Expert: Open source intelligence should be more secret

WASHINGTON, Sept. 16 (UPI) -- Intelligence from open sources like the Internet is now recognized as an essential part of the work of U.S. agencies -- but one leading expert in the field says much more of it should be secret.

"Open source intelligence is widely recognized as both an essential capability and a formidable asset in our national security infrastructure," CIA Director and retired Air Force Gen. Michael Hayden told a conference in Washington Friday.

Hayden quoted the strategic plan issued this year by Director of National Intelligence Michael McConnell: "No aspect of (intelligence) collection requires greater consideration or holds more promise than open source information."

But the conference, organized by the DNI's Open Source Center, the agency based at the CIA that provides analysis of open sources for U.S. intelligence, also heard counterintuitive calls for more of its product to be classified.

Jennifer Sims, director of intelligence studies at Georgetown University, told United Press International there was another rationale for classifying intelligence reports, other than the traditional one of protecting sources and methods.

She said under the definition of classified information -- data the release of which would damage the national security of the United States -- intelligence could, and should, be classified even when the source was open, "because of the insights you derive for the decision-maker from that source."

"That requires classification because the release of it tells people what decision-makers find insightful about the open source analysis."

In other words, if it is worth knowing, it is worth preventing adversaries from knowing.

"If you don't classify" open source intelligence products, she argued, "what you're saying is that you're not providing any particular insights that matter to the competition."

Sims also cited the DNI's strategic plan, which defined the key role of the sprawling collection of U.S. agencies known as the Intelligence Community as providing "decision advantage" in a dangerous and quickly changing world.

"What's new and exciting about the use of the term 'decision advantage' is that it reminds everybody that the core business of intelligence is not gathering secrets. The core business of intelligence is providing insights for decision-makers who are engaged in life-or-death competitions, and those insights require classification wholly apart from any need to protect sources and methods."

But Sims also argues against the widely held assumption that open source intelligence gathering requires no protection of sources and methods.

All intelligence collection involves at least five elements, she explained: command and control, sensors, platforms, processing and exploitation, and finally data exfiltration.

Even in open source, she said, "You will want to classify your command and control, because you don't want people to know what your requirements are." Processing and exploitation should also be secret "at least in part … because you want to keep your methods for deriving insights from the data away from anybody else."

Steven Aftergood, a government-transparency advocate at the Federation of American Scientists, said Sims "made the most coherent argument for open source secrecy I have heard."

But, he said, in actual fact, very few of the analyses produced by the Open Source Center fitted Sims' picture of material that conferred a vital advantage over the country's adversaries.

"Only a small minority of OSC analytical products fits that description," he told UPI. "The overwhelming bulk have no operational relevance. They are at best contextual," he added, comparing them to the research backgrounders prepared by the Congressional Research Service.

"They are not inputs into strategic decision-making."

According to Aftergood, Sims' argument was "misleading to the extent that it presented the exception as the rule."

Aftergood's conclusion was echoed by Kim Robson, the center's deputy director, who told UPI that "the vast majority of what we produce is not classified … and doesn't have to be."

"In some cases," Robson added, OSC reports end up being classified "because of the sensitive nature" of their conclusions.

"If the information will … reveal intentions and capabilities, then it ought to be protected in some way, even if the (underlying) information is unclassified," she explained.

But in most cases the restrictions on the circulation of OSC reports was a matter of copyright, not classification, she said.

Robson acknowledged there might be times when even unclassified information should be protected -- for instance, by being labeled as "Controlled Unclassified Information."

She gave the example of a young al-Qaida operative who was revealing operational vulnerabilities on a blog or social network site. "That could provide us with a decision advantage," she said. "Maybe we don't want to tell al-Qaida that one of their operatives is out there blogging about their vulnerabilities. So that would be something you'd want to keep in sensitive channels, even though it's unclassified."