One way to reduce the problem would be to stop assigning security status to pedestrian matters of fact.
Dial back the sensitivity of the image, and just release the sat images if you are concerned about leaking the angular resolution.
Has anyone made any logistical improvements to SCIF in decades? I don't mean whizz bang tech, I mean actual changes of substance to information management on secure basis.
Current political incumbents aren't much bothered with nuance it seems.
Zak · 5h ago
A friend who has a security clearance initially didn't want to read The Atlantic's first report about Signalgate for this reason.
Of course it makes sense to prohibit making any statement that serves to confirm or deny whether any publicized information is accurate, but beyond that, once it's out, it's out. Any policy that pretends otherwise is absurd.
This has always been the policy. Unless the documents have been declassified, then access controls remain in effect, and maybe you've got a clearance, but maybe not access or need-to-know, so it would be unauthorized access, which is a security violation.
WarOnPrivacy · 2h ago
> This has always been the policy.
To the best of your understanding, what is the unambiguous, demonstrable way this policy benefits the nation? What are the gains that outweigh the cost of decades of doltish enforcement?
I am asking because of all the potential benefactors I can come up with, none of them are the American public. I'm hoping your experience can provide some unforeseen nuance.
mmsc · 7h ago
I'm not sure this is a major surprise. Since it's "leaked", it could be (and most likely is):
1. Missing important context,
2. Missing paragraphs,
3. Be edited or in fact, not real at all.
Dylan16807 · 6h ago
That doesn't seem like a reason to ban looking at it?
Also if it's not real at all then you are allowed to look at it.
mmsc · 4h ago
It can influence your decision subconsciously or otherwise.
Dylan16807 · 4h ago
Any public information or misinformation can influence your decisions. Why is it so much worse in the case of failed classification?
bell-cot · 4h ago
> Also if it's not real at all then you are allowed...
Kinda like if that wire labeled "Danger, 480V" is actually dead, then it is safe to touch. But with that approach to things, your career as an electrician could be kinda short.
mrlatinos · 7h ago
Well luckily we're all protected by the paywall.
bell-cot · 6h ago
But only if your personal security policy forbids disabling js.
kragen · 5h ago
Thanks!
bell-cot · 7h ago
Buried deep in the article is a quick nod to the relative ease of work-arounds, for org's actually aspiring to competence:
> I once asked a U.S. cybersecurity executive how his company handled the banned-documents problem in the context of securing the networks of their own clients. His answer: They would assign U.S. leaks to British analysts and leaked U.K. documents to American analysts.
But mostly the article is a simplistic attack on a simplistic policy, by a (claimed) John Hopkins professor in this area. Very heavy on how the current policy makes his life in academia more difficult. Minimal interest in what workable improvements (from the US Nat'l Security Establishment's PoV) would look like. And scarcely a mention that the whole problem would be far smaller if our Establishment was less shitty at preventing leaks of its secret documents.
EDIT/Responses:
(Dylan16807) Yes, small picture, the leaks are a different topic. But at the "professor of strategic studies" level, arguing for changes in national security policy - maybe he should pay more attention to the bigger picture? That could include mention of the degree to which "simplistic idiocy" security policies discourage and demotivate the young people who our Establishment needs as responsible clerks handling its secret documents.
(cowsandmilk) The "(claimed)" is a sarcastic dig - at the sophisticated worldview which he should bring to this subject, vs. the simplistic way he presents in the article.
AnthonyMouse · 5h ago
> Minimal interest in what workable improvements (from the US Nat'l Security Establishment's PoV) would look like.
An obvious improvement would be to not prohibit people with a security clearance from looking at documents that are already publicly available.
If the concern is that the documents could be forgeries, train them to have a suitable skepticism about the authenticity of leaks rather than prohibiting them from reading it. What if they are already skeptical and want to view the documents for some other reason? What if the government has already conceded that they're authentic, or it's something that can be easily verified given the information, so the authenticity isn't in question? What if they're in a position to prove that it isn't authentic, which could be highly useful information to the government, but nobody ever finds out if they avoid reading it because of a senseless prohibition?
Dylan16807 · 6h ago
> And scarcely a mention that the whole problem would be far smaller if our Establishment was less shitty at preventing leaks of its secret documents.
That's a very different topic, and even if it was perfectly fixed there's still so many existing documents causing constant hassle.
cowsandmilk · 6h ago
Why (claimed)? It’s pretty easy to verify this person is a professor at SAIS. And the Atlantic is a big enough publication that if someone was impersonating him, it would have been found out since publication.
atlgator · 7h ago
The policy applies to anyone holding a clearance, not just DoD employees.
helsinkiandrew · 6h ago
So if you thought you were under surveillance by the CIA, would sprinkling leaked information throughout your communications, or even “this email contains leaked information” make your messages private?
lostlogin · 33m ago
No, you just need one of those stupid riders that says ‘if this wasn’t for you, it’s illegal to read it’.
nkrisc · 6h ago
No.
bell-cot · 5h ago
A couple issues with the "just declassify stuff" approach, for those unfamiliar:
- The actual declassification decisions would be made by career nat'l security people. Who know that nobody was ever disciplined for keeping "2 + 2 = 4" secret. Nor promoted for declassifying the (metaphorical) blueprints for George Washington's false teeth.
- I've not seen it articulated, but there's also the "never speak honestly around troubled children" nature of declassifying anything. Capitalist journalism promotes junior high school drama queens, and the internet is crawling with simpletons and nut jobs. If you declassified the fact that, in 1971, DoD Junior Analysts Joe & Alice suggested basing nuclear missiles on https://en.wikipedia.org/wiki/Rockall - it wouldn't matter if their idea was vetoed the next day by an O-4, or was physically impossible anyway. There would still be a giant "OMG AMERICAN NUCLEAR MISSILES WERE GOING TO BE LAUNCHED AGAINST INNOCENT BRITISH SEAGULLS!!!" shitstorm about it - because for a (seeming) majority of humankind, "truth" is whatever idea is pushing their buttons the hardest right now.
Dial back the sensitivity of the image, and just release the sat images if you are concerned about leaking the angular resolution.
Has anyone made any logistical improvements to SCIF in decades? I don't mean whizz bang tech, I mean actual changes of substance to information management on secure basis.
Current political incumbents aren't much bothered with nuance it seems.
Of course it makes sense to prohibit making any statement that serves to confirm or deny whether any publicized information is accurate, but beyond that, once it's out, it's out. Any policy that pretends otherwise is absurd.
This has always been the policy. Unless the documents have been declassified, then access controls remain in effect, and maybe you've got a clearance, but maybe not access or need-to-know, so it would be unauthorized access, which is a security violation.
To the best of your understanding, what is the unambiguous, demonstrable way this policy benefits the nation? What are the gains that outweigh the cost of decades of doltish enforcement?
I am asking because of all the potential benefactors I can come up with, none of them are the American public. I'm hoping your experience can provide some unforeseen nuance.
1. Missing important context, 2. Missing paragraphs, 3. Be edited or in fact, not real at all.
Also if it's not real at all then you are allowed to look at it.
Kinda like if that wire labeled "Danger, 480V" is actually dead, then it is safe to touch. But with that approach to things, your career as an electrician could be kinda short.
> I once asked a U.S. cybersecurity executive how his company handled the banned-documents problem in the context of securing the networks of their own clients. His answer: They would assign U.S. leaks to British analysts and leaked U.K. documents to American analysts.
But mostly the article is a simplistic attack on a simplistic policy, by a (claimed) John Hopkins professor in this area. Very heavy on how the current policy makes his life in academia more difficult. Minimal interest in what workable improvements (from the US Nat'l Security Establishment's PoV) would look like. And scarcely a mention that the whole problem would be far smaller if our Establishment was less shitty at preventing leaks of its secret documents.
EDIT/Responses:
(Dylan16807) Yes, small picture, the leaks are a different topic. But at the "professor of strategic studies" level, arguing for changes in national security policy - maybe he should pay more attention to the bigger picture? That could include mention of the degree to which "simplistic idiocy" security policies discourage and demotivate the young people who our Establishment needs as responsible clerks handling its secret documents.
(cowsandmilk) The "(claimed)" is a sarcastic dig - at the sophisticated worldview which he should bring to this subject, vs. the simplistic way he presents in the article.
An obvious improvement would be to not prohibit people with a security clearance from looking at documents that are already publicly available.
If the concern is that the documents could be forgeries, train them to have a suitable skepticism about the authenticity of leaks rather than prohibiting them from reading it. What if they are already skeptical and want to view the documents for some other reason? What if the government has already conceded that they're authentic, or it's something that can be easily verified given the information, so the authenticity isn't in question? What if they're in a position to prove that it isn't authentic, which could be highly useful information to the government, but nobody ever finds out if they avoid reading it because of a senseless prohibition?
That's a very different topic, and even if it was perfectly fixed there's still so many existing documents causing constant hassle.
- The actual declassification decisions would be made by career nat'l security people. Who know that nobody was ever disciplined for keeping "2 + 2 = 4" secret. Nor promoted for declassifying the (metaphorical) blueprints for George Washington's false teeth.
- I've not seen it articulated, but there's also the "never speak honestly around troubled children" nature of declassifying anything. Capitalist journalism promotes junior high school drama queens, and the internet is crawling with simpletons and nut jobs. If you declassified the fact that, in 1971, DoD Junior Analysts Joe & Alice suggested basing nuclear missiles on https://en.wikipedia.org/wiki/Rockall - it wouldn't matter if their idea was vetoed the next day by an O-4, or was physically impossible anyway. There would still be a giant "OMG AMERICAN NUCLEAR MISSILES WERE GOING TO BE LAUNCHED AGAINST INNOCENT BRITISH SEAGULLS!!!" shitstorm about it - because for a (seeming) majority of humankind, "truth" is whatever idea is pushing their buttons the hardest right now.