08 October 2015


'Can Technology Prevent Leaks?' by Nathan Alexander Sales in (2015) 8(1) Journal of National Security Law & Policy 73-101 comments
The Obama Administration has prosecuted a record number of government employees for leaking classified information. Yet despite this prosecutorial surge — nine cases in less than seven years — a steady stream of high-profile leaks continues and shows no sign of abating. This essay considers why the threat of criminal punishment sometimes fails to deter leakers. It argues that the expected penalty for leaking is quite low; very few leakers ever face criminal charges and those who are convicted receive relatively modest sentences. The essay therefore proposes that authorities seeking to prevent catastrophic leaks should make greater use of technological controls. Examples include access controls that restrict which users may view what information for which purposes (including biometric identity verification), immutable audit logs that record users’ system activity, and automated processes to verify that users are entitled to access the information they seek and to monitor for suspicious patterns of behavior.