There have been many overwrought takes about what’s in this document, starting with a typo-ridden tale that Assange wrote for a cover page WikiLeaks appended to the release:
It concocts a plan to fatally marginalize the organization. Since WikiLeaks uses “trust as a center of gravity by protecting the anonymity and identity of the insiders, leakers or whisteblowers”, the report recommends “The identification, exposure, termination of employment, criminal prosecution, legal action against current or former insiders, leakers, or whistlblowers could potentially damage or destroy this center of gravity and deter others considering similar actions from using the WikiLeaks.org Web site”. [As two years have passed since the date of the report, with no WikiLeaks’ source exposed, it appears that this plan was ineffective]. As an odd justificaton for the plan, the report claims that “Several foreign countries including China, Israel, North Kora, Russia, Vietnam, and Zimbabwe have denounced or blocked access to the WikiLeaks.org website”. The report provides further justification by enumerating embarrassing stories broken by WikiLeaks—U.S. equipment expenditure in Iraq, probable U.S. violations of the Cemical Warfare Convention Treaty in Iraq, the battle over the Iraqi town of Fallujah and human rights violations at Guantanmo Bay. Note that the report contains a number of inaccurances, for instance, the claim that WikiLeaks has no editorial control. The report concludes with 13 items of intelligence to be answered about WikiLeaks.
The quotes lifted from the document are accurate, but the spin around them is a step too far. While it’s written in an odd form of bureaucratese, the analyst’s musings about knocking WikiLeaks off its “center of gravity” boil down to exposing the people who leak to WikiLeaks, so that others will think twice before doing so in the future.
Leakers who provide the press or others with classified information are usually violating the conditions of their employment, or breaking some criminal code. That doesn’t mean their actions aren’t morally defensible or valiant—often, in effect, a form of civil disobedience. But it’s hardly news that their bosses have some obligation to uncover them and make them face the consequences. Nor is it news that superiors would hope such punishment would act as a deterrent.
The document does note that “Organizations with properly trained cyber technicians, the proper equipment, and the proper technical software could most likely conduct computer network exploitation (CNE) operations”—in other words, infiltrate—“WikiLeaks.org‘s Web site, information systems, or networks” to determine the source and method behind the leaks. But it doesn’t say a word about who those organizations might be, nor does it counsel that any branch of the U.S. government should do so. (A later paragraph specifically mentions the possibility that foreign—not domestic—intelligence and security services, law enforcement, and corporations would be interested in such a course of action.)
The document also discusses the possibility that close scrutiny of the DoD’s own information technology logs and records could reveal the source of the leaks. Is it so shocking or nefarious that a branch of the government, suspecting that someone inside was leaking classified documents, might seek to see what its own IT records showed? The report says as much in its conclusions section, the closest thing to anything approaching a recommendation—rather than a report or analysis—in the document:
The unauthorized release of DoD information to WikiLeaks.org highlights the need for strong counterintelligence, antiterrorism, force protection, information assurance, INFOSEC, and OPSEC programs to train Army personnel on the proper procedures for protecting sensitive or classified information, to understand the insider threat, and to report suspicious activities. In addition, personnel need to know proper procedures for reporting the loss, theft, or comprise of hard or soft copy documents with sensitive information or classified information to the appropriate unit, law enforcement, or counterintelligence personnel. Unfortunately, such programs will not deter insiders from following what they believe is their obligation to expose alleged wrongdoing within DoD through inappropriate venues. Persons engaged in such activity already know how to properly handle and secure sensitive or classified information from these various security and education programs and has chosen to flout them.