Why You Can’t Keep Secrets by William M. Arkin.
From the post:
I started thinking about this talk by polling friends in Washington to see if there were any good new jokes about secrecy. In other parts of the world, political jokes are often the purest expression of zeitgeist, so I thought a current favorite — you know, some knee slapper about the new Executive Order on classification, or one about the latest string of Bill Gertz’ leaks — would provide astute insight.
No dice though; people inside the beltway have never been renown for their humor.
In May, however, I was in Beirut, and the number of jokes about the Syrians were impressive.
Here’s my favorite.
Hafez Assad is with Bill Clinton and Jacques Chirac on the Mississippi River to negotiate Syria’s withdrawal from Lebanon. Assad drops his watch into the river and when he bend over the deck railing to look for it, snapping alligators thrust up from the deep. Clinton tells one of the Marine guards to retrieve President Assad’s watch. The Marine goes to the edge, looks over at the alligators and says to the President Mr. President, you know we live in the greatest country on earth, and therefore I can decline an unlawful order. If I jump in to retrieve Mr. Assad’s watch I would die, and besides I have a family…
So Chirac, thinking he can tweak the American nose says to a French soldier, jump in the water and retrieve Assad’s watch. The legionnaire snaps to attention and runs to dive in, but he then looks over and sees the snapping alligators, and turns to Chirac and says Monsieur President, you know our democracy is even older than America, and besides, I have a family…
So Assad whispers something in the ear of a Syrian soldier, who runs to the railing and without hesitation, jumps in the water, swims through the alligators, retrieves the watch, and returns safely to the boat. The Marine and the Legionnaire, both amazed, crowd around the Syrian to ask what Assad said.
Well, the soldier explains, I too have a family…
**
So what does this have to do with secrecy?
To me, it is a real world reminder that to level any kind of indictment about the evils of U.S. government secrecy is to be trivial. One only has to visit places like the Middle East to appreciate how free our system is.
…
Given the current events in Syria, a timely posting of a speech that Arkin made:
…twenty years ago to military and industry officers and officials at the annual U.S. Air Force National Security Leadership Course, Maxwell AFB, Alabama, delivered on 14 August 1996.
The central difficulty of secrecy and cybersecurity are both captured by the line:
Anyone knows that in order to preserve real secrets, they need to be identified.
As opposed to the blanket classification of nearly every document, memo, draft, email, etc., which is nearly the current practice in the Obama administration, you have to pick which secrets are truly worth protecting. And then protect them.
As Arkin points out, to do otherwise generates a climate where leaks are a routine part of government and generates suspicion even when the government, perhaps by accident, is telling the truth.
The same principle is true for cybersecurity. Have you identified the components of your network and the level of security appropriate to each one? Or do VPs still have write access to the accounting software?
For meaningful secrecy or cybersecurity, you must have explicit identification of what is to be secret/secure and what steps are taken to bring that about. Anything less and you won’t be able to keep secrets and/or have cybersecurity. (Ask the Office of Personnel Management (OPM) for example.)