How the US government – and you – should assess secrets in the WikiLeaks age
For all the media drooling over WikiLeaks, the most serious implications of the leaked cables aren't on foreign diplomacy but on information security. The post-9/11 information age demands a rethink of how sensitive information is processed – by the government, but also by readers and reporters.
Washington and Hanover, N.H.
WikiLeaks has unveiled startling details of American diplomacy. Now, it’s time to figure out how to sensibly reduce the risk of future disclosures of national security secrets, and to correct misimpressions from present ones.
First, we have to ask: What went wrong? Was Army PFC Bradley Manning – the presumed leaker – the problem? Or is the issue broader security weaknesses? As it turns out, it’s both.
After the September 2001 terrorist attacks, US policy on sharing national security information took a pendulum swing from “need to know” to “need to share.”
Proponents argued that if fragmentary threat data had been better shared, the attacks may have been detected and thwarted. It is now clear, however, that insufficiently controlled sharing has abetted damaging leaks. How can a proper balance between information sharing and good security be restored?
Return to 'need to know'
First, the national security community should return to the time-tested security principle of need-to-know. In Baghdad, Mr. Manning apparently did not have access to reports bearing the handling controls for more sensitive diplomatic information, EXDIS for “exclusive distribution” or NODIS for “no distribution.” In this respect, security worked.
Page 1 of 4