One of the more encouraging changes in classification policy over the past decade has been the sharp reduction in the number of decisions to classify information reported each year by executive branch agencies.
In 2005 there were a total of 258,633 original classification actions, or new secrets, reported; in 2015, there were said to be 53,425 such actions. (See Number of New Secrets in 2015 Near Historic Low, Secrecy News, July 29, 2016).
Despite the misleading precision with which they are reported, these numbers — which are derived from agency reports to the Information Security Oversight Office and published in ISOO annual reports — were understood to be estimates, not precise tabulations.
Now, however, a new report from the State Department Inspector General suggests that State’s reporting of its classification activity to ISOO may not only be imprecise, but actually inaccurate and incorrect.
The Inspector General “found shortcomings with the count of classification decisions” reported to ISOO. The estimates that were generated were not validated, and they did not reflect the full scope of State Department classification activity.
So, “For example, classified documents created within the Office of the Secretary were not included” in the survey, the IG said. See Compliance Follow-up Review of the Department of State’s Implementation of Executive Order 13526, Classified National Security Information, Office of Inspector General, Department of State, September 2016.
The bottom line, the IG said, is that reported classification totals “will not accurately represent all of the Department’s classification decisions because not all decisions are being identified or sampled as part of the Department’s self-inspection program.”
William Cira, the acting director of the Information Security Oversight Office, said he was not surprised by the Inspector General findings, and not especially troubled.
He recalled that ISOO itself stated in its 2009 report that “the data reported has not truly reflected the changing ways agencies have generated and used classified information in the electronic environment.”
“It has been recognized, even long before we asked the agencies to include the electronic environment, that an actual count is not feasible,” Mr. Cira added. “The sampling and extrapolation technique described in that report has been in widespread use for a long time.”
“It is actually one of the suggested methods that we impart to the agencies when we send out our data collection request each year. Since FY 2009, ISOO has asked agencies to do their best to estimate the volume of all classified products in the electronic environment.”
“We have always acknowledged that this would not be easy. We do ask them [agencies] to estimate, we do suggest that they sample and extrapolate, and we acknowledge that in almost all cases they will not have the resources to conduct a scientific survey as that is defined by professional statisticians.”
“This method may seem crude but we recognize that almost none of agency data collectors have trained statisticians to call upon, and there is no expectation that they hire one.” Still, “If the Dept. of State OIG believes that the Office of the Secretary should be included that is a welcome suggestion.”
“The one thing for certain is that this method has been consistently applied across many agencies for a very long time,” Mr. Cira said.
In other words, if the collection method is crude, at least it is consistent in its crudeness, and so perhaps some rough trend information may still be discerned within the noise.
But without real quantitative and qualitative clarity, effective management of agency classification activity will be beyond reach.
At a time when universities are already facing intense pressure to re-envision their role in the S&T ecosystem, we encourage NSF to ensure that the ambitious research acceleration remains compatible with their expertise.
FAS CEO Daniel Correa recently spoke with Adam Marblestone and Sam Rodriques, former FAS fellows who developed the idea for FROs and advocated for their use in a 2020 policy memo.
In a year when management issues like human capital, IT modernization, and improper payments have received greater attention from the public, examining this PMA tells us a lot about where the Administration’s policy is going to be focused through its last three years.
Congress must enact a Digital Public Infrastructure Act, a recognition that the government’s most fundamental responsibility in the digital era is to provide a solid, trustworthy foundation upon which people, businesses, and communities can build.