Wednesday, June 03, 2009

No Accident

If you believe the so-called "experts," the recent, on-line publication of a detailed report on U.S. nuclear facilities was nothing more than an "accident."

The 266-page summary, which provided detailed information on civilian nuclear sites and programs, was posted at a Government Printing Office website until Tuesday night, when it was suddenly removed. That action followed disclosure of the document's existence--and its accessibility--at a web site devoted to government secrecy.

According to The New York Times, the report was marked "Highly Confidential" and listed hundreds of civilian reactors and research facilities linked to government nuclear programs. In some cases, the document provided maps that showed the precise location of fuel stockpiles used for nuclear weapons.

While analysts debate the damage caused by the disclosure, the Times managed to find an expert who dismissed the report's publication as little more than a clerical error:

“These screw-ups happen,” said John M. Deutch, a former director of central intelligence and deputy secretary of defense who is now a professor at the Massachusetts Institute of Technology. “It’s going further than I would have gone but doesn’t look like a serious breach.”

Of course, there is no small irony in Mr. Deutch's comments. As you'll recall, he was dismissed as CIA Director during the Clinton Administration for a colossal security blunder. Investigators discovered the Mr. Deutch not only took home highly classified intelligence files, he uploaded them on a personal computer that was linked to the internet. The CIA has never disclosed if foreign intelligence agencies were able to access Mr. Deutch's computer, and download secret files stored on his personal computers--machines that were never cleared for classified use.

Apologist for Mr. Deutch tried to depict him as a computer neophyte--a latecomer to the world of laptops--but that defense only goes so far. A CIA investigation into Deutch's computer files revealed that the CIA Director first tried to retain his machines, which had been purchased by the agency. When that request was rejected, Mr. Deutch apparently tried to reformat his computer, in an attempt to erase the classified files. He even sought help from technical experts at CIA HQ in an effort to reformat computer memory cards, a request that first raised questions about the director and his security habits.

In other words, Mr. Deutch willfully broke the rules, although he was never prosecuted and received a pardon from President Clinton. The "willful intent," so apparent in the Deutch case, is also evident in the "accidental" publication of that nuclear report. In other words, someone made a conscious decision to put the document on that unclassified government web site.

How can we be so sure? Government policy mandates the creation, editing and publication of classified reports on systems cleared for that type of information. Typically, a "confidential" report would be produced on a SECRET-level system, and published on an intranet cleared for that level of data. In the Department of Defense, the intranet for SECRET information is called SIPRNET. Other government agencies also have access to SIPRNET, or utilize their own SECRET-level intranets.

Getting that report on that unclassified web site, took several deliberate steps (or mistakes, depending on your perspective). First, the document had to be downloaded from a classified system and then copied or uploaded onto the unclassified site. Quite a series of missteps, wouldn't you say?

However, tracking down the guilty party should be relatively easy--assuming that the Obama Administration is interested in sealing the security breach. Government computer systems (at all levels) are extensively monitored, and employees must log on/log off using a personalized access card. Consequently, it shouldn't be too hard to find out who download the report, then uploaded it on the unclassified system.

One final note: many of the government's classified systems won't accept "outside" media, meaning you can't stick an unclassified flash card, floppy disk, CD-ROM or DVD into the appropriate drive and download information. Obviously, the feds haven't released details on the system(s) involved in this compromise, so we can't be completely sure how the information was transferred.

But one thing is clear: given the steps required, the posting of that report on an unclassified government web site was anything but an accident or a simple "screw-up."


gr8scott said...

The classification label on the document is not a U.S. classification, and the document contained information on civilian nuclear facilities only.

This may have been put together for the IAEA.

George Smiley said...

Possibly...but NATO SECRET isn't a U.S. classification per se, but documents with that stamp are still treated as classified, and they are prepared and handled accordingly.

In any event, putting anything labeled "confidential" on an unclassified government website was a deliberate act, and consistent with the current administration's "de-nuclearization" policies.

Mad Fiddler said...

1) Any document shared with the IAEA must be assumed to be freely available to the enemies of the USA.

2) Invited to bid as a private sector contractor on the production of a classified script, I applied for clearance. This meant personal clearances for myself and others in my company, and a facility clearance. I also had to develop a manual and security procedures for handling classified data.

If memory serves after most of three decades, there was NO DISTINCTION BETWEEN US government documents or any other source. If they came to you, you treated them with the same procedures. They wouldn't have been part of a classified program if they didn't need to be kept secret.

Classified data were all to be treated with the same diligence.

From the instruction I received in working out the procedures for our facility, a lot of security issues made sense that might seem needlessly complex otherwise. Because of that experience, it's absolutely clear, for instance, that Sandy Berger is a lying SOB who deliberately destroyed and / or stole classified documents. No way that was accidental.

Similarly, putting a 266-page document online required a series of deliberate steps. To claim that all those steps were done accidentally is either a bunch of lies, or criminal incompetence. You can't just dismiss it as an innocent slip-up. If I had done that as a cleared private contractor, I would lose my clearance AND probably be facing criminal charges.

Criminals on government payrolls.