Publicly Available information: The Digital Battlefield
Written By: CENSA Editorial Board
—
As our world becomes more technologically advanced and connected, the relevance of broadcasted digital content – 140 characters-at-a-time – continues to grow ever more influential in all aspects of human affairs. From the way that consumers buy things (both products and services), to the way that national security organizations are undertaking their professional duties, basic digital content – most often in the form of social media, but more appropriately and accurately defined as “publicly available information,” or PAI – is fast becoming the information source for decision making around the world. This evolution is (as it should be) critically important to ongoing conversations inside and throughout the United States Government – especially within the Department of Defense (DOD) and the Intelligence Community (IC).
Unfortunately, the digital world evolves at a pace much faster than the deliberate (some say plodding) evolutionary tempo of decision making inherent in the large bureaucratic community responsible for developing and executing national security policies. To be sure, these policies and attending regulations and laws are outdated and largely irrelevant in the digital age; and yet they continue to govern the management and use of information from publicly available sources. It’s as if decision makers are stuck in a constant nonresolvable cycle, the result of a system that, according to at least one industry observer, “isn’t flexible enough to keep up with the rapidly changing social media landscape.”[1]
While the impact of and resulting fallout from the infamous Snowden leaks has further stalled an already-slow decision making process, debates by senior policy makers pitting privacy concerns and civil liberty protections against overall security requirements continue; and these debates, unfortunately, continue to end in indecision. The balance between privacy and security is – clearly – a critically important issues to a democracy and cannot (and should not) be easily dismissed; but it is also reasonable for citizens to expect resolutions in these matters, and to expect the issuance of policy guidance and – most importantly – actions. Choices and decisions must be made. The nature of the digital world demands it. The sourcing of information and how it flows has grown too dynamic to ignore.
Amid these debates, a controversy has emerged about whether or not to treat PAI in the same manner as Open Source Intelligence (OSINT). But while OSINT and PAI are similar, they can be in fact distinct, and the difference is important. According to 17 CFR 160.3, PAI is defined as “any information that you reasonably believe is lawfully made available to the general public from:
- Federal, state or local government records;
- Widely distributed media; or
- Disclosures to the general public that are required to be made by federal, state or local law.”[2]
In contrast, OSINT is defined by how the information is processed and by the intent of its usage – a critical distinction. Whereas PAI can serve the important function of informing contextual understanding of locations, people, and events, and could be an initial component of what eventually becomes OSINT, it is not the same – just by definition; OSINT is more specific, purposeful, and aimed at supporting a perceived action. Indeed, both the Director of National Intelligence (DNI) and the DOD have defined OSINT as that which has been “produced from publicly available information [and] collected, exploited, and disseminated in a timely manner to an appropriate audience for the purpose of addressing a specific intelligence requirement.”[3]
The DOD further differentiates OSINT from research (i.e., PAI activities or PAI research) by emphasizing the “intelligence process” as a distinguishing feature – the creation of tailored knowledge to support a specific decision by a specific individual or group.[4] Thus, the same 140 characters, literally, can be researched, utilized, analyzed, and triaged for a myriad of reasons that are similar – but if its end use is for supporting an intelligence requirement, then more specificity and purpose, and more formal processing, exploitation, and dissemination is necessary. This distinction is not insignificant, as the governance of OSINT is (rightfully) more stringent.
Although significantly lagging, recent meaningful (if incremental) progress has been made toward the goal of providing the greater national security work force improved training and equipment for developing digital battlespace operational capabilities, and especially with respect to utilizing PAI. One example is the DNI’s authorization of government investigators to include the research of social media and online digital information for background investigations and the granting of federal security clearances.[5] Additionally, the Secretary of Defense recently released an approved DOD Strategy for Operations in the Information Environment (IE), “to serve as a cornerstone document to align Departmental actions and ensure effective integration of DOD efforts in dynamic IE.”[6] Both steps reflect an improved awareness at the senior ranks of the U.S. Government (USG) about the nature and far-reaching influence of the digital domain.
Less than two weeks after the DNI’s expansion of background investigation criteria, a social media post on the Telegram reported and publicized that the Islamic State in Iraq and al-Sham (ISIS) is targeting American citizens – providing yet more evidence that the world we currently reside in moves at a quick pace.[7] The juxtaposition of these two developments provides an opportunity for an interesting observation: on the one hand, the senior level of the USG is just now – in 2016! – realizing the value of looking at the digital arena to verify the trustworthiness of a potential employee, while on the other hand, current adversaries of the United States have already leveraged (for years, literally) this domain for a wide range of functions, to include the incitement of violence.
The national security threat landscape continues to change (and seemingly every week), but the prevalent nature of the digital domain remains a constant in all possible threat scenarios. The digital domain contains an abundance of relevant information from and about America’s current and potential adversaries and possible contingencies, such as: ISIS in the Middle East; Boko Haram and the Niger Delta Liberation Front in Africa; Unit 61398 in China; and the ongoing refugee crisis in Europe. Each group and crisis has a ubiquitous online presence and specifically in the PAI medium.
The House Armed Services Committee (HASC) is on record urging the DOD to invest in and get better at managing PAI, noting in its Report accompanying H.R. 4909 (the National Defense Authorization Act for 2017), the “unique operational uses and requirements for PAI that support force protection, operational security, and other missions.”[8] The House Permanent Select Committee on Intelligence (HPSCI) is also on the record, with language echoing the HASC provision concerning operational utilization of PAI, and urging the IC in its Report accompanying H.R. 5077 to more “effectively monitor and utilize social media [a critical subset of PAI] analytical tools.” [9]
The HASC and HPSCI have it right. They are attuned with the operational realities of the digital battlefield; and they should be applauded for their initiative. For their part, senior DOD and IC leaders should respond favorably to this leadership example, “double down” on existing PAI-related activities, and enable and empower operational commanders to develop more organic training programs and capabilities. The way of the future demands it. And the future is now.
[1] https://fcw.com/articles/2012/08/15/feat-inside-dod-social-media-policy.aspx
[2] http://definitions.uslegal.com/p/publicly-available-information
[3] NATIONAL DEFENSE AUTHORIZATION ACT FOR FISCAL YEAR 2006, https://www.gpo.gov/fdsys/pkg/PLAW-109publ163/html/PLAW-109publ163.htm
[4] “Spy Agencies Turn to Newspapers, NPR, and Wikipedia for Information”; http://www.usnews.com/news/national/articles/2008/09/12/spy-agencies-turn-to-newspapers-npr-and-wikipedia-for-information
[5] https://www.dni.gov/index.php/newsroom/press-releases/215-press-releases-2016/1374-dni-clapper-signs-new-policy-on-social-media-for-federal-background-investigations-for-security-clearances-1
[6] http://www.defense.gov/Portals/1/Documents/pubs/DoD-Strategy-for-Operations-in-the-IE-Signed-20160613.pdf
[7] http://www.vocativ.com/326931/new-isis-kill-list-claims-to-target-thousands-of-americans/
[8] https://www.congress.gov/114/crpt/hrpt537/CRPT-114hrpt537.pdf
[9] https://www.congress.gov/114/crpt/hrpt573/CRPT-114hrpt573.pdf