Classified Anti-Terrorist Ops Raise Oversight Questions

Last February, the Secretary of Defense initiated three new classified anti-terrorist operations intended “to degrade al Qaeda and ISIS-affiliated terrorists in the Middle East and specific regions of Africa.”

A glimpse of the new operations was provided in the latest quarterly report on the U.S. anti-ISIS campaign from the Inspectors General of the Department of Defense, Department of State, and US Agency for International Development.

The three classified programs are known as Operation Yukon Journey, the Northwest Africa Counterterrorism overseas contingency operation, and the East Africa Counterterrorism overseas contingency operation.

Detailed oversight of these programs is effectively led by the DoD Office of Inspector General rather than by Congress.

“To report on these new contingency operations, the DoD OIG submitted a list of questions to the DoD about topics related to the operations, including the objectives of the operations, the metrics used to measure progress, the costs of the operations, the number of U.S. personnel involved, and the reason why the operations were declared overseas contingency operations,” the joint IG report said.

DoD provided classified responses to some of the questions, which were provided to Congress.

But “The DoD did not answer the question as to why it was necessary to designate these existing counterterrorism campaigns as overseas contingency operations or what benefits were conveyed with the overseas contingency operation designation.”

Overseas contingency operations are funded as “emergency” operations that are not subject to normal procedural requirements or budget limitations.

“The DoD informed the DoD OIG that the new contingency operations are classified to safeguard U.S. forces’ freedom of movement, provide a layer of force protection, and protect tactics, techniques, and procedures. However,” the IG report noted, “it is typical to classify such tactical information in any operation even when the overall location of an operation is publicly acknowledged.”

“We will continue to seek answers to these questions,” the IG report said.

Accounting Board Okays Deceptive Budget Practices

Government agencies may remove or omit budget information from their public financial statements and may present expenditures that are associated with one budget line item as if they were associated with another line item in order to protect classified information, the Federal Accounting Standards Advisory Board concluded last week.

Under the newly approved standard, government agencies may “modify information required by other [financial] standards” in their public financial statements, omit otherwise required information, and misrepresent the actual spending amounts associated with specific line items so that classified information will not be disclosed. (Accurate and complete accounts are to be maintained separately so that they may be audited in a classified environment.)

See Classified Activities, Statement of Federal Financial Accounting Standards (SFFAS) 56, Federal Accounting Standards Advisory Board, October 2018.

The new policy was favored by national security agencies as a prudent security measure, but it was opposed by some government overseers and accountants.

Allowing unacknowledged modifications to public financial statements “jeopardizes the financial statements’ usefulness and provides financial managers with an arbitrary method of reporting accounting information,” according to comments provided to the Board by the Department of Defense Office of Inspector General.

Properly classified information should be redacted, not misrepresented, said the accounting firm Kearney & Company. “Generally Accepted Accounting Principles (GAAP) should not be modified to limit reporting of classified activities. Rather, GAAP reporting should remain the same as other Federal entities and redacted for public release or remain classified.”

The new policy, which extends deceptive budgeting practices that have long been employed in intelligence budgets, means that public budget documents must be viewed critically and with a new degree of skepticism.

A classified signals intelligence program dubbed “Vesper Lillet” that recently became the subject of a fraud indictment was ostensibly sponsored by the Department of Health and Human Services, but in reality it involved a joint effort of the National Reconnaissance Office and the National Security Agency.

See “Feds allege contracting fraud within secret Colorado spy warehouse” by Tom Roeder, The Gazette (Colorado Springs), October 5, 2018.

Remembering Steve Garfinkel

We were very sad to learn that Steve Garfinkel, the former director of the Information Security Oversight Office (ISOO), passed away on September 24.

Appointed by President Carter in 1980, Mr. Garfinkel served as the second ISOO director for two decades until his retirement in January 2002. In that position, he played an influential role in the evolution of the national security classification system during its rapid expansion in the Reagan years and through the ambitious declassification initiatives of the Clinton era.

The ISOO director’s job of supervising the operation of the government’s classification system is an all but impossible one, since ISOO’s resources and authorities are not commensurate with its assigned responsibilities.

But Garfinkel made the whole system better than it was with the tools that he had available. He instituted training programs for classifiers, he restrained some of the excesses of agency officials, and he cultivated a rational approach to the diverse challenges that the late cold war classification system produced.

He made “many contributions to the well-being of our nation,” said J. William Leonard, his successor. “While I had the honor to follow in Steve’s footsteps as ISOO Director, from the very beginning I recognized that I would never be able to fill his shoes,” wrote Mr. Leonard, whose own shoes are quite large.

“He was a monumental man, a man of great honor and integrity,” wrote Roger Denk, the former director of the Defense Personnel and Security Research Center. “His sense of humor, combined with his brilliance, made him a joy to be around.”

During his years at ISOO, Mr. Garfinkel welcomed with some surprise the growing attention of public interest groups to classification policy. (“Notwithstanding you, very few people give a tinker’s damn about the security classification system,” he had told me in a 1993 interview.) The mounting volume of public complaints seemed to give him greater leverage in his own internal policy debates.

Yet he typically resisted the specific prescriptions offered by critics. After Tom Blanton and I wrote an op-ed in the New York Times 25 years ago criticizing a Clinton draft executive order on classification and comparing it unfavorably to President Nixon’s policy, Garfinkel lamented that we had been “too effective”: the final Clinton order shortened the duration of classification for most documents, as we had urged, but it also included “a lot more exceptions than I would have wanted,” he said. “Aftergood and Blanton hoisted themselves on their own petard.” Years later, Garfinkel continued to believe that we had made a fateful error.

Garfinkel brought a deep humanity to what was essentially a bureaucratic role. He was warm, kind, funny and not afraid of an argument or an opposing view.

When he “retired” from ISOO in 2002, he took on what might have been an even more challenging task — teaching high school students in suburban Maryland.

“I have no desire whatsoever to return to the government in any capacity, save public high school teacher, which is doing everything necessary to leave me ragged,” he told me. As for secrecy policy, “I hope we never get to the point where we quit trying [to do better], although I have personally quit worrying about it and I think you will inevitably reach that point also.”

Many of the qualities that made him a great public servant also made him a beloved teacher of a generation of students, some of whom remembered him on Twitter last week.

Financial Accounts May Be “Modified” to Shield Classified Programs

In an apparent departure from “generally accepted accounting principles,” federal agencies will be permitted to publish financial statements that are altered so as to protect information on classified spending from disclosure.

The new policy was developed by the government’s Federal Accounting Standards Advisory Board (FASAB) in response to concerns raised by the Department of Defense and others that a rigorous audit of agency financial statements could lead to unauthorized disclosure of classified information.

In order to prevent disclosure of classified information in a public financial statement, FASAB said that agencies may amend or obscure certain spending information. “An entity may modify information required by other [accounting] standards if the effect of the modification does not change the net results of operations or net position.”

Agencies may also shift accounts around in a potentially misleading way. “A component reporting entity is allowed to be excluded from one reporting entity and consolidated into another reporting entity. The effect of the modifications may change the net results of operations and/or net position.” See Statement of Federal Financial Accounting Standards 56, FASAB, July 5, 2018 (final draft for sponsor review).

In response to an earlier draft of the new standard that was issued last December, most government agencies endorsed the move to permit modifying public financial statements.

“The protection of classified information and national security takes precedence over financial statements,” declared the Central Intelligence Agency in its comments (submitted discreetly under the guise of an “other government agency”).

“It is in the best interest of national security to allow for modification to the presentation of balances and reporting entity in the GPFFR [the publicly available General Purpose Federal Financial Report],” CIA wrote.

But in a sharply dissenting view, the Pentagon’s Office of Inspector General said the new approach was improper, unwise and unnecessary.

It “jeopardizes the financial statements’ usefulness and provides financial managers with an arbitrary method of reporting accounting information,” the DoD OIG said.

“We do not agree that incorporating summary-level dollar amounts in the overall statements will necessarily result in the release of classified information.”

“This proposed guidance is a major shift in Federal accounting guidance and, in our view, the potential impact is so expansive that it represents another comprehensive basis of accounting.”

“The Board should clarify whether this proposed standard, or subsequent Interpretations, could permit entities to record misstated amounts in the financial statements to mislead readers with the stated purpose of protecting classified information. We believe that no accounting guidance should allow this type of accounting entry.”

“We do not believe that… the Board’s proposed guidance would effectively protect classified information, comply with GAAP [generally accepted accounting principles], or serve the public interest,” the DoD OIG wrote.

The Kearney & Company accounting firm also objected, saying that it would be better to classify certain financial statements or redact classified spending than to misrepresent published information.

“Generally Accepted Accounting Principles (GAAP) should not be modified to limit reporting of classified activities. Rather, GAAP reporting should remain the same as other Federal entities and redacted for public release or remain classified.”

If a published account is modified “so material activity is no longer accurately presented to the reader of financial statements, its usefulness to public users is limited and subject to misinterpretation.”

“This approach limits the value, usefulness, and benefits of financial statements as currently defined by GAAP. Financial statements of classified entities should remain classified or redacted like other classified documents before release to the public.”

“The integrity of current GAAP as it applies to all Federal entities should be retained,” Kearney said in its comments.

But the FASAB ultimately rejected those views.

“The Board determined that options other than those permitted in this Statement may not always adequately resolve national security concerns,” according to the final draft of the policy, which the Board provided to Secrecy News.

“Without this Statement, there is a risk that reporting entities may need to classify their entire financial statements to comply with existing accounting standards, which would likely result in the need to classify a large portion of the government-wide financial statements.”

In practice, the Board suggested, “Modifications may not be needed to prevent the disclosure of certain classified information. Therefore, this Statement permits, rather than requires, modifications on a case-by-case basis.”

The new accounting standard is expected to be approved by the FASAB sponsors — namely the Secretary of Treasury, the Comptroller General, and the Director of the Office of Management and Budget — by the end of a 90 day review period in October.

Last month, the FASAB issued a separate classified “Interpretation” of the new standard that addressed the policy’s implementation in detail. The contents of that document are not publicly known.

The topic of accounting for classified spending has been a challenging one for the Board, said Assistant Director Monica R. Valentine on Monday. “This is the first time we’ve had to deal with this sort of issue.”

Classified Human Subjects Research Continues at DOE

dozen classified programs that involved research on human subjects were underway last year at the Department of Energy.

Human subjects research refers broadly to the collection of scientific data from human subjects. This could involve physical procedures that are performed on the subjects, or simply interviews and other forms of interaction with them.

Little information is publicly available about the latest DOE programs, most of which have opaque, non-descriptive names such as TristanIdaho Bailiff and Moose Drool. But a list of the classified programs was released this week under the Freedom of Information Act.

Human subjects research erupted into national controversy 25 years ago with reporting by Eileen Welsome of the Albuquerque Tribune on human radiation experiments that had been conducted by the Atomic Energy Commission, many of which were performed without the consent of the subjects. A presidential advisory committee was convened to document the record and to recommend appropriate policy responses.

In 2016, the Department of Energy issued updated guidelines on human subjects research, which included a requirement to produce a listing of all classified projects involving human subjects. It is that listing that has now been released.

“Research using human subjects provides important medical and scientific benefits to individuals and to society. The need for this research does not, however, outweigh the need to protect individual rights and interests,” according to the 2016 DOE guidance on protection of human subjects in classified research.

An extravagantly horrific example of fictional human subject research was imagined by Lindsay Anderson in his 1973 film O Lucky Man! which captured the zeitgeist for a moment.

BMD Flight Test Schedule Must Be Unclassified

Earlier this year, the Department of Defense classified the schedule of flight tests of ballistic missile defense systems, even though such information had previously been unclassified and publicly disclosed.

Rejecting that move, Congress has now told the Pentagon’s Missile Defense Agency that the flight test schedule must be unclassified.

A new provision in the FY2019 national defense authorization act (sect. 1681) would “require that MDA make the quarter and fiscal year for execution of planned flight tests unclassified.”

“Together with the release of each integrated master test plan of the Missile Defense Agency, and at the same time as each budget of the President is submitted to Congress…, the Director of the Missile Defense Agency shall make publicly available a version of each such plan that identifies the fiscal year and the fiscal quarter in which events under the plan will occur,” the provision states.

This legislative action will effectively override the classification judgment of the executive branch. That is something that Congress rarely does and that the executive branch regards as an infringement on its authority.

Bid to Rectify the “Black Budget” Fails

The so-called “black” budget — which refers to classified government spending on military procurement, operations, and intelligence — is not merely secret. It is actually deceptive and misleading, since it produces a distortion in the amount and the presentation of the published budget.

The amount of money that is purportedly appropriated for the US Air Force, for example, does not all go to the Air Force, the Senate Armed Services Committee recently observed.

“Each year, a significant portion of the Air Force budget contains funds that are passed on to, and managed by, other organizations within the Department of Defense. This portion of the budget, called ‘pass-through,’ cannot be altered or managed by the Air Force. It resides within the Air Force budget for the purposes of the President’s budget request and apportionment, but is then transferred out of the Service’s control,” according to a Senate report on the 2019 defense bill (S.Rept. 115-262).

Although the report does not say so, the Air Force budget may also include pass-through funding for the Central Intelligence Agency, which of course is not even part of the Department of Defense, as well as for other non-Air Force intelligence functions.

“In fiscal year 2018, the Air Force pass-through budget amounted to approximately $22.0 billion, or just less than half of the total Air Force procurement budget. The committee believes that the current Air Force pass-through budgeting process provides a misleading picture of the Air Force’s actual investment budget.”

The Senate therefore recommended that such “pass-through” funds be removed from the Air Force budget and included in Defense-wide appropriations.

But in the House-Senate conference on the FY2019 defense bill, this move was blocked and so the deceptive status quo will continue to prevail.

Earlier this month, the Director of National Intelligence and the Pentagon Comptroller wrote to Congress to present their views on the Senate provision. A copy of their letter, which presumably objected to the proposed move, has been requested but not yet released.

The logic of the Senate proposal was explained by Mackenzie Eaglen of the American Enterprise Institute in “Time to Get the Black Out of the Blue,” Real Clear Defense, June 13.

The Aging Secrecy System Is “At a Crossroads”

Today’s national security classification system is unsustainable, says a new annual report to the President from the government’s Information Security Oversight Office (ISOO). It is “hamstrung by old practices and outdated technology” and a new, government-wide technology strategy will be required “to combat inaccurate classification and promote more timely declassification.”

The secrecy system has expanded to the point that it is effectively unmanageable and often counterproductive, ISOO indicated.

“Too much classification impedes the proper sharing of information necessary to respond to security threats, while too little declassification undermines the trust of the American people in their Government. Reforms will require adopting strategies that increase the precision and decrease the permissiveness of security classification decisions, improve the efficiency and effectiveness of declassification programs, and use modern technology in security classification programs across the Government,” the report said.

“We are at a crossroads” wrote ISOO director Mark Bradley in a May 31 letter to the President transmitting the report, which was made public today.

ISOO’s sense of urgency is reflected in the annual report itself, which strives to be more forward leaning and policy-relevant than many past ISOO reports. It goes beyond the recitation of (often questionable) statistics on classification activity to present a series of findings and recommended actions that it says are needed to restore the integrity of the system.

In addition to a call for development of a comprehensive new technology strategy for classification and declassification, ISOO specifically recommends adding a new budget line item for security classification in agency budget requests to help regulate and justify expenditures, and adding a public member to the Information Security Classification Appeals Panel to represent the broad public interest in that Panel’s work on declassification.

Some of the other recommendations in the report flag problem areas rather than advance solutions, and tend to do so in the passive voice: “Policies must be revised to improve the effectiveness and efficiency of automatic declassification.” How exactly should the policies be revised? Adopt a “drop-dead date” for classification? Eliminate agency referrals for older documents? Grant broad declassification authority to the National Declassification Center? The report doesn’t say.

Much of the data traditionally reported by ISOO regarding classification activity is suggestive but not truly informative. Just as one cannot judge the overall health of the economy from stock market averages, changes in the volume of classification activity say nothing about its quality or legitimacy. In 2017, ISOO found that original classification activity (production of new secrets) increased for the first time in four years. At the same time, derivative classification decreased. The significance of these developments, if any, is unclear.

But other ISOO findings in the new report are more interesting.

ISOO said that last year there were again hundreds of classification challenges presented by government employees who disputed the classification of particular items of information. Most of the challenges were denied, but in 8% of the cases (a small but non-negligible number) they were upheld and the classifications in question were overturned. Such classification challenges “serve a critical role by uncovering information improperly classified in the first instance,” the ISOO report said, providing “an internal check on the system.” Because the challenges are now mostly localized in just a few agencies, this practice has the potential to have far more impact in combating overclassification if it can be adopted and encouraged more widely across the executive branch.

The ISOO report summarized the results of the latest Fundamental Classification Guidance Review, which led to the cancellation of 221 security classification guides (out of 2,865 guides). The cancelled guides will no longer be available for use in classifying information.

ISOO also cast a favorable spotlight on the new approach to classification led by the National Geospatial-Intelligence Agency. NGA now requires written justifications for original classification decisions, along with a description of the damage that would result from unauthorized disclosure, and an unclassified paraphrase of the classified information. The resulting NGA classification guidance currently represents a “best practice” in classification policy, ISOO said. That is to say, it represents a model that could constructively be applied elsewhere in agencies that classify national security information.

The ISOO report also addressed escalating classification costs (which reached a new high in 2017), growing backlogs of mandatory declassification review requests, and the contentious implementation of Controlled Unclassified Information policy, among other topics.

Fixing the classification system is a slow and uncertain process, and some people don’t want to wait.

Sen. Doug Jones (D-Ala.) introduced legislation this week to accelerate the release of records concerning unsolved criminal civil rights cases from half a century ago. Some of those records, in his estimation, “remain classified unnecessarily.” So his bill (S. 3191) would work around that classification obstacle with an alternative approach. Modeled in part on the JFK Assassination Records Act of 1992, the bill would empower a panel of private citizens to review and decide on disclosure of the records.

Meanwhile, the Department of Defense recently issued a “request for information” about technology that could aid in the classification process. The desired technology “must be able to make real-time decisions about the classification level of the information and an individual’s ability to access, change, delete, receive or forward the information.” (FBO, NextGov, ArsTechnica)

Hundreds of CIA Email Accounts Deemed Permanent Records

In a significant expansion of intelligence record preservation, email from more than 426 Central Intelligence Agency email accounts will now be captured as permanent historical records. A plan to that effect was approved by the National Archives last week.

In 2014, the CIA had said that it intended to preserve the emails of only 22 senior officials, a startlingly low number considering the size and importance of the Agency. The National Archives initially recommended approval of the CIA proposal.

But as soon as the CIA proposal was made public, it generated a wave of opposition from members of Congress and public interest groups.

“In our experience, email messages are essential to finding CIA records that may not exist in other so-called permanent records at the CIA,” wrote Senators Dianne Feinstein and Saxby Chambliss in November 2014, when they were chair and vice chair of the Senate Intelligence Committee. “Applying the new proposal to all but the 22 most senior CIA officials means the new policy would allow the destruction of important records and messages of a number of top CIA officials.”

In light of such objections, NARA agreed to reassess the CIA plan. It was officially withdrawn by CIA in 2016.

The new plan, submitted by CIA in July 2017 and approved by NARA on April 24, extends email record preservation much deeper into the CIA bureaucracy, requiring retention of the email of many program managers and office directors that were missing from the original plan.

The newly approved plan identifies 426 accounts subject to capture as permanent records. However, a number of other email accounts covered by the new plan are classified “due to the names of some offices noted on the form as well as the number of accounts in certain categories,” said Meg Phillips, external affairs liaison for NARA. The total number is therefore greater than 426.

The CIA’s new plan “resolves the majority of comments or concerns raised during the public comment period” regarding the previous plan, Ms. Phillips said.

Court Rules in Favor of Selective Disclosure

The Central Intelligence Agency can selectively disclose classified information to reporters while withholding that very same information from a requester under the Freedom of Information Act, a federal court ruled last month.

The ruling came in a FOIA lawsuit brought by reporter Adam Johnson who sought a copy of emails sent to reporters Siobhan Gorman of the Wall Street Journal, David Ignatius of the Washington Post, and Scott Shane of the New York Times that the CIA said were classified and exempt from disclosure.

“The Director of Central Intelligence is free to disclose classified information about CIA sources and methods selectively, if he concludes that it is necessary to do so in order to protect those intelligence sources and methods, and no court can second guess his decision,” wrote Chief Judge Colleen J. McMahon of the Southern District of New York in a decision in favor of the CIA that was released last week with minor redactions.

The Freedom of Information Act is a tool that can change as it is used, whether for the better or the worse, especially since FOIA case law rests on precedent. That means that a FOIA lawsuit that is ill-advised or poorly argued or that simply fails for any reason can alter the legal landscape to the disadvantage of future requesters. In particular, as anticipated a few months ago, “a lawsuit that was intended to challenge the practice of selective disclosure could, if unsuccessful, end up ratifying and reinforcing it.” That is what has now happened.

The shift is starkly illustrated by comparing the statements of Judge McMahon early in the case, when she seemed to identify with the plaintiff’s perspective, and her own final ruling that coincided instead with the CIA’s position.

“There is absolutely no statutory provision that authorizes limited disclosure of otherwise classified information to anyone, including ‘trusted reporters,’ for any purpose, including the protection of CIA sources and methods that might otherwise be outed,” she had previously stated in a January 30 order.

“In the real world, disclosure to some who are unauthorized operates as a waiver of the right to keep information private as to anyone else,” which was exactly the plaintiff’s point.

“I suppose it is possible,” she added in a cautionary footnote, “that the Government does not consider members of the press to be part of ‘the public.’ I do.”

But this congenial (to the plaintiff) point of view would soon be abandoned by the court. By the end of the case, the mere act of disclosure to one or more members of the press would no longer be deemed equivalent to “public disclosure” for purposes of waiving an exemption from disclosure under FOIA.

Instead, Judge McMahon would come to accept, as the CIA argued in a February 14 brief, that “a limited disclosure of information to three journalists does not constitute a disclosure to the public. Where, as here, the record shows that the classified and statutorily protected information at issue has not entered the public domain, there is no waiver of FOIA’s exemptions.”

Plaintiff Johnson objected that “the Government cannot define ‘public’ to mean members of the public it is not disclosing information to.”

“The Government’s position that it may selectively disclose without waiver, if it has the best of intentions, knows no logical limits and would render the FOIA waiver doctrine a nullity,” he wrote. “The CIA’s motive in releasing the information is irrelevant under FOIA. Whether good reason, bad reason, or no reason at all, what matters is that an authorized disclosure took place. If the CIA does not wish to waive its secrecy prerogative, it cannot authorize a disclosure to a member of the public.”

In an amicus brief, several FOIA advocacy groups presented a subtle technical argument in support of the plaintiff. Under the circumstances, they concluded, the court had no choice but to order disclosure. “It does not matter… how much alleged damage the release of the information could cause.”

But these counterarguments proved unpersuasive to the court, and Judge McMahon ended up with a new conception of what constitutes the kind of prior “public disclosure” that would compel release of information under FOIA. Selective disclosure to individual reporters would not qualify.

“For something to be ‘public,’ it has to, in some sense, be accessible to members of the general public,” she now held in her final opinion.

“Selective disclosure of protectable information to an organ of the press… does not create a ‘truly public’ record of that information.” So CIA cannot be forced to disclose it to others. This was exactly the opposite of the view expressed by Judge McMahon earlier in the case.

The ruling was a defeat for the FOIA in the sense that it affirmed and strengthened a barrier to disclosure.

But it might also be considered a victory for the press, to the extent that it enables exchange of classified information with reporters off the record. Had the court compelled disclosure of the classified CIA emails to reporters Gorman, Ignatius and Shane, that would likely have reduced or eliminated the willingness of agencies to share classified information with reporters, as they occasionally do.

But the practice of selective disclosure has risks of its own, wrote plaintiff’s attorney Dan Novack last year. It “allow[s] the government to hypocritically release sensitive national security information when it suits its public relations interests without fear of being held to its own standard later.”