TMI - some info shouldn't be realtime

February 2009 - "Just landed in Baghdad" tweeted Peter Hoekstra while on a 'secret' trip to Iraq. The media was aware of the trip, but agreed to embargo the information until after they arrived back in the U.S. for the safety of the congressmen. Since the congressman started tweeting before they left, the newspapers needn't have bothered.

March 3, 2010 - "On Wednesday we clean up Qatanah, and on Thursday, god willing, we come home," the soldier wrote on his Facebook page, refering to a West Bank village near Ramallah. That's from a story on Haaretz.com regarding a Facebook security breach. The mission the young man (he may not be a soldier, now) mentioned has been scrapped. According to Robert Mackey on the The Lede such details as the units name and the time of the raid were also revealed.

In the first case, Senator Hoekstra was former head, and senior member of the House intelligence committee. You would think a man with that kind of background would have more sense than to tweet details of his Baghdad itinerary. In the second, you would think a young soldier would be aware that posting details of an upcoming mission on Facebook would be a severe security breach - and could even be considered treason. But I wonder. How many of us actually realize how available things we put on Facebook and twitter really are? Do we really understand that what we put on Twitter and Facebook can be seen by just about anyone? With all the foolish things being put up on Facebook and Twitter, the real surprise isn't that two people posted national security breaking info on social networking sites, it's that we don't see a lot more of this happening.

I'm sure that most of my readers aren't in a position to spill national secrets, but spilling your own secrets can be bad enough. Think before you post on any site, and avoid the embarrassment of foot in mouth.

Who's watching the watchers? The Insurgents.

The Wall Street Journal broke the story. It turns out that high tech comes pretty cheap. Insurgents in Iraq are monitoring some of the data feeds from the U.S. Predator drones using satellite dishes and the $25.95 "Skygrabber" software. Skygrabber was designed to access satellite signals and download data - supposedly legally. Turns out it does a pretty good job of stealing Predator drone data feeds, too.

What confuses me is that the drone feeds are not encrypted. I know military intelligence is supposed to be an oxymoron, but even if interception is unlikely you have to expect it to happen and take steps to either prevent it or make the intercepted data worthless. By strong encryption, for example. So this statement boggles my mind:

The U.S. government has known about the flaw since the U.S. campaign in Bosnia in the 1990s, current and former officials said. But the Pentagon assumed local adversaries wouldn't know how to exploit it, the officials said.

Ok. You've known about this for more than 10 years, but assumed that the local yokels could not, and would never be able to figure out how to capture your streaming data. Now that's "military intelligence."

To be fair, adding encryption isn't like installing some software, and there are concerns that encryption might cause difficulties in rapid interpretation of the feed data, and in sharing data between services. And that's enough fairness. They've known about the vulnerability for 10+ years, and not only have you not fixed it in the current drone model, it's still part of the design in the new model that is about to go into production. I can see the difficulties of modifying the current design, but to not put encryption on the new model boggles the mind. Hopefully, now that we know people are accessing the drone feeds the new drones will be updated to have encryption.