Kevin Drum and many others don't understand how a National Guard member could have access to the sort of information which was leaked.
I think part of it is the pathology of distribution lists. One of my early jobs in ASCS was reviewing and updating the distribution lists we maintained for various types of directives. These were paper or telegraph messages, but similar logic would apply in the world of data.
I think there's severa; aspects of what I'm calling pathology:
- no one pays any attention to distribution lists. Once they're set up they can go on forever, automatically.
- distribution lists can be based on an office, a position, or an individual. If you specify x number of paper copies for an office, it's then up to the office manager to see they get distributed. In today's world, the email/is sent to the office url. If it's a position, then whoever occupies the position or acts for the occupant would have access. If it's an individual, then an individual address. Each of these are vulnerable.
- The vulnerability is in part the fact that things change, but as I said, the distribution list is automatic. Bureaucracies may have procedures for "out-processing" people, but that's not a priority (I remember my outprocessing from Nam).
- The other vulnerability is the gap in comprehension between the originator of the classified info and the actual recipient in the bureaucracy.