In the aftermath of the 9/11 terrorist attacks on the United States, the U.S. government initiated sweeping changes to the Intelligence Community (IC) to enable it to better protect and defend its citizens and interests abroad. The Office of the Director of National Intelligence (ODNI) was created to ensure close coordination and integration of the Government’s 16 intelligence agencies and various other components. As a result, we are now better organized to address the threat, with more robust information sharing capabilities and a greater capacity for coordinated and integrated action.
A key challenge to fully achieving these changes is the current “need to know” principle, which is heavily engrained into the intelligence community’s culture. According to the 9/11 Commission Report, the “need to know” principle mistakenly assumes: 1) It is possible to know, in advance, who will need to use the information, and 2) The risk of inadvertent disclosure outweigh the benefits of wider sharing. (p. 417)
“Those Cold War assumptions are no longer appropriate…current security requirements nurture overclassification and excessive compartmentalization…there are no punishments for not sharing… [Agencies] uphold a “need to know” culture of information protection rather than promoting a “need to share” culture of integration.” (p. 417)
In 2004, Congress passed the Intelligence Reform and Terrorism Prevention Act of 2004 (IRTPA), which set the “need to share” mindset into motion. IRTPA called on the DNI to “ensure maximum availability of and access to intelligence information” and to “establish policies and procedures to resolve conflicts between the need to share intelligence information and the need to protect sources and methods.” In October 2005, the DNI released its first ever National Intelligence Strategy, which directed the IC to “Remove impediments to information sharing within the Community, and establish policies that reflect need-to-share (versus need-to-know) for all data, removing the “ownership” by agency of intelligence information.” (p. 14) Director Mike McConnell’s “100 Day Plan for Integration and Collaboration” expanded the “need to share” concept to what he termed “responsibility to provide,” which entails the idea of information stewardship. On “need to share,” the Director’s plan said, “The intent is to shift from the current “need to know” mindset to create appropriate tension in the system to more effectively balance the “responsibility to provide” while still addressing the requisite need to protect sources and methods.” (p. 9)
However, in February 2006, the Honorable Lee H. Hamilton, vice-chairman of the 9/11 Commission, said the need to move to a “need to share” mindset does not mean we should abandon the “need to know” principle, but recalibrate the “balance between secrecy and sharing.” (A New Look at Secrecy) In fact, the 9/11 report’s recommendation used the same vernacular, calling for “better balance between security and shared knowledge.” (p. 417 emphasis added) At this point, we are left to deal with two opposing ideas:
1) the need to know principle is faulty, and
2) it should not be abandoned in its entirety.
So what gives?
Clearly the past “need to know” mindset was an impediment to information integration and horizontal collaboration and should change to “need to share.” This means are basic ethos must change to one where we share first and make information as accessible as possible. A balance must still exist between the “need to share” and the need to protect sources and methods, which means ”need to know” will be determined by one’s access to a virtual network, and less restrictive, balancing the need to protect sources and methods with the need for wider sharing. As cited earlier, to know in advance what one needs to know is impossible, and overly protective. Such a policy causes risks equal to or greater than the risk of inadvertent disclosure, and doesn’t allow us to tap into the wisdom of crowds.
By law, the ODNI is required to act as the arbitrator to ensure a “risk management” philosophy is enacted across the IC. Intelligence reports will need multiple tearlines so information can be “scrubbed” and released; analysts should be trained to “write-to-release” and be rewarded or punished for overclassifying just as much as underclassifying; and bold policies will need to be published and enforced to close loop-holes agencies use to prevent access to information. - Jesse Wilson
Posted by jesserwilson 
