The uproar over Hillary Clinton’s e-mails refuses to die down. But the protagonists are missing the forest for the trees. The heart of the issue is not whether Clinton sent or received classified data on her home server. Rather, it is whether it is still possible for government to protect classified data at all using an antiquated system that was designed for a world of paper-based communication that no longer exists. As this era recedes into history, we need to reexamine our entire approach to classifying secrets.
The current system is designed to restrict access to information that could cause harm to national security if disclosed to nonauthorized persons. Access to information is restricted in two ways. First, government agencies can classify documents into three categories: confidential, secret, and top secret. In parallel, government personnel and contractors are subjected to background checks to determine what level of access they should be permitted.
But the concept that we can protect national security secrets in the 21st century by sorting pieces of information and intelligence into categories and restricting access to certain individuals is highly questionable.
Our current method is based on the old-fashioned notion that information is created, and then someone looks at it to decide whether or not it should be classified. This has produced, for example, the convoluted idea that, as Clinton puts it, nothing she sent by e-mail was classified at the time she sent or received it. This is true by definition, because classifications occur after the material is created.
Bureaucracies tend to hoard information, so the government has produced a mountain of classified information and another bureaucracy set up to declassify it. The federal government now spends a staggering $17 billion a year to sift through material, classify, and eventually declassify it. The Obama administration has attempted to streamline the process, which last year resulted in the government declassifying 27.8 million pages of classified material; nonetheless, there is a still a backlog of 400 million pages.
Much of this is becoming useless. E-mail replaced paper correspondence, and in many ways it mimicked that traditional way of communicating: one-to-one, frequently using discrete electronic documents that could be stored in an electronic filing cabinet. But e-mail itself is rapidly becoming obsolete. It is being superseded by one-to-many communication based on social networking. Online chats evolve in near real-time. This blurring of the boundaries between informal speech and more formal communications tools makes it ever harder to sift and regulate what is and is not classified.
The second fallacy is the idea that government can efficiently restrict information to certain “reliable” individuals. Five million Americans hold top secret, confidential, or secret security clearances, including over 1.3 million government contractors (such as Edward Snowden). The suitability of such individuals is determined by laborious background checks, 90 percent of which are conducted by the Office of Personnel Management. But OPM itself was subject to the biggest computer hack in US government history when data on 22 million people were recently stolen from its computer systems — including details of all those extensive background checks. If OPM is unable to protect its own files from attack, how can we possibly ensure that its system is able to select which people are (and aren’t) qualified to see classified information?
The truth is that it is becoming increasingly difficult to protect government secrets because the system is no longer fit for that purpose. The number of cybersecurity incidents (breaches of sensitive information) in government agencies has risen from 5,503 in 2006 to more than 68,000 in 2014. Every government official, contractor, and member of the public who comes into contact with sensitive information is at risk. We should stop rebuking Clinton about a few e-mails and start asking her — and all the candidates — how they would design a secure 21st century architecture to protect national security secrets.
Linda J. Bilmes, a senior lecturer at Harvard’s Kennedy School, served as assistant secretary of commerce from 1998 to 2001.