In preparing its recent report on the Section 702 surveillance program, the Privacy and Civil Liberties Oversight Board (PCLOB) demonstrated an unusual mode of declassification, in which one executive branch agency asks another agency to declassify information.

In this case, the process was remarkably productive, and it may offer a precedent for future declassification efforts.

“During the process of preparing this report we sought and obtained declassification of facts about this still highly classified [Section 702] program in order to allow us to put in context how the program operates and clarify some public misconceptions,” said PCLOB Chairman David Medine at a July 2 public meeting.

“As a result, over one hundred new facts were declassified by the government to provide needed context for the program’s operation,” he said.

In what the PCLOB staff termed a “lateral declassification” model, it was an executive branch agency (i.e., the PCLOB itself) — rather than Congress or members of the public — that pressed another government agency (ODNI, NSA, CIA, FBI or Justice) to declassify specific information.

Such an interagency request for declassification differs from the “referrals” that agencies routinely direct to one another. In those cases, the receiving agency is simply asked to review records to identify its own classified information (or “equities”) and then to advise the originating agency what must be withheld and what may be disclosed.

Here, the PCLOB didn’t merely ask agencies to screen for classified information under existing classification standards. It urged them to actually change those standards. And in more than 100 specific cases, the agencies did so.

Most of the declassified facts in the PCLOB Section 702 report are not specifically flagged as having been declassified at the Board’s request, and they may therefore be easily overlooked. A partial compilation of such newly declassified facts, prepared by a participant in the process, was obtained by Secrecy News.

Several features appear to have contributed to the efficacy of the lateral declassification approach.

For one thing, the requesting agency (the PCLOB) already possessed the requested information in classified form. So it knew exactly what it was asking for, and why it was asking for it to be declassified.

And then the fact that the declassification requests originated within the executive branch itself (the PCLOB is an independent executive branch agency) made it harder for the recipient agencies to ignore the request and easier for them to fulfill it.

By contrast, public requests through the Freedom of Information Act often seem to decline into an adversarial contest, in which the agency adopts a defensive posture and offers only minimal, grudging compliance with disclosure requirements.  (At CIA, one gets the impression that asking for a record to be declassified can make it less likely to be disclosed.) Requests from Congress also inevitably have a political overlay, and may be seen to serve an agenda that does not coincide with the Administration’s own.

But as part of the Administration, the PCLOB’s many declassification requests did not trigger the sort of immune response that any outside request would have done.

Of course, the PCLOB’s work, including its declassification proposals, did not take place in a vacuum.

“A lot of political wind was at our back,” said Peter Winn, acting general counsel for the Board.

Not only had related classified details entered the public domain through the Snowden disclosures, but calls for declassification of more information regarding current surveillance programs had been explicitly endorsed by the Director of National Intelligence and other senior officials.

Because of these competing factors, the role played by the Board’s “lateral declassification” approach cannot be precisely delineated or clearly distinguished from them.

But its apparent effectiveness is consistent with the productive declassification work performed by another executive branch body, the Interagency Security Classification Appeals Panel (ISCAP), which has declassified information in a large majority of the mandatory declassification review appeals presented to it.

Perhaps most important, the Board’s experience with declassification in the Section 702 report may serve as a precedent for similar initiatives in the future.

“For us, it’s a model,” said Sharon Bradford Franklin, executive director of the PCLOB.

She noted that more than 90% of the Board’s requests for declassification had been granted, and that they preceded completion of the Board’s report. (That is, the declassification actions were not predicated on any agency’s review of the Board’s conclusions or recommendations.)

Enough information about the 702 program was declassified that a classified annex — which had earlier been assumed to be necessary — turned out to be unnecessary, Ms. Franklin said.

She also credited the intelligence agencies for their diligent engagement and cooperation in the declassification process, as did the published PCLOB report.

“In the preparation of this Report, the Board worked with the Intelligence Community to seek further declassification of information related to the Section 702 program,” the report noted (at p. 3).

“Specifically, the Board requested declassification of additional facts for use in this Report. Consistent with the Board’s goal of seeking greater transparency where appropriate, the request for declassification of additional facts to be used in this Report was made in order to provide further clarity and education to the public about the Section 702 program.”

“The Intelligence Community carefully considered the Board’s requests and has engaged in a productive dialogue with PCLOB staff. The Board greatly appreciates the diligent efforts of the Intelligence Community to work through the declassification process, and as a result of the process, many facts that were previously classified are now available to the public.”

The final PCLOB report on the Section 702 program included several recommendations concerning transparency, including proposals for further specific declassification actions. Those proposals remain pending.

 

Updated below

The National Security Agency would be required to prepare an unclassified report on “all NSA bulk collection activities,” the Senate Appropriations Committee directed in its report on the Fiscal Year 2015 Department of Defense Appropriations bill, published yesterday.

The Committee told the NSA to prepare a report “describing all NSA bulk collection activities, including when such activities began, the cost of such activities, what types of records have been collected in the past, what types of records are currently being collected, and any plans for future bulk collection.”

Such a report would be expected to clarify whether NSA bulk collection extends beyond the acknowledged telephone metadata program in Section 215 of the USA Patriot Act.

The required report is to be “unclassified to the greatest extent possible,” the Senate Committee said.

In the reporting requirements that it imposed on NSA, the Senate Appropriations Committee notably went beyond what was required by the Senate or House Intelligence Committees.

The Appropriations Committee also directed NSA to submit additional reports on the total number of records acquired and reviewed by NSA in its bulk telephone metadata program over the past five years, and an estimate of the number of records of U.S. persons that have been acquired and reviewed in the telephone metadata program.

Another unclassified report is required to provide “a list of terrorist activities that were disrupted, in whole or in part, with the aid of information obtained through NSA’s telephone metadata program.”

A January 2014 report of the Privacy and Civil Liberties Oversight Board found that the Section 215 telephone metadata program had “minimal value in protecting the nation from terrorism.”

“We are aware of no instance in which the program directly contributed to the discovery of a previously unknown terrorist plot or the disruption of a terrorist attack,” the PCLOB report said.

In contrast to the Section 215 bulk telephone metadata program, the PCLOB said in a report this month that the Section 702 program to collect the communications of targeted non-U.S. persons abroad “has proven valuable in a number of ways to the government’s efforts to combat terrorism,” and that it had enabled the government to “discover previously unknown terrorist operatives and disrupt specific terrorist plots.”

The Board cautioned, however, that the 702 program “may allow a substantial amount of private information about U.S. persons to be acquired by the government, examined by its personnel, and used in ways that may have a negative impact on those persons.”

An estimate of the amount of such U.S. person information collected under the Section 702 program was not specifically required by the Senate Appropriations Committee.

Update: Identical reporting language was included by the Senate Appropriations Committee last year in its report on the FY2014 Defense Appropriations bill (h/t @byersalex), yet the required NSA reports were not produced.

At Emptywheel, Marcy Wheeler questions the utility of the proposed reports, particularly since the Senate Committee language lacks a clear, unambiguous definition of “bulk collection.”

The Director of National Intelligence has issued new guidance on assessing damage resulting from the unauthorized disclosure of classified intelligence information to ensure that the damage assessments “are produced in an efficient, timely, consistent and collaborative manner.”

Leak damage assessments should be used iteratively and the lessons learned from them should be applied “to strengthen the protection of classified national intelligence and prevent future unauthorized disclosures or compromises.”

In addition to the facts and circumstances of the unauthorized disclosure, damage assessments should identify “any foreign involvement” in the case and “actionable recommendations to prevent future occurrences.”

Where foreign partners are affected by the leak, agency heads shall coordinate with DNI “prior to notifying a foreign government.” Also, “foreign governments normally will not be advised of any security system vulnerabilities that contributed to the compromise.”

See “Damage Assessments,” Intelligence Community Directive 732, June 27, 2014.

The Office of the Director of National Intelligence released the “2013 Statistical Transparency Report” detailing the frequency of use of various intelligence surveillance authorities and the estimated number of targets affected by the surveillance.

While the reported numbers give some rough sense of the scale of intelligence surveillance — civil liberties groups said the estimated numbers are bound to be misleadingly low — the report provides no basis for evaluating the utility or legitimacy of the surveillance activities.

How many of the collection activities were authorized on the basis of erroneous information? How many actually produced useful intelligence? The report doesn’t say, and the raw numbers are not a substitute. If they were ten times higher, or ten times lower, we would be none the wiser.

(A supplemental response from ODNI to Senator Wyden was released today.)

See U.S. Phone Searches Expanded in 2013 by Siobhan Gorman, Wall Street Journal, June 27, and related coverage elsewhere (WashPost, Wired, Openthegovernment.org, Huffington Post).

From a secrecy policy point of view, perhaps the most intriguing feature of the new release is the unconventional timing of its declassification. The report is dated June 26, 2014 and was classified at the TOP SECRET/NOFORN level. But it says it was declassified by DNI Clapper three days earlier on June 23, 2014!

This temporally fluid approach to declassification could have many useful applications.

 

Congressman Rush Holt (D-NJ) devised an amendment to the 2015 Defense Appropriations bill that would earmark $2 million for investigation of intelligence community whistleblower complaints.  The amendment was approved by the House of Representatives on June 18.

The money was taken from the intelligence community management account and allocated to the IC whistleblowing and source protection directorate within the IC Office of the Inspector General.

“Currently, this directorate is literally a one-man operation,” Rep. Holt explained on the House floor.

“Given the fact that there are tens of thousands of Federal employees and contractor who work for the intelligence community elements, it is not realistic to expect the IC inspector general to be able to receive and investigate effectively any and all valid complaints from conscientious internal whistleblowers through a single investigator, no matter how talented that investigator may be.”

“This $2 million reallocation of funds will help the community whistleblowing and source protection directorate hire more needed additional investigators and support staff and will fund outreach and education efforts across the intelligence community,” Rep. Holt said. “This amendment will ensure that they have resources to respond to legitimate concerns.”

The amendment was approved on a voice vote.

Rep. Holt stressed the need for improved protections for intelligence agency whistleblowers in a May 30 op-ed we co-authored on MSNBC.com.

An Intelligence Community Directive that prohibited unauthorized contacts with the news media is overbroad and needs to be corrected, said Sen. Ron Wyden last week on the Senate floor.

“I will tell you, I am troubled by how sweeping in nature this is,” Senator Wyden said about the Directive, ICD 119, issued last March. (See Intelligence Directive Bars Unauthorized Contacts with News Media, Secrecy News, April 21).

“The new policy makes it clear that intelligence agency employees can be punished for having ‘contact with the media about intelligence-related information’,” he said. “Make no mistake about it, that is so broad it could cover unclassified information. It does not lay out any limits on this extraordinarily broad term that I have described.”

“My hope is we can get this corrected because I think it is going to have a chilling effect on intelligence professionals who simply want to talk about unclassified matters on important national security issues– such as how to reform domestic surveillance or whether our country should go to war,” Sen. Wyden said on June 12.

The new IC media policy was discussed on the NPR program On the Media on June 13.

 

In January 2008, the Bush Administration issued the Top Secret National Security Presidential Directive 54 on Cybersecurity Policy which “establishes United States policy, strategy, guidelines, and implementation actions to secure cyberspace.”

Despite its relevance to a central public policy issue, both the Bush and Obama Administrations had refused to release the Directive.

But last week, in response to a five-year Freedom of Information Act effort by the Electronic Privacy Information Center, the National Security Agency released a lightly redacted version of the document, most of which had been unclassified all along.

“This Directive, which is the foundational legal document for all cybersecurity policies in the United States, evidences government efforts to enlist private sector companies, more broadly monitor Internet activity, and develop offensive cybersecurity capability,” said EPIC in its release of the document.

Intelligence community whistleblowers would have been able to submit their complaints to the Privacy and Civil Liberties Oversight Board (PCLOB) under a proposed amendment to the intelligence authorization act that was offered last week by Rep. Tulsi Gabbard (D-HI).

This could have been an elegant solution to the whistleblowing conundrum posed by Edward Snowden. It made little sense for Snowden to bring his concerns about bulk collection of American phone records to the congressional intelligence committees, considering that they had already secretly embraced the practice.

The PCLOB, by contrast, has staked out a position as an independent critical voice on intelligence policy. (And it has an unblemished record for protecting classified information.) The Board’s January 2014 report argued cogently and at length that the Section 215 bulk collection program was likely unlawful as well as ineffective.

In short, the PCLOB seemed like a perfect fit for any potential whistleblower who might have concerns about the legality or propriety of current intelligence programs from a privacy or civil liberties perspective.

But when Rep. Gabbard offered her amendment to the intelligence authorization act last week, it was not voted down– it was blocked. The House Rules Committee declared that the amendment was “out of order” and could not be brought to a vote on the House floor.

Several other amendments on transparency issues met a similar fate. These included a measure proposed by Rep. Adam Schiff to require reporting on casualties resulting from targeted killing operations, a proposal to disclose intelligence spending at the individual agency level, and another to require disclosure of the number of U.S. persons whose communications had been collected under FISA, among others.

In dismay at this outcome, Rep. Rush Holt (D-NJ) and I lamented the “staggering failure of oversight” in a May 30 op-ed. See The House Committee on Intelligence Needs Oversight of Its Own, MSNBC.

The House did approve an amendment offered by Rep. John Carney (D-DE) to require the Director of National Intelligence “to issue a report to Congress on how to improve the declassification process across the intelligence community.” While the DNI’s views on the subject may indeed be of interest, the amendment failed to specify the problem it intended to address (erroneous classification standards? excessive backlogs? something else?), and so it is unclear exactly what is to be improved.

However, a more focused classification reform program may be in the works.

Rep. Bennie Thompson (D-MS), the ranking member of the House Homeland Security Committee, said that he would introduce “a comprehensive security clearance reform bill” that would also address the need to shrink the national security classification system.

The Thompson bill, which is to be introduced “in the coming weeks,” would “greatly expand the resources and responsibilities of the Public Interest Declassification Board,” Rep. Thompson said during the House floor debate on the intelligence bill on May 30.

“A well-resourced and robust Board is essential to increasing accountability of the intelligence community,” he said.

The population of Syria is 17,951,639, according to the CIA World Factbook.

That figure (oddly identified as a “July 2014” estimate) is wrong, according to everyone else.

The discrepancy was noted yesterday in the intelligence newsletter Nightwatch.

“NightWatch consulted six separate sources for the total population of Syria. They agreed that it is between 22 and 23 million people, not 17.9 million as indicated in the CIA World Factbook. There are about 7 million Syrians under voting age of 18 and more than 15 million registered voters,” the newsletter said.

“NightWatch relies on the CIA World Factbook as a standard reference for unclassified factual, baseline information, as does the Intelligence Community. On three occasions since 2006, NightWatch has found errors in the Factbook,” the newsletter added. “This was the third occasion.”

A Congressional Research Service report last month also cites a total Syrian population of “more than 22 million.”

Errors, of course, are to be expected– even, and especially, in intelligence publications. One great virtue of the CIA World Factbook is that it is a public document. This makes it possible for readers to identify such errors, to draw attention to them, and to promote their correction.

Of the many lessons to be learned from the unauthorized disclosures of classified intelligence information by Edward Snowden, one of them is that the congressional intelligence oversight process did not function properly in the years leading up to those disclosures.

It seems indisputable that the intelligence oversight committees did not accurately comprehend or effectively represent the full spectrum of public concern over intelligence surveillance practices. Had they done so, current efforts to limit or revise those practices would have been unnecessary.

But in its new report on the intelligence authorization act for Fiscal Years 2014 and 2015, the House Permanent Select Committee on Intelligence (HPSCI) does not pause for any kind of reflection, let alone self-criticism. It does not inquire why the intelligence oversight process has seemed inhospitable to the kinds of public concerns that emerged in Snowden’s wake. It does not consider whether the Committee’s own practices need to be altered to provide for greater public engagement. It does not even mention Snowden’s name, referring instead to “a former NSA contractor.”

Rather, the new intelligence bill’s primary response to the Snowden episode is to increase the rigor and intensity of current personnel security practices.

“Over the past year, massive unauthorized disclosures of classified intelligence information caused immense damage to our national security. The Intelligence Community might have been able to prevent those unauthorized disclosures if it continuously evaluated the backgrounds of employees and contractors,” the House Committee report asserted.

“Continuous evaluation allows the IC to take advantage of lawfully available government and public information to detect warning signals that the current system of five-year periodic reinvestigation [for renewal of security clearances] misses. That information may include: foreign travel; reports of foreign contacts; financial disclosure information; checks of criminal, commercial marketing, and credit databases; and other appropriate publicly available information,” the report said.

But the Committee did not explain how closer scrutiny of any of these categories of information could have prevented the Snowden disclosures. If Snowden is neither a spy nor in search of financial gain, then none of these factors would have assisted in anticipating or preventing his actions, and an altogether different type of response would be needed.  But the Committee was not prepared to consider that possibility.

The new House Committee report includes several other noteworthy features:

*  “The Committee’s concerns about insufficient intelligence funding… are exacerbated by the great expense necessary to remediate the damage from illegal disclosures of classified information.”

*  The House bill would require declassification review of documents collected in the May 2011 Abbottabad, Pakistan mission that killed Osama bin Laden.

*  The bill would elevate the Inspector General of the National Security Agency, making the position subject to presidential appointment and Senate confirmation.

*  The bill would require the President to establish a written plan for how to respond to an unauthorized disclosure of a covert action program.

*  The bill would require the Director of National Intelligence to submit an annual report to Congress on violations of law or executive order by Intelligence Community personnel.

 

“Emerging Intelligence Technologies” is the theme of the latest issue of the U.S. Army’s Military Intelligence Professional Bulletin (MIPB), January-March 2014.

“Rapid technology developments in response to urgent wartime requirements have brought the intelligence community (IC) some tremendous new capabilities. Advancement in the areas of biometrics, battlefield forensics, miniaturization, SIGINT terminal guidance, DCGS-A, and distributed processing have been vital to the success of Military Intelligence (MI) and the Army,” wrote Maj. Gen. Robert P. Ashley.

“This issue of MIPB looks at several of these capabilities and their integration into our formations.”

The new Bulletin was obtained under the Freedom of Information Act.

“Recent media reports have misconstrued ODNI’s policy for pre-publication of information to be publicly released,” according to a May 9 statement that was issued by the Office of the Director of National Intelligence.

The ODNI policy had been described in articles published in Secrecy News (ODNI Requires Pre-Publication Review of All Public Information, May 8) and in the New York Times (Intelligence Policy Bans Citation of Leaked Material by Charlie Savage, May 8).

ODNI said that the new pre-publication review policy was basically a consolidation of two previous policies (ODNI Instruction 80.14/2007-6, July 25, 2007, and ODNI Instruction 80.04, August 5, 2009) and that it represented nothing very new.

“The revised policy is not significantly different from the two previous policies,” the new ODNI statement asserted.

But that assertion is hard to understand, since the text of the revised policy appears significantly different from its predecessors in several respects.

First and foremost, the previous policies focused on protection of classified information, while the revised policy casts a much broader net.

“Pre-publication review is intended to prevent the disclosure of classified information,” according to the 2007 Instruction (emph. added).  Likewise, according to the 2009 Instruction, “Pre-publication review of material prepared for official dissemination is intended to prevent the disclosure of classified information.”

By unmistakeable contrast, however, the newly revised policy extends to all intelligence-related information, whether classified or not:

“The goal of pre-publication review is to prevent the unauthorized disclosure of information.”

That seems like a fairly significant difference.

Similarly, the 2007 Instruction presented a clear-cut “standard for review” applicable to former ODNI staff and contractors that is missing in the revised policy:

“Material proposed for publication or public dissemination will be reviewed solely to determined whether it contains any classified information,” the 2007 Instruction said.

No such limitation exists in the revised policy, which also includes review of unclassified information that may be “otherwise sensitive.”

Another significant difference pertains to informal interactions with the press and the public, which now appear to be far more constrained than they were in the past.

Thus, the 2007 Instruction said that “In informal situations where no prepared remarks are delivered” and which therefore cannot be reviewed in advance, “each individual… is responsible for remaining within the guidelines provided above.”

But the new policy, as written, no longer permits the use of an employee’s individual judgment or sense of responsibility in such situations.

“ODNI personnel expecting to engage in unstructured or free-form discussions… must prepare an outline of the topics to be discussed or the agenda to be followed…” to be submitted for official review.

The ODNI statement that was issued on May 9 asserted that this peremptory requirement was actually more flexible than it appeared:

“It is understood that there are times that former employees may receive calls for comment from the media, and there simply is not time to follow the pre-publication review process.”

However, the text of the new ODNI Instruction does not include any allowance for cases when “there simply is not time to follow the pre-publication review process.”  It says the process “must” be followed, without exception.

Moreover, “Failure to comply with this Instruction may result in the imposition of civil and administrative penalties, and may result in the loss of security clearances and accesses.”

By introducing such uncertainty (and danger) into ordinary contacts with the public and the press, ODNI is likely to discourage its employees from any contact — or to drive them into anonymity — and to encourage public cynicism, while further impoverishing public discourse on intelligence policy.

A superior approach would be to simply say that all ODNI employees are obliged to fulfill the terms of the non-disclosure agreements that they signed, and to leave it at that.

The May 9 ODNI statement was first obtained by Marty Lederman and published by him on the Just Security blog. ODNI then made it available. Charlie Savage reviewed the situation in Memo Revisits Policy on Citing Leaked Material, to Some Confusion, New York Times, May 9.