A person looking at top secret files with a magnifying glass

commentary

(U.S. News & World Report)

October 13, 2015

Defining a New Paradigm for Government Secrecy

Photo by DNY59/iStock

by Richard S. Girven, Sina Beaghley, Cortney Weinbaum

The future of government secrecy is shifting. When the current classification system was created, the U.S. government collected and generated its own secrets, wrote them down or typed them up on a typewriter and — for the most sensitive of those — recorded the number of those classified documents in existence and locked them in safes. It was relatively easy to keep track of the number of people who had access to each secret, and if one or two were leaked, the national security enterprise as a whole was not necessarily affected. Requests for information from the public and media were largely answered at the government's discretion.

In today's world, this scenario sounds quaint and, for government officials responsible for protecting national security information, those were the good old days. Today the government does not have a monopoly on the collection of secrets – meaning that by the time highly important information reaches government eyes, it frequently has already been collected and stored by a commercial satellite, a public sensor, a massive database of financial transactions or shared via social media. Retroactively classifying such information, even the composite of such information, has questionable usefulness. When information does leak out, the quantity shared is no longer limited to the number of pages a single employee can sneak out the door. Technology has afforded the U.S. national security apparatus incredible capabilities, along with equally monumental challenges and also risks from inside and out.

There are at least three fundamental drivers of change that are shifting the paradigm of government secrecy: the ubiquity of unclassified data, increased internal and external threats and public demands for transparency. This new environment affords opportunities to national security agencies, yet each driver carries risks that, if ignored, can threaten the U.S. national security enterprise.

Ubiquity of Unclassified Data

Valuable information increasingly comes from unclassified data, technologies and networks. Networks of cameras, unclassified overhead imagery and sensors connected to the "Internet of Things" provide intelligence benefits without the need for agencies to develop and place their own monitoring systems. Valuable information often exists just behind commercial firewalls, such as financial and social media data, and within the unstructured dark web.

The government can respond and adapt by creating new data access arrangements and increasing its use of off-the-shelf technologies. This involves identifying which data sets are most valuable, gaining access through partnership with industry and foreign entities, and sometimes analyzing the data where it resides on unclassified servers outside the U.S. government system. Artificial intelligence algorithms, facial recognition and other biometrics algorithms, change-detection algorithms and other tools can create intelligence value. Sometimes these tools will be owned and operated by the government, and sometimes they won't.

Meanwhile, relying more frequently on off-the-shelf technologies and less often on government-owned classified systems provides the government access to innovations that can meet mission requirements faster and cheaper than custom-tailored systems and can be replaced as often as a new commercial capability comes online.

Increased Threats

Terabytes of data can be stolen by one person from inside or outside an agency. Information-technology systems are increasingly complex, intertwined and outside of the control of any one chief information officer. It is nearly impossible to protect every node at all times, and it is becoming more difficult and more expensive to keep classified information secret.

The government can respond and adapt by maintaining a smaller volume of classified information, by using scenario-based planning to prepare for leaks and by moving more information off of classified IT systems.

By changing its classification approach and only classifying the most sensitive sources, methods, programs or analysis, the government can focus its resources on protecting this smaller proportion of information. For example, finished intelligence analysis is often needlessly classified at the highest level of the sources used, even when those sources are not identifiable in the final product and the final assessment agrees with unclassified assessments available in open sources.

The use of scenario-based planning can better prepare agencies for leaks by anticipating the damage to compromised systems, human sources and foreign relationships before they occur. Such contingency planning would allow leaders time before crisis strikes to make informed decisions about whether risks are worthwhile, how they could be mitigated or minimized and how to respond if the worst-case scenario occurs. Scenario-based planning with red teaming can result in action plans for how specific leaks would be addressed in the immediate aftermath, shortening initial response times and mitigating damage during crises.

Regardless of the source of the information, classified or open, agencies commonly move collected data onto classified systems for processing and analysis. This increases the financial costs to store and protect the information, while creating a rich target for internal or external adversaries trying to compromise sensitive systems. Some offices have begun a different approach by hiding information in plain sight, whereby they analyze, store and even disseminate information on unclassified systems that may or may not be owned by the government. This could include hiding data in unlikely places on the Internet where it has little meaning except to its intended recipients or publishing open source analysis on unclassified systems without government attribution. Both approaches are currently used in specific situations and could be expanded more widely across agencies and missions.

Public-Driven Transparency

The public's decreased trust in intelligence agencies has led to increased demands for transparency and new requirements from the White House, Congress, foreign partners and industry. As information about intelligence capabilities and programs is released, new questions are raised. New requirements for transparency will also create the need for additional resources and personnel dedicated toward this effort.

The government can respond and adapt by authorizing and training employees to anticipate and respond to public demands. In most agencies, Freedom of Information Act and public affairs personnel are the only employees authorized to provide information to the public. These employees frequently lack a full understanding of specific programs and the benefits and risks of sharing information about them, resulting in a lengthy process to get approval, an overly cautious approach about what to release or both. Often the fear of oversharing leads to a public perception of stonewalling.

To help resolve this issue, agencies can create transparency action teams dedicated to deciding what information can be released. In the specific case of a high profile event in the news, these teams can anticipate FOIA requests and prepare their responses before the requests are made. As industry and foreign partners request new contractual and liaison conditions, these teams can lead agencies' strategic approaches to partnerships and information sharing. Employees in acquisition, contracting, policy, intelligence analysis, intelligence production and foreign liaison roles could all receive training on appropriate means of sharing information in near real time when appropriate. Without authorized personnel trained to make such decisions, the approval process can become burdensome to partners who expect immediate answers, especially during a crisis.

The old paradigm of government secrecy is becoming a less viable approach for the future. The government has the option to choose — whether to adjust to the new environment and the new paradigm by taking a proactive approach or to allow external forces to determine the future of its secrets.


Rich Girven is associate director of the Intelligence Policy Center at the nonprofit, nonpartisan RAND Corporation. Previously, he was the Director of Analysis for the Senate Select Committee on Intelligence.

Sina Beaghley is a senior international/defense policy analyst with RAND Corporation. Previously, she was Director for Intelligence and Information Security Issues on the National Security Council staff.

Cortney Weinbaum is a project associate with RAND Corporation.

This commentary originally appeared on U.S. News & World Report on October 13, 2015. Commentary gives RAND researchers a platform to convey insights based on their professional expertise and often on their peer-reviewed research and analysis.