What most people don't realize about classified information is that it's not the information itself that's so sensitive; it's the means via which such information is acquired that must be protected. If this were not so, targets could simply sidestep our intelligence collection vectors.
I rarely dealt with any classified information that was interesting or surprising. It's mostly stuff you would expect. The technologies and methods used to acquire a piece of intelligence were always more interesting than the intelligence itself.
When I was young and irresponsible, I worked for the Justice Department, analyzing drug policy. In that capacity, I was put through the full security mumbo-jumbo and received a Top Secret clearance and, on top of that, clearances for various very highly taboo Codeword categories.... Having been cleared, what did I learn that it would then have been a felony for me to reveal? Nothing that would have helped the Russkis or the narco-bad-guys. But I did learn the names of assorted corrupt high-level officials in various of the Carribean banking havens Jeff MacNelly once lampooned as “Rinky-Dink and Tabasco.” No elaborate spying had been required to learn the names; apparently it was routine cafe gossip in the countries involved. So why, I asked, is this material classified? Not that I had any desire to reveal it, but I was curious.
The senior security guy in the Criminal Division set me straight: Yes, everyone knew that the Rinky-Dink-and-Tabascanese Finance Minister, or Central Bank president, or whatever it was, was crookeder than a dog’s hind leg. He knew, we knew, the Prime Minister knew, the Prime Minister knew we knew, we knew he knew we knew, ad infinitum. Maybe the Rinky-Dink-and-Tabascanese voters didn’t know; that was their lookout.
But it was our policy to make nice to Rinky-Dink and Tabasco (honest, I forget which contrylet we were talking about). If it were revealed publicly that the US Government had knowledge that Mr. So-and-so was on the take, that would embarrass the Rinky-Dink-and-Tabascanese government, thus impeding U.S. foreign policy. Ergo, properly classified.
It generalizes my original point better than I did: with classified material, the secrecy is always because of the how, not the what.
But I regard that as a symptom of over-classification, and speaks directly to the "fifteen or twenty" clearances Kissinger was about to get that were above a Top Secret.
Ultimately, there's only a few "national security" secrets, but there's mega boatloads of career-ending blunders, minor and major wastes of time and money, graft and corruption. Over-classification and compartmentalization solves all of those problems by covering them up.
It's about compartmentalization - a guy who works intel in Iraq doesn't need to know about North Korean intel collection techniques, so it's classified differently and compartmentalized.
You may not need to know about the data collected in another compartment/agency but it would be useful to at least know how they are collecting data because you can then refine your own techniques.
Imagine that North Koreans promised $2m to the Korean Intel Dept. employee to reveal their secrets. If the secrets and methodology is the same and shared as he Iraq Intel methodology that one person can cripple our the whole intelligence apparatus worldwide.
What the government doesn't want is people going out to a club and getting hammered and then telling a bunch of strangers that you have a clearance because it makes you a target in a situation where you are already vulnerable.
The funny thing is, a clearance doesn't give you a need to know. From my experience the overwhelming majority of people with a Top Secret clearance don't have access to anything that is even remotely interesting.
Each SCI compartment and SAP has its own unique rules about what you can and cannot reveal (some SCI compartments mere existence is classified at the SCI level itself, meaning you can't say you hold that clearance to anyone who doesn't hold that clearance, for example).
Each SCI compartment also comes with it's own unique rules about when you can or cannot talk about what you learned or were cleared to access (most are probably lifetime NDAs).
That said, it's pretty shitty opsec to tell someone, or the Interwebs, that you hold a specific clearance or do a specific job.
I assume that there's a secondary signal that can be disclosed that everyone who has clearance can recognize?
Yes, the security structure can seem a bit artificial at times, like:
- During cleared professionals-only job fairs.
- Leaving a cleared job and all of a sudden there are no reporting requirements or security procedures. It's as if the gov't refuses to acknowledge that sensitive info is still in your head.
When I was leaving the agency I worked for, I had to get what I wanted to write on my resume approved. They told me I had to remove my clearance level.
Sorry, could you explain this? I can't seem to put this together.
Not all SCI compartments are codeworded, some just have names or acronyms (e.g. HCS - HUMINT CONTROL SYSTEM [http://en.wikipedia.org/wiki/Sensitive_Compartmented_Informa...)
As a Govt leader, rather than a working-class flub DOD employee, Ellsberg was probably referring to various SAP access that Kissinger was about to be read into. SCI is just one SAP (well, most people consider it as such, but the IC seems to disagree for legal basis reasons). This article is actually pretty good for once:
Thus, there are likely many clearances/compartments that a great many people don't know exist or don't exist. I suspect there isn't really anyone who knows what every compartment is.
Edit: the corollary is, "how many people have access to everything?" or alternatively, "if the president doesn't, does anyone have access to everything?"
There are many things the President probably does not have unfettered access to.
There are many, many, many trainings and shit you go through that reinforce that seniority and superiority do not in themselves constitute the 'need to know' for classified information.
There should NOT be someone who has access to everything, as the entire point of the compartmentalization is that no one breach can be used against everybody/everything. I have a suspicion that there are actually compartments which are mutually exclusive - if you're in Compartment X, you are, by definition, not allowed in Compartment Y, specifically for that segmentation reason.
One is plausible deniability: there's no need to expose the president personally to every misdeed everyone working for the government may have committed. Yes, that's a cynical, realpolitik type of answer that really pisses off people on HN, but it's true.
The other is simply that the President makes decisions at such a high level that low level information simply isn't helpful to him. The federal government is huge. The President can't function without hundreds of people who spend all day aggregating and summarizing information. This invests a lot of power in the aggregators and summarizers.
Unless the process is completely decentralized, there must be someone approving new compartments. They probably know at least a little about each one.
The ability to create new Special Access Programs is usually delegated to the level in an organization that actually does this routinely; definitely below Department level, above Combatant Command level.
On the Army side, check out AR 380-381, and legally, 32cfr159a. Basically someone more operational creates it, and then gets approval from above, but the authority to create the program is closer to the action than the ability to finance it.
They deconflict on names at one level, usually per department (e.g. Army, Navy). I think this is done by pre-assigning names in batches to be used. http://en.wikipedia.org/wiki/CIA_cryptonym is an interesting article.
This is, I believe, one of the reasons that intelligence sharing between agencies and the armed forces is so difficult. Some intel is compartmentalized in places that are inaccessible to another branch or agency, and changing the classification level or compartment of information is an extraordinarily inconvenient process.
The upside of this, however, is that we really do have a secure system for information
Basically, imagine trying to do library science without being able to know what information you're managing. The classifications created would quickly become senseless and incoherent.
Holy crap is there every redundancy and overlap!
In theory, with a small amount of secrecy needed to make diplomacy and security function, this makes sense. The problem is that it's not actually working in practice. There are so many un-elected people who have jobs for life and also the ability to classify broad swaths of information that the incentives are all set to increasing amounts of classified data. There's no correction mechanism. In theory, you'd have Congressmen aggressively using their oversight powers to correct the system. In practice, elected officials are mostly in for life (or as long as they choose) and are easily manipulated by the system. In fact, they don't want anything to do with making tough decisions. The more things are secret, the less they have to worry with those nagging voters giving their opinions about things. I read about intelligence oversight committees being told they don't have clearance to see things and it just blows my mind: our entire system of using force rests on civilian oversight. Thousands have died because civilians have made mistakes with information they've be given -- and that's the way it is supposed to work. Somehow we've forgotten all about this critical principle.
As an example, I'll pick a topic where you guys can all call me fuzzy-headed: UFOs. I pick this topic because of its ludicrous nature. Heaven help me if I were to pick something that was diplomatically sensitive and start hammering on it. I've been studying sightings and evidence as a hobby for many years, and based on credible eye-witness testimony I'm comfortably convinced that the United States government knows a lot more about intermittent atmospheric phenomenon than they are letting on. Why? I don't know. Why not a little more openness? I don't know. What part of this information is being used by my elected officials to make decisions? Again, I don't know.
This leaves the door open for all kinds of crazy speculation. It's an insane way for a democracy to treat its citizens. Yet this is just par for the course. All I did was pick a way-out example. Laugh off my UFO example if you wish, but for every thing like that there is a thousand other things that drive public policy -- and you and I will never know about them. Taken to this level, it is a very unstable way to maintain consent of the governed.
Not only does it make it impossible for an elected official to take advice, it makes it impossible for voters to make reasoned and educated judgments about the actions of officials. Secrecy corrupts everything it touches. That's why it must be aggressively minimized.
Bingo. Even a radical anarcho-capitalist like me is grudgingly willing to accept a minimal amount of government, in the sense that Bastiat described it as no more than "the collective extension to our individual right to self defense." BUT... with a big caveat that said "government" must be accountable to "We The People" and must be subject to our oversight, supervision and - possibly - dismantling if it fails to serve the end it was organized for. But when this entity accumulates and hoards crucial information about the world we live in, it's removed itself from that oversight and supervision.
This is the same reason why - despite the fact that I generally don't advocate "black hat" hacking - I don't really have a problem with people hacking government systems and releasing information contained therein, and why I generally support Bradley Manning. We need to know what our government is doing and how/why it's justifying those decisions, in order to maintain the feeling that the government is serving us.
You know, here in San Francisco they put out a thick pamphlet every election with the full legal text of all statewide and city ballot initiatives, using typography to also show how the existing legislative language would changed or deleted if the ballot initiative were to pass.
I am the only person I know who sits down and reads them all every election cycle. I'm sure there must be others, but most people vote based on soundbites - and they might be making a more efficient use of their time than I do. economists refer to this as 'rational ignorance,' where the cost of educating oneself on a topic exceeds the value of the knowledge gained as a result.
Some people favor minarchy or isocracy; I used to, but have changed my mind. Call me paternalist, but I'd rather have a technocratic government, or maybe even a gnostocracy.
a) due to how the information was collected
b) something derived (citing) a piece of classified information.
So a special collection platform may collect material at some high level of classification, anything that references that information (it could be 100,000 reports) are also all classified at that level automatically.
It's just how the system works not individual politicians stamping individual pieces of information as classified.
The Intellligence Squared US podcast did a nice job of covering both sides of this issue in their June 8th, 2011 podcast on freedom of the press:
So in 99% of the cases it's not like you make a decision to "classify" something. It is by its nature classified.
Think of it this way. You have a friend that tells you via email a secret. This secret can only be known between you and your friend. For example, you are arranging a surprise party for a third friend.
Using this knowledge it is your job to get a birthday cake that has the person's name and age (and a decoration) on it. But the only baker in town is also friends with the birthday friend. You don't want to risk the baker leaking the surprise of the cake to your friend. So you decide to buy a blank cake, and decorate it yourself.
This cake is also classified at the same level of the original information (Classified//only between you and your friend). Because it is derived from the knowledge of the birthday party email).
Now your friend prints off decorations with some party specific information, say a sign or some streamers or something. Those are also classified at the same level.
Suppose there are some other odds and ends that are a result of this email and the party plans. Say a "making of video" for the party etc.
Now let's say you also hire a clown for the party. You only provide the clown the time and place to come and perform, not any other details. Because the clown isn't in on the original secret, the arrangements for the clown and the various transaction documents pertaining to it are at a lower classification level. You might still not want the birthday friend to know that somebody he knows hired a clown on his birthday (a convenient coincidence) so you swear the clown to secrecy.
Even if it gets out and the birthday friend asks the clown directly, the clown has plausible dependability and doesn't know why he was hired, only that he was. So it's not good that your friend finds out, but it doesn't entirely screw up the surprise.
I'm stretching the analogy a bit, but hopefully that makes it clear how knowledge of single piece of information (the email that established the surprise party) can end up producing so many classified documents and how that process happens.
Secrets are a competitive advantage - conversely, having competing countries (in terms of economics just as much as defense) know exactly what we know would be a terrible disadvantage.
An example in the UFO case: You tested your new amazing stealth plane, but something went wrong and there are reports. However, if they fit the common UFO sighting tropes, chances are the whole issue is ignored/misinterpreted, leaving the secrets you want to stay hidden.
I once had a discussion with an Air Force officer who was involved with Homeland Security planning. I made points about warrantless wiretapping and other 4th amendment violations by DHS and TSA. He just shrugged and said I would probably feel differently if I knew all the things they had prevented. I said "Absolutely, tell me. Let me make an informed decision about whether DHS should exist or not".
He just shook his head and changed the subject. So much for an informed electorate.
see previous comment here http://news.ycombinator.com/item?id=3298594
Keep in mind that there are probably north of 1 in 150 Americans with current access to classified material. It's a huge number and just because you aren't in the club doesn't mean it's really all that hard to get in. Get a job that gets you a clearance and you can see what's on the other side of the curtain. Believe it or not, it's amazingly mundane.
At TS it starts to get more restricted. You have more ability to request access to things outside your general area, but you may/may not get approved.
In the Compartments, my experience has been they are surprisingly global in nature, but focused in content. Meaning I can pretty much get that "kind" of information for any place on the planet, but it's only that "kind" of information. There's some exceptions, but not many.
SAP programs tend to be where it gets very focused. Often because they represent information only collected in your area using only a specific means. So there isn't a global collection of that kind of data -- well, there might be, but you aren't in all of the SAP programs to try and figure it out.
Also, once at the TS/SCI level and above everything in compartmentalized. It isn't as if you get the clearance, get some password to some digital book of secrets and all of a sudden you know what really went down at Area 51.
Also, I work with plenty of people with TS/SCIs who have used drugs in the past.
The key is just being honest with the investigators.
You are right that people with too much debt, gambling problems, current drug use, etc. don't get one. But that makes sense. I've worked with some pretty sketchy characters though and they didn't have a problem getting or keeping there clearances.
I don't think I've ever personally known somebody who had theirs denied, I've known one person who had their taken from them for doing some questionable things.
Quite often it could be that the investigator could not ascertain the relationships on the wife's side and/or they don't have a citizenship yet.
I've worked on SAP programs that had 3 people on them. Some of the larger compartments probably have hundreds of thousands read into them.
I bet this sort of thing happens all the time.
It does not make sense to me. Perhaps you could explain to me how you reached this conclusion?
That said, over-classification is definitely a problem, particularly if done with domestic political considerations in mind. Even worse can be selective declassification, when the public is presented with a few bits of intelligence that present only part of the story and may lead to conclusions very different than had the full picture been presented (i.e. 2003 Iraq War run-up).
To have relationships that function the exact same way they do now. It's clear that things would be different. It's probably true that things would be harder for people in those roles. It's not at all clear that things would be worse for those outside of government, which is the real question of whether it is desirable.
You'd have to come up with something you could leak to prove that the code was broken, I suppose. But what about bragging about a code you've broken pretty thoroughly, and then giving really shoddy evidence that only arguably proves you've broken it? Sort of the opposite of Cryptonomicon's Unit 2702. You might make the enemy snort in derision, and believe that the cypher in question was still secure.
Do that a few times, and then suddenly reveal a lot of stuff that could only have come from one of the bragged-about-in-a-shoddy-fashion cyphers. Now all cyphers, especially the one's not bragged about come under suspicion.
Wow, this is a fun game!
This is especially true if dissenting opinion is filtered before it gets handed to the President etc.
I apologize if the following sounds a little leftist. I only intend to make a point about how mistakes come to be made, and what governments may need to do to arrive at better decisions:
Over in Australia, an ASIO analyst chose to resign rather than see Australia join the Iraq war on the basis of WMD pretexts. (Andrew Wilke is now a Member of Parliament).
The trillion dollar mistake US made was due to influencers being able to feed super-classified information to the willingly gullible people.
It is not easy for a President to call bullshit. I believe the reason is because there isn't sufficient accountability that is built into the system. In days past, members of the royalty are expected to fight in wars. Even during Roman days, only landowners could join the army. The appearance of the professional soldiers lowered the personal risk of the people in power who rush into war.
The Chinese emperors surrounded themselves with eunuchs thinking that the absence of offspring give some assurance that these people will be less biased, but it didn't work out that well. Influence is still peddled, particularly because power itself is very addictive on its own.
Some cultures resort to shamans to try to get an outcome that is independent of any one person's viewpoint. The most interesting one that I came across is the use of ibogaine, where people have a "spiritual" moment, where they see the big picture instead of worrying about themselves.
For a complex society to survive and transcend humanity's limitations, we may need to create a supermind. Some elements of this already exist. One is the idea of "opensource intelligence" that can be used to corroborate otherwise secret accounts.
The State Dept. bureaucracy had already been mobilized to defend this decision and had so indicated at various levels to their Pakistani counterparts. Clinton, of course, was briefed on this decision and expected to go along. This was US policy, after all.
Instead, Clinton told the Pakistani prime minister that it was wrong for the US to keep the money and that he would find a way to resolve it.
I note this because, according to the author of the piece linked, it almost never happens, even when, as in this case, the information involved is largely unclassified. So when decisions rely on classified information, percolated through the policy apparatus, it's surely much worse.
(Though one could argue that stuff like this : http://www.youtube.com/watch?v=oLhFXkvugLM&feature=youtu... can be used as evidence of showing how leading language can work, if you can feel your own opinion being swayed, as Bernard talks. The extent to which one can rely upon one's own feelings of their opinions is another matter... but it's a stab in the right direction.)
Yes Minister is not a normal comedy series. It is bordering on a documentary.
Even worse, the UK government knew that there weren't good reasons to invade Iraq, but went along with it simply to keep in with the United States.
It's similar to the Linux vs Windows debate: at first glance it seems ludicrous that an open source OS could be more secure than a closed source OS. But with enough eyes and enthusiasts, all problems are quickly fixed.
A small inner-circle who have access to the inner workings may find it hard to compete when their competitor has the whole world helping debug and fix the system, including the goodwill associated with that.
You didn't want to let the USSR know how many nukes you had (or they could come up with a stronger first strike plan). But you wanted them to know roughly how many, so they knew not to overreact (and build a massive deterrent to an overstated threat), or under-react (and get too cocky).
There's also value in giving biased paramaters - the President is mad, and you have more nukes than they think (which will make them scared, and more likely to back down, because they think they are dealing with an irrational actor), but you don't want to sail too close too the wind here.
The thing is, game theorists don't deal well with stuff that's not part of game theory. Game theory tends to assume that actors are all very smart, and aren't hamstrung by some of their best advisors being out of the loop.
I bet there are more countries without a military than ones without military secrets.
You can move information down only if the information is at the level you are moving it to and it's been properly signed off.
e.g. something that is marked Secret, but written to a Top Secret system, can be moved back down to the Secret system)
I'm using Chrome, and when I zoomed in, the pictures, headers and footers all grew appropriately, however the text remained a constant size.
I'm not sure how they managed that, but it makes for a terrible user experience when you want (or need) to increase the font size to make it more readable.
But why would you divide up information into 15 or 20 categories? I bet that even at "Top Secret" levels, the narrowness of view is stultifying.
To protect the information it in case one invididual gets compromised.
> I bet that even at "Top Secret" levels, the narrowness of view is stultifying.
Yes and that often makes work seem pointless and unrewarding. Invididuals migth get to view a very thin slice of a large project. So they might be designing an algorithm or a widget without knowing how and where it fits in the big picture.
I am guessing for some projects this compartmentalization leads to the dilution of guilt. "Hey I only build detonators", "I only build the shell", "I build the remote control", "I only leave the device in a certain place without know what it is". But all these people could be making something that would hurt or kill someone.
So, while there are implications of need to know they are IMO less significant than capable of understanding.
The pyramid structure that seems to permeate all things //system// has the following salient feature. Say a system pawn is a node at level $L$ and his/her boss is at level $L+1$ and the boss' boss is at level $L+2$. Depending on social skills and intelligence, the pawn might have information about "what is going on" at level $L+1$ by talking to the boss, but for sure he/she has //no// information about what is going on at $L+2$. In a way secrecy (i.e. information non-awareness) is the //essence// of the pyramid.
Assange has this paper , which talks about information being the perfect way to choke the system.
[ abstract: Consider the Gonspiracy G = (V,E) where V is the
set of conspirators and E is the set of inside information links.
The conspiracy G is embedded in a larger graph, society, S.
Let |G| be the power of the Gonspiracy. The 'good guys' want |G| to be small, the bag guys want |G| to be large. Assange defines the total conspiratory
|G| = sum information flows in e for all e in E
Seems like that would inevitably lead to everyone in the organization unable to determine whether or not their contribution was useful. (Short of them actually saving a life at the bottom level.)
With no hope of finding meaning in your job, it would make a 40-year career to retirement a long career indeed.
I can also think of a situation where a contractor might hire a mid-level manager's husband, wife or child. The mid-level manager would be able to crank up his or her headcount to get the relative a sizeable Christmas "bonus". I've heard tell that this sort of thing actually happens.
There are, however, members of the intelligence community who have the breadth of view to make good judgment calls. Just not enough of them, and no accountability.
In the U.S. here's how it works (I'm writing this from the perspective of a contractor):
You are hired to work on a government contract, that contract requires you to work on xyz project that requires you to handle information classified at a certain level (or with certain caveats or handling requirements). You fill out a bunch of paperwork (http://en.wikipedia.org/wiki/E-qip) and it's submitted to the government. The information you put down isn't really a whole lot more interesting than what you might put down on a home loan application, but you sign some consent forms that the investigator can do some credit checks, that sort of thing. You also put down some references they can contact.
Depending on the level you are applying for, the investigation may take longer, particularly if they interview your references. The interview questions are usually simple things like, "did you work with so and so at such and such place?" "have you ever heard them talk about overthrowing the government?" that sort of thing.
If you're a normal person, no serious prison record, drug addiction, serious mental health problem, or threatening political viewpoints (card carrying member of the nuke the US party) there's really not a lot that can prevent you from getting a clearance. Even prior drug use doesn't necessarily prevent you from getting one.
A Secret clearance has a very low bar to entry. You can get one after application in perhaps 3-6 weeks. I can't even get a cable guy to come to my house in that length of time.
A Top Secret clearance takes a bit longer, and is slightly more involved, but it's on the order of months to a year.
Most of the time people either get a Secret clearance of a Top Secret clearance -- there is no such thing as a "clearance" above Top Secret but people can often be confused by special accesses at those levels (explained below).
Operating at the Secret level, you'll have access to most of the information that is classified at that level. If you've read any of the wikileaks State Department stuff or the Afghan and Iraq war diaries you've seen what kind of stuff it is. Most of the time it's just information that the government would rather not go public with, but isn't really all that interesting in nature. Records of events, meetings, general information reports, troop movements, that sort of thing.
Probably 1 in 150 Americans has at least a Secret level clearance, and probably 1 in 50-70 have had one at one time (there are a lot of people that move through the military and/or for the military).
The Military's information systems are generally geared around the Secret level of classification and done on an Internet-like network called SIPRNET, There's even a Wikipedia analog and a Google search on it. It's like using a slightly shoddy version of the Internet as it was 5-10 years ago.
To be honest it's not really much more interesting than using your regular run-of-the-mill corporate firewalled intranet, except it's an unusually large organization.
Not all Secret information can be shared with our allies. Why? Well, we may be fighting a war with say, New Zealand at our side, but also investigating a case of attempted bribery where NZ is trying to smuggle sheep into California or some such. We don't share the bribery investigation data for example.
To deal with this we use what are called "handling caveats". Something shareable with say Canada and Great Britain might then be marked as SECRET//REL TO USA, GBR, CAN or similar. There are also group handling codes like NATO, ISAF etc.
There are also other classification markings that are used as caveats. They look kinda the same and are called compartments. It's generally just more restrictions on who can see the information.
People use 'SCI' like it's the same as "SECRET" or a some super high level classification. But what it really means is that it is information gathered in some way that we would really really rather keep private and thus you need another level of need-to-know to get access to it. Typically it's this way because billions of dollars was spent getting that information gathering capability and replacing it would be billions more or revealing it could expose people to severe risk, harm or death.. SCI compartments exist at all levels of classification.
Often knowing what the information is showing can directly inform somebody how it was gathered as well. So it's not just the means that's protected directly, but the data as well.
To see this information, you need to be working on a program that requires you to work with information in that compartment (need-to-know). And you will be "indoctrinated" or "read on" into that compartment. Which usually involves filling out some more forms, submitting the application, and watching a boring video telling you what the compartment is all about. There are many compartments. Compartments can also have sub-compartments.
However, in some cases, the information is so super sensitive (almost always meaning that people could be killed if it becomes known) that the government wants to make sure you can be trusted with it. So you might get polygraphed. Usually they just ask you things like "have you ever considered trying to overthrow the U.S. government" and other similar. You might also go through a slightly different polygraph with highly personal questions about your sex habits.
Even more restricted are Special Access Programs (SAPs)
These are things like the Nuclear Codes. Even the names of the SAPs are super double probation classified. Often they are one super specific kind of information, and they are managed very closely by the agency that creates them. Very few people will be granted access to the SAP.
All of this holds true for Top Secret clearances and information, except everything is just that much more carefully controlled. You have to have a reason for accessing it, most people don't, and you have to fill out lots of paperwork and have lots of background investigation stuff.
You are encouraged frequently to try and accomplish as much as possible at the lowest classification possible. Mostly so we can share the information (all of which is declassified after 25 years max). But sometimes we just can't and things have to move up in classification.
Everything has a legal hurdle. There's lots of lawyers and other bureaucrats involved in everything. You have to report where you are everyday or establish where you'll be if you'll be out of contact for any length of time or you lose your job. If you did something bad while missing, then you'll probably end up in Federal prison for a very long time.
There's definitely too much stuff classified. What most people who don't know anything about the classified world complain about is this problem. It's actually reasonable to argue this. What they don't realize is it's a pain in the ass to keep stuff classified. What they also don't know is that everything declassifies after 25 years (or sooner) unless it's something super special sensitive (nuclear codes). This is a tremendous pain in the ass for the government to go through, but in the interest of stopping information that should be free from being locked away, it's done and most people I know in the field think this is great. Because keeping this stuff secret is a drag, you can't talk about most of what you do everyday at work with anybody outside of your work. You can't talk about it at home, even if your spouse is cleared.
To put this in perspective, we're almost halfway to the point where everything about the lead up to the mistake of the Iraq War will automatically become declassified and available via FOIA requests.
All of this is done in special facilities called SCIFs
(technically work that is not SCI protected doesn't occur in a SCIF, but that's what everybody calls them). They usually have all kinds of access controls, some have several layers.
For example (a real one), you may have to pass through a gate with an armed guard, an armed guard at a desk who checks ID, a proximity badge and keypad turnstile, a locked door with badge and keypad, an elevator with badge and keypad, a finger print scanner badge keypad combo, and then a safe to get to your hard drive, which is then protected by an encryption key, the login user/pass for the system, then a user/pass encryption key for the database you are accessing and finally a special decryption password for the file you need to download and unarchive from the database. This doesn't even include all of the signin/out logs and other paperwork required to get through a day.
Depending on your clearance, you may end up with several different computers at your desk at the same time, usually connected by a KVM of some sort. Something like this isn't all that unusual
There are many many networks, agency specific ones, site specific ones, standalone networks of half a dozen computers (say for a SAP program), sometimes some that give access to different compartments, etc.
Even at the Secret level, you have access to a mind-boggling amount of information. There's nothing particularly surprising at the amount of information Manning had access to. I'm surprised he didn't make off with more to be honest.
I've also found a couple things to be true about moving up in classifications for those that are interested:
1) The higher up you go, the lower tech things tend to get. The IT systems on super duper squirrel SAP programs are positively ancient. There's no super secret A.I. computer that only the President and a strangely well groomed computer super nerd know about. It's probably a 10 year old desktop with a slightly broken CRT monitor.
2) There are some really cool toys at high classifications -- neat space cameras and all that. But the vast majority of the really neato stuff is at the Secret level. All the tanks and bombs and military toys are pretty much at that level. "The Army Fights off of SIPR (the secret network)" is the mantra. If you go to Wikipedia and start looking around at various pieces of military equipment, you'll probably seen 95% of the toys that anybody with a clearance has authorization to know about.
3) This piece is absolutely true, and the voices that speak in loud tones about vast conspiracies but who've never been in this world are perfect examples of what this article is talking about. Once in, the utter mundane nature of most of it is almost overwhelming.
4) An amazing, astonishing, amount of information is available completely for free on the Internet and in Libraries and other completely open places. Often the best information comes from there. There's even a field called "Open Source Intelligence" that requires no clearances at all! It's basically internet surfing and report writing to answer specific questions like "does the Prime Minister of Japan have a mistress?" or "what kind of space launch capability does the Ukraine currently possess?" or "what's the phone number of this Falafel joint in Paris?". Some of the best, most insightful, and most comprehensive stuff I've ever seen was put together with access to the Internet, MS-Word, Google Earth/Maps, Powerpoint and a Library Card.
Here's a great example: http://www.nkeconwatch.com/north-korea-uncovered-google-eart...
5) Physics applies even to the Intelligence Community.
If you have a decent education in Engineering or Physics, you probably already are capable of knowing or understanding 99% of the capabilities of the highest of the high speed super spy systems. If Physics doesn't allow it, there's no getting around it. That doesn't mean people haven't engineering some clever things, but we're still limited by things like the speed of light, or available materials that can defract or focus it (none of this "enhance, now focus on the reflection, enhance, now that reflection, enhance, rotate, enhance!"). Radio waves can't penetrate the earth, low frequency waves that can penetrate lots of stuff still propagate to the inverse square law. Encryption can be broken, but it takes lots of computation power to do it often enough -- being able to break a single message in 12 months with a top 100 supercomputer doesn't mean squat if you need to break a million messages a day.
6) Almost everything I've said here is on Wikipedia, or linked to by Wikipedia. Anybody really interested in this stuff, and determined enough to click link a few dozen times could figure this out. It's often surprising how passionate and conspiratorial some of the most uninformed comments are, even here on HN where there's no excuse to not have done just that.
7) Getting a clearance is really not that big a deal, but there can be a catch-22. Most jobs that require a clearance won't bother letting you apply for one. But there are still plenty of places out there that do. Lots of R&D organizations will do it. Non-profits that contract with the Government will often do it. It's easier to start young, the investigation is faster. But the reason most don't is that they likely have nothing for you to do without a clearance and you'll just be sitting there eating up overhead budget for months on end while you wait for the process to work its course.
8) Security managers, (FSOs and SSOs) are almost uniformly idiots. If you think Comcast's customer support sucks, try dealing with these clowns. Misfiled paperwork, nonresponsive to emails and phone calls, generally don't know their jobs, etc. If you find one who has half a brain you hold on to them lie you are drowning. The only thing they are good at doing is making sure that people without tenacity are filtered out of the system.
9) This job often sucks. Paperwork you can't believe, endless training lectures, shitty work environments, old IT infrastructure, endless hassles to get to do your work, constant barriers to just getting things done, weirdo people, lots of unmotivated do nothings, no windows, can't talk about work, forget one of a couple dozen passwords, cut off from the outside world most of the time, no idea what the current news is most of the time, pay can often suck compared to private sector, access to data is usually buried in some non-machine readable format.
10) The job can be rewarding. More than once while I was doing work, stepped out for a break and saw some breaking news on CNN or someplace that was reporting on recent evens right where I was! Cool shit. Other times you get to play with tremendous amounts of raw data, if you are a data junky it can rock. Cool toys, things used in ways you probably won't believe, gather and collect that data. And sometime really incredibly interesting people who've been around this stuff for decades. Some of the smartest people I've ever met work in this field, outright 1 in a century geniuses. And savants who've memorized the chemical makeup of every piece of military hardware in North Korea's arsenal, who the current commanders are of all the tank battalions and can draw a spectrograph of all of the elements by hand on a whiteboard.
Where did you get the statistic about 1 in 50 to 70 Americans have had at least a Secret classification? That seems absurd.
What are you talking about when you say "cut off from the outside world most of the time, no idea what the current news is most of the time"? It wasn't clear at all, but I guess you mean "while physically working in a classified area"; (i.e. you're no longer cut off at the end of the workday)?
You can get a clearance at 18, and people live into their 70s and 80s pretty regularly. The 4.2 million with a clearance are not the same ones that had a clearance 10, 20, 30, 40, 50, 60 etc. years ago.
We had a draft until the early 70s. Tens of Millions of people have been through the military system, and this doesn't even count civilian types, contractors, cleaning people, building facility people, secretaries, etc.
The Vietnam war saw about 9 million people in the military for example.
There's about 25 million vets in the U.S. right now.
It's pretty simple math to arrive at number well above the current number. Remember, just because you aren't in the club, doesn't mean it isn't big.
Let's look at what 10% means. There are ~300 million people in the U.S. 10% of that number is 30 million. Let's say that every single man and woman who is currently in the military or has previous served has a clearance (with no overlap). There are about 3 million active and reserve people right now in the military.
25 + 3 = 28 million. Now let's add in non-military government civilians with clearances, the CIA for example is a civilian agency with an estimated 20,000 people, DIA, 16,500, DTRA, 2,000, DOE: ~110,000, NGA 16,000, NRO, 3,000, NSA 20,000 (civilians only, 38,000 total), DHS, 216,000, DOJ, ~112,000, State, ~50,000, etc.
I'm not even including treasury. And we're up to almost 29 million people.
Now how many contractors do you think have Secret clearances?
Lockheed Martin employes over 100,000 people, Northrup Grumman, 120,000, General Dynamics, 91,200, SAIC, 46,000 etc. etc. etc.
And we rapidly go past 1:10.
Now obviously not every single person I've listed has (or has had) a Secret clearance. But until you start shaving off huge percentages out of each organization you're still between 1:10 and 1:15.
If you disagree with these numbers, the onus is on your to provide better ones.
That is a particularly bad assumption. Private Gomer Pyle, USMC, did not have a security clearance.
"You said that there is no level strictly above Top Secret (just comparmentalizations within that). Is there any actual evidence for that? (I mean, non-classified evidence; I'm not asking you for classified information.)"
There are no levels strictly above Top Secret. At least as far as the military is concerned. SAP programs and compartmentalizations provide more than enough OPSEC to keep things classified. For example, I don't personally have access to the Nuke Codes. But the guys who do all have Top Secret clearances and are read onto some specific compartments and SAPs.
There are also clearance equivalencies at other agencies. DOE for example, has a different kind of system, but they more or less map to DoD clearances. Some agencies are highly compartmentalized, the CIA for example.
"Where did you get the statistic about 1 in 50 to 70 Americans have had at least a Secret classification? That seems absurd."
I don't know the exact number, but I have a pretty good idea that agrees with some back-of-the-brown-paper-bag calculations, it's perfectly within reason.
For example, say there are 1 million people in the military right now. And say all of them have at least a Secret clearance (it's probably more like 70%-80%, most jobs get you at least this clearance level just as a matter of course). That's about 1:300 (or 1:430 or so depending), say right now there are about 25 million veterans (from the Census), that's already 1 in 12.
During the Manning news, it was reported that currently there are more than 4 million people with clearances and one million of them had Top Secret clearances.
That pegs it at 1:75 right now with Secret levels and 1:300 with Top Secrets.
1:50-1:70 for people who do or have had access to classified material is is extremely conservative.
Same thing for the ratio of people in the military (except for the Daily Mail citation, which is quite helpful). I mean, Army grunts are not required to have clearances , for example, so you can't just say "assume everyone in the military has a clearance..."
 This may be a misunderstanding on my part, but that's what I've been told. You don't want to clear (and probably can't clear) a ton of 18yo cannon fodder.
Army Grunts are required to have a clearance. General Infantry (18yo cannon fodder in your parlance) must have at least a Secret clearance. Army Cooks, may even be required to be cleared.
Think you can run around with 5th generation night vision goggles and state of the art body armor, talk on encrypted radio equipment, know troop movement information, chase after specific enemies and report back on activities on Secret level systems without a clearance? Think again.
Let's do a thought experiment. Let's say we can say there's a piece of information that is so dangerous, so important, that releasing that information could endanger the entire population of the planet. Say, the nuclear codes.
These are arguably the most sensitive information in the world. Why would there need to be a classification level above and beyond TS and the appropriate compartments and or SAP program to protect them? Some sort of Super Top Secret?
Or for fun, let's say Area-51 has alien tech there, or we have a secret military base on the moon, or a Stargate. Why wouldn't it just be protected under a SAP? A Super Top Secret doesn't buy you anything at all in terms of protecting that information. Nor does a Super Duper Top Secret. As somebody not in the SAP and not with a need to know, I wouldn't even know the SAP exists to protect the Stargate program, or the alien autopsy videos, or whatever. Only the people in the SAP and a handful of people managing the SAPs of the agency that created it even know of the SAPs existence and/or what it protects. SAPs can even have sub-compartments that provide even further protection.
Practically speaking this offers what can be perceived to be "high levels of clearance" but in fact are all just plain jane Top Secret.
For example, they might organize an obvious seemingly accidental meetup in a some monitored public place (train station) with a foreigner from a specific country so when the question is asked "have you met with foreigners from country X" they can say "yes, I sat next to one when taking the train".
Why do they do this? For blackmail purposes later?
That is: If you happen to be into BDSM and this is something you keep extremely private, then what would you rather give up? Your personal privacy or a piece of sensitive data?
So the interviews at different levels determine whether you can be trusted with the information based on the risk you pose to factors such as blackmail, or financial rewards, etc.
Obviously it was more complicated than that, but I consider this to be the primary reason.
When he was convicted for homosexuality, it would have come to the attention of various senior people in government. They would have wanted to make an example of him, being as he was a relatively well known figure at the time, much like what happened with Oscar Wilde.
They would have also had concerns about his homosexuality being used against him by britain's enemies, and also because of the recent uncovering of a ring of soviet spies who were all drawn from an intellectual set, all academics, and two of whom were gay.
What I am saying is, I find it likely that these government/military figures would have found it highly convenient for Turing to disappear, or at least have his life made extremely difficult for him. They couldn't have him executed for his sexuality, but they could apply chemical castration. They did offer him the choice between castration and prison, and I accept that this weakens my case. You might ask, if they were that concerned, why didn't they just have him conveniently die in a car crash? My answer would be that they weren't that concerned, it was an opportunistic thing.
Also to be honest I am not entirely convinced that his death by poisoned apple was necessarily suicide, but there is no evidence for that, and there never will be.
I think it's important to be aware of this. If I ever find myself not listening to someone because I think the person doesn't know all the facts, I hope that I'll become aware of it and try to zero in on what facts they are missing. Luckily I know very few secret things (I have even been known to intentionally make secret things un-secret) so I'd gladly share those facts and see for myself if it changes the other person's opinion.
"Well I have a clearance and can tell you this is how it is" is probably the mark of somebody who just wants to win the debate but doesn't know squat.
Of course the idea of being initiated into a secret circle is extremely attractive. It appeals to our sense of ego, intrigue, romantic notions of the other. It's the stuff of novels and films .. it's the beginning of a great story. The personal advice given sounds good. But the dangerous part for me is the inference that we need to consider that those above us necessarily know best, and we should, by necessity, capitulate control.
The fact that such layers of information, access to information, and access to power exist should not supplant the fact that this system embodies one single way the world can be ordered.
What would happen if everyone had access to everything?