"In 15 years, there will be no more secrets." I heard this provocative prediction at a conference in 2008. It was posited by the Central Intelligence Agency's Don Burke, who is a leading proponent of the intelligence community's version of Wikipedia and has the official title "Intellipedia Doyen". If his suggestion is accurate, we only have 13 more years to figure out how to compete in a world in which we can no longer count on secret information to give us the edge in government and in business. What are we doing to get ready?
Instead of getting ready to compete in a transparent world, most of us seem to be in denial. The current cybersecurity debate, for example, reflects a rear-guard action to build ever-higher walls around the vast amounts of information we hope to keep secret. In the realm of national security, where I have spent my career, protecting secrets continues to be a number one priority. In the private sector, too, significant resources are devoted to protecting proprietary information. Yet, as Burke suggests, this may be largely a losing battle as the half-life of secrets gets shorter every day.
Keeping secrets is rapidly becoming harder and more expensive. For example, there are strong incentives to integrate information with our interconnected world. Yet, as we tap into the tremendous benefits of the network, we also expose that information to the vulnerabilities of cyberspace. As the capabilities of cyber-spies increase, so do the costs of trying to protect the information they seek. In addition, tools for finding, understanding, and managing information are increasingly ubiquitous. Thus, even if you are able to "protect" your information, others may well have found that same information independently. And the cost of getting that information will almost always be less than the cost of trying to protect it. Pressure for fewer secrets is also coming from constituents, shareholders, potential investors, and others as they insist upon greater transparency from governments and businesses.
We can continue to fight these trends or we can adapt.
We already have far fewer secrets than we think. The promise of an impervious cybersecurity shield protecting vast amounts of information from a determined and sophisticated adversary is at best a distant dream, and at worst a dangerous myth. Governments and businesses do not like to talk about the degree to which they have been penetrated. Failing to understand and acknowledge this reality, however, presents a dangerous weakness. Plans that depend on keeping secrets from your adversaries or competitors are brittle and fail when it turns out your "secret" is known.
Moreover, a strategy based on keeping information from the prying eyes of your competitors often means not sharing information with those who could use that information to help you. An especially egregious example of this is when intelligence products based entirely on open sources are then stamped "classified." Limiting dissemination of information often means only your friends or potential collaborators don't have it while your enemies do.
Instead, we should be developing business models that are less dependent upon secrets. We cannot simply throw open the doors today and make all information public, but we should rigorously push-back on current notions of what needs to be secret. There will always be some information that must be protected. The names of intelligence sources, for example, and maybe the formula for Coca-Cola. But the number of real "crown jewels" is dramatically smaller than the number of secrets we try to keep today. Distinguishing between the two will make it easier to protect the smaller universe of information that is truly sensitive.
Potential clues for meeting the challenge of competing in a world without secrets might be found in the debate between open- and closed-source models for software distribution, or other experiments with open innovation, such as Eli Lilly's "e research" subsidiary that shares information with a network of thousands of independent researchers to help solve some of their toughest problems. We might even learn from the football coach who, in contrast to his competitors closely guarding their secret playbooks, openly shares his plays and depends instead on the speed, agility, spontaneity, and overall competency of his players to win games.
If you trained yourself to fight effectively in the dark, you could turn out the lights or attack your adversary at night, knowing that you would have a competitive advantage. We should prepare to operate in the light of a transparent world and thereby gain an advantage over competitors who fail to see it coming and still cling to the perceived benefits of trying to keep information in the dark.
Successfully making this shift will be extremely difficult. The good news is that America has a significant head-start over countries that are rooted in a culture of secrecy and information control. Democracies depend upon a certain level of transparency already. If we move aggressively to capitalize on that strength, and develop new ways of operating with fewer secrets, we can not only survive as the lights are turned up, we will prevail.