Today we publish documents about our work everywhere. Online, in promotional materials, in briefings, in meeting notes, in business journals, even in a host of compliance documents to fulfill various regulatory imperatives. There are algorithms to scan everywhere, searching for terms, for links, and for people which might reveal more about what you’d never want published. All these things make up what we call “open source” intelligence – or intelligence gathered from publicly available information.
Though nations might move heaven and earth to get their hands on signals intelligence, human intelligence, or other classified information, open source intelligence remains the number one intelligence resource of the U.S. – and our enemies. Websites, patents, social media, instruction manuals – any one of these is subject to review by the curious. As history has shown, the discovery of such publicly available information by the wrong party can have devastating consequences.
Patent papers caused the deaths of 300 british engineers in WWII
In the first year of the Second World War, some 300 British engineers died because they could not defuse the new electrical bombs dropped by the Germans over England. It took trial and error with men’s lives, and the chance discovery of such bombs, intact, on a downed German aircraft before the technology was defeated.
Eight years earlier, in l932, the technology for such bombs was entered into the public records of the British patent office. No one knew about this open source answer. 300 men died while the answer they sought gathered dust in an unlikely place. Those Germans who built the bombs which killed these men had found it first and laid claim to it legally and openly. It would have been easy to convince the British public at the time of the value of open source awareness, if this were known. Had this technology not been publicly released, some 300 British unexploded ordnance officers would have been spared.
An earlier example involves the Maxim gun. When asked in l884 why Western nations had colonized almost the entire world, Hilaire Belloc, an English writer, said that it was not because of our advanced civilization, greater universities, or cultural advances. No, he quipped, “Whatever happens, we have got, the Maxim gun, and they have not.” Of course, the technology for this early machine gun was available to other “civilized” nations. Such technological information was routinely shared and sold in open contracts between such countries. In World War I, this exchange of information slaughtered an entire generation; by then all nations had the Maxim gun.
Businesses routinely lose open-source intelligence to our adversaries
These stories show how open source information works. What is routinely, even inadvertently given away today could kill us tomorrow. What is not tracked today could surprise us on the battlefield tomorrow. These stories about open source information end in blood. Is it inappropriate to say that the victims died from friendly fire? What is our situation today?
Each company that deals with classified information has the obligation to protect it everywhere it might appear, even where it might appear inauspiciously. This does not change when you go overseas. For instance, many companies complain that to get authorization to work and sell in a given country, they must give away controlled information. In short, to get the contract, they have to give away proprietary, even classified, information. Money trumps security.
If the foreign government ever collects such information illegally, and we are aware of this, we must report it. Some would argue, “Of course we should!” And yet, studies have shown that many companies, to protect profits in large foreign markets, do not report the loss or compromise, of some of their information in order to protect continued profits. This is particularly true in the realm of cyber compromise. If a company discovers someone has breached their security firewall, they must report this to federal authorities. Many do not. This is because, again, unfortunately, money trumps security.
As a clearance holder, you have a responsibility to protect open source information, too
Why would a company risk compromising classified information for mere money? Don’t they realize they are putting lives at stake? Don’t they realize that some soldier or airman might be killed because information was lost, thus revealing what he confidently went to war thinking was protected?
There is a belief among many cleared personnel that this “security business” is just a formality without real consequences. We can look around the world and realize this is not true. In fact, the dangers now prevalent in our multi-pronged threat atmosphere are legion. We need to be aware of how the adversaries collect information, and act accordingly to prevent their success.
Most important, however, is to report suspected leaks, losses, or compromises. A host of agencies exist to help you with this. Your leadership, staff, and especially your security manager must be conversant with reporting responsibilities for his or her information. He must know the Defense Security Service (DSS) personnel, the FBI, and his other supporting government security personnel. Each has a clear mission on how to protect you – and you have a responsibility to know what those are.
We who have clearances must be constantly aware of what we publish. If we have information that is not checked before release to the public domain, we stand to cause a calamity. Not now, perhaps, but someday in the unknown future. Somewhere down the track someone will access this information, put it together, and discern our secrets. Who this might be is today even more dangerous than when open source intelligence was first identified as a threat.