Number of New Secrets in 2016 At New Low

Last year executive branch agencies created the fewest new national security secrets ever reported, according to an annual report published today by the Information Security Oversight Office (ISOO).

The number of new secrets — or “original classification decisions” — was 39,240 in 2016, an all-time low. The previous low of 46,800 was set in 2014. By comparison, more than 230,000 new secrets a year were being generated a decade ago. Since such record-keeping began in 1980, the total number never dropped below 100,000 until 2012. See 2016 Annual Report to the President, Information Security Oversight Office, July 2017.

While interesting and welcome from an open government viewpoint, the reported reduction in new secrets cannot bear too much interpretive weight. The figures cited by ISOO represent a compilation of dozens of estimates provided by individual agencies, based on sampling methods that are inconsistent and not always reliable.

Moreover, this statistical approach to secrecy oversight implies that all classification decisions are of equal significance. In actuality, some secrets may be of profound importance — politically, morally, historically, or otherwise — while many other secrets (such as administrative or technical details) will have little or no public policy interest. A simple numerical count of the number of classification decisions does not capture their relative meaning or value.

Still, assuming that the uncertainties and the ambiguities in the data have been more or less constant over time, the reduction in new secrets to a record low level is likely to reflect a real reduction in the scope of national security secrecy in the Obama years.

Classification Costs at a Record High

Meanwhile, however, the annual costs incurred by the classification system reached record high levels in 2016, the ISOO report said.

“The total security classification cost estimate within Government for FY 2016 is $16.89 billion,” ISOO reported, compared to $16.17 billion the year before. Classification-related costs within industry were an additional $1.27 billion.

Classification Challenges

Because decisions to classify information often involve subjective judgments about the requirements of national security and the potential of particular information to cause damage, such decisions are sometimes disputed even within the government itself. The classification system allows for classification challenges to be filed by authorized holders of classified information who believe that the information is improperly classified.

Last year, there were 954 such classification challenges, the ISOO report said, about the same number as the year before. Classification of the information was overturned in only about 17% of those challenges, however, compared to over 40% that were overturned the year before.

The classification challenge procedure is a potentially important internal oversight mechanism that is not yet fully mature or widely utilized. For some reason, the majority of classification challenges (496) last year originated at US Pacific Command, while only a single one emerged from the Department of Justice. In fact, ISOO found that about a quarter of all agencies do not even have a classification challenge program, though they are supposed to.

If such challenges could be promoted and accepted as a routine element of classification practice, they could serve to invigorate classification oversight and to provide an useful internal self-check.

The ISOO annual report also presented new data on declassification activity, the Interagency Security Classification Appeals Panel, agency self-inspections, controlled unclassified information (CUI), and other aspects of national security information policy.

ISOO director Mark A. Bradley, whose tenure as director began this year, told the President that in the next reporting cycle, “ISOO will focus on improving our methodology in data collection and will begin planning and developing new measures for future reporting that more accurately reflect the activities of agencies managing classified and sensitive information.”

Still No Classified Trump Presidential Directives

After nearly six months in office, President Trump has not yet issued a classified presidential directive on national security.

On June 16, Trump issued an unclassified National Security Presidential Memorandum (NSPM) on US policy towards Cuba, reversing or limiting some of the steps towards normalization of relations with that country that were undertaken by the Obama Administration.

The version of the Memorandum that was published on the White House website was unnumbered, but a White House official said last week that it is formally designated as NSPM-5.

Since the first four Trump NSPMs are also unclassified public documents, this means that at least as of June 16 there were still no classified or unreleased presidential directives on national security.

That is unexpected, and it is a departure from past practice in previous Administrations.

The explanation for the lack of classified NSPMs is unclear.

It is possible that President Trump is using some other instrument for issuing policy directives on classified national security matters (though that would be at odds with the definition and purpose of NSPMs). Alternatively, he may have delegated certain aspects of national security decision making elsewhere, as with the authorization for the Secretary of Defense to determine troop levels in Afghanistan.

Or it could be that there just are no other Trump national security directives because there is no other Trump national security policy to speak of. The Administration may still be so understaffed that it is incapable of launching significant new policy initiatives.

The June 16 NSPM-5 directed the Secretary of State to publish it in the Federal Register. But three weeks later, even that simple task has still not been carried out.

USAF Upgrades Secrecy of Nuclear Weapons Inspections

The U.S. Air Force has upgraded the classification of information pertaining to nuclear weapons inspections performed by the Inspector General, reducing or eliminating public references to the outcome of such inspections.

Until recently, the IG weapons inspections could be described in unclassified reports. Now they will be classified at least at the Confidential level.

An Air Force nuclear surety inspection (NSI) “assesses a unit’s ability to accomplish its assigned nuclear weapons mission and produce reliable nuclear weapons in a safe and secure environment in compliance with applicable directives. Additionally, an NSI inspects a unit’s capability to safely and reliably receive, store, secure, assemble, transport, maintain, load, mate, lock/unlock, test, render safe and employ nuclear weapons.”

The inspections typically result in a “grade” indicating the level of compliance. Whether pass or fail, those grades, too, will now be classified.

The changes were made following the latest revision of Chairman of the Joint Chiefs Instruction (CJCSI) 3263.05C, Nuclear Weapons Technical Inspections, issued on March 10, 2017. Though unclassified, the Instruction is “Limited” in distribution and is not publicly available.

Even those nuclear weapons inspections that produce a finding of full compliance cannot be disclosed, and from now on they also cannot be acknowledged in military decorations or unit awards.

“These changes are control measures put in place to prevent revealing potential vulnerabilities to adversary forces,” wrote Staff Sgt. Alexx Pons of Air Force Public Affairs. See “Nuclear inspection grade restricted in evaluation, decoration and award comments,” June 14, 2017.

The results of nuclear weapons inspections have been published for decades, noted Hans Kristensen of the Federation of American Scientists, without any reported adverse effect on national security. So an alternate explanation for the new classification policy seems wanted. “The change sure looks handy for preventing the public from knowing embarrassing information about when Air Force units fail nuclear inspections,” he said.

“Readiness” and Secrecy in the US Military

Is there a “readiness crisis” in the U.S. military?

The answer is uncertain because the question itself is unclear. But a perceived need to improve readiness has become a primary DoD justification for increased military spending. Meanwhile, previously unclassified indicators of military readiness are now being classified so that they are no longer publicly available.

“I have been shocked by what I’ve seen about our readiness to fight,” Secretary of Defense Jim Mattis told the House Armed Services Committee on Monday.

There is a need to “improve readiness conditions” said President Trump in his National Security Presidential Memorandum 1 on Rebuilding the U.S. Armed Forces.

Or maybe not.

“America’s fighting forces remain ready for battle,” wrote David Petraeus and Michael O’Hanlon in an op-ed last year. “They have extensive combat experience across multiple theaters since 9/11, a tremendous high-tech defense industry supplying advanced weaponry, and support from an extraordinary intelligence community.” See “The Myth of a U.S. Military ‘Readiness’ Crisis,” Wall Street Journal, August 10, 2016.

What is readiness? What should the military be ready for? How is readiness measured? How would increased defense spending affect readiness?

Although the term “readiness” is used in many ways, it has two principal definitions, the Congressional Research Service said in a new report yesterday:

“One, readiness has been used to refer in a broad sense to whether U.S. military forces are able to do what the nation asks of them. In this sense, readiness encompasses almost every aspect of the military.”

“Two, readiness is used more narrowly to mean only one component of what makes military forces able. In this second sense, readiness is parallel to other military considerations, like force structure and modernization, which usually refer to the size of the military and the sophistication of its weaponry.”

So is there a readiness crisis or not? It depends, CRS said.

“Most observers who see a crisis tend to use readiness in a broad sense, asserting the U.S. military is not prepared for the challenges it faces largely because of its size or the sophistication of its weapons. Most observers who do not see a crisis tend to use readiness in a narrow sense, assessing only the state of training and the status of current equipment.”

The two definitions are interdependent, CRS said, so that narrow readiness may compensate for deficiencies in broad readiness, or vice versa:

“Greater readiness in the narrow sense, such as better trained personnel, may offset the disadvantages of a smaller or a less technologically sophisticated force, depending on what task the military is executing. Alternatively, the military could be ready in the broader sense because its size and the sophistication of its weapons make up for shortfalls in such areas as training or how often a unit has used its equipment before experiencing combat.”

But readiness for what?

“Some senior officials express confidence in the military’s readiness for the missions it is executing today–although other observers are not as confident– but express concern over the military’s readiness for potential missions in the future,” CRS analyst Russell Rumbaugh wrote.

How is readiness measured, anyway? Not very well.

“Because of the two uses of the term, measuring readiness is difficult; despite ongoing efforts, many observers do not find DOD’s readiness reporting useful.”

Will more spending help?

“DOD’s 2018 request increases operating accounts more than procurement accounts. If readiness is used in a narrow sense, these funding increases may be the best way to improve the military’s readiness. If readiness is used in a broader sense, that funding may not be sufficient, or at least the best way to improve readiness.”

The new CRS report aims to illuminate the debate. But in the end, “it does not evaluate the current state of the U.S. military’s readiness or provide a conclusive definition of readiness.” See Defining Readiness: Background and Issues for Congress, June 14, 2017.

Definitions aside, increasing military secrecy is making the state of U.S. military readiness harder to discern.

“Some readiness information has always been classified and now we are classifying more of it,” a government official told The National Interest last month.

“We don’t think it should be public, for example, how many THAADs are not operational due to maintenance reasons,” the official said. “We don’t think it should be public what percent of our F-22s are not available due to maintenance. We don’t think it should be public how many of our pilots are below their required number of training hours in the cockpit.”

See “How the U.S. Military Is Trying to Mask Its Readiness Crisis” by Maggie Ybarra, The National Interest, May 18, 2017.

Legality of Presidential Disclosures, Continued

“There is no basis” for suggesting that President Trump’s disclosure of classified intelligence to Russian officials was illegal, wrote Morton Halperin this week.

To the contrary, “senior U.S. government officials in conversations with foreign officials decide on a daily basis to provide them with information that is properly classified and that will remain classified,” wrote Halperin, who is himself a former senior official.

“We should not let our desire to confront President Trump lead us to espouse positions that violate his rights and that would constrain future presidents in inappropriate ways.” See “Trump’s Disclosure Did Not Break the Law” by Morton H. Halperin, Just Security, May 23, 2017.

But constraints on presidential disclosure were on the minds of Rep. Stephanie Murphy (D-FL) and 17 House colleagues. They introduced legislation on May 24 “that would require the President to notify the intelligence committees when a U.S. official, including the President, intentionally or inadvertently discloses top-secret information to a nation that sponsors terrorism or, like Russia, is subject to U.S. sanctions.”

Yesterday, Rep. Dutch Ruppersberger (D-MD) introduced a bill “to ensure that a mitigation process and protocols are in place in the case of a disclosure of classified information by the President.”

Rep. Mike Thompson (D-CA) and five colleagues introduced a resolution “disapproving of the irresponsible actions and negligence of President Trump which may have caused grave harm to United States national security.”

For related background, see The Protection of Classified Information: The Legal Framework, Congressional Research Service, updated May 18, 2017, and Criminal Prohibitions on Leaks and Other Disclosures of Classified Defense Information, Congressional Research Service, updated March 7, 2017.

Legality of the Trump Disclosures, Revisited

When President Trump disclosed classified intelligence information to Russian officials last week, did he commit a crime?

Considering that the President is the author of the national security classification system, and that he is empowered to determine who gets access to classified information, it seems obvious that the answer is No. His action might have been reckless, I opined previously, but it was not a crime.

Yet there is more to it than that.

The Congressional Research Service considered the question and concluded as follows in a report issued yesterday:

“It appears more likely than not that the President is presumed to have the authority to disclose classified information to foreign agents in keeping with his power and responsibility to advance U.S. national security interests.” See Presidential Authority to Permit Access to National Security Information, CRS Legal Sidebar, May 17, 2017.

This tentative, rather strained formulation by CRS legislative attorneys indicates that the question is not entirely settled, and that the answer is not necessarily obvious or categorical.

And the phrase “in keeping with his power and responsibility to advance U.S. national security interests” adds an important qualification. If the president were acting on some other agenda than the U.S. national interest, then the legitimacy of his disclosure could evaporate. If the president were on Putin’s payroll, as the House majority leader lamely joked last year, and had engaged in espionage, he would not be beyond the reach of the law.

Outlandish hypotheticals aside, it still seems fairly clear that the Trump disclosures last week are not a matter for the criminal justice system, though they may reverberate through public opinion and congressional deliberations in a consequential way.

But several legal experts this week insisted that it’s more complicated, and that it remains conceivable that Trump broke the law. See:

“Don’t Be So Quick to Call Those Disclosures ‘Legal'” by Elizabeth Goitein, Just Security, May 17, 2017

“Why Trump’s Disclosure to Russia (and Urging Comey to Drop the Flynn Investigation, and Various Other Actions) Could Be Unlawful” by Marty Lederman and David Pozen, Just Security, May 17, 2017

“Trump’s disclosures to the Russians might actually have been illegal” by Steve Vladeck, Washington Post, May 16, 2017

Update, 05/23/17: But see also Trump’s Disclosure Did Not Break the Law by Morton Halperin, Just Security, May 23, 2017.

Trump Objects to Legislated Limits on Secrecy

In the new Consolidated Appropriations Act of 2017 (section 8009), Congress mandated that no new, highly classified special access programs may be created without 30 day advance notice to the congressional defense committees.

But in signing the bill into law last Friday, President Trump said he would not be bound by that restriction.

“Although I expect to be able to provide the advance notice contemplated by section 8009 in most situations as a matter of comity, situations may arise in which I must act promptly while protecting certain extraordinarily sensitive national security information. In these situations, I will treat these sections in a manner consistent with my constitutional authorities, including as Commander in Chief,” he wrote in a May 5 signing statement.

More generally, Trump suggested that his power to classify national security information is altogether independent of Congress. “The President’s authority to classify and control access to information bearing on the national security flows from the Constitution and does not depend upon a legislative grant of authority,” he wrote.

This is a paraphrase of language in the 1988 US Supreme Court opinion in Department of the Navy v. Egan (The President’s “authority to classify and control access to information bearing on national security… flows primarily from this Constitutional investment of power in the President and exists quite apart from any explicit congressional grant.”)

But left unsaid in President Trump’s signing statement was that the Supreme Court has also held that Congress could modify existing classification procedures or create its own secrecy system.

Thus, in EPA v. Mink (1973), the Supreme Court stated: “Congress could certainly have provided that the Executive Branch adopt new [classification] procedures, or it could have established its own procedures — subject only to whatever limitations the Executive privilege may be held to impose upon such congressional ordering.”

And, as noted by Jennifer Elsea, Congress has in fact legislated a classification regime for nuclear weapons-related information in the Atomic Energy Act.

So the newly legislated notification requirements concerning special access programs appear to be well within the constitutional authority and power of Congress.

The Intelligence Authorization Act for FY 2017 was incorporated into the Consolidated Appropriations Act as “Division N” and enacted into law.

President Trump’s reservations about various provisions in the new appropriations act were presented in the first signing statement issued by the current Administration (h/t Charlie Savage).

Sharing Classified Info with Foreign Governments

Disclosing classified information to foreign government personnel is ordinarily forbidden, and may constitute espionage. But sometimes it is permitted, even to non-allies.

“National Disclosure Policy Committee (NDPC) policy prohibits the release of classified information [to] a foreign government without an explicit authorization, such as an Exception to United States (U.S.) National Disclosure Policy (ENDP), and an information sharing agreement,” explained VADM James D. Syring, director of the Pentagon’s Missile Defense Agency, in response to a congressional question last year.

Such Exceptions are occasionally requested, however, and granted.

“The Missile Defense Agency (MDA) submitted three requests for Exception to United States National Disclosure Policy (ENDP) from 2007–2011 seeking authority to disclose classified information to the Russian Federation (RF) relating to three ballistic missile defense flight test events,” VADM Syring said.

“In each case, authority granted by the NDPC was limited to oral and visual disclosure only under controlled conditions. The RF sent attendees to two of the three test events (in 2007 and 2010). No invitations were extended for the third event (in August 2011), and no disclosure occurred. MDA has not submitted any further requests for ENDP for the RF.”

“MDA has not sought ENDP [Exceptions] for release of any information to the People’s Republic of China,” he added.

The exchange between VADM Syring and Rep. Mike Rogers appeared in a newly published hearing volume on The Missile Defeat Posture and Strategy of the United States — The Fiscal Year 2017 President’s Budget Request, House Armed Services Committee, April 14, 2016 (at pp. 118-119).  The same volume notably includes discussion of “left of launch” approaches to countering ballistic missile threats.

At its best, congressional oversight can be a powerful engine of disclosure that matches or exceeds what the Freedom of Information Act or other mechanisms can offer. (The FOIA does not permit requesters to ask questions, only to request records.) Hearings of the House Armed Services Committee regularly generate new information on military policy, especially in the published hearing records.

Another newly published HASC hearing containing some nuggets of interest is National Security Space: 21st Century Challenges, 20th Century Organization, September 27, 2016.

“Risk Avoidance” Leads to Over-Classification

When government officials consider whether to classify national security information, they should not aim for perfect security, according to new guidance from the Office of the Director of National Intelligence. Instead, classifiers should seek to limit unnecessary vulnerabilities, while keeping broader mission objectives in view.

“A Risk Avoidance strategy — eliminating risk entirely — is not an acceptable basis for agency [classification] guides because it encourages over-classification, restricts information sharing, [and] hinders the optimal use of intelligence information in support of national security and foreign policy goals,” the ODNI document said.

Rather, “All agencies should reflect in their classification decisions a Risk Management strategy — mitigating the likelihood and severity of risk — in protecting classified information over which they have [classification authority], including clear descriptions in their classification policies of how the strategy is used when making classification determinations.” See Principles of Classification Management for the Intelligence Community, ODNI, March 2017.

This risk management / risk avoidance dichotomy in classification policy has been batted around for a while. It was previously discussed at length in in the thoughtful but not very consequential 1994 report of the Joint Security Commission on Redefining Security in the post-cold war era.

“Some inherent vulnerabilities can never be eliminated fully, nor would the cost and benefit warrant this risk avoidance approach,” the Commission wrote. “We can and must provide a rational, cost-effective, and enduring framework using risk management as the underlying basis for security decision making.”

In short, it is only realistic to admit that some degree of risk is unavoidable and must be tolerated, and classification policy should reflect that reality.

But the risk management construct is not as helpful as one would wish. That is because its proponents, including the Joint Security Commission and the authors of the new ODNI document, typically stop short of providing concrete examples of information that risk avoiders would classify but that risk managers would permit to be disclosed. Without such illustrative guidance, risk management is in the eye of the beholder, and we are back where we started.

Meanwhile, there is persistent dissatisfaction with current secrecy policy within the national security bureaucracy itself.

Classifying too much information is “an impediment to our ability to conduct our operations,” said Air Force Gen. John Hyten of U.S. Strategic Command at a symposium last week (as reported by Phillip Swarts in Space News on April 6).

“We have so many capabilities now,” Gen. Hyten said. “There are all these special classifications that I can’t talk about, and if you look at those capabilities you wonder why are they classified so high. So we’re going to push those down.”

Spy Satellite Agency: Winter is Here

The National Reconnaissance Office (NRO) has modified its classification policies in favor of heightened secrecy, withholding budget records that were previously considered releasable and redesignating certain unclassified budget information as classified.

NRO is the U.S. intelligence agency that builds and operates the nation’s intelligence satellites.

Since 2006, and for most of the past decade, the NRO has released unclassified portions of its budget justification documents in response to requests under the Freedom of Information Act.

But in a January 23, 2017 letter, the NRO said it would no longer release that unclassified budget information, which it now deems classified.

“The NRO has determined that a series of unclassified items in the [FY 2016 budget justification] document in the aggregate reveals associations or relationships not otherwise revealed in the unclassified items individually; thus, in the aggregate, this information meets the standard for classification under E.O. 13526 Section 1.7(e),” wrote Patricia B. Cameresi, NRO FOIA Public Liaison, in her FOIA denial letter.

As a purely technical matter, the latter claim is probably a misreading of the Executive Order, which states in Section 1.7(e):

“Compilations of items of information that are individually unclassified may be classified if the compiled information reveals an additional association or relationship that:  (1) meets the standards for classification under this order; and (2) is not otherwise revealed in the individual items of information.”

Properly understood, the fact that various unclassified items reveal additional information in the aggregate does not mean that those items meet the standard for classification. That requires a separate determination which, in any case, is discretionary. Classifying compilations of unclassified budget information is a threshold which was never crossed in the past and which has not been explicitly justified by NRO here.

The NRO also invoked a statutory exemption in 10 USC 424, which says that NRO (along with DIA and NGA) cannot be compelled to disclose “any function” at all.

The upshot is that the NRO is abandoning the budget disclosure practices of the past decade, and is positioning itself to withhold anything and everything that it prefers not to release.

An administrative appeal of the NRO FOIA denial was filed yesterday.