The need-to-know principle states that sensitive information should be shared only when it is necessary to do so, and only to the extent necessary. This makes repression more difficult by controlling the flow of information through networks to make them more opaque to outsiders and harder to disrupt.
In relation to a planned or past action, the need-to-know principle should be applied in the following ways:
- People not involved in the action should not speculate about who is involved.
- People involved in the action should not disclose their involvement to people who are not involved.
- People who have a specific and limited role in the action may not need to know who else is involved other than the person with whom they are communicating directly.
In addition, everyone should stop any violation of the need-to-know principle in conversations. For example, if you hear people talking about their involvement in an action or speculating about the involvement of others, tell them to stop.
When multiple groups of people participate in an action, a coordinating structure that embodies the need-to-know principle is the “spokes council”. In this structure, one or two people from each group are designated to participate in the spokes council, where they meet with the designated people from the other groups. In this way, the groups can coordinate through the spokes council without anyone having to know everyone involved. However, this structure runs the risk of creating “choke points” of coordination — if one person is the only bridge between two groups, this can create a gate-keeping dynamic, as well as make coordination impossible if that person is arrested by an adversary.
See also:
- Secrets And Lies about the effects that secrecy can have on an individual and collective level.
- The “Security culture” topic.
Techniques addressed by this mitigation
Name | Description |
---|---|
Biased interpretation of evidence | You can apply the need-to-know principle to limit the information an adversary has about you, and therefore limit the information they can interpret in a biased way. |
Infiltrators | You can apply the need-to-know principle to limit the information a potential infiltrator can obtain about your involvement in actions (if an infiltrator isn't involved in an action, they shouldn't know who is involved even if it's their own roommate). |
Informants | You can apply the need-to-know principle to limit the information a potential informant can obtain about your involvement in actions (if an informant isn't involved in an action, they shouldn't know who is involved even if it's their own roommate). |
Network mapping | You can apply the need-to-know principle to make it harder for an adversary to map your network. |