As the fallout from Edward Snowden’s leaks continue, questions over current technology and information security policies are increasingly growing in importance. Last year, in response to a Department of Defense statement dealing with a new anti-leak plan, writer and activist Marcy Wheeler said, “Have we gotten so paranoid that one of our top intelligence people is going to spend his time watching journalists than watching our military enemies?”
THE INSIDER THREAT
The United States is the most powerful democratic republic in the world. We should not criminalize journalism to prevent leaks; rather, the United States should move to counter internal threats in a more proactive fashion. New efforts to synchronize the functions of security, counter-intelligence, and information assurance across the interagency have had a small semblance of success, but are no longer sufficient. Archaic security practices of the present must give way to proven approaches of the past.
For centuries, the United States has successfully executed covert and clandestine actions across the globe without the threat of leaks which exist with today’s heightened technological footprint. From the Revolutionary War to as recently as the 1950s, emphasis was placed on empowering select individuals to execute national security strategy. These techniques were replicated to great effect in the early years of the administration of George W. Bush, up to and including limiting distribution of Presidential authorizations and hand-carrying sensitive documents. The recent emphasis on sharing has created more problems than it has solved. This does not help, but hurts, our national security and affords too many people too much access to too much information.
The government is hopelessly dependent on a logic-defying honor system. Need-to-know has been diminished to little more than a pledge not to disclose classified information. The adjudication process culminating in a security clearance is fraught with problems. Focused on getting them on the job, this process offers little to no scrutiny after the individual has begun work. Current personnel security practices do not work, and the Obama’s administration’s “need-to-share” has only exacerbated this further.
This has only allowed for more leaks in the vein of Edward Snowden, Bradley Manning, and Bryan Minkyu Martin. If anything, the measures which are being undertaken by the administration do not address the increasingly important issue of insider threats.
THE HONOR CODE
In light of a number of unauthorized disclosures, a new campaign was initiated by John Brennan, Director of the Central Intelligence Agency (CIA) was ironically termed, “Honor the Oath”. The new and rather surreal effort was little more than Brennan insisting that the CIA cannot trust itself and therefore needed to reaffirm an internal honor code. However, a former CIA analyst recently asserted the Agency needs a better strategy than mere oaths. Honor codes have already demonstrated their lack of utility in the covert setting.
John Kirakou epitomized the model of a successful CIA employee. Kirakou was a graduate of George Washington University, with degrees in Middle Eastern Studies and Legislative Affairs, in addition to being recruited to the CIA by his graduate school professor—himself a CIA official. Kirakou was well-aware of the code. Regardless, this did not stop him from colluding with journalists and lawyers in an initiative called the John Adams Project. The Project set forth to uncover the identities of those interrogating Al Qaida detainees and other members of the national clandestine service tasked with capturing Al-Qaida’s leadership. Due to these leaks, if someone wanted to kill these U.S. government personnel, they now had directions to their homes.
Kirakou is not alone. The code also mattered little to Mary McCarthy, described by Washington Post as a “senior CIA official” of over twenty years. McCarthy was the original leaker to the Washington Post about secret CIA “Black sites” where Al Qaida members were being held and interrogated. As a justification for her actions, McCarthy said “CIA people had lied” and used their “lies” as a partial excuse for leaking sensitive data.
Ineffective honor codes are not the only downsides when maintaining security in this new era of leaks. Immediately after 9/11, there were complaints that government agencies were not adequately sharing data on terrorists. Some said that information needed to be centralized in an effort to promote interagency access and cooperation. In theory, the establishment of the Office of the Director of National Intelligence and the National Counterterrorism Center would enable the government to search a centralized database which could be shared amongst relevant agencies. In practice, according to a 2010 article by Newsweek, senior officials of the Obama administration expressed concern at the dizzying array of government databases related to counterterrorism and intelligence efforts. The officials went onto say there were, “No fewer than 30 separate government data networks which connect to more than 80 government databases”. In an even more damning indictment of the Obama administration’s new information sharing initiatives, Secretary of Homeland Security Janet Napolitano, complained there were too many databases and inferred there should be broader centralization.
Nevertheless, this centralization has only opened the door to more leaks. In a 2004 interview with Jim Lehrer, then Defense Secretary Donald Rumsfeld warned of the pitfalls of panacea-like centralization, saying:
“It just doesn’t work… The idea that you can put everything in one place is belied by the reality that we have different uses for that information and it can’t be in one place. … You have to have this coordinated, cooperative arrangement where you break out these stovepipes that categorize everything and then no one can look in those categories, unless they’re cleared for that.”
THE BIG PROBLEM WITH BIG DATA
Presently, this system amounts to a giant “Share drive” where those in authority are not paying any scrutiny to those already inside the system. Unless one leaves government service or faces revocation of their security clearance, classified information is there for the taking. This gaping hole in our security practices enabled Bradley Manning to penetrate networks he had unfettered access to, and “systematically harvest” hundreds of thousands of pages of classified material. Yet, even after these security failures, these repositories of data remain wide open.
Take the case of Bryan Minkyu Martin, himself a case study for the Department of Energy on, “Insider threats”. Martin, a first-generation Chinese-American, enlisted in the U.S. Navy Reserves as an intelligence specialist. While training to deploy to Afghanistan, Martin was temporarily assigned to the Joint Special Operations Command (JSOC), the vanguard of global counterterrorism strategy. Despite his background investigation and final adjudication for a “Top Secret” security clearance (a mere three years before), Martin exceeded his access to classified defense information to which he theoretically should not have had access. In practice, Congressionally-mandated repositories of data, paired with the failed honor system, did nothing to stop him from downloading and even printing classified information from JSOC’s computer systems.
It is the responsibility of the government, not the press, to mitigate the release of classified national security information. To dull the effects of unauthorized disclosures, we must be proactive. Achieving greater security requires the United States to adapt to the operational environment. Information is easily accessible; the individual has been empowered by the advent of the internet and social media, and a plethora of tools not available to previous generations. A waning confidence in our system of government coupled with fiscal uncertainty has exposed a number of flaws in these systems and left us susceptible to new dangers. However, current events and history still provide relevant lessons. It is now up to the administration to rediscover them.