A friend who has a security clearance initially didn't want to read The Atlantic's first report about Signalgate for this reason.
Of course it makes sense to prohibit making any statement that serves to confirm or deny whether any publicized information is accurate, but beyond that, once it's out, it's out. Any policy that pretends otherwise is absurd.
I was cleared for 40 years. Now I'm retired.
This has always been the policy. Unless the documents have been declassified, then access controls remain in effect, and maybe you've got a clearance, but maybe not access or need-to-know, so it would be unauthorized access, which is a security violation.
Buried deep in the article is a quick nod to the relative ease of work-arounds, for org's actually aspiring to competence:
> I once asked a U.S. cybersecurity executive how his company handled the banned-documents problem in the context of securing the networks of their own clients. His answer: They would assign U.S. leaks to British analysts and leaked U.K. documents to American analysts.
But mostly the article is a simplistic attack on a simplistic policy, by a (claimed) John Hopkins professor in this area. Very heavy on how the current policy makes his life in academia more difficult. Minimal interest in what workable improvements (from the US Nat'l Security Establishment's PoV) would look like. And scarcely a mention that the whole problem would be far smaller if our Establishment was less shitty at preventing leaks of its secret documents.
EDIT/Responses:
(Dylan16807) Yes, small picture, the leaks are a different topic. But at the "professor of strategic studies" level, arguing for changes in national security policy - maybe he should pay more attention to the bigger picture? That could include mention of the degree to which "simplistic idiocy" security policies discourage and demotivate the young people who our Establishment needs as responsible clerks handling its secret documents.
(cowsandmilk) The "(claimed)" is a sarcastic dig - at the sophisticated worldview which he should bring to this subject, vs. the simplistic way he presents in the article.
A couple issues with the "just declassify stuff" approach, for those unfamiliar:
- The actual declassification decisions would be made by career nat'l security people. Who know that nobody was ever disciplined for keeping "2 + 2 = 4" secret. Nor promoted for declassifying the (metaphorical) blueprints for George Washington's false teeth.
- I've not seen it articulated, but there's also the "never speak honestly around troubled children" nature of declassifying anything. Capitalist journalism promotes junior high school drama queens, and the internet is crawling with simpletons and nut jobs. If you declassified the fact that, in 1971, DoD Junior Analysts Joe & Alice suggested basing nuclear missiles on https://en.wikipedia.org/wiki/Rockall - it wouldn't matter if their idea was vetoed the next day by an O-4, or was physically impossible anyway. There would still be a giant "OMG AMERICAN NUCLEAR MISSILES WERE GOING TO BE LAUNCHED AGAINST INNOCENT BRITISH SEAGULLS!!!" shitstorm about it - because for a (seeming) majority of humankind, "truth" is whatever idea is pushing their buttons the hardest right now.
Well luckily we're all protected by the paywall.
The policy applies to anyone holding a clearance, not just DoD employees.
I'm not sure this is a major surprise. Since it's "leaked", it could be (and most likely is):
1. Missing important context, 2. Missing paragraphs, 3. Be edited or in fact, not real at all.
So if you thought you were under surveillance by the CIA, would sprinkling leaked information throughout your communications, or even “this email contains leaked information” make your messages private?
One way to reduce the problem would be to stop assigning security status to pedestrian matters of fact.
Dial back the sensitivity of the image, and just release the sat images if you are concerned about leaking the angular resolution.
Has anyone made any logistical improvements to SCIF in decades? I don't mean whizz bang tech, I mean actual changes of substance to information management on secure basis.
Current political incumbents aren't much bothered with nuance it seems.