Information Security and Access in the Electronic Environment
Individuals generating or working with classified information are required to obey established procedures for accessing, annotating, handling, and safeguarding that information. The system is managed much as it was before the advent of digital communication. Protocols governing these transactions were developed at the beginning of the Cold War and reflect the paper-based world in which they were created.
The electronic environment has radically changed how classified information is created and transmitted. Secure networks make it possible to exchange information readily between agencies. Innovations have revolutionized information sharing among agencies, but these advances have also made the system more susceptible to unauthorized disclosures, as the Wikileaks incidents have demonstrated.
While technology has transformed the way classified information is generated and transmitted, the classification system itself largely operates as it always has. Many of the policies currently in place for managing classified information represent 20th century approaches to 21st century problems. For example, current policy requires visible classification markings on records created digitally or made available online but makes no provision for the standardized electronic tagging of this information.
In this digital age, classification and access provisions must be as understandable by a computer system as they are by a human. Yet, today’s methods for managing and monitoring access to classified materials do not acknowledge this reality. Clearances remain agency-centric, burdensome to renew, and cumbersome to transfer between agencies. Conversely, an individual’s access to a classified network is based on ill-defined determinations of “need-to-know” and granted on a mostly system-wide basis. For both clearance and access, the antiquated design does not reflect an individual user’s needs and purposes. Accessibility is complex when it needs to be simple and simple when it needs to be complex. In recent years, the evolution of the Government’s internal business practices has exacerbated these issues and highlighted the need for reform.
Changing the System
Advances in the electronic environment have increased demands on the classification system, and new technology also offers the means to improve the methods by which classified information is managed. Coupled with reforms to the clearance process, adopting new methods for curating digital information records could significantly improve classification management.
As we have previously detailed, metadata can describe and label electronic records so that they are easier to retrieve, analyze, manage, and process. The benefits of comprehensive metadata standards are not limited to records management, but also offer the opportunity to enhance information security by providing sophisticated means to tailor and audit access.
Metadata for information stored on classified networks can limit access only for those with appropriate credentials. Credentials can be changed to include or exclude individuals as policies and sensitivities change. This approach can ensure all authorized users access to basic categories of information while compartmenting access to more sensitive items, not requiring an entirely separate network for highly sensitive information. For new records derived from multiple sources, the classification and disclosure policies of the source information can transfer to the new record through underlying metadata and prevent unauthorized access. The automated imprinting of e-records with background information in their metadata would act as a digital bibliography or provenance to aid eventual declassification review.
Metadata can also be used to monitor and audit activity on classified networks. Records can be imprinted with transactional metadata showing their access history. By tracking patterns of use, security managers will be able to use metadata to identify insider threats, in the same way the credit card industry detects fraud. Capturing a record’s modification history will aid future researchers, who will be able to see how national security policymakers used the information in their analyses and deliberations.
The adoption of this credential-oriented approach would eliminate some of the shortcomings of the existing clearance process. Under this new system, when individuals receive their initial security clearances, they would be assigned unique, permanent identifiers, akin to Social Security numbers. These identifiers would be granted and maintained by a single government entity. Once a cleared individual begins work, her identifiers would be assigned access credentials based on her specific responsibilities and work environment. When a user accesses or modifies classified records, his identifiers would be automatically appended to that record’s metadata. Clearance identifiers would follow an individual’s transfers to another office or agency, receipt of new government contracts, or transition back into federal service after working elsewhere, and agencies would grant them new accesses as appropriate. By eliminating the need for entirely new security investigations at every juncture, this process would save resources, increase efficiency, centralize the clearance process, and improve national security.
Implementing These and Other Changes
Various questions regarding these and other changes to the classification system would need to be addressed:
- Would proposed changes to the system be improved if accompanied by changes to the number of classification levels?
- Would proposed changes to the system be improved if definitions of secrecy and risk were redefined? If so, what should those new definitions be?
- What entity or entities would manage a streamlined classified network? A unified clearance system?
- How should oversight of the classification system change to match the realities of the electronic environment?
- Should a metadata registry be maintained? How might its requirements be enforced and by whom?
- Should classification decisions be monitored and audited for compliance and consistency at the onset by an enforcement entity?