A “Half-Life” is the amount of time required for the amount of something to decline to half its initial value. Those of us of a certain age remember that from the discussions of how long the fallout from nuclear explosion would be dangerous, and rest of you get periodic reminders of that from events like Fukushima. When we were in Norway this summer, there were radioactive reindeer; seems they were eating moss still radioactive from clouds that had drifted over from the 1986 Chernobyl accident.
Secrets have half-lives also: how long does it take for half of your secrets to become known to others. Countries have millions of secrets, companies thousands of secrets, and people maybe dozens of secrets. Each secret represents a fact that if revealed to the wrong entity could cause harm. Countries “classify” documents or even individual facts, and establish large organizations and complex processes to protect those secrets. Countries usually also have large organizations whose sole purpose is to steal the secrets of others. Companies have trade secrets, often about exactly how their products or services are created or delivered, but also about their internal financial processes and contracts with partners and customers. People have secrets about things they have done, or didn’t do, that they would rather their spouse, employer, doctor, or tax collector never found out.
Patents are not secrets. Patents are published in the one or more country’s Patent Office and are freely accessible. International law protects, to some extent, the owner of the patent. In order for the patent owner to reap the financial benefits of the patent, the patent must be shared.
Secrets also have time limits. The foreign travel plans of high-ranking government officials are often classified to enhance the safety of the individual but often so as not to reveal where or why the individual is traveling. Consider the case of National Security Advisor Henry Kissinger’s visit to Beijing in 1972. These kinds of secrets are only secrets for a specific period of time, often measured in days or weeks.
But many secrets need to be kept secret for years or decades. One such trade secret is the formula for Lena Blackburne’s Rubbing Mud that is used to fix the feel of baseballs for major league play. That formula, and the location of the mud hole, has remained a secret for over 75 years.
The half-life of secrets used to be measured in decades. A person could designate that their boxes of papers would not be opened until their death or longer. That worked for Mark Twain and his autobiography, which was not published until 100 years after his death. That did not work for Harper Lee. She kept her first novel locked up saying she did not want it published. Go Set a Watchman was published this year while she is still alive.
With todays cybercriminals, including government and organization sponsored cyberterrorism, the half-live for secrets on computer networks is measured in months.
Almost always, secrets must be shared. Lena Blackburne is not the only person making that NBA Rubbing Mud, especially since he died in 1968. Every trade secret is shared with those in the company that need to know the secret in order to actually build the product. The trick to keeping a secret is to minimize those who know the secret and pay attention to each of those people.
One of the biggest dangers to a secret is sharing-creep, the phenomenon that occurs when you add just one more person to the “need to know” list, or someone who knows tells someone else. At the highest levels of government classified documents, security agencies try to keep track of every individual who has the right to know the secret and the places where the secret is stored at all times. This is why, for example, that one of the Department of Homeland Security’s jobs is to know where every computer system containing government classified information is physically located, determine what secrets are on the system, and check that the system is protected by appropriate physical and network security mechanisms, and that everybody who has access to that system is also cleared for the information on the system. Companies with critical trade secrets have similar processes. One of the key activities for a government or commercial organization after an identified data breach is to determine exactly what information was compromised.
A related issue for secret loss is the velocity of the loss. In 1750, a secret could not move more than about 20 miles in a day – the speed a man or a horse could walk. If you discovered that a secret was stolen, you could often literally run down the culprit in a day or two, and severely limit the damage. With the Internet and the Cloud, it takes your secret less than a second to get anywhere in the world, and to dozens or millions of individuals. A single misdirected email or text message, or a singe disgruntled employee or contractor (e.g., Edward Snowden) or employee or contractor not following your security policy (e.g., Hillary Clinton) can put a significant number of secrets at great risk.
Figure out what your company’s critical secrets are, and pay attention to whom those secrets have been shared. Remember that any meeting, whether in a conference room or virtual, that has a smart phone or tablet present is a potential leak. You cannot tell what is being recorded and what will be done with the recording.
The same is true in your personal life. Any stupid thing you do can be on YouTube in seconds, and the more stupid the more likely. Of course, the same is true if you do something great, like the passengers who subdued the Islamist terrorist on the train in Belgium. Video of the attack was on YouTube before it appeared on breaking news announcements.
The last word:
The biggest example of sharing-creep is your Social Security Number. Originally implemented in 1935 as part of the New Deal, it was solely used to track individual’s accounts with the Social Security Program. In the original law it was illegal to use the SSN for any other purpose. In the late 1970’s, Virginia was using your SSN as your Driver’s License number, and that use was struck down as illegal in Federal Court.
In addition, the IRS was prevented from sharing information with other agencies. Decades ago I worked with someone whose father was a Bookie (i.e., worked in the numbers game for organized crime). He always indicated on his Federal Income Tax form that his occupation was Bookie, and reported every cent he illegally earned. He did not want to get in trouble with the IRS over his taxes, and knew that the IRS could not pass that information on to law enforcement at any level.
But now, thousands of individuals have access to your SSN; it is your key identifier for almost all financial relationships, and, thanks to Obama Care, all health care related activities. The United States uses the Social Security Number as the identification number for every member of the Armed Forces. All of this information is stored on the Internet, which varying degrees of vulnerability
Keep your sense of humor.