/* */

15 September 2008

Document marking and handling systems in private firms

We have long been fans of exporting the concepts behind document marking systems from the public sector to private firms. Many problems created by the improper handling of sensitive corporate information could simply have been avoided by such a system, and the cultural indoctrination that accompanies these systems. When conducting wide ranging and multi-domain analysis, security markings help provide a sense of boundary between the internal and the external. In some cases – particularly with analysts not yet attuned to the impact of cognitive biases and priming effects – this can create issues if the boundary is allowed to become an artificial distinction within the analytic product itself. However, for those that understand underlying purposes and intent, such systems allow for a degree of liberation – enabling more robust conversations during analytic outreach given knowledge of the essential elements of what must be protected from public knowledge, and what may be safely discussed without risk to client or reputation.

Yet we abhor those firms which have adopted wholesale the same language of classification used in the government itself. Those specific words have driving legal force - and for those individuals which may work between both the commercial and government world, such as defense industry firms or intelligence contractors, these words carry significant psychological freight when it comes time for the inevitable polygraph.

We are reminded to the increasingly widespread nature of this problem in a recent news item regarding an industrial espionage case involving the chipmakers Intel and AMD. (H/t to the Society of Competitive Intelligence Professionals, who deserve mention as they continue to offer increasing utility through their situational awareness efforts in the industry). Among the documents in question in the case are those which originated from Intel’s most closely held programs, carrying a specific marking first used by the government.

While we understand that such markings allow lazy information technology professionals to simply adopt wholesale the information processing systems used to protect classified information from inadvertent disclosure over open networks, and to enable more rapid review of document discovery requests. Nonetheless, the problems such markings may create are legion – and best avoided.

We thus greatly appreciate the efforts that a number of firms have gone to in order to avoid creating conflicts in this area. We particularly like several of the marking structures we have seen in firms that do business across the Commonwealth countries, as these mirror to a historically pleasing but not otherwise problematic degree the older markings from the dawn of the intelligence community itself. We think this carries a degree of gravitas that is otherwise too often lacking from many commercial endeavors, and is a subtle reminder of the history that both the public and private sector’s intelligence activities share. Such markings, including “Most Sensitive” or “Commercial in Confidence”, are clearly observable yet do not invoke the same considerations as “Company Confidential” or more directly copied national security marking systems.

Labels: , ,