What with all the discussion of James Comey, former FBI Director’s email, and of course the email of Hillary Clinton, former Presidential candidate, there is good reason to go into some of the aspects of computers and classification of their content. Comey and Clinton have said “nothing was marked as classified when I sent it” which is not relevant to the rules of protecting classified in computer systems. I taught this subject around the country for almost 10 years.
Much of the information in computer networks is not marked in the same way it would be if it were written on paper because it is created on a network with a classification of its own, like Top Secret/SCI or SECRET. The rule for the majority of networks is this: When the network is classified, all the information on it is classified until it is reviewed and properly marked. So, while it is on that network, it is treated as if it were Top Secret until someone reviews it and marks it with the proper classification. This includes such innocuous things as appointments, emails, etc.
Sometimes the review process is automated, but most of the time it is not. It could be done all the time, but the information technology folks rarely want that much security on their systems. It makes them slow. They have allowed some tools to be used to speed up the process of review, but the rules remain that a human being must look at it before public release.
Computers hold much more information that belongs to several agencies. Each of those agencies get to decide what is classified, and at what level and access authorization. Often, users make a classification decision based on that person’s knowledge and not the classification guidance of other agencies. Those decisions are often wrong, and are discovered after the fact. That is how a memo written by James Comey becomes classified after he released it to a person who has no security clearance - a compromise of that material.
As a practical matter, classifications are retained long after they are still valid because it is impossible - not difficult, impossible - because large computer networks are never reviewed for classification of individual pieces of data. That is a second reason for the required review. Most of the information from a Top Secret computer system is not classified at that level, but has to be treated as if it were until it is reviewed. Anyone who says they can do that accurately every time is crazy. It is almost easier to not use anything from the computer but compose a new document- also done on the same computer. It is too easy to make mistakes, and everyone who uses those systems knows the danger. Some of them think they are smarter than the rest of us. Nobody will ever know anyway.
No comments:
Post a Comment