Congress Tells DoD to Report on Leaks, Insider Threats

For the next two years, Congress wants to receive quarterly reports from the Department of Defense on how the Pentagon is responding to leaks of classified information. The reporting requirement was included in the pending National Defense Authorization Act for FY 2015 (Sec. 1052).

“Compromises of classified information cause indiscriminate and long-lasting damage to United States national security and often have a direct impact on the safety of warfighters,” the Act states.

“In 2010, hundreds of thousands of classified documents were illegally copied and disclosed across the Internet,” it says, presumably referring to the WikiLeaks disclosures of that year.

“In 2013, nearly 1,700,000 files were downloaded from United States Government information systems, threatening the national security of the United States and placing the lives of United States personnel at extreme risk,” the Act states, in a presumed reference to the Snowden disclosures. “The majority of the information compromised relates to the capabilities, operations, tactics, techniques, and procedures of the Armed Forces of the United States, and is the single greatest quantitative compromise in the history of the United States.”

The Secretary of Defense will be required to report on changes in policy and resource allocations that are adopted in response to significant compromises of classified information.

The defense authorization act does not address irregularities in the classification system, such as overclassification or failure to timely declassify information.

It does call for additional reporting on the Department of Defense “insider threat” program (Sec. 1628), and on “the adoption of an interim capability to continuously evaluate the security status of the employees and contractors of the Department who have been determined eligible for and granted access to classified information.”

By definition, this continuous evaluation approach does not focus on suspicious individuals or activities, but rather is designed to monitor all security-cleared personnel.

Rep. Moran Urges Presidential Pardon for John Kiriakou

Rep. James P. Moran this week called on President Obama to pardon John Kiriakou, the former CIA officer who was convicted of disclosing the name of an undercover intelligence officer and who is currently serving a prison sentence in the Federal Correctional Institution in Loretto, Pennsylvania.

“Mr. Speaker, I rise today to ask for a Presidential pardon for John Kiriakou,” said Rep. Moran (D-VA), who is retiring from Congress, in a statement entered in the Congressional Record. “Mr. Kiriakou is an American hero.”

John Kiriakou is a whistleblower, as well. The first American intelligence officer to officially and on-record reveal that the U.S. was in the torture business as a matter of White House policy under President Bush. In confirming what the American media and policymakers were hearing whispered–that waterboarding and other enhanced interrogation techniques were a matter of standard military and intelligence procedures–he helped begin an intense and overdue debate over whether torture violated international law, tarnished our higher American principles and undermined the critical need for reliable, actionable information,” Rep. Moran said.

“And John Kiriakou is a convicted felon, serving a 2\1/2\ year plea bargained sentence in a Pennsylvania federal prison. The charge against him is violating the Intelligence Identities Protection Act, whereby John answered a question from a U.S. reporter who was duplicitously fronting for lawyers defending Al Qaeda prisoners held at Guantanamo Bay and in the process unintentionally confirmed the classified identity of a CIA colleague. A colleague who, by the way, was being erroneously labeled as an enhanced interrogation techniques torturer.”

“The real issue here is the extremely selective prosecution of John and the ongoing efforts to intimidate him from talking about our intelligence community’s misfires,” he said.

“Whatever John’s misdeeds–and he admits that answering that reporter’s questions was ill-advised and naive–he has more than paid for them. After fifteen years of service to his country, the personal risks and costs of a life in the intelligence world, the legal double-standard applied, and now two years in prison John Kiriakou deserves a Presidential pardon so his record can be cleared, just as this country is trying to heal from a dark chapter in its history,” Rep. Moran said.

Rep. Moran’s statement does not constitute an application for a presidential pardon, and Mr. Kiriakou would not normally be eligible for such a pardon until at least 5 years after his impending release from prison.

The Moran statement does, however, represent a rare congressional expression of sympathy for a convicted leaker, and an unusual gesture of respect for an incarcerated American of any kind.

And in fact, there is some precedent for a pardon, even among the small cohort of convicted leakers of classified information.

In January 2001, President Clinton formally pardoned Samuel Loring Morison, the first person to be convicted of unauthorized disclosure of classified information to the press. A copy of the certificate of clemency is here.

“What is remarkable is not the crime,” wrote Sen. Patrick Moynihan in a 1998 letter to the President about the Morison case, “but that he is the only one convicted of an activity which has become a routine aspect of government life: leaking information to the press in order to bring pressure to bear on a policy question.”

“A presidential pardon is a sign of forgiveness,” wrote Justice Department pardon attorney Roger C. Adams at the time. “It does not erase or expunge the record of conviction and does not indicate innocence.”

DoD Leaks Now Termed “Serious Security Incidents”

Unauthorized disclosures of classified information, leaks to the news media, acts of espionage, and certain other information security offenses are now to be collectively designated as “serious security incidents,” according to a Department of Defense directive that was published this week.

The new terminology was adopted in order to standardize procedures for preventing, identifying, investigating and reporting such violations when they occur. See “Management of Serious Security Incidents Involving Classified Information,” DoD Directive 5210.50, October 27, 2014.

The new directive replaces a previous directive from 2005, which had simply been titled “Unauthorized Disclosure of Classified Information to the Public.”

Not every episode of mishandling classified information qualifies as a “serious security incident.” But that term applies whenever there is an unauthorized disclosure of classified information in the news media, or an act of espionage, or a willful disclosure of classified information to an unauthorized person that involves large amounts of classified information, or that reveals a systemic weakness in classification practices, among other circumstances. The threshold is determined by what is reportable to senior to DoD authorities (as specified in DoD Manual 5200.01, vol. 3, enclosure 6, at p. 88).

(Strictly speaking, the creation of an unauthorized DoD “special access program” would also appear to constitute a “serious security incident” requiring investigation, reporting and accountability. But that possibility is not mentioned in the new directive.)

“Serious security incident investigations and reporting will integrate security, counterintelligence, law enforcement, and other appropriate DoD interests to ensure that the causes of serious security incidents are identified and that all appropriate means are utilized to identify and mitigate damage to national security and avoid similar occurrences,” the new directive states.

This week, Michael Isikoff of Yahoo News reported that the FBI had identified a new leaker (“Feds identify suspected ‘second leaker’ for Snowden reporters,” October 27). The story also cited concerns among some intelligence officials that the Department of Justice may be reluctant to initiate new criminal prosecutions of suspected leakers due to criticism of past overzealousness.

It is hard to confirm from a distance that such reluctance on the part of Justice Department officials exists. But in fact, the government has always had alternatives to Espionage Act prosecutions of suspected leakers, including civil or administrative penalties and loss of security clearance.

The new DoD directive says that “DoD personnel responsible for serious security incidents may be held accountable, as appropriate, in a criminal proceeding, civil judicial action, disciplinary or adverse administrative action, or other administrative action authorized by federal law or regulations.”

Likewise, a July 2013 Department of Justice review of policies concerning the news media said that “The Department will work with others in the Administration to explore ways in which the intelligence agencies themselves, in the first instance, can address information leaks internally through administrative means, such as the withdrawal of security clearances and imposition of other sanctions.”

Report on Disclosures to the Media is Classified

A report to Congress on authorized disclosures of classified intelligence to the media — not unauthorized disclosures — is classified and is exempt from disclosure under the Freedom of Information Act, the National Security Agency said.

The notion of an authorized disclosure of classified information is close to being a contradiction in terms. If something is classified, how can its disclosure be authorized (without declassification)? And if something is disclosed by an official who is authorized to do so, how can it still be classified? And yet, it seems that there is such a thing.

Confronted by a pressing question from a reporter on a classified matter, an official might opt to acknowledge or disclose classified information in response, without necessarily intending to broadcast that information to everyone. In such cases, the information might be disclosed without being declassified, especially if it is already known to the reporter through other channels.

In the Intelligence Authorization Act for FY 2013 (sec. 504), Congress directed that “In the event of an authorized disclosure of national intelligence” to the media, the government official responsible for authorizing the disclosure shall notify Congress in a timely fashion whenever the intelligence disclosed is classified (or declassified for the purpose of the disclosure).

The purpose of that requirement was to ensure that the congressional intelligence committees are made aware of authorized disclosures to the press “so that, among other things, these authorized disclosures may be distinguished from unauthorized ‘leaks’,” according to the Senate report on the FY2013 intelligence bill.

So what disclosures of classified intelligence to the media were approved by government officials and reported to Congress, we asked earlier this year? The National Security Agency refuses to disclose those disclosures.

“The document responsive to your request has been reviewed by this Agency as required by the FOIA and has been found to be currently and properly classified in accordance with Executive Order 13526,” according to an October 2 letter signed by retiring NSA FOIA chief Pamela N. Phillips. “The document is classified because its disclosure could reasonably be expected to cause exceptionally grave damage to the national security.”

We appealed the denial.

“It is well established that information, including classified information, that has been publicly disclosed on an authorized basis loses its exemption from disclosure under FOIA,” the FAS appeal letter said.

“Since the requested document addresses ‘authorized public disclosures,’ the substance of those authorized disclosures may no longer be withheld.”

WWII Atomic Bomb Project Had More Than 1,500 “Leaks”

The Manhattan Project to develop the first atomic bomb during World War II was among the most highly classified and tightly secured programs ever undertaken by the U.S. government. Nevertheless, it generated more than 1,500 leak investigations involving unauthorized disclosures of classified Project information.

That remarkable fact is noted in the latest declassified volume of the official Manhattan District History (Volume 14, Intelligence & Security) that was approved for release and posted online by the Department of Energy last month.

In several respects, the Manhattan Project established the template for secret government programs during the Cold War (and after). It pioneered or refined the practices of compartmentalization of information, “black” budgets, cover and deception to conceal secret facilities, minimal notification to Congress, and more.

But wherever there are national security secrets, it seems that leaks and spies are not far behind.

During the course of the Manhattan Project, counterintelligence agents “handled more than 1,000 general subversive investigations, over 1,500 cases in which classified project information was transmitted to unauthorized persons, approximately 100 suspected espionage cases, and approximately 200 suspected sabotage cases,” according to the newly declassified history (at pp. S2-3).

Most of the 1,500 leak cases seem to have been inadvertent disclosures rather than deliberate releases to the news media of the contemporary sort. But they were diligently investigated nonetheless. “Complete security of information could be achieved only by following all leaks to their source.”

In 1943, there were several seemingly unrelated cases of Protestant clergymen in the South preaching sermons that alarmingly cited “the devastating energy contained in minute quantities of Uranium 235″ (while contrasting it with “the power of God [that] was infinitely greater”). The sermons were eventually traced back to a pamphlet distributed by a Bible college in Chicago, which was determined to be harmless. Other disclosures cited in the history involved more serious indiscretions that drew punitive action.

“Since September 1943, investigations were conducted of more than 1500 ‘loose talk’ or leakage of information cases and corrective action was taken in more than 1200 violations of procedures for handling classified material,” the history said (p. 6.5).

“Upon discovery of the source of a violation of regulations for safeguarding military information, the violator, if a project employee, was usually reprimanded, informed of the possible application of the Espionage Act, and warned not to repeat the violation.”

Fundamentally, however, information security was not to be achieved by the force of law or the threat of punishment. Rather, it was rooted in shared values and common commitments, the Project history said.

“Grounds for protecting information were largely patriotism, loyalty to the fighting men, and the reasoning that the less publicity given the Project, the more difficult it would be for the enemy to acquire information about it and also, the greater would be the element of surprise” (p. 6.13).

The only other remaining portion of the official history, Foreign Intelligence Supplement No. 1 to Manhattan District History Volume 14, was also published online last month. It provided an account of U.S. wartime intelligence collection aimed at enemy scientific research and development. Some information in that volume was deleted by the Central Intelligence Agency.

The entire thirty-six volume Manhattan District history has now been declassified and posted online.

Leaked Document to be Introduced in State Secrets Case

The plaintiff in a lawsuit challenging the use of the “no fly list” to bar a US citizen from boarding an aircraft said last week that he would introduce a leaked copy of the government’s Watchlisting Guidance “to show just how objectionable and evidence-free Defendants’ watch listing process is.”

The government said it did not acknowledge the authenticity of the leaked document, and that the case should be dismissed since the Attorney General had invoked the state secrets privilege concerning core issues that it raised.

The lawsuit was filed by the Council on American-Islamic Relations (CAIR) on behalf of Gulet Mohamed, who said his constitutional rights had been violated by placing him on the no fly list.

In May 2014, Attorney General Eric Holder filed a declaration asserting the state secrets privilege over documents and information that it said would be needed to litigate the case, and the government moved for dismissal of the entire matter.

Among other things, the Attorney General said that the state secrets privilege extended to the current Watchlisting Guidance that spells out the criteria and procedures for placing an individual on the no fly list.

“The Guidance sets forth, in detail, the Government’s comprehensive watchlist scheme related to the identification and placement of individuals in terrorism screening watchlists,” AG Holder wrote in his May 27, 2014 declaration asserting the privilege.

“If the Guidance were released, it would provide a clear roadmap to undermine the Government’s screening efforts, a key counterterrorism measure, and thus, its disclosure reasonably could be expected to cause significant harm to national security,” he wrote.

But then last month, the online publication The Intercept reported on the Watchlisting Guidance and published the document itself. (The Secret Government Rulebook for Labeling You a Terrorist by Jeremy Scahill and Ryan Devereaux, July 23.)

In an August 15 statement to the Court, the CAIR attorneys for Gulet Mohamed said that they would file a copy of the Guidance and another leaked document in a Notice this week.

“Plaintiff will argue that this document is relevant, not only to show just how objectionable and evidence-free Defendants’ watch listing process is, but also to how this Court handles Defendants’ state secrets privilege,” the attorneys wrote.

In the same August 15 statement, the government said it would not confirm that the documents to be filed by CAIR are authentic, or even that they had actually been leaked.

“Defendants do not acknowledge the authenticity of the purportedly leaked documents, and will respond to the proposed Notice in due course,” attorneys for the government stated.

While withholding confirmation, however, they have stopped short of affirmatively disputing that the documents are authentic.

The Gulet Mohamed case is believed to be the most recent instance of the government’s use of the state secrets privilege.

In a 2011 report to Congress, the Justice Department had said it would try not to employ the privilege in a way that would require dismissal of an entire complaint.

“While invocation of the privilege may result in the dismissal of some claims, the Department’s policy seeks to avoid that result whenever possible, consistent with national security interests.”

But in this case, the government told the Court that nothing short of complete dismissal would do.

“If the Attorney General’s privilege assertion is upheld, as it should be, the law requires that the Court then consider the consequences of the exclusion of the privileged information,” the Department said in a May 28 memo elaborating its position. “Here, because properly protected national security information would go to the core of the claims and defenses, this case cannot proceed in the absence of that information, and, under established Fourth Circuit authority, the case must be dismissed.”

Attorneys for the plaintiff disputed that view, and said the case could and should proceed.

“Simply put, just as federal courts in Latif and Ibrahim [other cases involving the no fly list] found a way to litigate the merits of No Fly List claims without imperiling state secrets, this Court can do so here as well,” the CAIR attorneys wrote in a July 7 rejoinder. “Though Plaintiff will seek additional non-privileged information from Defendants, it is important to note at the outset that Plaintiff can, if need be, litigate this case without further discovery from Defendants,” they wrote.

The case is being heard by Judge Anthony J. Trenga of the Eastern District of Virginia. He has yet to rule on the pending Government motion for dismissal on state secrets grounds.

In a move that may imply a degree of skepticism concerning the proposed application of the privilege, Judge Trenga ordered the government to submit for in camera review a copy of all documents and a summary of all testimony relevant to the case that it asserts fall under the state secrets privilege. The materials are to be provided to the Court under seal by September 7, Judge Trenga wrote in an August 6 order.

For further background, see 2008 Obama Would Have Slammed 2014 Obama for This Government Secrecy Case by Nick Baumann, Mother Jones, July 14, 2014; and Over Government Objections, Rules on No-Fly List Are Made Public by Charlie Savage, New York Times, July 23, 2014.

A Look Behind President Clinton’s Veto of an Anti-Leak Bill

In 2000, both houses of Congress passed legislation that would have made any leak of classified information a felony.

The provision, contained in the FY2001 intelligence authorization act, was designed “to ensure the prosecution of all unauthorized disclosures of classified information.” said Sen. Richard Shelby, the primary sponsor of the provision, at the time.

While some unauthorized disclosures of classified information were already prohibited by statute (including the Espionage Act), others have not been specifically outlawed, or else their legal status is uncertain, requiring strenuous efforts by prosecutors to fit a prohibition to the presumed offense. The Shelby provision would have removed all ambiguities and would have simply criminalized all leaks of classified information.

But to the astonishment of nearly everyone, and to the relief of many, President Clinton vetoed the 2001 intelligence authorization bill because of the anti-leak measure.

“Although well intentioned, that provision is overbroad and may unnecessarily chill legitimate activities that are at the heart of a democracy,” he wrote in his November 4, 2000 veto message.

But that unexpected outcome almost didn’t come to pass.

Instead of a veto, White House lawyers had prepared draft signing statements for President Clinton in which he would have approved the bill, while expressing some reservations about its potential impact.

The draft signing statements were released by the Clinton Presidential Library last week. The newly disclosed presidential documents were first noted by Josh Gerstein in Politico on July 18.

“I strongly believe… that this new provision should not be applied in a manner that could chill legitimate activity or transform questions of judgment into criminal referrals,” according to the draft signing statement for President Clinton that was ultimately set aside in favor of a veto of the bill.

The worst effects of the anti-leak measure could be avoided by the limited, judicious use of prosecutorial authority, White House lawyers initially suggested.

“It is extraordinarily important, therefore, that the Justice Department use its prosecutorial discretion wisely when apparently unauthorized disclosures are referred to it for possible prosecution under this new provision,” the draft signing statement said.

Prosecutorial discretion often seems to be in short supply, however, and in all likelihood it would not have been an effective bulwark against abuse of the vetoed anti-leak provision, had it passed into law.

An apparent excess of zeal in the prosecution of classified document (mis-)handling was highlighted just last week in the case of Navy contract linguist James F. Hitselberger, who had been charged with multiple felonies in connection with the unlawful retention of national defense information. Earlier this year, Mr. Hitselberger pleaded guilty to a single misdemeanor. Last Thursday, he was sentenced to time already served (in pre-trial custody) and a fine of $250.00.

DNI Issues New Policy on Leak Damage Assessments

The Director of National Intelligence has issued new guidance on assessing damage resulting from the unauthorized disclosure of classified intelligence information to ensure that the damage assessments “are produced in an efficient, timely, consistent and collaborative manner.”

Leak damage assessments should be used iteratively and the lessons learned from them should be applied “to strengthen the protection of classified national intelligence and prevent future unauthorized disclosures or compromises.”

In addition to the facts and circumstances of the unauthorized disclosure, damage assessments should identify “any foreign involvement” in the case and “actionable recommendations to prevent future occurrences.”

Where foreign partners are affected by the leak, agency heads shall coordinate with DNI “prior to notifying a foreign government.” Also, “foreign governments normally will not be advised of any security system vulnerabilities that contributed to the compromise.”

See “Damage Assessments,” Intelligence Community Directive 732, June 27, 2014.

Espionage Act Case Was “Overcharged,” Defense Says

In 2012, former Navy linguist James F. Hitselberger was indicted on two felony counts under the Espionage Act statutes after several classified documents were found in his possession. In 2013, a superseding indictment charged him with another four felony counts.

But in the end, Mr. Hitselberger pleaded guilty this year to a single misdemeanor charge of removing classified documents without authorization.

Now both the defense and the prosecution are endorsing Hitselberger’s request that any jail penalty be limited to the time he has already served, including two months in DC jail and eight months of home confinement. The sentencing hearing is scheduled for July 17.

Despite the stark disparity between the multiple felony counts with which Hitselberger was charged, and the single misdemeanor of which he was convicted, the prosecution said that it had no second thoughts about the way the matter was handled.

“It is important to note that the government’s case against Mr. Hitselberger did not collapse,” prosecutors said in a June 27 sentencing memorandum. To the contrary, prosecutors wrote, “in several ways, the government’s case became stronger than what it had been when the charges were first obtained.”

Defense attorneys disputed that assertion and said the government had overreached.

“At a minimum, the evidence demonstrates that the government significantly overcharged the case, and the guilty plea to a misdemeanor not only was the appropriate result, but also demonstrates how the offense should have been charged from the beginning,” the defense wrote in a June 27 reply.

The mountain of Espionage Act charges that yielded a molehill of a misdemeanor in this case recalls a similar progression in the prosecution of former NSA official Thomas Drake, where ten felony counts gave way to a technical misdemeanor. This recurring pattern may indicate that overcharging is a standard prosecutorial approach to such cases, or that the judicial process is effectively winnowing out excessive felony charges, or perhaps both.

A June 26 sentencing memorandum submitted by the defense presented its own account of the facts of the case, along with several moving testimonials from Hitselberger’s friends and relatives as to his character.

In another pending Espionage Act case, the Obama Administration must decide if it will pursue a subpoena against New York Times reporter James Risen. For a current update, see Reporter’s Case Poses Dilemma for Justice Dept. by Jonathan Mahler, New York Times, June 27.

Selective Prosecution and the Espionage Act

Government officials disclose classified information to the press with some frequency, but only rarely are they prosecuted for it.

Such selective prosecution renders the law unfair, said attorney Abbe Lowell at the April 2 sentencing hearing of his client, Stephen Kim, who pled guilty to an unauthorized disclosure of classified information.

Mr. Kim, a former State Department Korea specialist who could have been sentenced to 10 years in prison and a fine of $250,000, received a 13 month jail sentence. The transcript of the April 2 sentencing hearing is now available here.

The fact that senior officials go unpunished for comparable or greater offenses “doesn’t mean that Mr. Kim didn’t violate the law,” said Mr. Lowell. But “it means that our system is out of balance.”

The “antiquated” Espionage Act that is used to prosecute leaks is “one very blunt tool,” Mr. Lowell said.

Still, “There’s some good that can come from this case,” Mr. Lowell suggested. He noted that it had already led the Department of Justice to revise its policy and practice on investigating or charging members of the news media.

In other leak-related news, the Obama Administration argued that there is no privilege that would excuse New York Times reporter James Risen from testifying in court as to the identity of the source who provided him with classified information. In an April 25 brief, the Administration asked the U.S. Supreme Court to reject Mr. Risen’s petition to review the matter.

Meanwhile, former Navy linguist James Hitselberger, who had been charged under the Espionage Act with unlawful retention of national defense information (18 USC 793e), pleaded guilty on April 25 to a lesser offense of unauthorized retention of classified information (18 USC 1924), which carries a sentence of up to one year in prison. He is to be sentenced on July 17. (More from Josh Gerstein in Politico.)