In a new ruling with ominous implications for national security reporting, an appeals court said today that there is no reporter’s privilege that would allow New York Times reporter James Risen to decline to identify the source of classified information that he revealed in his book State of War.

Mr. Risen had been subpoenaed to testify in the leak prosecution of former CIA officer Jeffrey Sterling, who is accused of leaking information to Risen about a failed CIA operation against Iran’s nuclear program.  In 2011, the lower court had ruled that Risen would not be compelled to reveal his source.  The Fourth Circuit court of appeals today reversed that ruling.

“There is no First Amendment testimonial privilege, absolute or qualified, that protects a reporter from being compelled to testify by the prosecution or the defense in criminal proceedings about criminal conduct that the reporter personally witnessed or participated in, absent a showing of bad faith, harassment, or other such non-legitimate motive, even though the reporter promised confidentiality to his source,” said the majority ruling, written by Chief Judge William B. Traxler Jr.

“So long as the subpoena is issued in good faith and is based on a legitimate need of law enforcement, the government need not make any special showing to obtain evidence of criminal conduct from a reporter in a criminal proceeding. The reporter must appear and give testimony just as every other citizen must. We are not at liberty to conclude otherwise,” Judge Traxler wrote.

In a dissenting opinion, Circuit Judge Roger L. Gregory said the majority ruling was a fateful mistake.

“Our country’s Founders established the First Amendment’s guarantee of a free press as a recognition that a government unaccountable to public discourse renders that essential element of democracy — the vote — meaningless. The majority reads narrowly the law governing the protection of a reporter from revealing his sources, a decision that is, in my view, contrary to the will and wisdom of our Founders.”

“I find it sad that the majority departs from… our established precedent to announce for the first time that the First Amendment provides no protection for reporters,” Judge Gregory wrote.

“Under the majority’s articulation of the reporter’s privilege, or lack thereof, absent a showing of bad faith by the government, a reporter can always be compelled against her will to reveal her confidential sources in a criminal trial.”

“The majority exalts the interests of the government while unduly trampling those of the press, and in doing so, severely impinges on the press and the free flow of information in our society. The First Amendment was designed to counteract the very result the majority reaches today,” Judge Gregory wrote.

There is a permanent tension, if not an irreconcilable conflict, between a free press and the operations of national security.  The tension can be managed by the exercise of prudent self-restraint on both sides.  So, for example, news organizations do not publish all secret information they acquire, and the government does not exercise its full legal authority to penalize unauthorized publication.  But the tension can also be exacerbated, as in the present case, perhaps to a breaking point.

A national policy on “insider threats” was developed by the Obama Administration in order to protect against actions by government employees who would harm the security of the nation.  But under the rubric of insider threats, the policy subsumes the seemingly disparate acts of spies, terrorists, and those who leak classified information.

The insider threat is defined as “the threat that an insider will use his/her authorized access, wittingly or unwittingly, to do harm to the security of the United States.  This threat can include damage to the United States through espionage, terrorism, [or] unauthorized disclosure of national security information,” according to the newly disclosed National Insider Threat Policy, issued in November 2012.

One of the implications of aggregating spies, terrorists and leakers in a single category is that the nation’s spy-hunters and counterterrorism specialists can now be trained upon those who are suspected of leaking classified information.

The National Insider Threat Policy directs agencies to “leverag[e] counterintelligence (CI), security, information assurance, and other relevant functions and resources to identify and counter the insider threat.”

“Agency heads shall ensure personnel assigned to the insider threat program are fully trained in… counterintelligence and security fundamentals….”

Agency heads are directed to grant insider threat program personnel access to “all relevant databases and files” needed to identify, analyze, and resolve insider threat matters.

The National Insider Threat Policy was developed by the Insider Threat Task Force that was established in 2011 by executive order 13587.  The Policy document itself was issued by the White House via Presidential Memorandum on November 21, 2012 but it was not publicly released until last week.

The document was disclosed by the National Counterintelligence Executive (NCIX) after it was independently obtained and reported by Jonathan Landay and Marisa Taylor of McClatchy Newspapers. (“Obama’s crackdown views leaks as aiding enemies of U.S.,” June 20, 2013).

“The National Insider Threat Policy policy is intended to provide direction and guidance to promote the development of effective insider threat programs within departments and agencies to deter, detect, and mitigate actions by employees who may represent a threat to national security,” according to NCIX.

Among the activities mandated by the National Insider Threat Policy is the routine monitoring of user activity on classified government computer networks. “This refers to audit data collection strategies for insider threat detection, leveraging hardware and/or software with triggers deployed on classified networks to detect, monitor, and analyze anomalous user behavior for indicators of misuse.”

But a different sort of approach to combating leaks — an approach not represented in the Insider Threat Policy — would require an ongoing critical examination of the scope and application of official secrecy.  This view was articulated by the late Senator Daniel P. Moynihan when he said “If you want a secret respected, see that it’s respectable in the first place.”

“The best way to ensure that secrecy is respected, and that the most important secrets remain secret,” Sen. Moynihan said, “is for secrecy to be returned to its limited but necessary role. Secrets can be protected more effectively if secrecy is reduced overall.”

Hundreds of cases of unauthorized disclosures of classified information were under review by the Office of the Inspector General of the U.S. Intelligence Community as of last year, according to a 2012 report that was recently declassified.

“The Investigations Division [of the IC Office of the Inspector General] is reviewing 375 unauthorized disclosure case files,” said the report from Inspector General I. Charles McCullough, covering the period from November 2011 through June 2012 (at p. 16).

Most of these reviews pertained to disclosures which could not be criminally prosecuted for one reason or another, and which were therefore considered closed cases. Until recently, they were usually not investigated further.  But starting a year or so ago, the IC Inspector General began reviewing them in order to identify the leakers and to impose administrative sanctions where appropriate.

“The Investigations Division reviewed hundreds of closed cases from across the IC,” said the 2012 report, which was released under the Freedom of Information Act in redacted form (p. 10).

Leakers who cannot be prosecuted will not necessarily be off the hook, the IG said.

“Going forward, the division will engage in gap mitigation for those cases where an agency does not have the authority to investigate ([due to the overlap of] multiple agencies or programs) or where DOJ declined criminal prosecution.”

“The division will conduct administrative investigations with IG investigators from affected IC elements to maximize efficiencies, expedite investigations, and enhance partnerships,” the IC IG report said.

Intelligence agencies do not often disclose statistical information about leaks, but the reported figure of 375 leak cases exceeds previously reported levels by a considerable margin.

In 2010 the FBI said that intelligence agencies had submitted 183 referrals of incidents of unauthorized disclosure of classified information to the Department of Justice during a five year period from 2005 to 2009.  Those referrals resulted in 26 leak investigations, and the subsequent identification of 14 suspects. (“FBI Found 14 Intel Leak Suspects in Past 5 Years,” Secrecy News, June 21, 2010).

The newly disclosed Inspector General report also included several other points of interest regarding intelligence community policy.

The IG said that plans to generate auditable financial statements prepared by five intelligence agencies — CIA, DIA, NSA, NGA and ODNI — were not adequate.  “We found no reasonable assurance that based on the plans we reviewed, any of the five entities would be able to achieve an unqualified opinion on their FY 2015 or FY 2016 financial statements,” the IG report said.

The IG said that its Hotline for submitting complaints “provides a confidential and reliable source for IC employees and contractors and the public to report fraud, waste, and abuse. Since the stand up of the IC IG in November 2011, the Hotline has received 105 contacts from the IC and the general public,” the June 2012 report said.

Presidential Policy Directive 19 on Protecting Whistleblowers with Access to Classified Information, issued by President Obama in October 2012, is intended to enhance protections for intelligence community whistleblowers and to prohibit retaliation against them.  But it does not mention intelligence community contractors, observed Angela Canterbury of the Project on Government Oversight, and on its face, the Directive does not appear to extend protections to them.

The IC IG says it is well-positioned “to address the most critical problems facing the IC today. Information sharing, implementation of intelligence collection authorities under the USA PATRIOT Act and FISA Amendments Act, IC contractor fraud schemes, and unauthorized disclosures are just a few of the IC-wide issues that the IC IG will address,” the report said.

As a new wave of classified documents published by news organizations appeared online over the past week, the Department of Defense instructed employees and contractors that they must neither seek out nor download classified material that is in the public domain.

“Classified information, whether or not already posted on public websites, disclosed to the media, or otherwise in the public domain remains classified and must be treated as such until it is declassified by an appropriate U.S. government authority,” wrote Timothy A. Davis, Director of Security in the Office of the Under Secretary of Defense (Intelligence), in a June 7 memorandum.

“DoD employees and contractors shall not, while accessing the web on unclassified government systems, access or download documents that are known or suspected to contain classified information.”

“DoD employees or contractors who seek out classified information in the public domain, acknowledge its accuracy or existence, or proliferate the information in any way will be subject to sanctions,” the memorandum said.

In December 1974, when a previous program of secret government surveillance was revealed by Seymour Hersh in the New York Times, the ensuing public uproar led directly to extensive congressional investigations and the creation of new mechanisms of oversight, including intelligence oversight committees in Congress and an intelligence surveillance court.

The public uproar over the latest disclosures of secret domestic surveillance by The Guardian and the Washington Post different cannot produce a precisely analogous result, because the oversight mechanisms intended to correct abuses already exist and indeed had signed off on the surveillance activities.  Those programs are “under very strict supervision by all three branches of government,” President Obama said Friday.  In some sense, the system functioned as intended.

Nevertheless, all three branches of government performed badly in this case, by misrepresenting the scope of official surveillance, misgauging public concern and evading public accountability.

Official Dissembling and Misrepresentation

The executive branch has repeatedly issued misleading statements about its surveillance programs.

Sen. Ron Wyden asked DNI James Clapper at a March 12, 2013 hearing “Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?”

DNI Clapper replied “No, sir.” He added “Not wittingly. There are cases where they could, inadvertently perhaps, collect — but not wittingly.”

That was not an accurate statement.  Perhaps DNI Clapper misheard the question or misunderstood it, or perhaps he judged that denial was the proper course of action under the circumstances.  But he did not correct the record, and the false statement was left standing.  There is a price to pay in public credibility for such misrepresentation.

On other occasions, executive branch agencies promised declassification of information that they failed to deliver.

In 2010, the Justice Department and the Office of the Director of National Intelligence undertook to declassify opinions of the Foreign Intelligence Surveillance Court that contained “important rulings of law.”

At her 2011 confirmation hearing to be DoJ National Security Division director, Lisa Monaco Congress that “I will work to ensure that the Department continues to work with the ODNI to make this important body of law as accessible as possible….”

But no new Court opinions were ever declassified as a result of this initiative. “As accessible as possible” turned out to mean “not accessible at all.” (Move to Declassify FISA Court Rulings Yields No Results, Secrecy News, May 29, 2012).  Again, official words spoken in public were drained of meaning.

Suppressing Public Oversight

Congressional leaders have repeatedly blocked efforts to provide a modicum of new disclosure and accountability to government surveillance programs.

Some members of the House Judiciary Committee insisted last year that “The public has a right to know, at least in general terms, how often [this surveillance authority] is invoked, what kind of information the government collects using this authority, and how the government limits the impact of these programs on American citizens.”

But when an amendment to require unclassified public reporting on these topics was offered by Rep. Bobby Scott (D-VA), it was defeated 10-19.  For the majority in Congress, the public does not have a right to know these things, not even in general terms.  (Congress Resists Efforts to Reduce Secrecy, Secrecy News, August 6, 2012)

Modest amendments to the FISA Amendments Act offered by Senators Wyden, Udall and Merkley that were intended to increase public reporting and awareness of the scale of surveillance were likewise blocked in the Senate, which renewed the Act without changes. (Intelligence Oversight Steps Back from Public Accountability, Secrecy News, January 2, 2013).  Had these public accountability measures been incorporated into policy, a different future might have unfolded.

Judicial Overreach

Of the three branches, the judicial branch seems least culpable here, since the Foreign Intelligence Surveillance Court, which provides a measure of judicial review of surveillance operations, can only operate within the parameters sought by the executive branch and granted by Congress.

But even here there are concerns about official excess, specifically with respect to the Court order issued by Judge Roger Vinson and disclosed by The Guardian which directed Verizon Business Services to surrender all metadata records of its customers’ telephone calls.

“In our view, the Foreign Intelligence Surveillance Court simply lacks the legal authority to authorize this program of domestic surveillance,” wrote Marc Rotenberg and colleagues at the Electronic Privacy Information Center. They asked Congress to take steps to investigate and clarify the situation.

“The Foreign Intelligence Surveillance Court ordered an American telephone company to disclose to the NSA records of wholly domestic communications. The FISC lacks the legal authority to grant this order,” they argued.

Unchecked Secrecy

The common thread underlying all of these deviations from political integrity and public consensus is unchecked official secrecy.  Too much essential information on intelligence surveillance policy has been withheld from public access, thereby inhibiting public debate, precluding informed consent, and inspiring growing cynicism.

The appropriate response must include significant new declassification of surveillance policy and a thorough airing of the issues at stake.  Over the weekend, DNI Clapper made some helpful gestures in this direction.  But more is needed, beginning with release of the Administration’s legal interpretations of its surveillance authorities. In theory, everyone involved has an interest in restoring the credibility and effectiveness of an intelligence oversight system that has not lived up to public expectations.

“Now that the fact of bulk collection has been declassified, we believe that more information about the scale of the collection, and specifically whether it involves the records of ‘millions of Americans’ should be declassified as well,” said Senators Wyden and Udall on Friday. “The American people must be given the opportunity to evaluate the facts about this program and its broad scope for themselves, so that this debate can begin in earnest.”

A former CIA employee and NSA contractor named Edward Snowden identified himself as the source of the the serial revelations of classified documents concerning U.S. intelligence surveillance activities that were disclosed last week.

“I have no intention of hiding who I am because I know I have done nothing wrong,” he told The Guardian newspaper.

“I think that the public is owed an explanation of the motivations behind the people who make these [unauthorized] disclosures that are outside of the democratic model,” he told interviewer Glenn Greenwald in Hong Kong, where he has evidently taken refuge.

“When you are subverting the power of government– that’s a fundamentally dangerous thing to democracy.”

“I’m willing to go on the record to defend the authenticity [of these disclosures]. This is the truth.  This is what’s happening.  You should decide whether we need to be doing this,” he said of his disclosures.

In the history of unauthorized disclosures of classified information, a voluntary admission of having committed such disclosures is the exception, not the norm.  And it confers a degree of dignity on the action.  Yet it stops short of a full acceptance of responsibility. That would entail surrendering to authorities and accepting the legal consequences of “subverting the power of government” and carrying out “a fundamentally dangerous thing to democracy.”

There are occasions when breaching restrictions on classified information may be necessary and appropriate, suggested Judge T.S. Ellis, III of the Eastern District of Virginia in a June 2009 sentencing hearing for Lawrence Franklin, who pleaded guilty to disclosing classified information in the “AIPAC” case.  But in order to reconcile an unauthorized disclosure with the rule of law, he said, it must be done openly.

“I don’t have a problem with people doing that [disclosing classified information to the press] if they are held accountable for it…,” Judge Ellis said. “One might hope that, for example, someone might have the courage to do something that would break the law if it meant they’re the savior of the country; but then one has to take the consequences, because the rule of law is so important.”

“Simply because you believe that something that’s going on that’s classified should be revealed to the press and to the public, so that the public can know that its government is doing something you think is wrong, that doesn’t justify it. Now, you may want to go ahead and do it, but you have to stand up and take the consequences,” Judge Ellis said then.

The government declared today that the identity of the reporter to whom accused leaker Stephen Kim allegedly disclosed classified information is James Rosen of Fox News.  Mr. Rosen’s association with the case was publicly known for years.  But it was still classified.  Now it’s not.

“The United States hereby gives notice to the Court, defense counsel, and the defendant, that the following facts have been declassified,” prosecutors wrote in a pleading filed this morning. “The ‘reporter for a national news organization’ to whom the defendant is alleged to have made an unauthorized disclosure of national defense information, as charged in Count One of the Indictment, is James Rosen of Fox News.”

Mr. Rosen was controversially described in a recently revealed FBI affidavit as having acted in probable violation of the Espionage Act, and as a co-conspirator with the defendant, Mr. Kim.  His identity was known all along.  But as is all too often the case, declassification lags far behind the public record.

When the Central Intelligence Agency prepared its famous 1973 compilation of dubious and illegal Agency activities known as the “Family Jewels,” it included several instances in which reporters were tracked or monitored in order to identify their sources.  While these activities were technically “approved” by senior Agency officials, they also “conflict[ed] with the provisions of the National Security Act of 1947,” presumably since they exceeded CIA’s charter and jurisdiction.

But now, in the wake of recent developments involving seizure of Associated Press telephone records and the identification of Fox News reporter James Rosen as a purported co-conspirator in a leak of classified information, such once disreputable tracking of journalists threatens to become the new normal.

“At the direction of the DCI, a surveillance was conducted of Michael Getler of the Washington Post during the periods 6-9 October, 27 October-10 December 1971 and on 3 January 1972,” the Family Jewels document stated. “In addition to physical surveillance, an observation post was maintained in the Statler Hilton Hotel where observation could be maintained of the building housing his office. The surveillance was designed to determine Getler’s sources of classified information of interest to the Agency which had appeared in a number of his columns.”

Likewise, “At the direction of the DCI, surveillance was conducted of Jack Anderson and at various times his ‘leg men,’ Brit Hume, Leslie Whitten, and Joseph Spear, from 15 February to 12 April 1972. In addition to the physical surveillance, an observation post was maintained in the Statler Hilton Hotel directly opposite Anderson’s office. The purpose of this surveillance was to attempt to determine Anderson’s sources for highly classified Agency information appearing in his syndicated columns.” (“Surveillance of Journalists: A Look Back,” Secrecy News, September 19, 2012).

Those were seemingly rare and isolated incidents.  Although “DOJ and the FBI receive numerous media leak referrals each year, the FBI opens only a limited number of investigations based on these referrals,” the FBI told Congress in 2010 answers to questions for the record.  That is due in part to the fact that the FBI deliberately avoided investigations of news media organizations.

“We have interpreted DOJ’s formal policy on obtaining information from members of the news media, codified at 28 C.F.R. §50.10, as requiring that such leak investigations focus on potential leakers rather than reporters,” FBI Director Robert Mueller told the Senate Judiciary Committee. “While this policy appropriately balances the importance of First Amendment freedoms with the strong national security interest in keeping classified information from disclosure, it necessarily limits the prosecutor’s access to the reporter who received the sensitive information. In the rare case in which DOJ issues a subpoena to a reporter for information about the source of a leak, the information is not necessarily produced.” (“FBI Found 14 Intel Leak Suspects in Past 5 Years,” Secrecy News, June 21, 2010).

But today, any news organization that successfully “solicits” disclosure of classified information evidently must consider the possibility that the records of its communications will be subject to government review, contemporaneously or even long after the fact.  In the absence of congressional intervention to restore the previous status quo, the mere prospect of such monitoring will induce a dramatic change in the landscape of national security reporting, and in the character of all contacts between government officials and members of the public.

One thin line that has not yet been crossed is the prosecution of journalists for violating the Espionage Act by reporting classified information.

A Wall Street Journal editorial yesterday suggested oddly that such a prosecution had already occurred:  “We can recall only a single such prosecution of a journalist under the Espionage Act in 95 years,” the Journal editors wrote (“A Journalist ‘Co-Conspirator’,” May 20).  But this appears to be an error, and the editors did not identify the case they had in mind.

The nearest approach to the prosecution of a reporter or a news organization for violating the Espionage Act seems to have occurred during World War II when the Chicago Tribune published a story concerning Japanese war plans based on classified intelligence.  In 1942, a grand jury was convened at the request of the U.S. Navy to weigh charges against the Tribune or its reporter, Stanley Johnston, but the grand jury was soon disbanded. No charges were brought, and no prosecution ensued.  The episode was vividly recounted by Gabriel Schoenfeld in chapter 6 of his 2010 book Necessary Secrets.  Mr. Schoenfeld indicated via email today that he was not aware of any actual prosecutions of journalists under the Espionage Act.

A timeline of leak investigations involving journalists from 2003 to the present was presented by Shane Harris of the Washingtonian’s Dead Drop blog.

The possibility of indicting reporter Seymour Hersh in 1975 was raised by then-deputy White House chief of staff Dick Cheney, as described by PBS Frontline (h/t Ryan Goodman).  It was not pursued.

Leaks of classified information and the government’s responses to them are the subject of a new study by David Pozen of Columbia Law School.

The starting point for his examination is the “dramatic disconnect between the way our laws and our leaders condemn leaking in the abstract and the way they condone it in practice.”  How can this disconnect be understood?

Leaks benefit the government, the author argues, in many ways. They are a safety valve, a covert messaging system, a perception management tool, and more.  Even when a particular disclosure is unwelcome or damaging, it serves to validate the system as a whole.

This thesis may explain why the number of leak prosecutions is still lower than might be expected, given the prevalence of leaks, and why new legislative proposals to combat leaks have met with a lukewarm response from executive branch officials.

“The leak laws are so rarely enforced not only because it is hard to punish violators, but also because key institutional actors share overlapping interests in maintaining a permissive culture of classified information disclosures.”

The article is full of stimulating observations woven into an original and provocative thesis.  See The Leaky Leviathan: Why the Government Condemns and Condones Unlawful Disclosures of Information by David Pozen, to be published in Harvard Law Review.

In a memorandum to agency heads last week, President Obama transmitted formal requirements that agencies must meet in order “to deter, detect, and mitigate actions by employees who may represent a threat to national security.”

Along with espionage and acts of violence, the National Insider Threat Policy notably extends to the “unauthorized disclosure of classified information, including the vast amounts of classified data available on interconnected United States Government computer networks.” To combat such unauthorized disclosures, agencies are required to “monitor employee use of classified networks.”

The new standards, which have not been made publicly available [update: now available here], were developed by an interagency Insider Threat Task Force that was established by President Obama in the October 2011 executive order 13587, and they reflect the ongoing tightening of safeguards on classified information in response to the voluminous leaks of the last few years.

But the latest issuance also illustrates the superfluousness (or worse) of current congressional action concerning leaks.  Executive branch agencies do not need Congress to tell them to develop “a comprehensive insider threat program management plan,” as would be required by the Senate version of the pending FY2013 Intelligence Authorization Act (section 509).  Such plans will go forward in any case.

Sen. Ron Wyden has placed a hold on the pending intelligence bill, citing objections to several of the proposed anti-leak provisions contained in Title V of the bill. He said the proposed steps were misguided or counterproductive.

“I am concerned that they will lead to less-informed public debate about national security issues, and also undermine the due process rights of intelligence agency employees, without actually enhancing national security,” he said on November 14.  (See related coverage from FDL, POGO, LAT.)

The most problematic measures in the Senate bill are those intended to restrict contacts between reporters and government officials.

Senator Wyden said that legislative actions to limit the ability of the press to report on classified matters could undermine or cripple the intelligence oversight process.

“I have been on the Senate Intelligence Committee for 12 years now, and I can recall numerous specific instances where I found out about serious government wrongdoing–such as the NSA’s warrantless wiretapping program, or the CIA’s coercive interrogation program–only as a result of disclosures by the press,” he said.

*    *    *

The record of a July 2012 House Judiciary Committee hearing on National Security Leaks and the Law has recently been published.