Over-classification in government continues to restrict information sharing according to a report by the US Department of Defense Inspector General.

Balance in Information Security

I’ve written previously about over-classification and why it needs to be actively countered in large organisations in the private sector and more importantly government. Getting the balance right in information security is critical to mission success.

There are a few key findings from the Inspector General’s report which will be no surprise for anybody who’s worked in a classified environment. The review sampled emails and documents classified by the US Defense Department and found:

  • 100% of the emails reviewed were incorrectly classified or marked
  • Around 70% of the sample material (documents/ files)  had ‘classification discrepancies’

I’d like to say its better in Australia, but I’m not confident. What is more interesting from a security perspective is the over-classification of material. The report states

“we do not believe that those instances concealed violations of law, inefficiency, or administrative error; prevented embarrassment to a person, organization, or agency; restrained competition; or prevented or delayed the release of information not requiring protection in the interest of national security.”

Well they would say that wouldn’t they. But leaving my cynic’s hat off for the moment… Ok one passing comment – there is a difference between the organisational approach which tries not to conceal and the approach of individuals or groups within an organisation.

Unfortunately, the report doesn’t make very many recommendations that will bring about change. In typical public servant speak, it says

We recommend that the Under Secretary of Defense for Intelligence and for Acquisition, Technology, and Logistics carry out the recommendations outlined in this report and continue to leverage the new Defense Security Enterprise, especially with regard to ensuring that Original Classification Authorities are fully engaged and accountable.

In any case, the report does acknowledge that

over-classification could unnecessarily restrict information sharing.

Hooray! Admittedly, a bit softer than I would like, but still important.

In this information age where as the Snowden revelations keep showing us,  the US and allies have access to huge swathes of information, but they can’t use it effectively to defend themselves or their allies.

The answer to this problem is not gathering more information! The 9/11 Report and scores of others keep telling us that we have the information in our databases, but we don’t use it effectively.

I’m not sure what the best analogy is here, maybe its a person who’s brain is not connected to their muscles properly. They can see and hear everything, but they rarely succeed in reacting to any of these stimuli. The problem with this analogy is that somebody with locked in syndrome desperately wants to make his limbs move. I’m not  sure this is the case with intelligence agencies and sharing information.

This does seem to be the curse of too much information and not enough brainpower to analyse it and use it properly. Especially when you are looking for the terrorist needle in a haystack. Over-classification is a key issue in the fight against fast evolving terrorist organisations.

Another perspective can be found over at Secrecy News – “DoD Inspector General Report on Over-classification misses the mark“.

More about the USA Department of Defense Inspector General

Alex Webling was the head of protective security in the Australian Attorney-General’s Department.