1 / 19

National Security (Information Policy Aspects Only)

National Security (Information Policy Aspects Only). Yale Braunstein School of Information UC Berkeley. Definition. No precise definition Possible working definition: The ability of a nation to protect its national values from threats, both internal and external

yule
Download Presentation

National Security (Information Policy Aspects Only)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. National Security(Information Policy Aspects Only) Yale Braunstein School of InformationUC Berkeley

  2. Definition • No precise definition • Possible working definition: • The ability of a nation to protect its national values from threats, both internal and external • We focus on information – limits and controls

  3. Well-known Approaches (1) • Official Secrets Act (UK, 1911; last revised 1989) (1) A person who is or has been— (a) a member of the security and intelligence services; or (b) a person notified that he is subject to the provisions of this subsection, is guilty of an offence if without lawful authority he discloses any information, document or other article relating to security or intelligence which is or has been in his possession by virtue of his position as a member of any of those services or in the course of his work while the notification is or was in force.

  4. Well-known Approaches (2) • Security of Information Act (Canada, 1985) (1) Every person is guilty of an offence under this Act who, having in his possession or control any secret official code word, password, sketch, plan, model, article, note, document or information… (a) communicates the code word, password, sketch, plan, model, article, note, document or information to any person, other than a person to whom he is authorized to communicate with, or a person to whom it is in the interest of the State his duty to communicate it; (b) uses the information in his possession for the benefit of any foreign power or in any other manner prejudicial to the safety or interests of the State; • Canada has two parallel classification systems, one for defense information and one for non-defense information. The types of information that can have restricted access include commercial data, personal information, and information concerning policy development.

  5. Brief U.S. History (1) • Key acts & legislation from 1938 • 1938 Act (covers war & military issues) • 1940 Presidential Order re classification of military secrets • 1946/1954/1981 Atomic Energy Act creates parallel classification scheme; allows control regardless of source • 1947 National Security Act (also establishes CIA, DOD, NSC) • 1951 Classification extended to non-military agencies • 1952 McCarren Act controls entry to U.S.

  6. Brief U.S. History (2) • 1966 FOIA (effective 1967) has national security as one of nine exemptions • Does not address "over-classification" • 1974 amendment allows investigation of over-classification • 1976 Arms Export Control Act establishes ITAR • "Intl Traffic in Arms Regulations" include data and publications produced in U.S. • 2001 USA Patriot Act

  7. How Classification Works – Official View (1) • Military security exists in two dimensions called mandatory and discretionary. The mandatory levels are well known: • Unclassified: no restrictions on publication • Confidential: limited to members of the organization • Secret: limited to individuals with assigned Secret or higher clearance level • Top Secret: limited to individuals with assigned Top Secret clearance • [See comments on "Sensitive" classification below]

  8. How Classification Works – Official View (2) The number of people eligible to receive Top Secret clearance is restricted. Above the Top Secret level are discretionary controls, for specific categories, allocated to people with a need-to-know. These categories function roughly as Trade Secrets do in commercial enterprises. The main difference is that all documents at the Secret level and above are carefully logged throughout their lifetime. [Source for these two slides: Gio Wiederhold's Stanford course on Internet Security (2003)]

  9. How Classification Works – Official View (3) • March 2002 White House memo ordering agencies to safeguard information that is “sensitive but unclassified.” • Provision codifying the “sensitive but unclassified” category put into the Homeland Security Act (which created the Department of Homeland Security) • Instructs the executive branch to "identify" and "safeguard" "homeland security information that is sensitive but unclassified" (often called Sensitive Homeland Security Information (SHSI)) • Includes any information about terrorist threats, potential vulnerabilities, and disaster response. • Also applies to information that has previously been disclosed. (References: OMB Watch website , Sec. Ridge's address to the AAU, DOJ-OIP "FOIA" Post – look for Homeland Security.)

  10. How "Classification" Works - more [This slide intentionally left blank]

  11. Toward a U.S. Official Secrets Act • In 2000, Congress passed -- and President Clinton vetoed -- what would have been this nation's first "official secrets act," criminalizing leaks of any "properly classified" information. • Additional information at "OMB Watch" website

  12. Computer Security (1) • National Security Decision Directive (NSDD) 145 in 1984. • Gave NSA control over all government computer systems containing "sensitive but unclassified" information. • Followed by a second directive issued by National Security Advisor John Poindexter that extended NSA authority over non-government computer systems

  13. Computer Security (2) • Public Law 100-235, The Computer Security Act of 1987 • Reaffirmed that the National Institute for Standards and Technology (NIST), a division of the Department of Commerce, was responsible for the security of unclassified, non-military government computer systems. • Under the law, the role of the National Security Agency (NSA) was limited to providing technical assistance in the civilian security realm. Congress felt that it was inappropriate for a military intelligence agency to have control over the dissemination of unclassified information.

  14. Computer Security (3) • Since the enactment of the Computer Security Act, the NSA has sought to undercut NIST's authority. In 1989, NSA signed a Memorandum of Understanding (MOU) which purported to transfer back to NSA the authority given to NIST. The MOU created a NIST/NSA technical working group that developed the controversial Clipper Chip and Digital Signature Standard. The NSA has also worked in other ways to weaken the mandate of the CSA. In 1994, President Clinton issued Presidential Decision Directive (PDD) 29. This directive created the Security Policy Board, which has recommended that all computer security functions for the government be merged under NSA control. [Source: EPIC website ]

  15. Cyber Insecurity: U.S. Struggles To Confront Threat • NPR series, April 2010 • Americans do not often hear that someone has found a way to overcome U.S. defenses, but military and intelligence officials have been sounding downright alarmist lately with their warnings that the country is ill-prepared to deal with a cyberattack. • Director of National Intelligence Dennis Blair opened his annual survey of security threats in February by advising Congress that "malicious cyberactivity is growing at an unprecedented rate," and that the country's efforts to defend against cyberattacks "are not strong enough." • http://www.npr.org/templates/story/story.php?storyId=125578576

  16. USA Patriot Act (1) • On-going debate over Section 215 • Allows an FBI agent to obtain a search warrant for “any tangible thing,” which can include books, records, papers, floppy disks, data tapes, and computers with hard drives. • Permits the FBI to compel production of library circulation records, Internet use records, and registration information stored in any medium. • Does not require the agent to demonstrate “probable cause.” Instead, the agent only needs to claim that he believes that the records he wants may be related to an ongoing investigation related to terrorism or intelligence activities, a very low legal standard.

  17. USA Patriot Act (2) • Libraries or librarians served with a search warrant issued under FISA rules may not disclose, under of penalty of law, the existence of the warrant or the fact that records were produced as a result of the warrant. A patron cannot be told that his or her records were given to the FBI or that he or she is the subject of an FBI investigation. • Overrides state library confidentiality laws protecting library records. [Source: ALA website ]

  18. Has Sec. 215 Ever Been Used? (1) • Three different answers (choose the one you like best?) 1. "The number of times the Government has requested or the Court has approved requests under this section is classified and will be provided in an appropriate channel."(July 26, 2002, letter from Asst. Attorney General Bryant to Congress. Available at: http://www.house.gov/judiciary/patriotresponses101702.pdf )

  19. Has Sec. 215 Ever Been Used? (2) 2. Leigh Estabrook (U. Illinois) estimates number to be 15. (Wall Street Journal, Oct. 28, 2003, p. A6). 3. Mark Corallo, DOJ spokesperson: "Wrong, wrong, wrong. The attorney general has declassified the number of times Section 215 has been used and that number is zero." (Same WSJ story.) [Is this the real issue?]

More Related