Saturday, October 15, 2011

A knowledge management conundrum: how to share secret information

One KM issue that has sat in the back of my mind for some time is how to share information among employees that is classified as secret.

We spend a lot of time in our workplaces implementing document management solutions like SharePoint, writing collaboratively on wikis, fostering knowledge exchange through communities of practice, etc. - basically trying to make the knowledge contained in the organization findable and retrievable to contribute to evidence-based decision making

But none of these tools can address the issue of how to share secret information.  Documents classified as secret hold a wealth of valuable data, opinion and insight, and should be a part of an organization's evidence base for decision making in a form that is findable and retrievable to the person with the right security classification and a clearly demonstrated need to know.

That's the thing about documents classified as secret; they can be shared with someone if the recipient has a clearly demonstrated need to know, but cannot be made freely available to people to trawl through on the possibility they might find something useful - even if the searcher has a secret-level security clearance.

Not surprisingly, this is not a new challenge for intelligence organizations. Recently, I participated in a workshop with David Snowden, who gave me some insight into how US intelligence agencies deal with this challenge.

According to Snowden, in the CIA of a few years ago, when an intelligence officer would receive a piece of intelligence to review, say an intercepted phone call or email, they would analyze it, write a short report about it, and file it. It was difficult to share the information, particularly among agencies, because it was all secret. Connecting the dots between pieces of intelligence to create a big picture view generally relied on officers remembering what they read. But sometimes, they might have read it years ago.

So instead, the CIA started a process whereby when an officer received a piece of intelligence, the officer would index the intelligence using carefully constructed quantitative indexes (kind of like key words, but more sophisticated. For example, an index might ascribe a weight to a piece of intelligence that depends on whether the intelligence is associated with the Middle East, Europe, or North America ).

Because each intelligence piece now has quantitative indexes associated with it, the data can be analyzed statistically or plotted on a 2-D or 3-D graph to search for patterns.  When patterns emerge, such as a cluster of data points, the records associated with these data points can be requested by the intelligence officer because he can clearly demonstrate a need to know.

Furthermore, this quantitative metadata about the intelligence records can be shared with other agencies, who might filter it or analyze it in different ways, or add their own data  to search for other patterns.  If they find a pattern, they can request the relevant records because they have the appropriate clearance level and can clearly demonstrate a need to know.

In my own organization secret documents are locked away in secure cabinets or stored on computers that are not connected to the network. Even worse, documents may not be declassified when the need to keep them secret no longer exists.  No matter how useful a Memorandum to Cabinet, for example, might be to me, I have no way to know it even exists.

So now I am wondering if it would be possible in my own organization to have every secret document  indexed by the author and the metadata made available for analysis. If so, a whole world of organizational knowledge could be made available to those with a need to know to inform evidence-based decision making.

No comments:

Post a Comment

Post a Comment