Updated below

The report of a White House advisory group on intelligence surveillance said that reducing undue secrecy was one of its main objectives.

“A central goal of our recommendations is to increase transparency and to decrease unnecessary secrecy, in order to enhance both accountability and public trust,” the report of the President’s Review Group on Intelligence and Communications Technologies stated (p. 80). “Excessive surveillance and unjustified secrecy can threaten civil liberties, public trust, and the core processes of democratic self-government (p. 12)”

The Review Group specifically recommended that “detailed information” about legal authorities to compel disclosure about communications records be made public and that “general data” concerning orders to disclose telephone records and other business records be routinely disclosed as well (Recommendations 7-10).

In a more tentative, roundabout way, the report implied that the NSA program to collect telephone metadata in bulk should not have been classified.

“We recommend that the decision to keep secret from the American people programs of the magnitude of the section 215 bulk telephony meta-data program should be made only with due consideration of and respect for the strong presumption of transparency that is central to democratic governance. A program of this magnitude should be kept secret from the American people only if (a) the program serves a compelling governmental interest and (b) the efficacy of the program would be substantially impaired if our enemies were to know of its existence,” the report stated (Recommendation 11).

But the force of this recommendation is diminished by the fact that the proponents of the NSA telephony metadata collection program clearly believed that both of the stated criteria had been met in that case.

More generally, “There is a compelling need today for a serious and comprehensive reexamination of the balance between secrecy and transparency,” the Review Group stated (page 125).

But the adjectives — compelling, serious, comprehensive — are left to do most of the work here.  The proposed reexamination of national security secrecy policy is beyond the Review Group’s scope and is not to be found in this report.

“At the very least, we should always be prepared to question claims that secrecy is necessary,” the report said. “That conclusion needs to be demonstrated rather than merely assumed.”

Not only that, but “Part of the responsibility of our free press is to ferret out and expose information that government officials would prefer to keep secret when such secrecy is unwarranted.”

The Review Group’s most significant recommendation was that the NSA should no longer be permitted to routinely acquire telephone metadata of US persons in bulk, a step that if adopted would significantly transform existing intelligence surveillance programs.

“As a general rule…, the government should not be permitted to collect and store mass, undigested, non-public personal information about US persons for the purpose of enabling future queries and data-mining for foreign intelligence purposes,” the report stated (p. 17)

One way to appreciate the audacity of the Review Group is to compare its report with the original tasking that it received from President Obama in his August 12 memorandum to the Director of National Intelligence.

“The Review Group will assess whether, in light of advancements in communications technologies, the United States employs its technical collection capabilities in a manner that optimally protects our national security and advances our foreign policy while appropriately accounting for other policy considerations, such as the risk of unauthorized disclosure and our need to maintain the public trust,” the President wrote.

This was a weak formulation that barely specified a coherent problem.  But the Review Group took it and ran with it, filling in gaps along the way.

Although the President gave prominence in this one-sentence tasking to “unauthorized disclosure,” that term is only mentioned twice in the 300 page Review Group report (though a revamping of security clearance procedures is the subject of Recommendations 37-41). The matter of “public trust” seemed to be given greater weight and is referenced 18 times.

Meanwhile, although “civil liberties” was not mentioned in the President’s memorandum at all, it appears more than 50 times in the report. And “privacy,” which was likewise outside the Review Group’s explicit terms of reference, is mentioned well over 100 times.

As if to justify its somewhat expansive interpretation of its assignment, the Review Group argued that privacy is actually a type of security.

“The United State Government must protect, at once, two different forms of security: national security and personal privacy” (p. 43). If this seems contrived, the Review Group offered the Latin etymology of the word “securus,” which it claimed encompasses both physical security and personal privacy (p. 45). So…

At any rate, the Review Group exceeded expectations by providing an independent, critical assessment of the issues it was directed to review. Although its non-binding recommendations by themselves do not compel any changes, they already seem to have altered the policy landscape. And together with a December 16 court ruling that NSA bulk collection programs “likely violate the Fourth Amendment,” they appear to have substantially shifted the center of the debate.

Update: Although the President’s August 12 memorandum did not mention privacy or civil liberties, the White House press secretary issued an August 27 statement about the Review Group which did include these terms.

The President would have to prepare a written plan for responding to the possibility of an unauthorized disclosure of any CIA covert action program, according to a provision adopted last month by the House Permanent Select Committee on Intelligence.

The requirement was introduced by Rep. Jan Schakowsky (D-IL) and was adopted by voice vote in the pending FY 2014 Intelligence Authorization Act (section 307).

The measure represents an implicit acknowledgment that the secrecy of CIA covert action today cannot be assured or blithely assumed, particularly when compartmented intelligence programs are regularly reported in the press.

Covert action by definition is a CIA activity that is intended to be deniable and unattributable to the U.S. government.  Covert action is considered to be an option when public disclosure of the operation would render it unfeasible, diminish its utility, or generate adverse consequences for the United States.

The history of CIA covert action, which remains obscure in large part, includes some notable successes, such as the clandestine support of Poland’s Solidarity movement. But the record also includes terrifying failures, like the overthrow of Guatemala’s leadership in 1954, which inaugurated decades of violent oppression in that country.

Analysts and former intelligence officials (such as Greg Treverton, Roy Godson, and Loch Johnson) have long argued that covert action should never be undertaken without a degree of confidence that the American public would support it if it were known.

The Schakowsky provision would effectively force such consideration of public reaction by requiring officials to anticipate and plan for the unintended disclosure of each covert action program.

Although her amendment was adopted by the House Intelligence Committee without objection, Rep. Schakowsky ended up opposing the Committee markup of the FY2014 intelligence bill.  As explained in the Minority Views appended to the Committee report, she objected to the bill’s failure to ban so-called “signature strikes,” referring to the targeted killing of unknown persons based on their suspicious behavior, or signature.

Another proposal favored by Rep. Schakowsky but not adopted by the Committee would have required “an independent alternative analysis prior to striking a U.S. person.”

The latest report from the Inspector General of the Intelligence Community provides an updated (and largely redacted) snapshot of the IG’s investigative agenda.

During the nine-month period from July 2012 to March 2013, the IC IG internal hotline received 70 contacts or complaints from intelligence agency personnel, as well as 77 contacts from the general public.

Investigators conducted 75 investigations revealing some occasionally creative forms of misconduct. In one case, an ODNI employee “was operating a personal website on Government time using Government systems through which he solicited and received donations.” Another ODNI employee “attempted to improperly obtain a security clearance for a private citizen through the use of a no-cost contract.”

Three cases of suspected unauthorized disclosures were closed when they were found to be unsubstantiated. Two investigations of unauthorized disclosures remained open as of March 31.

Last month, IC Inspector General I. Charles McCullough III told Congress that his office could not perform an investigation of NSA surveillance programs because it lacked the resources to do so.

“While my office has the jurisdiction to conduct an IC-wide review of all IC elements using these authorities,” Mr. McCullough wrote in a November 5 letter to Senator Leahy and others, “such a review will implicate ongoing oversight efforts. Therefore, I have been conferring with several IC Inspectors General Forum members in order to consider how such a review might be accomplished given the potential impact to IG resources and ongoing projects.”

A new review by the Inspector General of the U.S. Environmental Protection Agency found that classified documents at the Agency are riddled with errors.

Because the EPA has a minuscule classification program that hardly generates any classified material, it may be seen as a microcosm of the larger classification system. Only eight original classifications have been approved since the EPA Administrator was given authority to classify by President Bush in 2002, with a modest number of derivative classifications based on those.

Even so, the Inspector General wrote, “Our review of both originally and derivatively classified documents generated by three offices found that the EPA does not sufficiently follow national security information classification standards.”

“Of the two originally classified documents we reviewed, portions of one needed different classification levels and the other contained numerical data that was incorrectly transferred from another document,” the IG report said.

Meanwhile, “None of the 19 derivatively classified documents we reviewed completely met the requirements of Executive Order 12356 and the implementing regulations.”

See EPA Does Not Adequately Follow National Security Information Classification Standards, Environmental Protection Agency Office of Inspector General, November 15, 2013.

Some of the IG’s objections seem persnickety.

“A classified paragraph portion was incorrectly marked as U/FOUO rather than as U//FOUO,” the report stated. This is considered a problem because “Having one versus two slashes can change the meaning.”

Other findings can easily be generalized to the entire classification system.

“EPA needs to declassify information in a timelier manner,” the IG said.

As with other agency IG reviews of classification policy required under the Reducing Over-Classification Act, the EPA Inspector General deliberately took a superficial view of the problem of overclassification. The IG review examined EPA compliance with existing classification policies and procedures. But it did not consider whether those policies and procedures are themselves to blame for widespread overclassification and, if so, how they ought to be changed.

Department of Defense special access programs (SAPs) will normally remain classified for at least 40 years, according to newly issued DoD SAP marking guidance.

SAPs are established to protect particularly sensitive government information by imposing access requirements that exceed those for other classified information.

“SAP documents, dated prior to January 1, 1982, shall be declassified on December 31, 2021,” the DoD marking guidance said. “SAP documents dated after January 1, 1982, shall be declassified on December 31 of the 40th year after the date of the document, unless it is reviewed and submitted for another extension.” See Special Access Program (SAP) Security Manual: Marking, DoD Manual 5205.07, vol. 4, October 10, 2013.

The use of special access controls by the Department of Defense has proved problematic over the years because it disrupts the oversight protocols that would otherwise be in effect.  DoD SAPs have produced several multi-billion dollar program failures, including the A-12 aircraft, the TSSAM missile, and others.

There is a substantial record of improper creation of SAPs at DoD, and failure to properly terminate them. A 1992 DoD Inspector General audit of one such program, for example, found that “the decision to protect the program using special program measures was not adequately justified” AND DoD “continued to safeguard its association with the technology for reasons that were not related to national security.”

Unfortunately, a recent DoD Inspector General report on Department classification policy completely failed to assess the current use of special access controls by DoD. It was one of several defects and omissions in the DoD IG report.  (“DoD Inspector General Report on Overclassification Misses the Mark,” Secrecy News, October 24, 2013.)

The Department of Defense Inspector General yesterday released its Evaluation of Over-Classification of National Security Information.  Unfortunately, the new report is superficial, incomplete and sheds little light on either the problem of overclassification or any potential solution.

Like other Inspectors General who have recently been evaluating classification policy under the Reducing Over-Classification Act, the DoD IG had to confront the fact that there is no generally accepted definition of overclassification. (See “What Is Overclassification?”, Secrecy News, October 21, 2013).

So the DoD IG review treats classification policy mainly as a procedural issue (how classification is performed) rather than a substantive one (what gets classified and why).

This is a limited though straightforward approach that lends itself to quantification. And there is no shortage of procedural faults in DoD classification activity. No less than 70% of all documents reviewed by the IG had “classification discrepancies,” such as faulty markings or citations to proper authority, the report said. Startlingly, “One-hundred percent of emails we reviewed contained errors in marking or classification.”

All of that is fine and interesting, but it is also beside the point.  The point is that the national security classification system has expanded beyond all consensus so that even the President of the United States has spoken of “the problem of over-classification.” The classification system is suffering a crisis of credibility, and it may be headed towards catastrophic failure.

According to a report last year from the congressionally-mandated Public Interest Declassification Board, “The classification system exists to protect national security, but its outdated design and implementation often hinders that mission. The system is compromised by over-classification….”

But if the classification system is “compromised by over-classification,” no one told the DoD Inspector General. Or maybe he neglected to ask. Although the Public Interest Declassification Board includes members with deep knowledge and experience of DoD classification policy (including former heads of the NRO and the NSA), the IG report does not acknowledge the Board’s work or contend with its findings.  Instead of advancing the debate, the IG report actually sets it back by ignoring established facts and prior analyses.

The IG report is also oblivious to current events. In recent years, including the period of the IG’s evaluation, the Department of Defense has suffered the most extensive and voluminous breaches of classification controls in its history. Remarkably, the perpetrators of those breaches (Manning and Snowden) expressed a perception that the information they released had been inappropriately classified and withheld from the public, and cited this as a motive for their actions. Strictly from a security policy point of view, it seems vital to evaluate such claims. Are similar perceptions widely held by others inside and outside the Department? And in retrospect, have such claims proved to be valid, even partially?  Unfortunately, the DoD Inspector General does not recognize any link between overclassification and unauthorized disclosures of classified information, and so such questions are neither asked nor answered in the report.

The DoD IG also has nothing to say about one of the most arresting failures of national security classification policy in recent memory, which is now transpiring: A December 2013 deadline set by President Obama himself (in 2009) for declassification and public release of the backlog of 25 year old historically valuable records will not be met.  This is a revelatory development. If the declassification process is not fully responsive even to direct presidential instruction, then it is truly broken and in need of repair. As the largest producer of classified records, the Department of Defense bears some responsibility for this problem, and also for its correction.  But lamentably, the DoD IG refused to engage, or even to acknowledge the problem. It is a missed opportunity.

In 1995 an earlier report from the DoD Inspector General was willing to admit that “The declassification process suffers from deficiencies that seriously impair its operation.”

But the latest DoD IG report does not even mention its own earlier finding, let alone any deficiencies or impairments in the operation of the declassification system, though these have arguably gotten worse as the volume of classified information has increased.

In fact, the new DoD IG report said it “did not evaluate declassification” at all. The entire topic was ignored. That is “because ISOO recently completed its five-year on-site assessment of agency declassification programs.” Readers of the IG report are referred to a scanty two-page summary in the latest annual report from the Information Security Oversight Office that did not even evaluate declassification productivity or efficiency.  Nor did the ISOO report address the imminent failure to complete the declassification and public release of the 25 year old backlog.

The DoD IG report also slights other important concerns, such as the disruptive effect of classification of nuclear weapons-related information under the Atomic Energy Act on the classification and declassification of other national security information. Instead of helping to chart a way forward towards simplification and reconciliation of the dual classification systems, the IG just says nothing on the subject.

In short, the new DoD Inspector General report on over-classification is a defective product. It should be rescinded and redone.

Withdrawal of a published IG report would be an extraordinary step, but it is warranted by the importance of the topic.

The DoD Inspector General could begin by consulting members of Congress and other inside and outside of government who have expressed dissatisfaction with DoD classification policy in order to understand their critique. The IG should review the existing literature on reform of classification and declassification practices (including its own prior work). The IG should assess the nature of the link between overclassification and unauthorized disclosures of classified information. It should diagnose the ongoing failure to timely declassify historically valuable records, and recommend appropriate changes. It should evaluate amendments to the Atomic Energy Act that may be needed to streamline and simplify the Department’s classification practices.

A more rigorous and probing Inspector General evaluation along those lines would be a service to the Department of Defense, to the government as a whole, and to the interested public.

When people criticize overclassification of national security information, what exactly are they talking about?  Is it too much secrecy?  The wrong sort of secrecy?  Classifying something at too high a level?  Oddly, there is no widely-accepted definition of the term.

But since the solution to overclassification, if any, will naturally be shaped by the way the problem is understood, it is important to specify the problem as clearly as possible.

In 2010 Congress passed (and President Obama signed) the Reducing Over-Classification Act, which mandated several steps to improve classification practices in the executive branch.  But in a minor act of legislative malpractice, Congress failed to define the meaning of the term “over-classification” (as it was spelled in the statute).  So it is not entirely clear what the Act was supposed to “reduce.”

Among its provisions, the Act required the Inspectors General of all classifying agencies to perform an evaluation of each agency’s compliance with classification rules.

To assist them in their evaluations, the Inspectors General turned to the Information Security Oversight Office (ISOO) for a working definition of overclassification that they could use to perform their task.  ISOO’s answer was cited by the Inspector General of the Department of Justice in its new report.  (Audit of DOJ’s Implementation of and Compliance with Certain Classification Requirements, Inspector General Audit Report 13-40, September 2013.)

“Over-classification,” according to ISOO, means “the designation of information as classified when the information does not meet one or more of the standards for classification under section 1.1 of Executive Order (EO) 13526.”  If something is classified in violation of the standards of the executive order– then it is “over-classified.”

So, for example, information that is not owned by the government, such as a newspaper article, cannot be properly classified under the terms of the executive order.  And neither can information that has no bearing on national security, such as an Embassy dinner menu.  And yet information in both categories has been known to be classified, which is indeed a species of overclassification.

Unfortunately, however, this ISOO definition presents the problem so narrowly that it misses whole dimensions of overclassification.

The most important and the most urgent aspect of overclassification pertains to classified information that does meet the standards for classification under the executive order, but that nevertheless should not be classified for one reason or another.

It is important to understand that the executive order on classification does not require the classification of any information at all. It is permissive, not mandatory.  It consistently says that information “may” be classified under certain circumstances, not that it “must” be classified.

(Even some government officials who should know better sometimes get this wrong.  The new DoJ Inspector General report states in passing that “Section 1.4 of EO 13526… includes intelligence sources or methods as a category of information that shall be classified” (p. 23, footnote 27, emph. added).  That’s a mistake.  Section 1.4 speaks of information that may or may not be “considered for classification,” including intelligence sources of methods, but it does not dictate the classification of such information.)

But while the executive order does not require classification of anything, it allows classification of an overwhelming, practically unlimited volume of information.  And it is within this permissible range of classification, far more than outside of it, that overclassification needs to be addressed.

The new Department of Justice Inspector General report didn’t grapple with this core problem.  It did find a surprisingly high number of errors in DOJ classification practices, including numerous errors in marking of classification records, as well as ignorance or misunderstanding of classification guidance (or faulty guidance), and inconsistencies in the application of classification controls.  These are serious administrative flaws, which should be amenable to improvement through training.  But fixing them will not do much to reduce overclassification.

Using the narrow ISOO definition of overclassification, the Justice Department Inspector General report said that it “did not find indications of widespread misclassification.”

But a more comprehensive and penetrating definition would have produced a different result, at DoJ and at other agencies.  Such an alternative definition might go something like this:

Overclassification refers to the classification of information that should not be classified, even if it falls within the scope of the executive order, because doing so interferes with some other critical function, such as a desirable process of information sharing, or because it precludes the possibility of public consent to major national security activities.

This contrasts with the ISOO definition in two important ways:  it applies to information that does meet the standards of the executive order, and it takes into account the adverse impact of classification on other important functions and values.  The contrast can be extended to actual (over)classification judgments.

So, for example, the use of simulated drowning as a CIA interrogation technique (“water boarding”) or the Justice Department legal reviews of the subject would not have been considered overclassified by the ISOO standard, since these are clearly within the scope of national security information defined by the executive order.  But they would be overclassified by the standard that requires an opportunity for public consent to major national departures from previously accepted norms.

Similarly, the bulk collection of American telephone records by the National Security Agency and the Justice Department opinions that seek to justify such collection would not be overclassified under the ISOO definition.  But they would be deemed overclassified under a standard that requires public consent to major intelligence initiatives affecting Americans’ own information.

On the other hand, not every mistaken classification decision is equally problematic, and many of them may be insignificant. If a particular component of a classified weapon program is classified Top Secret instead of Secret or Unclassified, it may not matter much at all.  But very often, classification decisions do matter a lot, and new efforts are needed to get them right.

When President Obama spoke of “the problem of over-classification” (in a May 27, 2009 memorandum), he almost certainly was not thinking of the kind of administrative errors in marking classified documents discovered by the DoJ Inspector General, but of something far more consequential.  It is a problem that still remains to be addressed in a systematic way.

If the classification process were exclusively a matter of information security, then it could be safely left to security professionals to implement as they see fit. But because the decision to classify often has broader implications for national policy and for democratic governance, it cannot properly be relegated to security officials alone;  even when applied in good faith, the security perspective by itself is too narrow. And so is any other singular perspective.

But if one grants that classification decisions often involve a multiplicity of important interests (or “equities”), then it follows that a broader, more consensual approach to classification is needed than the existing reliance on the judgment of individual classifiers can provide.  (I argued for such an approach here.)

In addition to the Department of Justice IG report, inspector general reports required under the Reducing Over-Classification Act have also been publicly released by the IGs of the Department of Homeland Security and the Department of Commerce. Others are pending.

Agency inspectors general “are now playing a significant role in monitoring national security practices curtailing individual rights,” according to a recent law review article on the subject.  “IGs are well suited to increase transparency, evaluate the propriety of national security conduct, and reform internal practices; on the other hand, their independence can be undermined, they may avoid constitutional questions, and they rely on political actors to implement reforms.”  See Protecting Rights from Within? Inspectors General and National Security Oversight by Shirin Sinnar, Stanford Law Review, Vol. 65, p. 1027, Spring 2013.

A new Department of Defense directive requires the Pentagon to notify Congress whenever a DoD official discloses classified intelligence to a reporter on an authorized basis, or declassifies the information specifically for release to the press.

The new directive on “Congressional Notification for Authorized Public Disclosure of Intelligence Information” applies to all components of the Department of Defense.

It was issued last week — despite the government shutdown — in response to a provision in the FY2013 Intelligence Authorization Act (section 504) that was passed by Congress last year as part of an effort to stem leaks of classified information.

The Senate Intelligence Committee explained then:  “This provision is intended to ensure that the intelligence committees are made aware of authorized disclosures of national intelligence or intelligence related to national security that are made to media personnel or likely to appear in the press, so that, among other things, these authorized disclosures may be distinguished from unauthorized ‘leaks’.”

Notification to Congress is required whenever the intelligence that is disclosed “is currently classified or if it is declassified for the purpose of the disclosure,” the directive states.  The reporting requirement does not apply to regular declassification activities, or to releases under the Freedom of Information Act or through litigation.

The new requirement casts a spotlight on the anomalous category of authorized disclosures of classified information, which would normally be considered a contradiction in terms.

Although there is an allowance for emergency disclosures of classified information in order to address an imminent threat (section 4.2b of executive order 13526), there is no recognized authority for non-emergency disclosures of classified intelligence to the press or to anyone who does not hold a security clearance and who has not signed a non-disclosure agreement. (Perhaps a lawyerly reading of the executive order would say that the prohibition against unauthorized disclosures of classified information to an uncleared person does not apply if the disclosure is authorized.)

In any case, official disclosures of classified information to the press — sometimes described as “authorized leaks” — are known to occur with some regularity.

What is unclear is what impact, if any, the new DoD directive will have on daily interactions with the press.  Will the Secretary of Defense actually file a report to Congress if he privately reveals a classified fact to a reporter?  That’s a little hard to imagine, though that’s what the law demands.  Or will the new reporting obligation instead serve to discourage authorized leaks to the press?

Because Congress imposed a one-year sunset on its new reporting requirement, the new DoD directive will expire on January 14, 2014, three months from now, unless it is renewed.  It will be interesting to see if even a single report of an authorized disclosure of classified intelligence is filed by then.

 

Kenneth L. Wainstein, the former head of the Justice Department National Security Division, was named to the Public Interest Declassification Board by Senate Minority Leader Mitch McConnell.

Mr. Wainstein is a smart guy and an honorable public servant. But he is not the first or second person most people might think of to help advance “public interest declassification.” In fact, the records that he classified as a Justice Department official or as President Bush’s Homeland Security Advisor might well be the object of such declassification.

But then the Public Interest Declassification Board itself, which advises the White House on declassification policy, is dominated by former government officials, including several intelligence agency leaders.  That has not prevented the Board from producing an important critique of declassification policy (Improving Declassification, 2008) and a more ambitious, somewhat less satisfactory report on classification policy (Transforming the Security Classification System, 2012).

“The members of the PIDB look forward to working with Mr. Wainstein as they continue their efforts to support a transformation of the security classification system,” the Board said in a blog posting.

A deeper problem is that the Obama White House appears to be incapable of acting on the recommendations from the Board, even though it requested them.  Nearly a year has passed since the Board’s last report, and no response from the White House has been forthcoming.  It’s not even clear who would be expected to respond– the National Security Advisor? the Homeland Security Advisor? the Director of National Intelligence (who also serves as “Security Executive Agent”)?

In the absence of effective White House action, Senators Jeanne Shaheen (D-NH) and James E. Risch (R-ID) have introduced legislation that builds on the 2012 PIDB report “to facilitate and enhance the declassification of information that merits declassification” (S. 1464).

The leak by Edward Snowden of a classified order issued by the Foreign Intelligence Surveillance Court (FISC) helped to arouse significant public interest, said the Court itself in an opinion issued today. Further disclosures are now justified, the Court indicated.

“The unauthorized disclosure in June 2013 of a Section 215 order, and government statements in response to that disclosure, have engendered considerable public interest and debate about Section 215,” wrote FISC Judge F. Dennis Saylor IV in an opinion today regarding an ACLU motion for release of prior Court opinions concerning Section 215 of the USA Patriot Act.

Judge Saylor directed that any opinions not already subject to litigation under the Freedom of Information Act should now be reviewed for declassification.

“[Further] Publication of FISC opinions relating to this provision would contribute to an informed debate,” Judge Saylor added. “Publication would also assure citizens of the integrity of this Court’s proceedings.”

Yesterday, Director of National Intelligence James Clapper also acknowledged that the leaks, while damaging, had triggered an important debate.

“I think it’s clear that some of the conversations this has generated, some of the debate, actually needed to happen,” DNI Clapper said. “If there’s a good side to this, maybe that’s it.” (“Clapper: Snowden case brings healthy debate; more disclosures to come” by Ken Dilanian, Los Angeles Times, September 12.)

But if the unauthorized disclosure of a FISA Court order generated debate that “needed to happen,” that means that the original classification of the order had precluded a necessary public debate. If so, it follows that a thorough reconsideration of classification policy and practice is due.

The end of the government’s fiscal year 2013 is just weeks away, but an intelligence authorization bill for fiscal year 2014 is nowhere in sight.  In past years, the House and Senate Intelligence Committees typically reported intelligence bills in late spring or early summer for House-Senate conference and floor action later in the year.  But this year, nothing.

On its homepage, the Senate Intelligence Committee website cites the Committee’s report on the fiscal year 2012 intelligence bill under the heading “recent action.”  But that report was issued in August 2011.  (The Committee website also offers a current compilation of YouTube videos that appear to reflect the use of chemical weapons in Syria.)

Though 2013 has become the most momentous year for intelligence policy in a generation, the Senate Intelligence Committee has not held any public hearings since a March threat briefing, and none at all on surveillance policy.  Americans seeking insight into the meaning of current intelligence controversies must look elsewhere.

Meanwhile, the House and Senate Judiciary Committees have each held stimulating hearings on intelligence surveillance, while the House Intelligence Committee offered a one-sided forum for government officials only.

Up to now, the machinery of intelligence policymaking has seemed poorly suited to coping with the Snowden-derived revelations that continue to emerge.

Confusingly, both the Privacy and Civil Liberties Oversight Board (PCLOB) and the ad hoc Review Group on Intelligence and Communications Technologies are delving into the privacy implications of intelligence surveillance, among other topics, and each has independently sought to engage interested members of the public.  But neither body has policymaking power or authority, and it is unclear how their findings and recommendations might eventually shape policy.

My initial comments to the Review Group are available here.

The Director of National Intelligence yesterday released several newly declassified opinions of the Foreign Intelligence Surveillance Court in response to FOIA lawsuits from the Electronic Frontier Foundation and the ACLU.  The voluminous materials shed new light on interactions between the FISA Court and the intelligence community, including what one Court opinion described as a “history of serious and widespread compliance problems.”

Yesterday, Chief Justice John Roberts appointed Judge William C. Bryson to succeed Judge Morris Arnold as the Presiding Judge of the U.S. Foreign Intelligence Surveillance Court of Review, following Judge Arnold’s retirement on August 31.  Judge José A. Cabranes was appointed to the Court of Review on August 9, 2013.  The appointment of a third judge to the Court is pending.

The Court of Review, which hears government appeals of unfavorable opinions from the Foreign Intelligence Surveillance Court, only rarely has occasion to meet.  It could not immediately be learned when the Court was last presented with a case.  The Rules of the Court of Review may be found in FISCR Order No. 1, January 22, 1980.

The subject of offensive cyber action by the U.S. government was classified for many years and was hardly discussed in public at all.  Then several years ago the possibility of U.S. cyber offense was formally acknowledged, though it was mostly discussed in the conditional mood, as a capability that might be developed and employed under certain hypothetical circumstances.

Today, however, U.S. offensive cyber warfare is treated as an established fact.  Not only that but, officials say, the U.S. military is pretty good at it.

“We believe our [cyber] offense is the best in the world,” said Gen. Keith B. Alexander, director of the National Security Agency and Commander of U.S. Cyber Command. His comments appeared in newly published answers to questions for the record from a March 2013 hearing of the House Armed Services Committee (at p. 87).

“Cyber offense requires a deep, persistent and pervasive presence on adversary networks in order to precisely deliver effects,” Gen. Alexander explained in response to a question from Rep. Trent Franks (R-AZ). “We maintain that access, gain deep understanding of the adversary, and develop offensive capabilities through the advanced skills and tradecraft of our analysts, operators and developers. When authorized to deliver offensive cyber effects, our technological and operational superiority delivers unparalleled effects against our adversaries’ systems.”

“Potential adversaries are demonstrating a rapidly increasing level of sophistication in their offensive cyber capabilities and tactics. In order for the Department of Defense to deny these adversaries an asymmetric advantage, it is essential that we continue the rapid development and resourcing of our Cyber Mission Forces.”

In response to another question for the record from Rep. James R. Langevin (D-RI), Gen. Alexander said that “Over the next three years we will train the Cyber Mission Forces that will perform world-class offensive and defensive cyber operations as part of our Cyber National Mission Teams, Cyber Combat Mission Teams and Cyber Protection Forces. We do not require additional authorities or resources to train the currently identified cyber professionals” (at page 85).

See Information Technology and Cyber Operations: Modernization and Policy Issues to Support the Future Force, hearing before the House Armed Services Committee, Subcommittee on Intelligence, Emerging Threats and Capabilities, March 13, 2013 (published July 2013).

At the time of his confirmation hearing before the Senate Armed Services Committee in 2010, Gen. Alexander was asked in a pre-hearing question, “Has the U.S. ever ‘demonstrated capabilities’ in cyberspace in a way that would lead to deterrence of potential adversaries?”  He replied (Question 15p):  “Not in any significant way.”

This seems to have been an incomplete response. Committee Chairman Sen. Carl Levin noted in questions for the record of Gen. Alexander’s confirmation hearing in 2010 that in fact offensive cyber capabilities had already been demonstrated: “Unfortunately, we also learned, after asking a specific question following the appearance of a Washington Post article reporting on an apparent offensive cyber operation, that DOD has undertaken a number of offensive cyber operations in the last several years, none of which was reported to the Armed Services Committees….”

On the vital question of oversight, Senator Levin asked:  “Lieutenant General Alexander, do you agree that it is appropriate that the Armed Services Committees be informed of all U.S. offensive cyber operations?”

Gen. Alexander provided an affirmative response, but in a way that altered the terms of the question:  “Yes, I agree that in almost all circumstances the Armed Services Committees should be informed in a timely manner of significant offensive cyber operations conducted by CYBERCOM.”