When I was a relatively young airman, working in a field that regularly handled classified information, you can be sure I learned a great deal about what needed done, and how to do it.
To begin with, it was bad enough, that many of the folks receiving such information, took it to places it should never have found itself.
Then there were the instances where some bright spark forgot or lost it—often in public places.
I bring this up, because of a series of events from recent history (not too recent, but definitely recent enough to still be burned into the memory of many).
Not too long ago, it was revealed that a person essentially at the very top of the U. S. State Department, was receiving basically all of their official emails to a private email account.
You can try to make out that none of the information in question was classified. For my part, I have a very hard time believing that’s the case.
People have homed in on the server upon which this email traffic was stored—what I’ll term the “destination server,” though obviously, it was only one potential destination, since emails can be sent to multiple people. On top of this, it can also be considered the source server, since the person in question undoubtedly sent emails “through” that server.
Here’s what everybody I’ve seen talk about things to this point, has missed.
Email doesn’t exist In a bubble.
Put simply, the servers that deal with email, are “store and forward.”
If I send an email from Colorado, that’s destined for California, there will be a number of servers in between, that will receive that traffic.
The main reason the position I served in for the latter part of my military service existed, was to make it so there were secure mechanisms for the transmission of information.
Yes, it was inconvenient for some schlub to make his or her way up to the bullet proof, one-way-mirrored window in my little communications center, to pick up official message traffic.
Imposition though it was, it was considered essential to securing classified—and even just official—information.
The lines in and out of that facility, were special (part of a network called AUTODIN, or the Automatic Digital Interface Network—don’t blame me, I didn’t name the thing).
On top of being secure (and at least supposedly, not attached to standard telephone systems), traffic on that network, was pretty much invariably encrypted (obviously, I’m not allowed to go into further detail).
The point was, that information was not to travel in ways where it could be intercepted by those for whom it was not intended.
This is the type of mechanism that was, and should be used for official information.
I should explain a little, what I said earlier about email.
When you send a message, it’s a “bad bet” to assume it won’t find its way a good distance from its source, regardless its destination.
An email might “hop” thousands of miles “off course” in the process of delivery.
One thing you should realize is, even if you start from a supposedly secure email server, the only way to ensure the information in the message remains secure (assuming you use the “standard means” for sending your email), is to encrypt it.
Obviously, the better your encryption, the more secure the information.
That implies the person receiving that data, has some method to decrypt it.
If you’re not doing such things, with classified—and again, really just official—information, and you are putting it out on the interwebs, what you’re doing is exposing that information to risk of discovery by “undesirables.”
Considering the reason for the classification of information, that is indeed a very bad thing.
Okay, so you destroyed your server that contained classified information.
Even if that’s the case, you can’t say that information wasn’t apprehended by people who shouldn’t have it, because they were aware of routes the traffic in question might take.
Granted, it’s hit or miss.
Still, the possibility exists.
Considering the responsibility of cleared individuals, to protect information at various levels of classification, if you’re such a person, you should be well aware this is wrong.
The higher your position in the grand scheme of things, the more aware you should be of this fact.
Further, for a peon like myself, I had access to scads of classified information.
Being fair, most of it would make people yawn, were they to be exposed to it.
For folks on lofty perches though, there’s a much greater chance that data would be harmful if released.
As a lowly airman (though I was a noncommissioned officer by that point), my fate, had I errantly released classified documents, would not have been a happy one.
And we’re not even discussing the intentional release of such information.
The reason for this, was to make it plain to those handling it, they needed take pains to ensure it was not released to the world at large.
Mitigation for such release can be horribly difficult, time-consuming, and very costly.
Even after appropriate steps are taken, it’s not reasonable to assume there aren’t people out there who are more or less unknown, that had or have access as a result of the improperly broad dissemination of that information.
Concerning yourself with the sanitization and potential destruction of just one server that’s connected to the Internet, is not the same as performing effective mitigation to deal with unwarranted disclosure of classified information.
This is part of the reason, I consider what was done where the person in question is concerned, to be horribly insufficient.
Had I made the mistakes they did—even as a low level worker—I would very likely have found myself in confinement.
We who worked in the community, had that threat over our heads on a daily and ongoing basis.
And though releasing it intentionally would have been much worse (and almost certainly caused even greater penalties to be enforced), doing so accidentally was still subject to severe disciplinary action.
It’s these realities I believe are being ignored where the case in question is concerned.
Think I’m mistaken? By all means, explain why you believe so.
Until someone does so though, I’ll continue believing as I do.