The recent spat of media cycles surrounding the unauthorized retention of classified materials by members of the executive branch of government, coupled with FBI Director Christopher Wray’s comments on January 26, surrounding the normality of investigating such cases has caused quite the stir, and rightly so. Handling and mishandling classified materials is a big deal.
The Achilles Heal – Secrets with feet
The fact that classified information walks out the door is not news, indeed it has been the achilles heel for Facility Security Officers (FSO) and custodians of classified materials since time immemorial. Fear of losing classified information is a keystone to every insider threat program, as protecting the information is king.
Unfortunately, there is no shortage of stories of rank-and-file personnel, as well as senior executives retaining classified information in an inappropriate manner and in an inappropriate location. This is not unique to Presidents and Vice Presidents.
The key ingredient when this happens is intent.
Let’s look at a couple of examples so we may distinguish between intentional and inadvertent retention of classified information.
Within ClearanceJobs, I’ve written on numerous instances where individuals purposefully and with malevolent intent, retained classified information. In each instance, these individuals were able to circumvent the security protocols in place and successfully exfiltrated the information out of the building. Many of these individuals were arrested and prosecuted for their actions and given prison time.
In each instance, be it former CIA Director John Deutch copying classified information from his classified machines and moving it to his personal machine because he was losing access, or Harold Martin, who over the course of 20-plus years squirreled away over 50 terabytes of classified information, in both instances, the fact that the classified information was retained without authorization and the individuals knew they were breaking the law speaks to intent.
Then we have those instances, and I’ve seen it with my own two eyes, where office moves occur and papers are boxed and labeled. Rarely is the senior most executive boxing their own materials, and often in the case of an emergency situation, the individual isn’t present to pack their own materials.
People are human, busy, sometimes distracted, and yes, errors are made and a piece of classified materials may have been placed in a file, that was kept in a classified environment, but lacked markings (admittedly a shortcoming) and when the pack out occurred, those lack of markings were placed in the wrong grouping.
Similarly, there are those instance where an individual is walking information within a government building (Pentagon, White House, CIA Headquarters, etc.), and have the information dutifully labeled and appropriately secured, and they forget it is in their folio, they go home and discover their error.
In each instance, when the discovery is made, the papers/data is returned to the appropriate environment and the individual reports the incident as having occurred. And if the individual doing the reporting is the same person who inadvertently took the classified information out the door, then there should be no surprise that self-reporting occurred. It is expected. Forget to lock a safe? Self-report. Forget to secure a piece of classified within the office space? Self-report.
Assumption of Trust
The handling of classified information requires all concerned to operate within the same parameters and understanding. There is an assumption of trust. Trust that the individual will do the right thing, even when no one is looking. This trust is universal, without this trust, the government would constipate itself and no information would be accessible, no information would be shared, etc.
Can one make the argument that too much information within the government is classified? Absolutely. Similarly, the evolution of tagging and marking classified information is of import and new technologies are available that track the electronic handling of information and issue hand receipts for the hard copy transference of information.
When Reality Winner stole her classified report, she accessed it within the classified system and then printed it out. Both of those actions were captured in the network logs. It was only when the media company, The Intercept, contacted NSA and asked if the document was legitimate, did the agency know something was amiss, as her access was authorized (and logged). It required a bit of forensic sleuthing, to see who had access to the report, and then who had printed or saved the report, and indeed, only a handful of individuals met that criterion.
And when a document shows up, apparently having dropped directly from the heavens (as was the case in the recent Supreme Court leak of a draft opinion) one wishes some of the new technologies in development and coming to market were available. We spoke with Sergey Voynov, CEO and founder of G-71 about their LeaksID product which creates a unique imprint on any and all documents using steganography. When a document is printed or emailed, a unique identifier associated with the user is embedded within. Such an identifier would have fingered Winner in seconds. Similarly, in the case of the Supreme Court, the draft opinion was emailed to a variety of individuals. That same technology, Voynov tells us, would have had the attachment provided to each addressee uniquely marked within the Court, and when Politco shared the copy of the draft opinion in their possession, Voynov posits, “the individual who shared their copy would have been identified.”
Trust but verify
New technologies, more processes, more frequent bag checks both coming in and out of classified environments will help raise awareness and keep reminding the insiders as to the need to adhere to the classified handling rules and regulations. But we all know that the determined individual is like water – they will find a way.
This is why, the most important tool and resource within every classified environment is the individual. The individual needs to be judicious, careful and precise when handling classified information. They need to be trustworthy and trusted to say something when they see something askew or out of sorts. Further more, self-policing is expected and is a key ingredient in the trust equation. These trusted employees also need to know that in the event of probable cause, the appropriate tools, data logs, and ancillary information is available to sort through to both exonerate, as well as identify those who are suspected of breaking this bond of trust.
For reference, these are the classification definitions from the Code of Federal Regulations.
18 CFR § 3a.11 – Classification of official information.
- Top Secret: “Top Secret refers to national security information or material which requires the highest degree of protection. The test for assigning Top Secret classification is whether its unauthorized disclosure could reasonably be expected to cause exceptionally grave damage to the national security. Examples of exceptionally grave damage include armed hostilities against the United States or its allies; disruption of foreign relations vitally affecting the national security; the compromise of vital national defense plans or complex cryptologic and communications intelligence systems; the revelation of sensitive intelligence operations; and the disclosure of scientific or technological developments vital to national security. This classification is to be used with the utmost restraint.”
- Secret: “Secret refers to national security information or material which requires a substantial degree of protection. The test for assigning Secret classification shall be whether its unauthorized disclosure could reasonably be expected to cause serious damage to the national security. Examples of serious damage include disruption of foreign relations significantly affecting the national security; significant impairment of a program or policy directly related to the national security; revelation of significant military plans or intelligence operations; and compromise of significant scientific or technological developments relating to national security. The classification Secret shall be sparingly used.”
- Confidential: “Confidential refers to national security information or material which requires protection, but not to the degree described in paragraphs (a) (1) and (2) of this section. The test for assigning Confidential classification shall be whether its unauthorized disclosure could reasonably be expected to cause damage to the national security.
Those are the three classifications. Now there are various codewords and designations to significantly enhance the protection of information, and with each compartment and sub-compartment penalties are revealed to those with a need to know when they are “read into” the compartment. That is to say, as part of the process for an individual to see classified materials they sign a secrecy agreement commensurate with their clearance level and if special compartments are required, that too requires a separate reading in (and out when the need to know is dissipated.)