The primary lesson that emerges from the unauthorized disclosures of classified intelligence information by Edward Snowden is that U.S. intelligence agencies must be more transparent in their operations, said Director of National Intelligence James R. Clapper yesterday.

“The major takeaway for us, certainly for me, from the past several months is that we must lean in the direction of transparency, wherever and whenever we can,” DNI Clapper told the Senate Intelligence Committee.

“With greater transparency about these intelligence programs the American people may be more likely to accept them,” he said, promising “further declassification.”

Another possibility, he acknowledged, is that even with greater transparency the American people will choose not to accept certain kinds of intelligence programs.

“If dealing with reduced capacities is what we need to ensure the faith and confidence of the American people and their elected representatives, then we in the intelligence community will work as hard as we can to meet the expectations before us,” DNI Clapper said.

Already, the Snowden disclosures have caused “profound damage” to U.S. intelligence, the DNI said.

“What Snowden has stolen and exposed has gone way, way beyond his professed concerns with so-called domestic surveillance programs. As a result, we’ve lost critical foreign intelligence collection sources, including some shared with us by valued partners.”

“Snowden claims that he’s won and that his mission is accomplished. If that is so, I call on him and his accomplices to facilitate the return of the remaining stolen documents that have not yet been exposed to prevent even more damage to U.S. security,” the DNI said.

The use of the word “accomplices” appeared to suggest that the DNI views the journalists who possess and report on the Snowden documents as Snowden’s partners in crime, and even as criminals themselves.

“Is it now the official view of the Obama administration that these journalists and media outlets are ‘accomplices’ in what they regard as Snowden’s crimes? If so, that is a rather stunning and extremist statement,” wrote Glenn Greenwald, who first reported on the Snowden releases last June.

But though it has never yet figured in an actual prosecution, the issue of criminal liability for journalists in this area is embedded in the law.

It’s true that there is no general legal prohibition on publication of classified information. (Congress passed such a statute in 2000, but President Clinton vetoed it.)

But there is a clear and specific prohibition on the willful disclosure of classified communications intelligence information. And that prohibition, in 18 U.S.C. 798, extends also to anyone who “publishes” such information.

What is “stunning,” or at least noteworthy, is that the Obama Administration has apparently made a strategic decision not to attempt to enforce this provision of the law against publishers of the Snowden documents. (It was invoked against Snowden himself as one of the three counts in a June 14, 2013 criminal complaint.)

It seems that even what the DNI called “the most massive and most damaging theft of intelligence information in our history by Edward Snowden and the ensuing avalanche of revelations published and broadcast around the world” is not sufficient to trigger the use of the criminal statute against publishers of classified communications intelligence. So that provision is effectively a dead letter, even if it still finds a faint echo in the DNI’s testimony before Congress.

Recent unauthorized disclosures of classified information might have been prevented if U.S. intelligence agencies “continuously evaluated the backgrounds of employees and contractors,” according to the House Permanent Select Committee on Intelligence (HPSCI).

In its new report on the FY 2014 intelligence authorization bill, the Committee would require intelligence agencies to “continuously determine whether their employees and contractors are eligible for access to classified information” by using all available transactional records and social media.

“Continuous evaluation allows the IC to take advantage of lawfully available government and public information to detect warning signals that the current system of five-year periodic reinvestigation misses,” the HPSCI report said.

“That information might include: foreign travel; reports of foreign contacts financial disclosure information; checks of criminal, commercial marketing, and credit databases; and other appropriate publicly available information.”

The recently developed concept of continuous evaluation (CE) “allows for a review at any time of an individual with eligibility or access to classified information or in a sensitive position to ensure that that individual continues to meet the requirements for eligibility,” said Brian Prioletti of the ODNI National Counterintelligence Executive at a November 13 hearing of the House Homeland Security Committee.

“As envisioned in the reformed security clearance process, [continuous evaluation] includes automated record checks of commercial databases, government databases, and other information lawfully available,” Mr. Prioletti said. “Manual checks are inefficient and resource-intensive. The C.E. initiative currently under development will enable us to more reliably determine an individual’s eligibility to hold a security clearance or a sensitive position on an ongoing basis.”

“There are a number of ongoing pilot studies to assess the feasibility of selected automated record checks and the utility of publicly available electronic information to include social media sites in the personnel security process,” he added.

“While we fully recognize the value of publicly available electronic information and its relevancy from an adjudicative perspective, there are resource, privacy, and civil liberty concerns that must be addressed as we incorporate such checks into our security processes,” Mr. Prioletti acknowledged.

Up Next: Continuous Monitoring

“Continuous evaluation” itself is just an interim stage, said Gregory Marshall, chief security officer at the Department of Homeland Security.  It is a stepping stone to the desired end state of “continuous monitoring,” which involves more extensive collection directed at the individual subject. [Update: This is a non-standard use of the term “continuous monitoring,” which normally refers to monitoring of information systems, not persons.]

“This administration’s recent information-sharing and safeguarding initiative, also known as Insider Threat, seeks to complement background investigations and continuous evaluation with continuous monitoring,” Mr. Marshall said. “This program will incorporate and analyze data in near-real time from a much broader set of sources. Its focus is the protection of classified information but its applicability to suitability and contractor fitness is evident.”

Indeed, the “applicability” of this approach to all sorts of concerns is evident. If leaks of national security information are deemed to be a counterintelligence threat, why wouldn’t the full arsenal of surveillance tools, including the NSA’s PRISM, be employed against them?

An NSA memorandum reported in the Huffington Post today noted that “vulnerabilities of character” revealed through intelligence gathering can be effectively used to discredit individual “radicalizers.”  In one particularly horrifying case, it was found that a suspect “publishes articles without checking facts.” (“Top-Secret Document Reveals NSA Spied On Porn Habits As Part Of Plan To Discredit ‘Radicalizers’,” by Glenn Greenwald, Ryan Gallagher, and Ryan Grim, November 26).

The Director of National Intelligence recently ordered a review to see whether the number of persons who hold security clearances — nearly 5 million persons — could be reduced. (“Obama Administration Looks to Scrub Security Clearance List” by Josh Gerstein, Politico, November 21).

That objective could be inadvertently advanced by efforts to ratchet up personnel security procedures. Facing continuous evaluation and the prospect of continuous monitoring, some individuals might decide to opt out of the security clearance system voluntarily.

A bill that is intended to strengthen the ability of reporters to protect their confidential sources would encourage damaging leaks of classified information, congressional opponents argue.

The Free Flow of Information Act (S. 987) was approved by the Senate Judiciary Committee on September 12 by a vote of 13-5.  The Committee’s report on the bill, which includes a lengthy dissent from several Republican Senators, was published late last week.

The Act would establish a “qualified” reporter’s privilege whose application would be limited in several respects.

So, for example, the privilege would not apply to “information obtained as a result of the journalist’s eyewitness observation of an alleged crime, or as a result of alleged criminal conduct by the journalist.” However, the Act’s protections would apply to leaks (“when the communication of the material is itself the alleged criminal conduct”).

But even with respect to leaks, the privilege would not be absolute, and disclosure of confidential source information could be required by a court under some circumstances, including the prevention of terrorism.

“In cases that involve alleged unauthorized disclosures of properly classified information (‘leaks’), the Act allows a court to compel the disclosure of confidential-source information where disclosure would assist in preventing or mitigating an act of terrorism or acts that are reasonably likely to cause significant and articulable harm to national security,” the new Committee report explained.

The bill’s limited scope of protection would “give generous berth for the Government to obtain the vital information that it needs in order to protect public safety,” the Committee report said. “At the same time, these provisions prevent journalists from becoming the witnesses of choice in civil and criminal cases.”

The Free Flow of Information Act has been criticized by some press freedom advocates because it presumes to define who is — and who is not — a covered journalist that is protected by the Act; or because it would actually validate official measures to compel disclosure of sources in some cases.

But neither these ambiguities nor the bill’s cautiously even-handed approach were sufficient to reassure opponents on the Senate Committee, who insisted that the legislation would wrongly protect leakers and foster more leaks.

“Instead of making it easier for investigators and prosecutors to bring to justice those who would imperil our national security, the Committee has endorsed legislation that would do the exact opposite by explicitly protecting leakers of classified information and increasing the burden on those who seek to bring these leakers to justice,” wrote Senators Jeff Sessions and John Cornyn in a dissenting statement appended to the Committee report.

“The cumulative effect of this burden would cripple the government’s ability to identify and prosecute leakers of classified information, and in the process would encourage more leaks that threaten national security.”

The bill “severely hinders the government’s ability to identify the sources of leaked classified information,” they complained. “Sources that hide behind journalists’ promises of confidentiality in order to perpetrate wrongdoings, such as the leaking of classified information, will receive protection under S. 987.”

In short, from the opponents’ perspective, “This bill sets forth special standards that place protecting a leaker’s identity ahead of the safety and security of the country.”

“It is axiomatic that if Congress protects leakers of classified and other sensitive information by passing S. 987, what will result is more leaks of classified information.”

“S. 987 will encourage leakers of classified or grand jury information to get away with clear violations of federal law, so long as the recipient of the information promises to keep the leaker’s identity a secret.”

“An individual who leaks classified or grand jury information commits a grievous crime and does not deserve the protection afforded by a journalist’s successful assertion of privilege. If leakers of classified or grand jury information are protected under S. 987, we believe that more leaks will result and it will be harder to prosecute them,” the dissenting Senators wrote.

Subpoena proceedings against reporter James Risen in the leak prosecution of former CIA officer Jeffrey Sterling have been stayed at Risen’s request pending a petition on the matter to the U.S. Supreme Court.

Although former State Department contractor Stephen Jin-Woo Kim will not go to trial before next year on charges of leaking classified information to Fox News reporter James Rosen, the pre-trial maneuvering by the prosecution and the defense is accelerating.

Prosecutors notified the court last week that their theories regarding the defendant’s motive for allegedly leaking classified information would not be presented at trial.  Meanwhile, the defense appears to be engaged in its own search for other potential leak suspects.

The prosecution had previously said it “planned to rely on three motive theories at trial.” But when the Court ruled that the defense was entitled to discovery of classified information regarding those theories, the government reconsidered its position.

“Because of the Intelligence Community equities implicated by the Court’s ruling, the United States hereby gives notice that it has elected not to rely on these motive theories at trial, thereby eliminating the basis for the defendant’s classified discovery demands related to motive…,” prosecutors said in an October 18 filing.

In another filing this week, the parties described a novel procedure they agreed upon by which the government would perform a search for a series of telephone numbers supplied by the defense– apparently in pursuit of alternate suspects or other exculpatory information.

“Defense counsel will provide … a list of telephone numbers, or telphone area codes and exchanges” and an independent team of reviewers “will compare the defendant’s list with the two days of government commercial telephone records… If any number on the defendant’s list overlaps with any number in the government commercial telephone records, the filter team will inform counsel for both parties…. If that comparison yields any hits, then the parties will discuss how to proceed,” the October 21 joint notice said.

In a Report on Review of News Media Policies last July, the Department of Justice had expressed its first hint of ambivalence about leak prosecutions, and had said that it would consider administrative penalties as an alternative to criminal trials:

“The Department will work with others in the Administration to explore ways in which the intelligence agencies themselves, in the first instance, can address information leaks internally through administrative means, such as the withdrawal of security clearances and imposition of other sanctions,” the Report said.

But no one should infer that there will be any discernable change in current or pending criminal trials.  “The DOJ Report does not purport to take a litigation position in this legal proceeding or any other,” prosecutors said in a September 30 filing in the Kim case.

In leak prosecutions, the punitive phase of the proceeding need not await the actual conviction of the defendant; it starts, in effect, right away.

“This has been a huge blow for me and for my entire family,” said Stephen Kim in an interview with the Korean publication The Hankyoreh on October 11. “I had to give up a job that I had liked. It also destroyed my marriage. My family had to spend all of the money they had saved up and even sell their house to pay my legal fees. I hardly have any remaining assets. Being brought to court and knowing that people believe I did something I didn’t actually do is a hurtful and painful experience. You cannot imagine what it’s like to be charged with a crime you didn’t commit,” he said.

Yesterday New York Times reporter James Risen sought a stay of a Fourth Circuit appeals court ruling that would require him to testify regarding a confidential source in the leak trial of former CIA official Jeffrey Sterling. He indicated his intent to petition the Supreme Court for relief. “The Government said that it takes no position on whether a stay should be granted.”

A new Department of Defense directive requires the Pentagon to notify Congress whenever a DoD official discloses classified intelligence to a reporter on an authorized basis, or declassifies the information specifically for release to the press.

The new directive on “Congressional Notification for Authorized Public Disclosure of Intelligence Information” applies to all components of the Department of Defense.

It was issued last week — despite the government shutdown — in response to a provision in the FY2013 Intelligence Authorization Act (section 504) that was passed by Congress last year as part of an effort to stem leaks of classified information.

The Senate Intelligence Committee explained then:  “This provision is intended to ensure that the intelligence committees are made aware of authorized disclosures of national intelligence or intelligence related to national security that are made to media personnel or likely to appear in the press, so that, among other things, these authorized disclosures may be distinguished from unauthorized ‘leaks’.”

Notification to Congress is required whenever the intelligence that is disclosed “is currently classified or if it is declassified for the purpose of the disclosure,” the directive states.  The reporting requirement does not apply to regular declassification activities, or to releases under the Freedom of Information Act or through litigation.

The new requirement casts a spotlight on the anomalous category of authorized disclosures of classified information, which would normally be considered a contradiction in terms.

Although there is an allowance for emergency disclosures of classified information in order to address an imminent threat (section 4.2b of executive order 13526), there is no recognized authority for non-emergency disclosures of classified intelligence to the press or to anyone who does not hold a security clearance and who has not signed a non-disclosure agreement. (Perhaps a lawyerly reading of the executive order would say that the prohibition against unauthorized disclosures of classified information to an uncleared person does not apply if the disclosure is authorized.)

In any case, official disclosures of classified information to the press — sometimes described as “authorized leaks” — are known to occur with some regularity.

What is unclear is what impact, if any, the new DoD directive will have on daily interactions with the press.  Will the Secretary of Defense actually file a report to Congress if he privately reveals a classified fact to a reporter?  That’s a little hard to imagine, though that’s what the law demands.  Or will the new reporting obligation instead serve to discourage authorized leaks to the press?

Because Congress imposed a one-year sunset on its new reporting requirement, the new DoD directive will expire on January 14, 2014, three months from now, unless it is renewed.  It will be interesting to see if even a single report of an authorized disclosure of classified intelligence is filed by then.

 

The leak by Edward Snowden of a classified order issued by the Foreign Intelligence Surveillance Court (FISC) helped to arouse significant public interest, said the Court itself in an opinion issued today. Further disclosures are now justified, the Court indicated.

“The unauthorized disclosure in June 2013 of a Section 215 order, and government statements in response to that disclosure, have engendered considerable public interest and debate about Section 215,” wrote FISC Judge F. Dennis Saylor IV in an opinion today regarding an ACLU motion for release of prior Court opinions concerning Section 215 of the USA Patriot Act.

Judge Saylor directed that any opinions not already subject to litigation under the Freedom of Information Act should now be reviewed for declassification.

“[Further] Publication of FISC opinions relating to this provision would contribute to an informed debate,” Judge Saylor added. “Publication would also assure citizens of the integrity of this Court’s proceedings.”

Yesterday, Director of National Intelligence James Clapper also acknowledged that the leaks, while damaging, had triggered an important debate.

“I think it’s clear that some of the conversations this has generated, some of the debate, actually needed to happen,” DNI Clapper said. “If there’s a good side to this, maybe that’s it.” (“Clapper: Snowden case brings healthy debate; more disclosures to come” by Ken Dilanian, Los Angeles Times, September 12.)

But if the unauthorized disclosure of a FISA Court order generated debate that “needed to happen,” that means that the original classification of the order had precluded a necessary public debate. If so, it follows that a thorough reconsideration of classification policy and practice is due.

Secret intelligence agency budget information was abundantly detailed in the Washington Post yesterday based on Top Secret budget documents released by Edward Snowden.  See “U.S. spy network’s successes, failures and objectives detailed in ‘black budget’ summary” by Barton Gellman and Greg Miller, Washington Post, August 29.

The newly disclosed information includes individual agency budgets along with program area line items, as well as details regarding the size and structure of the intelligence workforce.  So one learns, for example, that the proposed budget for covert action in FY2013 was approximately $2.6 billion, while the total for open source intelligence was $387 million.

Some of the information only confirms what was already understood to be true. The budget for the National Security Agency was estimated to be about $10 billion, according to a recent story in CNN Money (“What the NSA Costs Taxpayers” by Jeanne Sahadi, June 7, 2013). The actual NSA budget figure, the Post reported, is $10.8 billion.

And the involuntary disclosure of classified intelligence budget information, while rare, is not unprecedented.  In 1994, the House Appropriations Committee inadvertently published budget data for national and military intelligence, the size of the CIA budget, and other details. (“$28 Billion Spying Budget is Made Public by Mistake” by Tim Weiner, New York Times, November 5, 1994)

But the current disclosure of intelligence budget information dwarfs all previous releases and provides unmatched depth and detail of spending over a course of several years, based on original documents.  The disclosure is doubly remarkable because the Post chastely refrained from releasing about 90% of the Congressional Budget Justification Book that it obtained.  “Sensitive details are so pervasive in the documents that The Post is publishing only summary tables and charts online,” Post reporters Gellman and Miller wrote.

This is not a whistleblower disclosure; it does not reveal any illegality or obvious wrongdoing. On the contrary, the underlying budget document is a formal request to Congress to authorize and appropriate funding for intelligence.

But the disclosure seems likely to be welcomed in many quarters (while scorned in others) both because of a generalized loss of confidence in the integrity of the classification system, and because of a more specific belief that the U.S. intelligence bureaucracy today requires increased public accountability.

Though it has never been embraced as official policy, the notion of public disclosure of individual intelligence agency budgets (above and beyond the release of aggregate totals) has an honorable pedigree.

In 1976, the U.S. Senate Church Committee advocated publication of the total intelligence budget and recommended that “any successor committees study the effects of publishing more detailed information on the budgets of the intelligence agencies.”

In a 1996 hearing of the Senate Intelligence Committee, then-Chair Sen. Arlen Specter badgered DCI John Deutch about the need for intelligence budget secrecy.

“I think that you and the Intelligence Community and this committee have got to do a much better job in coming to grips with the hard reasons for this [budget secrecy], if they exist. And if they exist, I’m prepared to help you defend them. But I don’t see that they exist. I don’t think that they have been articulated or explained,” the late Sen. Specter said then.

Committee Vice Chair Sen. Bob Kerrey added: “I would concur in much of what the Chairman has just said. I do, myself, believe not only the top line, but several of the other lines of the budget, not only could but should, for the purpose of giving taxpayer-citizens confidence that their money is being well spent.”

In 2004, the 9/11 Commission itself recommended disclosure of intelligence agency budgets: “Finally, to combat the secrecy and complexity we have described, the overall amounts of money being appropriated for national intelligence and to its component agencies should no longer be kept secret” (at page 416, emphasis added).

These are clearly minority views.  They could have been adopted at any time — as disclosure of the aggregate total was — but they haven’t been.  (And even these voices did not call for release of the more detailed budget line items that are now public.)  And yet they are not totally outlandish either.

The initial response of the executive branch to the Washington Post story will be to hunker down, to decline explicit comment, and to prohibit government employees from viewing classified budget documents that are in the public domain.  Damage assessments will be performed, and remedial security measures will be imposed.  These are understandable reflex responses.

But in a lucid moment, officials should ponder other questions.

How can public confidence in national security secrecy be bolstered?  Is it possible to imagine a national security secrecy system that the public would plausibly view not with suspicion but with support, much as the strict secrecy of IRS tax returns is broadly understood and supported?  What steps could be taken to reduce national security secrecy to the bare minimum?

Looking further ahead, is it possible to devise an information security policy that is based on “resilience” to the foreseeable disclosure of secrets rather than on the fervently pursued prevention of such disclosure?

“Modern combat is chaotic, intense, and shockingly destructive. In your first battle, you will experience the confusing and often terrifying sights, sounds, smells, and dangers of the battlefield–but you must learn to survive and win despite them…. You must keep faith with your fellow Soldiers, remember your training, and do your duty to the best of your ability. If you do, and you uphold your Warrior Ethos, you can win and return home with honor.”

So begins the Introduction to a newly updated US Army Training Circular on The Warrior Ethos and Soldier Combat Skills (TC 3-21.75, August 2013, very large PDF file), which aims to communicate and instill core military values.

Another newly updated Pentagon publication presents joint doctrine on Homeland Defense (HD). It “defines and clarifies the domestic use of rules of engagement and rules for the use of force in HD operations.”  And it “Clarifies and elaborates thoroughly the role of planning for cyberspace operations and the duties involved.”

The document also provides lots of incidental details of interest, such as a reference to a previously unheard-of Presidential Policy Directive 10 on US Ballistic Missile Defenses.  “PPD-10 acknowledges that ballistic missile systems present an increasingly important challenge and threat to the security of the US, its deployed forces, and its allies and partners. PPD-10 provides policy and guidelines for the development and deployment of US BMDs.” See Joint Publication 3-27, Homeland Defense, July 29, 2013.

The Navy has issued new guidance to combat the Insider Threat, as the Army did last month.

The insider threat program places unauthorized disclosures (or “leaks”) on a par with espionage or terrorism, and prior to either of them in the official definition.  Thus an insider threat, as defined by the Department of Defense, is “a person with authorized access, who uses that access, wittingly or unwittingly, to harm national security interests or national security through unauthorized disclosure, data modification, espionage, terrorism, or kinetic actions resulting in loss or degradation of resources or capabilities.”  See Department of the Navy Insider Threat Program, SECNAV Instruction 5510.37, August 8, 2013.

 

“The recent disclosure of classified information regarding U.S. national security programs requires a thorough assessment of the current classification system,” wrote Rep. Duncan Hunter in a letter to the Government Accountability Office, the investigative arm of Congress.

The leaks by Edward Snowden, in other words, are a sign that there are serious problems in government secrecy policy.

In his June 19, 2013 letter, Rep. Hunter asked GAO to perform the desired assessment, and his request was endorsed by Rep. Martha Roby, chair of the House Armed Services Committee Subcommittee on Oversight and Investigations.  In a July 30 reply, GAO accepted the request and said it would “begin the work shortly.”

For Rep. Hunter, the starting point is a concern that unnecessary secrecy may put legitimate secrets at risk.  Overclassification is bad security policy.

“With access to classified information contingent on the issuance of security clearances, overclassification stands to dangerously expand access to material that should ordinarily be limited,” he wrote.  He therefore posed a series of questions that cover a range of classification policy issues.

He asked GAO to determine “the degree to which material is classified that does not materially impact national security.”  This is one definition of overclassification, though it is not one that is used or recognized by the executive branch.

Under the executive order on classification, a national security secret need not “materially impact national security.”  It is enough if its unauthorized disclosure could reasonably be expected to cause damage to national security in the judgment of a person who is authorized to classify.  If the authorized classifier’s judgment reflects bias, inertia, erroneous or incomplete information– well, the executive order has nothing to say about that.

The result, Rep. Hunter said in a news release, is that “There’s real classification inflation going on, putting information that should be available to the public out of view and creating a degree of exposure by widening access to sensitive information that should be limited.”

Rep. Hunter also asked GAO to review “the degree to which material is classified in excess of current security procedures,” which is another form of overclassification.  It refers to information that is be classified Top Secret when it should only be classified Secret, for example.

Rep. Hunter asked “Whether narrowing classification requirements would reduce the need for nearly 5 million individuals to hold security clearances, and whether reducing that number would limit security disclosures.”

It stands to reason that less classification would likely entail the need for fewer clearances and that a leaner secrecy and security system would be easier to manage with improved quality control.  But there is no particular reason to suppose that the number of leakers is directly proportional to the number of clearances.

Crucially, Rep. Hunter asked GAO to investigate “if there are accountability systems in place to review agency and employee classification decisions to identify persistent instances of overclassification.”  There aren’t!

While classification guidance is supposed to be reviewed by the classifying agency itself every five years, and there are isolated mechanisms for challenging specific classification decisions, there is no systemic procedure for independent review and correction of classification judgments.  There should be.  (An extended argument for impartial review of classification decisions is here.)

For good measure, Rep. Hunter asked GAO to consider “the degree to which excessive classification harms information sharing” and “the effectiveness of the process to declassify information.”

Though his request letter was broadly framed with respect to classification policy generally, it appears that the GAO response will focus on classification activity within the Department of Defense.  Rep. Hunter is a member of the House Armed Services Committee and Rep. Roby is a HASC subcommittee chair, and so DoD secrecy policy is clearly within their jurisdiction.

The unauthorized disclosures of classified information by Edward Snowden have presented numerous important issues of public policy.  Is bulk collection of telephone and email records an acceptable practice, or should it be categorically proscribed?  How did congressional oversight fail to accurately gauge and to effectively represent conflicted public sentiment concerning domestic surveillance?  What is to be done with the Foreign Intelligence Surveillance Court?

But Rep. Hunter identified secrecy policy as a deeper systemic problem that also requires a constructive response.  With the GAO’s new engagement, and with the ongoing work of agency Inspectors General under the Reducing Over-classification Act, secrecy policy is now receiving some long overdue attention that may yet yield corrective action.

The pending GAO review of secrecy policy was previously reported in “Manning, Snowden Trigger First-of-its-Kind Secrecy Review” by Shane Harris, Foreign Policy, July 31;  “‘Classification inflation’ at Pentagon under investigation: GAO” by Shaun Waterman, Washington Times, July 31;  “Too many classified papers at Pentagon? Time for a secrecy audit” by Anna Mulrine, Christian Science Monitor, August 2.

On July 30, a military judge found Army Pfc. Bradley Manning guilty of multiple violations of the Espionage Act and other laws because of his unauthorized disclosure of restricted government records to the WikiLeaks website.

On July 31, the Secretary of the Army formally established the Army Insider Threat Program. Remarkably, this is still a pending initiative rather than an accomplished fact.

The program “will ensure the security and safety of Army computer networks by establishing an integrated capability to monitor and audit user activity across all domains to detect and mitigate activity indicative of insider threat behavior,” wrote Army Secretary John M. McHugh in Army Directive 2013-18.

The directive requires development and implementation of “a technical capability to monitor user activity on the Secure Internet Protocol Router Network” used by Manning as well as on the Joint World Intelligence Communication System.

In order to facilitate the identification of insider threats, the directive authorizes the sharing of counterintelligence and a variety of other sensitive information, including personal medical information.  (“The Surgeon General will provide information from medical sources, consistent with privacy laws and regulations, to authorized personnel to help them recognize the presence of an insider threat.”)

The new Army directive was issued in response to a November 21, 2012 Obama White House memorandum on “National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs.”

Some government insider threat programs go beyond encouraging sensible security practices, and seem to promote free-ranging suspicion in the workplace.

A slide prepared by the Defense Information Systems Agency for an online training module on insider threats suggests that an employee who “speaks openly of unhappiness with U.S. foreign policy” may represent a risk.  (The only thing more troubling might be someone who speaks openly of happiness with U.S. foreign policy.)  See “Unhappy With U.S. Foreign Policy? Pentagon Says You Might Be A ‘High Threat'” by Matt Sledge, Huffington Post, August 7.

On June 21, 2013 the Director of National Intelligence issued Intelligence Community Directive 703 on “Protection of Classified National Intelligence, Including Sensitive Compartmented Information.”

The directive summarizes and re-states classified information security policy, including little-known facts such as: “The Director of the Central Intelligence Agency (CIA) provides SCI access determinations and Sensitive Compartmented Information Facility (SCIF) accreditation for the legislative and judicial branches of the U.S. Government.”

Newspapers can be held criminally liable for publishing secret information, according to a newly disclosed Office of Legal Counsel (OLC) opinion dating from World War II.  A reporter who writes a story based on defense secrets could be found to have violated the Espionage Act for revealing secret information, as could his editor and publisher.

“A reporter who kept or copied a Navy dispatch containing a list of Japanese ships expected to take part in an upcoming naval battle, and later submitted for publication a newspaper article with information from the dispatch, appears to have violated… the Espionage Act,” the 1942 OLC opinion said.

“Whether the managing editor and publisher of the newspaper that published the article might also be criminally liable under the Espionage Act depends on their intent and knowledge of the facts.”  See “Criminal Liability for Newspaper Publication of Naval Secrets,” Office of Legal Counsel, June 16, 1942.

Under the authority of the Attorney General, the Office of Legal Counsel provides authoritative legal advice to the President and to executive branch agencies. The 1942 OLC opinion has no binding legal force, and it does not necessarily represent executive branch views today. But it fills in a gap in the legal genealogy of leak prosecutions.  It also highlights the latent possibility under the Espionage Act of criminalizing not just leaks but also news reports based on them.

Although not named by OLC, the reporter whose actions prompted the opinion was Stanley Johnston of the Chicago Tribune. Based on a classified document that was shared with him by a naval officer, Johnston wrote a front-page story in the Tribune on June 7, 1942 identifying the Japanese order of battle and implicitly revealing that U.S. intelligence had been able to decrypt Japanese military communications. A grand jury was convened to investigate the matter but was disbanded at the request of the Secretary of the Navy in order to avoid further publicizing the disclosure.  (Gabriel Schoenfeld recounted the episode in his 2010 book Necessary Secrets.)

“The reporter’s conduct in taking and copying a dispatch of immense importance — as this one seems obviously to have been — is characterized by real turpitude and disregard of his obligations as a citizen,” the OLC opinion said. “It is hard to believe that any jury or judge would take a sympathetic view of his case, or seek to free him on any narrow view of the facts of the law. He thoroughly deserves punishment.”

In an assessment that may resonate in some quarters in the networked world of the following century, the OLC opinion said that the newspaper’s broad distribution aggravated the original offense to the point of evil.

“In this case, the vast circulation of the newspapers involved puts the reporter in a position where he must pause and consider the consequences of his act. At best, his conduct was reckless and negligent, rather than specifically intended to do harm. Yet the negligence and recklessness were of such magnitude as to be fairly characterized as criminal and evil…,” the OLC opinion said.

*    *    *

The Office of Legal Counsel opinion on potential criminal liability for newspapers appeared this month in an extraordinary new collection of previously unpublished OLC opinions written between 1933 and 1977. (Formal publication of OLC opinions did not begin until 1977.)

“This volume begins what the Office of Legal Counsel intends to become a continuing supplement to its primary series of published opinions, covering all years during which the Office has been in existence,” according to the Foreword by Virginia Seitz, the current head of OLC, and Nathan A. Forrester.

The contents of the volume are wonderfully rich and interesting.

A 1937 OLC opinion concludes, with evident regret, that there is no legal basis for censoring the broadcast of a speech by Leon Trotsky. “The Federal Communications Commission does not have statutory authority to censor the telephone transmission from Mexico into the United States of a speech by Leon Trotzky.”

A 1974 opinion recommends that the FBI exercise its discretion to release files concerning a New Left figure even though it may have a legal right to withhold the files:

“In the last analysis, the only policy reason for withholding most of the requested documents is to prevent a citizen from discovering the existence of possible misconduct and abuse of government power directed against him. In my view, this is not only no reason for asserting the exemption; it is a positive reason for declining to use it, even where other reasons for asserting it exist. The obtaining of information of this sort is perhaps the most important reason for which the Freedom of Information Act exists.” The opinion was signed by then-OLC head Antonin Scalia.

The “legality and practical consequences” of a U.S. blockade of Cuba are considered in a 1962 opinion, and the use of federal marshals to protect civil rights workers in Mississippi is discussed in a 1964 opinion.

Other OLC opinions treat the invasion of Cambodia during the Vietnam War, Watergate, and many other topics.  The whole collection is an unexpected feast of historical and legal scholarship that is surprisingly accessible to non-specialist readers.

“Notwithstanding that some of these opinions may no longer be good law, our hope is that all will prove to be of value to legal practitioners and legal historians. This volume was a labor of love and respect for the history, traditions, and people of OLC and the Department of Justice,” the OLC editors wrote.

In a new interpretation of the Espionage Act, a federal judge made it easier for prosecutors in leak cases to meet their burden of proof, while reducing protections for accused leakers.

Judge Colleen Kollar-Kotelly ruled that the prosecution in the pending case of former State Department contractor Stephen Kim need not show that the information he allegedly leaked could damage U.S. national security or benefit a foreign power, even potentially.  Her opinion was a departure from a 30-year-old ruling in the case of U.S. v. Morison, which held that the government must show that the leak was potentially damaging to the U.S. or beneficial to an adversary.  (In that case, Samuel L. Morison was convicted of unauthorized disclosure of classified intelligence satellite photographs, which he provided to Jane’s Defence Weekly. He was later pardoned by President Clinton.)

“The Court declines to adopt the Morison court’s construction of information relating to the ‘national defense’ insofar as it requires the Government to show that disclosure of the information would be potentially damaging to the United States or useful to an enemy of the United States,” Judge Kollar-Kotelly wrote in a May 30 opinion. The opinion was redacted and unsealed (in partially illegible form) last week.

The prosecution must still show that the defendant “reasonably believed” that the information “could be used to the injury of the United States or to the advantage of a foreign nation” and that the defendant “willfully” communicated it to an unauthorized person.  But it would no longer be necessary for prosecutors to demonstrate that the information itself could potentially damage national security or benefit an adversary.

The new ruling was a boon to prosecutors and a blow to the defense in the Kim case and perhaps other leak trials to come.

The Kim defense had argued that the requirement to show that the leaked information could cause at least potential damage was essential to a proper understanding of the Espionage Act statute.  Without it, defense attorneys argued, the Espionage Act would become something like an Official Secrets Act, enabling the government to punish disclosure of anything that was designated classified, even if it was improperly classified.  They cited a concurring opinion in the Morison case stating that its interpretation of the law was necessary “to avoid converting the Espionage Act into the simple Government Secrets Act which Congress has refused to enact.”

In a subsequent reply, the defense added that “The requirement that disclosure of the information be ‘potentially damaging’ is ‘implicit in the purpose of the statute and assures that the government cannot abuse the statute by penalizing citizens for discussing information the government has no compelling reason to keep confidential’ .”

“The Court should decline the government’s invitation to reject the leading Espionage Act cases of the past quarter century,” the defense urged.

But prosecutors insisted successfully that, contrary to the Morison court and other Fourth Circuit cases, there is no requirement in the statute to show that disclosure could cause harm. “By its terms, Section 793(d) [of the Espionage Act] does not require the United States to prove any harm, whether potential or not….”

In her ruling, Judge Kollar-Kotelly accepted the prosecution view.

“In cases like this which involve the alleged unauthorized disclosure of classified information, the Morison approach invites (if not requires) the jury to second guess the classification of the information,” she wrote in the newly disclosed May 30 opinion.

Although a review by the jury of the information’s classification might seem like a wholesome and necessary check on overclassification, Judge Kollar-Kotelly said it would lead to an “absurdity” — “The trial of the individual charged with unauthorized disclosure would be converted into a trial of the classifying party,” as she put it, citing an earlier precedent.

Moreover, “the Court was unable to locate a single case outside the Fourth Circuit employing this standard,” she wrote. The Morison case was tried in the Fourth Circuit, as was the AIPAC case, the Kiriakou case, and the still-pending Jeffrey Sterling case.

By imposing such a requirement, the Kim prosecutors said, the Fourth Circuit had arguably offered “more protection to defendants than required by [the Supreme Court].”

So for defendants who are accused of leaking classified information, it seems that the Fourth Circuit would be the most advantageous location in which to be tried.  Stephen Kim is on trial in the DC Circuit.

Several other rulings (and underlying pleadings) in the Kim case were unsealed last week, and they were discussed in the Washington Post (“Attorney for accused leaker says other U.S. officials may be responsible,” July 25) and Legal Times (“In Leak Case, Prosecutors Allowed to Keep Information Secret,” July 25).