Fresh Security Breaches At Los Alamos

WrongSizeGlass writes "MSNBC is carrying Newsweek reporting on two new security breaches at Los Alamos. Both of these latest incidents were 'human error' on the part of employees. In one, an e-mail containing classified material was sent over the open Internet rather than through the secure defense network. In the other incident, an employee took his lab laptop on vacation to Ireland, where it was stolen out of his hotel room. The machine reportedly contained government documents of a sensitive nature."

Dirty email is not as ludicrous as it sounds

[mathimus1863]

The email thing happens occasionally at my office. Sometimes, there are certain numbers that are classified in a particular context, but the other information is not. For instance, someone who is working on new type of laser may be able to talk about the laser (the knowledge of the technology is unclassified), as long as they don't disclose certain properties of it (for instance, its specific power and waveband may be classified).

I frequently see situations where a particular classified value could be derived from 3 other values. Typically, only one or two of those three values will be classified. If you work a lot with those numbers, it can be easy to forget which one is the classified value and drop it in an email to a coworker to clarify information That would be a security violation.

Another example is resolution of data. In the past, I have seen that certain data is classified only if specified to a certain number of significant digits (usually >1). Or, certain dates may be classified, but the month of the event is unclassified. Or specifying any more accurately than the Quarter may be classified.

Not to mention you can be told a classified number and the person forgets to tell you its classified. This happened recently. The guy who heard it dropped the number in an email and got a security violation. You can see how uncertainty of classifications can sneak into people's heads.