I want to just follow on to Cheryl’s post about the President’s operational security failure on Twitter earlier today. What the President did today, despite his standing outside the White House and saying to a reporter that he had a right to tweet out the imagery, was not declassification of the geospatial intelligence (GEOINT) imagery that he tweeted out. If that had been the case, then the original classification markers would be visible, they’d be struck through, and there would be a time and date stamp along with standardized language that the imagery had been declassified as of X time today. Instead, as you can see in the image in Cheryl’s post, there is a black rectangle in the upper left hand corner, which is most likely covering the classification code. In this case that is most likely TS/SCI/NOFORN – Top Secret/Sensitive Compartmented Information/No Foreign Distribution. Though it could just as easily be UNCLASS/FOUO – Unclassified/For Official Use Only. We know some of the provenance of the GEOINT the President tweeted, because everyone in the Intel Community began scrambling to cover their tuchases, which the President had exposed and hung way out the window for everyone to see. The President received the imagery during a briefing earlier today.
A U.S. defense official told CNBC that the picture in Trump’s tweet, which appeared to be a snapshot of a physical copy of the satellite image, was included in a Friday intelligence briefing. https://t.co/9d8Q3VN8GP
— CNBC (@CNBC) August 30, 2019
What Cheryl described is clearly what happened here. The President had someone on his staff, most likely his caddie Dan Scavino, who is currently serving as the Assistant to the President-Director of White House Social Media Communications and tweets as/for the President, bring an unsecure smart phone into a sensitive compartmented information facility (SCIF) and take a picture of this classified information so he could tweet it out. Whomever took the picture, either at the President’s direction or their own initiative because they realized what they were doing was sketchy, placed a black bar over the classification markings, then loaded the image up so it could be tweeted out. Bringing an unsecure phone into a SCIF and taking pictures of anything in the SCIF is the type of thing that gets one suspended, one’s clearance stripped, and one prosecuted for stealing classified information.
As I stated above, this is not actually declassification. Here’s Brad Moss, whose law practice focuses on national security, clearance, and classification issues:
Something to bear in mind about that satellite imagery tweeted out by the President: it does not appear to have any classification markings anywhere. And, even if it did, yes, nothing prevents him from tweeting it out anyways.
And, no, it doesn't qualify as declassification.
— Bradley P. Moss (@BradMossEsq) August 30, 2019
This just made me think of something else. The courts have recently ruled that merely because Trump utters classified information that does not, in itself, render it declassified.
Therefore, it’s technically a security violation for clearance holders to even look at the image. pic.twitter.com/MZto0rglW1
— Bradley P. Moss (@BradMossEsq) August 30, 2019
So what we have here is data spillage (emphasis mine):
Data spillage is the transfer of classified or sensitive information to unaccredited or unauthorized systems, individuals, applications, or media. A spillage can be from a higher level classification to a lower one. The data itself may be residual (hidden) data or metadata. Spillage may result from improper handling of compartments, releasability controls, privacy data, or proprietary information.The trend towards increased information sharing has weakened access controls, giving users without a need-to-know access to large volumes of sensitive or classified data. Malware that propagates via removable media has increased the risk of large data transfers outside the network. The risk of data spillage is a problem largely because of inadequate end user security awareness, unmanageable networks, and poorly implemented data policies.
The bigger issue is that anyone who has a clearance (hello!) and encounters this information (hello!) is, unlike the President, potentially liable for accessing compartmented information that they do not have a need to know. Unlike the President, no one else in the US has an Office of Legal Council memo from 1973 that places them above the law.
Looks like a lot of people are about to be sanctioned. pic.twitter.com/fNTp4JmgOA
— National Security Counselors (@NatlSecCnslrs) August 30, 2019
If you’re wondering how this could be the case, how someone with a clearance who was just scrolling through Twitter, reading Balloon Juice, or watching the news when this comes up can get in trouble, but the President can just put classified information out there, claim he has the right to do it, even if it hasn’t been formerly and properly declassified, and he faces no jeopardy and the rest of us with clearances do, it is because THE RULES WERE NOT CONCEIVED OF AND WRITTEN WITH THE CURRENT PRESIDENT IN MIND!!!!! NOT A SINGLE ONE OF THEM!!!! The assumption was, based on historic performance of previous presidents, that NO FUTURE PRESIDENT WOULD BE THIS STUPID AND CARELESS!!!!
As Cheryl indicated, what the President tweeted out was the good stuff. No one is supposed to know we have that good of resolution wherever and whenever we want. And because the Iranians and others – friends and foes alike – know when the test failed, combined with the shadows and other static imagery in the GEOINT, they’ll be able to work out where we were looking from.
This is not just a major Operational Security (OPSEC) failure by the President, it is also a major counterintelligence (CI) breach by the President.
As we have been since November of 2016, we are off the looking glass and through the map!
* Just a quick note, because I was actually getting caught up on the news shortly after the President tweeted this out, I saw it. I then sent an email to my company’s security officer to inform him that I’d seen data spillage, that it was inadvertent, and provided the context. This was done to cover myself.