DHS Puts its Head in the Sand

On the subject of the recent Washington Post Snowden document, the DHS sent this e-mail out to at least some of its employees:

From: xxxxx
Sent: Thursday, July 11, 2013 10:28 AM
To: xxxxx
Cc: xxx Security Reps; xxx SSO; xxxx;xxxx
Subject: //// SECURITY ADVISORY//// NEW WASHINGTON POST WEBPAGE ARTICLE -- DO NOT CLICK ON THIS LINK

I have been advised that this article is on the Washington Post's Website today and has a clickable link title "The NSA Slide you never seen" that must not be opened. This link opens up a classified document which will raise the classification level of your Unclassified workstation to the classification of the slide which is reported to be TS/NF. This has been verified by our Mission Partner and the reason for this email.

If opened on your home or work computer you are obligated to report this to the SSO as your computer could then be considered a classified workstation.

Again, please exercise good judgment when visiting these webpages and clicking on such links. You are violating your Non-Disclosure Agreement in which you promise by signing that you will protect Classified National Security Information. You may be subject to any administrative or legal action from the Government.

SSOs, please pass this on to your respective components as this may be a threat to the systems under your jurisdiction.

This is not just ridiculous, it's idiotic. Why put DHS employees at a disadvantage by trying to prevent them from knowing what the rest of the world knows? The point of classification is to keep something out of the hands of the bad guys. Once a document is public, the bad guys have access to it. The harm is already done. Can someone think of a reason for this DHS policy other than spite?

Posted on July 17, 2013 at 2:45 PM • 94 Comments

Comments

David ScottJuly 17, 2013 3:01 PM

Can confirm the mentality - same posture was taken during the WikiLeaks incident. As DoD contractors we were told by Defense Security Service that should there be "proof" that anyone accessed the files from our offices (which they incorrectly termed "spillage"), all network devices and IT assets would be "seized" to include PEDs and/or computers in our home.

MartinJuly 17, 2013 3:06 PM

I have viewed the subject slide on my home computer!

As a Canadian citizen, residing in Canada, and no longer holding the Cat 3 COMINT clearance that I used to hold, to whom should I report my viewing??

Wait ... I know ... I should report it on my Facebook page. That will alert everyone who who needs to know.

Johnny B GoodeJuly 17, 2013 3:08 PM

Although I hate government stupidity as much as anyone, I think in this case they're hamstrung by their own rules. The workers getting the memo work with various types of classified documents, on various systems, and they have strict rules about which systems can be used to view which documents.

Just as the memo says, putting a higher-classification document on a lower-classification system automatically promotes that system to the higher classification, which then forces all sorts of actions to be taken to avoid "leakage."

The rules don't make any provision for higher-classification documents ending up on a lower-classification system as a result of having been leaked already to the public, so putting a top-secret document on your workstation has the same effect whether you got it from the top-secret system, or from CNN.com.

Michael ToeckerJuly 17, 2013 3:10 PM

The only thing required is blind compliance and obedience, not intelligence and critical thinking.

If I were evil, I'd be doing this to ensure gov't employees and contractors were so ticked at Snowden, they would be happy to see him locked up.

Mike
//Not Evil

blJuly 17, 2013 3:16 PM

What happens if a dhs employee opens the web page on a nearby library computer? Immediate library card revocation? Drone strike?

Sterling JonesJuly 17, 2013 3:21 PM

The fact that the person composing the email was incapable of retaining and re-typing the title of the Washington Post article without introducing a grammatical error is hilarious.

QnJ1Y2UJuly 17, 2013 3:21 PM

This kind of thing made some sense when it was work computers that weren't supposed to hold classified documents - if you then found one, the investigation would be a pain, even if the document was publicly available.

But this part is insane: If opened on your home or work computer you are obligated to report this to the SSO as your computer could then be considered a classified workstation.

If that is required, then rules are very poorly written.

SombodyJuly 17, 2013 3:36 PM

This means if we send these slides via email to all the poor employees they cannot work any more, as the workstations are all classified.

Interesting DOS.

Rapier57July 17, 2013 3:46 PM

The memo reads like one of those old virus or security alert emails that used to float around perpetually. If I got this, I'd think it was a hoax. Of course, I opened the link and if that slide is Top Secret, we have serious priority issues in our agencies.

someguyJuly 17, 2013 3:49 PM

Nice to know I now have a TS classified workstation. Now that I have that, it shouldn't be a problem providing me with access to all the TS networks on my TS workstation ;-)

name.withheld.for.obvious.reasonsJuly 17, 2013 3:52 PM

Again, I suggest every add a signature to there e-mail that is a stenographic version of the aforementioned. Even a plain text extract (might want to tag it with the document number) is probably enough to drive the paranoid at the Pentagon into a frenzy...imaginig they'll have to clean every machine with network access. Using their own policies as a mean to balance the scales (remember hacktivist discussions). This approach is non-controversial as it is not an attack. It is speech. Which is antithetical to our gobnit's own practices.

name.withheld.for.obvious.reasonsJuly 17, 2013 3:54 PM

Quick answer: Ignorance--oh wait--STUPIDITY

MEPJuly 17, 2013 3:55 PM

DHS is worried that their own employees may experience a crisis of conscience if they learn the things that the rest of our learning. They're concerned that they're staff will start to question leadership. They might not be concerned with this in the case of this one particular slide, but they have to set a precedent here to prevent staff from seeing anything that might cause them to second guess their own loyalties.

boogJuly 17, 2013 3:58 PM

Yeah, saying "here's a link, don't click it" is certainly idiotic.

I didn't want to click the link before, but now...

Mr. ObviousJuly 17, 2013 4:05 PM

Because there are no ad-hoc exceptions to the existing procedures. The doc is only de-classified by the relevant authority, not by a "news" rag. The stupid part is that there is generally a lack of protocol for this sort of event.

PetterJuly 17, 2013 4:08 PM

A pretty intresting experiment would be to printed these slides and drop them off with the closest US Embassy gate keeper telling them I found them on the street and perhaps someone droped them, and then just leave. :)

LazloJuly 17, 2013 4:31 PM

Well at least now everyone knows how to avoid NSA surveillance. Make sure that you accompany all of your communication with TS data so that the NSA won't be able to look at it without a need to know.

JoeJuly 17, 2013 4:32 PM

I seem to remember that browsers are configured to preload displayed links based on some prediction algorithms. On top of that, for HTML emails the content display area is often handed over to the browser for rendering the HTML email content. So maybe simply by sending this email, lots of computers have loaded the linked PDF document (which the proxy will certainly show in its logs).

Mr. StoneJuly 17, 2013 4:44 PM

It's not really punitive; this is their standard procedure for dealing with data 'spills.'

The problem is they're not smart enough to distinguish, as a matter of policy, things that were already leaked to the public at large and as a result have effectively lost their classification, or at least the benefits of classification.

So, if you have a clearance, and keep viewing this stuff, they can come after you for it...but if you don't, you're just fine. Makes tons of sense, doesn't it?

Brandioch ConnerJuly 17, 2013 5:04 PM

This is stupid.

At the very least the rules should have been written to differentiate between a still classified file on a SECURE network versus a the same file that has been leaked and is now available on a PUBLIC network.

Otherwise that document could be posted on the front page of sooooo many sites that the DHS would have an easier time declaring which computers in the world are NOT now "classified workstations".

mayberrymachiavelliJuly 17, 2013 5:14 PM

This has always been the policy government-wide, not just at DHS.

Classified material remains classified regardless of whether it has entered the public domain until it is officially declassified. That applied to Abu Ghraib/torture memos, earlier Wikileaks stuff, etc.

Similar notices have gone out at other agencies recently and during leaks prior to this one.

It seems asinine, especially the viewing at home part, but can serve a legitimate purpose. For one, it allows deniability. If items that enter the public domain are automatically treated as unclassified, that's a pretty easy way to force the government's hand. Remember, not all leaks are socially valuable like the recent Snowden ones.

Also worth mentioning, I've never heard of anyone facing serious trouble for looking at this stuff at home. It can be a hassle if found during an audit of office workstations, though, so the general rule of don't be a dumbass applies. Folks in government who need to know the specifics for their job will find ways to see this stuff. The rest should be smart enough to suss out the details from regular reporting and inquisitiveness. The actual document rarely adds that much more than what is available in well-reported news stories.

anonJuly 17, 2013 5:24 PM

So seriously why are you so shocked. Believe it or not gov employees follow the rules, policies and laws that govern their work. Even to the extent that they know the action is futile.

FrankJuly 17, 2013 5:29 PM

"If opened on your home or work computer you are obligated to report this to the SSO as your computer could then be considered a classified workstation."

So there are now a lot of classified systems all across the planet.

"Again, please exercise good judgment when visiting these webpages and clicking on such links. You are violating your Non-Disclosure Agreement in which you promise by signing that you will protect Classified National Security Information. You may be subject to any administrative or legal action from the Government."

Sounds like the reasoning of a typical sociopath. He states something highly unreasonable, then calls this "good judgment". He finishes this off by throwing out a threat to those who would dare not simply buuuuuhleeeeve.

The underlying message is, "be as hypocritical as possible, call deep hypocrisy 'good judgment', and if you do not the government will hurt you bad for your disobedience to the state religion of hypocrisy".


JeremyJuly 17, 2013 5:57 PM

It's at least vaguely reasonable that things would not be automatically declassified when made public (that could be used maliciously, and there's a grey area between "one unauthorized person found out, we can probably still stop the leak" and "it's front-page news").

But if you've got someone whose job includes deciding when it's necessary to send out an email warning employees not to click a public link, maybe their job should INSTEAD be to decide that the genie's well and thouroughly out of the bottle and the document might as well be declassified? I understand human judgement may be required, but clearly a human is already in the loop...

Though really I suspect what they should be doing is distinguishing between receiving a known classified document and receiving a public document that might or might not be identical to a classified one. As a security precaution, prohibiting government employees from reading specific documents from a major news site is not merely useless, it's counter-productive, because it confirms the document is classified. The most secretive you could possibly be would be to treat all documents on the news site equivalently regardless of their classification.

futureisdarkJuly 17, 2013 6:02 PM

@Bruce
"The point of classification is to keep something out of the hands of the bad guys... Can someone think of a reason for this DHS policy other than spite?"

You answered your own question. The government is pivoting the "enemy" from al qaeda to "domestic extremists" according to James Clapper, basically any Americans who don't read Pravda or Izvestia.

People in government that have seen privileged information about the crimes committed are increasingly becoming constitutional "extremists", left, right, independent. Recently awoken Military, CIA, FBI, Special Operations now know what is going on, and they're preparing for the unthinkable.

.gov is afraid of these people learning information and joining Oathkeepers.

The people who have seized control of the government are preparing to wage war on you and us.
In a totalitarian society, everyone is the enemy.

Jim AndersonJuly 17, 2013 6:16 PM

What am I missing here? It seems the intent of the memo to DHS employees is to avoid a really nasty denial of service attack that would presumably ensue if multiple DHS people -- non-disclosure agreements in hand -- clicked on a link that contained a classified document and then had to take time to report it to their SSOs and the SSOs to follow-up on the cases, etc., etc. If the Pentagon Papers (classified Top Secret as I recall) had been put into a clickable link with this feature, it would have been a violation for me to click on it regardless of the fact that the Pentagon Papers had been published in the New York Times. I see the memo as a good thing. Now whether I go down to my internet cafe and type in the link just to see what the ruckus is all about is another story...

KhurtJuly 17, 2013 6:17 PM

What does it mean if a family member of an employee opens the document from the web site? What happens if the employee is standing behind that family member within view of the screen?

martinrJuly 17, 2013 6:25 PM

The US law is pretty weird, so this action could actually make sense in that weird fashion. The government is about to get sued in California and New York for their unconstitutional surveillance, and they probably want to do everything possible to avoid the leaked NSA documents admitted as evidence in court, pointing to their classified status and this being an exceptional matter of national security.

If they admit or allow that the information is factually declassified by being published in newspapers around the globe and being online an accessible 24/7 by everyone and his dog, then they probably loose the ability to bar this information from becoming evidence in court about unconstitutional surveillance.

Dirk PraetJuly 17, 2013 6:29 PM

It's a textbook example of policies that have been poorly translated into procedures.

As a wise man once said: "He who burries his head in the sand eventually will get buttf*cked by reality."

bobJuly 17, 2013 6:33 PM

Wouldn't it make more sense if, when a top-secret document is viewed on a completely open machine, the document should lose its status rather than the machine being elevated? Seems like the document's status should be a reflection of the present reality and not a mere pipe dream.

demachinaJuly 17, 2013 6:35 PM

Just a guess, but maybe their workstations have software installed that will detect that its user is looking at a Top Secret document, either because that document has something embedded in it that says its Top Secret, or they are looking at the images and seeing its stamped on the documents.

It might be they are trying to avoid an IT calamity caused by snooping software on their workstations designed to keep unclassified workstations from accessing top secret documents.

For example it may automatically lock down the workstation once it has top secret documents detected on it.

bcsJuly 17, 2013 7:20 PM

We should all iframe that link in every page we control (especially the ones we want the NSA to not look at). That would severely limit the number of NSA people who would be allowed to look at them.

Bruce ClementJuly 17, 2013 7:26 PM

If the DHS are reasonably competent then there is going to be some kind of rational reason for this action. Here's a couple of possibilities.

1. Assume there is a document 'A' that is highly sensitive. Documents 'B' and 'C' are both derived from document 'A' but are edited so neither has the full story.
Most employees who need either 'B' or 'C' to do their jobs are not cleared for document 'A'.
Document 'B' as been leaked. Any employee who is cleared for 'C' and reads 'B' as well now effectively knows the contents of 'A'.

or

2. Assume that there are a group of people analysing intelligence who are not cleared to understand how their reports are used. By reading the leaked document they become better able to understand how the analysis they do is used and this may create conflicts increasing their chance of defecting.

The document currently under discussion may not be a part of a group like 1 or reveal too much to the analysts but if the DHS doesn't issue a memo like this for this document and later issues one for another document they will be revealing that there is a risk in the other document.

James DoeJuly 17, 2013 7:32 PM

So if you would like to protest the NSA/CIA/FBI/DHS violations of privacy you could send an email to every email address of these agencies that you can get a hold of. And if you happened to include as attachment the slides available from Washington Post ... Well this might even get some attention :)

I assume that the mere fact that a classified document passes through a mail server means that the server classification status would be upgraded to a classified server and cleaned accordingly.

Question is, if the attachment is not opened by the recipient does that still mean the workstation classification status is upgraded? I would think so, if the attachment has passed through.

I think it is only a question of time till an organization like Anonymous decides to do something like this. It would probably wreak havoc...

CharlesJuly 17, 2013 7:48 PM

it is a funny set of rules to be sure. here are some thoughts that come from knowing some paranoid folks...

One item is that just because a document gets out of hand that does not mean it is officially declassified. Classified documents are on a need to know basis so someone without a need to know viewing a Leaked but still technically classified document has committed a security breach. That by itself could be a firing offence.

Second, workstations that handle classified documents are often destroyed once replaced, and so any computer used to view a document that is of "That" level would have to flagged as (not available to sell as surplus)

Third - discussing a classified document with those who do not have a need to know is a security breach.

Dirk PraetJuly 17, 2013 7:48 PM

Hint: if you would like to elevate documents or communications to a higher lever classification, try putting "TOP SECRET//STLW//COMINT/ORCON/NOFORN" somewhere on top.

For pranksters: put it in the email signatures of friends/collegues/relatives you don't particularly care about and who you believe deserve some NSA attention.

ShoemakerJuly 17, 2013 7:58 PM

It's a loyalty test?

The ones who avoid the link, okay. Loyal paper pushers who keep their heads down and do their jobs.

The ones who click on it on work, meh. Small fry, probably didn't even read the mail. Do not promote.

The ones who avoid it at work, but check it out when they're at home, maybe even using a proxy... Now those are the ones you'll want to keep an eye on.

Paco JaviJuly 17, 2013 9:58 PM

As has been already noted in several comments this alert is required by rules for dealing with classification levels. (It could also be viewed as a proof by reductio ad absurdum of a Theorem that I needn't mention). In fact, don't some of these rules require that any unauthorized downgrade have the receiving hard disk sanitized? I do wonder what would happen if somebody posted the slide on her Facebook page? Or a carefully rendered hand-drawing of it? Or made it into a pop-song (a-la Daft Punk?)

ChrisJuly 17, 2013 10:18 PM

Like the first poster said, it's always been this way. My view is that it's people doing CYA (cover your butt). I worked at a defense firm during wikileaks, and all wikileaks articles were censored (a colored screen would pop up informing us the content wasn't appropriate to be viewed). I saw this as our firm's attempt to protect itself, so it wouldn't be viewed as being part of the problem (despite that fact that no one would blame them because wikileaks was so widespread). Or perhaps a high-up management decision using the same reasoning, to protect themselves rather than the company.

AdlaiJuly 18, 2013 12:17 AM

This sounds familiar... a friend in the Intelligence Corps was not allowed to put an intercepted image of the Hezbollah logo as a background on a declassified computer, despite the logo being publicly known all over the place.

Wesley ParishJuly 18, 2013 12:24 AM

Just a quick point if anybody's reading - once you've seen it on your personal home computer, the data on it becomes Classified. Now when you are sending emails from your classified TOP SECURITY home computer, your emails are also classified TOP SECURITY.

Do the NSA droidss - gollum - have the security clearance of the required TOP SECURITY level to legally acknowledge the existence of your email? Does not acknowledging the existence of your TOP SECURITY account require them to look the other way? Does acknowledging the existence of your email incriminate them in the crime of violating national security?

EHJuly 18, 2013 1:58 AM

Classified material remains classified regardless of whether it has entered the public domain until it is officially declassified.

Right, and that's what's idiotic. Like trade secrets, there is no logical reason for the classification to remain once it's leaked except to foment ridiculous bureaucratic requirements like this in an attempt to evade Occam's Razor. I defy anybody to explain why this isn't purely stupid. "Them's the rules," doesn't count.

Graham BlakeJuly 18, 2013 2:00 AM

I suspect a significant aspect to this is the protocol (probably a non-trivial giant pain in the ass) that must be followed if a classified document is discovered on a terminal that was not authorized to view it. Remember, not all leaks are headline news, and the origin of a classified document on an unauthorised terminal might not be immediately or manifestly obvious, and a full audit probably has to be triggered (even if the origin is mostly-manifestly obvious in certain cases). As for a home computer, and reporting it, this is probably to ensure it is tracked so in the event it is discovered later as part of a routine security check, it is understood that it found its way on to the home computer through a media source rather than being evidence of an employee moving classified material to an unauthorised terminal with malicious intent. Bottom line, it is better to just avoid having classified documents where they are not supposed to be in the first place, which I think is the point of this memo. If you start writing ad hoc (apparently common sense) exceptions to your sanitation and compartmentalization protocols, it can quickly become a bigger hassle than simply adhering to the original protocols, even to an absurd degree.

A KeithJuly 18, 2013 2:37 AM

"If opened on your home or work computer you are obligated to report this to the SSO as your computer could then be considered a classified workstation."

If 90% of the email recepints reported this to their SSO, the SSOs would be questioning the reasoning and process. In the same way as discussed with law breaking to chnage the law.......

But the threat line, prevents people from feeling free to report it.

Status quo maintained.

BillJuly 18, 2013 3:54 AM

So now all that infrastructure is vulnerable to a Denial of Service by injecting Snowdon's docs?

Good grief. Just how dumb can something get before it's too dumb to function?

arfnarfJuly 18, 2013 4:21 AM

Just three simple observations:
1) A lot of NSA staff read Bruce's blog
2) This blog post contains a link to the top secret slide
3) The previous blog post also a contained a link to the top secret slide

I'm sure a few NSA staff got caught out...

OnTheWaterfrontJuly 18, 2013 5:32 AM

Could it have anything to do with the polygraph screening questions the government uses? "Have you accessed information above your clearance level"

ra6bitJuly 18, 2013 5:45 AM

I can't substantiate, but I'vs heard stories that some govt. machines watch for signatures of more highly classified material and a match will cause the system to raise the level of clearance required to use the system until they are cleaned. I'd assume that would be only on specific types of machine, though, it sounds like something that would occur under MAC. It seems unlikely that they'd be doing anything like that on home systems.

durianJuly 18, 2013 5:57 AM

I had a similar conversation with a friend who works for the FBI. He quoted something that give me chills:

"If you think a rule is stupid, you're wrong. There's a good reason the policy was put in place, but you can't know the real reason."

All I could think of was the Voltaire quote: "Those who can make you believe absurdities, can make you commit atrocities".

Makes me want to embed the Prism slides in porn, put the porn on usb sticks and drop them in parking lots.

Sort of a Rick-Roll for classified data...

Sam WhitedJuly 18, 2013 6:51 AM

The usual reason for this sort of thing (and for refusing to declass documents after they've been made public) is for plausable deniability (they can still claim the document is a fake up until the point when a government employee with a security clearance is found to have a copy on his workstation of the same classification level). It doesn't really make sense but it's a fairly common practice.

That doesn't exactly (read, `at all') apply in this case (especially since the above email is confirmation that it's a real / classified document) but it may just be a case of brainless administrators without any common sense taking policies too.

FrankJuly 18, 2013 7:15 AM

Reading the comments, there are many ways to point out how deep in bullshit all of this is. The email author would make a very good Nazi or North Korean. There does not seem to be any sense of shame with these people. They put out that they are fighting "terrorism", but they act like the regimes and people who produce it.

I guess because they use different words (but with the same meaning), they are different? Really, the author of that email strikes me as someone who would prefer to be working as an administrator in North Korea, and who would do very good on as a Neo-Nazi.

Everyone in computer security suspected the US was as bad (or worse) then China. Now, it has come out. There are still details lacking. If they are not working against terrorists and foreign spies, what the hell are they doing with all the data they are slurping up?

You do not need to slurp down undersea cables and get access to offshore telecom facilities and get everyone's call data and get backdoors into all the major US vendors and get everyone's cell phone gps data to do counter-intelligence or anti-terrorism.

Theoretically, what possible secrets could anyone be keeping. Peeling away the onion, you end up with basically nothing. Somewhere in there, there is probably very bad work being done. There is probably blackmail, subversion, terrorism.

Money is probably a major motivator and there is probably close cooperation with corporations. Politicians are probably being controlled.

All of these other secrets are simply bullshit. They will classify vacuum cleaners and treat it religiously. It is like a mystery religion. There is nothing to it if you peel away the bullshit. Usually that sort of secrecy is there to hide bad things. Human sacrifice. Incest. That sort of thing.

Plenty of human sacrifice going on when you figure in the war machine.

VinzentJuly 18, 2013 8:13 AM

@Wesley Parish: That's clever. I am not entirely sure about the implications of a TOP SECRET classified world-wide internet, but it seems, only government employees with a TOP SECRET clearance would be allowed to access it then.

Milo M.July 18, 2013 9:14 AM

The sender of the DHS e-mail obviously needs a remedial English class.

"The NSA slide you never seen" should be "The NSA slide you never seed".

mfeldtJuly 18, 2013 9:14 AM

Am I the only one who thinks that the grammar of the text reminds one a bit certain scam mails trying to get people to help in a money transfer somewhere in Africa?

In other words: Is this message really authentic?

interested.but.anonymousJuly 18, 2013 9:28 AM

Similar messages were circulated in other government agencies for this and concerning wikileaks.

FWIW - I made sure to take home my copy of the Washington Post that reproduced the classified slides rather than put them in the recycling box in my office and risk getting a security violation...

HJohnJuly 18, 2013 9:30 AM

@martinr: The US law is pretty weird, so this action could actually make sense in that weird fashion.
______

That probably has a lot to do with it. It seems silly on surface, but the security requirements on systems/machines storing classified documents is much stronger. Just because something is publicly disclosed doesn't mean it loses it's classification.

An example of this is IRS Publication 1075. Any time federal tax information resides on any device, very strict rules apply. These rules aren't waived because of a breach. Put in this context, just because someone's personal information escaped to the internet doesn't it's desirable for it to be downloaded.

From this perspective, I can see why DHS does not want these documents on machines. They probably won't declassify them. Whether or not they should is another story.

FridzJuly 18, 2013 10:14 AM

@interested.but.anonymous

You could get into a lot trouble for that!

You have just admitted that you have taken classified papers from your (presumably government agency) office to your home. I am sure there are procedures and protocols to deal with that kind of unauthorized transfer of classified documents, even if said documents consist of a copy of the Washington Post.

HJohnJuly 18, 2013 11:05 AM

I haven't looked at the documents. Yes, I'm paranoid.

But I am wondering if they have warnings on them?

Many documents that are protected by federal law have warnings that subject the holder to prosecution should they misuse them. So, even though they are out there, they probably will not declassify them, so they can prosecute someone who misuses them. If they do not declassify them, then all the regulations apply, and the would want to keep them off machines just to keep from opening up a security nightmare. And believe me, I've audited against similar requirements, and they are horrendous.

The more I think about it, the more it makes sense. They know keeping them confidential is hopeless, but keeping it illegal to use them may serve as a deterent.

Nick PJuly 18, 2013 11:07 AM

@ Dirk Praet

That's funny. Let's see if I can bump it up a notch:

TOP SECRET// SIOP/ESI

THAT would get some attention. Maybe throw in an extra codeword: SNOWDEN. Let them see both on the same sheet they'll s*** their pants. Btw, 'COMINT' was replaced by 'SI' in 2011. 'UMBRA' is retired as well so it's no longer useful in pranks on C and S people. (Not that I would do any.)

EHJuly 18, 2013 11:09 AM

Yes, why doesn't (or "does") the publication of the slides raise the classification level of each of those copies of the WaPo?

Nick PJuly 18, 2013 11:11 AM

@ Bruce Schneier

The reasoning behind it is really the same as last time you brought this up. Wesley Parish's comment is on the mark.

Let me remind everyone of what I said before though: there's very little of this classified information that leaks out despite a ridiculous amount of people moving a huge amount of information. This result tells us the controls work well enough. And if they work, they're not silly: they're just overdoing it at times to prevent any exceptional conditions from screwing them up.

Spaceman SpiffJuly 18, 2013 12:02 PM

The best kept secrets are kept in the open (hidden in plain sight). When you hide things, people get curious. When people get curious, they look in places you might not want them to. Example: keeping your kids from finding the xmas presents you are hiding from them. Never works. My mother knew this, so she would just keep the stuff around and if we were curious about them she would just say "Oh, those are just some things I am keeping for so-and-so so that her kids won't find them...". Plausible, so we would forget about them until Christmas morning. It worked quite well, though we caught on after a couple of years (or less - my sister and I were quite bright) of this. :-)

Kevin UnderhillJuly 18, 2013 1:06 PM

Bruce, what's your response to the argument that they have to do this because though it's been leaked, it remains technically "classified" and so has to kept off a "classified" system/network for various bureaucratic reasons? To me, at a minimum it makes no sense to have a "classified" system that is connected to the Internet at all. There is no way that's ever going to stay pristine.

Even if that made sense, this email goes beyond that concern by threatening employees that they may be violating the NDA in which they promised to "protect classified information." Whatever else we think about the policy in general, clicking on the link would not compromise classified information.

MikeJuly 18, 2013 5:07 PM

@durian

That's what they tell the stupid people at the FBI to shut them up. It's the sort of reasoning that also promotes a culture of over-classification.

Wesley ParishJuly 18, 2013 5:51 PM

An additional point I felt was worth making. The policy represented by this email is paranoid. Everybody acknowledges that. And official paranoia infects people exposed to it.

Now paranoia is a quantifiable medical classification. It can be "proved" in a courtroom before a judge and jury by a suitably qualified medical practitioners.

Is this a personal characteristic - let alone a "personnel" characteristic - we want amongst people who are vacumming up everybody else' personal data?

Dan RileyJuly 18, 2013 6:01 PM

They don't have an appropriate compartment for classified material that has been made public (and there are reasonable reasons for not automatically declassifying once made public). I'd suggest NTS//WL and NTS//WP control systems, for "nominally top secret, accessible by anyone that can read WikiLeaks/Washington Post", with an exception to the access controls so that NTS level documents don't automatically elevate the classification of the workstation/computer.

DHS risk guyJuly 18, 2013 9:31 PM

Tens of thousands of DHS employees live in the DC area and read the Washington Post on a regular basis. If DHS employees had followed this mindless directive, tens of thousands of home computers would have been reported and would hadto have been confiscated.

Can you imagine the re-directed man-hours that would have been wasted -- tagging and bagging home computers -- to follow this directive through to its logical end?

Stupid is as stupid does...

AlanJuly 18, 2013 10:07 PM

Reminded me of Snowden's essay "This essay is illegal" where he describes a patent that makes it illegal to know something. Kid you not. One company is suing the other one for mentioning the fact to somebody. Courts have ruled for the plaintiff (meaning the bad patent "owner").

The other bad guy here is of course the patent office. The other bad guy here is Congress for writing ambiguous and expansive legislation that abdicates legislative duties to the executive. The other bad guy is us (you me & them) for letting this take us down the drain.

HermanJuly 19, 2013 3:09 AM

Cool! From now on I'll include links to leaked secret documents in the footers of all my email to keep the spooks from reading it.

NSA Associate Directorate of Security & CounterintelligenceJuly 19, 2013 6:51 AM

If any NSA employee or contractor takes this email seriously and reports that he or she accessed Snowden's report from their home computer, we promise that they WILL REGRET IT!

At a minimum, we will confiscate their entire home computer, as it is now classified TS//SI//NF, and there is no way to sanitize TS-SCI classified media other than physical destruction (please refer to NSA/CSS Policy Manual 9-12, dated 13 Mar 2006, and to the DSS Clearing and Sanitization Matrix, dated 28 June 2007).

It is very important that NSA employees incriminate themselves when they disobey us. It makes revoking their clearances so much easier when we want to get rid of them. Remember: We see all and we have snitches everywhere inside the agency! Bow before our mighty power!

DwatneyJuly 19, 2013 7:18 AM

Next year's movie plot contest should be based on comedic plots. This story suggests some ideas.

GweihirJuly 20, 2013 5:36 AM

Impressive! Not only are those running the surveillance state utterly without morals, they are also utterly stupid. That raises the risk this whole operation presents to the modern society and individual freedoms far beyond the "red" rating.

amberJuly 20, 2013 2:10 PM

The policy is to protect the employee, if/when they are accused of espionage, intelligence leaks, and the like.

Unlike a subscription to a hard copy publication, such as Aviation Leak, in which classified information is routinely published, it is very difficult to demonstrate that the copy of the "ultra-top-secret" report that one has on one's desktop was really downloaded from the Washington Post website. It is trivial to demonstrate that the "utra-top-secret" report printed in Aviation Leak, whose hard copy format is on your physical desk, was included in that edition of Aviation Leak.

To expect the NSA, etc to automatically declassify everything that Snowden, and the other whistle blowers have publicly released, is unrealistic. That "security mindset" depends upon preventing information from being released, because it discounts the efficiency of the Information Dragon, in hiding information in plain site.

thothJuly 22, 2013 5:40 AM

Why don't they simply use their almighty powers as THE DHS to force Washington Post to never ever publish contradicting views ?

Aren't they so powerful ?

What a joke.

Setup a VM (TAILS Linux or something) or secure proxy and visit those links via secure connections ... viola ... rules violated without detection ... lol ...

On a second thought, how about asking your child to open the page and you read it ... hey your child opened it right and he / she did not sign those silly non-disclosure thingy ?

diwJuly 22, 2013 6:23 AM

Can someone think of a reason for this DHS policy other than spite?

You had it right the first time.
Stupidity. It's Hanlon's Razor.

The NSA has made a point of being at the sharp end, both in doing work that's corollary to freedom and keeping their mouths shut on that score, but they've apparently lost their way.

Lucas OmanJuly 23, 2013 3:57 PM

Seems they should have two concepts of classification: intended classification and effective classification. A document could be intended to be classified but, once leaked, is effectively de-classified. A workstation's classification level would then be based on *effective* classification, not intended classification.

chrisJuly 25, 2013 7:05 AM

What is a DHS employee brought a physical copy of that day' WaPo to work? Is there a classification for messenger bags? Do the newspapers have to be burned?

KirkAugust 17, 2013 7:31 PM

Two things come to mind:


  1. The DHS (or any other employer) has every right to state something is outside acceptable use policy on their machines. And this is likely a bigger distraction at work there then some other places.

  2. The author and/or those responsible for sending the email should have their clearances revoked. One rule of clearance is that you don't confirm the level of anything. IF you present me a document (even marked Top Secret) and ask if this is really such, my answer should be that it is marked so. If you don't have a reason for me to confirm or deny, you don't get confirmation or denial.


What really just happened is that many people got notified about the location of some secretes. What really happened is that many of those people went and looked where they felt unlikely to have been seen looking. Then they told their accomplice why and spread the damage even further. The best would have been to simply state in general terms work computers and time are not to be used to dig up dirt on the situation.

Mr. NixonAugust 21, 2013 7:35 AM

Only read the first couple dozen comments here. All are unbelievable inane. You all complain when government employees don't follow the rules, and then you complain again when they do. Y'all need to get a much more serious grip on reality.

Believe it or not, the vast majority of gov't employees (including gov't contractors) take their jobs seriously, and follow all the rules. You know - what makes this country different than those which have bene in the news recently is that we all aggree here to follow the rule of law.

You all are hyper-critical of our president when he selectively decides which laws to enforce and which ones not to enforce, but then you criticize gov't employees for not doing the same.

Clive RobinsonAugust 21, 2013 8:52 AM

@ Mr Nixon,

With regards your comment about "comments" that "All are unbelivably inane" and those who you say "Y'all need to get a much more seriously grip on reality".

You apper to treat "the vast majority of Gov't employees" as representing not just the whole Gov't but more importantly all of the Gov't ethics.

Now US prisons are well stocked with "convicted" people [1] and there would be a lot more if the prisons could be approved and built fast enough and politicians and their federal and judicial apointies had their way.

Which could be taken to mean that there is a significant percentage of the US citizenary that thinks rule breaking is part and parcle of ordinary life.

Now it would be an unbelivable view point that such mentality did not exist in as greater percentage of Gov't direct and indirect employees, and one that would I susspect would be unsuportable in reality. In fact I suspect that due to a sense of entitlement the percentage would be some what greater even though the rule breaking would be in effect more petty/white collar (especialy with coruption in defence and other Gov't contracts appearing no less diminished than it was pre 9/11).

Your comments appear to totaly want to ignore these issues and would thus render thems selves cloaked in the very same imperfections you accuse all others on this thread.

And as such many would suspect you of deliberate intent, which has the side effect of making you look somewhat like a troll.

Now if others disagree with me I would hope that they would say so using reasonable argument in a civil fashion that would promote reasond debate.

[1] The statistics of which tell a very interesting story of US prejudice and inequality.

name.withheld.for.obvious.reasonsAugust 21, 2013 12:19 PM

Bruce, could you or the moderator remove my previous post? It does not speek well to the argument I am addressing. Thank you.

@ Clive

The statistics of which tell a very interesting story of US prejudice and in equality.

If find this comment relevant to an issue resolved in a district court last week about "Stop and Frisk" were police officers stop and search people based on their location and socio-economic status. For me it is simple, does the policy include stationing officers in front of shinny buildings in downtown Manhattan? Are brokers and bankers stopped, asked to empty their pockets and briefcases before they proceed to their offices? The blatant and obvious tendency to use both the law and law enforcement to execute policies that insure the "comfort" of the very same people entering those shinny buildings is discomforting.


At a time when people decry the criminality of individuals in the streets why is it where the largest crimes against humanity are perpetrated from captain's chairs in office buildings from Manhattan and New York City to Seattle and Los Angeles and all points in-between. Let's not forget that prosecuting illegal wars, laws, and stealing the taxes and social security of the working class seems to be as large a criminal enterprise that has ever existed. I guess when you can afford a tax attorney or a press secretary your access to injustice has no limit or moral equivalent. And we let this stand...shame on us. Where is the indignity? Where is our humanity?

name.withheld.for.obvious.reasonsAugust 21, 2013 1:52 PM

My thanks and apologies Moderator.

My argument was diercted at the endimic issue that is government larges that affects so much. DHS itself is an organization that has solved little. Originally I believed that consolidation of the intelligence communities "silos" would be a good thing--I was wrong. The exponential growth and wanton incompetence is remarkable. The e-mail just stood as a wonderful (not in a good way) example of some of the problems. I wasn't going for mission creep. I was trying to express how wide spread the injustice (and I believe DHS is steeped in it) that is what we need to address. DHS's clamp down on internal behaviors is no different then what it and any number of agencies "we" fund do that is in defiance of reality.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..