RSS

What shouldn't be secret

November 25, 2013, at 4:51 PM
 

In the latest set of NSA strategic planning documents leaked by Edward Swowden, some of the following sentences are classified as "TOP SECRET," meaning that their disclosure would reasonably be expected to cause grave harm to national security. Grave, as in almost irredeemable. Harm, as in actual damage. Reasonably, as in, an average person, being aware of all the pertinent facts, would be able to make that judgment in advance. The "SI" caveat further reduces the number of people who are to be trusted with this information.

2.1.1. (S//SI//REL) Employ multidisciplinary approaches to cryptanalytic problems, leveraging and integrating mid-point and end-point capabilities to enable cryptanalysis

2.1.2. (S//REL) Counter the challenge of ubiquitous, strong, commercial network encryption
2.1.3. (TS//SI//REL) Counter indigenous cryptographic programs by targeting their industrial bases with all available SIGINT and HUMINT capabilities
2.1.4. (TS//SI//REL) Influence the global commercial encryption market through commercial relationships, HUMINT, and second and third party partners
2.1.5. (S//SI//REL) Continue to invest in the industrial base and drive the state of the art for High Performance Computing to maintain pre-eminent cryptanalytic capability for the nation

2.2. (TS//SI//REL) Defeat adversary cybersecurity practices in order to acquire the SIGINT data we need from anyone, anytime, anywhere

To translate, 2.1.1 means: NSA will use its worldwide access points, including those hidden on foreign telecommunications nodes, to break codes. 2.1.2 is self-evident. 2.1.3 means: For countries that develop their own cryptographic systems, NSA will try to steal secrets from those country's industrial bases in order to break those codes. 2.1.4: The NSA will try to make sure that they can stay ahead of encryption technologies so that they can break them when necessary. 2.1.5 means: NSA will need lots of computers to do this. 2.2 means that NSA intends to break through adversary's online security walls to steal stuff.

The reason why these statements are classified is because someone consulted a guidebook on classification, which instructed the author to, for example, upgrade to TOP SECRET the mere fact that the NSA wants to break through the cyber-walls of targets in order to steal information. The secrecy stamps on these lines protect policy. They do NOT protect sources and methods.

Granted, there are some political risks, both domestic and foreign, to the frank admission that the NSA wants to influence the global encryption market and aggressively pursues ways to defeat encryption. The U.S. might have a more difficult time holding others to account for these same actions. In discussions with China, for example, the president might find these statements being used as a talking point to counter the argument that China aggressively steals proprietary information from American companies.

As Edward Snowden proved, secrecy is a scare commodity. The legacy secrecy apparatus of the Cold War, where the United States had to preserve the ability to claim the moral high ground while engaging in assassination attempts, foreign wars, and by supporting dictators, is untenable today. The existential threat of the Soviet Union may or may not have justified the secrecy, but the reality of information flows and access implies is that the U.S. really can't be opaque about where its stated policies and its visible actions intersect.

Scarcity: We've arrived at a point where the government must figure out what type of secrets it really needs to protect.

Does it spend time and energy keeping "global" secrets, like "the fact" that it steals secrets and partners with foreign governments to tap worldwide communication nodes? Our adversaries know we do all this. The only people who are not in the loop are those who aren't collecting intelligence, by which I mean, you and I. Us. The American people.

Or does it protect "local" secrets, like sources, methods or operational plans for war and contingencies? Fact: The U.S. has a pre-emptive contingency plan for North Korea. It's called OPLAN 5027. Details: properly classified.

There is overlap, to be sure, and in making the choice to protect the latter category at the expense of the former, Washington will have to reorient the way it approaches and discusses controversial, outward-facing topics.

First, it must acknowledge that increasing the difficulty of a task is not equivalent to national security harm. National security is a very broad category, but foreign policy and national security mean different things, for a reason. After 9/11, we've expanded the breadth of "national security" to include almost everything. Now, we need to let some air out of those tires.

Being more upfront about what we do (although not how we do it) might allow the president to develop popular support for larger American foreign policy activities. It challenges other countries to be more transparent. It uses the power of transparency to create new global norms for conduct. So long as the U.S. continues to utilize all methods of power — hard, soft and secret — it can, i think, weather the initial, short-term global reaction to its unilateral decision to disarm, which will surely be skepticism and retrenchment.

Practically, the U.S. government should not be expected to immediately release every strategic and policy document it creates. I do not doubt for a second that the ability of a government to deliberate about policy in secret and make choices about courses of action is essential to its national security. It is reasonable to protect this information as sensitive. Once a choice is made, though, the deliberative information ought to be marked for release within a timeframe of a few years. Exceptions to this rule ought to be justified, and in writing, and not generic. Secret legal interpretations, too, must not be secret for very long, if at all.

At the same time, there is no reason why operational details, war plans, sources of intelligence, methods by which intelligence is gathered, technologies that allow for strategic surprise or contingency plans for the protection of the presidency should not remain highly classified and protected by law from public disclosure.

I don't have a perfect answer for the problem of overclassification, but my gut tells me that if the government does not itself fashion one along the lines of what I've sketched above, the Snowden leaks will be puny in comparison to what follows.

 

THE WEEK'S AUDIOPHILE PODCASTS: LISTEN SMARTER

Facebook

Twitter

RSS

Subscribe to the Week