US Security Classifications Needs Re-Thinking, Says Board

coondoggie writes "The U.S. government's overly complicated way of classifying and declassifying information needs to be dumped and reinvented with the help of a huge technology injection if it is to keep from being buried under its own weight. That was one of the main conclusions of a government board tasked with making recommendations on exactly how the government should transform the current security classification system (PDF)."

There ... fixed it for you

US Security Needs Re-Thinking

Re:There ... fixed it for you

[Defenestrar]

US Security Needs Re-Thinking

US Security Needs Thinking

FTFY

Revamp time

[Xicor]

in my opinion... the entire government needs a revamp... it is stuck in a world 150 years ago... it needs to be made to fit current times.

Re:Revamp time

[Defenestrar]

Seriously? You think we're stuck at the second year of the Civil War?

Game theory and first past the post may make that an inevitable cyclic event, but I think we've got a long time before we see troops marching under a Lone Star or Cascadia flag against the Stars and Stripes.

Re:Revamp time

[mcgrew]

in my opinion... the entire government needs a revamp... it is stuck in a world 150 years ago... it needs to be made to fit current times.

Nothing has changed except technology. People are teh same as they've always been.

Re:Revamp time

[alexander_686]

Well, yes and no. Focusing only on the House.

US Congressional districts, IIRC, represented about 60k. Less, if you consider that voting was restricted to white land owning males. Local factors dominated.

Currently, they represent over 600k. Big districts imply campaigns via negative 30 second ads. A big recent change is the amount of outside money pouring into the primaries – which dilute local factors and encourages ideologies over pragmatists.

I am o.k. with a think of the US Constitution.

Re:Revamp time

[alexander_686]

The founding fathers 1. distrusted parties and 2. distrusted the mobs of democracy. The idea was that people would choose wise men who would chose the president. This happened once with the election of Washington – and never again.

It was also supposed to give smaller states more weight and it sort of works for that.

It works less well when you have states that are persistently blue / red - which would have left them aghast.

Re:Revamp time

[kelemvor4]

weve been stuck with a government that doesnt change since pretty much the end of the civil war. and that only slightly changed it from when the constitution was created in the first place. just look at how many useless parts of government there are... or how many parts dont make any sense at all... one of them for example is the electoral college.... which in the digital age is totally pointless.

There's a large percentage of Americans that think the problem is the government has changed far too much. Generally they're called "republicans". Right or wrong, there's clearly a huge disparity between this group and the group that shares your view. Personally, I think the division lends its-self to the idea that the country could be headed for a civil war.

Re:Revamp time

[mjwalshe]

Um in there 18th century there where no parties in the modern sense - more loose factions held together by favors and in some cases bribes see Wiliam Huges book on Pitt the Younger. ,br>
The problem with the American system (as I see it) is that its very loose federal nature acts to stop stronger parties hence the Reps getting taken over by the religious right a text book case on entryisiam similar to that planed by the hard left in the labor party in the UK.

Tautology Club

[Antipater]

So a board tasked with finding a way to revamp our security classification system came to the conclusion that our security classification system needs a revamp?

Re:Tautology Club

[Defenestrar]

And now that board is free to form a committee ;)

Re:Tautology Club

[CanHasDIY]

... which will delegate to a sub-committee, which will branch off into intersessions, which will be all attended by a single, unpaid intern with a legal pad and one blue pen.

FYI, all official notes and correspondence must be written in black ink.

Re:Tautology Club

[Talderas]

That pen is above that intern's security clearance. It must be a traitor.

Re:Tautology Club

[jovius]

You are so right. It says in the PDF (p.18) that there is a 400 million page processing backlog at the National Archives... And:

In addition to records awaiting standard declassification review, the backlog includes records pending review
for other access restrictions, such as...archival records processing.

Re:Tautology Club

[AK+Marc]

Communication to and from the commitee must be in black ink. Communication to and from the board must be in blue ink. There will be 100 intern positions for blue to black transcription. And another 100 for black to blue transcription.

Re:Tautology Club

[CanHasDIY]

Communication to and from the commitee must be in black ink. Communication to and from the board must be in blue ink. There will be 100 intern positions for blue to black transcription. And another 100 for black to blue transcription.

No, no, it's just the one intern - the "100 interns" figure is the result of a budget oversight, which has been corrected by re-directing the salaries for the other 99 into individual Congress-critters' inside trading slush funds.

Re:Tautology Club

[davester666]

And they have friends with need of jobs and contracts! Big contracts, with extra zero's because everybody needs security clearances.

Re:Tautology Club

[mutified]

If you're not an expert then a chainsaw will do. :P

Needs a technological solution you say?

[sir_eccles]

You wouldn't happen to have a friend waiting in the wings who owns a company that just so happens to supply such solutions at great cost to government entities would you?

Re:Needs a technological solution you say?

You wouldn't happen to have a friend waiting in the wings who owns a company that just so happens to supply such solutions at great cost to government entities would you?

I think we can look forward to another 4-year project that gets canceled after 12 years due to cost overruns and not working yet.

It's easy, really.

Secret: military stuff
Top Secret: CIA drug running and other criminal activity
Top-shelf Secret: the good stuff
Burn Immediately: anything the slightest bit embarrassing

Really? No shit?

[CanHasDIY]

Well, thanks for that astute observation, Captain Fucking Obvious, whatever would we do without you?

On a side note, you're a bit harder to recognize without the mask and cape....

More tubes required.

[dstyle5]

Just dump the data into the tubes, add a few valves, screens and pumps and boom, problem solved.

Re:More tubes required.

[VortexCortex]

How will the message canisters get through the screens?

OH!, heh, no way? You seriously thought that analogy was about liquid in pipes, not some actually used tube based information delivery system where messages travel all over the building and a routing system delivers messages from endpoint to endpoint? You know, some folks still use a "series of tubes" to do drive through banking, hell, just used it to get my prescription filled for my old-man drugs...

The blue ones make me not care about anything, not even the damn lawn! Isn't science great?

Re:More tubes required.

[Antipater]

And how do you think those pneumatic tube systems work? I'll give you a hint - it involves valves, screens, and pumps.

Uk going three tier

[martin]

Uk is currently moving from the 7 tier IL 0-6 markers to a three tier system, so doesnt surprise the US are looking to follow this

Re:Uk going three tier

Here is the thing about security, you want it simple. You need people to easily understand what they can and can't access. The Confidential, Secret, and Top Secret classifications do that. But at the same time, when your security classification is too broad, then people without a "Need to Know" can access items they don't need to within their security classification. The Jonathan Pollard case is a good example of this. Due to his style of espionage, things like SCI were invented that further restrict sensitive items to only those who have a "Need to Know". Now your security system is complicated. Who do you give SCI tickets to and how do you track them and adjust over time? There is no simple solution. SCI complicates security and makes it difficult to work or share work with people that can help you out. It prevents people from knowing the Big Picture. But it also prevents assholes from selling major national security secrets to foreign countries.

Re:Uk going three tier

[AK+Marc]

The problem with the US system is that they classify everything and never declassify it (except when it reaches maximum expiry).

The system should be set up to classify the minimum amount of information, and make the most public. Maybe there needs to be a more complex system. 2 or 3 grades, and lots of letters determining type. class 2f would be financial classification (contracts and such), 2r troop deployment/location. 2a ambassadorial/international relations. So they can be handled much more linearly/discretely.

Re:Uk going three tier

[jittles]

Here is the thing about security, you want it simple. You need people to easily understand what they can and can't access. The Confidential, Secret, and Top Secret classifications do that. But at the same time, when your security classification is too broad, then people without a "Need to Know" can access items they don't need to within their security classification. The Jonathan Pollard case is a good example of this. Due to his style of espionage, things like SCI were invented that further restrict sensitive items to only those who have a "Need to Know". Now your security system is complicated. Who do you give SCI tickets to and how do you track them and adjust over time? There is no simple solution. SCI complicates security and makes it difficult to work or share work with people that can help you out. It prevents people from knowing the Big Picture. But it also prevents assholes from selling major national security secrets to foreign countries.

In general that is not a problem at all. If you read the rules of the current classification, you have no business reading or accessing any item that you do not have a "Need to Know" about. Strictly speaking, reading a classified document that does not pertain to you is grounds for losing your security clearance. The other classifications in SCI, like NO-FORN, etc aren't really that complex at all. And certainly NO-FORN will still have to exist, since there may be material that you want to explicitly exclude from allies. Anyway, my point is that even if you do not have a clearance you are supposed to report people abusing "Need to Know" and if you have a clearance, you are required to report any known or suspected violations. What else can you do?

I'd like to think that the problem they are trying to address is the cost of having someone go through all those FOIA requests and having to redact everything. I'm hoping they want to make it easier to determine what can and can't be released, and how soon items can be divulged. That's hope anyway. If its anything else, then someone is trying to throw a consulting / contracting bone to a campaign contributor.

Re:Uk going three tier

Whenever I've written something that may be classified, I've never been able to make an honest assessment of its real classification without help from superiors. Network and software documentation in particular, as I don't really know what "grave danger" to national security really means. Also, it's entirely possible for two pieces of secret info to be tied together and suddenly the result is top secret. This is the hard part, near as I can tell. If I'm an analyst and doing my best to combine all the info, I report and... shit... a confidential doc (personnel) combined with a secret doc (operating bases) and that's top secret, but I only roll it up to secret/noforn... shit. Under time deadlines, these (relatively) minor leaks can happen, but the impact on an individual's career might be fairly unforgiving of an innocent mistake. I've had a fair amount of training on this, but at the end of the day, without knowing the whole picture, I always ask for help before pushing anything out on the networks if in doubt.

Re:Uk going three tier

[thoromyr]

Which is why the normal behavior is to classify a document to the highest level possible. There is no penalty that I'm aware of for overclassifying a document, but it can certainly be a career ender to underclassify. So don't think about it, it isn't worth it. If you can classify at TS then do so. Apply every caveat you have the ability to. (Although to be fair the caveats generally "apply themselves" its the S vs TS that's more of an issue.)

or just get rid of the government

We could just remove the government entirely so we don't have to waste any resources on burocrats clasifying/declasifying documents.

Re:or just get rid of the government

[gtall]

Grandma won't like not getting her SS checks. I think that would probably be okay, she can live with you, can't she?

From the article

[captaindomon]

"Current page-by-page review processes are unsustainable in an era of gigabytes and yottabytes. New and existing technologies must be integrated into new processes that allow greater information storage, retrieval, and sharing. We must incorporate technology into an automated declassification process" So this article isn't about changing the classification levels, etc. It's about making a computer decide what should be classified or not. Does anyone think it is a good idea to have a computer decide which information is sensitive, based on some kind of context analysis or something? This is someone trying to sell to the government. It just has to be-

Re:From the article

[manu0601]

"Current page-by-page review processes are unsustainable in an era of gigabytes and yottabytes."-

What is the point of keeping documents if we take for granted that nobody will read them?

The trouble is on the non-military side

[Animats]

The military view of security (from the part that uses weapons) is that information needs to be protected only until the enemy can't use it. A classic line is "Where the ship was last week is UNCLASSIFIED. Where the ship was yesterday is CONFIDENTIAL. Where the ship is now is SECRET. Where the ship will be tomorrow is TOP SECRET."

The important secrets in the combat arms are about future plans and current vulnerabilities. The significant ULTRA interceptions during WWII were mostly boring but important position and strength returns from German units. They'd intercept daily reports like "13th Panzer: 1245 men, 45 tanks, 3350 liters fuel, 245 rounds tank ammo." Intel people would translate this into "13th Panzer down to half strength, has only enough fuel to move 6 km and fight for 1/2 hour." Churchill would then sometimes issue orders like "Do not lose heart! Press on and you will be victorious!" Allied tank units would attack the vulnerable unit, the German unit would run out of fuel and ammo and be destroyed.

The intel side wants to classify everything forever, because they don't want the enemy to know how much they know and what sources they have. There's something to be said for this, provided that the intel side shuts up. In the era when NSA was targeted on the USSR and didn't share with law enforcement, that worked. The problem now is a big collection vacuum coupled with selective leaks to the rest of the government.

Then there's pure bureaucratic classification to avoid embarrassment. This has become much worse since anti-terrorism paranoia. It was a big problem before that, though; too much of the USAF budget, for example, is "black". Eventually it comes out what was being built, and there really haven't been significant breakthroughs comparable to, say, the SR-71 in a long time.

Re:The trouble is on the non-military side

[TFAFalcon]

There is another category : Things we did that we don't want to talk about.

Let's say the military has one of their SNAFUs and bombs a school full of kids. They have a perfectly good reason for not wanting the information to go public : their enemies could use it to whip up support and create more extremists.
But there is another side to this. To hide it from the enemy you also have to hide it from your own public. In a dictatorship this wouldn't matter, but what about a democracy. How can people decide whether they support the war or not, when they aren't being given accurate information about it? Perhaps if the number of children killed by the army was reported, people would decide that the war just wasn't worth it and put pressure on the politicians to stop it.

I couldn't agree more...

[Shoten]

Man, let me tell you how hard the current situation is to work with. This one time, I was working on (REDACTED) and then (REDACTED) comes up to me and (REDACTED), "Dude, where are the (REDACTED) on the (REDACTED) flesh-eating (REDACTED)?" To which I had to say, "Well, the problem is that (REDACTED) is all kept over in (REDACTED) so that in the event of (REDACTED) most of the (REDACTED) will be (REDACTED)."

I mean, who here can't identify with that?

Misses the real issue.

The classification system, as written, is actually pretty decent--information should only be classified under specific circumstances and for a limited duration. How it's applied in practice is not; information is often restricted because people are worried that they might get in trouble for releasing too much, because they don't want scrutiny from the public or other government agencies or even divisions within the same agency, or just because they want control. I don't see how technology solves any of these problem--it's generally a good thing that classified information is need-to-know only, so widespread data sharing and indexing just isn't feasible for most kinds of classified data. Classified data requirements generally aren't too onerous and do a good job keeping classified systems airgapped from unclassified systems.

I think the best solution is to enforce the rules we have in place, and require a higher standard to be met to classify data. The executive isn't going to do this; perhaps Congress needs to impose some limited oversight. That said, I don't trust Congress to do a better job these days, either. American society values perceived security way above government transparency these days; and the way the classification system is interpreted today is a direct result of how values have changed in this country. Things won't get better until the American people stop being afraid and start being critical of their government again.

Security Classifications

[thejynxed]

A big part of the problem, is that they classify by default.

If this one practice was banned, we wouldn't have this issue.

The default should be no classification. They then should prove that it requires a classification, and not just by going "Because we say so".

Civil disagreement.

[TiggertheMad]

With who? The civil war occurred because one large physical bloc of the country disagreed with another large physical bloc. If you look at the counties vote in national elections, that isn't the case here. It isn't North vs. South, its more like urban vs rural. How exactly is that going to work?

Re:Civil disagreement.

[gtall]

See Syria, try to draw battlelines there.

We must have control!!!

[TiggertheMad]

This will not happen, because if the mindset of: "What if something that is important slips through? Its better to just classify everything just to be safe."

You want to be the general who's staff accidentally leaks something important? Goodbye career, because a corporal forgot to look at the last page in a folder before handing it to a reporter.

Simple problem

[Sqreater]

They are close to classifying everything now, so just do that. Make everything Top Secret. Simple. Done.

Just make it where only....

[3seas]

...US citizens can see any classified information if the employees it pays for.

If you think this is futile.... then what isn't?