Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Security Classifications Needs Re-Thinking, Says Board

Posted by timothy on from the this-post-is-ultra-double-secret-probation-only dept.

coondoggie writes "The U.S. government's overly complicated way of classifying and declassifying information needs to be dumped and reinvented with the help of a huge technology injection if it is to keep from being buried under its own weight. That was one of the main conclusions of a government board tasked with making recommendations on exactly how the government should transform the current security classification system (PDF)."

17 of 76 comments (clear)

  1. There ... fixed it for you by Anonymous Coward · · Score: 5, Insightful

    US Security Needs Re-Thinking

    1. Re:There ... fixed it for you by Defenestrar · · Score: 5, Funny

      US Security Needs Re-Thinking

      US Security Needs Thinking

      FTFY

  2. Tautology Club by Antipater · · Score: 3, Funny

    So a board tasked with finding a way to revamp our security classification system came to the conclusion that our security classification system needs a revamp?

    --
    Everything is better with chainsaws.
    1. Re:Tautology Club by Defenestrar · · Score: 2

      And now that board is free to form a committee ;)

    2. Re:Tautology Club by CanHasDIY · · Score: 3, Funny

      ... which will delegate to a sub-committee, which will branch off into intersessions, which will be all attended by a single, unpaid intern with a legal pad and one blue pen.

      FYI, all official notes and correspondence must be written in black ink.

      --
      An enigma, wrapped in a riddle, shrouded in bacon and cheese
    3. Re:Tautology Club by Talderas · · Score: 2

      That pen is above that intern's security clearance. It must be a traitor.

      --
      "Lack of speed can be overcome. In the worst case by patience." --Znork
  3. Needs a technological solution you say? by sir_eccles · · Score: 4, Funny

    You wouldn't happen to have a friend waiting in the wings who owns a company that just so happens to supply such solutions at great cost to government entities would you?

  4. Uk going three tier by martin · · Score: 3, Informative

    Uk is currently moving from the 7 tier IL 0-6 markers to a three tier system, so doesnt surprise the US are looking to follow this

    1. Re:Uk going three tier by Anonymous Coward · · Score: 4, Insightful

      Here is the thing about security, you want it simple. You need people to easily understand what they can and can't access. The Confidential, Secret, and Top Secret classifications do that. But at the same time, when your security classification is too broad, then people without a "Need to Know" can access items they don't need to within their security classification. The Jonathan Pollard case is a good example of this. Due to his style of espionage, things like SCI were invented that further restrict sensitive items to only those who have a "Need to Know". Now your security system is complicated. Who do you give SCI tickets to and how do you track them and adjust over time? There is no simple solution. SCI complicates security and makes it difficult to work or share work with people that can help you out. It prevents people from knowing the Big Picture. But it also prevents assholes from selling major national security secrets to foreign countries.

    2. Re:Uk going three tier by AK+Marc · · Score: 2

      The problem with the US system is that they classify everything and never declassify it (except when it reaches maximum expiry).

      The system should be set up to classify the minimum amount of information, and make the most public. Maybe there needs to be a more complex system. 2 or 3 grades, and lots of letters determining type. class 2f would be financial classification (contracts and such), 2r troop deployment/location. 2a ambassadorial/international relations. So they can be handled much more linearly/discretely.

      --
      Learn to love Alaska
    3. Re:Uk going three tier by jittles · · Score: 2

      Here is the thing about security, you want it simple. You need people to easily understand what they can and can't access. The Confidential, Secret, and Top Secret classifications do that. But at the same time, when your security classification is too broad, then people without a "Need to Know" can access items they don't need to within their security classification. The Jonathan Pollard case is a good example of this. Due to his style of espionage, things like SCI were invented that further restrict sensitive items to only those who have a "Need to Know". Now your security system is complicated. Who do you give SCI tickets to and how do you track them and adjust over time? There is no simple solution. SCI complicates security and makes it difficult to work or share work with people that can help you out. It prevents people from knowing the Big Picture. But it also prevents assholes from selling major national security secrets to foreign countries.

      In general that is not a problem at all. If you read the rules of the current classification, you have no business reading or accessing any item that you do not have a "Need to Know" about. Strictly speaking, reading a classified document that does not pertain to you is grounds for losing your security clearance. The other classifications in SCI, like NO-FORN, etc aren't really that complex at all. And certainly NO-FORN will still have to exist, since there may be material that you want to explicitly exclude from allies. Anyway, my point is that even if you do not have a clearance you are supposed to report people abusing "Need to Know" and if you have a clearance, you are required to report any known or suspected violations. What else can you do?

      I'd like to think that the problem they are trying to address is the cost of having someone go through all those FOIA requests and having to redact everything. I'm hoping they want to make it easier to determine what can and can't be released, and how soon items can be divulged. That's hope anyway. If its anything else, then someone is trying to throw a consulting / contracting bone to a campaign contributor.

  5. From the article by captaindomon · · Score: 4, Informative

    "Current page-by-page review processes are unsustainable in an era of gigabytes and yottabytes. New and existing technologies must be integrated into new processes that allow greater information storage, retrieval, and sharing. We must incorporate technology into an automated declassification process" So this article isn't about changing the classification levels, etc. It's about making a computer decide what should be classified or not. Does anyone think it is a good idea to have a computer decide which information is sensitive, based on some kind of context analysis or something? This is someone trying to sell to the government. It just has to be-

    --
    Just because I can hook a shark from a boat, I do no offer to wrestle it in the water.
  6. The trouble is on the non-military side by Animats · · Score: 5, Informative

    The military view of security (from the part that uses weapons) is that information needs to be protected only until the enemy can't use it. A classic line is "Where the ship was last week is UNCLASSIFIED. Where the ship was yesterday is CONFIDENTIAL. Where the ship is now is SECRET. Where the ship will be tomorrow is TOP SECRET."

    The important secrets in the combat arms are about future plans and current vulnerabilities. The significant ULTRA interceptions during WWII were mostly boring but important position and strength returns from German units. They'd intercept daily reports like "13th Panzer: 1245 men, 45 tanks, 3350 liters fuel, 245 rounds tank ammo." Intel people would translate this into "13th Panzer down to half strength, has only enough fuel to move 6 km and fight for 1/2 hour." Churchill would then sometimes issue orders like "Do not lose heart! Press on and you will be victorious!" Allied tank units would attack the vulnerable unit, the German unit would run out of fuel and ammo and be destroyed.

    The intel side wants to classify everything forever, because they don't want the enemy to know how much they know and what sources they have. There's something to be said for this, provided that the intel side shuts up. In the era when NSA was targeted on the USSR and didn't share with law enforcement, that worked. The problem now is a big collection vacuum coupled with selective leaks to the rest of the government.

    Then there's pure bureaucratic classification to avoid embarrassment. This has become much worse since anti-terrorism paranoia. It was a big problem before that, though; too much of the USAF budget, for example, is "black". Eventually it comes out what was being built, and there really haven't been significant breakthroughs comparable to, say, the SR-71 in a long time.

  7. I couldn't agree more... by Shoten · · Score: 3, Funny

    Man, let me tell you how hard the current situation is to work with. This one time, I was working on (REDACTED) and then (REDACTED) comes up to me and (REDACTED), "Dude, where are the (REDACTED) on the (REDACTED) flesh-eating (REDACTED)?" To which I had to say, "Well, the problem is that (REDACTED) is all kept over in (REDACTED) so that in the event of (REDACTED) most of the (REDACTED) will be (REDACTED)."

    I mean, who here can't identify with that?

    --

    For your security, this post has been encrypted with ROT-13, twice.
  8. Re:Revamp time by alexander_686 · · Score: 4, Interesting

    The founding fathers 1. distrusted parties and 2. distrusted the mobs of democracy. The idea was that people would choose wise men who would chose the president. This happened once with the election of Washington – and never again.

    It was also supposed to give smaller states more weight and it sort of works for that.

    It works less well when you have states that are persistently blue / red - which would have left them aghast.

  9. Misses the real issue. by Anonymous Coward · · Score: 2, Interesting

    The classification system, as written, is actually pretty decent--information should only be classified under specific circumstances and for a limited duration. How it's applied in practice is not; information is often restricted because people are worried that they might get in trouble for releasing too much, because they don't want scrutiny from the public or other government agencies or even divisions within the same agency, or just because they want control. I don't see how technology solves any of these problem--it's generally a good thing that classified information is need-to-know only, so widespread data sharing and indexing just isn't feasible for most kinds of classified data. Classified data requirements generally aren't too onerous and do a good job keeping classified systems airgapped from unclassified systems.

    I think the best solution is to enforce the rules we have in place, and require a higher standard to be met to classify data. The executive isn't going to do this; perhaps Congress needs to impose some limited oversight. That said, I don't trust Congress to do a better job these days, either. American society values perceived security way above government transparency these days; and the way the classification system is interpreted today is a direct result of how values have changed in this country. Things won't get better until the American people stop being afraid and start being critical of their government again.

  10. We must have control!!! by TiggertheMad · · Score: 2

    This will not happen, because if the mindset of: "What if something that is important slips through? Its better to just classify everything just to be safe."

    You want to be the general who's staff accidentally leaks something important? Goodbye career, because a corporal forgot to look at the last page in a folder before handing it to a reporter.

    --

    HA! I just wasted some of your bandwidth with a frivolous sig!