FAS finds itself Wiki-Whipsawed. It denounced WikiLeaks, and paid the price for that in loss of esteem from the more extreme openness advocates. And yet, its own project will now suffer as the USG responds to WikiLeaks by retreating further into its shell of secrecy.
FAS did some justified Wiki-Whining yesterday in a post about Tightening Security in the “Post-WikiLeaks” Era. They make a good point:
The Wikileaks model for receiving and publishing classified documents exploits gaps in information security and takes advantage of weaknesses in security discipline. It therefore produces greater disclosure in open societies, where security is often lax and penalties for violations are relatively mild, than in closed societies. Within the U.S., the Wikileaks approach yields greater disclosure from those agencies where security is comparatively poor, such as the Army, than from agencies with more rigorous security practices, such as the CIA.
What this means is that Wikileaks is exercising a kind of evolutionary pressure on government agencies, and on the government as a whole, to ratchet up security in order to prevent wholesale compromises of classified information. If the Army becomes more like the CIA in its information security policies, or so the thinking goes, and if the U.S. becomes more like some foreign countries, then it should become less vulnerable to selective security breaches.
Regarding that ratcheting-up of security, FAS linked to a January 3, 2011, memo from the Office of Management and Budget titled “Initial Assessments of Safeguarding and Counterintelligence Postures for Classified National Security Information in Automated Systems” [here]. The memo includes an 11-page list of questions and prompts for USG agencies to use in their security self-assessments.
I was relieved to see that blogging and social networking were not mentioned in the assessment criteria. However, there was this:
Have you conducted a trend analysis of indicators and activities of the employee population which may indicate risky habits or cultural and societal differences other than those expected for candidates (to include current employees) for security clearances?
Undefined "risky habits" could be a broad enough category to justify monitoring of government employee blogging, perhaps. We'll see.
There was also this:
Do you use psychiatrist and sociologist to measure:
o Relative happiness as a means to gauge trustworthiness?
o Despondence and grumpiness as a means to gauge waning trustworthiness?
So, will we see shrinks assessing employee trustworthiness according to some approved ratio of happiness-to-grumpiness? And how do you measure that, anyway? Is there a happiness dipstick?