IG Says Homeland Security Secrecy Program is in Good Shape

The Department of Homeland Security “is streamlining classification guidance and more clearly identifying categories of what can be released and what needs to remain classified,” according to a new report from the DHS Inspector General.

The Reducing Over-classification Act of 2010 required the Inspector General at each executive branch agency that classifies information to evaluate the agency’s classification practices and to report on the results by the end of September 2013.  The new DHS report is the first of the bunch to be published.  See Reducing Over-classification of DHS’ National Security Information, DHS Office of Inspector General Report OIG-13-106, August 2013.

The report sheds new light on DHS classification practices and provides some useful criticism, but it has a serious conceptual flaw.

The flaw lies in the report’s definition of the problem:  “Over-classification is defined as classifying information that does not meet one or more of the standards necessary for classification under Executive Order 13526.”

The problem is that this is a definition of misclassification, not over-classification.  If information does not meet the standards for classification — for example, if it is not government information — then its classification is simply a mistake, not an act of over-classification.  By using such a definition, the DHS IG fails to recognize the real dimensions of over-classification and overlooks its most vexing aspect:  the classification of information that arguably does meet the standards of the Executive Order but that need not or should not be classified.

Over-classification in this deeper sense is at the center of many current controversies over government secrecy policy.  Can the role of the CIA in targeted killing operations be acknowledged?  Should the fact of bulk collection of telephone metadata records by NSA have been admitted before it was leaked?  Though such information was eligible for classification under the Executive Order, the decision to classify it now appears questionable.

But such issues are unfortunately beyond the scope of the DHS IG report, which does not allow for the possibility that information could both “meet the standards necessary for classification under the Executive Order” and still be over-classified.  Not a single instance of such over-classification was identified.  Rather, the IG concluded that DHS has “successfully implemented all policies and procedures required” and thus “DHS has a strong [classification] program.”

Despite its limited conception of the problem, the IG report found some significant areas for improvement.  Notably, DHS classifiers have been using obsolete software to apply classification markings.  As a result, “59 of the 372 DHS we reviewed contained declassification, sourcing, and marking errors.”  A new Classification Marking Tool is currently being acquired by DHS.  Still, “eighty interviewees noted that they would like more hands-on training to ensure they could classify information properly.”

Curiously, the IG report found that DHS officials had an equivocal attitude towards efforts to challenge classification decisions.

“All persons interviewed knew and were trained on the process of formally or informally challenging a classification, but some stated that they would be reluctant to disagree with the originator’s classification.  They did not fear retribution from senior management, but they did not believe that they were experts in challenging classification” (p. 16).

However, DHS employees resisted the possibility of offering incentives to challenge classification decisions.  “When asked, 90 out of 100 DHS derivative classifier interviewees said that they believed offering incentives may lead to unnecessary challenges, and challenges will be raised not in the spirit of reducing classification but for incentive reasons” (p. 10).

Such skepticism is totally speculative, and ought to be tested in practice.  But instead of proposing a pilot program to validate or discredit the use of incentives for classification challenges, the DHS Inspector General unfortunately just dropped the subject.

The IG report found that DHS had successfully performed the Fundamental Classification Guidance Review, leading to a 39 percent reduction in the number of security classification guides.

The report also noted that the classification statistics reported by DHS to the Information Security Oversight Office “may not be accurate,” and DHS officials acknowledged that there are “long-standing issues associated with the reliability and accuracy” of the reported numbers.

Despite its limitations, the DHS IG review seems to have been a useful exercise that focused new attention on the Department’s classification activities.  Additional reports from other agencies that conduct much larger classification programs are expected shortly.