“For Official Use Only” is Used Too Much at DHS, House Says

There is too much information that is marked “For Official Use Only” at the Department of Homeland Security, the House Appropriations Committee said in its report on DHS Appropriations for 2015. Efforts to sort out what is really sensitive have “wasted substantial staff resources,” the report said.

Therefore, the Committee would require any official who marked a document FOUO to identify himself or herself on the document, along with a justification for doing so.

The Committee inaptly described the use of FOUO controls as a problem of “overclassification,” and spoke of “classifying” records as FOUO. Strictly speaking, however, national security classification and FOUO are mutually exclusive domains. Classified records cannot be marked as FOUO, and information or documents that are FOUO are by definition unclassified. Still, the Committee’s point is clear.

Here is the Committee language from its June 19 DHS Appropriations report:

Over-Classification of Information

The Committee is concerned with the number of reports, briefings, and responses to requests for information that are designated by the Department as “For Official Use Only” (FOUO), often without a consistent and appropriate review as to why information requires such a classification. As a consequence, both the Committee and the Department have wasted substantial staff resources deliberating over what information can and could be publicly disclosed. The Committee directs that all reports, briefings, or responses to requests for information provided to the Committee that are classified as FOUO include the name(s) and title(s) of the personnel that made the designation and the specific reasons for the classification based on requirements detailed in DHS Management Directive 11042.1, which provides guidance for safeguarding sensitive but unclassified FOUO information.

IC Media Policy Should be Revised, Sen. Wyden Says

An Intelligence Community Directive that prohibited unauthorized contacts with the news media is overbroad and needs to be corrected, said Sen. Ron Wyden last week on the Senate floor.

“I will tell you, I am troubled by how sweeping in nature this is,” Senator Wyden said about the Directive, ICD 119, issued last March. (See Intelligence Directive Bars Unauthorized Contacts with News Media, Secrecy News, April 21).

“The new policy makes it clear that intelligence agency employees can be punished for having ‘contact with the media about intelligence-related information’,” he said. “Make no mistake about it, that is so broad it could cover unclassified information. It does not lay out any limits on this extraordinarily broad term that I have described.”

“My hope is we can get this corrected because I think it is going to have a chilling effect on intelligence professionals who simply want to talk about unclassified matters on important national security issues– such as how to reform domestic surveillance or whether our country should go to war,” Sen. Wyden said on June 12.

The new IC media policy was discussed on the NPR program On the Media on June 13.


Overclassification: Is There a Limit?

Is there any act of overclassification that is so egregious that the classifier would be held accountable for abusing his classification authority?

The answer is unknown, since no one has ever been held accountable in such a case.

As far as can be determined, no classifier has ever been found to have willfully or culpably defied the rules set forth in the President’s executive order on national security classification.

In a complaint filed last year with the Information Security Oversight Office (ISOO), a Marine Corps officer argued that private video recordings and related “trophy images” including one depicting Marines urinating on human remains in Afghanistan had been classified in violation of the executive order.

Major James W. Weirick asked ISOO Director John F. Fitzpatrick to render a judgment that the urination video and related images had been improperly classified. Among other reasons, Major Weirick wrote that they originated as private documents, that one video had been posted online and that all were outside of the control of the U.S. Government, a prerequisite for classification.

“This video was captured on a personal video recorder and only became known to the U.S. Government after it surfaced on YouTube, and other media outlets, in January 2012. The Government could never account for all the copies of this information and made no attempt to account for this information,” Major Weirick wrote in his November 14, 2013 complaint.

In a May 30 response, ISOO Director John P. Fitzpatrick said he took the complaint seriously and that he had undertaken a review of the matter, but that he ultimately decided that it did not require corrective action.

Mr. Fitzpatrick “met with all USMC officials directly involved in the decision to classify” as well as with Major Weirick. He determined that the video that had been uploaded to YouTube had in fact been specifically excluded from the original classification decision (although dozens of other, similar videos and photographs were classified).

“I spoke at length with the original classification authority (OCA) who made the classification decision. I am convinced that the primary motivation for the classification decision was the safety of U.S. military personnel in Afghanistan and the protection of specific tactics, techniques, procedures, and equipment,” Mr. Fitzpatrick wrote in his May 30, 2014 response to Major Weirick.

J. William Leonard, who was Mr. Fitzpatrick’s predecessor as ISOO Director, expressed dismay at the ISOO decision not to pursue the matter further.

He said that the classified images could not be properly classified because they were not under effective or exclusive U.S. government control. “The USG had control of copies of the images, but not the images themselves,” which had been freely and informally exchanged for months. “The same rationale that applied to not classifying the YouTube video also applied to the other images as well since there were undoubtedly other copies beyond the government’s control.”

“Even if you accepted the claim regarding the need to protect sensitive TTP [tactics, techniques and procedures], the troubling claim of both USMC and ISOO is that it was entirely appropriate to classify images and video that depicted nothing more than Marines posing with corpses, i.e. the ‘trophy’ photos.  Such photos depicted nothing more than unlawful conduct in a war zone,” Mr. Leonard said.

“I am extremely concerned that the integrity of the classification system continues to be severely undermined by the complete absence of accountability in instances such as this clear abuse of classification authority,” Mr. Leonard wrote in an endorsement of Major Weirick’s complaint.

“The provisions of the [executive] order establishing accountability are more feckless than the 55 mph speed limit on the Capital Beltway,” Mr. Leonard said. “At least on the Beltway, if you go fast enough you’ll eventually get a ticket. In the classification system, by virtue of never holding anyone or any agency accountable for abusing the system, we really don’t know how far you can go.”

    *    *    *

A 2012 classification guide issued by U.S. Central Command authorizes classification of information if its disclosure would “embarrass any Coalition members” (at pp. I-4 to I-5).

This provision appears to be inconsistent with Executive Order 12356, Section 1.7, which states: “In no case shall information be classified, continue to be maintained as classified, or fail to be declassified in order to: […] prevent embarrassment to a person, organization, or agency.”

Secrecy System Shows New Signs of Contraction

In 2012, the number of newly created national security secrets (or “original classification decisions”) dropped by a startling 42% from the year before, according to the Information Security Oversight Office. It was the largest annual drop ever reported by ISOO, yielding the lowest annual production of new secrets since such numbers began to be collected in 1979. (Secrecy System Shows Signs of Contraction, Secrecy News, June 25, 2013).

Now it seems that this 2012 decline in the production of new secrets was not merely a fluke, but perhaps the start of a trend. The latest ISOO annual report indicates that in 2013 the number of reported new secrets continued to decline by an additional 20% to 58,794 original classification decisions, another new record low.

For the first time in a decade, the number of “derivative classification decisions” in which previously classified information is incorporated into new records also declined in 2013, ISOO reported.

“Agencies reported a total of 80.12 million derivative classification decisions in FY 2013, a decrease of 16 percent from FY 2012. Although we can not pinpoint a single cause for this decrease, we do know it was due in part to the refinement and correction of estimation practices employed by some agencies. Other possible contributing factors could be the recent emphasis on proper classification procedures coming from the expanded agency self-inspection requirements, the inspector-general reviews conducted in response to the Reducing Over-Classification Act, and the Fundamental Classification Guidance Reviews that all agencies conducted in 2012,” the ISOO report said.

The Information Security Oversight Office, housed at the National Archives, reports to the President of the United States on national security classification policy and oversees the operation of the classification system.

CIA Underestimates the Population of Syria

The population of Syria is 17,951,639, according to the CIA World Factbook.

That figure (oddly identified as a “July 2014” estimate) is wrong, according to everyone else.

The discrepancy was noted yesterday in the intelligence newsletter Nightwatch.

“NightWatch consulted six separate sources for the total population of Syria. They agreed that it is between 22 and 23 million people, not 17.9 million as indicated in the CIA World Factbook. There are about 7 million Syrians under voting age of 18 and more than 15 million registered voters,” the newsletter said.

“NightWatch relies on the CIA World Factbook as a standard reference for unclassified factual, baseline information, as does the Intelligence Community. On three occasions since 2006, NightWatch has found errors in the Factbook,” the newsletter added. “This was the third occasion.”

A Congressional Research Service report last month also cites a total Syrian population of “more than 22 million.”

Errors, of course, are to be expected– even, and especially, in intelligence publications. One great virtue of the CIA World Factbook is that it is a public document. This makes it possible for readers to identify such errors, to draw attention to them, and to promote their correction.

ODNI Defends New Pre-publication Review Policy

“Recent media reports have misconstrued ODNI’s policy for pre-publication of information to be publicly released,” according to a May 9 statement that was issued by the Office of the Director of National Intelligence.

The ODNI policy had been described in articles published in Secrecy News (ODNI Requires Pre-Publication Review of All Public Information, May 8) and in the New York Times (Intelligence Policy Bans Citation of Leaked Material by Charlie Savage, May 8).

ODNI said that the new pre-publication review policy was basically a consolidation of two previous policies (ODNI Instruction 80.14/2007-6, July 25, 2007, and ODNI Instruction 80.04, August 5, 2009) and that it represented nothing very new.

“The revised policy is not significantly different from the two previous policies,” the new ODNI statement asserted.

But that assertion is hard to understand, since the text of the revised policy appears significantly different from its predecessors in several respects.

First and foremost, the previous policies focused on protection of classified information, while the revised policy casts a much broader net.

“Pre-publication review is intended to prevent the disclosure of classified information,” according to the 2007 Instruction (emph. added).  Likewise, according to the 2009 Instruction, “Pre-publication review of material prepared for official dissemination is intended to prevent the disclosure of classified information.”

By unmistakeable contrast, however, the newly revised policy extends to all intelligence-related information, whether classified or not:

“The goal of pre-publication review is to prevent the unauthorized disclosure of information.”

That seems like a fairly significant difference.

Similarly, the 2007 Instruction presented a clear-cut “standard for review” applicable to former ODNI staff and contractors that is missing in the revised policy:

“Material proposed for publication or public dissemination will be reviewed solely to determined whether it contains any classified information,” the 2007 Instruction said.

No such limitation exists in the revised policy, which also includes review of unclassified information that may be “otherwise sensitive.”

Another significant difference pertains to informal interactions with the press and the public, which now appear to be far more constrained than they were in the past.

Thus, the 2007 Instruction said that “In informal situations where no prepared remarks are delivered” and which therefore cannot be reviewed in advance, “each individual… is responsible for remaining within the guidelines provided above.”

But the new policy, as written, no longer permits the use of an employee’s individual judgment or sense of responsibility in such situations.

“ODNI personnel expecting to engage in unstructured or free-form discussions… must prepare an outline of the topics to be discussed or the agenda to be followed…” to be submitted for official review.

The ODNI statement that was issued on May 9 asserted that this peremptory requirement was actually more flexible than it appeared:

“It is understood that there are times that former employees may receive calls for comment from the media, and there simply is not time to follow the pre-publication review process.”

However, the text of the new ODNI Instruction does not include any allowance for cases when “there simply is not time to follow the pre-publication review process.”  It says the process “must” be followed, without exception.

Moreover, “Failure to comply with this Instruction may result in the imposition of civil and administrative penalties, and may result in the loss of security clearances and accesses.”

By introducing such uncertainty (and danger) into ordinary contacts with the public and the press, ODNI is likely to discourage its employees from any contact — or to drive them into anonymity — and to encourage public cynicism, while further impoverishing public discourse on intelligence policy.

A superior approach would be to simply say that all ODNI employees are obliged to fulfill the terms of the non-disclosure agreements that they signed, and to leave it at that.

The May 9 ODNI statement was first obtained by Marty Lederman and published by him on the Just Security blog. ODNI then made it available. Charlie Savage reviewed the situation in Memo Revisits Policy on Citing Leaked Material, to Some Confusion, New York Times, May 9.


ODNI Requires Pre-Publication Review of All Public Information

All employees of the Office of the Director of National Intelligence are required to obtain authorization before disclosing any intelligence-related information to the public.

“All ODNI personnel are required to submit all official and non-official information intended for public release for review,” says ODNI Instruction 80.04 on “Pre-publication Review of Information to be Publicly Released.”  The Instruction was newly updated on April 8.

Like the new Intelligence Community policy on Media Contacts (Intelligence Directive Bars Unauthorized Contacts with News Media, Secrecy News, April 21), the ODNI pre-publication review policy does not distinguish between classified and unclassified information.

“The goal of pre-publication review is to prevent the unauthorized disclosure of information,” the Instruction says, whether the information is classified or not. It applies broadly to any information generated by ODNI “that discusses operations, business practices, or information related to the ODNI, the IC, or national security.”

The Instruction is binding on current and former ODNI employees, as well as contractors.

Since it pertains to “information” and not just documents, the Instruction also requires employees to gain approval prior to participation in “open discussion venues such as forums, panels, round tables, and question and answer sessions.”

“Pre-publication review must be conducted before any uncleared personnel can receive the information,” the Instruction states.

In order to support a request for pre-publication review, requesters are advised to provide unclassified sources for their proposed disclosures. “ODNI personnel must not use sourcing that comes from known leaks, or unauthorized disclosures of sensitive information.”

Official disclosures by ODNI employees must be reviewed by the ODNI Public Affairs Office to ensure that they are “consistent with the official ODNI position or message.” (Unofficial disclosures, such as privately-authored books, op-eds or blogs are exempt from this consistency requirement.)

The pre-publication review requirement is not optional.

“Failure to comply with this Instruction may result in the imposition of civil and administrative penalties, and may result in the loss of security clearances and accesses.”

The newly updated Instruction will no doubt inhibit informal contacts between ODNI employees and members of the general public, as it is intended to do. Whether that is a wise policy, and whether such indiscriminate barriers to the public serve the real interests of ODNI and the U.S. intelligence community, are separate questions.

*    *    *

Update: ODNI recently published a heavily redacted version of Intelligence Community Directive 304 on “Human Intelligence” (ODNI Seeks to Obscure CIA Role in Human Intelligence, Secrecy News, April 28).

Those redactions were a mistake, an ODNI official said yesterday. The full, unredacted text of the Directive was posted this week on the ODNI website.

Using Classification Challenges to Curb Secrecy

When government employees believe that classified information in their possession is improperly classified, they “are encouraged and expected” to challenge its classification status, according to President Obama’s executive order 13526 (section 1.8).  And sometimes they do.

In Fiscal Year 2012, there were 402 classification challenges filed by government employees. One third of them were granted in whole or in part, according to statistics published by the Information Security Oversight Office.

Such classification challenges have the potential to serve as a powerful internal check on over-classification. But that potential is not yet being fully realized, either because the procedure is unknown to employees or because its use is implicitly discouraged.

“We found that many DOJ officials were unaware of DOJ’s formal classification challenge process,” according to a 2013 Department of Justice Inspector General report.

At the Department of Defense, “few instances were encountered where interviewees challenged a classification,” a DoD IG report said. Although DoD guidance “provides for classification challenges, it does not reflect the intent of E.O. 13526 which states that such challenges are ‘encouraged’.”

By contrast, at the Department of Homeland Security, “DHS senior management we interviewed believes that challenging the classification status of information is part of an employee’s job.” Furthermore, a DHS IG review found, the Department “honors a challenger’s request for anonymity and serves as his or her agent in processing the challenge. DHS has a secure capability to receive information, allegations, or classification challenges.”

The provision for classification challenges in the executive order can only be invoked by authorized holders of the information. Members of the general public cannot file such challenges. Although a member of the public may request declassification review of a particular document under existing standards, he or she is not empowered to dispute the validity of those standards or to challenge the classification status of an entire topical area.

One partial exception to this rule is a Department of Energy regulation in 10 C.F.R. 1045.20 that invites the public to propose the declassification of particular items of information classified under the Atomic Energy Act.

Last June 30, the Federation of American Scientists filed such a petition seeking declassification of “the total size of the U.S. nuclear stockpile and the number of weapons dismantled annually as of the end of each fiscal year from FY 2010 through FY 2013.”

We filed the petition after the Department of Defense refused to release the requested data. Requests for current stockpile information were denied even though — in a major departure from prior government secrecy policy — the Obama Administration in May 2010 had disclosed annual stockpile figures for previous years up through FY 2009. (See Pentagon Reverts to Nuclear Stockpile Secrecy, Secrecy News, July 1, 2013.)

So invoking DOE regulation 10 CFR 1045.20, we asked for reconsideration of this refusal. It is apparently the first time that the DOE regulation has ever been employed by a public petitioner since the provision was adopted in the 1990s.

On April 29, the requested information was disclosed in a State Department Fact Sheet. It reported a stockpile total of 4,804 warheads in September 2013, down from the last published figure of 5,113 in September 2009.

(Hans Kristensen of FAS expressed disappointment at the slow pace of stockpile reductions in recent years here. The Government Accountability Office noted ambiguities in the counting of dismantled warheads here.)

Although the release matched our request, providing neither more nor less information than we asked for, that was merely “serendipitous,” said a US government official. The FAS petition was “not a major driver” of the declassification process, he said. “The White House wanted to get this done all along.”

That may be so. (Although if the White House wanted it disclosed all along, it’s not clear why this information was actively withheld each year for the past four years.)

In any case, the DOE regulation inviting public proposals for declassification is assuming new importance. It now serves as a designated feeder to a new interagency review process for declassification of so-called Formerly Restricted Data (FRD), which is a category of information classified under the Atomic Energy Act.

At least one new petition for declassification has recently been submitted by the National Security Archive, we have another one in the works, and increased public use of the procedure is anticipated.

The DOE regulation extends the power of classification challenges to members of the public. As such, it represents a “best practice” that could usefully be replicated in other agencies, and in the context of national security information generally (not just nuclear matters).

Of course, the key to a successful classification challenge is that it must be reviewed impartially by someone other than the original classifier.


ODNI Seeks to Obscure CIA Role in Human Intelligence

Updated below

The Office of the Director of National Intelligence is attempting to conceal unclassified information about the structure and function of U.S. intelligence agencies, including the leading role of the Central Intelligence Agency in collecting human intelligence.

Last month, ODNI issued a heavily redacted version of its Intelligence Community Directive 304 on “Human Intelligence.” The redacted document was produced in response to a Freedom of Information Act request from Robert Sesek, and posted on ScribD.

The new redactions come as a surprise because most of the censored text had already been published by ODNI itself in an earlier iteration of the same unclassified Directive from 2008. That document has since been removed from the ODNI website but it is preserved on the FAS website here.

Meanwhile, the current version of the Directive — without any redactions — is also available in the public domain, despite the attempt to suppress it. (Thanks to Jeffrey Richelson for the pointer.)

A comparison of the redacted and unredacted versions shows that ODNI is now seeking to withhold the fact that the Director of the Central Intelligence Agency functions as the National HUMINT Manager, among other things.

ODNI also censored the statement that the Central Intelligence Agency “Collects, analyzes, produces, and disseminates foreign intelligence and counterintelligence, including information obtained through clandestine means.”

Among intelligence agencies, in my experience, ODNI is usually the most responsive to Freedom of Information Act requests, while CIA leads the competition to be the least helpful and cooperative. In this case, it appears that CIA’s pattern of defiance overcame ODNI’s better judgment.

Update, May 8, 2014: The redactions to ICD 304 were a mistake, an ODNI official said. The full, unredacted text of the Directive was posted May 6 on the ODNI website.

Countering CIA’s Conflict of Interest in Declassification

Last week the Senate Intelligence Committee voted to submit the 480-page executive summary, findings and conclusions of its five-year investigation into the post-9/11 CIA Detention and Interrogation Program for declassification review. But in an obvious conflict of interest, the review is expected to be performed by the CIA itself.

“The report exposes brutality that stands in stark contrast to our values as a nation. It chronicles a stain on our history that must never again be allowed to happen,” said Sen. Dianne Feinstein, the chair the Senate Intelligence Committee, in an April 3 statement. “This is not what Americans do.”

The standard process for declassification therefore puts the CIA in the awkward and untenable position of deciding whether to enable (or to prevent) the release of information that portrays the Agency itself, or some of its personnel, as having engaged in behavior that was brutal, lawless, and unaccountable.

Instead, it is the White House, not the CIA, that should lead the declassification process, said Sen. Feinstein, as reported today by McClatchy Newspapers.

“As this report covers a covert action program under the authority of the President and National Security Council, I respectfully request that the White House take the lead in the declassification process,” Sen. Feinstein wrote. (Feinstein: CIA should not lead declassification review of report about interrogation tactics by Ali Watkins, McClatchy, April 8).

However, it may not be possible to exclude CIA from the declassification process altogether, since it was CIA that generated and classified most or all of the information at issue. While the President certainly has the authority to declassify the report, the White House would be unlikely to possess the detailed knowledge of the underlying records that would be needed to do so independently.

But there are ways to minimize and counteract CIA’s conflict of interest in declassification.

First of all, the Senate Intelligence Committee will be in a position to make its own judgment as to the validity of any CIA redactions of the report. Unlike the typical FOIA requester who pursues a document he has never seen, the Senate Committee knows exactly what is in the report, which it produced. If CIA moves to withhold information in ways that are frivolous, questionable or unfounded in genuine national security concerns, the Committee will recognize that immediately and will be able to elevate those specific disagreements with the CIA to the White House for resolution.

Another possible option would be for the Senate Committee to engage the services of the Public Interest Declassification Board (PIDB).

That Board’s statutory purpose is, among other things, “To review and make recommendations to the President in a timely manner with respect to any congressional request, made by the committee of jurisdiction, to declassify certain records or to reconsider a declination to declassify specific records.”

While the PIDB, which is made up of non-governmental personnel, cannot declassify anything on its own authority, it could serve to backstop the regular declassification process with an independent perspective, and could also provide political cover for the President to overrule an unwarranted refusal to declassify.

In 2006, members of the Senate Intelligence Committee asked the Public Interest Declassification Board to review an Administration decision to classify portions of two Committee reports on prewar intelligence on Iraq. At the time, the Board said it doubted that it could carry out the review without White House authorization.

So Senators Ron Wyden and Russ Feingold introduced legislative language to clarify that the Board is authorized to review declassification proposals — or evaluate agency refusals to declassify — at the initiative of a congressional committee of jurisdiction. Their measure was enacted into law in the FY 2010 Intelligence Authorization Act.

While this function has never yet been performed by the Board, it remains available to Congress at its discretion.

“The classification system exists to protect national security, but its outdated design and implementation often hinders that mission,” wrote PIDB chair Amb. Nancy E. Soderberg in a November 2012 letter to President Obama transmitting a Board report.

“The system is compromised by over-classification and, not coincidentally, by increasing instances of unauthorized disclosures. This undermines the credibility of the classification system, blurs the focus on what truly requires protection, and fails to serve the public interest. Notwithstanding the best efforts of information security professionals, the current system is outmoded and unsustainable; transformation is not simply advisable but imperative,” she wrote.