Classified Anti-Terrorist Ops Raise Oversight Questions

Last February, the Secretary of Defense initiated three new classified anti-terrorist operations intended “to degrade al Qaeda and ISIS-affiliated terrorists in the Middle East and specific regions of Africa.”

A glimpse of the new operations was provided in the latest quarterly report on the U.S. anti-ISIS campaign from the Inspectors General of the Department of Defense, Department of State, and US Agency for International Development.

The three classified programs are known as Operation Yukon Journey, the Northwest Africa Counterterrorism overseas contingency operation, and the East Africa Counterterrorism overseas contingency operation.

Detailed oversight of these programs is effectively led by the DoD Office of Inspector General rather than by Congress.

“To report on these new contingency operations, the DoD OIG submitted a list of questions to the DoD about topics related to the operations, including the objectives of the operations, the metrics used to measure progress, the costs of the operations, the number of U.S. personnel involved, and the reason why the operations were declared overseas contingency operations,” the joint IG report said.

DoD provided classified responses to some of the questions, which were provided to Congress.

But “The DoD did not answer the question as to why it was necessary to designate these existing counterterrorism campaigns as overseas contingency operations or what benefits were conveyed with the overseas contingency operation designation.”

Overseas contingency operations are funded as “emergency” operations that are not subject to normal procedural requirements or budget limitations.

“The DoD informed the DoD OIG that the new contingency operations are classified to safeguard U.S. forces’ freedom of movement, provide a layer of force protection, and protect tactics, techniques, and procedures. However,” the IG report noted, “it is typical to classify such tactical information in any operation even when the overall location of an operation is publicly acknowledged.”

“We will continue to seek answers to these questions,” the IG report said.

Reviving the Role of CRS in Congressional Oversight

The Congressional Research Service once played a prominent role in supporting oversight by congressional committees. Although that support has diminished sharply in recent years, it could conceivably be restored in a new Congress, writes former CRS analyst Kevin R. Kosar in a new paper.

In the past, CRS “closely assisted Congress in a myriad of major oversight efforts, including the Watergate investigation, the implementation of the Freedom of Information Act, and the Iran-Contra affair.”

But over time, Kosar writes, “CRS’ role in oversight declined due to various factors, most of which were out of its control. Congress changed. Congressional committees, particularly in the House of Representatives, lost capacity, and hyper-partisanism turned much oversight into political point-scoring rather than an exercise in governing that required expert assistance.”

See “The Atrophying of the Congressional Research Service’s Role in Supporting Committee Oversight” by Kevin R. Kosar, Wayne Law Review, vol. 64:149, 2018.

“CRS does not have to passively accept this fate,” said Kosar by email. His paper suggested various steps CRS could take to foster greater appreciation among committee leaders for the independent expertise CRS could provide.

CRS’s “raison d’être is to educate Congress, and it can engage its oversight and appropriations committees in a dialogue about the value of analysis and in-depth research. It can raise the issue of more extended oversight engagements and explain why they are valuable to Congress.”

“It is good for Congress, good for CRS staff, and good for the public to have nonpartisan experts more frequently and more deeply engaged in oversight,” he wrote.

Meanwhile, new and updated publications from CRS include the following.

Defense Primer: Lowest Price Technically Acceptable ContractsCRS In Focus, September 4, 2018

Federal Role in U.S. Campaigns and Elections: An Overview, September 4, 2018

Securities Regulation and Initial Coin Offerings: A Legal Primer, updated August 31, 2018

The “Flores Settlement” and Alien Families Apprehended at the U.S. Border: Frequently Asked Questions, updated August 28, 2018

Turkey: Background and U.S. Relations, updated August 31, 2018

Cuba: U.S. Policy in the 115th Congress, updated September 1, 2018

U.N. Report Recommends Burmese Military Leaders Be Investigated and Prosecuted for Possible GenocideCRS In Focus, September 4, 2018

India: Religious Freedom Issues, updated August 30, 2018

The Made in China 2025 Initiative: Economic Implications for the United StatesCRS In Focus, updated August 29, 2018

Questioning Judicial Nominees: Legal Limitations and Practice, updated August 30, 2018

SSCI Requires Strategy for Countering Russia

In its new report on the FY 18-19 Intelligence Authorization bill, published today, the Senate Select Committee on Intelligence would require the Director of National Intelligence “to develop a whole-of-government strategy for countering Russian cyber threats against United States electoral systems and processes.”

As if to underscore the gulf in the perception of the Russian threat that separates President Trump and the US intelligence community, the Senate Intelligence Committee comes down firmly on the side of the latter, taking “Russian efforts to interfere with the 2016 United States presidential election” as a given and an established fact.

The Senate report describes numerous other provisions of interest on election security, classification policy, cybersecurity, and more.

The House Intelligence Committee published its report on the pending FY18-19 intelligence authorization bill earlier this month.

The Aging Secrecy System Is “At a Crossroads”

Today’s national security classification system is unsustainable, says a new annual report to the President from the government’s Information Security Oversight Office (ISOO). It is “hamstrung by old practices and outdated technology” and a new, government-wide technology strategy will be required “to combat inaccurate classification and promote more timely declassification.”

The secrecy system has expanded to the point that it is effectively unmanageable and often counterproductive, ISOO indicated.

“Too much classification impedes the proper sharing of information necessary to respond to security threats, while too little declassification undermines the trust of the American people in their Government. Reforms will require adopting strategies that increase the precision and decrease the permissiveness of security classification decisions, improve the efficiency and effectiveness of declassification programs, and use modern technology in security classification programs across the Government,” the report said.

“We are at a crossroads” wrote ISOO director Mark Bradley in a May 31 letter to the President transmitting the report, which was made public today.

ISOO’s sense of urgency is reflected in the annual report itself, which strives to be more forward leaning and policy-relevant than many past ISOO reports. It goes beyond the recitation of (often questionable) statistics on classification activity to present a series of findings and recommended actions that it says are needed to restore the integrity of the system.

In addition to a call for development of a comprehensive new technology strategy for classification and declassification, ISOO specifically recommends adding a new budget line item for security classification in agency budget requests to help regulate and justify expenditures, and adding a public member to the Information Security Classification Appeals Panel to represent the broad public interest in that Panel’s work on declassification.

Some of the other recommendations in the report flag problem areas rather than advance solutions, and tend to do so in the passive voice: “Policies must be revised to improve the effectiveness and efficiency of automatic declassification.” How exactly should the policies be revised? Adopt a “drop-dead date” for classification? Eliminate agency referrals for older documents? Grant broad declassification authority to the National Declassification Center? The report doesn’t say.

Much of the data traditionally reported by ISOO regarding classification activity is suggestive but not truly informative. Just as one cannot judge the overall health of the economy from stock market averages, changes in the volume of classification activity say nothing about its quality or legitimacy. In 2017, ISOO found that original classification activity (production of new secrets) increased for the first time in four years. At the same time, derivative classification decreased. The significance of these developments, if any, is unclear.

But other ISOO findings in the new report are more interesting.

ISOO said that last year there were again hundreds of classification challenges presented by government employees who disputed the classification of particular items of information. Most of the challenges were denied, but in 8% of the cases (a small but non-negligible number) they were upheld and the classifications in question were overturned. Such classification challenges “serve a critical role by uncovering information improperly classified in the first instance,” the ISOO report said, providing “an internal check on the system.” Because the challenges are now mostly localized in just a few agencies, this practice has the potential to have far more impact in combating overclassification if it can be adopted and encouraged more widely across the executive branch.

The ISOO report summarized the results of the latest Fundamental Classification Guidance Review, which led to the cancellation of 221 security classification guides (out of 2,865 guides). The cancelled guides will no longer be available for use in classifying information.

ISOO also cast a favorable spotlight on the new approach to classification led by the National Geospatial-Intelligence Agency. NGA now requires written justifications for original classification decisions, along with a description of the damage that would result from unauthorized disclosure, and an unclassified paraphrase of the classified information. The resulting NGA classification guidance currently represents a “best practice” in classification policy, ISOO said. That is to say, it represents a model that could constructively be applied elsewhere in agencies that classify national security information.

The ISOO report also addressed escalating classification costs (which reached a new high in 2017), growing backlogs of mandatory declassification review requests, and the contentious implementation of Controlled Unclassified Information policy, among other topics.

Fixing the classification system is a slow and uncertain process, and some people don’t want to wait.

Sen. Doug Jones (D-Ala.) introduced legislation this week to accelerate the release of records concerning unsolved criminal civil rights cases from half a century ago. Some of those records, in his estimation, “remain classified unnecessarily.” So his bill (S. 3191) would work around that classification obstacle with an alternative approach. Modeled in part on the JFK Assassination Records Act of 1992, the bill would empower a panel of private citizens to review and decide on disclosure of the records.

Meanwhile, the Department of Defense recently issued a “request for information” about technology that could aid in the classification process. The desired technology “must be able to make real-time decisions about the classification level of the information and an individual’s ability to access, change, delete, receive or forward the information.” (FBO, NextGov, ArsTechnica)

Suppressed Afghanistan War Data Now Published

In January, the Department of Defense ordered the Special Inspector General for Afghanistan Reconstruction (SIGAR) not to publish certain data on areas of Afghanistan that were held by insurgents.

“This development is troubling for a number of reasons, not least of which is that this is the first time SIGAR has been specifically instructed not to release information marked ‘unclassified’ to the American taxpayer,” the SIGAR said in its January 2018 report to Congress.

But the Department of Defense soon reversed course, saying it was an error to withhold that information.

Last week, the SIGAR published an addendum to its January report that provided the previously suppressed data. In addition, a detailed control map and the underlying data for each of Afghanistan’s 407 districts were declassified and published. See Addendum to SIGAR’s January 2018 Quarterly Report to the United States Congress, February 26, 2018.

The basic thrust of the new data is that Afghan government control of the country is at its lowest reported level since December 2015, while insurgency control is at its highest.

“The percentage of districts under insurgent control or influence has doubled since 2015,” the SIGAR addendum said.

Budget Law May “Neuter” Intelligence Oversight

The new budget law that keeps the government open for the next three weeks includes a provision that would permit the transfer and spending of intelligence funds during that period without congressional authorization or approval.

“This language is troublesome for the [Senate intelligence] committee because it would authorize the intelligence community to spend funds ‘notwithstanding’ the law that requires prior authorization by the Senate Intelligence Committee or by the House Intelligence Committee,” said intelligence committee chairman Sen. Richard Burr on Monday.

“Effectively, the intelligence community could expend funds as it sees fit without an authorization bill in place.”

“Let me just say to my colleagues, a situation like this is untenable,” Sen. Burr said. “If you neuter the committee, you neuter our oversight.”

But efforts by Senator Burr and committee vice chairman Senator Mark Warner to modify the provision were blocked by Appropriations Committee chairman Sen. Thad Cochran. He said the controversial language “is included exactly as requested by the administration” and with his support the budget measure was enacted into law.

The provision was first reported last week by Ryan Grim in The Intercept.

The override of normal oversight requirements was requested by the Office of Management and Budget at the urging of the Pentagon, the Washington Examinerreported. See “Provision in shutdown-ending bill stokes fear of oversight-free intelligence spending” by Steven Nelson, January 23, 2018,

An unnamed congressional staffer told the paper that the change mainly pertains to missile defense funds and “does not give the intelligence community a blank check at all.” The staffer also contended that it does not materially affect the role of the intelligence committees.

But the chairman and vice chairman disagree.

“For the next 3 weeks we will have an inability to exercise, in our estimation, the tools that we might need,” Senator Burr said.

US Air Force Updates Policy on Special Access Programs

The US Air Force last month issued updated policy guidance on its “special access programs” (SAPs). Those are classified programs of exceptional sensitivity requiring safeguards and access restrictions beyond those of other categories of classified information.

See Air Force Policy Directive 16-7Special Access Programs, 21 November 2017.

The new Air Force policy makes provisions for internal oversight of its SAPs, as well as limited congressional access to SAP information under some circumstances.

Notably, however, the new Air Force directive does not acknowledge the authority of the Information Security Oversight Office (ISOO) to review and oversee its SAPs.

That’s an error, said ISOO director Mark Bradley.

The executive order on national security classification (EO 13526, sect. 4.3) explicitly says that “the Director of the Information Security Oversight Office shall be afforded access to these [special access] programs.”

Mr. Bradley said that ISOO would communicate the point effectively to the Air Force.

Executive Branch Oversight, Here & There

Government oversight can take diverse forms even among Western democracies.

A new report from the Law Library of Congress surveys the mechanisms of parliamentary oversight of the executive branch in Canada, Germany, Italy, Japan, Poland, Sweden, the United Kingdom, and the United States.

In Sweden, for example, “Any member of the public may ask the JO [Justitieombudsman, or parliamentary ombudsman] to investigate a breach of law committed by an agency or employee. The complaint must be made in writing and cannot be anonymous.”

The Law Library report does not provide comparative analysis, but simply presents a descriptive summary of each nation’s government oversight practices, with links to additional resources. Any policy conclusions to be drawn are left to the reader.

See Parliamentary Oversight of the Executive Branch, Law Library of Congress, August 2017.

Senate Intelligence Authorization Report Filed

Do the security clearance procedures that are used for granting access to classified information actually serve their intended purpose?

To help answer that question, the Senate Intelligence Committee mandated a review of security clearance requirements, including “their collective utility in anticipating future insider threats.”

See the Committee’s new report on the Intelligence Authorization Act for Fiscal Year 2018, filed September 7, 2017.

The report summarizes the content of the pending intelligence authorization bill (S. 1761), which was filed last month, and adds Committee comments on various aspects of current intelligence policy.

So, for example, “The Committee remains concerned about the level of protection afforded to whistleblowers within the IC and the level of insight congressional committees have into their disclosures.”

The central point of contention in the bill is a provision (sec. 623) declaring a sense of Congress “that WikiLeaks and the senior leadership of WikiLeaks resemble a non-state hostile intelligence service often abetted by state actors and should be treated as such a service by the United States.”

The provision had originally stated that WikiLeaks and its leadership “constitute” a non-state hostile intelligence service. But this was amended to replace “constitute” with “resemble”. That move might have attenuated the provision’s significance except that it went on to say — whether WikiLeaks constitutes or merely resembles a non-state hostile intelligence service — that the U.S. should treat it as such.

A hostile state-based intelligence service would presumably be subject to intense surveillance by the US. A competent US counterintelligence agency might also seek to infiltrate the hostile service, to subvert its agenda, and even to take it over or disable it.

Whether such a response would also be elicited by “a non-state hostile intelligence service” is hard to say since the concept itself is new and undefined.

“The Committee’s bill offers no definition of ‘non-state hostile intelligence service’ to clarify what this term is and is not,” wrote Sen. Kamala Harris, who favored removal of this language, though she said WikiLeaks has “done considerable harm to this country.”

Sen. Ron Wyden, who likewise said that WikiLeaks had been “part of a direct attack on our democracy,” opposed the bill due to the WikiLeaks-related provision.

“My concern is that the use of the novel phrase ‘non-state hostile intelligence service’ may have legal, constitutional, and policy implications, particularly should it be applied to journalists inquiring about secrets,” Sen. Wyden wrote in minority views appended to the report. “The language in the bill suggesting that the U.S. government has some unstated course of action against ‘non-state hostile intelligence services’ is equally troubling.”

Number of New Secrets in 2016 At New Low

Last year executive branch agencies created the fewest new national security secrets ever reported, according to an annual report published today by the Information Security Oversight Office (ISOO).

The number of new secrets — or “original classification decisions” — was 39,240 in 2016, an all-time low. The previous low of 46,800 was set in 2014. By comparison, more than 230,000 new secrets a year were being generated a decade ago. Since such record-keeping began in 1980, the total number never dropped below 100,000 until 2012. See 2016 Annual Report to the President, Information Security Oversight Office, July 2017.

While interesting and welcome from an open government viewpoint, the reported reduction in new secrets cannot bear too much interpretive weight. The figures cited by ISOO represent a compilation of dozens of estimates provided by individual agencies, based on sampling methods that are inconsistent and not always reliable.

Moreover, this statistical approach to secrecy oversight implies that all classification decisions are of equal significance. In actuality, some secrets may be of profound importance — politically, morally, historically, or otherwise — while many other secrets (such as administrative or technical details) will have little or no public policy interest. A simple numerical count of the number of classification decisions does not capture their relative meaning or value.

Still, assuming that the uncertainties and the ambiguities in the data have been more or less constant over time, the reduction in new secrets to a record low level is likely to reflect a real reduction in the scope of national security secrecy in the Obama years.

Classification Costs at a Record High

Meanwhile, however, the annual costs incurred by the classification system reached record high levels in 2016, the ISOO report said.

“The total security classification cost estimate within Government for FY 2016 is $16.89 billion,” ISOO reported, compared to $16.17 billion the year before. Classification-related costs within industry were an additional $1.27 billion.

Classification Challenges

Because decisions to classify information often involve subjective judgments about the requirements of national security and the potential of particular information to cause damage, such decisions are sometimes disputed even within the government itself. The classification system allows for classification challenges to be filed by authorized holders of classified information who believe that the information is improperly classified.

Last year, there were 954 such classification challenges, the ISOO report said, about the same number as the year before. Classification of the information was overturned in only about 17% of those challenges, however, compared to over 40% that were overturned the year before.

The classification challenge procedure is a potentially important internal oversight mechanism that is not yet fully mature or widely utilized. For some reason, the majority of classification challenges (496) last year originated at US Pacific Command, while only a single one emerged from the Department of Justice. In fact, ISOO found that about a quarter of all agencies do not even have a classification challenge program, though they are supposed to.

If such challenges could be promoted and accepted as a routine element of classification practice, they could serve to invigorate classification oversight and to provide an useful internal self-check.

The ISOO annual report also presented new data on declassification activity, the Interagency Security Classification Appeals Panel, agency self-inspections, controlled unclassified information (CUI), and other aspects of national security information policy.

ISOO director Mark A. Bradley, whose tenure as director began this year, told the President that in the next reporting cycle, “ISOO will focus on improving our methodology in data collection and will begin planning and developing new measures for future reporting that more accurately reflect the activities of agencies managing classified and sensitive information.”