Hundreds of CIA Email Accounts Deemed Permanent Records

In a significant expansion of intelligence record preservation, email from more than 426 Central Intelligence Agency email accounts will now be captured as permanent historical records. A plan to that effect was approved by the National Archives last week.

In 2014, the CIA had said that it intended to preserve the emails of only 22 senior officials, a startlingly low number considering the size and importance of the Agency. The National Archives initially recommended approval of the CIA proposal.

But as soon as the CIA proposal was made public, it generated a wave of opposition from members of Congress and public interest groups.

“In our experience, email messages are essential to finding CIA records that may not exist in other so-called permanent records at the CIA,” wrote Senators Dianne Feinstein and Saxby Chambliss in November 2014, when they were chair and vice chair of the Senate Intelligence Committee. “Applying the new proposal to all but the 22 most senior CIA officials means the new policy would allow the destruction of important records and messages of a number of top CIA officials.”

In light of such objections, NARA agreed to reassess the CIA plan. It was officially withdrawn by CIA in 2016.

The new plan, submitted by CIA in July 2017 and approved by NARA on April 24, extends email record preservation much deeper into the CIA bureaucracy, requiring retention of the email of many program managers and office directors that were missing from the original plan.

The newly approved plan identifies 426 accounts subject to capture as permanent records. However, a number of other email accounts covered by the new plan are classified “due to the names of some offices noted on the form as well as the number of accounts in certain categories,” said Meg Phillips, external affairs liaison for NARA. The total number is therefore greater than 426.

The CIA’s new plan “resolves the majority of comments or concerns raised during the public comment period” regarding the previous plan, Ms. Phillips said.

Court Rules in Favor of Selective Disclosure

The Central Intelligence Agency can selectively disclose classified information to reporters while withholding that very same information from a requester under the Freedom of Information Act, a federal court ruled last month.

The ruling came in a FOIA lawsuit brought by reporter Adam Johnson who sought a copy of emails sent to reporters Siobhan Gorman of the Wall Street Journal, David Ignatius of the Washington Post, and Scott Shane of the New York Times that the CIA said were classified and exempt from disclosure.

“The Director of Central Intelligence is free to disclose classified information about CIA sources and methods selectively, if he concludes that it is necessary to do so in order to protect those intelligence sources and methods, and no court can second guess his decision,” wrote Chief Judge Colleen J. McMahon of the Southern District of New York in a decision in favor of the CIA that was released last week with minor redactions.

The Freedom of Information Act is a tool that can change as it is used, whether for the better or the worse, especially since FOIA case law rests on precedent. That means that a FOIA lawsuit that is ill-advised or poorly argued or that simply fails for any reason can alter the legal landscape to the disadvantage of future requesters. In particular, as anticipated a few months ago, “a lawsuit that was intended to challenge the practice of selective disclosure could, if unsuccessful, end up ratifying and reinforcing it.” That is what has now happened.

The shift is starkly illustrated by comparing the statements of Judge McMahon early in the case, when she seemed to identify with the plaintiff’s perspective, and her own final ruling that coincided instead with the CIA’s position.

“There is absolutely no statutory provision that authorizes limited disclosure of otherwise classified information to anyone, including ‘trusted reporters,’ for any purpose, including the protection of CIA sources and methods that might otherwise be outed,” she had previously stated in a January 30 order.

“In the real world, disclosure to some who are unauthorized operates as a waiver of the right to keep information private as to anyone else,” which was exactly the plaintiff’s point.

“I suppose it is possible,” she added in a cautionary footnote, “that the Government does not consider members of the press to be part of ‘the public.’ I do.”

But this congenial (to the plaintiff) point of view would soon be abandoned by the court. By the end of the case, the mere act of disclosure to one or more members of the press would no longer be deemed equivalent to “public disclosure” for purposes of waiving an exemption from disclosure under FOIA.

Instead, Judge McMahon would come to accept, as the CIA argued in a February 14 brief, that “a limited disclosure of information to three journalists does not constitute a disclosure to the public. Where, as here, the record shows that the classified and statutorily protected information at issue has not entered the public domain, there is no waiver of FOIA’s exemptions.”

Plaintiff Johnson objected that “the Government cannot define ‘public’ to mean members of the public it is not disclosing information to.”

“The Government’s position that it may selectively disclose without waiver, if it has the best of intentions, knows no logical limits and would render the FOIA waiver doctrine a nullity,” he wrote. “The CIA’s motive in releasing the information is irrelevant under FOIA. Whether good reason, bad reason, or no reason at all, what matters is that an authorized disclosure took place. If the CIA does not wish to waive its secrecy prerogative, it cannot authorize a disclosure to a member of the public.”

In an amicus brief, several FOIA advocacy groups presented a subtle technical argument in support of the plaintiff. Under the circumstances, they concluded, the court had no choice but to order disclosure. “It does not matter… how much alleged damage the release of the information could cause.”

But these counterarguments proved unpersuasive to the court, and Judge McMahon ended up with a new conception of what constitutes the kind of prior “public disclosure” that would compel release of information under FOIA. Selective disclosure to individual reporters would not qualify.

“For something to be ‘public,’ it has to, in some sense, be accessible to members of the general public,” she now held in her final opinion.

“Selective disclosure of protectable information to an organ of the press… does not create a ‘truly public’ record of that information.” So CIA cannot be forced to disclose it to others. This was exactly the opposite of the view expressed by Judge McMahon earlier in the case.

The ruling was a defeat for the FOIA in the sense that it affirmed and strengthened a barrier to disclosure.

But it might also be considered a victory for the press, to the extent that it enables exchange of classified information with reporters off the record. Had the court compelled disclosure of the classified CIA emails to reporters Gorman, Ignatius and Shane, that would likely have reduced or eliminated the willingness of agencies to share classified information with reporters, as they occasionally do.

But the practice of selective disclosure has risks of its own, wrote plaintiff’s attorney Dan Novack last year. It “allow[s] the government to hypocritically release sensitive national security information when it suits its public relations interests without fear of being held to its own standard later.”

Missile Defense Flight Test Secrecy May Be Reversed

Some members of the House Armed Services Committee want the Pentagon’s Missile Defense Agency to return to its previous practice of publicly disclosing information about planned flight tests of ballistic missile defense (BMD) systems and components.

Earlier this year, the Department of Defense said that information about BMD flight tests, objectives and schedules was now classified, even though such information had routinely been made public in the past. (DOD Classifies Missile Defense Flight Test Plans, Secrecy News, March 5, 2018).

But in their initial markup of the FY2019 National Defense Authorization Act, members of the House Armed Services Strategic Forces Subcommittee said that the new secrecy was unacceptable, at least with respect to the test schedule.

They directed that “Together with the release of each integrated master test plan of the Missile Defense Agency, the Director of the Missile Defense Agency shall make publicly available a version of each such plan that identifies the fiscal year and the fiscal quarter in which events under the plan will occur.”

The pending provision would “require that MDA make the quarter and fiscal year for execution of planned flight tests unclassified.” (h/t Kingston Reif)

Aside from the merits of the House language, it represents a noteworthy legislative intervention in national security classification policy.

Under other circumstances, the executive branch might consider it an intolerable infringement on its authority for Congress to require information to be unclassified over and against an agency’s own judgment or preference.

But in the context of the context of the ambitious and contentious defense authorization act — which among other things would establish a new U.S. Space Command under U.S. Strategic Command — this particular dispute over classification authority recedes into comparative insignificance.

Somewhat relatedly, the Joint Chiefs of Staff have updated DoD doctrine on space operations, with an expanded discussion of natural and man-made threats.

“Our adversaries’ progress in space technology not only threatens the space environment and our space assets but could potentially deny us an advantage if we lose space superiority.”

The doctrine describes general approaches to defending against threats to space-based assets, including defensive operations, reconstitution, and enhanced resilience through distribution, proliferation and deception. See Joint Publication (JP) 3-14, Space Operations, 10 April 2018.

A Forum for Classified Research on Cybersecurity

By definition, scientists who perform classified research cannot take full advantage of the standard practice of peer review and publication to assure the quality of their work and to disseminate their findings. Instead, military and intelligence agencies tend to provide limited disclosure of classified research to a select, security-cleared audience.

In 2013, the US intelligence community created a new classified journal on cybersecurity called the Journal of Sensitive Cyber Research and Engineering (JSCoRE).

The National Security Agency has just released a redacted version of the tables of contents of the first three volumes of JSCoRE in response to a request under the Freedom of Information Act.

JSCoRE “provides a forum to balance exchange of scientific information while protecting sensitive information detail,” according to the ODNI budget justification book for FY2014 (at p. 233). “Until now, authors conducting non-public cybersecurity research had no widely-recognized high-quality secure venue in which to publish their results. JSCoRE is the first of its kind peer-reviewed journal advancing such engineering results and case studies.”

The titles listed in the newly disclosed JSCoRE tables of contents are not very informative — e.g. “Flexible Adaptive Policy Enforcement for Cross Domain Solutions” — and many of them have been redacted.

However, one title that NSA withheld from release under FOIA was publicly cited in a Government Accountability Office report last year:  “The Darkness of Things: Anticipating Obstacles to Intelligence Community Realization of the Internet of Things Opportunity,” JSCoRE, vol. 3, no. 1 (2015)(TS//SI//NF).

“JSCoRE may reside where few can lay eyes on it, but it has plenty of company,” wrote David Malakoff in Science Magazine in 2013. “Worldwide, intelligence services and military forces have long published secret journals” — such as DARPA’s old Journal of Defense Research — “that often touch on technical topics. The demand for restricted outlets is bound to grow as governments classify more information.”

DOD Classifies Missile Defense Flight Test Plans

The Department of Defense has decided to classify previously public information regarding future flight tests of ballistic missile defense systems and components.

Information about pending missile defense flight tests, their objectives, and their timing had previously been included in each year’s budget request documents. But that is no longer the case, and such information was withheld from the FY 2019 Missile Defense Agency RDT&E budget book that was published last month.

“Due to the need to safeguard critical defense information, the DOD will not provide timing or test details in advance beyond the required safety notifications for any planned flight tests,” Lt. Gen. Sam Greaves told Jason Sherman of InsideDefense, who noticed the newly restrictive disclosure practice. See “DOD now treating missile defense flight test plans — once public — as classified” by Jason Sherman, Inside the Pentagon, March 1 (subscription req’d).

Classification of flight test information makes it harder for outside observers and overseers — not just foreign intelligence services — to monitor the progress of US ballistic missile defense programs. The Missile Defense Agency’s specific justification for classifying previously unclassified categories of flight test information has not been publicly explained.

The Expanding Secrecy of the Afghanistan War

Last year, dozens of categories of previously unclassified information about Afghan military forces were designated as classified, making it more difficult to publicly track the progress of the war in Afghanistan.

The categories of now-classified information were tabulated in a memo dated October 31, 2017 that was prepared by the staff of the Special Inspector General for Afghanistan Reconstruction (SIGAR), John Sopko.

In the judgment of the memo authors, “None of the material now classified or otherwise restricted discloses information that could threaten the U.S. or Afghan missions (such as detailed strategy, plans, timelines, or tactics).”

But “All of the [newly withheld] data include key metrics and assessments that are essential to understanding mission success for the reconstruction of Afghanistan’s security institutions and armed forces.”

So what used to be available that is now being withheld?

“It is basically casualty, force strength, equipment, operational readiness, attrition figures, as well as performance assessments,” said Mr. Sopko, the SIGAR.

“Using the new [classification criteria], I would not be able to tell you in a public setting or the American people how their money is being spent,” Mr. Sopko told Congress at a hearing last November.

The SIGAR staff memo tabulating the new classification categories was included as an attachment for the hearing record, which was published last month. See Overview of 16 Years of Involvement in Afghanistan, hearing before the House Government Oversight and Reform Committee, November 1, 2017.

In many cases, the information was classified by NATO or the Pentagon at the request of the Government of Afghanistan.

“Do you think that it is an appropriate justification for DOD to classify previously unclassified information based on a request from the Afghan Government?,” asked Rep. Val Demings (D-FL). “Why or why not?”

“I do not because I believe in transparency,” replied Mr. Sopko, “and I think the loss of transparency is bad not only for us, but it is also bad for the Afghan people.”

“All of this [now classified] material is historical in nature (usually between one and three months old) because of delays incurred by reporting time frames, and thus only provides ‘snapshot’ data points for particular periods of time in the past,” according to the SIGAR staff memo.

“All of the data points [that were] classified or restricted are ‘top-line’ (not unit-level) data. SIGAR currently does not publicly report potentially sensitive, unit-specific data.”

Yesterday at a hearing of the House Armed Services Committee, Rep. Walter Jones (R-NC) asked Secretary of Defense James N. Mattis about the growing restrictions on information about the war in Afghanistan.

“We are now increasing the number of our troops in Afghanistan, and after 16 years, the American people have a right to know of their successes. Some of that, I’m sure it is classified information, which I can understand. But I also know that we’re not getting the kind of information that we need to get to know what successes we’re having. And after 16 years, I do not think we’re having any successes,” Rep. Jones said.

Secretary Mattis said that the latest restriction of unclassified information about the extent of Taliban or government control over Afghanistan that was withheld from the January 2018 SIGAR quarterly report had been “a mistake.” He added, “That information is now available.” But Secretary Mattis did not address the larger pattern of classifying previously unclassified information about Afghan forces that was discussed at the November 2017 hearing.

Changing of the Guard: Recent Retirements

Several government officials who collectively represent much of the public face of the national security secrecy system have retired recently. They include:

*    Sheryl Shenberger, Director of the National Declassification Center

*    Stephen Randolph, Historian of the State Department

*    David J. Sherman, NSA Associate Director for Strategy, Plans, and Policy

*    Joseph Lambert, CIA Director of Information Management

In various ways they have all been significant collaborators — or at least partners in debate — with public advocates of greater openness, and they have all contributed to a gradual increase in public access to national security information.

Their diverse activities and achievements are not fully known to me and cannot be summarized here. But from my own limited vantage point, each one made a positive difference.

After I raised the question of declassifying US records regarding Indonesia in the 1960s (at a June 2016 meeting of the Public Interest Declassification Board), Sheryl Shenberger approached me to ask for more information, which I provided. It turned that this task was ideal for the National Declassification Center, especially since it involved a set of records that were both historically important and relatively limited in volume. She saw to it that the collection was declassified and released last year.

Stephen Randolph helped advocate for the release of the long-suppressed Foreign Relations of the United States (FRUS) volume on the 1953 coup in Iran, which was finally published last year. Under his leadership, the Historian’s Office was strengthened, productivity was increased, and FRUS began to be published within its mandated 30-year deadline for the first time in decades.

David Sherman helped foster internal and external discussion of changes to government secrecy policy. And when I pointed out that a “finding aid” to historical NSA records at the National Archives was unhelpfully classified, he conceded that was a mistake and expedited its declassification.

Joseph Lambert (who retired early last year) had the difficult task of defending CIA classification policies. But he was always willing to discuss the subject, to acknowledge errors and to correct them.

In fact, the accessibility of these officials — their willingness to engage with members of the public — was perhaps their single most admirable feature. For my part, I think each of them helped me to see problems of disclosure from a government perspective, to understand what might be feasible and what was not, and to formulate proposals for change that could be acted upon by their respective bureaucracies.

IC “Portfolios” Overcome Compartmentalization of Intelligence

Excessive compartmentalization of intelligence can be counteracted by the use of “portfolios” of compartmented programs, according to new intelligence community guidance.

Undue secrecy in intelligence is not only a barrier to external oversight and public accountability. It can also be an obstacle to effective mission performance. That is fortunate in a way since it provides a reason for officials to reconsider classification policy and an incentive for them to curtail unnecessary secrecy.

Director of National Intelligence Daniel R. Coats, who has kept a comparatively low public profile lately, surfaced last month to issue new guidance that is intended in part as a way to curb internal IC secrecy.

The guidance discusses the creation and management of intelligence “portfolios.” This term refers to a collection of classified programs that overlap in some way and that are bundled together to facilitate information sharing and collaboration.

“Establishment of a Portfolio may be required in order to achieve unity of effort and effect against the highest priority requirements or when compartmentalization hinders or prevents access to information necessary for intelligence integration,” according to the new guidance. The practice has no bearing on public disclosure of intelligence information.

All portfolio personnel are to be “indoctrinated” (i.e. granted access) to all portfolio programs, in what amounts to a reversal of the compartmentalization process. See Intelligence Community Portfolio Management, Intelligence Community Policy Guidance 906.1, December 15, 2017.

The portfolio concept was previously defined in the 2015 Intelligence Community Directive 906.

The Office of the Director of National Intelligence will convene a day-long “Intelligence Community Civil Liberties, Privacy and Transparency Summit” for IC employees on January 24.

US Air Force Updates Policy on Special Access Programs

The US Air Force last month issued updated policy guidance on its “special access programs” (SAPs). Those are classified programs of exceptional sensitivity requiring safeguards and access restrictions beyond those of other categories of classified information.

See Air Force Policy Directive 16-7Special Access Programs, 21 November 2017.

The new Air Force policy makes provisions for internal oversight of its SAPs, as well as limited congressional access to SAP information under some circumstances.

Notably, however, the new Air Force directive does not acknowledge the authority of the Information Security Oversight Office (ISOO) to review and oversee its SAPs.

That’s an error, said ISOO director Mark Bradley.

The executive order on national security classification (EO 13526, sect. 4.3) explicitly says that “the Director of the Information Security Oversight Office shall be afforded access to these [special access] programs.”

Mr. Bradley said that ISOO would communicate the point effectively to the Air Force.

Was Obama Administration the Most Transparent or the Least?

“After early promises to be the most transparent administration in history, the Obama administration turned out to be one of the most secretive,” wrote Washington Post media columnist Margaret Sullivan last year.

Speaking at Harvard’s Shorenstein Center last month, former ACLU litigator Jameel Jaffer didn’t go quite that far. He acknowledged that Obama had taken some small steps towards greater transparency, such as making White House visitor logs available and declassifying the Office of Legal Counsel memos on intelligence interrogation (the “torture memos”).

But overall, Obama was a disappointment, said Jaffer, a respected figure who now directs the Knight First Amendment Institute at Columbia University.

“Few people today–and certainly very few transparency advocates–believe that President Obama kept his promise,” he said.  See Government Secrecy in the Age of Information Overload, October 17, 2017.

That seems wrong.

A fair reading of the record shows that in dozens of areas of national security secrecy, the Obama Administration broke down longstanding barriers to public access and opened up previously inaccessible records of enormous importance and value. Some examples:

*    In 2010, the Obama Administration declassified the current size of the U.S. nuclear weapons arsenal for the first time ever. Even during the heyday of the Energy Department Openness Initiative of the 1990s, only historical stockpile data from 30 years earlier was released.

*    The Obama Administration was also the first ever to publish the amount of the intelligence budget request for the following year. This information had been the subject of FOIA litigation in the Clinton Administration but without success. Remarkably, there is no statutory requirement to publish the budget request for the Military Intelligence Program. But the Obama Administration did so anyway.

*     A decade ago, the CIA had claimed in court that the President’s Daily Brief (PDB) was itself an “intelligence method” and therefore categorically exempt from disclosure. Obama rejected that view and ordered that no information be exempt from declassification “based solely on the type of document or record in which it is found.” Thousands of historical PDBs were declassified as a result.

*    Prior to the Obama Administration, one had to have “sources” simply to find out the names of the judges who sat on the Foreign Intelligence Surveillance Court. Now the Court has its own website and it has never been more open to third-party oversight or participation.

*    The Obama Administration established a National Declassification Center to facilitate and streamline declassification. Amazingly, the Center undertook the successful declassification of a large collection of records from the US Embassy in Indonesia in the 1960s last year in response to a request from an individual member of the public.

These are all discrete policy actions that may be of interest to some people and not to others. Not everyone cares about nuclear weapons or intelligence or Indonesia or other such topics. But under Obama there was also a systemic contraction in the whole apparatus of government secrecy. Thus:

*    In 2014, the Obama Administration achieved the lowest number of “original classification decisions” (or newly-generated secrets) that had ever been reported by the Information Security Oversight Office. In 2016, the reported number of new secrets dropped lower still.

*    Not coincidentally, in 2015, the Obama Administration reduced the number of “original classification authorities” — i.e. officials who are authorized to create new secrets — to the lowest number ever reported.

*    The Obama Administration made a policy decision to shrink the size of the security-cleared population, both to reduce vulnerabilities and to conserve resources. The number of persons holding security clearances for access to classified information dropped accordingly from around 5.1 million in 2013 to 4.2 million in 2015.

Is all of that sufficient to justify a claim that the Obama Administration was “the most transparent in history”? Not necessarily. (And not only because “transparency” means different things to different people.)

One would also have to weigh the Administration’s failings, such as its (mis)handling of the Senate Intelligence Committee report on enhanced interrogation practices, among other unhappy episodes. And then one would then have to compare the composite record to that of other Administrations. But it is far from obvious that any other Administration has a stronger claim than Obama’s to being named “most transparent,” and neither Jaffer nor Sullivan has proposed one.

It is beyond argument that Obama established new benchmarks for disclosure of many types of national security information that had previously been withheld, and that his Administration imposed new constraints on the creation of classified information.

Ignoring or dismissing the Obama record of disclosure makes it impossible to inquire how such disclosures happened, and how they could be replicated and extended. Cynicism is a poor foundation for strategy.