Round Two: The Pentagon and the Web
Special to washingtonpost.com
Monday, Feb. 15, 1999
"I think that our government is hemorrhaging in a way that I have never seen in my lifetime," CIA Director George Tenet told Congress February 2 in an unusually emotional appeal regarding the state of official secrecy.
Tenet mostly pointed fingers at people in the executive branch, whom he suspects are responsible for as much as 80 percent of leaked information to the news media.
Lt. Gen. Patrick Hughes, the director of the Defense Intelligence Agency who was testifying alongside Tenet, chose a different culprit. His focus was not the Washington sport of peddling secrets for influence (after all, DIA is known for successfully keeping its thousands of employees in a protected bubble).
Hughes focused instead on the Web: "We seem now to have erred on the side of making so much information available that some of it has been damaging to our governmental collective effort."
For old timers like Hughes, focusing on what is truly new after the Cold War is easier than addressing the breakdown of internal discipline that seems to have struck the military and spy agencies.
The Hughes-Tenet war cry may suggest leak investigations and internal crackdown. We've all heard that before.
The more tangible and publicly damaging fallout comes in the ever-expanding Internet opposition within the national security community. Official Internet-haters latch on to such high level statements and find solace in the call for greater control over information, and in the general sense in Washington that the United States is threatened by cyberterror.
Two Opposing Trains on the Same Track
The anti-Web assault of late seems so successful to some that the Federation of American Scientists, a secrecy watchdog, opines that the "golden age of public access to government information" on the Internet is over."
Granted there is a profusion of closed Web sites and "access denied" messages that have sprung up in the .mil domain, but the Federation hyperventilates as much as the chief intelligence officers do.
The Internet is its own bullet train. Despite the efforts of security goons and information warfare operators who would like to obliterate the Web, the public .mil domain remains vibrant and is growing.
The chief of Pentagon Internet security is J. William Leonard, who chairs the department's "information vulnerability and World Wide Web" task force. Its December 7 "guidance" regarding the content of 3,000 or so official military Web sites could, if taken literally, shut down the .mil domain.
Some see Bill Leonard as the Internet anti-Christ, but in his corner of the security world (that is, where they've actually taken the time to understand the Web and what it's all about), Leonard is far less alarmed than Hughes-Tenet.
"When we started the review, I took a look at some random [official] Web sites," he says. "What struck me first was what I didn't see, which was any sort of consistency. I liken the Web to business correspondence. You don't put a business letter on a postcard." Official Web sites, Leonard says, should have the same formality.
The task force guidance charged military commanders and agency directors with responsibility for the content of their sites. Webmasters are being elbowed aside. It is a phenomenon that every sector of the Web encounters at some point the tyranny of the techies when the question is raised: how do all the doodads and gimmicks enhance our mission?
Bill Leonard denies any overall anti-Web campaign ("It's like repealing the law of gravity" he says) nor any attempt to create a new classification for electronic information.
Data mining and electronic aggregation, he argues nevertheless, is a real threat, particularly when it comes to personal information. "When you put out a personnel roster electronically, you have incurred a new host of risks and vulnerabilities," he says.
Leonard readily admits that many proposed security controls are at conflict with some of the most promising applications of Web technology. These include Defense Department favorites like electronic contracting and paperless operations. "When we embark on electronic commerce, there's tremendous advantages," Leonard says. But he points out the Pentagon is contracting for military goods and services. "There is some information that shouldn't leave the country, even by statute."
In the short-term, the Pentagon is making greater use of passworded and IP controlled sites. The long-term dream is to establish a superpower intranet only accessible to the cleared.
Does Leonard think any broad system of passwords or user certificates will be secure, given that the community the .mil domain serves active duty soldiers and reservists, families, veterans, allies, contractors and subcontractors numbers in the millions? Probably not. His crash course on the Web has taught him, moreover, that the technologies we see today will certainly not be what we use tomorrow.
William M. Arkin, author of "The U.S. Military Online," is a leading expert on national security and the Internet. He lectures and writes on nuclear weapons, military matters and information warfare. An Army intelligence analyst from 1974-1978, Arkin currently consults for Washingtonpost.Newsweek Interactive, MSNBC and the Natural Resources Defense Council.
© Copyright 1999 The Washington Post Company