NGA Charts New Path in Classification Policy

Changes in classification practices at the National Geospatial-Intelligence Agency (NGA) are expected to yield improvements in the quality of national security classification decisions and to lead to reductions in classification at NGA as well as other defense and intelligence agencies.

The most important innovation adopted by NGA is a requirement for a written justification for why each item of classified information needs to be protected, as well as how the information could be paraphrased or discussed in an unclassified manner.

NGA said it has prepared a new classification guide that includes three types of “enhancement statements” for each classification decision:

*    The “Value” statement explains why the information is being protected.

*    The “Damage” statement describes the potential impact to national security should an unauthorized disclosure occur.

*    The “Unclassified” statement outlines how a user can address the classified line item in an unclassified manner.

Notably, none of this explanatory information is required by the current executive order on classification. The order requires classifiers to be “able to” explain their classification decisions, but not to actually do so.

By contrast, the NGA formula is likely to promote a more thoughtful and limited approach to classifying national security information, said Mark Bradley, director of the Information Security Oversight Office (ISOO).

“Including an unclassified paraphrase is especially useful for helping derivative classifiers understand how it may be possible to use the information in an unclassified context,” said Mr. Bradley. “That alone can certainly move the needle towards reducing overclassification.”

NGA said that as of June 2017 it had produced enhancement statements for 292 classified line items in its new consolidated security classification guide.

The new NGA policy was described in the Agency’s report to ISOO on the recently-completed Fundamental Classification Guidance Review. A copy of the report was obtained from NGA under the Freedom of Information Act.

*    *    *

Why would NGA voluntarily impose new requirements on its own classifiers beyond what the executive order mandates?

There are several factors at work. Of all U.S. intelligence agencies, “NGA has  a greater mission need to work more and more in an unclassified environment,” said Mr. Bradley. “This need is playing a central role in driving their new approach.”

Furthermore, under NGA director Robert Cardillo, “NGA’s leadership supports innovation. They realized that their classification guide process was too ‘old school’,” he said.

More specifically, “NGA took DNI Clapper’s [March 2016] memo on the FCGR process to heart.” (See “DNI Clapper Embraces Review of Secrecy System,” Secrecy News, April 6, 2016). And Mr. Bradley cited a visit to the NGA Director by the Public Interest Declassification Board, which he said also provided a useful impetus.

Overall, “the changes we are seeing at NGA are arcing more towards sharing than protecting. That could help shift the paradigm away from excessive secrecy and over-classification,” Mr. Bradley said.

The Agency itself declared that “NGA is leading the DoD and IC [Intelligence Community] in classification management transformation.”

NGA said that its use of enhancement statements to improve classification guides will soon be adopted throughout the Department of Defense, including all DoD intelligence agencies and military services, in a forthcoming revision of DoD manual 5200.45 on classification guidance.

But Mr. Bradley cautioned that “NGA’s model may not be all that easy to adapt to the rest of the IC.”

“NGA has a comparatively limited and well-defined mission with a significant need to share its information. Agencies most likely to benefit from NGA’s model probably include NRO and maybe NSA, [which are] IC agencies with similarly clearly-defined responsibilities and advanced existing classification management infrastructures already in place.”

On the other hand, “I suspect that applying NGA’s model to CIA, DIA, and the military intelligence services would be more challenging because of their decentralized management structures and technical limitations. And, of course, one would be silly to ignore the always-present institutional resistance to wholesale change,” Mr. Bradley said.

Although NGA’s new approach is mission-driven, it should have positive repercussions for public access to agency information by “enabling greater transparency and information sharing.” The new NGA classification guidance provides “better identification and protection of the truly important information — higher walls around fewer secrets,” NGA said.

NGA’s activity in this area is “extremely impressive, groundbreaking work,” said the Office of the Director of National Intelligence, in feedback quoted by NGA. “Clearly, [it is] a possible example or model for how to achieve transformation, for the IC and nationally.”

The new NGA approach evolved from the second Fundamental Classification Guidance Review in 2016-2017 that was required by the 2009 executive order 13526. That Review process has served to streamline and update classification requirements government-wide.

In recent years there have been signs of a more focused and disciplined approach to classification in several corners of the national security bureaucracy. The volume of new national security secrets tabulated by agencies in each of the past three years is lower than ever previously reported by the Information Security Oversight Office.

Finding Aid to NSA History Collection Declassified

The National Security Agency has declassified the finding aid for a collection of thousands of historically valuable NSA scientific and technical records that were transferred to the National Archives (NARA) last year.

Up to now the contents of the collection had been opaque to the public. As David Langbart of NARA described the collection to the State Department Historical Advisory Committee last year:

“These records mostly consist of technical, analytical, historical, operational, and translation reports and related materials. Most of the records date from the period from the 1940s to the 1960s, but there are also documents from the 1920s and 1930s and even earlier. The NSA reviewed the records for declassification before accessioning and most documents and folder titles remain classified. [. . .] The finding aid prepared by NSA was the only practical way to locate documents of interest for researchers, but it is 557 pages long and is classified.”

When confronted with this impasse last month, the National Security Agency to its credit moved to rectify matters by declassifying the finding aid, which is now available as a .pdf file here (or as an .xlsx file here).

Most of the folder titles (listed beginning on p. 13 of the .pdf file) deal with narrow, highly specialized aspects of cryptologic history prior to 1965. A few examples picked at random: German Signals Intelligence in World War II; A Compilation of Soviet VHF, UHF and SHG Activity by Area, Source and Service; Hungarian Army Communications; Description of Chinese Communist Communications Network; and so on. Those folders all remain classified. But armed with the titles and file locations of such records (and of thousands more), researchers can now pursue their declassification.

Release of the finding aid by NSA “should help interested researchers gain access to relevant material more readily,” said David J. Sherman of NSA, who facilitated disclosure of the document.

Secrecy Review Cancels Some Obsolete Secrets

One of the innovations in the current executive order on national security classification, issued by President Obama in 2009, was to require agencies to perform a periodic review of all classification guidance to ensure that it is current, threat-based, and otherwise appropriate.

The second such Fundamental Classification Guidance Review (FCGR) has recently been completed with modest but positive results, as reported to the Information Security Oversight Office.

The Department of the Navy, for example, said that it had “achieved a reduction in the number of SCGs [security classification guides] from 936 to 421 or 55%, as a result of the FCGR.”

DARPA cancelled 29 of the 189 classification guides it reviewed. The Army eliminated 77 out of 486 guides.

Meanwhile, the Office of the Director of National Intelligence “[reduced] the number of restrictive NOFORN decisions from 95 to 15″ and declassified the “fact of” a specific counterterrorism network platform.

The Central Intelligence Agency “determined that the existing CIA National Security Classification Guide (NSCG) required greater detail to assist derivative classifiers in identifying and protecting information appropriately.” (More detail should lead to narrower, more precise classification judgments.)

The Defense Intelligence Agency said it will reduce the number of “original classification authorities” in the Agency who are empowered to create new secrets from 147 down to 21.

By themselves, the reported revisions to classification guidance are not likely to yield new public disclosures. In most cases, the cancelled classification guides were eliminated not because their subject matter was declassified but because they pertained to programs that were terminated or to technologies that were no longer in use.

In other words, the secrecy review was essentially performed as a housekeeping measure, to eliminate obsolete guidance and to streamline operations. It does not imply a broader transformation of classification policy.

Yet the fact remains that the cancelled guides can no longer be used to justify classification. Moreover, the review process entailed a wholesome reconsideration of the basis for current classification instructions that may have broader repercussions.

Following the first Fundamental Review in 2012, the total numbers of new secrets (“original classification decisions”) created by agencies in the last three years (2014-2016) have been the lowest ever reported by the Information Security Oversight Office.

This apparent reduction in the scale of national security secrecy is at odds with the view that government secrecy inexorably expands, that Obama-era secrecy was as extensive or even broader than that of the Bush Administration, and that agencies have no real incentives to reduce secrecy. Evidently, they do have such incentives, including the avoidance of financial and operational costs, the need to facilitate information sharing, and the obligation to comply with bureaucratic requirements (such as the FCGR) that may be imposed by senior leadership.

(It is possible that the reduction is merely apparent and not real. A retired intelligence community classification official said that the data on annual classification activity reported by agencies and compiled by ISOO is hopelessly inaccurate and does not correspond to actual classification practice at all. Consequently, he said, it cannot serve as the basis for any analytic conclusion or policy response. Maybe so. But assuming that the flimsiness of the data is roughly constant from year to year, the fact that the reported totals have declined sharply may still be meaningful.)

A detailed analysis of the 2017 Fundamental Classification Guidance Review will be provided by ISOO director Mark Bradley in the forthcoming FY 2018 Annual Report to the President.

Decreasing IC Classification Activities

Last year, then-DNI James Clapper asked Intelligence Community agency heads to use the occasion of the Fundamental Classification Guidance Review “to take a leading role in reducing targeted classification activities” and to answer several specific questions that he posed in a March 23, 2016 memo.

Last month, DNI Dan Coats provided the IC agency answers to Clapper’s questions. He reported:

*    Most IC agencies believe they can reduce the number of IC officials who have original classification authority, thereby helping to constrain future classification activity.

*    Agencies are split on the feasibility of undertaking new discretionary declassification activities. Some said they were already doing what they can, and others said current resources would not support new declassification initiatives.

*    The Confidential classification level can and probably will be eliminated from IC classification guidance, simplifying and streamlining the system. However, while some currently Confidential material would be downgraded to Unclassified, other such information will be upgraded to Secret.

*    An IC-wide classification guide may be achievable but only for certain common functions including intelligence budgeting and counterintelligence.

IG Studies on Classification Policy

The FY 2018 Intelligence Authorization Act that is pending in the Senate would require intelligence agency inspectors general to perform three studies on classification policy (section 308) including:

*    a review of classification marking practices

*    a study analyzing intelligence agency compliance with declassification procedures

*    a study on processes for identifying intelligence topics of public or historical importance that should be prioritized for declassification review.

Special Ops, Counter-Propaganda, Overclassification

The House Armed Services Committee took a retrospective look at US special operations forces earlier this year, thirty years after the establishment of US Special Operations Command (SOCOM).

“SOCOM has a lot of missions it is responsible for, and has had several new ones added to it,” said Rep. Elise M. Stefanik (R-NY) at a hearing earlier this year. “Are there any of those missions that should go away or be reassigned?”

SOCOM Commander Gen. Raymond A. Thomas was ready with the answer: “There are no missions that should go away or be reassigned.”

See Three Decades Later: A Review and Assessment of our Special Operations Forces 30 Years After the Creation of U.S. Special Operations Command, House Armed Services Committee, May 2, 2017.

Some other notable congressional hearing volumes that have recently been published include:

Crafting an Information Warfare and Counter-propaganda Strategy for the Emerging Security Environment, House Armed Services Committee, March 15, 2017

Examining the Costs of Overclassification on Transparency and Security, House Oversight and Government Reform Committee, December 7, 2016

Number of New Secrets in 2016 At New Low

Last year executive branch agencies created the fewest new national security secrets ever reported, according to an annual report published today by the Information Security Oversight Office (ISOO).

The number of new secrets — or “original classification decisions” — was 39,240 in 2016, an all-time low. The previous low of 46,800 was set in 2014. By comparison, more than 230,000 new secrets a year were being generated a decade ago. Since such record-keeping began in 1980, the total number never dropped below 100,000 until 2012. See 2016 Annual Report to the President, Information Security Oversight Office, July 2017.

While interesting and welcome from an open government viewpoint, the reported reduction in new secrets cannot bear too much interpretive weight. The figures cited by ISOO represent a compilation of dozens of estimates provided by individual agencies, based on sampling methods that are inconsistent and not always reliable.

Moreover, this statistical approach to secrecy oversight implies that all classification decisions are of equal significance. In actuality, some secrets may be of profound importance — politically, morally, historically, or otherwise — while many other secrets (such as administrative or technical details) will have little or no public policy interest. A simple numerical count of the number of classification decisions does not capture their relative meaning or value.

Still, assuming that the uncertainties and the ambiguities in the data have been more or less constant over time, the reduction in new secrets to a record low level is likely to reflect a real reduction in the scope of national security secrecy in the Obama years.

Classification Costs at a Record High

Meanwhile, however, the annual costs incurred by the classification system reached record high levels in 2016, the ISOO report said.

“The total security classification cost estimate within Government for FY 2016 is $16.89 billion,” ISOO reported, compared to $16.17 billion the year before. Classification-related costs within industry were an additional $1.27 billion.

Classification Challenges

Because decisions to classify information often involve subjective judgments about the requirements of national security and the potential of particular information to cause damage, such decisions are sometimes disputed even within the government itself. The classification system allows for classification challenges to be filed by authorized holders of classified information who believe that the information is improperly classified.

Last year, there were 954 such classification challenges, the ISOO report said, about the same number as the year before. Classification of the information was overturned in only about 17% of those challenges, however, compared to over 40% that were overturned the year before.

The classification challenge procedure is a potentially important internal oversight mechanism that is not yet fully mature or widely utilized. For some reason, the majority of classification challenges (496) last year originated at US Pacific Command, while only a single one emerged from the Department of Justice. In fact, ISOO found that about a quarter of all agencies do not even have a classification challenge program, though they are supposed to.

If such challenges could be promoted and accepted as a routine element of classification practice, they could serve to invigorate classification oversight and to provide an useful internal self-check.

The ISOO annual report also presented new data on declassification activity, the Interagency Security Classification Appeals Panel, agency self-inspections, controlled unclassified information (CUI), and other aspects of national security information policy.

ISOO director Mark A. Bradley, whose tenure as director began this year, told the President that in the next reporting cycle, “ISOO will focus on improving our methodology in data collection and will begin planning and developing new measures for future reporting that more accurately reflect the activities of agencies managing classified and sensitive information.”

Still No Classified Trump Presidential Directives

After nearly six months in office, President Trump has not yet issued a classified presidential directive on national security.

On June 16, Trump issued an unclassified National Security Presidential Memorandum (NSPM) on US policy towards Cuba, reversing or limiting some of the steps towards normalization of relations with that country that were undertaken by the Obama Administration.

The version of the Memorandum that was published on the White House website was unnumbered, but a White House official said last week that it is formally designated as NSPM-5.

Since the first four Trump NSPMs are also unclassified public documents, this means that at least as of June 16 there were still no classified or unreleased presidential directives on national security.

That is unexpected, and it is a departure from past practice in previous Administrations.

The explanation for the lack of classified NSPMs is unclear.

It is possible that President Trump is using some other instrument for issuing policy directives on classified national security matters (though that would be at odds with the definition and purpose of NSPMs). Alternatively, he may have delegated certain aspects of national security decision making elsewhere, as with the authorization for the Secretary of Defense to determine troop levels in Afghanistan.

Or it could be that there just are no other Trump national security directives because there is no other Trump national security policy to speak of. The Administration may still be so understaffed that it is incapable of launching significant new policy initiatives.

The June 16 NSPM-5 directed the Secretary of State to publish it in the Federal Register. But three weeks later, even that simple task has still not been carried out.

USAF Upgrades Secrecy of Nuclear Weapons Inspections

The U.S. Air Force has upgraded the classification of information pertaining to nuclear weapons inspections performed by the Inspector General, reducing or eliminating public references to the outcome of such inspections.

Until recently, the IG weapons inspections could be described in unclassified reports. Now they will be classified at least at the Confidential level.

An Air Force nuclear surety inspection (NSI) “assesses a unit’s ability to accomplish its assigned nuclear weapons mission and produce reliable nuclear weapons in a safe and secure environment in compliance with applicable directives. Additionally, an NSI inspects a unit’s capability to safely and reliably receive, store, secure, assemble, transport, maintain, load, mate, lock/unlock, test, render safe and employ nuclear weapons.”

The inspections typically result in a “grade” indicating the level of compliance. Whether pass or fail, those grades, too, will now be classified.

The changes were made following the latest revision of Chairman of the Joint Chiefs Instruction (CJCSI) 3263.05C, Nuclear Weapons Technical Inspections, issued on March 10, 2017. Though unclassified, the Instruction is “Limited” in distribution and is not publicly available.

Even those nuclear weapons inspections that produce a finding of full compliance cannot be disclosed, and from now on they also cannot be acknowledged in military decorations or unit awards.

“These changes are control measures put in place to prevent revealing potential vulnerabilities to adversary forces,” wrote Staff Sgt. Alexx Pons of Air Force Public Affairs. See “Nuclear inspection grade restricted in evaluation, decoration and award comments,” June 14, 2017.

The results of nuclear weapons inspections have been published for decades, noted Hans Kristensen of the Federation of American Scientists, without any reported adverse effect on national security. So an alternate explanation for the new classification policy seems wanted. “The change sure looks handy for preventing the public from knowing embarrassing information about when Air Force units fail nuclear inspections,” he said.

“Readiness” and Secrecy in the US Military

Is there a “readiness crisis” in the U.S. military?

The answer is uncertain because the question itself is unclear. But a perceived need to improve readiness has become a primary DoD justification for increased military spending. Meanwhile, previously unclassified indicators of military readiness are now being classified so that they are no longer publicly available.

“I have been shocked by what I’ve seen about our readiness to fight,” Secretary of Defense Jim Mattis told the House Armed Services Committee on Monday.

There is a need to “improve readiness conditions” said President Trump in his National Security Presidential Memorandum 1 on Rebuilding the U.S. Armed Forces.

Or maybe not.

“America’s fighting forces remain ready for battle,” wrote David Petraeus and Michael O’Hanlon in an op-ed last year. “They have extensive combat experience across multiple theaters since 9/11, a tremendous high-tech defense industry supplying advanced weaponry, and support from an extraordinary intelligence community.” See “The Myth of a U.S. Military ‘Readiness’ Crisis,” Wall Street Journal, August 10, 2016.

What is readiness? What should the military be ready for? How is readiness measured? How would increased defense spending affect readiness?

Although the term “readiness” is used in many ways, it has two principal definitions, the Congressional Research Service said in a new report yesterday:

“One, readiness has been used to refer in a broad sense to whether U.S. military forces are able to do what the nation asks of them. In this sense, readiness encompasses almost every aspect of the military.”

“Two, readiness is used more narrowly to mean only one component of what makes military forces able. In this second sense, readiness is parallel to other military considerations, like force structure and modernization, which usually refer to the size of the military and the sophistication of its weaponry.”

So is there a readiness crisis or not? It depends, CRS said.

“Most observers who see a crisis tend to use readiness in a broad sense, asserting the U.S. military is not prepared for the challenges it faces largely because of its size or the sophistication of its weapons. Most observers who do not see a crisis tend to use readiness in a narrow sense, assessing only the state of training and the status of current equipment.”

The two definitions are interdependent, CRS said, so that narrow readiness may compensate for deficiencies in broad readiness, or vice versa:

“Greater readiness in the narrow sense, such as better trained personnel, may offset the disadvantages of a smaller or a less technologically sophisticated force, depending on what task the military is executing. Alternatively, the military could be ready in the broader sense because its size and the sophistication of its weapons make up for shortfalls in such areas as training or how often a unit has used its equipment before experiencing combat.”

But readiness for what?

“Some senior officials express confidence in the military’s readiness for the missions it is executing today–although other observers are not as confident– but express concern over the military’s readiness for potential missions in the future,” CRS analyst Russell Rumbaugh wrote.

How is readiness measured, anyway? Not very well.

“Because of the two uses of the term, measuring readiness is difficult; despite ongoing efforts, many observers do not find DOD’s readiness reporting useful.”

Will more spending help?

“DOD’s 2018 request increases operating accounts more than procurement accounts. If readiness is used in a narrow sense, these funding increases may be the best way to improve the military’s readiness. If readiness is used in a broader sense, that funding may not be sufficient, or at least the best way to improve readiness.”

The new CRS report aims to illuminate the debate. But in the end, “it does not evaluate the current state of the U.S. military’s readiness or provide a conclusive definition of readiness.” See Defining Readiness: Background and Issues for Congress, June 14, 2017.

Definitions aside, increasing military secrecy is making the state of U.S. military readiness harder to discern.

“Some readiness information has always been classified and now we are classifying more of it,” a government official told The National Interest last month.

“We don’t think it should be public, for example, how many THAADs are not operational due to maintenance reasons,” the official said. “We don’t think it should be public what percent of our F-22s are not available due to maintenance. We don’t think it should be public how many of our pilots are below their required number of training hours in the cockpit.”

See “How the U.S. Military Is Trying to Mask Its Readiness Crisis” by Maggie Ybarra, The National Interest, May 18, 2017.

Legality of Presidential Disclosures, Continued

“There is no basis” for suggesting that President Trump’s disclosure of classified intelligence to Russian officials was illegal, wrote Morton Halperin this week.

To the contrary, “senior U.S. government officials in conversations with foreign officials decide on a daily basis to provide them with information that is properly classified and that will remain classified,” wrote Halperin, who is himself a former senior official.

“We should not let our desire to confront President Trump lead us to espouse positions that violate his rights and that would constrain future presidents in inappropriate ways.” See “Trump’s Disclosure Did Not Break the Law” by Morton H. Halperin, Just Security, May 23, 2017.

But constraints on presidential disclosure were on the minds of Rep. Stephanie Murphy (D-FL) and 17 House colleagues. They introduced legislation on May 24 “that would require the President to notify the intelligence committees when a U.S. official, including the President, intentionally or inadvertently discloses top-secret information to a nation that sponsors terrorism or, like Russia, is subject to U.S. sanctions.”

Yesterday, Rep. Dutch Ruppersberger (D-MD) introduced a bill “to ensure that a mitigation process and protocols are in place in the case of a disclosure of classified information by the President.”

Rep. Mike Thompson (D-CA) and five colleagues introduced a resolution “disapproving of the irresponsible actions and negligence of President Trump which may have caused grave harm to United States national security.”

For related background, see The Protection of Classified Information: The Legal Framework, Congressional Research Service, updated May 18, 2017, and Criminal Prohibitions on Leaks and Other Disclosures of Classified Defense Information, Congressional Research Service, updated March 7, 2017.

Legality of the Trump Disclosures, Revisited

When President Trump disclosed classified intelligence information to Russian officials last week, did he commit a crime?

Considering that the President is the author of the national security classification system, and that he is empowered to determine who gets access to classified information, it seems obvious that the answer is No. His action might have been reckless, I opined previously, but it was not a crime.

Yet there is more to it than that.

The Congressional Research Service considered the question and concluded as follows in a report issued yesterday:

“It appears more likely than not that the President is presumed to have the authority to disclose classified information to foreign agents in keeping with his power and responsibility to advance U.S. national security interests.” See Presidential Authority to Permit Access to National Security Information, CRS Legal Sidebar, May 17, 2017.

This tentative, rather strained formulation by CRS legislative attorneys indicates that the question is not entirely settled, and that the answer is not necessarily obvious or categorical.

And the phrase “in keeping with his power and responsibility to advance U.S. national security interests” adds an important qualification. If the president were acting on some other agenda than the U.S. national interest, then the legitimacy of his disclosure could evaporate. If the president were on Putin’s payroll, as the House majority leader lamely joked last year, and had engaged in espionage, he would not be beyond the reach of the law.

Outlandish hypotheticals aside, it still seems fairly clear that the Trump disclosures last week are not a matter for the criminal justice system, though they may reverberate through public opinion and congressional deliberations in a consequential way.

But several legal experts this week insisted that it’s more complicated, and that it remains conceivable that Trump broke the law. See:

“Don’t Be So Quick to Call Those Disclosures ‘Legal'” by Elizabeth Goitein, Just Security, May 17, 2017

“Why Trump’s Disclosure to Russia (and Urging Comey to Drop the Flynn Investigation, and Various Other Actions) Could Be Unlawful” by Marty Lederman and David Pozen, Just Security, May 17, 2017

“Trump’s disclosures to the Russians might actually have been illegal” by Steve Vladeck, Washington Post, May 16, 2017

Update, 05/23/17: But see also Trump’s Disclosure Did Not Break the Law by Morton Halperin, Just Security, May 23, 2017.