国家安全，新兴威胁和国际关系小组委员会
家庭政府改革委员会
2004年8月24日

太多的秘密：作为关键信息共享的障碍作为障碍

比尔·魁纪群岛证词
Markle Taskforce在信息时代中的国家安全

早上好主席怪物和小组委员会成员。我要感谢您有机会今天早上作证，就Markle Foundation Task Force在信息时代中的国家安全提出的建议。

Information, and information sharing, are key to fighting terrorism and enhancing our security. Today, our government still does not have all of the information it needs to fight terrorism. And the information it does have is sometimes isolated in different agencies and therefore it is more difficult to see its significance. While the discussion about how to implement the 9/11 Commission's recommendation to restructure the intelligence community is important, another key 9/11 Commission recommendation, creating and implementing a "trusted information network" to facilitate better information sharing among our intelligence and law enforcement organizations at the Federal, State and Local levels could make America safer today.

Towards that end the 9/11 Commission embraced the recommendations for creation of a Systemwide Homeland Analysis and Resource Exchange (SHARE) Network made last December by the Markle Foundation Task Force on National Security in the Information Age. The Markle Foundation Task Force consists of leading national security experts from four administrations, as well as widely recognized experts on technology and civil liberties.

股票网络代表了Govenilenent的“虚拟重组”，从根本上改变了众多组织的人们如何与战斗恐怖主义共享信息的人们如何促进更好，更快的决策。这种方法，与管理系统的强大指南配对，也是保护隐私和公民自由的最佳方式。

股票网络旨在使我们从目前的需求的更新系统迁移到共享需求中。

然而，启用该移动的障碍之一涉及分类和信息安全。

今天在政府中分享情报的决定仍然在很大程度上在冷战期间开发的分类系统的背景下。在冷战期间，使用信息的使用是由分类文化和对访问的紧张局限性的主导，其中信息仅在“需要”的基础上。

当前系统假设可以预先确定谁需要认识特定信息，并且与披露相关的风险大于更广泛信息共享的潜在益处。

保护信息的激励措施的结果导致初始归类的信息，并剩余归类于必要或适当。

目前系统的另一个问题是每个机构都有自己的分类实践，当机构试图互相分享信息时，会导致文化紧张局势。政府机构目前依赖于“消毒”分类信息的流程，以便可以与其他机构分享。一些联邦机构消毒了一些报告以删除源和方法信息。ReportsReports但是，消毒版通常仍然被归类，并且通常仅供其他联邦机构传播。对于许多机构而言，通常不会发生消除化，而没有代理商，无论是我们的知识，定期产生无限制的信息的消毒版本，并适合向国家，地方和私营部门实体的广泛传播。消毒过程通常也很慢和繁琐。

This Cold War mind-set of classification, sanitizing and tight limits on sharing information is ill suited to today's homeland security challenge. While certain information must be protected against unauthorized disclosure, the general mind-set should be one that strives for broad sharing of information with all of the relevant players in the network. The system should be designed to address the enormous difficulty of discovering terrorist plans before they are executed and the needs of the analysts that must uncover these plans, balance against the security concerns on the sources and methods of the collectors. Or, as the 9/11 Commission noted in their report, "Information procedures should provide incentives for sharing, to restore a better balance between security and shared knowledge."

Markle工作组方法：运营新技术的新概念

The SHARE Network is a decentralized, loosely coupled, secure and trusted network that sends information to and pulls information from all participants in the system. Such an approach empowers all participants, from local law enforcement officers to senior policy makers. Our approach combines policy and technical solutions to create a network that would substantially improve our ability to predict and prevent terrorist attacks.

写作分享

The SHARE Network is based on the "write to share" concept and moves us from a system based on classification to one based on authorization. By taking steps like creating "tear line" reports, in which an agency produces a less classified, or unclassified version, along with the classified version, SHARE encourages reports that contain the maximum possible amount of sharable information.

在我们建议的方法中，这种替代版本的生产将是常见的和自动的。这将是一个首要任务。例如，机构将创建一个“顶级秘密/代码字”报告，该报告显示信息来源;一个“秘密”版本，不会揭示源头，但可能会在威胁上明确细节;和“敏感但未分类”的版本，可能只包含必要的行动，收件人机构应该在网络中进行特定作用（例如，寻找特定恐怖主义活动的某些个人或指标）。

信息安全和审计技术

In addition, SHARE would use existing technologies that can facilitate the sharing of sensitive information. For example, screening tools could be used to assist in the redaction process when moving information across security levels. Screening tools can automatically alert disseminators when potentially sensitive information is about to be transmitted, or when information may be about to be sent to parties that lack the requisite permission to receive it. Semi-automated systems could also suggest special-handling guidelines as well as who should be included on dissemination lists.

地址需要reliabil信息ity of a source without having to rely on classified descriptions, we recommend the use of "reputation meters" - similar to those used by e-bay to rate sellers -in formats for intelligence documents.

In addition, auditing technology, for example, could be deployed to track the flow of information to different players and to record how the information is used (whether, for example, it is printed, forwarded, or edited). This could help deter leaks. The auditing tools should use strong means of authentication that have forensic value (that is, they should be permissible in court to prove access). Information rights management technologies, when combined with digital certificates, can also help by allowing agencies to create self-enforcing rules about who can have access to particular documents, how they can be used, and how long the document can be viewed before access expires. Another possibility would be to make federal funding for information-sharing purposes contingent on the adherence to certain rules prohibiting unauthorized disclosure. Finally, information could be accompanied by clearer, more specific handling requirements and dissemination limitations. While none of these measures is perfect, a combination of such efforts might reduce the chance of unauthorized disclosure or uncoordinated action, and thereby foster a healthy environment for the sort of broad communication that we envision.

Conclusion

最近，许多机构一直在尝试创建系统来共享信息。例如，联邦调查局正在制定新的信息共享政策和操作概念，尽管采用和实施预期结构，但尽管采用和实施了预期的结构，但尽管采用并实施了“需求”文化。虽然这是一个朝着正确方向的一步，但逐个机构方法不起作用。所需要的是一个国家框架，可以使政府变化为整个国家和地方当局，也能够克服信息共享的文化障碍。

信息共享本身不是目标;相反，我们可以通过最大限度地提高我们理解所有可用信息的能力来有效地提高安全和保护隐私的方法。为了实现这一目标，我们必须揭示我们目前的冷战“需要了解”心态，并根据“需要分享”，以文化替换。信息安全是一种合理的担忧，但可以以我上面概述的方式适当地解决。现在需要的是，由国会和总统的领导 - 获取信息流动。

谢谢你。