Security for Domestic Intelligence Facilities Revised

On June 13, a mentally ill man rammed his car into the gate at CIA headquarters, causing some damage and disruption (See “CIA Gate Crasher Gets 30-day Sentence” by Rachel Weiner, Washington Post, August 16).

Three days later, Director of National Intelligence James Clapper issued a new directive on Security Standards For Protecting Domestic IC Facilities. A copy of the unclassified Intelligence Community Directive 706, dated June 16, 2016, was recently made available by the Office of the Director of National Intelligence.

The new intelligence directive sets security standards for “planning and designing new facilities and renovation of existing facilities.”

“The protection of facilities is a preeminent concern for the IC. Applying baseline physical security standards to manage risks and mitigate threats enables the IC to effectively protect facilities and reduce vulnerabilities.”

However, while facility security is “a” preeminent concern, it is not “the” preeminent concern. Security remains subordinate to the intelligence mission:

“IC facilities shall comply with the appropriate physical security standards… except where that compliance would jeopardize intelligence sources and methods,” the directive states.

Improved Coordination of HUMINT Collection Sought

The Director of National Intelligence issued — and last week published — a pair of Intelligence Community Directives (here and here) that aim to improve the coordination of human intelligence collection for foreign intelligence and counterintelligence purposes.

The directives are intended “to ensure the deconfliction, coordination, and integration of intelligence activities,” including liaison with foreign intelligence services, in order “to significantly enhance the security of the nation by effectively and efficiently allocating resources.”

The basic idea seems to be to make sure that HUMINT collection agencies are not stepping on each other’s toes and that, to the contrary, they are actively assisting one another in their operations. The desired coordination “should not be pro forma,” the directives both said. “It should include the timely exchange by IC elements of pertinent and necessary information to facilitate operational success.”

See Coordination of Clandestine Human Source and Human-Enabled Foreign Intelligence Collection and Counterintelligence Activities Outside the United StatesIntelligence Community Directive 310, June 27, 2016, and

Coordination of Clandestine Human Source and Human-Enabled Foreign Intelligence Collection and Counterintelligence Activities Inside the United StatesIntelligence Community Directive 311, June 27, 2016.

The new Directives do not disclose any classified operations or intelligence methods. Yet they are revealing and interesting in several ways.

First, their public availability is a sign of the shifting boundaries of intelligence-related secrecy. The directives were prepared as unclassified documents and were made public on the ODNI website. By contrast, their precursor — Director of Central Intelligence Directive 5/1P on Espionage and Counterintelligence Activities Abroad(which is now rescinded) — was not publicly released.

Second, the new releases conform to and advance the DNI’s transparency policy, which promised to increase public disclosure of the IC’s “governance framework–the rules, authorities, compliance mechanisms, and oversight that guide its activities.” This is not the stuff of headlines (except in Secrecy News). There is nothing scandalous about the directives; to non-specialists, they may actually be kind of boring. But they are part of an ongoing adaptation to public expectations of greater intelligence transparency. They also represent a notable step away from “secret law,” i.e. the reliance on undisclosed mandates or internal regulations that are inaccessible to the public.

The directives, which feature lots of “if…, then…” clauses, show the emphatically rule-based character of much of intelligence policy. The directives were plainly written by lawyers. (A sample sentence: “For purposes of this Directive, the term ‘coordination’ is understood to encompass ‘deconfliction’ and ‘integration’.”). A human intelligence collector in the field may need a lawyer standing by to explain their full meaning and implications.

Apparently, though, this is nothing new.

When he joined the CIA in 1975, wrote former CIA attorney John Rizzo in his 2014 book Company Man, “I was struck by how much scope and impact CIA lawyers, even one as wet behind the ears as I was, had on the day-to-day mission of the Agency.”

Russia Foreign Intelligence Service Expands

The headquarters complex of the Foreign Intelligence Service (SVR) of the Russian Federation has expanded dramatically over the past decade, a review of open source imagery reveals.

Since 2007, several large new buildings have been added to SVR headquarters, increasing its floor space by a factor of two or more. Nearby parking capacity appears to have quadrupled, more or less.

The compilation of open source imagery was prepared by Allen Thomson. See Expansion of Russian Foreign Intelligence Service HQ (SVR; Former KGB First Main Directorate) Between 2007 and 2016, as of July 11, 2016.

Whether the expansion of SVR headquarters corresponds to changes in the Service’s mission, organizational structure or budget could not immediately be learned.

Russian journalist and author Andrei Soldatov, who runs the Agentura.ru website on Russian security services, noted that the expansion “coincides with the appointment of the current SVR director, Mikhail Fradkov, in 2007.” He recalled that when President Putin introduced Fradkov to Service personnel, he said that the SVR should endeavor to help Russian corporations abroad, perhaps indicating a new mission emphasis.

2017 Intelligence Bill Would Constrain Privacy Board

The jurisdiction of the Privacy and Civil Liberties Oversight Board (PCLOB) would be restricted for the second year in a row by the Senate Intelligence Committee version of the FY2017 Intelligence Authorization Act (S.3017). Section 603 of the Act would specifically limit the scope of PCLOB’s attention to the privacy and civil liberties “of United States persons.”

Internal disagreements over the move were highlighted in the Committee report published last week to accompany the text of the bill, which was reported out of Committee on June 5.

“While the PCLOB already focuses primarily on U.S. persons, it is not mandated to do so exclusively,” wrote Senators Martin Heinrich and Mazie K. Hirono in dissenting remarks appended to the report. “Limiting the PCLOB’s mandate to only U.S. persons could create ambiguity about the scope of the PCLOB’s mandate, raising questions in particular about how the PCLOB should proceed in the digital domain, where individuals’ U.S. or non-U.S. status is not always apparent. It is conceivable, for example, that under this restriction, the PCLOB could not have reviewed the NSA’s Section 702 surveillance program, which focuses on the communications of foreigners located outside of the United States, but which is also acknowledged to be incidentally collecting Americans’ communications in the process,” they wrote.

“Over the past three years, the Privacy and Civil Liberties Oversight Board has done outstanding and highly professional work,” wrote Sen. Ron Wyden in his own dissent. “It has examined large, complex surveillance programs and evaluated them in detail, and it has produced public reports and recommendations that are quite comprehensive and useful. Indeed, the Board’s reports on major surveillance programs are the most thorough publicly available documents on this topic. My concern is that by acting to restrict the Board’s purview for the second year in a row, and by making unwarranted criticisms of the Board’s staff in this report, the Intelligence Committee is sending the message that the Board should not do its job too well.”

In support of the provision, the report said that “The Committee believes it is important for the Board to consider the privacy and civil liberties of U.S. Persons first and foremost when conducting its analysis and review of United States counterterrorism efforts.”

But the PCLOB already considers U.S. person privacy “first and foremost.” And the language of the Senate bill does not appear to permit even “secondary” consideration of the privacy of non-U.S. persons. Last year, the FY2016 intelligence authorization bill barred access by the Board to information deemed relevant to covert action.

On June 16, Sen. Patrick Leahy paid tribute to retiring PCLOB chair David Medine on the Senate floor. “[PCLOB] reports and Mr. Medine’s related testimony before the Senate Judiciary Committee have been tremendously beneficial to Congress and the American people in examining government surveillance programs,” he said.

SSCI Bill Adopts Fundamental Classification Review

The Fundamental Classification Guidance Review (FCGR) that was launched by President Obama’s 2009 executive order 13526 would be written into statute by the Senate Select Committee on Intelligence in its version of the FY intelligence authorization act (S. 3017), released this week.

The FCGR has become the primary mechanism for systematically updating agency classification rules and deleting obsolete secrecy requirements. Performed every five years, it entails the review of thousands of individual classification guides. After the first FCGR in 2012, hundreds of such guides were eliminated.

“A reasonable outcome of the review overall, though not necessarily in the case of each program or guide, is to expect a reduction in classification activity across government,” wrote William Cira, acting director of the Information Security Oversight Office, in a March 17 memo to agencies initiating the second FCGR, which is to conclude by June 2017.

The FCGR can advance “our shared goals for greater openness and reduced classification activity while protecting legitimate national security interests,” wrote DNI James Clapper in a March 23 addendum, embracing the FCGR and adding some new requirements to it.

The Senate bill (section 809) does not modify the existing FCGR process, but would enshrine it in statute.

The new bill includes several other reporting requirements that appear uncommonly assertive, if not intrusive. For example, the Committee would expect the Privacy and Civil Liberties Oversight Board to keep it informed of all the Board’s activities, “including any significant anticipated activities.” The Committee would require submission of copies of all memoranda of understanding between U.S. intelligence agencies. And the Committee would require notification of all classified and unclassified presidential directives to intelligence agencies, and their implementation.

In short, the bill would reset the terms of the congressional intelligence oversight relationship, seemingly dispensing with comity and imposing mandatory disclosure to Congress of various categories of records. Executive branch resistance may be anticipated.

For the first time in living memory, the SSCI bill was reported out of Committee on June 6 without a written report to publicly explain and expand upon its provisions. (Update: The Committee report on the bill was published on June 15.) It did, however, include a classified annex.

Four Cold War Covert Actions to be Disclosed

The Central Intelligence Agency said that it will disclose four previously unacknowledged Cold War covert actions. The four have not yet been publicly identified, but they will be addressed in forthcoming editions of the U.S. State Department’s official Foreign Relations of the United States (FRUS) series.

“In 2015 [CIA] agreed to acknowledge four covert actions that will be documented in future volumes (of FRUS),” according to a new annual report from the State Department Advisory Committee on Historical Diplomatic Documentation for calendar year 2015.

CIA spokesperson Ryan Trapani declined to say what those four covert actions are.

“CA [covert action] programs are not officially declassified until done so by FRUS, so you have to wait for its formal announcement,” Mr. Trapani said by email.

The FRUS series has been a significant driver of the national security declassification program, particularly since a 1991 statute required that FRUS must present a “thorough, accurate, and reliable” documentary history of U.S. foreign relations — which necessarily includes information that was classified at the time — within 30 years of the events in question.

The State Department has never yet complied with that 30 year deadline, but the new Advisory Committee report indicates the situation is improving. “It is likely that HO [the State Department Office of the Historian] will finally meet its statutory thirty-year timeline as it publishes more volumes in the Reagan administration series over the next few years.”

The Committee report was complimentary towards the CIA, citing “the very positive relationship HO has developed with CIA over the past several years [which] has paid dividends. CIA consistently reviews both specific documents and compiled volumes in a timely manner….”

“Nevertheless, the frequent reliance on covert actions in the Reagan and subsequent administrations will doubtless require lengthy declassification processes that will inevitably delay publication of a significant number of volumes beyond the 30-year target,” the report said.

One specific area of disappointment is the failure to release the long-deferred FRUS volume on the 1953 coup in Iran.

“Owing to the currently volatile relationship between the United States and Iran…, the State Department continues to withhold its approval for publishing the eagerly anticipated retrospective volume on Iran 1953,” the Committee report noted.

The status of the Iran volume is expected to be on the agenda of the upcoming meeting of the State Department Advisory Committee on June 6.

Pre-Publication Review Must Be Timely & Fair, Says HPSCI

Current and former intelligence community employees (as well as some other government employees) are obliged to submit their writings for official review prior to publication in order to screen them for classified information. This is often an onerous, time-consuming and frustrating process. It sometimes appears to authors to be conducted in bad faith.

The House Permanent Select Committee on Intelligence has instructed the Director of National Intelligence to prepare a new, IC-wide pre-publication review policy that will “yield timely, reasoned, and impartial decisions that are subject to appeal.”

In its new report on the FY2017 intelligence authorization act, the Committee said it “is concerned that current and former IC personnel have published written material without completing mandatory pre-publication review procedures or have rejected changes required by the review process, resulting in the publication of classified information.”

“The Committee is also aware of the perception that the pre-publication review process can be unfair, untimely, and unduly onerous and that these burdens may be at least partially responsible for some individuals ‘opting out’ of the mandatory review process.”

The Committee therefore directed the DNI to develop a uniform new policy that clearly sets forth what kinds of materials must be reviewed, with guidance for conducting and completing the review in a timely manner, and with a prompt and transparent appeal process.

The pre-publication review process was critiqued recently by Jack Goldsmith and Oona A. Hathaway in the Washington Post (The Government’s Prepublication Review Process is Broken, December 25, 2015) and in Just Security (The Scope of the Prepublication Review Problem, and What to Do About It, December 30, 2015). I also commented in Just Security (Fixing Pre-Publication Review: What Should Be Done?, January 15, 2016).

The new requirement “to improve the timeliness and fairness of the prepublication review process throughout the IC” was introduced by Rep. Jim Himes (D-CT), a member of the House Intelligence Committee. The FY2017 intelligence authorization act was approved by the full House of Representatives yesterday following floor speeches on May 23.

Using Social Media in Background Investigations

A directive signed by the Director of National Intelligence yesterday formally authorizes the use of social media by official investigators who are conducting background investigations for security clearances.

See Collection, Use, and Retention of Publicly Available Social Media Information in Personnel Security Background Investigations and Adjudications, Security Executive Agent Directive 5, May 12, 2016.

The directive was crafted to avoid undue infringements on privacy.

Investigators will be limited to considering only publicly available postings. The subjects of a background investigation “shall not be requested or required” to provide passwords for access to non-publicly available materials or to make such materials available. Agencies will not be allowed to “friend” an individual for the purposes of gaining access to materials that are not otherwise available.

And the consideration of social media must be relevant to the official guidelines for granting access to classified information. That is, they must pertain to substance abuse, criminal conduct, foreign allegiance, or other such criteria.  See Adjudicative Guidelines for Determining Eligibility for Access to Classified Information, rev. December 29, 2005.

The utility of social media for background investigations remains to be demonstrated, particularly since any public posts that do not voluntarily advertise behavior that is at odds with official guidelines would not trigger investigative attention. A pilot project will be conduct to validate the approach before it is systematically included in the investigative process.

A hearing on Incorporating Social Media into Federal Background Investigations was held today by the House Committee on Oversight and Government Reform.

“The use of social media has become an integral, and very public, part of the fabric of most Americans’ daily lives, and it is critical that we use this important source of information to help protect our nation’s security,” said William R. Evanina, director of the National Counterintelligence and Security Center, in a statement to the House Committee.

Archivist Won’t Call “Torture Report” a Permanent Record

Archivist of the United States David S. Ferriero last week rebuffed requests to formally designate the Senate Intelligence Committee report on CIA interrogation practices a “federal record” that must be preserved.

Senators Dianne Feinstein and Patrick Leahy had urged the Archivist to exercise his authority to certify that the Senate report is a federal record.

“We believe that Congress has made it clear that the National Archives has a responsibility — as the nation’s record keeper — to advise other parts of the United States government of their legal duty to preserve documents like the Senate Report under the Federal Records Act, the Presidential Records Act, and other statutes,” Senators Feinstein and Leahy wrote in an April 13 letter.

The report qualifies for preservation as a permanent record, they said, “because it contains uniquely valuable information regarding the CIA’s detention and interrogation program under the Bush Administration,” among other reasons.

Two weeks later, dozens of non-governmental organizations led by the Constitution Project sent their own letter to the Archivist likewise urging him to make a formal determination that the Senate report is a federal record that by law must be preserved.

“The Senate study began as an examination of the CIA’s destruction of crucial video records of the torture program, which occurred without NARA’s knowledge or authorization,” the NGO letter said. “It would be sadly ironic if NARA knowingly allowed the Executive Branch to return the most comprehensive history of the CIA torture program” to Congress without preserving a permanent archival record of it.

But Archivist Ferriero was unmoved by the appeals.

“NARA has refrained from interceding in this matter because the issue is the subject of ongoing litigation,” he wrote in an April 29 reply to Senators Feinstein and Leahy, referring to a Freedom of Information Act lawsuit brought by the ACLU for access to the report. “As is routine with respect to any issue that is being litigated, we have coordinated with litigation counsel at DOJ handling the pending court case.”

He also asserted that the mere fact that executive branch agencies are in possession of the Senate report does not necessarily mean that it qualifies as a federal record. There is a “possibility that an agency could accept physical receipt of a document but maintain it in such a manner that the agency does not acquire legal custody for purposes of either the FRA [Federal Records Act] or the FOIA,” he wrote.

However, at this stage “it would not be appropriate for me to have a predisposed viewpoint in any particular case as to whether recorded information is or is not a federal record,” he said, implying that a final decision would be reached at some later stage.

The National Archives acknowledged receipt of the NGO letter (which was co-signed by the FAS Project on Government Secrecy), and said that a response to that letter would be provided in due course.

Otherwise, officials contacted by Secrecy News would not discuss the matter on the record. But what emerges from several conversations is something like this:

Although the Archivist has independent legal authority to determine the status of federal records under the Presidential and Federal Records Act Amendments of 2014, he remains an executive branch official and he is not politically autonomous. In the face of FOIA litigation, which takes precedence as a practical matter, it actually is “routine” (or at least unsurprising) for the Archivist to defer to the Justice Department and to abstain from unilateral action.

If the ongoing FOIA litigation ultimately led to a determination that the Senate report is a “record” for purposes of FOIA, then it would be easy for the Archivist to concur. If not, then it would be more difficult, but not altogether impossible, for the Archivist to conclude that the report is nevertheless a federal record. “The determination of record status under the FRA and the Freedom of Information Act (FOIA), while not identical, is similar,” the Archivist wrote.

In any event, while an immediate resolution of this dispute is foreclosed by the Archivist’s refusal to intervene, the larger question of the status of the Senate report as a federal record remains open.

Legal technicalities aside, it would be astonishing if the full Senate Committee report were not preserved for posterity one way or another, and eventually published. Even if it is not the last word on post-9/11 detention and interrogation, and even if not every word of it turns out to be true and correct, the Committee report has already become central to public discourse on the subject. If it became possible to erase it from the historical record in some kind of Stalinesque act of suppression, then we would all have bigger problems to worry about.

See related coverage from the Constitution Project, the National Security Archive, the Bill of Rights Defense Committee, and Courthouse News.

Punishing Leaks Through Administrative Channels

The Obama Administration has famously prosecuted more individuals for unauthorized disclosures of classified information to the media than all of its predecessors combined. But behind the scenes, it appears to have sought administrative penalties for leaks — rather than criminal ones — with equal or greater vigor.

“This Administration has been historically active in pursuing prosecution of leakers, and the Intelligence Community fully supports this effort,” said ODNI General Counsel Robert S. Litt in testimony from a closed hearing of the Senate Intelligence Committee in 2012 that was released last week in response to a Freedom of Information Act request.

But, he said, “prosecution of unauthorized disclosure cases is often beset with complications, including difficult problems of identifying the leaker, the potential for confirming or revealing even more classified information in a public trial, and graymail by the defense.”

Therefore, Mr. Litt said, in 2011 Director of National Intelligence James Clapper ordered intelligence agencies “to pursue administrative investigations and sanctions against identified leakers wherever appropriate. Pursuant to this DNI directive, individual agencies are instructed to identify those leak incidents that are ripe for an administrative disposition….”

Administrative penalties could include termination of employment, loss of security clearance, fines, or other adverse consequences. The number of individuals who were in fact sanctioned as a result of the ensuing “emphasis on administrative dispositions of leak investigations” was not disclosed. But “by advocating for administrative action in appropriate cases, the DNI hopes that more leakers will be sanctioned, and others similarly situated will be deterred,” he said at that time.

The 2012 Senate Intelligence Committee hearing pre-dated the classified disclosures in 2013 by Edward Snowden, who was obviously not deterred.

In a 2014 memorandum, Homeland Security Advisor Lisa O. Monaco said that “Recent unauthorized disclosures have unfortunately underscored the need to vigilantly safeguard our Nation’s most sensitive intelligence information.” The memo detailed numerous “near-term measures… aimed at further reducing the risk of additional high-impact disclosures.”

Yet “technical fixes alone cannot fully mitigate the threat posed by a determined insider,” she wrote. “As a result, [the corrective steps] include measures to improve business practices, enhance the security culture across the workforce, and reduce the unique risks associated with ‘privileged’ users.”

See “Near-term Measures to Reduce the Risk of High-Impact Unauthorized Disclosures,” memorandum from Homeland Security Advisor Lisa Monaco, February 11, 2014.

The actual efficacy of the measures described, some of which are still being gradually implemented, has not been publicly reported.