New Document Security Layer Makes It Easier For Government To Keep Secrets

It could also make journalists' work harder.

httpswww.popsci.comsitespopsci.comfilesimportembeddedfilessiba.jpg

Monday morning in National Harbor, Maryland, Popular Science met with BAE Systems Director of Business Development & Intelligence Security John Murphy to discuss SIBA, a new way of keeping and sharing secrets. Unspoken in the interview, which took place at the Sea Air Space expo, was Chelsea Manning, the former Army private first class responsible for leaking hundreds of thousands of secret documents to Wikileaks, but everything about BAE’s new SIBA system seems like it is written with her impact in mind.

SIBA stands for “Secure Information Broker for big datA,” and it’s a cloud-based information security system made for the military but designed for anywhere that needs to balance dispensing information while keeping some of it secret. At its heart, Murphy explains, it takes a document on the cloud and then lets the original author of that document filter that document in layers of relevance down to the people below.

Here’s an example. The Department of Homeland Security, the FBI, New Mexico state police, and the Mexican government are all looking at some dangerous individuals running arms from Las Cruces across the Mexican border. Homeland Security writes the report on the gang, with everything they know about the individuals, including names, pictures, whereabouts. It also includes connections those gang members have to cartels and other groups across the border. When writing the report, DHS chooses to apply three filters. The first shows information that stays within DHS – not everything is relevant for everyone. That’s the high security setting, and on the original document it appears highlighted in blue.

The second layer is highlighted in yellow, and that’s information important for sharing with the FBI and the Mexican government, but not information the New Mexico state police need to know. When looking at the document, they see everything except the blue parts from the DHS original version.

The third layer is everything highlighted in red. It’s the minimal version, and it shows the New Mexico state troopers the pictures they need, the location of who they’re looking for, and that’s about it. When they get a tip about one of the gang members, they add it to the document, and DHS then decides at what level that information gets shared with everyone else.

Of course, it’s not just first responders interested in that information. If a journalist files a Freedom of Information Act request for the Department of Homeland Security’s Las Cruces Report, then DHS can create a version of that document with what Murphy called “granular redaction,” limiting what is published down to the specific character, so that the agency retains control over the information. No unsightly blacked-out names, no awkwardly limited paragraphs, just a deceptively clear and excerpted version of the full truth known by the government.

At present, information sharing among agencies, locals, and allies is a tricky process. Part of this is an agency’s inclination to hold onto its own information, and the federal government’s desire to retain authorship of its own intelligence. Another challenge is that state and local government still need a person with a clearance to access the intelligence. There’s also rules about what computers and information systems can access what level of clearance, and finally there’s a sanitization process for sharing information further down the chain without revealing too much.

SIBA integrates with Microsoft products Sharepoint, Powerpoint, and Word. It saves one original copy in the cloud for the original author and sends out the filtered versions of that copy over a secure pipeline to each other person accessing the document. Murphy says the original author retains “ultimate version control,” which limits the reach of information that the author doesn’t want out. The term BAE uses is “Realtime Human Review.” This, according to Murphy, keeps a person watching the document and the filters, making sure that first responders, say, have new information as it’s added while also making sure that they aren’t handed extra irrelevant facts. In a lot of ways this seems designed to counter security leaks like the one caused by Chelsea Manning, where a low-level intelligence analyst released hundreds of thousands of government files to Wikileaks.

It could also pose a challenge for journalists working with government information. When documents are declassified under FOIA requests, redacted information is clearly obscured but because it’s usually blacked out, the very existence of redaction is visible. A document that can be released while appearing complete doesn’t just hide information the government chooses to keep secret, it hides that there were even any secrets in the document the government chose to keep.

Kelsey D. Atherton
Kelsey D. Atherton

is a defense technology journalist based in Albuquerque, New Mexico. His work on drones, lethal AI, and nuclear weapons has appeared in Slate, The New York Times, Foreign Policy, and elsewhere.