I used to be in the intelligence field, and I held a top secret SCI clearance for about five years.
What most people don't realize about classified information is that it's not the information itself that's so sensitive; it's the means via which such information is acquired that must be protected. If this were not so, targets could simply sidestep our intelligence collection vectors.
I rarely dealt with any classified information that was interesting or surprising. It's mostly stuff you would expect. The technologies and methods used to acquire a piece of intelligence were always more interesting than the intelligence itself.
When I was young and irresponsible, I worked for the Justice Department, analyzing drug policy. In that capacity, I was put through the full security mumbo-jumbo and received a Top Secret clearance and, on top of that, clearances for various very highly taboo Codeword categories.... Having been cleared, what did I learn that it would then have been a felony for me to reveal? Nothing that would have helped the Russkis or the narco-bad-guys. But I did learn the names of assorted corrupt high-level officials in various of the Carribean banking havens Jeff MacNelly once lampooned as “Rinky-Dink and Tabasco.” No elaborate spying had been required to learn the names; apparently it was routine cafe gossip in the countries involved. So why, I asked, is this material classified? Not that I had any desire to reveal it, but I was curious.
The senior security guy in the Criminal Division set me straight: Yes, everyone knew that the Rinky-Dink-and-Tabascanese Finance Minister, or Central Bank president, or whatever it was, was crookeder than a dog’s hind leg. He knew, we knew, the Prime Minister knew, the Prime Minister knew we knew, we knew he knew we knew, ad infinitum. Maybe the Rinky-Dink-and-Tabascanese voters didn’t know; that was their lookout.
But it was our policy to make nice to Rinky-Dink and Tabasco (honest, I forget which contrylet we were talking about). If it were revealed publicly that the US Government had knowledge that Mr. So-and-so was on the take, that would embarrass the Rinky-Dink-and-Tabascanese government, thus impeding U.S. foreign policy. Ergo, properly classified.
Well in this case it seems to be more of the "why". The information was easily obtained, the information was known in the country of origin. What was not admissible is for everyone to know that US govt. knows about the information.
I had a "Secret" clearance twice upon a time. Absolutely nothing I saw while I had that clearance was of the slightest interest. In fact, everything that I knew that was classified ended up appearing in Aviation Week. And no, I wasn't the leaker.
But I regard that as a symptom of over-classification, and speaks directly to the "fifteen or twenty" clearances Kissinger was about to get that were above a Top Secret.
Ultimately, there's only a few "national security" secrets, but there's mega boatloads of career-ending blunders, minor and major wastes of time and money, graft and corruption. Over-classification and compartmentalization solves all of those problems by covering them up.
The reason for so many different levels of classification isn't "this is more sensitive than Top Secret, and this is more sensitive than that, and THIS is even MORE sensitive, etc etc."
It's about compartmentalization - a guy who works intel in Iraq doesn't need to know about North Korean intel collection techniques, so it's classified differently and compartmentalized.
You may not need to know about the data collected in another compartment/agency but it would be useful to at least know how they are collecting data because you can then refine your own techniques.
Actually no. There is a trade-off there. Compartmentalization implies duplication of work and waste but it protects against one compromised person leaking a whole lot of information.
Imagine that North Koreans promised $2m to the Korean Intel Dept. employee to reveal their secrets. If the secrets and methodology is the same and shared as he Iraq Intel methodology that one person can cripple our the whole intelligence apparatus worldwide.
The flip side of that is that if a hostile power penetrates your network in one context and finds that you employ global clearance standards, the antagonist can roll up or contaminate your intelligence networks on a global scale.
I thought I read somewhere once that it was a violation of security procedures to reveal your security clearance level (unless it was in doing your job to access information). Is it ok to mention you used to hold a top secret SCI after the fact?
If you weren't allowed to mention the fact that you have one, then nobody would ever be able to apply for a government contracted job.
What the government doesn't want is people going out to a club and getting hammered and then telling a bunch of strangers that you have a clearance because it makes you a target in a situation where you are already vulnerable.
The funny thing is, a clearance doesn't give you a need to know. From my experience the overwhelming majority of people with a Top Secret clearance don't have access to anything that is even remotely interesting.
There is no formal guidance (that I'm aware of) about revealing a secret, top secret, Q, or L clearances, nor is there formal guidance on revealing that you are SCI eligible.
Each SCI compartment and SAP has its own unique rules about what you can and cannot reveal (some SCI compartments mere existence is classified at the SCI level itself, meaning you can't say you hold that clearance to anyone who doesn't hold that clearance, for example).
Each SCI compartment also comes with it's own unique rules about when you can or cannot talk about what you learned or were cleared to access (most are probably lifetime NDAs).
That said, it's pretty shitty opsec to tell someone, or the Interwebs, that you hold a specific clearance or do a specific job.
I'm not aware of one. In some cases, the information will just be disclosed, and you'll be forced to sign the paperwork and be 'read in' after the fact. As long as you have a legitimate need to know, that's fine.
Security procedures don't apply to you once you no longer have a clearance. Except for, of course, revealing the protected information until it is declassified.
Yes, the security structure can seem a bit artificial at times, like:
- During cleared professionals-only job fairs.
- Leaving a cleared job and all of a sudden there are no reporting requirements or security procedures. It's as if the gov't refuses to acknowledge that sensitive info is still in your head.
You can say you have clearances, but you aren't supposed to talk about what level.
When I was leaving the agency I worked for, I had to get what I wanted to write on my resume approved. They told me I had to remove my clearance level.
Just to play up the intrigue, perhaps you don't know of the information or clearances being mentioned. ;) "...a person who didn't previously know they even existed."
If the people we're gathering intelligence on (the "targets") knew how we are collecting that intelligence (the "vectors"), then they'd be able to avoid being spied on.
Also, sometimes the vectors themselves, if exposed, would cause diplomatic incidents -- human intelligence (spies), placed within a foreign government, or illegal means of collection (black bag job breakins, tapping undersea cables in national waters, ...).
Top Secret SCI ("secret compartmentalized information") isn't one clearance: each SCI has a codeword, and you get cleared individually for each one. That's probably what Ellsberg means by about to receive "15 or 20 special clearances", and what throwaway is referring to. It's not uncommon for TS-cleared individuals to be additionally cleared on at least one TS-SCI thing. Obviously codeword-classified information can vary in interestingness.
SCI is 'Sensitive' compartmentalized information, not 'secret'. SCI information can be SECRET or TOP SECRET (or, in theory, FOUO, although that would be weird).
As a Govt leader, rather than a working-class flub DOD employee, Ellsberg was probably referring to various SAP access that Kissinger was about to be read into. SCI is just one SAP (well, most people consider it as such, but the IC seems to disagree for legal basis reasons). This article is actually pretty good for once:
It's likely referring to the SCI status - the point of SCI, over and above just Secret or Top Secret, is that you have different "compartments" (clearances) for different categories of information. A guy with SCI working for the DOE would see much different information than a guy working for the DOD, or the FAA. And it's much more granular than that. I don't know anything about how the SCI compartments are created, only that you can be cleared for one more many when you reach that point, though you'll never know the full gamut of which compartments exist or don't exist until you are cleared for each one.
Thus, there are likely many clearances/compartments that a great many people don't know exist or don't exist. I suspect there isn't really anyone who knows what every compartment is.
One thing I've always wondered about was what the President's clearance consists of. Are there things he doesn't have access to? Does he know he doesn't have access? Can he see a list of every secret program, but perhaps not get details? Does he have totally unfettered access to everything the US does?
Edit: the corollary is, "how many people have access to everything?" or alternatively, "if the president doesn't, does anyone have access to everything?"
Not being the President, this is purely speculation, but I would guess:
There are many things the President probably does not have unfettered access to.
There are many, many, many trainings and shit you go through that reinforce that seniority and superiority do not in themselves constitute the 'need to know' for classified information.
There should NOT be someone who has access to everything, as the entire point of the compartmentalization is that no one breach can be used against everybody/everything. I have a suspicion that there are actually compartments which are mutually exclusive - if you're in Compartment X, you are, by definition, not allowed in Compartment Y, specifically for that segmentation reason.
There exist a number of "super users," I believe their role is to minimize redundancy of effort. Even if someone had access to everything, the amount of data generated far exceeds what one person can handle.
I'd imagine such super users get Name/Codeword/Purpose briefs to cross reference, rather than access to the information itself, as clearance to know is not a need to know.
I can think of two rationales for restricting the President's access to information.
One is plausible deniability: there's no need to expose the president personally to every misdeed everyone working for the government may have committed. Yes, that's a cynical, realpolitik type of answer that really pisses off people on HN, but it's true.
The other is simply that the President makes decisions at such a high level that low level information simply isn't helpful to him. The federal government is huge. The President can't function without hundreds of people who spend all day aggregating and summarizing information. This invests a lot of power in the aggregators and summarizers.
The main constraint is budgetary authority; it's easier to create a new secret program than to fund it. Ultimately all funding authority comes from the US Congress, although there are layers of obfuscation.
The ability to create new Special Access Programs is usually delegated to the level in an organization that actually does this routinely; definitely below Department level, above Combatant Command level.
On the Army side, check out AR 380-381, and legally, 32cfr159a. Basically someone more operational creates it, and then gets approval from above, but the authority to create the program is closer to the action than the ability to finance it.
They deconflict on names at one level, usually per department (e.g. Army, Navy). I think this is done by pre-assigning names in batches to be used. http://en.wikipedia.org/wiki/CIA_cryptonym is an interesting article.
Well, you have to keep in mind that compartments, from the way I understand them, are topical, or centered around the specific field they pertain to. Thus, the DOE and the DOD won't have the same compartments, and even the Army and the Navy won't have the same compartments.
This is, I believe, one of the reasons that intelligence sharing between agencies and the armed forces is so difficult. Some intel is compartmentalized in places that are inaccessible to another branch or agency, and changing the classification level or compartment of information is an extraordinarily inconvenient process.
The upside of this, however, is that we really do have a secure system for information
It seems to me that either someone knows about all the compartments, or there is a high likelihood of redundant and overlapping compartments being created accidentally. It probably is okay for one clearance to actually be represented as five or six because of bureaucracy (that's basically just denormalization, and product management systems deal with it all the time); the real problem is that project X might be half-covered by compartment A, and half by compartment B, and you just end up getting assigned both (thus exposing you to more classified material than you should know) because there's no one with enough oversight to create compartment C = A∩B, make A and B into A'=A-C and B'=B-C, and then just assign people A and C while leaving out B.
Basically, imagine trying to do library science without being able to know what information you're managing. The classifications created would quickly become senseless and incoherent.
What most people don't realize about classified information is that it's not the information itself that's so sensitive; it's the means via which such information is acquired that must be protected. If this were not so, targets could simply sidestep our intelligence collection vectors.
I rarely dealt with any classified information that was interesting or surprising. It's mostly stuff you would expect. The technologies and methods used to acquire a piece of intelligence were always more interesting than the intelligence itself.