Let me tell you a joke.

A new employee starts his first day of work in his new office. After being shown to his desk, the IT support tech arrives to explain the computer system. He gives the new employee his login details including username and password. Then he says, “This is our computer system. Since it handles all the corporation’s secure data and traffic, we have spent billions on its state-of-the-art security: 128 bit encryption, multiple firewalls, virus detection. The works. For the next five seconds, this is one of the most secure computer systems in the world.”

“Why only for the next five seconds?” asks the puzzled employee.

“Because you just wrote your password on a post-it note and stuck it to your monitor,” replies the exasperated computer technician.

Okay, it’s an old joke but it reflects a very real truth: Even the most secure computer network is at risk to become vulnerable if the people using it do not follow proper security guidelines.

Why, you might ask, am I going on about cybersecurity?

The reason? Because Watchtower has just sent a rather forceful letter to all congregations in Nigeria, trying to address serious concerns they have over this very matter.

The Secret Side of the JW.org website





First, let me give a bit of background. To the casual observer or a dedicated Witness not exposed to the inner workings of Watchtower, JW.org might seem no more than an online streaming and publishing website, a place to obtain magazines, books, videos and the like.

However, the website also has a logon section where approved users login with provided, individual credentials and gain access to confidential materials. These users are typically elders and other appointed men. They can exchange correspondence between other users, departments and branches, as well as, view confidential letters, review procedures, and exchange sensitive information.  All of this is kept out of sight from rank-and-file Witnesses and other non-approved persons.

Understandably, Watchtower is very serious about the password-protected section of their website. For one thing, leaks of confidential information have proved very damaging in court. An unforgettable example of this was when Angus Stewart confronted Terrence O’Brien on stand during the Australian Royal Commission with his organization’s own internal branch manual. Stewart shared the contents in open court thus exposing that Watchtower had been actively misleading the Royal Commission.

So, now that we understand the full scope of what JW.org actually comprises, let’s take a look at the letter.*

Dated July 03, 2016, the letter is entitled:

Re: Serious Violation of JW.org Confidentiality

The letter starts by praising the JW.org website as a “wonderful tool and gift from God” but then quickly switches gears and tone with the following words:

However, many congregations and elders in Nigeria are not following the procedures provided by the organisation when it comes to the use of jw.org. This has resulted in serious violations of confidentiality on Jw.org which could give enemies of the truth and apostates undue access to our website.

I was quite surprised by the tone of this letter. Most of the letters sent from Watchtower to the bodies of elders have a friendly tone, written in a spirit of fellowship, even if the advice or orders contained within are of serious nature. But this letter, overall, is very direct and to the point. You get the sense that the writer was clenching his teeth while hitting the keys hard.

Additionally, it would seem that Watchtower is not happy with, as the letter indicates, “many congregations and elders in Nigeria.” [italics mine] Again, it’s unusual for Watchtower to use such language. In my many years as a Witness, along with my time as an activist, I have often observed Watchtower trying to minimize the scale or severity of any internal problems they are experiencing, even when addressing these issues in confidential letters. Usually, if there is a problem, they would describe it as the fault of some brothers or a few brothers. It’s rather rare for a Watchtower letter to chastise “many congregations and elders” in this blunt, angry tone.

So, what exactly are these elders and congregations in Nigeria doing that have Watchtower so upset? The letter lists six types of behavior that risk the security of the website:

Scenario 1: Elders have been assigning access rights for the website to those outside of their congregations, simply because they are computer literate.
Let’s be honest, we’ve all been there. When confronted with the often confusing and temperamental world of Microsoft and RAM, ROM, SCUSI, DVD, FLIM, FLOM, WTF, RTFM, etc., it is tempting to just find that friend who works in IT (who seems to understand this gibberish) and get them to sort it out. Apparently, this has resulted in rights being given to those in congregations other than the designated elders, meaning their access cannot be monitored. The letter admonishes elders not to do this, even if the other person is an appointed man (even a circuit overseer).

Scenario 2: Ministerial Servants have been given access to JW.org as domain administrators.
This is a very high level of access that allows a person vast control over other users and information, including the ability to grant access rights to others. They have thus apparently gained access to very sensitive material that only elders should get access to. Thus, all congregations are to remove these rights from any MS they have granted them to.

Scenario 3: Those disqualified by judicial or other reasons have not had their privileges revoked.
This one is pretty astonishing. I know that in the corporate world, as soon as a person is fired, their computer access is revoked to make sure that an angry or upset employee doesn’t have access to sensitive information or systems. One would have assumed, given the near phobic level of paranoia Watchtower encourages Witnesses to have about the disfellowshipped or the sinful, that congregation elders would instantly remove access rights from such ones. But, apparently not.

It seems that in many cases, one who has been reproved, had privileges taken away, or even disfellowshipped, has been left with full access to the digital heart of Watchtower. One wonders how many freshly disfellowshipped or disassociated ones have walked out of their traumatic judicial committee, settled down at home in front of the laptop, flexed their fingers over the keyboard and gone to work …

Scenario 4: Some congregations only have one domain administrator with no backup.
This is potentially a serious problem. If you have a locked room full of important information, and only one person knows the code to get in, you’d better hope that person doesn’t go anywhere. This principle also extends to the digital world. Apparently, congregations have been operating in these exact circumstances, meaning that when the admin dies, moves or becomes disqualified, the congregation loses access to the site.

Scenario 5: Some have given their passwords to family, ministerial servants, and/or cybercafé attendants so they can log in for them.
Remember that joke I told you at the beginning of the article? Your password is only as good as the number of people who know it. Hint: If that number is more than one (i.e., you) your password is no good.

Scenario 6: In some cases, judicial, legal and other sensitive matters (details specified in the letter) have been sent to the inboxes of all bethel departments, thus exposing material to those ones. The letter makes a special point that this means unauthorized ones, even sisters, have been exposed to material they should never have seen. Seriously, the letter makes a special point about the fact that sisters have seen this information.
(Apparently, those fragile female brains just explode when exposed to the serious business of running a religion, or something.)

The letter goes on to outline processes to avoid repeats of these incidents, and then concludes by stating, in underlined text, that the qualifications of any brother not following these orders could well be called into question.

Can Watchtower ever really secure its data?

On one level this might seem to be nothing more than a humorous distraction, an amusing glimpse of an organization trying to run a global religion in the Internet age, but this letter is worthy of serious consideration for two reasons:

1: The image the Organization often projects, that of a smooth, celestial chariot guided by Jehovah, gets a bit tarnished once you take a look behind the curtain and see how poorly the Organization’s affairs are frequently managed, especially in comparison with professional (worldly) organizations that Watchtower often holds in disdain.

2: Watchtower can’t fix this problem with the measures they have outlined in the letter.

Why?

Security systems are only as secure as the people who use them. You can train people who lack skill, but you can’t account for people who are secretly disloyal to you.

People like elders.

Watchtower has more than a few elders who are fully awake to the true nature of the organization as a harmful controlling cult, but because of the shunning sanctions, are unable to leave for fear of losing their family and friends. Often, these elders do whatever they can to assist activists and government investigations, such as the Austrailian Royal Commission, by providing such ones with confidential Watchtower information taken directly from letters and sources such as the secure login sections of JW.org.

Watchtower might be able to correct for accidental security breaches but, until it embraces a person’s human right to change their religion without penalty or punishment, they will never be able to correct for those trapped inside who choose to strike a blow against their Orwellian captors by passing information to those on the outside who are aiming to break those chains.

I mean, how do you think we at JWSurvey get these letters?

http://jwsurvey.org/governing-body-2/news-bulletin-confidential-watchtower-letter-reveals-jw-org-security-issues

LOL