Why We Reveal Secrets
BY WILLIAM ARKIN AND MARC AMBINDER
What’s the point of revealing secrets? What’s the benefit to society? Does it enhance national security?
We’ve struggled with these questions for our whole careers and written book-length explanations.
And yet in the last two weeks, we’ve been bombarded with the same old questions, from parents and friends, from colleagues and readers.
“I’m worried the government is going to get angry at you for what you’re posting.”
“What if China and Russia are reading your posts?”
“Shouldn’t this stuff be need-to-know?”
“Aren’t your posts helping enemies of the state by giving them keys to the kingdom and revealing secrets?”
“It would scare me that you have this kind of access if I did not know how you operate and that you are I think/hope on our side? What does scare me is if you can get this kind of information, who else can?
“Couldn’t someone get hurt because of what you publish?”
“Aren’t you just like Wikileaks?”
All relevant, meaningful, and proper questions to ask us – even that last one.
These reactions to our first post should tell you, as they’ve told us, that we’re prompting uncomfortable conversations about difficult topics, even if we’re not privy to them.
So, here’s our answer.
It’s not just that we like to reveal secrets.
It’s that we see, daily, the distorting effect of secrets on policy; we see deranging trends that have twisted and distorted society – bad information, conspiracies, censorship, the contempt for government and other institutions. Their Secrets Machine, as we call it, churns along, always adding new innovations to increase what is secret, adding to this endemic mistrust. Our Secrets Machine is designed to do the opposite: enhance understanding of what’s really going on, explain how secrets work, to shine light on the gaps between a stated policy or value and an actual practice; to fight back against the untrue conspiracies that many people project onto the government because of its inherent obscurantism.
We’ve been urged to leave it alone: to ignore the mini-bureaucracies that create the code names that secure the compartments that swallow the secrets. We’ve been told that revealing this or that is dangerous to the national defense, without elaboration. We heard “no comment” too often and watched the government scramble to obfuscate and pull itself under deeper covers. We’ve been lied to, over and over, by officials and press officers — often because they, themselves, were lied to by their superiors, often because their superiors did not know enough to know the truth – or were too habituated not to ask.
We’ve watched wars fought in open and in secret. Retired Army Gen. Wes Clark, “supreme” commander of the 1999 Kosovo War, once told one of us that he didn’t know all of what the “national agencies” were doing in the former Yugoslavia. And pressed further, he said whatever it was they were doing wasn’t having much of an impact anyhow, a damning indictment.
Gen. Chuck Horner, commander of the Air War in Desert Storm, was so frustrated with secret capabilities not being shared with those who needed to know - during a war - that he fought to create a program (COAL WARFIGHTER) that would make ‘special’ capabilities available to war planners and war fighters.
By most accounts, the efficacy of 20 years of war in Afghanistan was hobbled by even more intense secrecy and compartmentalization.
Today, in dozens of countries, special operations, cyber ops, space ops, sensitive activities and secret agreements all exert significant influence on the daily lives of hundreds of millions of people, and yet they paradoxically seem to exist inside sensory deprivation chambers for the uncleared, with no air, no visibility, and no accountability. And special access programs (SAPs), the most secret of secrets, have proliferated to the point of absurdity (we’ll write more about this soon.)
We’ve worked on secrets – as analysts and book writers and journalists — for over 65 years, between the two of us. We've cultivated sources and numbed our eyes looking at documents. We’ve been the subject of government investigations and official black-balling.
But now there’s censorship, active censorship, facilitated by the Internet and an increasingly stifling self-censoring ethos.
The day we published our first post, several readers messaged us to say that they had trouble accessing our website from their work computers.
When they switched to their phones and used public mobile networks, the links worked. We rechecked our domain settings and our Substack settings; everything was in order.
Then a Congressional staffer messaged us to say that our site had been flagged by a “threat monitoring” firm called BFORE.AI.
On the basis of that flagging, a Swiss-based non-profit domain name provider, Quad9, blocked our site.
Our immediate thought: why had we been flagged? Why had the domain “secretsmachine.com” – which one of us had registered in December and had connected only to the Substack site – set off alarm bells?
This isn’t - and couldn’t be – the government, assuming we’re Wikileaks under a new flag, and then censoring us, using the friendly services of one of the many “threat intelligence” firms that do nothing but scan the web for malicious activity.
Right?
We didn't think that, actually, but that’s not how censorship works. It works subtly, indirectly, and often orthogonally; to understand how and why, we need to dive into the weeds a bit.
BFORE.AI says it scans domains for malware, and in an email, a rep for the company told us: “We did identify malicious activity in the first two weeks of December tied to servers connecting to your domain, servers spreading malware. We recommend you ensure no malicious scripts are present on your pages. Shall malicious behavior be identified and the flag will be reinstated to protect our customers.”
We did some scanning of our own and checked; there is no malware on the site.
BFORE.AI did not get it right.
But Quad9 acted on the basis of information provided to it by BFORE.AI, trusting that BFORE.AI is a good citizen and uses its left and right signals when making a turn. BFORE.AI boasts of a 0.5 percent “false positive” rate for its Pre Crime Network. Yes, Pre Crime is too on-the-nose, but – let’s not damn BFORE.AI. They’re legit. They “predict the future” and “relentlessly focus on limiting false positives,” collecting “billions” of data points each day, learning 50 new techniques, each day, that attackers are trying to use to compromise critical systems. So they say.
We’re part of the 0.5 percent?
Companies like Quad9 are part of keeping the internet running. There are many free DNS providers like Quad9; they secure and validate the worldwide address book that connects every Internet user to find their URL. The DNS system also prevents one’s computer from accessing sites that could implant malware through your browser. Some ISPs keep records of which IP addresses your browser tries to access, but Quad9 does not, which is why it’s becoming popular. It’s good privacy.
A few things could be happening here.
One is that, some outside entity, noticing that we had registered “secertsmachine.com” tried to probe the site before we launched, looking to see what we were doing.
It could be a human sitting in a foreign country; a counterintelligence operations specialist sitting in a cubicle at Ft. Meade or Quantico, Virginia, or an opportunistic automated entity that searches for words like “secrets” and tries to corrupt – or steal – whatever they come across. Maybe it was a rapacious machine-learning bot that looks for unprotected sites and IP addresses to serve as command and control nodes for attacks.
The good news is that every secret on The Secrets Machine is slated to be published.
The unsettling news is that the deep surveillance structure that is now built into every internet transaction we make somehow decided (without informing us) that our site was problematic.
The entire ecosystem we’re describing might be good, in the sense that we need it to secure cyberspace; our point is that it aligns and intersects with secret government practices; privacy rights are at stake, as much as temporary censorship might be an unintended consequence.
Does the U.S. government do this sort of thing? Almost certainly; the Cyber Command’s bread and butter (and those of even more secret entities) consists of its capacity to penetrate and manipulate servers, ISPs, browsers, DNS certificates.
Here's a question that Sen. Ron Wyden, a member of the Senate Select Committee on Intelligence, recently posed to the Secretary of Defense:
"Are any DoD components buying and using without a court order internet metadata, including 'netflow' and Domain Name System (DNS) records," and are those records about "domestic internet communications (where the sender and recipient are both U.S. IP addresses)" and "internet communications where one side of the communication is a U.S. IP address and the other side is located abroad."
The answer, we’ve been told, is almost certainly, “yes.”
Does the NSA have relationships with threat intelligence firms? Almost certainly, yes. So does the FBI. And the CIA.
And the Pentagon.
And Homeland Security.
Can the FBI and NSA figure out whether a particular iP address is “domestic” or foreign,” given how easily those addresses are spoofed? There are bulging classified databases that answer this question.
Does the entire national security have billion-dollar insider threat detection and counter-intelligence programs designed to constantly scan internet content and activity to look for potential security threats? Yes.
There are classified units – numerous: cells, offices, task forces – dedicated solely to this.
Since September 11, the number of Americans who’ve been formally enjoined to keep secrets from their families and neighbors has exploded into the many millions. Non-disclosure agreements have become the norm. Over sixty thousand military and government workers operate under false identities, even online. Every state in the union hosts federal government facilities and contractors involved in above-Top Secret work. The actual number of secrets the government keeps has grown almost tenfold in the past two decades. As we said earlier, the number of special access programs, the most secret of secrets, has exploded. And the number of classified contracts awarded defense and intelligence contractors, even the existence of the contracts, is in the thousands. There are hundreds of programs not regularly shared with Congress.
To what end? Is America safer? Have we actually been successful in our many wars or transient conflicts? Why does no one do anything tangible about the new and modern surveillance state, one that is changing every aspect of our lives? Why are the secrets more often measured by profit over results? Are government policy and procedures understood by anyone? What does the near trillion dollars spent on the military and intelligence community actually buy when we are purchasing fewer tanks, aircraft and ships than ever before? Does anyone have confidence that the government itself has any real clue? Does anyone trust the Pentagon, NSA, the CIA, or the FBI to tell the truth about a cascade of crises and screw-ups?
There are no good answers, no satisfying ones, and few that are accessible to the public or the people’s representatives.
We are two people who have made it our life’s work trying to answer these questions and uncover government secrets, secrets that over and over again have been shown to protect the bureaucracies’ autonomy, even from presidents.
We’ve worked hard at this, and now have access to a fragile, unique and continuing source of information that will help us do more.
No one has done this before, revealing and explaining secrets, what they are, why they exist, when they’re false. Our theory of the case is different from that of a Wikileaks or Snowden-like enterprise dependent on a stream of whistleblowers and leaks. We’re not government employees. We’re reporters and researechers. We’re calling what we’re doing The Secrets Machine because we want to shake up their secrets machine.
In each post, through these sources of material and with our backgrounds and knowledge, we will discuss a new secret, or give a new cast to an old one.
Our method is not theory, nor is it some naive plea for bipartisanship or for better oversight, or for more rules. It is grounded in the secrets themselves – the codewords, the secret organizations and programs, the mundane and fantastic hidden behind classification. And we will show how, when and why the secret world does not serve the people’s interests.
Though we will reveal secrets, working from our accumulated stockpile of over 20,000 codewords and secret programs and organizations, we know, being grown adults, that there are actual secrets - properly restricted national security information, like tactical troop movements, advanced military capabilities or intelligence sources and methods that ought to be kept secret from adversaries, which automatically entails them being kept secret from everyone else too.
But what the government too often also protects is:
Failure;
Illegal and questionable activities;
Relationships that Washington wants to hide;
Secret roadmaps to our future;
Big gambles and bad bets;
The implications of its endless “sensitive” activities;
Cognitive distortions in the way Washington operates; and
The meager-rate of-return for billion dollar programs.
Each little secret is a building block to understanding that we never have enough “security”, why we aren’t “winning” our many wars, that we don’t and never have the right intelligence, and that hundreds of billions of dollars are wasted while the real problems of the world are never solved.
We think these secrets are things that people have a genuine need to know.