Wednesday, January 5, 2011

Wiki-Whinging About Increasing Security Measures

The Wiki-Wallop that was delivered to the USG's classified information holdings in 2010 has, predictably, resulted in a backlash that will tighten up our info security measures. And that, ironically, does damage to responsible advocates of declassification and disclosure such as the Federation of American Scientists' Project on Government Secrecy.

FAS finds itself Wiki-Whipsawed. It denounced WikiLeaks, and paid the price for that in loss of esteem from the more extreme openness advocates. And yet, its own project will now suffer as the USG responds to WikiLeaks by retreating further into its shell of secrecy.

FAS did some justified Wiki-Whining yesterday in a post about Tightening Security in the “Post-WikiLeaks” Era. They make a good point:



The Wikileaks model for receiving and publishing classified documents exploits gaps in information security and takes advantage of weaknesses in security discipline. It therefore produces greater disclosure in open societies, where security is often lax and penalties for violations are relatively mild, than in closed societies. Within the U.S., the Wikileaks approach yields greater disclosure from those agencies where security is comparatively poor, such as the Army, than from agencies with more rigorous security practices, such as the CIA.

What this means is that Wikileaks is exercising a kind of evolutionary pressure on government agencies, and on the government as a whole, to ratchet up security in order to prevent wholesale compromises of classified information. If the Army becomes more like the CIA in its information security policies, or so the thinking goes, and if the U.S. becomes more like some foreign countries, then it should become less vulnerable to selective security breaches.


Regarding that ratcheting-up of security, FAS linked to a January 3, 2011, memo from the Office of Management and Budget titled “Initial Assessments of Safeguarding and Counterintelligence Postures for Classified National Security Information in Automated Systems” [here]. The memo includes an 11-page list of questions and prompts for USG agencies to use in their security self-assessments.

I was relieved to see that blogging and social networking were not mentioned in the assessment criteria. However, there was this:



Have you conducted a trend analysis of indicators and activities of the employee population which may indicate risky habits or cultural and societal differences other than those expected for candidates (to include current employees) for security clearances?


Undefined "risky habits" could be a broad enough category to justify monitoring of government employee blogging, perhaps. We'll see.

There was also this:



Do you use psychiatrist and sociologist to measure:

o Relative happiness as a means to gauge trustworthiness?
o Despondence and grumpiness as a means to gauge waning trustworthiness?


So, will we see shrinks assessing employee trustworthiness according to some approved ratio of happiness-to-grumpiness? And how do you measure that, anyway? Is there a happiness dipstick?

3 comments:

The Snake's Mommy said...

Go proactive! If you blog more "Yay Me!" and "Woo Hoo!" references, I'm sure you'll pass the Happiness Test and thus be judged trustworthiable. Or something.

Not to worry though because the infighting amongst the factions who are unwavering in their dedication to spelling their way gauge or gage or guage will drown out everything else.

Anonymous said...

Equating "relative happiness" with "trustworthyness" has got to violate the American With Disabilities Act (which protects Major Depression and post-traumatic stress disorder as well as other 'suspicious' conditions).

reference: http://www.eeoc.gov/policy/docs/psych.html

TSB said...

You are a bureaucrat after my own heart! Chronic grumpiness could, indeed, be a symptom of an underlying psychological condition. That condition might qualify an employee for some kind of reasonable accommodation in the workplace (soft lighting, mood music?) and it would also have to be disclosed during background investigations. Any adverse action taken against a happiness-impaired employee could be grounds for a grievance against the USG. You have given me food for thought.