Wednesday, 27 November 2002

Government secrets are, inherently, a threat to democracy. The basic premise of democracy is that well-informed citizens make better decisions than dictators or elites; when we concentrate knowledge in the hands of the few, we cheat democracy of its strength. Closed-door decisions, whether on health care, energy policy or homeland security, lead to public mistrust, lack of accountability, and policies that are imposed on the people, instead of being proposed and adopted by the people.

At the same time, government secrets are inherently useful in warfare, diplomacy, law enforcement, intelligence gathering, and other areas where the enemies of society operate. Public review might have improved our battle plans for Operation Market-Garden, say, but public debate would have informed the Nazis of our intentions, and made the plans less than worthless. (Public review of our D-Day invasion plans doesn't even bear thinking about.) When informing the public risks informing the enemy, secrets can be justified in the name of the common good.

And so we strike an awkward balance. We want to keep secrets from our enemies, but we don't want secrets kept from us, and we distrust the motives of those who do. We've had too many bad experiences with people who claim secrecy for the public's benefit, but then use it to advance a private agenda under cover of darkness.

Case in point: Recently a blogger, whom I'll call "Pusher" (for reasons that will make sense later), cited this Reuters article about a North Carolina researcher who published his findings on our vulnerability to biological warfare. Pusher cited this as an example of when it's better to shut up and keep our vulnerabilities a secret, and not risk revealing them to Al Qaeda. "Security through obscurity" is the best option, he declared; better to avoid alerting the enemy than to openly discuss our weak points. I (and others) politely noted that the researcher in question was attending a conference on biological warfare, that assessing risks and vulnerabilities is a necessary step in prioritizing our defenses, and that, given those circumstances, it would have been irresponsible not to inform the other attendees of our vulnerabilities in this area.

In a followup article, Pusher then took his case for "security through obscurity" to the extreme: He claimed he'd discovered the Terrible Secret of Blog, a terrorist attack scenario which could be executed by a small group of determined individuals (50 people), using commonly available tools and equipment, that would cause crippling disruption to the U.S. economy and cannot be defended against. He didn't say what this secret attack was, naturally, but it was (of course) a perfect example of when it's better to keep things secret than to discuss them openly.

Pusher did agree to share the Terrible Secret with a second blogger, whom I'll call "Shover," to confirm that it was simple, devastating, and indefensible. Shover, upon review, agreed that the attack was simple and devastating, but he had some ideas on defenses; his ideas, to the extent that he's revealed them so far, are effectively the position he was already advocating: Mass distribution of firearms and training to the civilian populace, to ensure that any terrorist attacks are met by a local, immediate armed response.

Pusher subsequently removed the Terrible Secret from his blog, and Shover censored his own blog to hide Pusher's identity, on the fear that Al Qaeda might surf the web, discover the Terrible Secret, and then attempt to kidnap Pusher and torture him into revealing it. (I have to admit that this part of the story has my kook-o-meter pinging wildly: I'm just as paranoid as the next guy, but if tantalizing blog postings can lure Al Qaeda operatives into the open, then I think we've found a new defense strategy. I've discovered a major, major vulnerability that terrorists would just love to know about, la la la, let me just finish setting these punji traps....)

Delusions of grandeur aside, this story illustrates many reasons why secrets are dangerous, and a few reasons why secrets are necessary. There is, most assuredly, no shortage of ways that our national infrastructure could be crippled by several small teams of terrorists acting in concert. The September 11th attacks were more political theater than military strategy, as Pusher notes elsewhere; if the terrorists had really wanted to damage our infrastructure that day, they flew past a far more obvious target on their way to the World Trade Center.

"Security through obscurity" isn't an option for protecting the Brooklyn Bridge, though, because the target isn't obscure. If Al Qaeda can identify the vulnerability just as easily as you can, then "security through obscurity" is a costly delusion; you give up the exchange of ideas and the collective actions that might lead to improved defenses, and get only the illusion of security in return. By declaring that he's found a hidden vulnerability in our infrastructure, which the common good demands that he keep to himself, Pusher presumes that he's more clever than the terrorists (who would never have thought up this idea on their own) and more clever than the rest of us (who would never have come up with a good defense).

It's possible, of course, that both these presumptions are correct; maybe Pusher has knowledge of (say) our national power grid that only a handful of industry experts would have, and thus can identify vulnerabilities that are truly obscure and esoteric. Maybe he's correct in his assessment that there is no other defense, and the best we can do is to keep quiet about this particular issue and hope Al Qaeda never learns about it.

But it's also possible that Pusher is wrong. (In his original article Pusher considered whether there was any chance he'd overlooked something... unsurprisingly, he concluded that he hadn't.) If Pusher is wrong about the obscurity of his idea, then his actions may assist the terrorists: By failing to alert the public, he ensures that only he and Al Qaeda know about it. If Pusher is wrong about the feasibility of defense, then his actions may harm the public: By denying us the opportunity to act, or even to assess the possibility of defense, he becomes accountable for the lack of defensive options.

And, of course, it's also possible that Pusher is using secrecy to push a private agenda, namely that his critics shut up and stop disagreeing with him. ("I'm right about this, and I can prove it, but I can't tell you the proof for reasons of national security. You'll just have to trust me and shut up now.") If it works for Dubya, why not for warbloggers? At the same time, Shover is well-known for his strong Second Amendment views; in theory, he could use the Terrible Secret to stealthily advance his pro-gun agenda. (Not that I object to a pro-gun agenda per se, or that I believe Eric would actually do this—I simply point out the possibility, and that Secret Reasons of National Security have often been used to advance personal agendas.)

In any event, I hope Pusher and Shover can protect us from the Terrible Secret of Blog, given that they've made it impossible for me to assess what measures are appropriate—since all the information is secret and private, I can't tell whether this is a serious threat or a practical joke. I guess I'll just go over here and stand by the stairs.

I should note that the government has one other legitimate purpose for keeping information secret, which is only tangential to this discussion: When the government comes into possession of private information, it can (and should) respect the owner's privacy. Examples would be medical records, tax statements, secret ballots, and so on. Pusher apparently wants to keep his identity out of this discussion, so I've respected that here.

- Posted by Scott Forbes at 9:59 pm. comments.