The loss of sensitive documents, their
discovery in a public place, their delivery to a media organisation, the
headline exposure of official carelessness - all this is becoming a familiar
ritual in British public life. The second week of June 2008 brought a bounty in
the form of two such episodes:
Sandra Bell is senior research fellow,
specialising in homeland security and resilience, at the Royal United
Services Institute in London
Also by Sandra Bell in openDemocracy:
"The value of
information" (23 November 2007)
* a senior civil servant left two documents
(regarding al-Qaida and Iraq, and protectively marked "top secret") on a
commuter train leaving London's Waterloo on the evening of 10 June. The finder
delivered them to the BBC, which reported the discovery and handed the files to
the police. The culpable official, a 37-year-old male seconded from the
ministry of defence to work on intelligence issues in the cabinet office, has been suspended pending a full police
enquiry
* a number of papers dealing with the
financing of global terrorism via the drugs trade and money-laundering were
left on a Waterloo-bound train on 11 June. These were given to the Independent
on Sunday, which featured this new
development in its 15 June edition (while not divulging the documents'
contents).
The cocktail of mild embarrassment,
fear-frisson and sanctimonious glee soon passes, until the next scandal comes along. As long as no one is evidently
hurt or put in danger, everyone is entertained (by asking, for example, what is it about Waterloo?). The cycle tends
to pass too quickly, however, for anyone to inquire too closely about the
"real" importance of the documents concerned. In the case of the latest
blunders, the question might usefully be posed: were the documents actually "top secret", or simply
sensitive documents that just happened to have been thus classified?
The security test
The question may seem far less important than
the issues of public security and official accountability and competence
apparently raised by the loss of such documents. But it can be explored a
little further by highlighting how the protection of "official information" can
easily become a problem for those responsible, and even invite such unwanted
"revelations".
The United Kingdom government's
protective-security classification system is - as those whose work obliges them
to have regular access to the documents assigned to it know - a recipe for
migraine, or worse.
It starts with the storage. Classified documents
need to be kept in a cabinet with a special type of combination-code lock. To change the combination requires a degree in advanced mathematics,
a bespoke tool, and a large amount of sellotape. The possession of three hands,
which only a few colleagues can claim, helps. To be assigned one of these
monsters comes with the requirement of changing the combination every six
months - precisely the amount of time required to forget how you managed it
on the last occasion. It is a delicate process which demands far more concentration and
dexterity than the assembly of the most complex Ikea bookcase, so you always
try to do it when everyone else has gone home. Big mistake - because
(three-handed or extreme-geek colleagues excepted) there will always be a time
when you get it wrong and end up having to ask the site-security officer to
call out the locksmith.
Then there are the registers and spot-checks.
The fact that you have the document at all needs to be written down somewhere,
so that if it gets lost the security people can identify the last person who
had it. During the cold war this meant signing a register, in the form of a
large leather-bound volume guarded by the "keeper of the book": a lady of indeterminate
age and implacable appearance. Even if you managed the tricky task of avoiding
her ire - by remembering, for example, to use the precise shade of green or red
ink specified - you might as well have signed it in your own blood; for the
book would hover above you like a sinister shadow until the moment when the
next, dreaded spot-check swooped.
These are meant to happen at random - but in
practice they always target the person who last disrupted the relaxed evening
of the site-security officer by obliging him to find the locksmith
to untangle the combination-code lock. The spot-checker can also ask for any
document - but in practice it will always be the most obscure. It is often difficult
in any case to fit certain papers into the assigned security cabinet without
perpetual unfolding and then refolding of the relevant documents; in my case,
deft manipulation of engineering-drawings of nuclear submarines into the shape of a swan earned me a
black-belt in origami.
But even the cabinet, the register (and its
keeper), the locksmith and the origami are all elementary obstacles compared to
the ordeal of trying to take your classified document off your secure
site.
For the document needs to be protected from
prying eyes and locked within something that won't draw attention to itself. A
black-leather briefcase should be fine, just like the one that every London commuter
carries? Big mistake - they went out of fashion two generations ago. The
black-leather briefcase, designed and specified at a time when all civil
servants wore regulation dark suits and bowler-hats and carried rolled
umbrellas, might have passed in the Noel Coward era; carried by a 20-something
female in jeans on the way to a naval dockyard, it proclaims "look at me - I am
a secret document!".
The wrong question
The burden of secrecy, in short, is not light
to those at the coal-face of carrying it. But what about the document itself,
the one that gets you into so much trouble?
"Top secret" documents come in three flavours:
* documents where it would be obvious even to
an alien from outer space that wide dissemination would not be a good idea
* documents where you might need someone to
point out why they are classified the way they are
* documents produced by people who are so
convinced of their own self-worth and contribution to national security that they classify everything (these are the
same type of people who put one of those annoying little red flags on every
email that they send).
The rules of document classification specify
that the compromise of "top-secret" information would likely do one or more of
the following:
* threaten directly the internal stability of
the UK or friendly countries
* lead directly to widespread loss of life
* cause exceptionally grave damage to the
effectiveness or security of the UK or allied forces, or the continuing
effectiveness of extremely valuable security or intelligence operations
* cause exceptionally grave damage to
relations with friendly governments
* cause severe long-term damage to the UK
economy.
How do the recent incidents fit in? The
cabinet minister who reported the Waterloo loss to the House of Commons, Ed
Miliband, said that there had been a "clear breach" of the security rules as
the official concerned was not authorised to remove the files from government
premises. He continued: "While the documents do not contain the names of
individual sources or specific operational details, they are sensitive,
high-level intelligence assessments." Yet he concluded: "There is no
evidence to suggest that our vital national-security interests have been
damaged or any individuals or operations have been put at risk."
It was either a masterclass in political
obfuscation - or a revelation of bureaucratic convolution. For the minister
didn't reveal anything that could be linked back to the "top-secret" checklist.
He said that individual life had not been threatened (which is one of the
likely consequences of the compromise of a lower-classified secret document)
and that operations had not been damaged (which is one of the likely
consequences of the compromise of an even lower-classified confidential
document).
So Ed Miliband answered the wrong question - or perhaps the
documents were over-classified in the first place. For the compromise of a
"top-secret" document does not just put individual lives at risk - it puts
many; its compromise does not just put operations at risk - it damages in an
exceptionally grave manner. Is this
really true of the documents lost in transit at Waterloo?
The weakest link
A "no" to this question would not exonerate
the civil servant who breached the system. But it would perhaps go some way to
explain his ostensibly cavalier attitude to national security. This individual
is described as senior, experienced, on secondment from another branch of
government, and with a high level of security clearance. This means he is
doubtless well versed in the procedures - locksmith and all. Perhaps he even
has his very own antique black-leather briefcase. But, as Ed Miliband said, the
compromise did not have consequences that the compromise of a document of
a much lower level of classification would.
This implies that the documents might indeed
have been over-classified. Such a senior and experienced officer would have known
this; and it is highly likely that if he found himself seconded to a place
where things were classified just for the sake of it, he too would adopt an
offhand attitude to his security measures in order to offset rules and
procedures he could see were being imposed for the wrong reasons.
All of the above is hypothetical, as I have no idea of the content of
the lost-delivered-returned documents. It may be that Ed Miliband just didn't
want to scare the public by telling the truth. But the conclusion is far from
hypothetical. In any security system, the weakest link - and therefore, when it
works, the strongest - will always be the individual's belief in the system. If
an individual feels that the system is being abused by someone else, then they
will be more at ease abusing it themselves. A "top secret" classification is
helpless against the corrosion of trust.
