I deal with consumer data analytics, and the scheme that you are positing does expose the frequency and density of specific actors and their access to classified information. This is really valuable, you can tell when someone gets a promotion and maybe has access to more info then they are used to or some other exploitable paradigm.
If it’s just a printed barcode sure, it could be tracked like this without exposing information. Trouble is that classified documents are living documents, and the information only becomes classified when it’s collected by some operative or officer, who may or may not register the documents with this central tracking authority.
The next issue is the capability of the central tracking authority to review, access, curate all of the reports that it has received, and their confidence that their internal staff do not breach the access rules on these documents hello Snowden.
Digital security (like the Snowden leak) is completely separate from physical document security.
For physical security, it seems plausible to just put a tag on every official document, whether mundane or classified, which would complicate tracking efforts by a potential enemy since they’d have to sift out the noise. If documents aren’t out of storage very long, the tags can be cycled with other documents to further confuse an attacker. That’s a bit “security through obscurity,” but AFAIK that’s kind of the game you okay with physical documents.
Also, I think the FBI/CIA would be more interested in knowing which of the documents went missing in the event of a leak than having a slight bit more obscurity to prevent long-ish range tracking. If they have a mole that can help them know which documents are interesting, they can just steal the documents anyway.
Then again, maybe this is why I’m not in OpSec for classified documents.
I deal with consumer data analytics, and the scheme that you are positing does expose the frequency and density of specific actors and their access to classified information. This is really valuable, you can tell when someone gets a promotion and maybe has access to more info then they are used to or some other exploitable paradigm.
If it’s just a printed barcode sure, it could be tracked like this without exposing information. Trouble is that classified documents are living documents, and the information only becomes classified when it’s collected by some operative or officer, who may or may not register the documents with this central tracking authority.
The next issue is the capability of the central tracking authority to review, access, curate all of the reports that it has received, and their confidence that their internal staff do not breach the access rules on these documents hello Snowden.
Digital security (like the Snowden leak) is completely separate from physical document security.
For physical security, it seems plausible to just put a tag on every official document, whether mundane or classified, which would complicate tracking efforts by a potential enemy since they’d have to sift out the noise. If documents aren’t out of storage very long, the tags can be cycled with other documents to further confuse an attacker. That’s a bit “security through obscurity,” but AFAIK that’s kind of the game you okay with physical documents.
Also, I think the FBI/CIA would be more interested in knowing which of the documents went missing in the event of a leak than having a slight bit more obscurity to prevent long-ish range tracking. If they have a mole that can help them know which documents are interesting, they can just steal the documents anyway.
Then again, maybe this is why I’m not in OpSec for classified documents.