I don’t think you understand how difficult it would be to get classified information on your unclassified laptop and there isn’t a chance in hell you could do it by accident
You write an email that references something you read in a classified briefing?
Nancy Pelosi is part of the Gang of Eight - https://en.wikipedia.org/wiki/Gang_of_Eight_(intelligence) which is briefed on National Security matters by the Executive Branch (this is top secret, special forces operations style stuff).
That's actually how a lot of real-world classified data leak incidents happen. Either someone records a classified fact/detail on an unclassified system through carelessness or lack of caution, or compiles a set of facts that are (in aggregate) classified but individually unclassified.
The latter can be particularly pernicious as it's hard to know the aggregate classification. I may be able to say in separate contexts "The XF-42 is capable of exceeding 1200 nautical miles per hour" and "The XF-42 is capable of flying in excess of 60k feet" but placing the two facts together can actually be classified (in practice, usually more than two details).
This seems nonsensical -- why are the sum of the parts more classified than the individual?
If I put together a long list of facts about the XF-42, it's classified, but if I separate each item onto a different page and tell someone else how to recompile the information (eg page numbers), it's fine?
I can't imagine a scenario where this model makes sense -- ignoring absurdities like classifying basic facts (sky is blue) and words (help) due to cascading classification.
It seems to me the rule should be that of poisoning -- any information in a document with classification X poisons the rest of the document to the same classification; or rather, a document classification is the maximum of its children
My example probably wasn't the best as too much is already given away. It's more like this:
- We have a manned aircraft
- We have an aircraft that can travel above 60k feet
- We have an aircraft that can sustain or exceed Mach 8 (EDIT: strike this part as it connects two facts already: "at that altitude")
- We have an aircraft called the XF-42
- We have an aircraft based in Middle-Of-Nowhere, AZ
- We have 10 operational aircraft of some specific type
Any one (EDIT: or all) of those details may be unclassified, but as you start pairing them up classified information can be derived from it. Note that in this, somewhat better, example only one item identifies the aircraft (rather than my initial example in which both items identified it).
Publicly it may be known that an XF-42 exists, even where it's based, and that there are only 10. Publicly it may be known that an aircraft exists which is manned, travels above 60k feet and over Mach 8. But the two sets of data may not be joined in public because that would give more information than desired (in particular, that there are only 10 indicates a limit on the capability of the mystery superfast and high altitude aircraft).
EDIT: Regarding some of your other comments.
If I spread the information out and tell you how to reconstitute it so you can make a cohesive whole, I've just obfuscated the classified information which is the same as leaking it straight up.
Regarding "poisoning", this is how it's done. If you have a document with TS data, the document is TS even if it's a single line item surrounded by unclassified data.
Fact A and Fact B are unclassified for the XF-42. But combining Fact A and Fact B implies Fact C, which is classified. Separating each item on a different page wouldn't make the whole thing unclassified. It'd make the entire report classified. One of the facts, if not both of them, would likely be controlled information, even if unclassified, in order to reduce the likelyhood of Fact C leaking.
Example: the XF-42 has a jammer builtin. The output of the jammer is classified. But the amount of power available from the generator is unclassified, as is the percentage of power used by the jammer. Individually, either of those facts doesn't help, but together they tell you how much power the jammer has, which can help our adversaries figure out how much power they need to burn through the jamming.
That said, if any fact is classified, that by itself will make the document it's in at least that classification.
EDIT: to use your poisoning example. If it's a poison, it makes the entire thing poisoned. But there are binary poisons. Two things together make a poison, even if neither alone is (very) poisonous.
I’ve never seen exactly what they are talking about but what they may be getting at is actually information compartmentalization - group A can know fact A and group B can know fact B but neither group can know AB. Some higher up official can know AB but must keep those facts separated in documentation because they may share portions with the groups. Having said that - both A and B are classified. You can’t have unclassified compartmentalized info.
Just wondering as I have no special knowledge, but suppose I am a senator and I receive a number of classified briefings on a particular issue.
Could I use Outlook to take some notes on my thoughts on that issue? Say as a draft e-mail? I don't think there would be anything technical to stop me, and it's not going to set off any automatic exfiltration flags.
But those notes could very well need to be classified. Does everyone in the Capitol with access to classified material have the necessary skills and incentives not to make notes about them on their personal computer?
If you are receiving a classified briefing you cannot be on a machine that has internet access - the briefing would be in a secured area with no personal devices and the only machines in that area are airgapped (and they are airgapped forever, no switching back and forth).
You could of course write stuff down afterwards in an unsecure place but that is day 1 essential huge fucking deal no no. You don’t even discuss classified info outside a secure area, not in your public office not in the outback not ever. That doesn’t mean people don’t do it but when they do and it is found out it is a really big deal. Accidents do happen and there are protocols in place to deal with them when they occur. 99.9% of these leaks are extremely mundane low tier classification and are due to document misclassification etc. Sometimes the name of a project is classified and is leaked by reference etc but when it comes to actual important stuff people are quite competent at keeping that in secure areas.
Though of course all those rules are subject to Trump's Law: "When you are a star they let you do it".
A random member of the military or the administration would go to jail for a long time, a senator especially from the same party as the president would get away with it with impunity.
>Does everyone in the Capitol with access to classified material have the necessary skills and incentives not to make notes about them on their personal computer?
Access to classified information comes with training on properly handing classified information.
Mishandling classified information is a crime if you have a security clearance
Nancy Pelosi is part of the Gang of Eight - https://en.wikipedia.org/wiki/Gang_of_Eight_(intelligence) which is briefed on National Security matters by the Executive Branch (this is top secret, special forces operations style stuff).