While lawmakers work themselves up into a tizzy that the White House might be leaking classified information to make President Barack Obama look good (and wouldn't it just be the living end if true, given Obama's habit of prosecuting leakers?), Sen. John Kerry asks whether it's appropriate for the media to actually let the public know what's going on. Via Politico:
Sen. John Kerry on Wednesday questioned whether The New York Times should have published explosive stories last week about President Obama ordering cyberattacks against Iran's nuclear program.
"I personally think there is a serious question whether or not that served our interest and whether the public had to know," Kerry, the Foreign Relations Committee chairman, told reporters. "To me it was such a nitty-gritty fundamental national security issue. And I don't see how the public interest is well served by it. I do see how other interests outside the United States are well served by it." …
Earlier, Kerry said he was "disturbed" by the leaking of classified information cited in the Times story, saying it endangers U.S. national security and "begs retaliation" from America's enemies. The chairman said he couldn't understand how an American citizen could leak classified information that could potentially put the country at risk.
It's not the act itself that "begs retaliation," you see, it's the reporting of it. The fact that there could be blowback for targeting a foreign nation's nuclear program with a computer virus doesn't mean you possibly shouldn't do it. It means you should make sure you don't tell your own public. After all, how would Iran ever conclude that the United States and Israel could be working together to design a virus to shut down their nuclear ambitions? Anybody could be the culprit! Anybody at all! They would never have figured it out had The New York Times kept their big traps shut.
Or, perhaps, they might have gotten a clue from this 2010 story from The Guardian that suggests Israel was responsible for it and that Stuxnet was pretty obviously designed to target Iran. Or maybe this story from Forbes.com from 2010 that talks about the suspicions and various theories that the United States and Israel were the sources of the virus. Or perhaps this lengthy Vanity Fair investigative report from from last year that says, "[T]here is vanishingly little doubt that the United States played a role in creating the worm." The fact is, The New York Times story merely revealed the truth that anybody who followed computer security news already suspected, and Iran doesn't seem like the kind of nation that needs a metaphorical smoking gun before casting blame.
More to the point, launching the virus itself could ultimately give Iran (or others, because Stuxnet, like every other government venture, immediately got out of hand and ended up in places where it wasn't meant to be) the tools to bring about that blowback Kerry is so worried about. Via The Christian Science Monitor:
Although Stuxnet is estimated to have eventually destroyed as many as 1,000 high-speed Iranian gas centrifuges designed to enrich uranium, its importance was far larger than that, [German cybersecurity expert Ralph] Langner warned. It demonstrated that a cyberweapon could physically destroy critical infrastructure, and that process could also work in reverse.
"One important difference between a cyber offensive weapon and some kind of advanced bomb, for example, is that when the bomb blows up you can't examine or reverse-engineer it," says Joel Brenner, a former national counterintelligence executive in the Office of the Director of National Intelligence.
"Once you find the malware, on the other hand, once you find the code, you can see how it was done," he says. "So we are going to see more operations of this kind – and the US's critical infrastructure is undoubtedly going to be targeted. I still don't think that the owners and operators of most of that infrastructure understand the gravity of this threat."
The possibility that Stuxnet could come back to haunt us does seem to meet a certain "need to know" threshold. The New York Times Managing Editor Dean Baquet responded to Kerry via Politico:
"Our job is to report issues in the public interest, and this piece certainly meets that standard," Dean Baquet, the Times managing editor, said in a statement to POLITICO. "As always with sensitive stories, we described the piece to the government before publication. No one suggested we not publish. There was a request to omit some highly technical details. We complied with the request after concluding it was not a significant part of the piece."
Well, that ought to add more ammo to those who believe the White House is actually causing the leaks.
Start your day with Reason. Get a daily brief of the most important stories and trends every weekday morning when you subscribe to Reason Roundup.