Discipline and Punishment at the Department of Defense

The Pentagon has prepared a newly updated compilation of infractions that might be committed and prohibitions that might be violated by Department of Defense employees, together with the recommended punishments.

“Mishandling or failing to safeguard information or documentation that is classified,” for example, can entail punishment ranging from written reprimand to removal. See Disciplinary and Adverse Actions, Administrative Instruction 8, December 16, 2016.

The document’s Table of Offenses and Penalties does not include overclassification, faulty compliance with the Freedom of Information Act, or some other readily imaginable forms of misconduct.

But proscribed (and punishable) activities do include retaliation against whistleblowers (conduct unbecoming a federal employee), discourtesy (abusive language or gestures), and lack of candor or truthfulness.

You Could Look It Up: DoD Dictionary Updated

The newly updated edition of the Department of Defense Dictionary of Military and Associated Terms includes a new entry for “Improvised Nuclear Device.”

It is defined as “A device incorporating fissile materials designed or constructed outside of an official government agency that has, appears to have, or is claimed to be a nuclear weapon that is no longer in the control of a competent authority or custodian or has been modified from its designated firing sequence.”

The 400-page DoD Dictionary, now updated through 15 October 2016, is a useful reference for interpreting specialized military terminology and for decoding current acronyms, which are listed in a 120-page Appendix. But it is also a reflection of current DoD concerns and priorities.

Another new entry in the latest edition is for “resilience,” which here means “The ability of an architecture to support the functions necessary for mission success with higher probability, shorter periods of reduced capability, and across a wider range of scenarios, conditions, and threats, in spite of hostile action or adverse conditions.”

The update replaces prior editions which were designated Joint Publication 1-02. For unknown reasons, the JP 1-02 document format has been abandoned in the new edition, which is simply entitled DOD Dictionary of Military and Associated Terms.

Fixing Pre-Publication Review

As a condition of gaining access to classified information, many government employees agree to submit to official pre-publication review of any public statement they wish to make that is related to their government employment.

This procedure has long been a source of conflict and controversy, but over time the pre-publication review process has become increasingly onerous, internally contradictory, and disruptive.

As part of an ongoing dialog on the subject, I offered some thoughts on “Fixing Pre-Publication Review: What Should Be Done?” on the Just Security blog.

“Controlled Unclassified Information” Is Coming

After years of preparation, the executive branch is poised to adopt a government-wide system for designating and safeguarding unclassified information that is to be withheld from public disclosure.

The new system of “controlled unclassified information” (CUI) will replace the dozens of improvised control markings used by various agencies that have created confusion and impeded information sharing inside and outside of government. A proposed rule on CUI was published for public comment on May 8 in the Federal Register.

While CUI is by definition unclassified, it is nevertheless understood to require protection against public disclosure on the basis of statute, regulation, or agency policy. In many or most cases, the categories of information that qualify as CUI are non-controversial, and include sensitive information related to law enforcement, nuclear security, grand jury proceedings, and so on.

Until lately, “more than 100 different markings for such information existed across the executive branch. This ad hoc, agency-specific approach created inefficiency and confusion, led to a patchwork system that failed to adequately safeguard information requiring protection, and unnecessarily restricted information sharing,” the proposed rule said.

One of the striking features of the new CUI program is that it limits the prevailing autonomy of individual agencies and obliges them to conform to a consistent government-wide standard.

“CUI categories and subcategories are the exclusive means of designating CUI throughout the executive branch,” the proposed rule states. “Agencies may not control any unclassified information outside of the CUI Program.”

Nor do agencies get to decide on their own what qualifies as CUI. That status must be approved by the CUI Executive Agent (who is the director of the Information Security Oversight Office) based on an existing statutory or regulatory requirement, or on a legitimate agency policy. And it must be published in the online CUI Registry. There are to be no “secret” CUI categories.

Importantly, the CUI Program offers a way of validating agency information control practices pertaining to unclassified information. (A comparable procedure for externally validating agency classification practices does not exist.) But CUI status itself is not intended to become an additional barrier to disclosure.

“The mere fact that information is designated as CUI has no bearing on determinations pursuant to any law requiring the disclosure of information or permitting disclosure as a matter of discretion,” the new proposed rule said. The possibility that CUI information could or should be publicly disclosed on an authorized basis is not precluded.

More specifically, a CUI marking in itself does not constitute an exemption to the Freedom of Information Act, the rule said. However, a statutory restriction that justifies designating information as CUI would also likely make it exempt from release under FOIA.

One complication arises from the fact that simply removing CUI controls does not equate to or imply public release.

“Decontrolling CUI relieves authorized holders from requirements to handle the information under the CUI Program, but does not constitute authorization for public release,” the rule said. Instead, disclosure is only permitted “in accordance with existing agency policies on the public release of information.”

The upshot is that while there can be “controlled unclassified information” that is publicly releasable, there can also be non-CUI (or former CUI) information that is not releasable. The latter category might include unclassified deliberative materials, for example, that are not controlled as CUI but are still exempt from disclosure under the Freedom of Information Act.

More subtly, noted John P. Fitzpatrick, the director of the Information Security Oversight Office, there is a large mass of material that is neither CUI nor non-CUI– until someone looks at it and makes an assessment. In all such cases (other than voluntary disclosure by an agency), public access would be governed by the provisions and exemptions of the FOIA.

The genealogy of the CUI Program dates back at least to a December 16, 2005 memorandum in which President George W. Bush directed that procedures for handling what was called “sensitive but unclassified” information “must be standardized across the Federal Government.”

At that time, the impetus for standardization (which never came to fruition) was based on the need for improved sharing of homeland security and terrorism-related information. The initiative was broadened and developed in the 2010 Obama executive order 13556, which eventually led to the current proposed rule. Public comments are due by July 7.

New DNI Guidance on Polygraph Testing Against Leaks

Updated below

Director of National Intelligence James R. Clapper issued guidance this month on polygraph testing for screening of intelligence community personnel. His instructions give particular emphasis to the use of the polygraph for combating unauthorized disclosures of classified information.

Counterintelligence scope polygraph examinations “shall cover the topics of espionage, sabotage, terrorism, unauthorized disclosure or removal of classified information (including to the media), unauthorized or unreported foreign contacts, and deliberate damage to or misuse of U.S. Government information systems or defense systems,” the guidance states.

Such examinations “shall specifically include the issue of unauthorized disclosures of classified information during pre-examination explanations by incorporating a definition that explicitly states that an unauthorized disclosure means unauthorized communication or physical transfer of classified information to an unauthorized recipient.”

The polygraph administrator is further instructed to explain that an unauthorized recipient is any person without an appropriate clearance or need to know, “including any member of the media.”

See Conduct of Polygraph Examinations for Personnel Security Vetting, Intelligence Community Policy Guidance 704.6, February 4, 2015.

The use of polygraph testing to combat leaks has been a recurring theme in security policy for decades. Yet somehow neither leaks nor polygraph tests have gone away.

President Reagan once issued a directive (NSDD 84) to require all government employees to submit polygraph testing as an anti-leak measure.

In response, Secretary of State George P. Shultz famously declared in 1985 that he would quit his job rather than take the test. “The minute in this government I am told that I’m not trusted is the day that I leave,” Shultz told reporters.

Having forthrightly declared his position, Secretary Shultz was never compelled to undergo the polygraph test or to resign. “Management through fear and intimidation,” he said in 1989, “is not the way to promote honesty and protect security.”

From another perspective, the problem with polygraph testing has nothing to do with intimidation but with accuracy and reliability. There is at least a small subset of people who seem unable to “pass” a polygraph exam for reasons that neither they nor their examiners can discern. And there are others, such as the CIA officer and Soviet spy Aldrich Ames, who have been able to pass the polygraph test while in the espionage service of a foreign government.

Update: The polygraph provisions of NSDD 84 were quietly modified in 1984 and were never implemented.

DNI Issues Directive on “Critical Information”

The Director of National Intelligence last week issued a new directive on “critical information,” also denominated “CRITIC,” which refers to national security information of the utmost urgency.

“Critical information is information concerning possible threats to U.S. national security that are so significant that they require the immediate attention of the President and the National Security Council,” the directive explains.

“Critical information includes the decisions, intentions, or actions of foreign governments, organizations, or individuals that could imminently and materially jeopardize vital U.S. policy, economic, information system, critical infrastructure, cyberspace, or military interests.”

See “Critical Information (CRITIC),” Intelligence Community Directive 190, February 3, 2015.

Interestingly, any intelligence community official can designate information as “critical,” thereby hotlining it for Presidential attention. “Critical information may originate with any U.S. government official in the IC,” the DNI directive says.

Moreover, “CRITIC reporting may be based on either classified or unclassified information.” However, “CRITIC reporting should be based solely on unclassified information only if that information is unlikely to be readily available to the President and the National Security Council.”

The threshold for critical information is fairly high. It includes such things as a terrorist act against vital U.S. interests, the assassination or kidnapping of officials, a cyberspace attack that produces effects of national security significance, and so on.

Confusingly, the term critical information (CRITIC) is used differently in the Department of Defense.

According to the latest DoD Dictionary of Military Terms, “critical information” means “Specific facts about friendly intentions, capabilities, and activities needed by adversaries for them to plan and act effectively so as to guarantee failure or unacceptable consequences for friendly mission accomplishment. Also called CRITIC.”

Military Terms and Symbols

The U.S. Army has updated and doubled the size of its lexicon of military terminology. This is a fluid and rapidly evolving field. In fact, “changes to terminology occur more frequently than traditional publication media can be updated.”

The new Army publication extends beyond words to the use of symbols, including “hand drawn and computer-generated military symbols for situation maps, overlays, and annotated aerial photographs for all types of military operations.”

Though intended primarily for military personnel, this work is also useful for others who are seeking to understand and interpret Army records and military culture.

A “clandestine operation,” the Army document explains, is “an operation sponsored or conducted by governmental departments or agencies in such a way as to assure secrecy or concealment. A clandestine operation differs from a covert operation in that emphasis is placed on concealment of the operation rather than on concealment of the identity of the sponsor.”

However, “In special operations, an activity may be both covert and clandestine and may focus equally on operational considerations and intelligence-related activities.”

An “unauthorized commitment,” which surprisingly merits its own entry, is defined as “An agreement that is not binding solely because the United States Government representative who made it lacked the authority to enter into that agreement on behalf of the United States Government.”

See Army Doctrine Reference Publication (ADRP) 1-02, Terms and Military Symbols, February 2, 2015.

Sen. Markey to DoE: What About the James Doyle Case?

Senator Edward J. Markey asked the Secretary of Energy this week to expedite the investigation of the firing of James Doyle from Los Alamos National Laboratory, which occurred after Doyle published an analysis critical of U.S. nuclear weapons policy.

“I write to urge you in the strongest possible terms to quickly conclude your investigation into the recent termination of Dr. James E. Doyle, a nuclear security and non-proliferation specialist who had been employed at the Los Alamos National Laboratory (LANL) for 17 years,” Sen. Markey wrote.

“Dr. Doyle was terminated after an article he published crticizing the deterrence value of nuclear weapons was retroactively classified. At best, the Department of Energy’s (DOE) classification procedures are too vague to be uniformly applied. At worst, it appears that these classification procedures were used to silence and retaliate against those who express dissenting opinions,” he wrote.

The Doyle case generated significant controversy among his colleagues and others concerned with nuclear security policy.

In response to public concerns, the Department of Energy said it had initiated an Inspector General review of the case. But there has been no known follow-up to date.

Insider Threat Program Advances, Slowly

Nearly two years after President Obama issued a National Insider Threat Policy “to strengthen the protection and safeguarding of classified information” against espionage or unauthorized disclosure, the effort is still at an early stage of development.

Only last week, the U.S. Air Force finally issued a directive to implement the 2012 Obama policy. (AF Instruction 16-1402, Insider Threat Program Management). And even now it speaks prospectively of what the program “will” do rather than what it has done or is doing.

The new Air Force Instruction follows similar guidance issued last year by the Army and the Navy.

The Air Force Insider Threat Program includes several intended focus areas, including continuous evaluation of personnel, auditing of government computer networks, and procedures for reporting anomalous behavior.

“Procedures must be in place that support continuous evaluation of personnel to assess their reliability and trustworthiness,” the AF Instruction says.

Such continuous evaluation procedures may eventually sweep broadly over many domains of public and private information, but they are not yet in place.

“There are a number of ongoing pilot studies to assess the feasibility of select automated records checks and the utility of publicly available electronic information, to include social media sites, in the personnel security process,” said Brian Prioletti of the Office of the Director of National Intelligence in testimony before the House Homeland Security Committee last November.

The Air Force directive also encourages reporting of unusual behavior by potential insider threats.

“Insider threat actors typically exhibit concerning behavior,” the directive says. But this is not self-evidently true in all cases, and the directive does not provide examples of “concerning behavior.”

A Department of Defense training module recently identified expressions of “unhappiness with U.S. foreign policy” as a potential threat indicator, the Huffington Post reported last week. (“Pentagon Training Still Says Dissent Is A Threat ‘Indicator'” by Matt Sledge, August 4.) If so, that criterion would not narrow the field very much.

The “CORRECT Act” (HR5240) that was introduced last month by Rep. Bennie Thompson and Sen. Ron Wyden would require any insider threat program to meet certain standards of fairness and employee protection, and “to preserve the rights and confidentiality of whistleblowers.”

That message may have been partially internalized already. The terms “civil liberties” and “whistleblowers” are each mentioned four times in the eight-page Air Force Instruction.

Kakehashi Trip Report #4: JICA Officials Share Perspectives on the Security-Development Nexus in East Africa

During my independent research for the Kakehashi Project, I met with officials from the Japanese International Cooperation Agency (JICA) to discuss Japan’s development assistance to East Africa. We specifically addressed the emerging nexus between Japan’s security and development initiatives in the region.

Since 1967, the Government of Japan (GoJ) has been managing defense trade exports under the Three Principles on Arms Exports. The law was intended to avoid any possibility that Japanese arms exports would “aggravate international conflicts.” Under the Three Principles, the GoJ bans Japanese companies from making defense trade exports to: 1) communist bloc countries; 2) countries subject to arms exports embargo under United Nations Security Council Resolutions; 3) countries involved in or likely to be involved in international conflicts. The GoJ took additional steps in 1976 to establish blanket policy guidelines to further restrain defense trade exports to all other countries “in conformity with Japan’s position as a peace-loving nation.”

The Administration of Prime Minister Shinzo Abe is now working to change these laws in order to allow Japan to export military equipment to “international organizations such as those involved in U.N. peacekeeping operations on condition they do not take sides in conflicts.” This decision coincides with a growing trade deficit that is threatening to undermine Japan’s economic recovery. From this perspective, the defense trade exports are viewed to be as much a part of the Administration’s export promotion efforts as they are part of the country’s much debated military normalization process.

This brings us to the issue of capacity building in East Africa. One of the initiatives being pushed by the Abe Administration is to provide the littoral countries in the region with new capabilities to conduct counter-piracy operations. This includes the export of modern naval ships to the region and military training for their coast guards. According to JICA, these programs are likely to move forward but will present a challenge for the government because they raise delicate political sensitivities. In the case of the ships, the fact that they will be provided to civil authorities may not be enough. As modern naval vessels equipped with armaments, including machine guns, their export could enflame the domestic debate over the principles that ban arms export to any country since 1976 and the appropriate role for the military and defense industry in Japan today.

Djibouti serves as an interesting case because it has not traditionally been a major focus of JICA. However, the political context has changed since Japan opened its first semi-permanent overseas military base in Djibouti in 2011. That base, which supports counter-piracy and peacekeeping operations in the region, has raised the profile of Djibouti with politicians and defense officials. As a consequence, JICA has been required by the government to expand its operations in the country as part of Japan’s wider efforts to help secure vital trade and energy routes that pass through the region.

That said, JICA is designed to deliver development aid, not to provide military ships and training for security purpose. In other countries, this would typically fall to military defense cooperation agencies. However, it would be politically difficult for the Ministry of Defence to provide such assistance directly in Japan. While that could change once the export laws are changed and society is normalized to the military playing a bigger role in Japan’s foreign policy, JICA officials believe this will take some time. Until then, the GoJ will need to work through JICA and the Japanese Coast Guard to provide coast guard services within the extent that they remain civilian security services.

For JICA, this is a “delicate issue” because there is a lot of tension in a development agency to playing a direct role in supporting security operations in the region. The region poses serious dangers for JICA staff. The agency is not allowed to operate in Somalia due to security concerns in that country. And, its staff recently had to be evacuated from both South Sudan and Yemen. JICA is therefore aware of the challenge to provide naval vessels to coastal countries in these areas even though they are intended solely for civil law enforcement purposes.

According to one official, “In my personal opinion, this should be a military operation. JICA is a development assistance agency not a specialist in combatting piracy. We can get support from the Coast Guard, who has the expertise. But, they have the conflict in the Senakakus to manage” and might not have the capacity to support the operation on the scale imagined. JICA is therefore reticent to expand the scale of such programs.

Despite the organization’s reservations, JICA must nevertheless plan for follow through on the GoJ’s request to make these transfers when the export law changes go into effect. At present, JICA believes the first request will be for Djibouti. Even though the United States (U.S.) and United Kingdom (U.K.) would like Japan to send ships to Yemen, the situation there is too unstable. The Japanese Coast Guard and JICA have even stopped their training assistance to the Yemeni Coast Guard.

One official that I spoke with believes that the U.S. and U.K. are more experienced in these complex security environments and should take the lead. The official also said that Yemen is not the case for Japan to take on. Regardless of the operational security concerns, the Three Principles make it clear that Japan is not to export to countries engaged in international conflict. Given the international nature of terrorism and the number of actors engaged in the conflict in Yemen, that official felt that it is unlikely that Japan will provide naval vessels or further training to Yemen anytime soon.

However, Somalia is a potential candidate. In 2013, Japan resumed support to the new government in that country. This followed the Somali government’s perceived consolidation of power in the country. As a result of these changes, Somalia was invited to the Tokyo International Conference on African Development V (TICAD V). Japan is now investigating how to support counter-piracy capacity building in the country. While it is too early to consider the provisioning of a naval vessel to their coast guard, this request could follow. But, trust must be built first. And, there are still serious debates within the GoJ as to whether Japan should lead with security sector capacity building or social sector (education and health) capacity building. Right now, it is too early to tell which direction Japan will take.

However, JICA officials recognize that peace and security (P&S) will be a major focus for their organization moving forward. In TICAD V, the GoJ raised P&S to one of the most urgent areas of focus for development. This followed the deadly attacks in Algeria, which claimed the lives of 10 Japanese engineers. As a consequence of that incident, Abe made P&S a precondition for expanding Japanese business interests abroad. JICA is receiving requests from both the Japanese business community and the GoJ to promote increased peace and stability in Africa as part of the country’s export promotion agenda. Somalia and the Sahel are now viewed as two of the GoJ’s most important commitments in Africa.

The challenge for JICA is that Japanese development assistance traditionally starts from social sector capacity building and infrastructure development. Japan does not have deep experience in security sector capacity building and peace building operations when compared to other major powers. Even though Japan has developed an impressive record supporting U.N. peacekeeping operations in the last decade, this is a very recent shift in focus for Japan. JICA is therefore struggling to respond to the new P&S focus while simultaneously supporting its traditional development assistance programs around the world.

Looking ahead, how JICA responds will have a major impact on Japanese development assistance in Africa. Right now, piracy and terrorism are two important issues for the country. In fact, both piracy and Somalia were highlighted in Abe’s address at TICAD V. However, Japan’s support for counter-piracy operations in Africa is a very small percentage of its overall budget commitments and global strategy. JICA must therefore be careful not to undermine its other commitments.

Whereas Djibouti and Somalia have traditionally been lower priorities for JICA, Kenya remains the organization’s most important commitment in Africa. Since the 1960s, Japan has been engaged in projects in the country. And, according to one official, the Japanese people have developed a “psychological closeness” with Kenyans, Tanzanians, and Ethiopians in a way that’s unrivaled in the rest of Africa. In 2013, Japan committed $100 million in grants and technical cooperation to the country. Plus, Japan has made long-term aid commitments of $200-$300 million annually, including marquee projects like the Mombasa Port and Kenya’s modernization of power generation. While Japan is also talking to Kenya about providing naval vessels and training to its Coast Guard, these efforts pail in comparison to the larger infrastructure, agriculture, education, health, and environmental projects that JICA is leading in the country.

Another country of focus is Mozambique, where the GoJ sees huge potential for natural gas production. In the aftermath of the Fukushima incident and rising global competition for energy resources, such energy projects are of top priority for Japan. The GoJ has responded by tasking its ministries to focus on the country. JICA has responded by working with Mitsui Group and other private sector actors to secure oil exploration and development projects in the country. However, JICA recognizes that the relationship between the two countries must be built upon more than natural gas exports. JICA is therefore spearheading new projects in the infrastructure and agricultural sectors that could promote development in Mozambique that would make it possible for the country to play a role in Japan’s economic recovery and export promotion strategies. In this way, JICA is building a new import-export market for Japanese investors. The hope is that private sector actors will now follow and make long-term commitments to the country. If they do, Mozambique and Kenya could emerge as major lynchpins for Japanese investment on the continent.

This is the fourth in a series of reports related to the Japan Foundation’s Kakehashi Visit for Young Public Intellectuals from January 12-22, 2014. The author represented SOAS, University of London and the Federation of American Scientists as part of the Pacific Forum CSIS Young Leaders delegation.