31 comments
One way to reduce the problem would be to stop assigning security status to pedestrian matters of fact.
Dial back the sensitivity of the image, and just release the sat images if you are concerned about leaking the angular resolution.
Has anyone made any logistical improvements to SCIF in decades? I don't mean whizz bang tech, I mean actual changes of substance to information management on secure basis.
Current political incumbents aren't much bothered with nuance it seems.
A friend who has a security clearance initially didn't want to read The Atlantic's first report about Signalgate for this reason.
Of course it makes sense to prohibit making any statement that serves to confirm or deny whether any publicized information is accurate, but beyond that, once it's out, it's out. Any policy that pretends otherwise is absurd.
I was cleared for 40 years. Now I'm retired.
This has always been the policy. Unless the documents have been declassified, then access controls remain in effect, and maybe you've got a clearance, but maybe not access or need-to-know, so it would be unauthorized access, which is a security violation.
> This has always been the policy.
To the best of your understanding, what is the unambiguous, demonstrable way this policy benefits the nation? What are the gains that outweigh the cost of decades of doltish enforcement?
I am asking because of all the potential benefactors I can come up with, none of them are the American public. I'm hoping your experience can provide some unforeseen nuance.
I don't know for sure (not in that world) but wouldn't this make sense from a compartmentalisation perspective?
You have a person that knows X and a person that knows Y, but knowing both X and Y is vastly more valuable. To keep things secure you ban the X group from knowing about Y things regardless of how they found out.
It's going to produce absurdities sometimes, but the basic principle makes sense.
You've hit on part of what I think the reason may be. The C in SCI is "compartmentalized" (or "compartmented" depending upon what era you're from). Keeping information separated reduces the damage from compromise, but also prevents cleared people from seeing the big picture, which might confront the viewer with some ideological conflicts, and make them more likely to leak.
Both Boyce and Snowden leaked because of their ideological opposition to what they saw.
The truth is that "we" (the "good" guys) are doing the same rotten things that the "bad" guys are doing, and being part of that world can make you feel soiled. If "we" chose the high road and didn't stoop the level of the "bad" guys, it would put "us" at a competitive disadvantage.
https://www.nsa.gov/portals/75/documents/news-features/decla...
To survive, you need to rationalize what you see against your own values, and have a mix of patriotism and respect for the rules.
There's an ever-present danger of becoming corrupt within this culture. I've never been an "ends justify the means" sort of person, but most CIA/NSA people I've met are.
[dead]
It's a good question. Authoritarian governments will generally never admit errors or mistakes. The policy may not benefit the American public, but it does benefit the American Government in many ways. Obviously this is in conflict with "by the people, for the people, of the people."
> The policy may not benefit the American public, but it does benefit the American Government in many ways.
Coincidentally, this is the same way I describe National Security - except I include major campaign donors in the receiving column.
Buried deep in the article is a quick nod to the relative ease of work-arounds, for org's actually aspiring to competence:
> I once asked a U.S. cybersecurity executive how his company handled the banned-documents problem in the context of securing the networks of their own clients. His answer: They would assign U.S. leaks to British analysts and leaked U.K. documents to American analysts.
But mostly the article is a simplistic attack on a simplistic policy, by a (claimed) John Hopkins professor in this area. Very heavy on how the current policy makes his life in academia more difficult. Minimal interest in what workable improvements (from the US Nat'l Security Establishment's PoV) would look like. And scarcely a mention that the whole problem would be far smaller if our Establishment was less shitty at preventing leaks of its secret documents.
EDIT/Responses:
(Dylan16807) Yes, small picture, the leaks are a different topic. But at the "professor of strategic studies" level, arguing for changes in national security policy - maybe he should pay more attention to the bigger picture? That could include mention of the degree to which "simplistic idiocy" security policies discourage and demotivate the young people who our Establishment needs as responsible clerks handling its secret documents.
(cowsandmilk) The "(claimed)" is a sarcastic dig - at the sophisticated worldview which he should bring to this subject, vs. the simplistic way he presents in the article.
> Minimal interest in what workable improvements (from the US Nat'l Security Establishment's PoV) would look like.
An obvious improvement would be to not prohibit people with a security clearance from looking at documents that are already publicly available.
If the concern is that the documents could be forgeries, train them to have a suitable skepticism about the authenticity of leaks rather than prohibiting them from reading it. What if they are already skeptical and want to view the documents for some other reason? What if the government has already conceded that they're authentic, or it's something that can be easily verified given the information, so the authenticity isn't in question? What if they're in a position to prove that it isn't authentic, which could be highly useful information to the government, but nobody ever finds out if they avoid reading it because of a senseless prohibition?
> EDIT/Responses:
Your responses deserve their own comments, and by posting in this way, you circumvent the voting mechanism of other HN readers.
Thank you(?) - but one response amounted to "oops, add /s", and the other to "a bigger picture looks appropriate for this topic". And from how my comments are usually voted here, I suspect that few other HN readers want to see more of 'em.
> And from how my comments are usually voted here, I suspect that few other HN readers want to see more of 'em.
It just feels uncouth or unseemly to reply in the original post as an edit, and it’s unfair to the person you’re replying to, as they may not know you replied, because you didn’t, technically. It feels manipulative and like you are avoiding downvotes that would otherwise arrive when you comment on how your comments are voted on. This feels like thwarting the will of users and subverting the will of the users as expressed through their responses. It’s hard to even have a conversation when you edit/reply, so it’s not really promoting conversation like the guidelines encourage us all to do.
And this is as someone who usually agrees with you and your comments!
> And scarcely a mention that the whole problem would be far smaller if our Establishment was less shitty at preventing leaks of its secret documents.
That's a very different topic, and even if it was perfectly fixed there's still so many existing documents causing constant hassle.
Why (claimed)? It’s pretty easy to verify this person is a professor at SAIS. And the Atlantic is a big enough publication that if someone was impersonating him, it would have been found out since publication.
A couple issues with the "just declassify stuff" approach, for those unfamiliar:
- The actual declassification decisions would be made by career nat'l security people. Who know that nobody was ever disciplined for keeping "2 + 2 = 4" secret. Nor promoted for declassifying the (metaphorical) blueprints for George Washington's false teeth.
- I've not seen it articulated, but there's also the "never speak honestly around troubled children" nature of declassifying anything. Capitalist journalism promotes junior high school drama queens, and the internet is crawling with simpletons and nut jobs. If you declassified the fact that, in 1971, DoD Junior Analysts Joe & Alice suggested basing nuclear missiles on https://en.wikipedia.org/wiki/Rockall - it wouldn't matter if their idea was vetoed the next day by an O-4, or was physically impossible anyway. There would still be a giant "OMG AMERICAN NUCLEAR MISSILES WERE GOING TO BE LAUNCHED AGAINST INNOCENT BRITISH SEAGULLS!!!" shitstorm about it - because for a (seeming) majority of humankind, "truth" is whatever idea is pushing their buttons the hardest right now.
Well luckily we're all protected by the paywall.
But only if your personal security policy forbids disabling js.
Thanks!
The policy applies to anyone holding a clearance, not just DoD employees.
I'm not sure this is a major surprise. Since it's "leaked", it could be (and most likely is):
1. Missing important context, 2. Missing paragraphs, 3. Be edited or in fact, not real at all.
That doesn't seem like a reason to ban looking at it?
Also if it's not real at all then you are allowed to look at it.
> Also if it's not real at all then you are allowed...
Kinda like if that wire labeled "Danger, 480V" is actually dead, then it is safe to touch. But with that approach to things, your career as an electrician could be kinda short.
It can influence your decision subconsciously or otherwise.
Any public information or misinformation can influence your decisions. Why is it so much worse in the case of failed classification?
So if you thought you were under surveillance by the CIA, would sprinkling leaked information throughout your communications, or even “this email contains leaked information” make your messages private?
No, you just need one of those stupid riders that says ‘if this wasn’t for you, it’s illegal to read it’.
No.