Leaked: US government strategy to prevent leaks

By on January 7, 2011, 1:30 PM
Update: As pointed out by many of you on the comments below, the document we referred to in the original story as "leaked" was actually a non-classified document. The OMB memo was posted on the White House website to instruct users prevent leaks that filtered through document's metadata. Original story is below:

The US government's 11-page document on how to get various US government agencies to prevent future leaks has been leaked to MSNBC. It doesn't get any more ironic than that. After the various leaks made by WikiLeaks, the US government understandably wants to limit the number of potential leaks, but their strategy apparently isn't implemented yet. Here's the crux of the memo, which was sent this week to senior officials at all agencies that use classified material:

"Each initial assessment should be completed by January 28, 2011, and should include the following with respect to the attached list of self-assessment questions:"

  1. Assess what your agency has done or plans to do to address any perceived vulnerabilities, weaknesses, or gaps on automated systems in the post-WikiLeaks environment.
  2. Assess weakness or gaps with respect to the attached list of questions, and formulate plans to resolve the issues or to shift or acquire resources to address those weaknesses or gaps.
  3. Assess your agency's plans for changes and upgrades to current classified networks, systems, applications, databases, websites, and online collaboration environments as well as for all new classified networks, systems, applications, databases, websites or online collaboration environments that are in the planning, implementation, or testing phases - in terms of the completeness and projected effectiveness of all types of security controls called for by applicable law and guidance (including but limited to those issued by the National Security Staff, the Committee on National Security Systems, the National Institute for Standards and Technology).
  4. Assess all security, counterintelligence, and information assurance policy and regulatory documents that have been established by and for your department or agency.

It's clear that the Obama administration is telling federal agencies to take aggressive steps to prevent further leaks. According to the document, these steps include figuring out which employees might be most inclined to leak classified documents, by using psychiatrists and sociologists to assess their trustworthiness. The memo also suggests that agencies require all their employees to report any contacts with members of the news media they may have.





User Comments: 49

Got something to say? Post a comment
Benny26 Benny26, TechSpot Paladin, said:

Oh how beautiful...Irony at it's best

TomSEA TomSEA, TechSpot Chancellor, said:

I'm a 20-year military vet - and due to the type of work I was involved in carried a very high security clearance. But I can tell you from experience, and from what I've seen of the Wikileaks material, those memos could have come from damn near anyone. I'd say 70% of active military has at minimum a Secret clearance (which all those memos would fall under). And to qualify for a Secret clearance involves nothing more than checking your criminal and credit history which can be done online in 5 minutes. That's it. So we're talking about 18 year old kids with access to this material. And that's just from the military side - there's still the diplomatic corp or civil government agencies. Trying to find out who is passing these on is going to be near-impossible.

This strategy passed down isn't going to do anything. If it were me, I'd freeze all document access for people carrying a Secret or lower classification until they had passed a personal interview and lie detector test plus re-qualified for their security clearance level.

princeton princeton said:

TomSEA said:

I'm a 20-year military vet - and due to the type of work I was involved in carried a very high security clearance. But I can tell you from experience, and from what I've seen of the Wikileaks material, those memos could have come from damn near anyone. I'd say 70% of active military has at minimum a Secret clearance (which all those memos would fall under). And to qualify for a Secret clearance involves nothing more than checking your criminal and credit history which can be done online in 5 minutes. That's it. So we're talking about 18 year old kids with access to this material. And that's just from the military side - there's still the diplomatic corp or civil government agencies. Trying to find out who is passing these on is going to be near-impossible.

This strategy passed down isn't going to do anything. If it were me, I'd freeze all document access for people carrying a Secret or lower classification until they had passed a personal interview and lie detector test plus re-qualified for their security clearance level.

Doesn't matter. People like sociopaths ect always slip by lie detector tests. Preventing leaks is near impossible, especially for a country like the US.

TomSEA TomSEA, TechSpot Chancellor, said:

Yeah, near impossible but not entirely impossible. I think with some hard-core interviews, lie detector tests and thorough background checks you'd have a good chance of flushing someone out. Personally, I believe the leaks came from the diplomatic corps (embassy staff) somewhere. The vast majority of the Wikileak documents detail embassy-type musings and geopolitical stances. I'd put odds that the person leaking these is either 1) some disgruntled embassy employee who has been passed up for promotion or has a beef with their boss, or 2) someone sympathetic with extremist Muslim efforts (or is anti-Israel) working as a embassy staff member. Embassies always hire a few locals to help out deal with the respective culture - could be one of those.

Benny26 Benny26, TechSpot Paladin, said:

This strategy passed down isn't going to do anything. If it were me, I'd freeze all document access for people carrying a Secret or lower classification until they had passed a personal interview and lie detector test plus re-qualified for their security clearance level.

Arn't military personnel trained to pass lie detectors, in case of capture in a foreign country?

Or is that just the spy's and spook's?

TomSEA TomSEA, TechSpot Chancellor, said:

LOL...naw, you've been watching too many movies, Benny.

Darkshadoe Darkshadoe said:

Lie detectors are not reliable. All they measure is fluctuations in blood pressure and respiration. The reason that people get caught lying is the post-interview by the person giving the lie detector. He/she takes what information you gave during the test and manipulates it to see if they can catch you lying.

Guest said:

A lot of Assessing, and zero of actually doing anything to prevent leaks.

That documented is useless even to the party it was intended for. Information has been leaking out of Government walls for decades and it will continue to do so till they day Government no longer exists.

You might as well send this document to teachers in grade school to prevent kids eating crayons.

lawfer, TechSpot Paladin, said:

I don't really see the "strategy" here though... All they did was restate what's obvious.

gwailo247, TechSpot Chancellor, said:

I don't really see the "strategy" here though... All they did was restate what's obvious.

Then maybe government employees will get it.

crazyboy88 said:

gwailo247 said:

I don't really see the "strategy" here though... All they did was restate what's obvious.

Then maybe government employees will get it.

"like"

AllEyezOnMe said:

Maybe Obama will be accusing James Bond of the leaking the leaks next, that's how farcical this is becoming lol

Guest said:

Lie detector tests DON'T WORK so why would any rational government agency use them?

OH WAIT........

Guest said:

I don't think so, neo-marxist communist sympythyzer you! AMERICA will always stand, under Our Own Constitution, in Freedom, Liberty, and Humility for all the world to see. come on, anonymous guest, get with it. Justice for All, not just the nutty lunatics who wish to see destruction, chaos, anarchy, 'revolution', etc. etc. etc. ... did I say chaos ? yeah, no. We The People realize that chaos is merely a byproduct of irrational groupthink!!! ~~~Much like that emitted from the Progressive international 'movement' (kinda like a bowl movement if you ask me) . We'll keep Our God, Our guns, and Our Honor, Courage, and Commitment to the last breath of the the commie-crapola-cadres around the world, and then we will sing, dance, have a Tea Party, and then probably end up pissing all over it's ugly, unmarked mass grave - bwah, hah, hah, hah..... but seriously. it will happen. Freedom of the Individual, baby, under Law, YEAH ! Get Some :-)

Guest said:

this is not a leak... it is a public document, about a government policy. this is how it is -supposed- to be done.

sensationalize much?

Guest said:

Memo to Government: How about some effin' transparency in the sh*t we elected you to carry out in our name. Mofo's!!!

Guest said:

Unclassified documents are unclassified. That pretty much means anyone can look at them.

It's not ironic. It's not even special.

MtM313 said:

Loyalty can neither be bought nor enforced. It must be earned. Think about that.

Guest said:

The document is UNCLASSIFIED.

Not For Official Use Only. Not Classified. No Secret.

Therefore NOT LEAKED

You are ******.

Guest said:

The majority of documents are in addition to that unnecessarily classified as secret.

And in addition to this - many documents classified as secret have a secrecy lifetime that is way shorter than what the classification sets them to be.

However - the wikileaks events have provided us with one insight - don't write down things unless you really need to. Especially the opinions by diplomats shouldn't have been there in the first place. Don't forget that a lot of information have very little value in the long run, so if embarrassing and sensitive information is kept out of the volume channels then a leak wouldn't be dangerous in the long run.

Always have an alternate plan if the primary plan is revealed.

And don't ever think that a solution will be leak-proof. Even Benjamin Franklin realized this; "Three can keep a secret, if two of them are dead".

If something is written down - use keycodes that are known only to the people involved. That will at least delay anyone who get their hands on the information long enough to prevent them from finding it useful. Even if the document is transferred through encrypted channels there are always a risk of someone intercepting it. If it's intercepted but lacks context or is very ambiguous then it's a lot less useful for people outside of the circle. This is in a way what the Navajo Code Talkers were doing. Use a language unknown to the outside world, but use code words for everything in addition to that. The result was that even if a Navajo was captured that person couldn't make sense of the messages presented to him if he wasn't an educated code talker.

Guest said:

It seems to me, that if the Government didn't have embarrassing information to cover up, this wouldn't be an issue.

Keep the true secrets with the people who need to know them, and actually have a government that is "open" and "transparent" (an issue that the current president campaigned on, and was very hardcore about)... this problem is kept to a minimum. Amazing.

Guest said:

They forgot page 12:

The only way to prevent the leak of secret information is to not have secrets.

Guest said:

It's actually quite easy to track releases. All they have to do is send out a slightly different letter (change some words around) to each agency. Then compare the one leaked to the media to the agency that leaked it. This is not rocket science.

Staff
Rick Rick, TechSpot Staff, said:

I'm confused because the document itself says it is "Unclassified"

Guest said:

I am one of those that administers such tests, and i can tell you right off the bat they are highly unreliable . It takes a baseline of questions in order to find if someone is hiding something and for the most part the people who lie are the ones that believe those lies themselves .

Guest said:

The document was unclassified, so if it was leaked or not it is not against law to publish it.

Since WikiLeaks, OpenLeaks and similar sites are here and probably will also stay, I think it is a good policy to build a strategy for these kind of leaks.

I think similar action should be done by all governments and corporates.

Not only policy and strategy to avoid leaks, but also plans what to do after.

Guest said:

"And to qualify for a Secret clearance involves nothing more than checking your criminal and credit history which can be done online in 5 minutes. "

This is incorrect. TS requires background/credit checks, but involves actual interviews conducted by the DOD. They don't simply type your name into a database and clear you; you actually get an interim clearance while they check you, which takes several months to over a year.

I now question the authenticity of the rest of your post - as should others.

Guest said:

Freeze access? What a great idea. And the CIA, DIA, NSA, whoever, they're just supposed to stop working for a year while their clearances are reevaluated?

Guest said:

Excuse my ingnorance on this matter, but does that mean the young man (Specialist Bradley Manning, 22yr)currently held in custody in the States over this, could effectively walk?

I mean if access to the info is, as you say, easy to come by, how can they pin the entire leak on him.

I otherwise fear for this man potentially being scapegoated.

AD from Downunder.

Guest said:

How about just not screwing up big time instead and having nothing to hide?

Guest said:

This memo is available to the public:

http://www.whitehouse.gov/omb/memoranda_default

Not a good idea to call it leaked.

Guest said:

Just a little personal note: When I was in graduate school, I applied for a summer job at the NSA. Since, if hired, I would have been working on improving the SAC nuclear release codes, I needed to upgrade to a "Presidential" security clearance. (I already had a "secret" clearance from work I'd already done for NASA.)

Since I would only be working there during the summer break, the clearance process was "expiated," and I went to the NSA buildings outside Washington in early December for the required polygraph test and interview with a psychologist. The polygraph test was so boring that I fell asleep in the middle of it, and the psychologist seemed, um, well, inept.

But, all in all, they managed to come to the correct conclusion: They told me "thanks for asking, but no job."

The point in this story is two-fold: First, there are many levels of classification more restrictive than "Secret," and, second, access to data classified at those more restricted levels is much more controlled than access to data only classified as "Secret" or "Confidential."

In fact, I was told that the (approximately) twenty levels between "Top Secret" and "Presidential" were classified.

Judging from what has been disclosed in the various recent leaks, perhaps too much has been classified for no good reason, but, still, the higher levels of classification seem to be secure from leaks and not used without some objective, reviewed, reason.

Guest said:

I have 25 years of IT experience. I currently write web-based software, but I've done it all, including system and network security.

Based on what I've read about govt security protocols, I think most departments would fail miserably if subjected to a simple audit from any online credit card processing agency.

In other words, if our government was required to pass basic security requirements that Visa, for instance, applies to merchant account holders, they would be shut down immediately.

Jak Crow said:

God forbid the Israeli government gets embarrassed by the leaked documents.

Guest said:

<blockquote>It's actually quite easy to track releases. All they have to do is send out a slightly different letter (change some words around) to each agency. Then compare the one leaked to the media to the agency that leaked it. This is not rocket science.</blockquote>

No, it's not. It's the backstory to Tom Clancy's main character, Jack Ryan.

Guest said:

This is a ridiculous article with a ludicrous headline. The memo was published by ISOO ( http://www.archives.gov/isoo/ ) on the day it was released and by OMB shortly thereafter (link above).

If all you wanted was to drive traffic to your site, congratulations. If you wanted to report news, then better luck next time. Loss of respect, and trust, for the site and writers here.

Guest said:

Seems to me that the assesment process here is a wise precaution, but may have some holes in it that could be detramental to some government employees. None the less the breaches have increased in number but have been less exposing with the exception of Wikileaks of course.

Guest said:

@TomSea:

Did you view this Iraq video from an Apache helicopter shooting down at least 13 civilians including 2 Reuters journalists? How can it be defended this incident should be secret in the first place?

And hundreds if not thousands of incidents like it, where innocent blood is spilled?

And what about one of the latest cables about Israel, where an israeli diplomat states that they keep the Palestinian economy at the lowest possible level, without actually causing widespread starvation (while malnutrition is still common).

Maybe if there weren't so many coverup by the US, less people would feel morally obliged to leak these things.

Maybe these things really ought to be brought in the open, and the damage in that some of those cables really should have remained secret can be viewed as, well collateral damage.

And before you think I hate the USA: yes I hate a lot of the things the US does, but I don't hate the american people. Also I fear that America's actions and attitude are bringing about her downfall. And then we have China to worry about, whose abuse will probably ten times as worse than that of the US.

For the world's sake, the USG needs to open up like Obama promised, and stop the bullying, the wars, the tortures and renditions, the pollution and the economic warfare.

Guest said:

1) This memo says nothing about a new policy or posture, it seems more like a battle damage assessment.

2) Psychologists* not psychiatrists

Guest said:

"Lie detectors are not reliable. All they measure is fluctuations in blood pressure and respiration."

True. There have been numerous psychological studies showing that lie detector tests only are a little better than a random dice toss. Couple that with the fact that they produce more false positives than negatives (i.e, they falsely conclude that someone is lying more often than they falsely conclude that someone is telling the truth), and that anyone can train themselves to cheat lie detector tests, they do a lot more harm than good.

In many cases, lie detectors are only used to intimidate or trick the suspect - for example, two American police officers tricked a criminal into confessing by hooking him up to a copying machine and telling him it was a lie detector, and on other occasions suspects have "accientally" been told that the lie detector test won't work if they don't wash their hands after going to the bathroom, and then been secretly watched.

Lie detector tests are not used in most courts here in Europe, btw.

AnonymousSurfer AnonymousSurfer said:

Ironic but the title doesn't seem to fit all that well...

Guest said:

We've gone from Dubya to Damya in 10 long years. Can't anyone in Foggy Bottom remember what the U.S. Democracy is supposed to stand for? Where's Bubba on all of this? In the middle of this crowd. :=(

Guest said:

What really doesn't matter is that lie detectors don't work, so using them for important stuff is not exactly smart.

There's a reason they are not accepted in court in many countries (Australia, France, etc.).

Guest said:

Here, let's make it simple for them:

1. Don't write anything online

2. Don't write anything on a computer

3. Don't write anything on paper without a fire source nearby.

4. What, you need more than this?

Guest said:

Yeah. You DO know this was published on the OMB White House website right? Is it still a leak or casual and indifferent journalism.

Guest said:

Its going to be the same as in Soviet Union?

Everybody was taught to tell to "offices" about anything suspicious. Otherwise you would be enemy as well, who just didn't said anything about something you knew.

As well, what they going to do with "danger" employees? Reduce their possibilities, just based on opinion of those funny psychiatrists?

Cmon! Look around, they still sitting and do whatever they want: start a war with someone, steal oil, kill people because they are "danger" to them. They try to reduce all the risk, just cutting of resources from people, who is a bit smarter then others, who can see a bit more then others - is danger for them!

Its wrong, and I really upset about that quality of education was long time ago reduced with target of easier control - and they have it now. Most of US citizens, doesn't have own opinion, they don't try to think globally, just sitting in their small world, and live dependently on someone's "political" wishes!

I'm not against most of citizens of US, because its would be stupid, I'm against small part of em, who is very powerful and smart.

So based on that text, if I would be from US, what would happens next? Few "men in black" would knock my door after 30 minutes, or just report my boss (if he exists), that I am potentially danger.

People. Please, THINK!

Guest said:

You wrote:

" I'd freeze all document access for people carrying a Secret or lower classification until they had passed a personal interview and lie detector test"

And that is why you spent 20 years in the military - your solution is to lock everything down from everyone with Secret clearance. Rather than address the problem which is the ease at which this information is transmitted, you blame the people.

The problem here is with security not the people. If all the secrets were written on parchment and stored in a vault this wouldn't be an issue. But since these documents are stored on a computer network, our government is completely incapable of restricting how they are transmitted from one location to another. Your solution: restrict access for everyone rather than restricting what can be done to the documents. Sounds like a government operation.

Guest said:

What's so secret about this? Please stop being so separate, US-gov.

Guest said:

Just start chopping peoples' hands off. That usually works.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.