This spring, the US government suffered the largest leak of classified material since Edward Snowden exfiltrated more than one million documents and passed intelligence to journalists in 2013.
What was novel about this most recent leak was the chosen medium and the time it took for intelligence officials to notice it had happened. Jack Teixeira, a 21-year-old airman in the Massachusetts Air National Guard, allegedly removed classified military documents and posted them to a Discord channel that had approximately 20 members. The leak was eventually discovered by authorities when the documents were posted to a much larger channel.
It’s safe to assume the US intelligence community has the personnel and tools to scour Discord for potential future leaks going forward. But this incident demonstrates a greater challenge for global public safety agencies: any connected app or device is potentially a critical vulnerability. Such vulnerabilities are becoming friendlier to adversaries and more challenging for lawful investigations and counter-intelligence.
The problem of cyber-enabled crime has been growing for some time. Terrorists have used gaming consoles and multiplayer strategy games to plan attacks and secure messaging apps to carry them out. Human traffickers and drug pushers leverage online marketplaces and social media. Child sexual abusers use live-streaming platforms and peer-to-peer networks. The dark web is a cesspool of illegality, ranging from the sale of stolen firearms to hate speech and the incitement to terror. The proceeds of illicit activity are often laundered using cryptocurrencies.
To put the magnitude of the challenge in focus, the Apple App Store and the Google Play Store now have more than five million apps available. Any one of those, or the millions of connected devices, can enable a crime or be critical to an investigation.
Cyber-enabled crimes are costly and difficult to investigate for public safety agencies globally. In 2022, for example, police agencies in the United Kingdom reported a backlog of 25,000 digital devices, largely smartphones, awaiting examination as critical evidence. Such backlogs are having negative consequences on the pursuit of justice and the well-being of victims.
Technology companies have exacerbated the cyber-enabled crime challenge. They have latched on to privacy sentiments of consumers and are building complex encryption into their products.
At the same time, crimes in which investigations are being impeded by encryption are now exceeded in volume, variety and velocity of change by cyber-dependent offences such as hacking, ransomware and phishing.
Most of these attacks are financially motivated. But cyber breaches are also used for geostrategic ends, such as misleading electorates and causing societal disruptions. Hospitals, electrical grids and other critical infrastructure depend on continuity of digital systems, and their going offline can wreak havoc.
Given our growing dependence on digital connectivity for commerce, social connection and access to critical public services, we must ask whether the technology sector’s approach has adequately upheld its social contract. While the right to privacy is fundamental, the social contract reasonably limits some individual civil liberties, including privacy, in exchange for security.
Home builders cannot build a house without regulation, oversight and inspection. Farmers can’t grow and sell food items without similar governance. Yet, most technology developers can build and market their products to some of the most vulnerable people in society, while knowingly compromising their safety.
Some agencies and regulators, such as Australia’s eSafety Commissioner and the US Federal Bureau of Investigation, are raising public awareness and proposing remedies. However, most leading technology companies seem content with the status quo — which ultimately places responsibility with legislators.
This is a critical, global challenge. No meaningful progress can be made unless the United States, the European Union and their liberal-democratic allies, including Canada, seriously address the security risks posed by digital platform technologies and balance them with privacy rights. If they don’t, the benefits of a digitally connected society will continue to be eroded by the security issues they create.