Legality of the Trump Disclosures, Revisited

When President Trump disclosed classified intelligence information to Russian officials last week, did he commit a crime?

Considering that the President is the author of the national security classification system, and that he is empowered to determine who gets access to classified information, it seems obvious that the answer is No. His action might have been reckless, I opined previously, but it was not a crime.

Yet there is more to it than that.

The Congressional Research Service considered the question and concluded as follows in a report issued yesterday:

“It appears more likely than not that the President is presumed to have the authority to disclose classified information to foreign agents in keeping with his power and responsibility to advance U.S. national security interests.” See Presidential Authority to Permit Access to National Security Information, CRS Legal Sidebar, May 17, 2017.

This tentative, rather strained formulation by CRS legislative attorneys indicates that the question is not entirely settled, and that the answer is not necessarily obvious or categorical.

And the phrase “in keeping with his power and responsibility to advance U.S. national security interests” adds an important qualification. If the president were acting on some other agenda than the U.S. national interest, then the legitimacy of his disclosure could evaporate. If the president were on Putin’s payroll, as the House majority leader lamely joked last year, and had engaged in espionage, he would not be beyond the reach of the law.

Outlandish hypotheticals aside, it still seems fairly clear that the Trump disclosures last week are not a matter for the criminal justice system, though they may reverberate through public opinion and congressional deliberations in a consequential way.

But several legal experts this week insisted that it’s more complicated, and that it remains conceivable that Trump broke the law. See:

“Don’t Be So Quick to Call Those Disclosures ‘Legal'” by Elizabeth Goitein, Just Security, May 17, 2017

“Why Trump’s Disclosure to Russia (and Urging Comey to Drop the Flynn Investigation, and Various Other Actions) Could Be Unlawful” by Marty Lederman and David Pozen, Just Security, May 17, 2017

“Trump’s disclosures to the Russians might actually have been illegal” by Steve Vladeck, Washington Post, May 16, 2017

Update, 05/23/17: But see also Trump’s Disclosure Did Not Break the Law by Morton Halperin, Just Security, May 23, 2017.

Trump Objects to Legislated Limits on Secrecy

In the new Consolidated Appropriations Act of 2017 (section 8009), Congress mandated that no new, highly classified special access programs may be created without 30 day advance notice to the congressional defense committees.

But in signing the bill into law last Friday, President Trump said he would not be bound by that restriction.

“Although I expect to be able to provide the advance notice contemplated by section 8009 in most situations as a matter of comity, situations may arise in which I must act promptly while protecting certain extraordinarily sensitive national security information. In these situations, I will treat these sections in a manner consistent with my constitutional authorities, including as Commander in Chief,” he wrote in a May 5 signing statement.

More generally, Trump suggested that his power to classify national security information is altogether independent of Congress. “The President’s authority to classify and control access to information bearing on the national security flows from the Constitution and does not depend upon a legislative grant of authority,” he wrote.

This is a paraphrase of language in the 1988 US Supreme Court opinion in Department of the Navy v. Egan (The President’s “authority to classify and control access to information bearing on national security… flows primarily from this Constitutional investment of power in the President and exists quite apart from any explicit congressional grant.”)

But left unsaid in President Trump’s signing statement was that the Supreme Court has also held that Congress could modify existing classification procedures or create its own secrecy system.

Thus, in EPA v. Mink (1973), the Supreme Court stated: “Congress could certainly have provided that the Executive Branch adopt new [classification] procedures, or it could have established its own procedures — subject only to whatever limitations the Executive privilege may be held to impose upon such congressional ordering.”

And, as noted by Jennifer Elsea, Congress has in fact legislated a classification regime for nuclear weapons-related information in the Atomic Energy Act.

So the newly legislated notification requirements concerning special access programs appear to be well within the constitutional authority and power of Congress.

The Intelligence Authorization Act for FY 2017 was incorporated into the Consolidated Appropriations Act as “Division N” and enacted into law.

President Trump’s reservations about various provisions in the new appropriations act were presented in the first signing statement issued by the current Administration (h/t Charlie Savage).

Sharing Classified Info with Foreign Governments

Disclosing classified information to foreign government personnel is ordinarily forbidden, and may constitute espionage. But sometimes it is permitted, even to non-allies.

“National Disclosure Policy Committee (NDPC) policy prohibits the release of classified information [to] a foreign government without an explicit authorization, such as an Exception to United States (U.S.) National Disclosure Policy (ENDP), and an information sharing agreement,” explained VADM James D. Syring, director of the Pentagon’s Missile Defense Agency, in response to a congressional question last year.

Such Exceptions are occasionally requested, however, and granted.

“The Missile Defense Agency (MDA) submitted three requests for Exception to United States National Disclosure Policy (ENDP) from 2007–2011 seeking authority to disclose classified information to the Russian Federation (RF) relating to three ballistic missile defense flight test events,” VADM Syring said.

“In each case, authority granted by the NDPC was limited to oral and visual disclosure only under controlled conditions. The RF sent attendees to two of the three test events (in 2007 and 2010). No invitations were extended for the third event (in August 2011), and no disclosure occurred. MDA has not submitted any further requests for ENDP for the RF.”

“MDA has not sought ENDP [Exceptions] for release of any information to the People’s Republic of China,” he added.

The exchange between VADM Syring and Rep. Mike Rogers appeared in a newly published hearing volume on The Missile Defeat Posture and Strategy of the United States — The Fiscal Year 2017 President’s Budget Request, House Armed Services Committee, April 14, 2016 (at pp. 118-119).  The same volume notably includes discussion of “left of launch” approaches to countering ballistic missile threats.

At its best, congressional oversight can be a powerful engine of disclosure that matches or exceeds what the Freedom of Information Act or other mechanisms can offer. (The FOIA does not permit requesters to ask questions, only to request records.) Hearings of the House Armed Services Committee regularly generate new information on military policy, especially in the published hearing records.

Another newly published HASC hearing containing some nuggets of interest is National Security Space: 21st Century Challenges, 20th Century Organization, September 27, 2016.

“Risk Avoidance” Leads to Over-Classification

When government officials consider whether to classify national security information, they should not aim for perfect security, according to new guidance from the Office of the Director of National Intelligence. Instead, classifiers should seek to limit unnecessary vulnerabilities, while keeping broader mission objectives in view.

“A Risk Avoidance strategy — eliminating risk entirely — is not an acceptable basis for agency [classification] guides because it encourages over-classification, restricts information sharing, [and] hinders the optimal use of intelligence information in support of national security and foreign policy goals,” the ODNI document said.

Rather, “All agencies should reflect in their classification decisions a Risk Management strategy — mitigating the likelihood and severity of risk — in protecting classified information over which they have [classification authority], including clear descriptions in their classification policies of how the strategy is used when making classification determinations.” See Principles of Classification Management for the Intelligence Community, ODNI, March 2017.

This risk management / risk avoidance dichotomy in classification policy has been batted around for a while. It was previously discussed at length in in the thoughtful but not very consequential 1994 report of the Joint Security Commission on Redefining Security in the post-cold war era.

“Some inherent vulnerabilities can never be eliminated fully, nor would the cost and benefit warrant this risk avoidance approach,” the Commission wrote. “We can and must provide a rational, cost-effective, and enduring framework using risk management as the underlying basis for security decision making.”

In short, it is only realistic to admit that some degree of risk is unavoidable and must be tolerated, and classification policy should reflect that reality.

But the risk management construct is not as helpful as one would wish. That is because its proponents, including the Joint Security Commission and the authors of the new ODNI document, typically stop short of providing concrete examples of information that risk avoiders would classify but that risk managers would permit to be disclosed. Without such illustrative guidance, risk management is in the eye of the beholder, and we are back where we started.

Meanwhile, there is persistent dissatisfaction with current secrecy policy within the national security bureaucracy itself.

Classifying too much information is “an impediment to our ability to conduct our operations,” said Air Force Gen. John Hyten of U.S. Strategic Command at a symposium last week (as reported by Phillip Swarts in Space News on April 6).

“We have so many capabilities now,” Gen. Hyten said. “There are all these special classifications that I can’t talk about, and if you look at those capabilities you wonder why are they classified so high. So we’re going to push those down.”

Spy Satellite Agency: Winter is Here

The National Reconnaissance Office (NRO) has modified its classification policies in favor of heightened secrecy, withholding budget records that were previously considered releasable and redesignating certain unclassified budget information as classified.

NRO is the U.S. intelligence agency that builds and operates the nation’s intelligence satellites.

Since 2006, and for most of the past decade, the NRO has released unclassified portions of its budget justification documents in response to requests under the Freedom of Information Act.

But in a January 23, 2017 letter, the NRO said it would no longer release that unclassified budget information, which it now deems classified.

“The NRO has determined that a series of unclassified items in the [FY 2016 budget justification] document in the aggregate reveals associations or relationships not otherwise revealed in the unclassified items individually; thus, in the aggregate, this information meets the standard for classification under E.O. 13526 Section 1.7(e),” wrote Patricia B. Cameresi, NRO FOIA Public Liaison, in her FOIA denial letter.

As a purely technical matter, the latter claim is probably a misreading of the Executive Order, which states in Section 1.7(e):

“Compilations of items of information that are individually unclassified may be classified if the compiled information reveals an additional association or relationship that:  (1) meets the standards for classification under this order; and (2) is not otherwise revealed in the individual items of information.”

Properly understood, the fact that various unclassified items reveal additional information in the aggregate does not mean that those items meet the standard for classification. That requires a separate determination which, in any case, is discretionary. Classifying compilations of unclassified budget information is a threshold which was never crossed in the past and which has not been explicitly justified by NRO here.

The NRO also invoked a statutory exemption in 10 USC 424, which says that NRO (along with DIA and NGA) cannot be compelled to disclose “any function” at all.

The upshot is that the NRO is abandoning the budget disclosure practices of the past decade, and is positioning itself to withhold anything and everything that it prefers not to release.

An administrative appeal of the NRO FOIA denial was filed yesterday.

Disclosing Classified Info to the Press — With Permission

Intelligence officials disclosed classified information to members of the press on at least three occasions in 2013, according to a National Security Agency report to Congress that was released last week under the Freedom of Information Act.

See Congressional Notification — Authorized Disclosures of Classified Information to Media Personnel, NSA memorandum to the staff director, House Permanent Select Committee on Intelligence, December 13, 2013.

The specific information that NSA gave to the unnamed reporters was not declassified. But the disclosures were not “leaks,” or unauthorized disclosures. They were, instead, authorized disclosures. For their part, the reporters agreed not to disseminate the information further.

“Noteworthy among the classified topics disclosed were NSA’s use of metadata to locate terrorists, the techniques we use and the processes we follow to assist in locating hostages, [several words deleted] overseas support to the warfighter and U.S. allies in war zones, and NSA support to overall USG efforts to mitigate cyber threats. The [deleted] personnel executed non-disclosure agreements that covered all classified discussions.”

In one case, “classified information was disclosed in order to correct inaccurate understandings held by the reporter about the nature and circumstances of [deleted].”

On another occasion, “classified information was disclosed in an effort to limit or avoid reporting that could lead to the loss of the capability [deleted].”

In all three cases, “the decision to disclose classified information was made in consultation with the Director of National Intelligence pursuant to Executive Order 13526, and in each case the information disclosed remains properly classified.”

This seems like a generous interpretation of the Executive Order, which does not mention disclosures to the press at all. It does say, in section 4.2(b) that “In an emergency, when necessary to respond to an imminent threat to life or in defense of the homeland, the agency head or any designee may authorize the disclosure of classified information […] to an individual or individuals who are otherwise not eligible for access.” In an emergency, then, but not just “to correct inaccurate understandings.”

Still, the report accurately reflects the true instrumental nature of the classification system. That is, the protection of classified information under all circumstances is not a paramount goal. National security secrecy is a tool to be used if it advances the national interest (and is consistent with law and policy) and to be set aside when it does not.

So hypocrisy in the handling of classified information is not an issue here. The concern, rather, is that the power of selective disclosure of classified material can be easily abused to manage and to manipulate public perceptions. The congressional requirement to report on authorized disclosures of classified information to the press may help to mitigate that danger.

On Declassification of “Properly Classified” Information

The 2009 executive order 13526 on classification allows for the possibility that — “in some exceptional cases” — the protection of classified information may be outweighed by the public interest in disclosure of the information so that the information should be declassified (sect. 3.1d).

The order says that “when such questions arise,” they should be referred to the head of the originating agency head for resolution. But there is no formal mechanism for raising such questions. There should be.

As things stand, “properly classified information” is beyond the reach of the Freedom of Information Act, the mandatory declassification review program, and the internal classification challenge procedures.

Yet because the classification system is permissive, defining conditions under which information “may” be classified, there is much “properly classified” information that need not be classified.

In many cases, this needless classification is of no real significance. There is a vast sea of classified information that has no direct bearing on questions of public policy. But in other cases, it matters a great deal, affecting national decisions on war and peace, the conduct of intelligence and foreign policies, and more. Under those circumstances, there should be a formal procedure to trigger (or at least to consider) the declassification of such properly classified information. Crucially, the decision whether to declassify in such cases must not be left exclusively to the agency that made the original decision to classify.

This was one of the proposals discussed (by me) at a meeting last week of the Public Interest Declassification Board, an official advisory body. Other proposals presented at the meeting are described here.

The premise of the Public Interest Declassification Board meeting was that the incoming Administration is likely to issue its own executive order governing classification policy, as most recent recent presidents have done, and that recommendations for improving classification and declassification procedures should therefore be solicited and developed.

It is not yet known, however, whether the Trump Administration will issue its own revised classification policy. It is not obliged to do so (Bush 41 did not) and may not find it necessary.

And if a new executive order on classification is forthcoming, it may not be an “improvement” from all points of view.

In previous transitions from Democratic to Republican Administrations (i.e. Carter to Reagan, and Clinton to Bush), the Republican presidents took a more expansive view of classification policy than their predecessors, and gave reduced emphasis to declassification.

Overclassification, Declassification At Issue

The enduring problem of overclassification and the challenge of effective declassification are the subject of two public events this week.

The House Committee on Government Oversight and Reform, chaired by Rep. Jason Chaffetz (R-UT), will hold a hearing on Wednesday, December 7 on “examining the costs of overclassification on transparency and security.” The witnesses include former Information Security Oversight Director Bill Leonard, National Security Archive director Tom Blanton, Scott Amey of the Project on Government Oversight, and myself.

The Public Interest Declassification Board, chaired by Prof. Trevor Morrison, will hold a meeting on Thursday, December 8 to discuss potential changes that could be adopted in a future executive order on classification. More information, including advance copies of several presentations to be made at the meeting, can be found here.

Mark Bradley Named To Be New ISOO Director

In what must be one of the very last national security-related posts to be filled in the Obama Administration, national security lawyer and former CIA officer Mark A. Bradley was named as the next director of the Information Security Oversight Office (ISOO), which is responsible for oversight of the national security secrecy system government-wide.

He was selected by Archivist of the United States David S. Ferriero (ISOO is housed at the National Archives) and his appointment was approved last week by President Obama (the ISOO director reports to the President).

Mr. Bradley is an intriguing choice for ISOO director, since he is one of a very small group of individuals who have engaged with government secrecy policy both as an outsider-critic and as an insider-defender.

“We have a broken system that is manufacturing way too many secrets,” he told the Wall Street Journal late in the Clinton Administration (“Case of Lost-and-Found Disk Drives Demonstrates Weakness of U.S. Systems for Protecting Secrets” by Neil King, July 5, 2000).

More recently, however, he has been the voice of the secrecy system itself, defending the government from Freedom of Information Act lawsuits brought by the Electronic Frontier Foundation, the ACLU, the New York Times, EPIC, Judicial Watch, and others. He did not simply represent the government’s position. Rather, as a Top Secret original classification authority at the Department of Justice National Security Division, he actually made many of the decisions to retain the classification of information that was sought by FOIA requesters in those cases.

If it was a mistake to classify the collection of Americans’ telephone metadata records by the National Security Agency (under the “215” program), then Mr. Bradley bears a slice of responsibility for that decision.

In 2013, about two months before the metadata collection program was publicly disclosed (in The Guardian) by Edward Snowden, Mr. Bradley told a court that a request by the Electronic Frontier Foundation for information about the program must be denied.

“The withheld material contains specific descriptions of the manner and means by which the United States Government acquires tangible things for certain authorized investigations pursuant to Section 215,” Mr. Bradley wrote in an April 2013 declaration. “Disclosure of this information would provide our adversaries and foreign intelligence targets with insight into the United States Government’s foreign intelligence collection capabilities, which in turn could be used to develop the means to degrade and evade those collection capabilities.”

In retrospect, this proved to be a narrow and incomplete assessment of the issue. While the 215 program information was indeed properly classified under the terms of the executive order, it should have been released anyway. That, at least, was the conclusion that was ultimately reached — long after the question was moot — by Director of National Intelligence James R. Clapper.

“I probably shouldn’t say this, but I will,” DNI Clapper told Eli Lake of the Daily Beast in 2014. “Had we been transparent about this from the outset… we wouldn’t have had the problem we had.”

Importantly for his ISOO role, Mr. Bradley is not “just” a former intelligence officer and national security lawyer. He is also an historian who has done archival research and worked with declassified records to produce a well-regarded volume called A Very Principled Boy: The Life of Duncan Lee, Red Spy and Cold Warrior (Basic Books, 2014). So he will bring multiple relevant dimensions of expertise to his new responsibilities at ISOO.

Mr. Bradley’s tenure as ISOO director will begin on December 25. The previous ISOO director, John P. Fitzpatrick, left last January to join the National Security Council staff. William A. Cira has been serving as acting director in the interim.

Among his many other responsibilities, the ISOO director serves as the Executive Secretary of the Public Interest Declassification Board (PIDB), an official advisory body. The PIDB has scheduled a public meeting at the National Archives on December 8 “to discuss recommendations for improved transparency and open government for the new Presidential Administration.”

Meanwhile, the House Committee on Oversight and Government Reform said that it will hold a hearing on December 7 to “examine overclassification and other failures of the classification system.”

Amount of Classification is Highly Uncertain

One of the more encouraging changes in classification policy over the past decade has been the sharp reduction in the number of decisions to classify information reported each year by executive branch agencies.

In 2005 there were a total of 258,633 original classification actions, or new secrets, reported; in 2015, there were said to be 53,425 such actions. (See Number of New Secrets in 2015 Near Historic Low, Secrecy News, July 29, 2016).

Despite the misleading precision with which they are reported, these numbers — which are derived from agency reports to the Information Security Oversight Office and published in ISOO annual reports — were understood to be estimates, not precise tabulations.

Now, however, a new report from the State Department Inspector General suggests that State’s reporting of its classification activity to ISOO may not only be imprecise, but actually inaccurate and incorrect.

The Inspector General “found shortcomings with the count of classification decisions” reported to ISOO. The estimates that were generated were not validated, and they did not reflect the full scope of State Department classification activity.

So, “For example, classified documents created within the Office of the Secretary were not included” in the survey, the IG said. See Compliance Follow-up Review of the Department of State’s Implementation of Executive Order 13526, Classified National Security Information, Office of Inspector General, Department of State, September 2016.

The bottom line, the IG said, is that reported classification totals “will not accurately represent all of the Department’s classification decisions because not all decisions are being identified or sampled as part of the Department’s self-inspection program.”

William Cira, the acting director of the Information Security Oversight Office, said he was not surprised by the Inspector General findings, and not especially troubled.

He recalled that ISOO itself stated in its 2009 report that “the data reported has not truly reflected the changing ways agencies have generated and used classified information in the electronic environment.”

“It has been recognized, even long before we asked the agencies to include the electronic environment, that an actual count is not feasible,” Mr. Cira added. “The sampling and extrapolation technique described in that report has been in widespread use for a long time.”

“It is actually one of the suggested methods that we impart to the agencies when we send out our data collection request each year. Since FY 2009, ISOO has asked agencies to do their best to estimate the volume of all classified products in the electronic environment.”

“We have always acknowledged that this would not be easy.  We do ask them [agencies] to estimate, we do suggest that they sample and extrapolate, and we acknowledge that in almost all cases they will not have the resources to conduct a scientific survey as that is defined by professional statisticians.”

“This method may seem crude but we recognize that almost none of agency data collectors have trained statisticians to call upon, and there is no expectation that they hire one.” Still, “If the Dept. of State OIG believes that the Office of the Secretary should be included that is a welcome suggestion.”

“The one thing for certain is that this method has been consistently applied across many agencies for a very long time,” Mr. Cira said.

In other words, if the collection method is crude, at least it is consistent in its crudeness, and so perhaps some rough trend information may still be discerned within the noise.

But without real quantitative and qualitative clarity, effective management of agency classification activity will be beyond reach.