How the US government – and you – should assess secrets in the WikiLeaks age
For all the media drooling over WikiLeaks, the most serious implications of the leaked cables aren't on foreign diplomacy but on information security. The post-9/11 information age demands a rethink of how sensitive information is processed – by the government, but also by readers and reporters.
Washington and Hanover, N.H. — WikiLeaks has unveiled startling details of American diplomacy. Now, it’s time to figure out how to sensibly reduce the risk of future disclosures of national security secrets, and to correct misimpressions from present ones.
First, we have to ask: What went wrong? Was Army PFC Bradley Manning – the presumed leaker – the problem? Or is the issue broader security weaknesses? As it turns out, it’s both.
After the September 2001 terrorist attacks, US policy on sharing national security information took a pendulum swing from “need to know” to “need to share.”
Proponents argued that if fragmentary threat data had been better shared, the attacks may have been detected and thwarted. It is now clear, however, that insufficiently controlled sharing has abetted damaging leaks. How can a proper balance between information sharing and good security be restored?
Return to 'need to know'
First, the national security community should return to the time-tested security principle of need-to-know. In Baghdad, Mr. Manning apparently did not have access to reports bearing the handling controls for more sensitive diplomatic information, EXDIS for “exclusive distribution” or NODIS for “no distribution.” In this respect, security worked.
Stricter controls also need to be applied to who can gain access to sensitive information. A candid telegram from the US embassy in Rome to help prepare Washington leaders to meet with Italian Prime Minister Silvio Berlusconi should not have gone to the US military in Baghdad. Filters, electronic and manual, can prevent such misdirection.
Personnel security is also important. A Washington Post article this September reported that the sergeant in Baghdad who supervised Manning “was so concerned about the soldier’s mental health” that he disabled his weapon, according to Manning’s attorney. Yet the private continued analyzing intelligence. If true, sound personnel security policies were not being enforced. Manning should have been removed from sensitive work, pending a professional evaluation.
US diplomats are even more important
Beyond better controls on information and access, there’s a second lesson to be learned from the WikiLeaks revelations. Those who see US diplomats overseas as less relevant – given modern communications and information flows – are wrong. The disclosures show the unique value of embassy reporting and analysis, and of sustained personal engagement with foreign leaders in their own environments.
The US ambassador to Saudi Arabia, for instance, is better able to have frequent, candid interchanges with Saudi leaders on a range of US interests than are leaders in faraway Washington who occasionally visit or telephone.
Demand for context
A third lesson is that while partial revelation of diplomatic reports offers insights, it can also be misleading. For example, WikiLeaks disclosures of some US diplomatic reporting from Tbilisi during the August 2008 Russia-Georgian war might suggest that the embassy too readily accepted Georgian claims that Russia started the war.
In fact, the most sensitive information in quick-moving, high-profile crises tends to be conveyed by secure email, phone conversations, and compartmented messages, such as between the US ambassador and Washington leaders. WikiLeaks neither has access to this more secure information, nor does it provide broader context. For example, prior to the hostilities, Russia engaged in multiple provocations, including conducting a major military exercise and stationing troops just north of Georgia’s border with South Ossetia. The Russians intervened shortly thereafter.
Another example of disclosures without context comes from a leaked Department of State instruction asking diplomats overseas to gather personal information on key foreigners, such as credit card and frequent flier numbers. Some observers speculate that this crosses a line between diplomacy and spying. Multiple agencies in Washington, however, send overseas posts long wish lists for information. As the WikiLeaks disclosures show well, embassies focus their reporting on key priorities. They largely ignore grab-bag requests. Last week, Secretary of State Hillary Rodham Clinton issued a new report that promised a much needed streamlining of reporting demands.
WikiLeaks has given us more than juicy headlines. It’s shed light on some vital lessons for Washington and the global reading public. In this information age, Washington should reduce risks of future leaks and espionage by restoring the need-to-know security principle but applying it intelligently so that warning and threat information still goes to those who need it.
Security standards must be revisited and reinforced. And without vital context, readers of leaked documents should assess them carefully, along with official statements and actions and other public information.
William Courtney was US ambassador to Kazakhstan and Georgia. Kenneth Yalowitz is director of the Dickey Center for International Understanding at Dartmouth College, and was US ambassador to Belarus and Georgia.