Open government Archives

Almost three years after taking office on a platform of government openness, President Obama has gotten around to completing nominations for an empty board that is supposed to expose counterterrorism injustices.

The five nominees still face Senate confirmation. The congressionally-established Privacy and Civil Liberties Oversight Board, a byproduct of post 9/11 surveillance, has been defunct since 2008, when a charter for the previous panel ended. Efforts to revive the board under President Bush died in the Senate amid partisan politics. Then, Obama became president in 2009 and said it was high time to "accelerate the selection process for its board members," but shied away from repeated calls by public interest groups to follow through.

All the while, the Obama administration has forged ahead with roving wiretaps of Americans, facial recognition searches and cell phone tracking, civil liberties advocates have noted.

Exactly a year ago, Obama attempted to get the ball rolling by nominating two individuals, Elisebeth Collins Cook, a constitutional rights attorney at WilmerHale LLP, and James X. Dempsey, a leader of the Center for Democracy and Technology. On Thursday, he picked to fill up the rest of the board Rachel L. Brand, regulatory litigation chief counsel for the U.S. Chamber of Commerce; David Medine, a regulatory compliance attorney also at WilmerHale; and Patricia M. Wald, former U.S. Court of Appeals judge for D.C.

Now that Obama has done his part, activists and House Democrats say they are hoping the Senate will get moving to install the privacy police.

The government office charged with declassifying confidential information cheered President Obama's new directions to agencies on thwarting insiders who feed websites like WikiLeaks with secret files before their classification time is up.

On Friday, Obama issued a long-awaited executive order in response to the scandal surrounding a soldier accused of extracting a boatload of files from a classified military system to share with the anti-secrets site.

"This executive order recognizes that the primary responsibility lies with departments and agencies to carry out this initiative, while it also reinforces the responsibilities of individuals entrusted with access to classified information," John Fitzpatrick, director of the Information Security Oversight Office, said in a statement.

The order aims to hold agency heads accountable for preventing insider threats and safeguarding classified information on computers. At the same time, the directive tries to strike a balance between blocking unauthorized users and expediting authorized disclosures.

"Strengthening standards and practices of protection will lead to greater trust and cooperation and increased information sharing," Fitzpatrick said.

According to ISOO's mission statement, the office's goal is to "provide for an informed American public" by limiting the amount of information kept classified and declassifying files as soon as they are safe to release.

Materials are supposed to be automatically released 25 years after they are classified if not earlier, according to previous executive orders. Authorities can keep files under wraps longer if they can show that disclosure would expose an intelligence source, code-making data, directions for building weapons of mass destruction, or certain other extraordinarily sensitive information.

But researchers say that department heads often disregard declassification instructions.

"Presidents Clinton, Bush and Obama each ordered that all 25 year old classified records, unless they were specifically exempted, 'shall be automatically declassified whether or not the records have been reviewed.' But agencies have refused to implement this provision or to permit automatic declassification without review, thereby crippling the presidential initiative for streamlining the declassification process," Steven Aftergood, director of the project on government secrecy at the Federation of American Scientists, wrote in March.

Aftergood, an open government proponent whom WikiLeaks once contacted for advice, has criticized the site for practicing reckless disclosure.

The National Archives and Records Administration is lambasting the Securities and Exchange Commission for allegedly destroying digital records, amid reports that the agency deleted thousands of files on financial institutions under scrutiny.

SEC had not forged an agreement with NARA on a timetable for deleting this information, so, under federal records laws, "because a NARA-approved disposition schedule did not exist for these records, the SEC did not have authority to dispose of them," the National Archives said in a statement Thursday afternoon.

In July 2010, after learning of alleged shredding that occurred for well over a decade at SEC, NARA worked with the regulatory agency to stop the unlawful destruction of so-called Matters Under Inquiry files, officials said. "NARA remains concerned that the SEC has been slow in creating records schedules for review and approval by the Archivist of the United States that will ultimately determine how long these MUI records need to be retained," the statement continued.

On Wednesday, Rolling Stone reported that a whistleblower employee at SEC claims the agency's practice was to destroy records of preliminary investigations once they were shut.

Many of the Wall Street players then facing inquiries would go on to help undermine the U.S. economy, according to the publication, citing two scrubbed MUIs involving Ponzi schemester Bernie Madoff, a 2002 inquiry into fraud at the now-defunct Lehman Brothers, and a 2005 case of insider trading there.

"With a few strokes of the keyboard, the evidence gathered during thousands of investigations -- '18,000 . . . including Madoff,' as one high-ranking SEC official put it during a panicked meeting about the destruction -- has apparently disappeared forever into the wormhole of history," Rolling Stone's Matt Taibbi wrote. "A 2009 preliminary investigation of insider trading by Goldman Sachs was deleted, along with records for at least three cases involving the infamous hedge fund SAC Capital."

A State Department spokesman quit Sunday after he made disparaging remarks at a new media conference about the Defense Department's treatment of WikiLeaks' suspect Bradley Manning, revealing internal tensions that the Obama Administration faces in dealing with the technological forces changing the political landscape.

Manning, an Army private, has been charged with 34 offenses related to leaking more than 250,000 State Department cables and classified war logs from Iraq and Afghanistan.

"There is sometimes a need for secrets... for diplomatic progress to be made," Philip Crowley said in an off-the-cuff remark at the MIT conference, but added that the Defense Department's treatment of Manning was "ridiculous and counterproductive and stupid."

Manning was being held in solitary confinement at the Marine Corps brig in Quantico, V.A., where he was made to sleep naked to prevent him from harming himself, according to the Marine Corps.

Manning's pre-trial treatment, described in a letter by his attorney as "punitive" and "unlawful," has roiled human rights activists and prompted the United Nations to open an investigation into the conditions of his detention last December.

"The exercise of power in today's challenging times and relentless media environment must be prudent and consistent with our laws and values," said Crowley, in a statement released by the State Department on March 13. He took full responsibility for his earlier remarks.

His remarks were intended to highlight the fact that any discreet actions taken by national security agencies had an impact on the country's global standing.

"It is with regret that I have accepted the resignation," Secretary of State Hillary Clinton said in a statement released in conjunction with Crowley's. She commended him for a "deep devotion to public policy and public diplomacy."

Principal Deputy Assistant Secretary Michael Hammer will serve as acting assistant secretary for public affairs.

After the conference, Crowley tweeted on March 10,

Who controls the Internet? This is a question that has reemerged in recent weeks as the crisis in the Middle East and North Africa has unfolded. Reports of Egypt's shutdown of network operators left many asking whether other nations, including the U.S., could flip a "kill switch" and bring down the Internet in their respective nations. (For the record, the U.S. government could not easily do so.) Egypt is not the first country to deny service to the Internet for its citizens -- Iran and China, for example, both have blocked traffic, content, and services. Indeed, North Korea has blocked all Internet access to its citizens.

Underpinning the question of control is a belief by many that the Internet is a global commons analogous to land, sea, air, and space -- those resources for which the international community has, out of necessity, established norms and institutions to allow for (generally) peaceful coexistence. The analogy, however, is not perfect. The Internet doesn't resemble the four commons much at all.

On one level, one can argue that the Internet is a telecommunications network of telecommunications networks, and, with few exceptions, each network is physically located within or among state boundaries and explicitly owned by someone -- not typically a government. At a fundamental level, the Internet is just an agreement between networks to exchange data in a certain standardized way, and each of the networks and the computers they interconnect is subject to some legal authority based on location or ownership.

A nation can close land borders, block seaports, and restrict air space (to a certain degree), but it cannot, short of shutting down almost all of its Internet communications networks or providing strict monitoring and filtering (a la China), "take down" the Internet. By their nature, networks do not end at borders and the underlying content and communications cross nations and regions, providing a new fifth global common.

We are seeing this fight over the fifth global common extending beyond nations' internal network into a debate over who controls the complex interconnected network of unique identifiers that allow computers on the Internet to find each other.

The Washington Post reported this week that the Obama Administration has raised concerns that the Internet Corporation for Assigned Names and Numbers' (ICANN) is not giving more nations authority to voice objections to web addresses that make up the addressing system for the Internet. ICANN, under a contract from the U.S. government, runs global domain name system operations and is authorized to enter into contracts with registries and registrars for the distribution of addresses, manage IP address space assignments, and govern top-level domain names. The U.S., through the Commerce Department, pushed for ICANN to allow nations to veto domain names that they found offensive; ICANN's board responded by deciding that it would only consider such objections as non-binding advice.

While it may seem odd for the U.S. to be asking for other nations to have more authority, its request is one to preempt a push by nations such as China and Russia to move authority over domain name server operations from the ICANN-U.S. government regime to the United Nations. Other nations fear that the U.S. might, if it chose to discontinue its contract with ICANN, seek to run the operations itself, thereby potentially controlling a key part of the Internet's operations and dictating this fifth common beyond its border. Such a possibility is unlikely, especially as there are safeguards and steps in place to protect against undue influence.

Those concerns demonstrate the tension for this potential global common. The struggle to tackle the rules of the road on this common will only become harder as technology advances, telephone and Web services continue to converge, and cloud computing and social networking become more common. Unfortunately, even if a solution does arise, it must be a malleable one, as the Internet by its very nature (and unlike land, sea, air, and space) is constantly evolving.

A recent report from the Congressional Research Service suggests that open government can cause scandals not unlike Wikileaks. The report states that these releases ultimately are dangerous for those working in government as compared to the benefits of President Obama's open government initiative, stating "increased government transparency may prompt security and privacy concerns." The report, The Obama Administration's Open Government Initiative: Issues for Congress, outlines the upsides and downsides of open government and finds the downsides are compelling.

Although the datasets released to the public may be useful in many ways, it is unclear how some of them will increase the transparency of the operations and actions of the federal government.

Moreover, the report cites the Wikileaks release of classified data and notes that leaking may be a byproduct of open government efforts. It states that transparency efforts can in fact be very dangerous.

Congress may find that increased transparency and public attention make the federal government more susceptible to information leaks of sensitive materials... Some diplomats may now fear the information they write in such cables could be released to the public, and may, therefore, be "more cautious" about their contents.

The United States' chief diplomat sees it another way. In comments after a recent speech about Wikileaks, Secretary of State Hillary Clinton said the case is more an issue of "theft."

"Fundamentally, the Wikileaks incident began with an act of theft," Clinton said. "Government documents were stolen, just the same as if they had been smuggled out in a briefcase."

However, she did not endorse the notion that leaking is "sexy," as National Security Council official Roger Cressey called it at the annual RSA Conference in San Francisco. "Whether it is hacking from the inside or outside," Cressey said, "in this world [Wikileaks founder Julian Assange] is making leaking sexy."

Can these two sides coexist? The Wikileaks scandal has been a boon to those who seek greater access to information, but governments trying to advance their national interests may not be able to do so in the sunshine of transparency.

In early 2007, the organizers of a new website called WikiLeaks invited Steven Aftergood, a Federation of American Scientists researcher who publishes a government secrecy e-newsletter, to serve on their advisory board.

At the time, the site's founders described themselves as Chinese dissidents, mathematicians and startup company technologists in the United States, Australia, Europe, South Africa and Taiwan.

National Journal's now-defunct Technology Daily reported that Aftergood had not decided whether to get involved: "I still want to see how they launch, what the focus is and if they're putting out good material ... and if the positive outweighs the negative," Aftergood explained.

Flash forward to 2010. In June, Aftergood posted a commentary saying that "WikiLeaks must be counted among the enemies of open society because it does not respect the rule of law nor does it honor the rights of individuals. . . .WikiLeaks routinely tramples on the privacy of non-governmental, non-corporate groups for no valid public policy reason."

After the most recent leak of diplomatic cables containing embarrassing and damaging details about U.S. allies, Aftergood wrote, "WikiLeaks has been inattentive to the unintended consequences of its actions, careless about putting individuals in harm's way, particularly in the case of the Afghan war records, and ethically deficient in its invasions of personal privacy."

Aftergood tells Nextgov that -- shocker -- he never became an adviser to WikiLeaks. "We had some friendly communications in late 2006 and early 2007. But basically I concluded that I didn't support their basic approach to publication of confidential records, and that was the end of it," he said.

During his brief correspondence with the group, Aftergood did offer one piece of advice that WikiLeaks apparently ignored: "As I recall, I told them it was a mistake to publish anything without some kind of editorial filter to screen out false, libelous or dangerous information."

The State Department has taken to the Twittersphere to shoot down rumors the government pressured PayPal to sever ties with WikiLeaks, which had been using the online payment service to collect donations.

"The U.S. government did not write to PayPal requesting any action regarding #WikiLeaks. Not true," State spokesman P.J. Crowley broadcast via the e-messaging service on Wednesday.

The Tweet is one of 10 abbreviated statements he has posted to stop disinformation from spreading, ever since media outlets and WikiLeaks began preparing to publish a hoard of diplomatic cables that revealed sensitive and embarrassing details about the U.S. government and its foreign allies.

Other WikiLeaks denunciations State recently tweeted include:

• Contrary to what some are saying, @StateDept does not have a formal policy on students tweeting or posting links about #WikiLeaks. 11:25 AM Dec 7th via web
• Contrary to some #Wikileaks' reporting, our diplomats are diplomats. They are not intelligence assets. 5:50 PM Nov 28th via web
• Across the State Department, senior officials are reaching out to countries and warning them about a possible release of documents. 9:49 PM Nov 26th via web

In Russia, a formerly repressive regime, citizens seem to have at least one new avenue of freedom that U.S. State Department officials have been trying to prop open globally: the blogosphere.

Pro-government activists are not making much noise there, according to a new study by Harvard University's Berkman Center for Internet and Society. Researchers at the school figured this out by analyzing social networks to identify the most active Russian blogs. A key State Department priority is to uncensor the Internet in closed societies.

The Berkman Center clustered the more than 11,000 websites it found based on subject-matter patterns within posts. Pro-government bloggers were not prominent enough to constitute their own cluster, according the findings, which were released last week. Political bloggers mostly wrote from an independent standpoint or were affiliated with offline political and social movements, including the Democratic opposition and nationalist factions.

"The Russian blogosphere is a space that appears to be largely free of government control, although we are not able to confirm or deny the existence of subtle controls over Internet speech," the researchers wrote. "There are pro-government elements such as pro-Kremlin youth groups and bloggers who represent the government's point of view. However, they are not large in numbers and are not central nodes in any of the political or social clusters that we investigated."

When is it appropriate to talk about security issues in a public forum? Pennsylvania's (former) Chief Information Security Officer Bob Maley found out - or at least learned when it isn't.

He was fired a week after discussing details of a security vulnerability in the state's online driver's test scheduling system. The hole allowed an owner of a driving school in Philadelphia to schedule driving tests for students. Since new drivers typically have to wait weeks for the tests, the ability to schedule a driving test, say, the next day gave the school a distinct competitive advantage.

Maley discussed the vulnerability in the system at the RSA Conference in San Francisco in February. Why? In a blog item posted on Monday about the incident, he wrote:

This incident is an example of some of the more common but not necessarily exotic exploitations of IT systems. You don't see this type of incident listed among the top IT security threats of 2010. . . . By talking about this incident, I hoped to make people realize that simply following trend reports and compliance checklists isn't enough in today's environment. We need to make our strategic processes nimble, we need to think outside the normal and we need to get better at it than the bad guys.

Maley stressed that the hole had been fixed, making it impossible for another hacker to gain entry. It would be informative to know if attendees at the panel discussion thought Maley's disclosure was helpful to them.