The Elephant in the Room

Ever wonder about the origin of the phrase “the elephant in the room?”  Did the phrase originate with Russian author Ivan Andreevich Krylov, whose “The Inquisitive Man” tells of a man who goes to a museum and notices all sorts of tiny things, but fails to notice an elephant? Or does it stem from an argument at Cambridge University in 1911 between Ludwig Wittgenstein and Bertrand Russell? Might it arise out of a Mark Twain story titled “The Stolen White Elephant?” It appears there is no definitive conclusion to be drawn. But the phrase lends itself nicely to examining the cyber story now dwarfing all others—the theft and publication of what is being referred to as “The Panama Papers.”

The theft of more than 11 million documents from a Panamanian law firm has become a leading story in many nations, in no small measure because the documents can be connected to some of the most powerful and influential people in the world. The political repercussions were substantial. Iceland’s prime minister resigned, U.K. Prime Minister David Cameron apologized and released his tax returns, Vladimir Putin shrugged, and senior Chinese leaders practiced their version of the “Golden Rule.” Obviously, there will be more to come as documents continue to be released and as investigative authorities in affected nations pour over information to determine whether laws were broken.

This last point is worth pondering.  As a general proposition, unless one is either a person whose information has been compromised by the theft of the aforementioned documents, or a close friend or relative, it’s likely we are generally satisfied that the end here justified the means. At this point we don’t know what laws were broken, or who, precisely, was guilty of what, but we have a reasonable supposition that something underhanded was going on. We treat any suggestion that there are substantive privacy issues that arise out of the theft of documents with the same humorous perspective we’d have for Captain Renault’s memorable line in Casablanca “I am shocked, shocked to find that gambling is going on in here!”  Thus, just as surely as there is gambling in a casino, there must be criminality in offshore banking.

The United States has experienced similar phenomena at least twice recently. First, Chelsea (then Bradley) Manning turned over a trove of sensitive military and diplomatic documents to Wikileaks.  Later, Edward Snowden leaked volumes of classified information about global surveillance programs run by the U.S. and some of its allies. The Snowden case touched off a huge debate over the appropriate balance between national security and privacy rights.  But there was an earlier drama that inspired this interesting Fortune article by Rajiv Gupta.

Likening the latest high profile breach to Watergate, Gupta wrote…”The Panama Papers represent the future of political scandal in the digital age—from the initial hack down to the cloud technology used to analyze the documents. Journalists Bob Woodward and Carl Bernstein, who famously took down Richard Nixon, could hardly have imagined working with millions of pages of confidential documents. This generation’s Watergate will be conducted through shared folders and chat rooms. Mossack Fonseca, the hacked law firm, embodies the cyber risk to which many organizations have not yet woken up. Hackers are clearly after more than just credit cards and social security numbers. The breach is at once a glimpse into the brave new world of online leaks and a warning that all organizations should assume any sensitive information to be a potential target.”

Gupta squarely addresses the privacy issue. “Publicly releasing the entire cache of documents, as some have called for, calls into question the right to privacy of Mossack Fonseca clients, especially those who may not have committed illegal activity or do not hold public office. “Hacktivism” inherently takes decision-making away from the legal system. What happens when “hacktivists” act on behalf of principles or entities we consider deplorable or dangerous? Should the abuse of privacy of the innocent be considered unfortunate but necessary collateral damage?”

In the nascent stages of the many investigations being carried out as a result of the theft of The Panama Papers, it’s doubtful privacy will be a leading concern. But the world we now live in will soon force a painful examination of privacy. Every organization must look closely not only at its own data protection practices but also at those of any partners who may hold data on its behalf. The real elephant in the room is the fact that very little information is truly secret any more. In fact, we may need to caveat the use of the term secret, attributing it to what is private at the moment… as best we know.

By Tom Davis, SDI Cyber Risk Practice

April 12, 2016