When inside leaks occur, the typical and understandable response of the intelligence and military communities is to cut back on access in some way. But no sooner are stricter procedures implemented than they inevitably erode because the evolving nature of threats and technology demands new intelligence and greater sharing. Another response, from the Moynihan Commission in 1997 to the current examination by the director of National Intelligence, Avril Haines, is to wrestle with the problem of overclassification, on the theory that the larger the number of classified documents, the more difficult they are to manage. There’s some truth to that, but overclassification doesn’t itself cause leaks. To combat leaks, we instead must focus on dissemination and protection.
Determined individuals will inevitably find a way to get around any defensive measures. But rather than adopting one-off, backward-looking solutions aimed at preventing another leak, we need an integrated approach to disseminating and protecting national security information. Fortunately, both the government and the private sector have potential solutions in hand.
The government can create a sense of mission and public service, and it can vet and monitor, in a legally appropriate way, employee behavior. Even with the best policies and procedures for our system of handling classified documents, we must ultimately rely on a culture of trust and compliance. Most of the individuals with top-secret clearances know that the lives of their fellow members of the military, intelligence and diplomatic communities could be endangered by an unauthorized disclosure. Nonetheless, we need a greatly reinforced effort to restore a sense of public mission and inculcate the appreciation of the fact that our national security is at stake. This might be even more essential in the case of recruits for the military and intelligence agencies coming from Generation Z.
The principal way we currently train employees with security clearances is by making them periodically take an online course on the proper handling of classified documents. This mechanical approach won’t yield a work force that truly appreciates the need for security, especially in the younger generation. Requiring everyone applying for a top-secret clearance to undergo a psychological exam and polygraph (now done only for employees of certain agencies) would not only weed out problematic candidates but might also build cohesion among employees who feel they are part of a select group. And that type of vetting needs to be done continuously, not just at the time of hiring. Again, this could be a more acute issue among, say, impressionable 18-year-old military recruits whose views might well change in just a few years.
Of course, a trusted work force isn’t itself sufficient; there will always be temptations, and a certain percentage of people will deviate. Technology must fill the gap, and there, the government has much to learn from the private sector’s innovation. From pharmaceutical companies to defense contractors working on the cutting edge of the digital revolution, private companies deploy technology in an effort to prevent theft of industrial secrets so that samples, models and blueprints don’t walk out the door. The government could emulate the private sector, picking out the most effective solutions — perhaps installing paper-thin R.F.I.D. tags on documents and binders (triggering an alarm on exit, much like the system retail stores use to protect against shoplifting) or stepping up the use of artificial intelligence to catch anomalous behavior (such as someone printing out an atypical document). If every A.T.M. can have a camera, why not every top-secret printer? The government has been slow to adopt robust private sector techniques because they are costly and time-consuming to implement, and Congress demands quick fixes.
