Need to know

Last updated

The term "need to know", when used by governments and other organizations (particularly those related to military or intelligence), describes the restriction of data which is considered very confidential and sensitive. Under need-to-know restrictions, even if one has all the necessary official approvals (such as a security clearance) to access certain information, one would not be given access to such information, or read into a clandestine operation, unless one has a specific need to know; that is, access to the information must be necessary for one to conduct one's official duties. This term also includes anyone that the people with the knowledge deemed necessary to share it with.

Contents

As with most security mechanisms, the aim is to make it difficult for unauthorized access to occur, without inconveniencing legitimate access. Need-to-know also aims to discourage "browsing" of sensitive material by limiting access to the smallest possible number of people.

Examples

The Battle of Normandy in 1944 is an example of a need-to-know restriction. Though thousands of military personnel were involved in planning the invasion, only a small number of them knew the entire scope of the operation; the rest were only informed of data needed to complete a small part of the plan. The same is true of the Trinity project, the first test of a nuclear weapon in 1945.

Problems and criticism

Like other security measures, need to know can be misused by persons who wish to refuse others access to information they hold in an attempt to increase their personal power, prevent unwelcome review of their work or prevent embarrassment resulting from actions or thoughts.

Need to know can also be invoked to hide illegal activities. This may be considered a necessary use, or a detrimental abuse of such a policy when considered from different perspectives.

Need to know can be detrimental to workers' efficiency. Even when done in good faith, one might not be fully aware of who actually needs to know the information, resulting in inefficiencies as some people may inevitably withhold information that they require to perform their duty. The speed of computations with IBM mechanical calculators at Los Alamos dramatically increased after the calculators' operators were told what the numbers meant: [1]

What they had to do was work on IBM machines punching holes, numbers that they didn't understand. Nobody told them what it was. The thing was going very slowly. I said that the first thing there has to be is that these technical guys know what we're doing. Oppenheimer went and talked to the security and got special permission so I could give a nice lecture about what we were doing, and they were all excited: "We're fighting a war! We see what it is!" They knew what the numbers meant. If the pressure came out higher, that meant there was more energy released, and so on and so on. They knew what they were doing. Complete transformation! They began to invent ways of doing it better. They improved the scheme. They worked at night. They didn't need supervising in the night; they didn't need anything. They understood everything; they invented several of the programs that we used.

In computer technology

The discretionary access control mechanisms of some operating systems can be used to enforce need to know. [2] In this case, the owner of a file determines whether another person should have access. Need to know is often concurrently applied with mandatory access control schemes, in which the lack of an official approval (such as a clearance) may absolutely prohibit a person from accessing the information. This is because need to know can be a subjective assessment. Mandatory access control schemes can also audit accesses, in order to determine if need to know has been violated.

The term is also used in the concept of graphical user interface design where computers are controlling complex equipment such as airplanes. In this usage, when many different pieces of data are dynamically competing for finite user interface space, safety-related messages are given priority.

See also

Related Research Articles

<span class="mw-page-title-main">Password</span> Text used for user authentication to prove identity

A password, sometimes called a passcode, is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of password-protected services that a typical individual accesses can make memorization of unique passwords for each service impractical. Using the terminology of the NIST Digital Identity Guidelines, the secret is held by a party called the claimant while the party verifying the identity of the claimant is called the verifier. When the claimant successfully demonstrates knowledge of the password to the verifier through an established authentication protocol, the verifier is able to infer the claimant's identity.

<span class="mw-page-title-main">Access control</span> Selective restriction of access to a place or other resource, allowing only authorized users

In physical security and information security, access control (AC) is the selective restriction of access to a place or other resource, while access management describes the process. The act of accessing may mean consuming, entering, or using. Permission to access a resource is called authorization.

<span class="mw-page-title-main">Classified information</span> Material that government claims requires confidentiality

Classified information is material that a government body deems to be sensitive information that must be protected. Access is restricted by law or regulation to particular groups of people with the necessary security clearance and need to know. Mishandling of the material can incur criminal penalties.

A security clearance is a status granted to individuals allowing them access to classified information or to restricted areas, after completion of a thorough background check. The term "security clearance" is also sometimes used in private organizations that have a formal process to vet employees for access to sensitive information. A clearance by itself is normally not sufficient to gain access; the organization must also determine that the cleared individual needs to know specific information. No individual is supposed to be granted automatic access to classified information solely because of rank, position, or a security clearance.

<span class="mw-page-title-main">Function key</span> Key on a computer or terminal keyboard

A function key is a key on a computer or terminal keyboard that can be programmed to cause the operating system or an application program to perform certain actions, a form of soft key. On some keyboards/computers, function keys may have default actions, accessible on power-on.

Confidentiality involves a set of rules or a promise usually executed through confidentiality agreements that limits the access to or places restrictions on distribution of certain types of information.

Secret sharing refers to methods for distributing a secret among a group, in such a way that no individual holds any intelligible information about the secret, but when a sufficient number of individuals combine their 'shares', the secret may be reconstructed. Whereas insecure secret sharing allows an attacker to gain more information with each share, secure secret sharing is 'all or nothing'.

Multilevel security or multiple levels of security (MLS) is the application of a computer system to process information with incompatible classifications, permit access by users with different security clearances and needs-to-know, and prevent users from obtaining access to information for which they lack authorization. There are two contexts for the use of multilevel security.

Generally, security modes refer to information systems security modes of operations used in mandatory access control (MAC) systems. Often, these systems contain information at various levels of security classification. The mode of operation is determined by:

<span class="mw-page-title-main">Separation of duties</span> Concept of having more than one person required to complete a task

Separation of duties (SoD), also known as segregation of duties, is the concept of having more than one person required to complete a task. It is an administrative control used by organisations to prevent fraud, sabotage, theft, misuse of information, and other security compromises. In the political realm, it is known as the separation of powers, as can be seen in democracies where the government is separated into three independent branches: a legislature, an executive, and a judiciary.

Extended file attributes are file system features that enable users to associate computer files with metadata not interpreted by the filesystem, whereas regular attributes have a purpose strictly defined by the filesystem. Unlike forks, which can usually be as large as the maximum file size, extended attributes are usually limited in size to a value significantly smaller than the maximum file size. Typical uses include storing the author of a document, the character encoding of a plain-text document, or a checksum, cryptographic hash or digital certificate, and discretionary access control information.

The United States government classification system is established under Executive Order 13526, the latest in a long series of executive orders on the topic of classified information beginning in 1951. Issued by President Barack Obama in 2009, Executive Order 13526 replaced earlier executive orders on the topic and modified the regulations codified to 32 C.F.R. 2001. It lays out the system of classification, declassification, and handling of national security information generated by the U.S. government and its employees and contractors, as well as information received from other governments.

A card reader is a data input device that reads data from a card-shaped storage medium and provides the data to a computer. Card readers can acquire data from a card via a number of methods, including: optical scanning of printed text or barcodes or holes on punched cards, electrical signals from connections made or interrupted by a card's punched holes or embedded circuitry, or electronic devices that can read plastic cards embedded with either a magnetic strip, computer chip, RFID chip, or another storage medium.

<span class="mw-page-title-main">Stan Frankel</span> American computer scientist

Stanley Phillips Frankel was an American computer scientist. He worked in the Manhattan Project and developed various computers as a consultant.

The Java programming language and Java software platform have been criticized for design choices including the implementation of generics, forced object-oriented programming, the handling of unsigned numbers, the implementation of floating-point arithmetic, and a history of security vulnerabilities in the primary Java VM implementation, HotSpot. Software written in Java, especially its early versions, has been criticized for its performance compared to software written in other programming languages. Developers have also remarked that differences in various Java implementations must be taken into account when writing complex Java programs that must work with all of them.

Compartmentalization, in information security, whether public or private, is the limiting of access to information to persons or other entities on a need-to-know basis to perform certain tasks.

Attribute-based access control (ABAC), also known as policy-based access control for IAM, defines an access control paradigm whereby a subject's authorization to perform a set of operations is determined by evaluating attributes associated with the subject, object, requested operations, and, in some cases, environment attributes.

Breach of confidence in English law is an equitable doctrine that allows a person to claim a remedy when their confidence has been breached. A duty of confidence arises when confidential information comes to the knowledge of a person in circumstances in which it would be unfair if it were disclosed to others. Breach of confidence gives rise to a civil claim. The Human Rights Act 1998 has developed the law on breach of confidence so that it now applies to private bodies as well as public ones.

The term digital card can refer to a physical item, such as a memory card on a camera, or, increasingly since 2017, to the digital content hosted as a virtual card or cloud card, as a digital virtual representation of a physical card. They share a common purpose: Identity Management, Credit card, Debit card or driver license. A non-physical digital card, unlike a Magnetic stripe card can emulate (imitate) any kind of card.

References

  1. Feynman, Richard (1997). Surely you're joking, Mr. Feynman!. W. W. Norton & Company. p. 128. ISBN   978-0-393-31604-9.
  2. "DEPARTMENT OF DEFENSE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA". 2006-05-27. Archived from the original on 2006-05-27. Retrieved 2020-12-05.