Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Government Security Software The Internet United States Your Rights Online

US Security Classifications Needs Re-Thinking, Says Board 76

coondoggie writes "The U.S. government's overly complicated way of classifying and declassifying information needs to be dumped and reinvented with the help of a huge technology injection if it is to keep from being buried under its own weight. That was one of the main conclusions of a government board tasked with making recommendations on exactly how the government should transform the current security classification system (PDF)."
This discussion has been archived. No new comments can be posted.

US Security Classifications Needs Re-Thinking, Says Board

Comments Filter:
  • by Anonymous Coward on Thursday December 06, 2012 @03:42PM (#42208029)

    US Security Needs Re-Thinking

  • in my opinion... the entire government needs a revamp... it is stuck in a world 150 years ago... it needs to be made to fit current times.
    • Seriously? You think we're stuck at the second year of the Civil War?

      Game theory and first past the post may make that an inevitable cyclic event, but I think we've got a long time before we see troops marching under a Lone Star or Cascadia [wikipedia.org] flag against the Stars and Stripes.

    • by mcgrew ( 92797 ) *

      in my opinion... the entire government needs a revamp... it is stuck in a world 150 years ago... it needs to be made to fit current times.

      Nothing has changed except technology. People are teh same as they've always been.

      • Well, yes and no. Focusing only on the House.

        US Congressional districts, IIRC, represented about 60k. Less, if you consider that voting was restricted to white land owning males. Local factors dominated.

        Currently, they represent over 600k. Big districts imply campaigns via negative 30 second ads. A big recent change is the amount of outside money pouring into the primaries – which dilute local factors and encourages ideologies over pragmatists.

        I am o.k. with a think of the US Constitution.

  • by Antipater ( 2053064 ) on Thursday December 06, 2012 @03:44PM (#42208055)
    So a board tasked with finding a way to revamp our security classification system came to the conclusion that our security classification system needs a revamp?
    • And now that board is free to form a committee ;)
      • by CanHasDIY ( 1672858 ) on Thursday December 06, 2012 @04:03PM (#42208379) Homepage Journal
        ... which will delegate to a sub-committee, which will branch off into intersessions, which will be all attended by a single, unpaid intern with a legal pad and one blue pen.

        FYI, all official notes and correspondence must be written in black ink.
        • That pen is above that intern's security clearance. It must be a traitor.

        • by AK Marc ( 707885 )
          Communication to and from the commitee must be in black ink. Communication to and from the board must be in blue ink. There will be 100 intern positions for blue to black transcription. And another 100 for black to blue transcription.
          • Communication to and from the commitee must be in black ink. Communication to and from the board must be in blue ink. There will be 100 intern positions for blue to black transcription. And another 100 for black to blue transcription.

            No, no, it's just the one intern - the "100 interns" figure is the result of a budget oversight, which has been corrected by re-directing the salaries for the other 99 into individual Congress-critters' inside trading slush funds.

      • And they have friends with need of jobs and contracts! Big contracts, with extra zero's because everybody needs security clearances.

    • by jovius ( 974690 )

      You are so right. It says in the PDF (p.18) that there is a 400 million page processing backlog at the National Archives... And:

      In addition to records awaiting standard declassification review, the backlog includes records pending review
      for other access restrictions, such as...archival records processing.

    • If you're not an expert then a chainsaw will do. :P
  • by sir_eccles ( 1235902 ) on Thursday December 06, 2012 @03:45PM (#42208061)

    You wouldn't happen to have a friend waiting in the wings who owns a company that just so happens to supply such solutions at great cost to government entities would you?

    • by Anonymous Coward

      You wouldn't happen to have a friend waiting in the wings who owns a company that just so happens to supply such solutions at great cost to government entities would you?

      I think we can look forward to another 4-year project that gets canceled after 12 years due to cost overruns and not working yet.

  • by Anonymous Coward

    Secret: military stuff
    Top Secret: CIA drug running and other criminal activity
    Top-shelf Secret: the good stuff
    Burn Immediately: anything the slightest bit embarrassing

  • Well, thanks for that astute observation, Captain Fucking Obvious, whatever would we do without you?

    On a side note, you're a bit harder to recognize without the mask and cape....
  • Just dump the data into the tubes, add a few valves, screens and pumps and boom, problem solved.
    • How will the message canisters get through the screens?

      OH!, heh, no way? You seriously thought that analogy was about liquid in pipes, not some actually used tube based information delivery system where messages travel all over the building and a routing system delivers messages from endpoint to endpoint? You know, some folks still use a "series of tubes" to do drive through banking, hell, just used it to get my prescription filled for my old-man drugs...

      The blue ones make me not care about anything,

      • And how do you think those pneumatic tube systems work? I'll give you a hint - it involves valves, screens, and pumps.
  • Uk going three tier (Score:4, Informative)

    by martin ( 1336 ) <maxsec&gmail,com> on Thursday December 06, 2012 @04:01PM (#42208349) Journal

    Uk is currently moving from the 7 tier IL 0-6 markers to a three tier system, so doesnt surprise the US are looking to follow this

    • by Anonymous Coward on Thursday December 06, 2012 @04:38PM (#42208869)

      Here is the thing about security, you want it simple. You need people to easily understand what they can and can't access. The Confidential, Secret, and Top Secret classifications do that. But at the same time, when your security classification is too broad, then people without a "Need to Know" can access items they don't need to within their security classification. The Jonathan Pollard case is a good example of this. Due to his style of espionage, things like SCI were invented that further restrict sensitive items to only those who have a "Need to Know". Now your security system is complicated. Who do you give SCI tickets to and how do you track them and adjust over time? There is no simple solution. SCI complicates security and makes it difficult to work or share work with people that can help you out. It prevents people from knowing the Big Picture. But it also prevents assholes from selling major national security secrets to foreign countries.

      • by AK Marc ( 707885 )
        The problem with the US system is that they classify everything and never declassify it (except when it reaches maximum expiry).

        The system should be set up to classify the minimum amount of information, and make the most public. Maybe there needs to be a more complex system. 2 or 3 grades, and lots of letters determining type. class 2f would be financial classification (contracts and such), 2r troop deployment/location. 2a ambassadorial/international relations. So they can be handled much more linearl
      • Here is the thing about security, you want it simple. You need people to easily understand what they can and can't access. The Confidential, Secret, and Top Secret classifications do that. But at the same time, when your security classification is too broad, then people without a "Need to Know" can access items they don't need to within their security classification. The Jonathan Pollard case is a good example of this. Due to his style of espionage, things like SCI were invented that further restrict sensitive items to only those who have a "Need to Know". Now your security system is complicated. Who do you give SCI tickets to and how do you track them and adjust over time? There is no simple solution. SCI complicates security and makes it difficult to work or share work with people that can help you out. It prevents people from knowing the Big Picture. But it also prevents assholes from selling major national security secrets to foreign countries.

        In general that is not a problem at all. If you read the rules of the current classification, you have no business reading or accessing any item that you do not have a "Need to Know" about. Strictly speaking, reading a classified document that does not pertain to you is grounds for losing your security clearance. The other classifications in SCI, like NO-FORN, etc aren't really that complex at all. And certainly NO-FORN will still have to exist, since there may be material that you want to explicitly ex

        • by Anonymous Coward

          Whenever I've written something that may be classified, I've never been able to make an honest assessment of its real classification without help from superiors. Network and software documentation in particular, as I don't really know what "grave danger" to national security really means. Also, it's entirely possible for two pieces of secret info to be tied together and suddenly the result is top secret. This is the hard part, near as I can tell. If I'm an analyst and doing my best to combine all the in

          • Which is why the normal behavior is to classify a document to the highest level possible. There is no penalty that I'm aware of for overclassifying a document, but it can certainly be a career ender to underclassify. So don't think about it, it isn't worth it. If you can classify at TS then do so. Apply every caveat you have the ability to. (Although to be fair the caveats generally "apply themselves" its the S vs TS that's more of an issue.)

  • by Anonymous Coward

    We could just remove the government entirely so we don't have to waste any resources on burocrats clasifying/declasifying documents.

    • by gtall ( 79522 )

      Grandma won't like not getting her SS checks. I think that would probably be okay, she can live with you, can't she?

  • From the article (Score:5, Informative)

    by captaindomon ( 870655 ) on Thursday December 06, 2012 @04:14PM (#42208525)
    "Current page-by-page review processes are unsustainable in an era of gigabytes and yottabytes. New and existing technologies must be integrated into new processes that allow greater information storage, retrieval, and sharing. We must incorporate technology into an automated declassification process" So this article isn't about changing the classification levels, etc. It's about making a computer decide what should be classified or not. Does anyone think it is a good idea to have a computer decide which information is sensitive, based on some kind of context analysis or something? This is someone trying to sell to the government. It just has to be-
    • "Current page-by-page review processes are unsustainable in an era of gigabytes and yottabytes."-

      What is the point of keeping documents if we take for granted that nobody will read them?

  • by Animats ( 122034 ) on Thursday December 06, 2012 @04:17PM (#42208565) Homepage

    The military view of security (from the part that uses weapons) is that information needs to be protected only until the enemy can't use it. A classic line is "Where the ship was last week is UNCLASSIFIED. Where the ship was yesterday is CONFIDENTIAL. Where the ship is now is SECRET. Where the ship will be tomorrow is TOP SECRET."

    The important secrets in the combat arms are about future plans and current vulnerabilities. The significant ULTRA interceptions during WWII were mostly boring but important position and strength returns from German units. They'd intercept daily reports like "13th Panzer: 1245 men, 45 tanks, 3350 liters fuel, 245 rounds tank ammo." Intel people would translate this into "13th Panzer down to half strength, has only enough fuel to move 6 km and fight for 1/2 hour." Churchill would then sometimes issue orders like "Do not lose heart! Press on and you will be victorious!" Allied tank units would attack the vulnerable unit, the German unit would run out of fuel and ammo and be destroyed.

    The intel side wants to classify everything forever, because they don't want the enemy to know how much they know and what sources they have. There's something to be said for this, provided that the intel side shuts up. In the era when NSA was targeted on the USSR and didn't share with law enforcement, that worked. The problem now is a big collection vacuum coupled with selective leaks to the rest of the government.

    Then there's pure bureaucratic classification to avoid embarrassment. This has become much worse since anti-terrorism paranoia. It was a big problem before that, though; too much of the USAF budget, for example, is "black". Eventually it comes out what was being built, and there really haven't been significant breakthroughs comparable to, say, the SR-71 in a long time.

    • Re: (Score:1, Informative)

      by TFAFalcon ( 1839122 )

      There is another category : Things we did that we don't want to talk about.

      Let's say the military has one of their SNAFUs and bombs a school full of kids. They have a perfectly good reason for not wanting the information to go public : their enemies could use it to whip up support and create more extremists.
      But there is another side to this. To hide it from the enemy you also have to hide it from your own public. In a dictatorship this wouldn't matter, but what about a democracy. How can people decide wheth

  • Comment removed based on user account deletion
  • by Shoten ( 260439 ) on Thursday December 06, 2012 @04:47PM (#42209053)

    Man, let me tell you how hard the current situation is to work with. This one time, I was working on (REDACTED) and then (REDACTED) comes up to me and (REDACTED), "Dude, where are the (REDACTED) on the (REDACTED) flesh-eating (REDACTED)?" To which I had to say, "Well, the problem is that (REDACTED) is all kept over in (REDACTED) so that in the event of (REDACTED) most of the (REDACTED) will be (REDACTED)."

    I mean, who here can't identify with that?

  • by Anonymous Coward

    The classification system, as written, is actually pretty decent--information should only be classified under specific circumstances and for a limited duration. How it's applied in practice is not; information is often restricted because people are worried that they might get in trouble for releasing too much, because they don't want scrutiny from the public or other government agencies or even divisions within the same agency, or just because they want control. I don't see how technology solves any of th

  • A big part of the problem, is that they classify by default.

    If this one practice was banned, we wouldn't have this issue.

    The default should be no classification. They then should prove that it requires a classification, and not just by going "Because we say so".

    • This will not happen, because if the mindset of: "What if something that is important slips through? Its better to just classify everything just to be safe."

      You want to be the general who's staff accidentally leaks something important? Goodbye career, because a corporal forgot to look at the last page in a folder before handing it to a reporter.
  • They are close to classifying everything now, so just do that. Make everything Top Secret. Simple. Done.
  • ...US citizens can see any classified information if the employees it pays for.

    If you think this is futile.... then what isn't?

We can found no scientific discipline, nor a healthy profession on the technical mistakes of the Department of Defense and IBM. -- Edsger Dijkstra

Working...