Warring on the Web
Special to washingtonpost.com
Monday, Nov. 23, 1998
Deputy Secretary of Defense John J. Hamre has earned the reputation as someone not afraid to make decisions or ruffle feathers. Yet, as self-described chief operating officer of "the largest corporation in the world," Hamre often has to issue orders in the form of nimbly worded dispatches, a managerial necessity to mobilize an always diverse, stubborn and sometimes even insubordinate team.
When Hamre issued a three-page memorandum Sept. 24 addressing U.S. military vulnerabilities on the Web, his words unleashed a frontal assault by Internet foes who seek to insulate and isolate the Pentagon from the new lifeline. For an institution which intuitively equates free-flowing information with a saboteur, the knee-jerk reaction is that the Internet must be a threat.
The net, of course, was spawned by the Pentagon, and it is also increasingly intrinsic to military operations and communication: With 2,500-plus publicly accessible sites and almost one million e-mail accounts, the Defense Department remains the single largest community of net users worldwide. As Hamre states in his memo, the Web is the heart of the Defense Reform Initiative and the key to more efficient operations.
Nonetheless, responding to concerns raised earlier this year by the Joint Staff, Hamre ordered a comprehensive review of .mil domain Web sites to ensure that official information online does not "compromise national security" or place military personnel "at risk." Specific types of personal data such as Social Security numbers and home addresses were ordered expunged from public Internet sites. And a departmentwide Web security task force was created to develop new guidelines to protect a class of admittedly more ambiguous information, namely that which Hamre says "would reveal" sensitive military operations, exercises or vulnerabilities.
In the ensuing review, however, hardly any offending personal information has been found. In the overwhelming majority of cases, routine security reviews had already cleansed official sites. As the task force started its deliberations to develop interim guidance for the department, even a good number of the Army sites fell back into formation, none the worse for wear.
End of story? Just another hysterical Web attack?
"There's too much out there," says Michael White, DOD's assistant director for security countermeasures. White and others have created a security classification that they hope Hamre will adopt as the standard for data that is transmitted electronically. Their concept, called "format sensitive information," is defined as "unclassified information regarding DOD capabilities, infrastructure, personnel, and/or operational procedures, which, when electronically aggregated, in significant volume, could adversely affect the national interest, the conduct of federal programs, or the privacy of individuals if lost, misused, accessed, or modified in an unauthorized way. ..."
Hamre had invited that mouthful, warning in his memo that "the Web can ... provide our adversaries with a potent instrument to ... correlate and evaluate an unprecedented volume of aggregated information."
The proponents of creating yet another classification scheme say it is needed to thwart "point and click aggregation." They argue that you can find a bit of seemingly benign information here, a byte there, and pretty it soon it adds up to a security breach, or at the very least a public display of what should be a closely held profile of an individual, issue or organization.
But even in the Reagan era, attempts to introduce various new "sensitive" caveats largely faltered. More times than not, attempted controls under mosaic and other theories collapsed because so much information was already in the public domain that diligent scholars and investigative reporters were able to complete their work despite official protections.
None of which is to argue that the Pentagon shouldn't attempt to protect personal and other information that might really do damage to national security. But the concept of format-sensitive information being sent to Hamre as part of the task force's recommendations is so broad and vague that it should not be a standard for the government's presence on the Web.
Accept the Pentagon's logic of aggregation, and the natural argument is that nothing should be on computers, which is both ridiculous and dangerous. What Pentagon security types miss in their war against the Web is that the Internet and unprecedented openness of information is also the primary reasons for America's unchallenged strength and vitality in the post-Cold War world.
William M. Arkin, author of "The U.S. Military Online," is a leading expert on national security and the Internet. He lectures and writes on nuclear weapons, military matters and information warfare. An Army intelligence analyst from 1974-1978, Arkin currently consults for Washingtonpost.Newsweek Interactive, MSNBC and the Natural Resources Defense Council.
Arkin can be reached for comment at firstname.lastname@example.org.
© Copyright 1998 The Washington Post Company