Information Incognito

[R.A. Hettinga]

<http://online.wsj.com/article_print/0,,SB111145546123985866,00.html>

The Wall Street Journal


 March 22, 2005

 MEDIA & MARKETING


Information Incognito
In War on Terror, U.S. Tries
 To Make Public Data Secret;
 The Almanac Under Wraps?

By ROBERT BLOCK
Staff Reporter of THE WALL STREET JOURNAL
March 22, 2005; Page B1


Ever since Sept. 11, 2001, the federal government has advised airplane
pilots against flying near 100 nuclear power plants around the country or
they will be forced down by fighter jets. But pilots say there's a hitch in
the instructions: aviation security officials refuse to disclose the
precise location of the plants because they consider that "SSI" --
Sensitive Security Information.

"The message is; 'please don't fly there, but we can't tell you where there
is,' " says Melissa Rudinger of the Aircraft Owners and Pilots Association,
a trade group representing 60% of American pilots.

Determined to find a way out of the Catch-22, the pilots' group sat down
with a commercial mapping company, and in a matter of days plotted the
exact geographical locations of the plants from data found on the Internet
and in libraries. It made the information available to its 400,000 members
on its Web site -- until officials from the Transportation Security
Administration asked them to take the information down. "Their concern was
that [terrorists] mining the Internet could use it," Ms. Rudinger says.

The pilots' experience underscores one of the great policy clashes of the
early 21st century: the War on Terror vs. the Information Age. In the 31Ž2
years since al Qaeda operatives studied commercial airlines schedules in
preparation for flying jetliners into the World Trade Center and the
Pentagon, the Bush administration has moved aggressively to keep
once-easily accessible data under wraps. Some of that information could
well be of use to would-be terrorists, but keeping other information secret
strikes some observers as absurd.

For example, when a top Federal Aviation Administration official testified
last year before the 9/11 commission, his remarks were broadcast live
nationally. But when the administration included a transcript in a recent
report on threats to commercial airliners, the testimony was heavily
edited. "How do you redact something that is part of the public record?"
asked Rep. Carolyn Maloney, (D., N.Y.) at a recent hearing on the problems
of government overclassification. Among the specific words blacked out were
the seemingly innocuous phrase: "we are hearing this, this, this, this and
this."

Government officials could not explain why the words were withheld, other
than to note that they were designated SSI.

The concept of "Sensitive Security Information" originated in a 1974
statute, which kept things like airport security plans out of public view.
But the Homeland Security Act of 2002 greatly expanded the scope of SSI to
include any data that could help someone defeat transportation security
systems, including records of security inspections, work schedules,
training materials and the regulations authorizing screeners to poke around
in carry-on baggage.

SSI is actually one of some 60 categories of SBU, or "Sensitive But
Unclassified" information, a designation reserved for information that
isn't top-secret, but which the government still doesn't want released
publicly. Other "pseudo-classifications," as they're called by Congress and
some experts, include FOUO (For Official Use Only) and UCNI (Unclassified
Controlled Nuclear Information). Every government agency has the ability to
create its own form of SBU and any official can declare something
sensitive. Under such labels, officials have ordered a wide range of
information removed from public libraries and Web sites.

Critics say there are signs that these designations are now being overused.
One internal memo to Federal Air Marshals in Las Vegas last year stamped
FOUO announced a farewell breakfast party for a colleague and invited
co-workers for doughnuts and coffee.

So has the Pentagon's city-size phone directory, which was once on sale at
the U.S. government printing office, and is no longer offered to the
public. "It contains information about the specific locations of DoD
officials, and other personnel, within the Pentagon," says spokesman Lt.
Col. Gary L. Keck.

Many officials involved in the new secrecy effort say such measures are
vital to national security -- and that just because information has
appeared in the public domain, doesn't mean it should be made more readily
available. "We don't want to disclose vulnerabilities of the nation to our
adversaries," says Jack Johnson Jr., the former chief security officer for
the Department of Homeland Security, who until last month oversaw the
process of deciding what information was suitable for public consumption
and what was too risky to let out.

Some of the information that Mr. Johnson has deemed worthy of lock down
included the fact that Casio brand wrist watches are popular with al Qaeda,
that almanacs contain useful information for terrorists as well as
schoolchildren; that trucks are important components in truck bombs, and
that stolen police IDs can be used to access restricted areas. He also
designated the office telephone numbers of the department's 180,000 civil
servants and political officials as "sensitive" information, including, at
one point, the TSA ombudsman, the public contact for people who feel they
have been wrongly put on the "no-fly" list.

"When it comes to choosing between the public's right to know and the
safety of the country, I will err on safety every time," Mr. Johnson says.

Disclosing classified "top secret" information is a felony, and leakers can
face long jail sentences. But pseudo-classifications like SBU are rarely
defined by law, and leakers face no penalties beyond the possibility of
losing their jobs as federal employees. However, disclosing SSI, which
deals only with transportation security systems, can result in fines. The
TSA says it is looking at pressing charges against a few unspecified
employees for releasing SSI data.

Brian Roehrkasse, spokesman for Homeland Security, says SBU designations
actually allow government agencies to share information that might
otherwise have been highly classified, while still keeping it out of broad
public distribution. But critics argue that the number of classifications
has actually increased -- up 75% in recent years, according to National
Archive data -- and that the new designations just create more walls
between the government and public often over inconsequential bits of
information.

For instance, complaints about working conditions at the Portland, Ore.,
airport resulted in an investigation last September by inspectors from the
government's Occupational Safety and Health Administration. But release of
the results has been blocked to everyone except those with "a need to know"
by senior aviation security officials on the grounds that it contains SSI.

The Rand Corp., a private nonpartisan defense think tank based in
California and Washington, examined 36 Web sites and more than 600 public
databases containing detailed maps and satellite imagery that were shut
down after 9/11 -- and concluded that most of the information withdrawn was
of little use to terrorists and could be obtained elsewhere in textbooks,
trade journals or through nongovernment sites.

And the impulse to withhold information can have a cost. A surprising
critic of the nondisclosure trend has been J. William Leonard, widely known
as the government "secrecy czar," who heads the Information Security
Oversight Office, the branch of the government that develops classification
and declassification policies at the behest of the president. He says the
overuse of secrecy weakens efforts to protect even the information he feels
should be kept under wraps. "If your people lose faith in the integrity of
the process they will substitute their judgment for that of the process and
then it's chaos," he says.

Indeed, for some federal employees who handle such information, the secrecy
binge has already become a source of ridicule. TSA-Screeners.com, a private
Web site for airport screeners, offers a range of gift products for sale
emblazoned with the bold print "Sensitive Security Information," from tote
bags to baby bibs to dog T-shirts to teddy bears to thong underwear.
"Screeners see the humor and sales are doing pretty well," says the site's
owner-operator, Mark Arsenault, husband of an employee of Homeland
Security's Transportation Security Administration.


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com