OMB’s New Security Memo Suggests WikiLeaks Is Media

A number of outlets are reporting on the OMB memo requiring agencies to review their security procedures in response to WikiLeaks.

Now, this memo is explicitly a response to WikiLeaks. It’s a follow-up on a memo sent in November that names WikiLeaks.

On November 28, 2010, departments and agencies that handle classified national security information were directed to establish assessment teams to review their implementation of safeguarding procedures. (Office of Management and Budget, Memorandum M-11-06, “WikiLeaks – Mishandling of Classified Information,” November 28, 2010.)

And one of the questions it directs agencies to ask names WikiLeaks (and, in a sign of the government’s nimbleness, OpenLeaks) specifically.

Do you capture evidence of pre-employment and/or post-employment activities or participation in on-line media data mining sites like WikiLeaks or Open Leaks?

But the delay–almost six months between Bradley Manning’s arrest and the November memo, and another month until this memo, sort of reminds me of the roughly eight month delay between the time Umar Farouk Abdulmutallab tried to set his underwear on fire and the the time a bunch of grannies started getting groped at TSA security checkpoints.

Why the delay?

And from a document usability standpoint, this list of questions designed to help agencies identify weaknesses is a piece of shit. Trust me. No matter how good a bureaucrat is, asking them to use nine pages of nested bullets to improve a process is not going to work. This is simply not a credible process improvement effort.

I also wonder why it took WikiLeaks to initiate this effort. Just as an example, Los Alamos National Labs has been losing both storage media, computers, and BlackBerries going back a decade. You’d think the vulnerability of one of our nuclear labs would alert the government to our overall vulnerability to the loss of data via computer medium. Yet losing data to–presumably–our enemies did not trigger this kind of no-nonsense vulnerability assessment, WikiLeaks did.

The Russians and the Chinese are probably bummed that WikiLeaks will make it a teeny bit harder for them to spy on us.

All that said, Steven Aftergood makes one curious observation about the memo: this unusable list of nested bullets suggests that agencies should monitor employees’ contacts with the media.

Among other troubling questions, agencies are asked:  “Are all employees required to report their contacts with the media?”  This question seems out of place since there is no existing government-wide security requirement to report “contacts with the media.”  Rather, this is a security policy that is unique to some intelligence agencies, and is not to be found in any other military or civilian agencies. Its presence here seems to reflect the new “evolutionary pressure” on the government to adopt the stricter security policies of intelligence.

“I am not aware of any such requirement” to report on media contacts, a senior government security official told Secrecy News.  But he noted that the DNI was designated as Security Executive Agent for personnel security matters in the 2008 executive order 13467.  As a result, “I suspect that an IC requirement crept in” to the OMB memo.

I agree with Aftergood: it is troubling that an intelligence community requirement now seems to be applied to the federal workforce as a whole.

But isn’t this, at the same time, rather telling?

If a memo instituting new security reviews, explicitly written in response to WikiLeaks, institutes a policy of reviewing contacts with the media, doesn’t that suggest they consider WikiLeaks to be media?

image_print
  1. klynn says:

    If a memo instituting new security reviews, explicitly written in response to Wikileaks, institutes a policy of reviewing contacts with the media, doesn’t that suggest they consider Wikileaks to be media?

    Some document editor in some corner of the government just got fired because of your keen abilities.

    • Sebastos says:

      I just finished The Mendacity of Hope by Roger D. Hodge. He remarks (page 194) on how the Obama administration indicted Thomas Drake for whistleblowing on NSA’s illegal wiretapping under Bush, yet the crimes of the Bush administration go unprosecuted. It all depends on whose ox is being gored. Similarly here with WikiLeaks.

  2. Barry Eisler says:

    Credit to Assange for calling his shots. From Aaron Bady’s mind-bending post at Zunguzungu:

    “Instead, the idea is that increasing the porousness of the conspiracy’s information system will impede its functioning, that the conspiracy will turn against itself in self-defense, clamping down on its own information flows in ways that will then impede its own cognitive function. You destroy the conspiracy, in other words, by making it so paranoid of itself that it can no longer conspire.”

    In Assange’s words:

    “The more secretive or unjust an organization is, the more leaks induce fear and paranoia in its leadership and planning coterie. This must result in minimization of efficient internal communications mechanisms (an increase in cognitive “secrecy tax”) and consequent system-wide cognitive decline resulting in decreased ability to hold onto power as the environment demands adaption. Hence in a world where leaking is easy, secretive or unjust systems are nonlinearly hit relative to open, just systems. Since unjust systems, by their nature induce opponents, and in many places barely have the upper hand, mass leaking leaves them exquisitely vulnerable to those who seek to replace them with more open forms of governance.”

    https://zunguzungu.wordpress.com/2010/11/29/julian-assange-and-the-computer-conspiracy-“to-destroy-this-invisible-government”/

    • Sebastos says:

      Bady’s comments remind me of accounts of the situation just before the attack on Pearl Harbor, where so few people could see the Operation Magic intercepts of Japanese communications that they lost their potential usefulness for allowing the USA to be prepared for the attacks.

      • JohnJ says:

        The Whitehouse staff knew about Pearl 2~3 weeks before. (The mother of my parent’s best friends, one of those people, was very verbose about that).

        They weren’t controlling the information that well.

        The net result of no preparation was the replacement of an outdated fleet (except those modern carriers which just happened to be moved out of Pearl in time) and the motivation to war of a basically isolationist American population.

  3. BoxTurtle says:

    I’d love to see them try to convince a real court that Wikileaks ISN’T the media and deserving of full 1st amendment protections.

    But then I strongly suspect they’re going to use “other ways” of taking down Assange and Wikileaks. Trumped up or minor criminal charges pushed at the highest levels of government against Wikileaks employees. Unidentified attacks against their servers. Political pressure against ISP’s to disconnect Wikileaks.

    If I were Wikileaks, I’d be worried about that.

    Boxturtle (Oh, wait….)

    • TarheelDem says:

      That would likely force not a few ISPs to operate underground. Or offshore. And it would put the US asking for more stringent control over the internet than does China.

  4. amghru says:

    The Russians and the Chinese are probably bummed that WikiLeaks will make it a teeny bit harder for them to spy on us.

    And don’t forget the Israelis.

    • BoxTurtle says:

      The israeli’s do not spy on us anymore. There’s no need. They simply drop an email to one of their pet senators who forwards their question on the the appropriate federal agency. Then there is a phone call from the senator to the agency to make sure the senators request is handled promptly. Then the answer arrives in email.

      Boxturtle (Admittedly, blackmailing Obama for the data is more fun and might be a little quicker)

    • emptywheel says:

      Oh, I’m pretty sure we just GIVE the Israelis our info. Not to mention put them in charge of parts of our Toobz where they can take it freely.

  5. klynn says:

    OT

    EW, are you following the Wheeler homicide and the reports from EU papers?

    A telling bit was from a resident in Arkansas when she said, “I wondered why the clean up workers were wearing tyvek suits, respirators and were hosing down after clean-up? I asked the workers why the residents didn’t need to wear anything protective and they didn’t answer.”

  6. Shoto says:

    directed to establish assessment teams to review their implementation of safeguarding procedures.

    So this will ultimately result in a vast improvement in efficiencies and therefore a commensurate reduction in costs, right? Just look at the OMB and the 112th startin’ to get down with the cost savings. Wait. What?

    This is simply not a credible process improvement effort.

    Well…maybe not. Keystone Cops.

  7. TarheelDem says:

    The restriction on contact with the media for government employees and contractors has been an informal one for decades. I am surprised that OMB would open up the possibility of a FOIA request for a list of civilian employees who had contacts with POLITICO, say, about the future of Social Security. Or are some employees more equal than others?

  8. alan1tx says:

    According to a telephone survey of 1,029 US residents age 18 and older, conducted by the Marist Institute for Public Opinion in December 2010, 70% of American respondents – particularly Republicans and older people – think the leaks are doing more harm than good by allowing enemies of the United States government to see confidential and secret information about U.S. foreign policy. Approximately 22% – especially young liberals – think the leaks are doing more good than harm by making the U.S. government more transparent and accountable. A majority of 59% also want to see the people behind WikiLeaks prosecuted, while 31% said the publication of secrets is protected under the First Amendment guarantee of a free press.[308]

  9. papau says:

    In 1983 we presented the developed “suitcase atom bomb” to Reagan – but 1987 we were reading about the design and new Chinese modifications to the design in Chinese technical journals per CIA testimony in a public hearing before Congress in 91.

    Reagan gave the Atomic bomb latest design to the Chinese – and our media never pushed this narrative. Now we have to address internet media spy problems so as to keep our secrets. We will say that our secrets only get out by theft – they are never given away.

    I think I will start fund raising for an Obama library or statue in every town, just the way the GOP has done for Reagan, after all, Obama is trying to be the Reagan that was elected by the left.

    • lysias says:

      OMB Director Lew may have signed this directive, but I wonder how much of a role Cass Sunstein played in the drafting in his current role as head of OIRA (the part of OMB that oversees federal agencies, the addressees of the directive). After all, we know how interested he is in the control of information and of what is said on the Internet.

  10. frankBel says:

    This is off topic, but is there anything in the WikiLeaks releases dealing w/ the anthrax attacks? The anthrax spores that had been released were weaponized, and thus it was illegal (by virtue of international treaty obligations) to possess such weapons, and even more illegal to possess the ability to produce them. If they weren’t imported, they were manufactured in the U.S.

  11. teqwi says:

    From the enforcers’ point of view, requiring all 2.15 million federal employees to report every single contact with media is of practical use only when looking for a way to discipline or fire a particular employee who failed to report a particular contact. Evidence of wrongdoing can be tediously hard to come by, but snagging people on a minor failure-to-report infraction’s a snap.