When Barack Obama promised greater transparency in government he was not suggesting the dumping of classified documents on a massive scale by the WikiLeaks web site. The huge disclosure of military documents this past August has now been followed with the leaking of classified State Department cables on an unprecedented scale. The problem has been years in the making and the current leaks are largely inevitable events. It is also a serious problem of the government's own making, requiring a radical new approach to access and control of sensitive information.
Those responsible for these leaks likely face significant jail time, and for good reasons. Almost all Americans recognize the need to protect sensitive military, intelligence and diplomatic information. Improper disclosures can cause damage ranging from national embarrassment to the compromise of military operations, loss of life, and valuable intelligence sources -- all essential to the security of the nation. Responsibility for the damage, however, needs to be shared by those who created the current situation in the first place. It is not a simple problem, and has several facets.
The sheer volume of classified information has increased over the past decade by massive proportions. Vastly increased intelligence operations since 9/11; military actions in Iraq, Afghanistan and elsewhere; as well as other diplomatic and national security activities have produced an explosion of classified information that parallels the increase in information pouring onto the Internet from the pubic domain. Given the large number of federal agencies generating classified information, the Government itself has no idea of how many million classified documents exit. Keeping all of these secrets secret presents an impossible task -- the government needs a radically new concept of information security, and not simple "fixes" to an increasingly dysfunctional system.
A second aspect of the problem lies in the adoption of new information and communications technologies by the diplomatic service and national security world. Networked computers have become ubiquitous, and access to the vast array of classified materials by almost anyone with a security clearance presents no problem at all. When personal computers and networks began to proliferate, the State Department, Defense Department, and the Intelligence Community took various approaches to their use. Classified materials were only allowed on a few secure computers, located in "secure" spaces, which were not connected to any networks. CIA and other agencies using highly classified materials removed floppy disk drives from secure computers and strictly limited access to these machines to a relatively small number of cleared individuals with a genuine "need to know."
The technology revolution forced the government and the military to change their ways, including the way classified materials were handled. Computers proliferated throughout government offices; onto the battlefield; and were soon connected to a growing number of newly created classified networks. Growing pressure for "information sharing" in the post-9/11 era caused a proliferation of federal agencies, systems and classified data bases that could be accessed by the rapidly growing number of cleared individuals within the Government as well as federal contractors, police and others.
For decades access to classified materials required both an appropriate security clearance as well as a genuine "need-to-know." This well-established need-to-know principle no longer exists for all but the most sensitive categories of information. Anyone with a clearance and access to a connected computer can download gigabytes of classified data from a myriad of government data bases in seconds onto a USB flash drive, or in some cases, simply email the data to the outside world. Traditional controls on classified data and electronic storage media have rapidly become a myth.
Possibly the most troublesome aspect of the problem has been the enormous increase in the number of cleared individuals. One recent estimate put the number of Top Secret clearances in the U.S. at 864,000 while the number with lower level Secret clearances is likely in the millions. Giving a million people access to the nation's secrets is simply a disaster waiting to happen. Clearance processing for the most sensitive secrets, such as compartmented intelligence data, has generally involved a thorough background investigation along with a polygraph examination and other screening tools. Such thorough processing is very costly, time-consuming and cannot be applied to the vast majority of all clearance candidates. Experience shows that many of those subjected to this level of personal scrutiny would not be granted access, creating an operational problem of another type.
At the same time changing social mores have forced clearance criteria to change. In the 1970's drug use, homosexual activity and other "lifestyle" criteria were automatic bars to high level classified access. As the nation became more accepting of different lifestyles, so did the security system. Many life style choices no longer created the blackmail and security risks they once did. One result, however, was to bring into the secure world a far larger number of individuals who were unhappy about their treatment in the military or by their employers and others, creating a different type of risk than the one feared in earlier days, as the recent episodes of massive leaking show.
Apart from lifestyle issues is the more general problem of risks associated with any large population. Psychiatrists estimate that in any population of a million people there will be about 50,000 cases of people with identified psychiatric disorders. While not all of these psychiatric disorders are likely to lead to leaking of classified information, it is also the case that among this substantial number are many unstable individuals who may likely engage in various forms of unacceptable behavior. Here it becomes a numbers game. A huge population of people with classified access necessarily includes a large number of seriously disturbed people, and we don't have or can't afford the tools to screen them out.
For many years government security systems focused on potential espionage and blackmail cases, as well as a relatively few number of people who leaked classified data for political purposes. These risks still exist, but as recent events have shown far greater problems have been created by the secrets explosion. Like the proverbial Dutch boy with his finger in the dike trying to hold back a flood, the government agencies who rely on security of classified information have a problem on their hand of epic proportions, which will not be solved with a 1970's approach to security. President Obama's direction to the various agencies to review their security procedures and limit classified access to a minimum number of individuals who need it is no answer at all. At best its lip service to a problem he simply doesn't understand, and many of his advisors don't fully appreciate. In the wake of the most recent disclosures of classified State Department cables Secretary Hillary Clinton gave the most articulate and compelling rationale thus far of the need for privacy and security in the conduct of international affairs. At the same time neither Secretary Clinton nor others in the administration offer any serious solutions to the systemic problems involved.
Where leakers can be identified they should certainly be prosecuted. Sending them to jail for significant sentences will always be a deterrent to at least some future leakers. Others, however, will be more careful; believe that they won't be caught; or simply don't care. The government needs a more radical approach to the classification and management of sensitive information in the modern era. More innovative technical approaches to the management of on-line classified data need to be developed, as well as constraining the unbridled access to classified computer systems, networks and data bases that has now become commonplace.
Reducing the numbers with access to Top Secret and Secret data is not an answer. A ten or twenty percent reduction in those with clearances would be meaningless, and likely be counterproductive. The law of large numbers will still prevail. Compelling demands for classified data by diplomats, the military, intelligence agencies, law enforcement, as well as the supporting contractor community necessitate these large numbers and any radical reductions would likely be a bigger disaster than the leaks.
Harassing web site operators and the media who receive these leaks raises both constitutional and logical issues. Forcing Wikileaks to remove already posted secrets is unmitigated nonsense -- the entire planet has already had an ample opportunity to download them. For years the government has had a reasonable relationship with the media on critical leaks, getting The New York Times, the Washington Post and others to redact or delay printing classified materials where there were serious national security concerns. The government needs to develop a similar approach to web site operators that dominate the new information age. This won't be easy, and may ultimately prove to be impossible. Many of these websites are off-shore; run by radicals; or simply have no interest in what the U.S. government has to say. Shutting down the sites, prosecuting foreign operators, and removing already posted materials may be impossible as well.
The government also needs to take a far more realistic approach to its policy on classification as well as the release of classified information. Declassification of Secret level data on a 20-year schedule is an outdated concept. Most of this information is highly perishable and actual risks to personnel and U.S. security interests are short-lived. Policies and procedures need to recognize this, reducing the compulsion on the part of many to leak classified data in advance of official declassification. Procedures for public release of intelligence data have already been changed for the better. CIA, for example, uses an external panel of prominent scholars to review its secrets and recommend their release. Other government agencies need to follow this model of injecting common sense into both the initial classification and subsequent release of classified information that no longer poses real security risks.
There really is no magical or simple solution to the problem of the secrets explosion. Huge increases in the volume classified data and number of clearances; the need for data sharing; and the proliferation of networked computers have all contributed to the problem. Certainly prosecution of leakers will help to some extent, but the harassment of Internet operators will not. In the end, however, the government needs to undertake fundamental changes in its overall approach to the management and release of classified information. The Internet era brought with it the largest media revolution since the invention of movable type in the 16th Century. As this revolution has come to embrace the world of classified data, the government needs a revolutionary approach to the management of its classified data as well.