Research Library
Monthly Research
& Market Commentary

Leaks, Whistle-blowing and the Impact of PRISM on the Cloud, Thus Far

In June of 1971, a RAND Corporation employee, Daniel Ellsberg, illegally copied top secret US military reports and showed them to the New York Times. What came to be known as ‘the Pentagon Papers’ described US involvement in Vietnam during the 1945-67 period, and revealed that the military’s internal assessment often differed sharply from what the Johnson and previous administrations had said publicly. Government efforts to prevent publication were quickly blocked by the US Supreme Court.

The Cloud

While legal controversies are usually well outside of the scope of LEF research, we believe that these stories are important to every large firm because they have major implications for the future of individual privacy, Big Data, trans-border data flows, organizational transparency, cloud computing and the boundaries between national security and global commerce.

After a brief period in hiding, Ellsberg turned himself in to the US authorities, but he also had a great deal of public support. This came first from the growing anti-war movement; then it spread much more broadly – especially after the conspiracy, theft and espionage charges against him were dismissed in 1973. In contrast, the fear of future leaks led the Nixon administration (inaugurated in 1969) to secretly set-up the so-called ‘White House Plumbers’ operation which was responsible for, among other things, the break-ins at the office of Ellsberg’s psychiatrist and later the Democratic National Committee headquarters at the Watergate office complex. It’s hard not to think about this history as US Army Private Bradley Manning is found guilty of all but the gravest charges against him, as Julian Assange enters his second year of refuge at the Ecuadorian embassy in London, and as Edward Snowden remains in hiding somewhere in Russia. While legal controversies are usually well outside of the scope of LEF research, we believe that these stories are important to every large firm because they have major implications for the future of individual privacy, Big Data, trans-border data flows, organizational transparency, cloud computing and the boundaries between national security and global commerce.

People, process and technology

As we have often said, effective information security typically requires a combination of people, process and technology, in roughly that order of priority. This was very much the case in the examples above. Ellsberg, Manning and Snowden each had their own methods, motivations and strategies. For example, Ellsberg was the only one who first tried to raise his concerns through official channels, which many see as a very important distinction. Clearly, the three men have very different personalities.

Because both Manning and Snowden had unusual backgrounds that could have suggested various risks, there has been much criticism of the hiring processes. However, it is worth pointing out that Ellsberg had a PhD from Harvard and was an established defence industry insider; so solid personal backgrounds are no guarantee. Perhaps the most important lesson about process is that by deeming so much information to be classified, governments can make it necessary for even low-level analysts like Manning to need very broad information access to do their jobs.

In all three cases, technology and hacking played only a minor role. Ellsberg, Manning and Snowden all had authorized access to the information they revealed, and services such as WikiLeaks were not essential. Ellsberg did his copying with a Xerox machine.

Leaking vs Whistle-blowing

Bradley Manning provided WikiLeaks with hundreds of thousands of pages of actual documents (a more wholesale approach than Ellsberg’s). In contrast, Snowden chose to tell the world in broad terms what he believes has been going on, using classified documents to verify his claims. In this sense, Manning was primarily a large-scale leaker and Snowden more of a whistle-blower. While these terms are, of course, closely related, they are not interchangeable.

But the biggest difference between these two cases is that the effects of the Manning leaks on the US have been relatively small. While there were a number of important and embarrassing revelations, unlike the Pentagon Papers, they didn’t shock or significantly alter public opinion. Given Manning’s harsh three-year pretrial custody and likely long prison sentence to come, it’s hard to see how his many admitted violations of US law were worth it, and many feel that the then 20-year-old was both naïve and troubled. (Perhaps it is some consolation that by documenting corrupt government practices in the Middle East, Manning may have unintentionally contributed to the outbreak of the Arab Spring.)

In contrast, Snowden’s revelations have already forced the US Director of National Intelligence, James Clapper, to apologize for his “clearly erroneous” Congressional testimony regarding US data collection practices. They have also triggered a major and still-growing global debate about the extent and transparency of government surveillance initiatives. Changes in public policies are now quite likely, and a few small changes have already been made.

Whether Snowden ultimately faces an Ellsberg- or Manning-like future (or something entirely different) remains to be seen. In recent years, whistle-blowers have been treated harshly and often unfairly. But their fate tends to be strongly influenced by the public’s reaction to both what it learns and how the individual behaves. However, it can take time for these societal perceptions to stabilize – which is why whistle-blowing remains a necessary but very risky activity.

Changing political dynamics

To gain a better understanding of the politics involved, I recently watched both the US House (July 17) and Senate (July 30) hearings on the use of the Foreign Intelligence Surveillance Act (FISA), where Republicans and Democrats questioned key officials from the US Department of Justice (DOJ), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI) and others about the PRISM project, which collects metadata on all US telephone calls. (Equally controversial government efforts to collect email and other Internet traffic have thus far received much less official focus. But given Snowden’s recent XKeyscore revelations, this will almost certainly change.)

Unlike most such hearings, it was often hard to tell who was from which party. Many Democrats and Republicans claimed they didn’t know the extent of what was going on and expressed Fourth Amendment concerns about unreasonable searches. While the NSA, FBI and DOJ officials stressed PRISM’s value in preventing attacks, and the considerable care with which it is managed, the consistent line of questioning suggested that oversight changes and greater transparency are likely. An attempt to sharply curtail current practices, the so-called Amash amendment, narrowly lost in the House of Representatives (217 votes to 205), but was supported by 111 Democrats and 94 Republicans. Clearly, this certainly won’t be the end of the process.

Business impact

Whatever one thinks about the security and privacy trade-offs involved, the acknowledgement of large-scale US surveillance has altered the global business climate. Although other governments do similar things, the revelations have given credence to those suspicious of cross-border information flows and the power of companies such as Apple and Google, while motivating various trade protectionists and anyone else concerned about US internet dominance. Don’t be surprised if the impact on privacy and ‘safe harbour’ regulation in Europe and elsewhere proves considerable. The need to address these growing international concerns is another reason why changes in US government policies are likely.

Not surprisingly, leading US internet firms feel pressured to explain the extent of their involvement. A broad (but far from comprehensive) coalition of US firms and civil liberties groups has called for more transparency. But it isn’t clear if getting all the facts out would make things better or worse, especially if any of the various rumoured techniques such as ‘back doors’ and master encryption keys prove true. While today’s spotlight has mostly been on the leading cloud and telecoms suppliers, similar government requests for data could easily be made to just about any firm.

Looking ahead

Massive government and corporate data collection are here to stay, and this will require a constantly evolving social contract.

In recent years, our research has emphasized the growing importance of openness, transparency and digital trust, and the need to factor these strategies into an ever-widening range of personal, business and government activities, sometimes even national security challenges. Massive government and corporate data collection are here to stay, and this will require a constantly evolving social contract.

Given the extent of the PRISM programme, it was probably inevitable that we would learn about it one way or another, and that a robust debate would then follow. The challenge now is to find a workable and sufficiently transparent system that leverages the many common interests and values of citizens, companies and governments all around the world. One test of the success of such a system would be if the societal reaction to future whistle-blowing is more like that in the Manning case than in the Snowden and Ellsberg examples.

Given the real need for secrecy in a dangerous world, that’s probably the best that we can do. Maintaining both security and privacy will always be a difficult balancing act, and it is one we will continue to watch closely in the months and years ahead. Few legal issues will more directly shape the future of global business practices and society’s confidence in our increasingly digital world. In many ways, the debate has only just begun.


*{{ error }}
*{{ error }}
*{{ error }}
*{{ error }}
*{{ error }}
*{{ error }}


Research Commentary

PDF (1.1 MB)


David Moschella
Research Fellow
David Moschella, based in the United States, is a Research Fellow for Leading Edge Forum.  David's focus is on industry disruptions, machine intelligence and related business model strategies.  David was previously Global Research Director of the programme. David’s key areas of expertise include globalization, industry restructuring, disruptive technologies, and the co-evolution of business and IT.  He is the author of multiple research reports, including Disrupting the Professions through Machine Learning and Digital Trust, 2016 Study Tour Report: Applying Machine Intelligence, There is Now a Formula for Machine Intelligence Innovation,  Embracing 'the Matrix' and the Machine Intelligence Era and The Myths and Realities of Digital Disruption. An author and columnist, David’s second book, Customer-Driven IT, How Users Are Shaping Technology Industry Growth, was published in 2003 by Harvard Business School Press.  The book predicted the shift from a supplier-driven to today’s customer-led IT environment.  His 1997 book, Waves of Power, assessed global competition within the IT supplier community.  He has written some 200 columns for Computerworld, the IT Industry’s leading publication on Enterprise IT, and has presented at countless industry events all around the world. David previously spent 15 years with International Data Corporation, where he was IDC’s main spokesperson on global IT industry trends and was responsible for its worldwide technology, industry and market forecasts.    


21st Century
Adaptive Execution
Proactive, Haptic Sensing
Reimagining the Portfolio
Value Centric Leadership


2019: The Year of Digital Decisions
15 Jan 2019 / By Richard Davies
Defending Digital
12 Dec 2018 / By David Moschella
Our Research Agenda 2019
30 Nov 2018 / By Simon Wardley, David Reid
The Winter of AI Discontent: Emergent Trends in Algorithmic Ethics
29 Nov 2018 / By Caitlin McDonald
It’s Time to Challenge the Value of Everything
29 Nov 2018 / By Richard Davies, Bill Murray