you are doing isn't that hard - and the foreign spies, hackers and journalists will find out anyway.

Creating and looking after secrets is whats keeping half the organization employed.

Re:

[jimicus]

But there's a problem with that.

You see, s1lverl0rd, we live in a world that has walls. And those walls have to be guarded by men with secrets. Whoâ(TM)s gonna do it? You, s1lverl0rd? They have a greater responsibility than you can possibly fathom. You weep for the truth and you curse the government.

You have that luxury. You have the luxury of not knowing what they know: that secrets, while tragic, probably save lives. And their existence, while grotesque and incomprehensible to you, saves lives...

You

Re:

[turing_m]

You see, s1lverl0rd, we live in a world that has walls.

If the walls are porous by design, should we care?

Re:

[drinkypoo]

You see, s1lverl0rd, we live in a world that has walls. And those walls have to be guarded by men with secrets.

If they had less secrets, they wouldn't need so many walls. And most of those secrets were caused by greed and resulting corruption, or perhaps I have that backwards.

Re:Quick solution

[Aceticon]

I think we all understand the need to for the intelligence services to keep some secrets.

What most of us are worried about is their focus on protecting information:

that causes political harm or embarrassment

- When people find out that MPs submitted expenses to parliament for buying duck-houses or cleaning moats ... that's politically embarrassing.
- When people find out that sitting ministers are evading taxes ... that's politically embarrassing.
- When people find out each and every situation of waste, incompetence and pure and simple disregard for the money that we pay in taxes on the part of politicians or people directly nominated or overseen by politicians ... that's politically embarrassing.

Those leaks are often also politically damaging for those responsible for the problem.

And here we have the intelligence services' manual for protecting information from the which amongst other things directs them to protect "information that causes political harm or embarrassment" from the prying eyes of such evil people as ... journalists.

If I didn't already believe that the UK is a corrupt and decadent nation, this would convince me.

Rubbish, I'm afraid

[Kupfernigk]

Show me a single developed country that does not do the same. The real point about MP's corruption in the UK, by world standards, was how little money was involved. Blair squirrels away a few millions; Berlusconi's companies get fined hundreds of millions and he passes a special law to protect himself; how much did the Bush family benefit from the oil price spike?

As for pork barrel, we aren't even in the same room as the US, where it is part of business as usual, Alaskan bridges, protection of industries, y

Re:

[ZekoMal]

Actually, the problem inherent in the system is that you, jimicus, believe that there are truths so terrible that we are better off never knowing them. Looking back at history, the holocaust and countless other genocides were not terrible enough to hide from the common man. So, you believe that our government is hiding something far worse than the genocide of millions...and that it's better that we don't know.

If you're too weak to handle reality, then someone failed at raising you. Terrible, unspeakable c

Re:

[QuantumRiff]

Its scary when a Tom Cruise movie quote gets rated 3-interesting... Strange things are happening.. We're jolly green giants, walking the earth, with guns!

Re:

[jimicus]

Even scarier is the replies I'm getting.

Re:

[upside]

Rejected, plagiarism. http://www.imdb.com/title/tt0104257/quotes [imdb.com]

Re:

[misexistentialist]

Judging by past secrets that have been declassified, the dark secrets you refer to are mostly mundane details well-known from public sources along with some embarrassing or shameful information whose release would be harmful to a few "important" people. Oh, and I suppose there may be some information legitimately hidden to protect the country, but since foreign intelligence services have detailed knowledge of this information, our confidence that it is protected by secrecy is just as likely a liability as n

Re:

[IgnoramusMaximus]

Are you paraphrasing a quote from Heinrich Himmler or Lavrentiy Beria? Or perheaps Erich Mielke?

Because, you know, they all would have been very fond of something like that.

Re:

[jimicus]

No, I'm shamelessly ripping off A Few Good Men [imdb.com].

My own opinion is that the world is simply too big and complicated to say that nothing ever needs to be kept secret.

Though I find it hilarious that a movie - a work of fiction - is considered sufficiently important as to be modded 4 - interesting.

Re:

[IgnoramusMaximus]

Unfortunately for that theory, secrecy is increasingly more unworkable. Even back in the WWII days it already required full-time efforts of organizations like the ones headed by the "gentlemen" I listed .... and it still did not quite work.

And with technological progress, any attempts at secrecy will by definition require more and more draconian methods to accomplish.

Which is incidentally the true aim of the vast majority of those who harp on the "need for secrecy" and "protecting ignorant people" and "wa

Re:

[R2.0]

"A quick solution would be to just have less secrets."

fewer secrets, or
less secrecy

Sorry, had to. Just had this conversation with my daughter.

Yo dawg..

[Datamonstar]

I heard you like leaks...

Re:

[harmonise]

Enough already. This meme has run its course.

To be followed up by a secondary document..

[Goodl]

How not to be seen (Caption on screen: 'HM GOVERNMENT, PUBLIC SERVICE FILM NO. 42 PARA 6. "HOW NOT TO BE SEEN"') Voice Over: In this film we hope to show how not to be seen. This is Mr. E.R. Bradshaw of Napier Court, Black Lion Road London SE5. He can not be seen. Now I am going to ask him to stand up. Mr. Bradshaw will you stand up please In the distance Mr Bradshaw stands up. There is a loud gunshot as Mr Bradshaw is shot in the stomach. He crumples to the ground Voice Over: This demonstrates the value of not being seen.

Re:

[Goodl]

How is my post in any way informative, it was meant to be titter worthy for the Python crowd

WikiLeaks slashdotted

[darkob]

It's already clogged and impossible to get. So in essence MoD may yet find another way to prevent general public from getting the documents. Create rule to "slashdot" web site hosting documents..

tag

[shentino]

epic fail

No value in leaked doc

[xezas]

One scenario is that this removes any value in the security document....so it's no big issue if it is leaked.

(yes, there's a difference between method and implementation)

can't...resist

[roggg]

Fail classified document is fail?

Simple...

[FlopEJoe]

Stop letting congress-critters have the information. When Bush was president, Democrats selectively leaked classified information to harm him. I have no doubt it will happen the other way around now with Obama and the Republicans.

Thus the MoD's learn a valuable lesson

[Dudeman_Jones]

No spy is as pervasive or unstoppable as the internet.

Re:

[garompeta]

Overflowed with ownage!

Re:It's like.. a good idea

[infolation]

Surely leaking this document is good practice? It's the opposite of 'security through obscurity'. Like peer-review, comments from the wider world would only help harden their leak-prevention methods.

Re:

[1s44c]

Surely leaking this document is good practice? It's the opposite of 'security through obscurity'. Like peer-review, comments from the wider world would only help harden their leak-prevention methods.

They can't prevent leaks, they are just too stupid to realize it.

What they can do is control the media and that alone controls the majority.

Re:

[gzipped_tar]

Security through leakage?

Re:

[tenco]

It's real-life comedy.

Re:

[V4L3R4]

Now i'm curious, any examples?

Re:

[Anonymous Coward]

this is a fairly googleable event. Example coverage: http://seattletimes.nwsource.com/html/nationworld/2004412250_brits14.html [nwsource.com]

Re:

[V4L3R4]

Why thank you, good sir, I am forever indebted to you