Los Alamos National Lab

OMB’s New Security Memo Suggests WikiLeaks Is Media

A number of outlets are reporting on the OMB memo requiring agencies to review their security procedures in response to WikiLeaks.

Now, this memo is explicitly a response to WikiLeaks. It’s a follow-up on a memo sent in November that names WikiLeaks.

On November 28, 2010, departments and agencies that handle classified national security information were directed to establish assessment teams to review their implementation of safeguarding procedures. (Office of Management and Budget, Memorandum M-11-06, “WikiLeaks – Mishandling of Classified Information,” November 28, 2010.)

And one of the questions it directs agencies to ask names WikiLeaks (and, in a sign of the government’s nimbleness, OpenLeaks) specifically.

Do you capture evidence of pre-employment and/or post-employment activities or participation in on-line media data mining sites like WikiLeaks or Open Leaks?

But the delay–almost six months between Bradley Manning’s arrest and the November memo, and another month until this memo, sort of reminds me of the roughly eight month delay between the time Umar Farouk Abdulmutallab tried to set his underwear on fire and the the time a bunch of grannies started getting groped at TSA security checkpoints.

Why the delay?

And from a document usability standpoint, this list of questions designed to help agencies identify weaknesses is a piece of shit. Trust me. No matter how good a bureaucrat is, asking them to use nine pages of nested bullets to improve a process is not going to work. This is simply not a credible process improvement effort.

I also wonder why it took WikiLeaks to initiate this effort. Just as an example, Los Alamos National Labs has been losing both storage media, computers, and BlackBerries going back a decade. You’d think the vulnerability of one of our nuclear labs would alert the government to our overall vulnerability to the loss of data via computer medium. Yet losing data to–presumably–our enemies did not trigger this kind of no-nonsense vulnerability assessment, WikiLeaks did.

The Russians and the Chinese are probably bummed that WikiLeaks will make it a teeny bit harder for them to spy on us.

All that said, Steven Aftergood makes one curious observation about the memo: this unusable list of nested bullets suggests that agencies should monitor employees’ contacts with the media.

Among other troubling questions, agencies are asked:  “Are all employees required to report their contacts with the media?”  This question seems out of place since there is no existing government-wide security requirement to report “contacts with the media.”  Rather, this is a security policy that is unique to some intelligence agencies, and is not to be found in any other military or civilian agencies. Its presence here seems to reflect the new “evolutionary pressure” on the government to adopt the stricter security policies of intelligence.

“I am not aware of any such requirement” to report on media contacts, a senior government security official told Secrecy News.  But he noted that the DNI was designated as Security Executive Agent for personnel security matters in the 2008 executive order 13467.  As a result, “I suspect that an IC requirement crept in” to the OMB memo.

I agree with Aftergood: it is troubling that an intelligence community requirement now seems to be applied to the federal workforce as a whole.

But isn’t this, at the same time, rather telling?

If a memo instituting new security reviews, explicitly written in response to WikiLeaks, institutes a policy of reviewing contacts with the media, doesn’t that suggest they consider WikiLeaks to be media?

Emptywheel Twitterverse
emptywheel @JasonLeopold To be fair, DOJ has been using CI tools to combat "cyber" for over a decade.
9mreplyretweetfavorite
emptywheel Fred Upton apparently wants campaign finance code where outside groups agree not to describe how GOP hurt seniors. http://t.co/DMuYqam8k0
23mreplyretweetfavorite
bmaz @jilliancyork All good, up and doing her morning routine of hopping around like a bunny rabbit.
1hreplyretweetfavorite
emptywheel @ColMorrisDavis Anyway, I'll believe it when they behead their first terrorist financier. And let us investigate al-Rajhi.
2hreplyretweetfavorite
emptywheel @ColMorrisDavis But they said this in 2004 and 2005 and 2007 and 2009 and 2010 and 2011 and 2012 and 2013.
2hreplyretweetfavorite
emptywheel Because nothing will make for better news programming than out-of-touch coastal elite in an RV "talking to voters." https://t.co/sQs2p3D9L7
2hreplyretweetfavorite
emptywheel Chuck Todd, w/health insurance so he doesn't think 500,000 people getting it anew is big deal, will Meet the Voters https://t.co/sQs2p3D9L7
2hreplyretweetfavorite
bmaz Amazing story shows why law enforcement use of "confidential informants" is so pernicious http://t.co/LaAAEgO0yP
2hreplyretweetfavorite
emptywheel @bmaz to be fair, PAA was birthed after all but Mueller moved on, and the problems came in part bc they changed things after Baker moved on
2hreplyretweetfavorite
bmaz RT @OrinKerr: Supreme Court denied cert in case on Davis good-faith exception to exclusionary rule, Aguiar v. US. Good news if you like exc…
2hreplyretweetfavorite
bmaz RT @EFF: In Smith v. Obama, the gov't seems to argue that the constitution has a national security exception. It doesn't: https://t.co/KZpY
3hreplyretweetfavorite
bmaz @emptywheel But, but, but....Hospital heroism!!
3hreplyretweetfavorite
October 2014
S M T W T F S
« Sep    
 1234
567891011
12131415161718
19202122232425
262728293031