When someone has classified information on an unclassified computer, the government euphemistically calls it "a spill". It is like someone had a glass of classified water sitting on a table and accidentally knocked it over on a spot where it must be mopped up. This is not a very accurate way to describe what actually happened. We are finding the State Department exposed to criticism over several of its former leaders who had classified information on one their unclassified, personal computers. It didn't get there accidentally. If a document is removed from a computer that is authorized to process classified information and put on one that is not authorized, some willful act is required, and the people who did it knew it was wrong.
For 10 years, I did training for people who were responsible for protection of classified information. Only rarely did I ever see a person who knew what the rules for protection were, but ignored them. One of those was a woman who was removing classified markings from documents so she could save them on a nice computer network that was not approved to process classified information. It made her job easier. Her boss told her that she could not put classified documents on an unclassified computer, so she removed the markings which she thought would make it unclassified. She was very honest about that belief, but lost her job anyway. There are really two reasons for that. The removal of the markings was willful, and she had training that told her the rules for handling classified things, yet did not follow them.
She is not the only person to believe that removing markings makes something unclassified. Security professionals think it is stupid to believe such a thing, but that doesn't account for the numbers of people who think that way. It isn't the marking that makes a document classified; it it is the content of the message. Ninety-five percent of people who get basic security training know this, but there are always a small minority who quickly forget anything they have learned.
People in government know which computers process classified and which don't. Federal agencies and their contractors have similar rules. Nobody creates classified information on an unclassified computer system - at least on purpose - so there are not very many instances where someone sets down and types out a memo that is Top Secret on his unclassified iPad. It happens occasionally but it is not the norm. Any basic security education will explain that to employees, and all people are required to get that basic orientation.
The person who took information from a computer that was authorized to process it, saw the original classification markings. Documents are marked at the top and bottom and each paragraph is too. It is hard to miss. So, if a spill investigation discovers classified things are not marked, then someone removed those markings. In a few cases, I have seen people ordered to remove markings by a superior. I testified at a hearing for one of those people and he lost his security clearance. He thought it made the work go faster if there were no markings on the things used to make goods on the manufacturing floor. He was right about that; the work went a lot faster.
The loss of a security clearance is administrative, but repeatedly violating national security policy can be criminal. The State Department seems to have a problem that is widespread and has continued for a long time. The leadership is ignoring the security education they were given. The long delay with Hillary Clinton's emails are just one example of how that plays out. She may have done nothing at all, but someone did. Finding that person takes longer.
No comments:
Post a Comment