The Latest Defeat for Openness

This is supposedly a blog about "building peace." Why, then, do I care and write so much about building dynamic, flexible organizations? Because building peace is hard. Improving security, strengthening institutions, and providing services is difficult work under any circumstances, but the challenges multiply in a conflict zone where insecurity undermines peacebuilding efforts at every turn. The Counterinsurgency Manual FM3-24 opens with this quote from Gen. Peter J. Shoomaker: "This is a game of wits and will. You've got to be learning and adapting constantly to survive." The manual goes on to say, "In COIN, the side that learns faster and adapts more rapidly--the better learning organization--usually wins."

So I'm always quick to cheer when the military embraces "openness" principles that empower soldiers, airmen, and sailors to dynamically meet challenges in the field. I'm disheartened when the military does the opposite: when it dismantles or blockades the vital infrastructure that empowers us to do our jobs.

I'll give the latest example.

Yesterday I showed up to my Arabic classes at DLI to find my classmates and teachers gathered outside the classroom, venting anger and frustration. The Army, it seems, implemented a new policy that bans any external media from their computers, like thumb drives and external hard drives, which are a vital part of day-to-day operations in the military. As far as I'm concerned, banning thumb drives is like banning staplers or hole punchers. I'm not sure if this is Army-wide or confined to our own installation. Either way, the local fallout is significant. We were supposed to give PowerPoint presentations in class yesterday, but our teacher postponed them because we couldn't figure out how to transfer them from our personal laptops to the government network. The teachers are frantic, because they frequently produce Arabic audio recordings for us and have no good way to deliver them. One teacher has gigabytes of video and audio material he frequently brings to class on an external hard drive. So much for that. The school has gigabytes of resources on the network that I had planned to transfer to my computer before I go to Jordan, so I can use them in my continuing Arabic studies. I'm not sure what I'll do now. If this policy is indeed Army-wide, I can only imagine the fallout, multiplied across every installation and every unit in the Army.

There are workarounds. We can e-mail documents to ourselves, but only if they're small enough (and if we use e-mail accounts that aren't firewalled). To give PowerPoint presentations we can unplug cables from the expensive video projectors, and hook in our personal laptops. We're going to try burning CDs today; maybe that still works. If the Army insists on building such an enormous obstacle in the middle of day-to-day operations, tens of thousands of affected soldiers will apply their collective ingenuity to find workarounds. The point, though, is that this policy makes our lives significantly more difficult.

Network security is a serious issue, and I'm sure senior leadership had their reasons for implementing this policy. But in today's world, banning thumb drives is taking an axe to a problem that calls for a scalpel. Blocking a soldier's ability to easily manipulate and transfer data does more harm to the Army's day-to-day operations than any Chinese hacker ever could. At least in my classroom, we will have to spend a good amount of time and energy inventing workarounds--time that we should be spending learning Arabic.

Furthermore, I'm skeptical that such policies actually work. This falls in a broad category of security measures that tend to punish legitimate users, without posing a significant obstacle to illegitimate users. I'm reminded of a security fence I saw at a deployed airbase, topped with with razor wire and equipped with a combo-locked gate. It looked menacing, but the bottom of the swinging gate was a foot and a half off the ground. I accidentally got locked outside this gate one time. After checking to make sure no one was watching, I dropped to the ground an rolled under the fence. Likewise, blocking thumb drives does nothing to stop the illegitimate flow of data. The digital borders are still porous. Illegitimate users can still pass data to and from the network.

This issue is more important than just thumb drives or the inconvenience to my own life. What concerns me is the military's overall posture towards cyber and information security. The global trend in computing (and society) is towards more transparent, fluid, dynamic flows of information. Both data and applications are migrating from local PCs to the Internet. These trends pose significant challenges to military security, to be sure, but the responses I've seen from our military--firewalling vast stretches of the Internet, blocking personal e-mail accounts, strictly regulating what software is allowed to run on its computers, forbidding social technologies like blogging and Facebook, and now banning the standard medium in our society for transferring data--are headed in the opposite direction. These policies do not help build a "learning organization" that can fight and win wars.

UPDATE: Wired Danger Room posted an article about the ban. The measure is DOD-wide, and was undertaken to stop the advance of a worm virus.