<http://online.wsj.com/article_print/0,,SB111145546123985866,00.html>
The Wall Street Journal March 22, 2005 MEDIA & MARKETING Information Incognito In War on Terror, U.S. Tries To Make Public Data Secret; The Almanac Under Wraps? By ROBERT BLOCK Staff Reporter of THE WALL STREET JOURNAL March 22, 2005; Page B1 Ever since Sept. 11, 2001, the federal government has advised airplane pilots against flying near 100 nuclear power plants around the country or they will be forced down by fighter jets. But pilots say there's a hitch in the instructions: aviation security officials refuse to disclose the precise location of the plants because they consider that "SSI" -- Sensitive Security Information. "The message is; 'please don't fly there, but we can't tell you where there is,' " says Melissa Rudinger of the Aircraft Owners and Pilots Association, a trade group representing 60% of American pilots. Determined to find a way out of the Catch-22, the pilots' group sat down with a commercial mapping company, and in a matter of days plotted the exact geographical locations of the plants from data found on the Internet and in libraries. It made the information available to its 400,000 members on its Web site -- until officials from the Transportation Security Administration asked them to take the information down. "Their concern was that [terrorists] mining the Internet could use it," Ms. Rudinger says. The pilots' experience underscores one of the great policy clashes of the early 21st century: the War on Terror vs. the Information Age. In the 31Ž2 years since al Qaeda operatives studied commercial airlines schedules in preparation for flying jetliners into the World Trade Center and the Pentagon, the Bush administration has moved aggressively to keep once-easily accessible data under wraps. Some of that information could well be of use to would-be terrorists, but keeping other information secret strikes some observers as absurd. For example, when a top Federal Aviation Administration official testified last year before the 9/11 commission, his remarks were broadcast live nationally. But when the administration included a transcript in a recent report on threats to commercial airliners, the testimony was heavily edited. "How do you redact something that is part of the public record?" asked Rep. Carolyn Maloney, (D., N.Y.) at a recent hearing on the problems of government overclassification. Among the specific words blacked out were the seemingly innocuous phrase: "we are hearing this, this, this, this and this." Government officials could not explain why the words were withheld, other than to note that they were designated SSI. The concept of "Sensitive Security Information" originated in a 1974 statute, which kept things like airport security plans out of public view. But the Homeland Security Act of 2002 greatly expanded the scope of SSI to include any data that could help someone defeat transportation security systems, including records of security inspections, work schedules, training materials and the regulations authorizing screeners to poke around in carry-on baggage. SSI is actually one of some 60 categories of SBU, or "Sensitive But Unclassified" information, a designation reserved for information that isn't top-secret, but which the government still doesn't want released publicly. Other "pseudo-classifications," as they're called by Congress and some experts, include FOUO (For Official Use Only) and UCNI (Unclassified Controlled Nuclear Information). Every government agency has the ability to create its own form of SBU and any official can declare something sensitive. Under such labels, officials have ordered a wide range of information removed from public libraries and Web sites. Critics say there are signs that these designations are now being overused. One internal memo to Federal Air Marshals in Las Vegas last year stamped FOUO announced a farewell breakfast party for a colleague and invited co-workers for doughnuts and coffee. So has the Pentagon's city-size phone directory, which was once on sale at the U.S. government printing office, and is no longer offered to the public. "It contains information about the specific locations of DoD officials, and other personnel, within the Pentagon," says spokesman Lt. Col. Gary L. Keck. Many officials involved in the new secrecy effort say such measures are vital to national security -- and that just because information has appeared in the public domain, doesn't mean it should be made more readily available. "We don't want to disclose vulnerabilities of the nation to our adversaries," says Jack Johnson Jr., the former chief security officer for the Department of Homeland Security, who until last month oversaw the process of deciding what information was suitable for public consumption and what was too risky to let out. Some of the information that Mr. Johnson has deemed worthy of lock down included the fact that Casio brand wrist watches are popular with al Qaeda, that almanacs contain useful information for terrorists as well as schoolchildren; that trucks are important components in truck bombs, and that stolen police IDs can be used to access restricted areas. He also designated the office telephone numbers of the department's 180,000 civil servants and political officials as "sensitive" information, including, at one point, the TSA ombudsman, the public contact for people who feel they have been wrongly put on the "no-fly" list. "When it comes to choosing between the public's right to know and the safety of the country, I will err on safety every time," Mr. Johnson says. Disclosing classified "top secret" information is a felony, and leakers can face long jail sentences. But pseudo-classifications like SBU are rarely defined by law, and leakers face no penalties beyond the possibility of losing their jobs as federal employees. However, disclosing SSI, which deals only with transportation security systems, can result in fines. The TSA says it is looking at pressing charges against a few unspecified employees for releasing SSI data. Brian Roehrkasse, spokesman for Homeland Security, says SBU designations actually allow government agencies to share information that might otherwise have been highly classified, while still keeping it out of broad public distribution. But critics argue that the number of classifications has actually increased -- up 75% in recent years, according to National Archive data -- and that the new designations just create more walls between the government and public often over inconsequential bits of information. For instance, complaints about working conditions at the Portland, Ore., airport resulted in an investigation last September by inspectors from the government's Occupational Safety and Health Administration. But release of the results has been blocked to everyone except those with "a need to know" by senior aviation security officials on the grounds that it contains SSI. The Rand Corp., a private nonpartisan defense think tank based in California and Washington, examined 36 Web sites and more than 600 public databases containing detailed maps and satellite imagery that were shut down after 9/11 -- and concluded that most of the information withdrawn was of little use to terrorists and could be obtained elsewhere in textbooks, trade journals or through nongovernment sites. And the impulse to withhold information can have a cost. A surprising critic of the nondisclosure trend has been J. William Leonard, widely known as the government "secrecy czar," who heads the Information Security Oversight Office, the branch of the government that develops classification and declassification policies at the behest of the president. He says the overuse of secrecy weakens efforts to protect even the information he feels should be kept under wraps. "If your people lose faith in the integrity of the process they will substitute their judgment for that of the process and then it's chaos," he says. Indeed, for some federal employees who handle such information, the secrecy binge has already become a source of ridicule. TSA-Screeners.com, a private Web site for airport screeners, offers a range of gift products for sale emblazoned with the bold print "Sensitive Security Information," from tote bags to baby bibs to dog T-shirts to teddy bears to thong underwear. "Screeners see the humor and sales are doing pretty well," says the site's owner-operator, Mark Arsenault, husband of an employee of Homeland Security's Transportation Security Administration. -- ----------------- R. A. Hettinga <mailto: [EMAIL PROTECTED]> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]