Platt Perspective on Business and Technology

Learnable lessons from Manning, Snowden and inevitable others 7 – rethinking threats and response systems

Posted in business and convergent technologies, in the News by Timothy Platt on September 11, 2013

This is my eighth posting on what is becoming a series of leaks and unauthorized disclosures of classified US government documents that relate to its War on Terror (see John Peter Zenger, Henry L. Stimson, Edward J. Snowden and the challenge of free speech and the first six postings to this series, available at Ubiquitous Computing and Communications – everywhere all the time 2 as postings 225 and loosely following.) And I write this posting with an acute awareness of the date that it is scheduled to go live on: September 11, 2013 and the twelfth anniversary of the al Qaeda attacks that launched the US led War on Terror that has shaped so much of this past dozen years, and both within the United States and globally.

I tend to write my blog postings a month or so in advance of going live to the site, so I am actually writing this on August 8, 2013. As a result some of the details that I would write here might be superseded by new developments and even before this can go live. But I would contest that that would be immaterial to the basic thrust and purpose of this posting or this series. The issues that I write of here are more structural and long-term, and certainly for their impact and implications. But to put this into a here and now context as of this writing too, I note that:

Edward Snowden had now been officially offered at least temporary stay in Russia and he has been issued a passport that allows him to stay in that country for up to at least one one year and one day. So for the last few days he has no longer been held up in a Moscow airport.
US President Obama has canceling a planned face to face meeting with Russian President Vladimir Putin in Moscow, that would have taken place immediately after the long-scheduled G20 summit meetings set to take place in St Petersburg, Russia on September 5 and 6 of this year. There are a significant number of issues on which Presidents Obama and Putin disagree, including how to address the challenge of Syria’s civil war that do not involve either the US surveillance programs that Snowden has outed, or the fact that Russia has granted him sanctuary from extradition by the US. But Russia’s failure to turn him over to US custody to face charges for leaking classified information is certainly one of the friction-point reasons that have brought about this scheduling break-down.
• That said, most of the substantive negotiations and essentially all of the specific details of any agreements that Obama and Putin would discuss and sign off on, if they were to meet face to face in September, would be and are still being worked on at the Cabinet officer level with the US Secretary of State John Kerry and Secretary of Defense Chuck Hagel meeting with their direct Russian counterparts: Sergey V. Lavrov, their Foreign Minister and Sergei K. Shoigu, their Defense Minister. These discussions do not seem to have been interrupted or even significantly affected by any changes in the scheduled meetings of their national leaders.

But I have to balance this by raising one other current international news story that is not so smoothly developing, for reducing potential impact from the still ongoing story of Edward Snowden:

• Over the past few days, as of this writing, the US government has been proactively responding to and preparing for a possible new major attack from al Qaeda that became known as a result of intercepted signals traffic and human intelligence gathering.
• The types of information that have been intercepted here, and the sources that this information was initially sent from and too are such that it is very unlikely that any more nationally inwardly-facing surveillance programs such as PRISM would have been involved in this terrorist information gathering coup.
• And this might very well be both a real and a very serious threat event that has proactively been identified. But the recent and still roiling controversies over Edward Snowden and I add Bradley Manning have at the very least raised doubts when suddenly and in the midst of all of this controversy, a claim is made that a massive new threat has just now been identified and from a group that it has been claimed has been tremendously weakened by the War on Terror – and when this positive development comes directly and entirely from classified surveillance programs.
• My point here is that a combination of leaks of classified information related to the War on Terror by vetted professionals who have gone through national security clearance screening, and the ongoing response to these leaks and against these leakers from the US government, and the news stories that all of this has generated have raised what at best could be called distracting questions and possibilities that interfere with the conduct of the War on Terror and our collective, global response to groups like al Qaeda. And while this new threat is in all likelihood very real, the fact of its emerging in the public eye now when the US government is seeking to prosecute Snowden for his disclosures does raise questions, and of a type that at least in a more ideal world would not have to come up.

Structural problems in how the US and her allies have conducted this war, and certainly as far as civilian-sourced personal and confidential information gathering is concerned but also in how this war has been fought, have contributed to these leaks taking place. Governmental responses have probably exacerbated these problems more than they have positively and correctively addressed them (as I have been discussing throughout this series.)

• But what can be done about this developing mess to strategically and operationally address its underlying very real national security challenges and to more effectively implement damage control to correct for what has been done up to now and certainly as a miss-stepped response to the Snowden leaks?

And that brings me to the issues that I was initially planning on writing about in Part 6 of this series and then here in this installment, and that I will begin writing about here. And I begin with the absolute fundamentals.

• We as a nation, and as a group of allied nations, and as a collective community of citizens have to rethink and in effect redefine some of the most fundamental terms that we use when thinking about and carrying through on national defense.
• First the obvious: national defense is no longer primarily as matter of preventing, or as a worst case scenario responding to and limiting the impact of nation to nation conflict, and with organized traditional military forces lined up against traditional military forces. National defense in the 21st century is and has to be considered to be much more a matter of addressing more covert and stealthy threat sources such as cyber-attacks and terrorist attacks. This much is widely known and governmental departments such as the US Homeland Security Department are very aware of this. But it is also clear that they have not thought this through enough for its new and even disruptively new implications and complications.
• As a result they have created many of the new and emerging problems that I have been writing about in this series. They need to rethink their strategic goals, and certainly as they are translated into operational terms in new ways. And I would suggest, and with recent leaks in mind, that they can only really even begin to do that by rethinking what “classified information” means.

That is the specific part of this puzzle that I will at least begin to address here in the balance of this posting. And I begin here by citing a fundamental and long-standing principle from economics that I would reframe into an information context: Gresham’s law. In an economic context this is often expressed in terms such as “bad money drives good money out of the market.” Stated perhaps a bit more clearly at the risk of not being as succinct, that means if you have good money and a strong currency and you then turn on the printing presses and grind out vast amounts of additional currency, without timing or limiting that production to reflect the actual economy in place or the worth of a unit of that currency in it, all of that circulating money will drop and even very significantly in value – your newly printed money and what you already had in the marketplace and tied up in businesses and financial institutions. If bad money can drive out bad, then in an information context:

• Burying high value information and intelligence findings in a vast and even open-ended sea of data, collected and added in simply because it can be, destroys the value of that high value information even as it fails to create value for the sea of “everything else” collected.

And this creates a gauntlet of challenges.

• Particularly for new and emergent threats and for new types of threat, it can be all but impossible to know what information would hold high value in addressing specific security challenges. So there is a legitimate source of pressure to simply collect as much as possible and hope that well trained intelligence analysts can find the right information and assemble the right patterns from it in time, and even every time.
• But this “collect everything” information surfeit creates its own challenges and with sufficient scale even its own insurmountable challenges as I have discussed in Part 5.
• So you need to collect generally but you have to find a way out of this simply burying your systems and rendering them dysfunctional.
• Collect widely – though I will be discussing this point later in this series for the challenges that creates for an open and democratic society. But classify sparingly.
• And in that, I would propose a simple and I admit probably over-simplistic litmus test for deciding what to classify and if so, for how long.
• If you are contemplating classifying a piece of information or a document or other information resource, find out if this is already publically available and through non-leak sources and channels. And if it is don’t classify it and if you still feel that you must, limit that to the lowest possible security classification level that would in any way seek to limit it’s access: the Sensitive classification level in the US intelligence system. And even then, set an expiration date on that lowest level classification, at which point even that disappears for this particular information.
• That means any information that people can find online, whether through general and widely accessed resources such as Wikipedia or Google Maps (with its high resolution satellite views) or through lower-trafficked public web sites and similar resources.
• If it cannot readily and accurately be found in the open public record and conversation, classify it according to your best understanding as of now, of the specific level of harm that this specific information could cause if it were made public and if it was found there by an adversary.
• Then reduce or remove this classification rating when and as this potential threat falls away, with automatic scheduled reviews and certainly if new threat potentials do not arise that would be specifically relevant to it. If specific classified information becomes outed through independent rediscovery and inclusion in the open public record, do not necessarily draw attention to it but adjust its classification status according to actual/new threat values for releasing the classified version or word of its having existed.

The ideas here is to classify as little as possible and to keep the pool of what is classified lean and focused on what really needs to be classified. This does not mean that classified information can only be used in combination with other classified information. Collect more widely and use what you do classify to fill out and inform your overall understanding of risks and risk sources that you assemble from a wide range of information sources.

I am going to continue this discussion in a next series installment where I will at least begin with a focus on a point that I just raised, above: “collecting information widely.” And as a foretaste of that I note here that I will be directly addressing the sources of concern that the outing of a programs such as PRISM, and I add XKeyscore create.

Meanwhile, you can find this and related postings at Ubiquitous Computing and Communications – everywhere all the time 2 and in my first Ubiquitous Computing and Communications directory page. I am also listing this under my In the News posting category.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: