I feel bad for the US Government and Military. They are in a horrible position.

Prior to 9/11, many systems were separate and did not communicate with each other. Where systems did communicate with each other, security measures in place did not allow many people to see anything beyond their immediate need to know.

After 9/11, someone reached the conclusion that if more information was available to more people, perhaps someone might have been able to put all the dots together and prevented the attacks on the World Trade Center and the Pentagon.

So systems were opened up and more people had more access. I have no insider information, but I’m willing to assume that’s how a lowly PFC had access to sensitive diplomatic information.

You have to remember two things:

– The US military serves the Congress. This is significant. They do what the Congress tells them to do. It puts control of the military into the hands of The People (instead of control of The People by the military). It is a core strength of the US system of government.

– The Congress is filled with self-serving, short-sighted reactionaries who often do not look beyond the next election. The US was attacked and a root cause MAY have been information compartmentalization? Remove compartmentalization! Oh, removing the compartments results in CableGate? Put the compartmentalization back in place!

I think the right person to look at this problem is the Chief Technology Officer of the United States (currently Aneesh Chopra) and the Chief Information Officer of the United States (administrator of the Office of Electronic Government, part of the Office of Management and Budget. I believe the current holder of that office is Vivek Kundra).

I do not believe that information security is on either office holder’s agenda.

Mr. Chopra is currently waist deep in electronic medical records.

Mr. Chopra’s agenda (as outlined by President Obama during Mr. Chopra’s nomination) is:

…promote technological innovation to help the country meet its goals such as:

1. job creation
2. reducing healthcare costs
3. protecting the homeland

As you can see, information security is not listed, although can be implied by #3.

Mr. Kundra is currently waist deep in projects like and the Federal IT Dashboard… projects aimed at making government more “open and accessible”, diametrically opposed to keeping secrets.

Mr. Kundra’s current agenda is:
1. ensuring openness and transparency
2. lowering the cost of government
3. cyber-security
4. participatory democracy
5. innovation

Cyber security is #3 on the list. I’m betting his priorities are going to be shuffled a bit.

Both appointees serve at the pleasure of the President (although Mr. Chopra had to be approved by Congress, Mr. Kundra did not). As such, they are there to support President Obama’s political goals (job creation, transparency, healthcare).

The solution to this is for the President or the Congress to empanel a commission to make a policy recommendation going forward that would reconcile the contradictory needs of “openness” and “security”. That panel should include Chopra and Kundra, but should also include representation appointed by the Joint Chiefs of Staff and the State Department.

Given the workings of the US Government and the speed at which these organizations work, it would be at least a year (likely more) before something workable can be recommended and at least 5 before the policy recommendations can be implemented.

Dusting off the trusty Magic Eight Ball, I see some serious research into DRM (which will quickly be hacked). I’ll bet you companies like IBM and Microsoft are busily drafting DRM proposals which will have the goal of No More WikiLeaks. A massive DRM effort/rollout at the Federal Government would satisfy the press and the electorate. It would be “something done”.

  1. #1 by marcjellinek on December 11, 2010 - 3:11 pm

    Looks like Scientific American and SecDef Robert Gates beat me to the punch.

    Published on 30 November 2010 by Larry Greenemeier:

    Looks like SecDef Gates commissioned two reviews to look at this process.

    Also looks like I’m not the only person making the connection between WikiLeaks/CableGate and The Pentagon Papers. SecDef Gates seems to concede that there is little difference other than todays enhanced ability to capture and distribute information.

    On 28 November, the White House Office of Management and Budget issued a memo calling for each agency to establish a security assessment.

    This is a mistake. There should be global guidance on how to carry out a security assessment and options for implementing remediation. Leaving it to each agency to do their own work will guarantee that some will do the assessment and remediation well… and others won’t.

  2. #2 by Marc Jellinek on December 12, 2010 - 11:10 am

    Here’s a really interesting mind-experiment:

    If John Q Public came across a cache of information and made it available to a foreign power (say, Iran or North Korea), would Mr. Public be guilty (at least in the public eye) of espionage? I think that in my mind, they would be.

    As opposed to Mr. Public publishing the same cache of information in a newspaper or on the Web as an expression of Freedom of the Press.

    Since they have internet access and newspaper delivery in both Iran and North Korea, the net effect is the same.

    So much of US Law is tied to intent over effect. While WikiLeaks did have the effect of delivering classified information to enemy powers, I think the legal question might be “Did WikiLeaks have the INTENT of delivering classified information to enemy powers”

    Damn. This issue just became less clear cut in my mind.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: