Sunday, July 29, 2007

Why Security Clearances don't matter

Intelligence agencies are having a tough time moving from the cold-war era mentality of "on a need to know basis only" to a collaborative "lets work together" environment. The root problem here is that the intelligence agencies discovered the value of information before the information age even existed. They learned long ago that knowledge==power. The tighter the grip you keep on the former guarantees you a tighter grip on the latter.

There are 16 government agencies that deal with intelligence information. If any of them wish to share information with each other, the public or Law Enforcement, it first must first be cleared by an ancient cold war superior who still thinks he's fighting the Russians, who scours every snippet of intelligence set for distribution using his trusty highlighter pen that we folks in the civilian sector call a Sharpie. It's like they're waiting for his retirement party before they finally clue him that he's been using a black magic marker all those years.

The key issue is that there is no defined method for declassifying intelligence or deciding what information can be shared with others outside the intelligence services (IS). Efforts to provide the framework have met with glazed stares from the IS community as they've built up their vertical silo's of information, never anticipating the day when lateral sharing of information would be asked of them.

Then, this report gets released, from which I quote:
Despite numerous directives, exhortations, and invitations to do so, federal policymakers have failed to develop uniform standards for converting classified intelligence into an unclassified or “less classified” format that can be disseminated rapidly to appropriate state, local, and tribal authorities to thwart terrorist attacks.

They likewise have failed to create effective mechanisms through which the particular intelligence needs of those authorities can be voiced and met, or where their own information assets can be shared with the Intelligence Community (IC). This distressing lack of leadership has persisted for more than four years. In an effort to move the IC from a Cold War era “need to know” mentality to a “need to share” mindset responsive to today’s threats, Congress passed the Homeland Security Act of 2002 (Homeland Security Act). The Act directed the President to develop procedures for the declassification and dissemination of intelligence information and recommended several possible approaches. It took nearly seven months before an Executive Order took the small step of delegating this responsibility to the Department of Homeland Security (Department). When the Department failed to act, President Bush issued a new Executive Order more than a year later directing all federal agencies possessing or acquiring terrorism information to assist the Director of Central Intelligence (DCI) in developing common standards for information sharing – including standards that addressed the conversion of classified intelligence into an unclassified or “less classified” format. Still nothing happened. Congress subsequently tried to prod the process along with the Intelligence Reform and Terrorism Prevention Act of 2004 (9/11 Act), directing the new Director of National Intelligence (DNI) to establish uniform means and methodsfor this purpose. It was not until April 2005, however, that the President actually appointed a Program Manager to take on this task.5 Since that time, the Program Manager has made little progress in harmonizing the disparate approaches to declassification within the IC. Residual cultural resistance to information sharing between the various federal intelligence agencies has only compounded the problem.
What has happened is that every time the IC has tried to develop a database of information, or share, disseminate or declassify information it is lambasted by privacy rights groups. So, more and more, the IC themselves are turning to private organizations who have databases on the American public that are far more comprehensive than ANYTHING the intel agencies would ever be permitted to gather. Think ChoicePoint, Equifax, Experian, TransUnion, LexisNexis, and so forth. As a private citizen, I have more access to this information than the IC or LEO.

It is astounding to see how often common blog posts are cited in intel reports as reliable sources for actionable information - and they should be. Blogs are the greatest, most efficient method of gathering intel from distributed sources around the globe.

What does this have to do with you, me? Well, this will be the subject of future postings.

So, until next time...

No comments: