The seventh meeting of the Security Policy (SPF) was convened at 1005 hours on 27 October 1995 by Mr. Keith Hall, Executive Director for Intelligence Community Affairs, and SPF cochair. Mr. Hall immediately introduced Ms. Margaret Munson, representing Mr. Jeremy Clark, Acting Deputy Assistant Secretary of Defense, (Intelligence and Security), as the meeting cochair. Mr. Hall also introduced RADM Dennis Blair, Associate Director of Central Intelligence for Military Support. After these brief introductions, Mr. Hall thanked TASC, Incorporated for their support, and for providing such a pleasant location for the SPF meeting.
All SPF member departments and agencies were represented with the exception of the Office of Management and Budget, National Aeronautics and Space Administration, and the Federal Emergency Management Agency. Observers included Defense Investigative Service (DIS) and representatives of the industry "Memorandum of Understanding" signatories. Mr. Hall made a special point of welcoming as a new member Mr. John Cannon, Department of the Interior.
Mr. Hall welcomed all the attendees and then turned the meeting over to Mr. Saderholm to begin the agenda. Mr. Saderholm called for any changes to the minutes of the previous SPF meeting on 29 September 1995. There being no changes, the minutes were accepted as they had been transmitted to the SPF membership. Mr. Saderholm also announced that there was a new Executive Order concerning an Interagency Executive Committee, and that there was a potential for some overlap with the activities of the SPF and Security Policy Board (SPB). He indicated that he had asked for SPB representation on it, but hadn't gotten a response as yet. He noted that the Interagency Executive Committee has not met. With these matters out of the way, he turned to the first agenda item under Old Business.
Mr. Saderholm noted that with the NOFORN issue, we were looking at the last major change to DCID 1/7. He referenced a meeting he attended on 25 October 1995 with Mr. Hall, Mr. Clark, RADM Blair, and others to discuss the NOFORN issue. A result of that meeting was a revised "talking paper" on the issue, and Mr. Saderholm invited members to refer to their copies of this paper in their meeting folders.
Mr. Hall then summarized the NOFORN situation as coming down to two basic issues: 1) Who has the authority, and through what process, to release classified information to foreign entities; and 2) How is this information to be marked?
Mr. Hall stated that there is a basic difference in intelligence information and other classified information, i.e., if the information involves intelligence sources and methods, then intelligence should control its release. He noted that the situation is complicated by the fact that the release process is dynamic-what should be releasable to a particular party one day, may not be releasable at a later date. Mr. Hall proposed marking intelligence information with some sort of codeword if it involves sources and methods. If so marked, it would point to an intelligence process or policy on how to deal with it.
As for marking documents, Mr. Hall stated that whatever system we eventually come up with, it must be simple. He also reiterated his views on the dynamic nature of the release decision, and said that because of these dynamics, the caveats "NOFORN" and "REL TO" are "meaningless."
Dr. Wells asked if marking information involving sources and methods with a new codeword was simply reviving "WNINTEL" by another name. He also noted that often the release decision isn't to particular countries, but to other entities, e.g., IFOR relative to Bosnia. He further stated that the real problem isn't dealing with documents but with foreigners on a PC or keyboard. He mentioned that the Advanced Research Projects Agency was working on an Advanced Concept Development Task dealing with a technical means to mark and segregate such information. After a brief discussion of "electronic tear lines", Dr. Wells raised the possibility of a "REL TO" marking for release to operations, vice countries, e.g., "REL TO IFOR." Mr. Hall responded that that would not get around the dynamics issue. When the idea of simply not marking materials for release came up, Dr. Wells opined that no marking will probably default to there being no real controls.
Mr. Cavanaugh, NSA, said that NSA has been doing "by exception" marking for years, and that the current system was OK. Mr. Saderholm suggested that the SPF shouldn't be getting bogged down on the particular codewords, at which point FBI raised a concern about Justice's ability to prosecute espionage cases if the releasability is not clearly marked. Mr. Rubino, DOJ, raised the issue of having some SECRET information marked NOFORN with other such information not marked NOFORN. He asked if this meant that the information not marked NOFORN was in fact releasable.
In response to a question about how our allies deal with these same questions, the CIA representative explained that the British position is that they expect to retain approval authority for the further release of their information to a third party. Several SPF members expressed the view that any change in procedures or markings will require a significant education process. Dr. Wells stated that we need to have a clearer process or chain to get the release policies out. RADM Blair pointed out that, to complicate matters, several trends would impact this process: 1) coalition warfare and shifting coalitions; 2) technological changes; and 3) the increasing use of national systems for tactical applications.
After this extended discussion, Mr. Hall declared that the DCI "wants to move out quickly on this."
Mr. Saderholm proposed that a small working group be assembled, including at a minimum representatives from NSA, CIA, CIO, JCS, ASD/C3I, and the SPB Staff "to capture the talking paper philosophy in DCID form." Mr. Greg Pannoni and/or Lt Col Ric Cazessus, SPB Staff members, will contact the appropriate organizations. Mr. Hall enjoined the working group to work fast, noting that we needed a decision within a week or two.
Mr. Saderholm concluded the meeting by stating that the Personnel Security Committee had been working hard and there will be some personnel security items on the agenda for the next meeting. He also announced that a paper would be presented on Risk Management.
SUMMARY OF ACTIONS
The following are the actions resulting from the meeting:
1. The SPB Staff will send the Reciprocity Policy to the OSPB for review. After the review, the FPC will prepare implementation guidelines. The FPC will also present a proposal, not later than the SPF's January 1996 meeting, on how security would be monitored as the policy is put into effect.
2. The SPB Staff will provide the revised TSCM Policy to the OSPB for their review.
3. The SPB Staff will contact appropriate SPF members to arrange representation on a small working group to draft a DCID capturing the SPF's approach to the NOFORN issue. This group will prepare the draft not later than 10 November 1995.
The next meeting is scheduled for 1 December 1995 from 1000-1130 hours at the Mitre Corporation, Hayes Conference Center.
The meeting was adjourned at 1125.
Section I - Policy
2. To obtain maximum effectiveness by the most economical means in the various TSCM programs, departments and agencies shall exchange technical information freely, coordinate programs, practice reciprocity, and participate in consolidated programs.
2. Classified National Security Information (CNSI) - Includes any information that has been determined, pursuant to Executive Order 12958 or any predecessor Order, to require protection against unauthorized disclosure and is marked to indicate its classified status when in documentary form.
3. Restricted Data (RD) - All data concerning design, manufacture or utilization of atomic weapons; the production of special nuclear material; or the use of special nuclear material in the production of energy, but shall not include data declassified or removed from the RD category pursuant to Section 102 of the Atomic Energy Act of 1954, as amended.
4. Sensitive but Unclassified - Any information, the loss, misuse, or unauthorized access to or modification of which could adversely affect the national interest or the conduct of federal programs, or the privacy to which individuals are entitled under Section 522a of Title 5, US Code, but which has not been specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept secret in the interest of national defense or foreign policy.
a. Providing TSCM support consisting of procedures and countermeasures determined to be appropriate for the facility, consistent with risk management principles.
b. Reporting to the Facilities Protection Committee (FPC) all-source intelligence that concerns technical surveillance threats, devices, techniques, and unreported hazards, regardless of the source or target, domestic or foreign.
c. Training a professional cadre of personnel in TSCM techniques.
d. Ensuring that the FPC and Training and Professional Development Committee are kept apprised of their TSCM program activities and training and research and development requirements.
e. Assisting other departments and agencies, in accordance with federal law, with TSCM services of common concern.
f. Coordinating, through the FPC, proposed foreign disclosure of TSCM equipment and techniques.
2. The FPC shall advise and assist the Security Policy Board in the establishment and review of TSCM policy; in the development of guidelines, procedures, and instructions; and in the establishment and review of TSCM policy for the US Government. The FPC shall include provision for:
a. Coordinating TSCM professional training, research, development, test, and evaluation programs.
b. Promoting and fostering joint procurement of TSCM equipment.
c. Evaluating the impact on the national security of foreign disclosure of TSCM equipment or techniques and recommend policy changes as needed.
d. Developing guidance for use in obtaining intelligence information on the plans, capabilities and actions of organizations hostile to the US Government concerning technical penetrations and countermeasures against them.
e. Reviewing biennially the national strategy for TSCM and updating and disseminating as required.