While the Pentagon is justifiably outraged by the massive leak of classified documents to the Wikileaks web site, it was an inevitable event. It is also a serious problem of the Government's own making. The individual responsible for the leaks to Wikileaks.com likely faces significant jail time. Responsibility for the damage, however, needs to be shared by those who created the situation in the first place. The problem comes in several parts.
First, the sheer volume of classified materials has increased over the past decade by massive proportions. Vastly increased intelligence operations since 9/11, military actions in Iraq, Afghanistan and elsewhere, as well as other national security activities at home and abroad have produced an explosion of classified information that parallels the vast increase in information pouring onto the Internet from the pubic domain. Keeping all of these new secrets secret is an impossible task in itself.
The second aspect of the problem lies in the adoption of new information technologies by the national security world. Networked computers have become ubiquitous, and access to the vast array of classified materials by almost anyone with a security clearance presents no problem at all. When personal computers began to proliferate, the Defense and Intelligence communities took various approaches to their use. At the outset, classified materials were only allowed on certain secure computers which were not connected to any networks. CIA and other agencies using highly classified materials removed floppy disk drives from secure computers and strictly limited access to these machines. In addition they also installed devices that restricted computer access to a limited number of authorized individuals.
As the technology revolution marched, on the military and the intelligence agencies were compelled to change their ways. Individual computers proliferated and were soon connected to a growing number of newly created classified networks. At the same time growing pressure for "information sharing" in the post-9/11 era caused its own proliferation of systems and classified data bases that could be accessed by the rapidly growing number of cleared individuals. For decades access to specific classified materials required both an appropriate security clearance as well as a genuine "need-to- know." This well-established need-to-know principle no longer exists for all but the most sensitive categories of information. Anyone with a clearance and access to a connected computer can download gigabytes of classified data from a myriad of data bases in seconds onto a USB flash drive, or in some cases, simply e-mail the data to the outside world. Traditional controls on classified data and the media on which they are held have rapidly become a myth.
The third and most troublesome aspect of the problem has been the enormous increase in the sheer number of people with security clearances. One recent estimate put the number of Top Secret clearances in the U.S. at 864,000 while the number with lower level Secret clearances is likely in the millions. Giving a million people access to the nation's secrets is simply a disaster waiting to happen. Clearance processing for the most sensitive secrets, such as compartmented intelligence data, has generally involved a thorough background investigation along with a polygraph examination and other screening tools. Such thorough processing is very costly, time-consuming and simply cannot be applied to the vast majority of all clearance candidates.
At the same time changing social mores have forced clearance criteria to change as well. In the 1970's drug use, homosexual activity and other "lifestyle" criteria were automatic bars to high level classified access. As the nation became more accepting of different life styles, so did the security system, and for good reason. Many life style choices no longer created the blackmail and security risks they once did. One result, however, was to bring into the secure world a far larger number of individuals who were unhappy about their treatment in the military or by their employers and others, creating a different type of risk than the one feared in earlier days, as the most recent episode of a massive leak has shown.
Apart from lifestyle issues is the more general problem of risks associated with any large population. Psychiatrists estimate that in any population of a million people there will be about 50,000 "DSM IV cases" - that is people with meet criteria for identified psychiatric disorders. While not all of these psychiatric disorders are likely to lead to leaking of classified information, it is also the case that among this substantial number are many unstable individuals who may likely engage in various forms of unacceptable behavior. Here it becomes a numbers game. A huge population of people with classified access necessarily includes a large number of seriously disturbed people, and we don't have or can't afford the tools to screen them out.
For many years Government security systems focused on potential espionage and blackmail cases, as well as a relatively few number of people who leaked classified data for political purposes. These risks still exist, but as recent events have shown far greater problems have been created by the secrets explosion. Like the proverbial Dutch boy with his finger in the dike trying to hold back a flood, the Pentagon and the intelligence agencies have a problem on their hand of epic proportions, which will not be solved with a 1970's approach to security.
Where leakers classified information can be identified they should certainly be prosecuted. Sending them to jail for significant sentences will always be a deterrent to at least some future leakers. Others, however, will be more careful or believe that they won't be caught. Here more innovative technical approaches to the management of on- line classified data need to be developed, as well as constraining the unbridled access to classified computer systems, networks and data bases that has now become commonplace.
Reducing the numbers with access to Top Secret and Secret data is not an answer. A ten or twenty percent reduction in those with clearances would be meaningless, and likely be counterproductive. The law of large numbers will still prevail. Compelling demands for classified data by the military, intelligence agencies, law enforcement, as well as the supporting contractor community necessitate these numbers and any radical reductions would likely be a bigger disaster than the leaks.
Harassing web site operators and the media who receive these leaks raises both constitutional and logical issues. Forcing Wikileaks to remove already posted secrets is unmitigated nonsense -- the entire planet has already had an ample opportunity to download them. For years the Government has had a reasonable relationship with the media on critical leaks, getting The New York Times, the Washington Post and others to redact or delay printing classified materials where there were serious national security concerns. The Government needs to develop a similar approach to web site operators that dominate the new information age. This won't be easy, and may ultimately prove to be impossible. Many of these websites are off-shore; run by radicals; or simply have no interest in what the U.S. Government has to say. Shutting down the sites, prosecuting foreign operators, and removing already posted materials may be impossible as well.
The Government also needs to take a new and realistic approach to its policy on release of classified information. Declassification of Secret data on a 20-year schedule is an outdated concept. Most of this information is highly perishable and actual risks to personnel and U.S. security interests are short-lived. Policies and procedures need to recognize this, reducing the compulsion on the part of many to leak classified data in advance of official declassification. Procedures for public release of some highly classified data have already been changed for the better. CIA, for example, uses an external panel of prominent scholars to review its secrets and recommend their release. Other Government agencies need to follow this model of injecting common sense into the release of classified information that no longer poses real security risks.
There really is no magical or simple solution to the problem of the secrets explosion. The explosion of classified data and clearances, the need for data sharing, and the proliferation of networked computers have all contributed to the problem. Certainly prosecution of leakers will help to some extent, and the harassment of Internet operators will not. In the end, however, the Government needs to undertake fundamental changes in its overall approach to the management and release of classified information. The Internet era brought with it the largest media revolution since the invention of movable type in the 16th Century. As this revolution has come to embrace the world of classified data, the Government needs a revolutionary approach to the management of its classified data and realistic controls on those who access it as well.