The Department of Homeland Security “is streamlining classification guidance and more clearly identifying categories of what can be released and what needs to remain classified,” according to a new report from the DHS Inspector General.

The Reducing Over-classification Act of 2010 required the Inspector General at each executive branch agency that classifies information to evaluate the agency’s classification practices and to report on the results by the end of September 2013.  The new DHS report is the first of the bunch to be published.  See Reducing Over-classification of DHS’ National Security Information, DHS Office of Inspector General Report OIG-13-106, August 2013.

The report sheds new light on DHS classification practices and provides some useful criticism, but it has a serious conceptual flaw.

The flaw lies in the report’s definition of the problem:  “Over-classification is defined as classifying information that does not meet one or more of the standards necessary for classification under Executive Order 13526.”

The problem is that this is a definition of misclassification, not over-classification.  If information does not meet the standards for classification — for example, if it is not government information — then its classification is simply a mistake, not an act of over-classification.  By using such a definition, the DHS IG fails to recognize the real dimensions of over-classification and overlooks its most vexing aspect:  the classification of information that arguably does meet the standards of the Executive Order but that need not or should not be classified.

Over-classification in this deeper sense is at the center of many current controversies over government secrecy policy.  Can the role of the CIA in targeted killing operations be acknowledged?  Should the fact of bulk collection of telephone metadata records by NSA have been admitted before it was leaked?  Though such information was eligible for classification under the Executive Order, the decision to classify it now appears questionable.

But such issues are unfortunately beyond the scope of the DHS IG report, which does not allow for the possibility that information could both “meet the standards necessary for classification under the Executive Order” and still be over-classified.  Not a single instance of such over-classification was identified.  Rather, the IG concluded that DHS has “successfully implemented all policies and procedures required” and thus “DHS has a strong [classification] program.”

Despite its limited conception of the problem, the IG report found some significant areas for improvement.  Notably, DHS classifiers have been using obsolete software to apply classification markings.  As a result, “59 of the 372 DHS we reviewed contained declassification, sourcing, and marking errors.”  A new Classification Marking Tool is currently being acquired by DHS.  Still, “eighty interviewees noted that they would like more hands-on training to ensure they could classify information properly.”

Curiously, the IG report found that DHS officials had an equivocal attitude towards efforts to challenge classification decisions.

“All persons interviewed knew and were trained on the process of formally or informally challenging a classification, but some stated that they would be reluctant to disagree with the originator’s classification.  They did not fear retribution from senior management, but they did not believe that they were experts in challenging classification” (p. 16).

However, DHS employees resisted the possibility of offering incentives to challenge classification decisions.  “When asked, 90 out of 100 DHS derivative classifier interviewees said that they believed offering incentives may lead to unnecessary challenges, and challenges will be raised not in the spirit of reducing classification but for incentive reasons” (p. 10).

Such skepticism is totally speculative, and ought to be tested in practice.  But instead of proposing a pilot program to validate or discredit the use of incentives for classification challenges, the DHS Inspector General unfortunately just dropped the subject.

The IG report found that DHS had successfully performed the Fundamental Classification Guidance Review, leading to a 39 percent reduction in the number of security classification guides.

The report also noted that the classification statistics reported by DHS to the Information Security Oversight Office “may not be accurate,” and DHS officials acknowledged that there are “long-standing issues associated with the reliability and accuracy” of the reported numbers.

Despite its limitations, the DHS IG review seems to have been a useful exercise that focused new attention on the Department’s classification activities.  Additional reports from other agencies that conduct much larger classification programs are expected shortly.

“The recent disclosure of classified information regarding U.S. national security programs requires a thorough assessment of the current classification system,” wrote Rep. Duncan Hunter in a letter to the Government Accountability Office, the investigative arm of Congress.

The leaks by Edward Snowden, in other words, are a sign that there are serious problems in government secrecy policy.

In his June 19, 2013 letter, Rep. Hunter asked GAO to perform the desired assessment, and his request was endorsed by Rep. Martha Roby, chair of the House Armed Services Committee Subcommittee on Oversight and Investigations.  In a July 30 reply, GAO accepted the request and said it would “begin the work shortly.”

For Rep. Hunter, the starting point is a concern that unnecessary secrecy may put legitimate secrets at risk.  Overclassification is bad security policy.

“With access to classified information contingent on the issuance of security clearances, overclassification stands to dangerously expand access to material that should ordinarily be limited,” he wrote.  He therefore posed a series of questions that cover a range of classification policy issues.

He asked GAO to determine “the degree to which material is classified that does not materially impact national security.”  This is one definition of overclassification, though it is not one that is used or recognized by the executive branch.

Under the executive order on classification, a national security secret need not “materially impact national security.”  It is enough if its unauthorized disclosure could reasonably be expected to cause damage to national security in the judgment of a person who is authorized to classify.  If the authorized classifier’s judgment reflects bias, inertia, erroneous or incomplete information– well, the executive order has nothing to say about that.

The result, Rep. Hunter said in a news release, is that “There’s real classification inflation going on, putting information that should be available to the public out of view and creating a degree of exposure by widening access to sensitive information that should be limited.”

Rep. Hunter also asked GAO to review “the degree to which material is classified in excess of current security procedures,” which is another form of overclassification.  It refers to information that is be classified Top Secret when it should only be classified Secret, for example.

Rep. Hunter asked “Whether narrowing classification requirements would reduce the need for nearly 5 million individuals to hold security clearances, and whether reducing that number would limit security disclosures.”

It stands to reason that less classification would likely entail the need for fewer clearances and that a leaner secrecy and security system would be easier to manage with improved quality control.  But there is no particular reason to suppose that the number of leakers is directly proportional to the number of clearances.

Crucially, Rep. Hunter asked GAO to investigate “if there are accountability systems in place to review agency and employee classification decisions to identify persistent instances of overclassification.”  There aren’t!

While classification guidance is supposed to be reviewed by the classifying agency itself every five years, and there are isolated mechanisms for challenging specific classification decisions, there is no systemic procedure for independent review and correction of classification judgments.  There should be.  (An extended argument for impartial review of classification decisions is here.)

For good measure, Rep. Hunter asked GAO to consider “the degree to which excessive classification harms information sharing” and “the effectiveness of the process to declassify information.”

Though his request letter was broadly framed with respect to classification policy generally, it appears that the GAO response will focus on classification activity within the Department of Defense.  Rep. Hunter is a member of the House Armed Services Committee and Rep. Roby is a HASC subcommittee chair, and so DoD secrecy policy is clearly within their jurisdiction.

The unauthorized disclosures of classified information by Edward Snowden have presented numerous important issues of public policy.  Is bulk collection of telephone and email records an acceptable practice, or should it be categorically proscribed?  How did congressional oversight fail to accurately gauge and to effectively represent conflicted public sentiment concerning domestic surveillance?  What is to be done with the Foreign Intelligence Surveillance Court?

But Rep. Hunter identified secrecy policy as a deeper systemic problem that also requires a constructive response.  With the GAO’s new engagement, and with the ongoing work of agency Inspectors General under the Reducing Over-classification Act, secrecy policy is now receiving some long overdue attention that may yet yield corrective action.

The pending GAO review of secrecy policy was previously reported in “Manning, Snowden Trigger First-of-its-Kind Secrecy Review” by Shane Harris, Foreign Policy, July 31;  “‘Classification inflation’ at Pentagon under investigation: GAO” by Shaun Waterman, Washington Times, July 31;  “Too many classified papers at Pentagon? Time for a secrecy audit” by Anna Mulrine, Christian Science Monitor, August 2.

Marine Corps Commandant Gen. James Amos exercised “unlawful command influence” in an attempt to punish Marines who allegedly urinated on enemy corpses in Afghanistan in 2011, attorneys for the Marine defendants said.  And then Gen. Amos improperly classified information in an effort to conceal his own misconduct, the attorneys said.

“The evidence shows that the CMC [Commandant, Marine Corps] could not resist the temptation and decided to further the concealment of his unlawful intentions by ordering…, without proper authority or basis, the imposition of a secret classification upon the testimony and materials disclosed by the previously unclassified investigations of the alleged desecration cases,” defense attorneys said in a motion filed last week.

It’s a sordid story all around. What makes it interesting here is that a Marine Corps official warned in 2012 that the classification action was a mistake that could backfire against the Marine Corps if it ever became public.

“If this goes to the next level of administration or judicial action, there are some additional considerations that a lawyer, versed in classification issues, might be able to use to shoot holes in our whole process and bring the whole decision making process into question,” wrote William Potts in an internal email quoted in last week’s motion.

Improbably enough, he then cited the FAS Project on Government Secrecy and me (at page 19). A potential court-martial of the defendants would “spread us all over the media; would probably get Steven Aftergood, Project on Government Secrecy, involved…. He’d make us look silly if he supported a defense contention that the video was improperly classified.”

There is a creaky old saying to the effect that you should not do (or say or write or email) anything “if you wouldn’t want to see it on the front page of the Washington Post.” A similar principle might be applicable in the world of national security classification.  If you couldn’t justify the classification of information to an outside reviewer, then you probably shouldn’t classify it.

Unfortunately, in the normal course of business, there are few occasions on which any official is ever called upon to justify his classification action to an impartial, independent observer.  That’s just not the way the classification system is currently structured.  But it could be.  Increasing the number of opportunities for independently evaluating classification actions would quickly serve to improve the quality and legitimacy of classification activity.

For more background on the Marine Corps case, see these stories in Military Times and CNN.

 

There have been 71 federal judges who have served on the Foreign Intelligence Surveillance Court or the Foreign Intelligence Surveillance Court of Review from 1979 until the present.  A complete list of the Court’s membership, prepared by the Court’s Administrative staff, was obtained by the New York Times.  Although this comprehensive listing was not formally secret, neither had it been previously been made publicly available.  A copy is posted here.

Under the Foreign Intelligence Surveillance Act, appointments to the Court are made by the Chief Justice of the United States. An analysis of the Court’s membership by the New York Times found that during the tenure of Chief Justice John G. Roberts Jr., a higher number of Republican judges had been appointed than in the past — 10 of the current 11 members, compared to 66% under previous Chief Justices — as well as a higher number of judges who had once worked for the federal government — 50% versus 39% in the past. See “Roberts’s Picks Reshaping Secret Surveillance Court” by Charlie Savage, New York Times, July 25.

The premise of the story is that Chief Justice Roberts’s selection pattern is not merely a statistical curiosity but that it has altered the performance of the court, or “reshaped” it, to favor the executive branch.  The Times does not directly embrace this view, but attributes it to “critics,” including Sen. Richard Blumenthal (D-CT), who is proposing legislation to change the way the Court’s members are appointed.

“Viewing this data, people with responsibility for national security ought to be very concerned about the impression and appearance, if not the reality, of bias — for favoring the executive branch in its applications for warrants and other action,” Senator Blumenthal told the Times.

But the claim that Chief Justice Roberts’s appointments have “reshaped” the Court to favor the executive branch in applications for warrants does not withstand a moment’s scrutiny.  That’s because the Court’s approval rate has always hovered near 100% — both before and after the Roberts era. No discernable reshaping has occurred.

In fact, based on the available data, one could perhaps say that the Court has exercised greater scrutiny lately than it once did. In 1979, in the Court’s very first year of operation, all applications for surveillance were approved without modification.  In 2012, the most recent year, no applications were denied outright, but 40 of them were modified by the Court.

A more substantial concern is that the function of the FISA Court has expanded in the past decade beyond the routine consideration of surveillance applications, and now extends to the secret interpretation of government authorities under the law.  This is indeed an area when ideological predispositions could manifest themselves in reshaping the applicable law.

Whether that has actually happened is impossible to ascertain since most of the Court’s opinions, including those that the Court itself has deemed “significant legal interpretations,” remain classified and unavailable.

But the notion that the behavior of FISA Court judges can be reliably inferred from the political party of the President that appointed them, or from their past service in the executive branch, is cynical and vaguely insulting.

The Times names Judge Reggie B. Walton as one of the current Court members appointed by Justice Roberts who previously served in the executive branch (working “on drug and crime issues for the White House”) and who is therefore purportedly more likely to defer to the interests of the executive.

But the suggestion that Judge Walton has been unduly deferential to executive authority is not borne out by his record.  Years ago I filed a Freedom of Information Act lawsuit against the National Reconnaissance Office that was heard by Judge Walton. I was seeking agency budget information that the NRO refused to provide, withholding it under an intelligence agency exemption for “operational files.”  It was a dispute between a multi-billion dollar agency and an individual plaintiff (me) who was not even represented by an attorney.  This was a perfect opportunity for a judge to display deference to an executive branch intelligence agency, particularly since there was no conceivable ideological or political incentive for the court to rule in my favor. But instead, Judge Walton denied the NRO’s motion to dismiss the case, and he granted my motion to compel disclosure of the requested budget information. It was not the outcome that a cynic would have predicted.

My experience with Judge Walton may be exceptional.  Or maybe not.  One of the academic studies linked from the Times article to support the proposition that judges appointed by Republicans are more likely to rule in favor of the government actually reported that “even in the most controversial cases, Republican and Democratic appointees agree more than they disagree.”

The practical lesson is that to focus on the membership of the FISA Court is probably not the best way to regulate the Court’s conduct or to affect its performance.  Assuming that there is only a limited amount of political energy available for addressing FISA policy, efforts to reform the Court would more profitably be directed toward declassification of Court decisions, and reconsideration of the statutory framework that the Court operates within.

An amendment to prohibit intelligence agencies from performing bulk collection of records such as telephone metadata was narrowly defeated in the House of Representatives yesterday by a vote of 205-217.

Although the amendment by Rep. Justin Amash (R-MI) was not adopted, its near-passage on a bipartisan basis signaled an extraordinary loss of congressional support for the national security establishment and for the bulk collection of records revealed by Edward Snowden in particular. It is doubtful that any intelligence program can continue for long with 49% of House members opposed to it.

The House debate had a certain theatrical quality because it reflected divergent value judgments more than opposing factual claims.

For proponents of the intelligence program, which is conducted under Section 215 of the Patriot Act, it is a lawful and constitutional effort.  In itself, they insist, the collection of telephone records by the government no more involves “spying” on Americans than does the collection of such records by the telephone company– which is to say, not at all. And the program has been justified, they say, by its success in detecting and preventing terrorist attacks.

To opponents of the program, however, intelligence collection of records concerning private persons who are not suspected of any crime is an impermissible infringement on the Fourth Amendment. Opponents also disbelieve that the program has contributed significantly to combating terrorism, or else they would implicitly forego any additional margin of security that it provides. Moreover, they say, the bulk collection of records deviates from the language and the intent of the law.

Even in victory, supporters of the current program do not believe the matter is settled.  Rep. Mike Rogers, the chairman of the House Intelligence Committee and a principal defender of the existing program, said he would consider further proposals to mitigate privacy concerns.

“I will pledge to each one of you today and give you my word that this fall, when we do the Intel authorization bill, that we will work to find additional privacy protections with this program,” he said.

A national policy on “insider threats” was developed by the Obama Administration in order to protect against actions by government employees who would harm the security of the nation.  But under the rubric of insider threats, the policy subsumes the seemingly disparate acts of spies, terrorists, and those who leak classified information.

The insider threat is defined as “the threat that an insider will use his/her authorized access, wittingly or unwittingly, to do harm to the security of the United States.  This threat can include damage to the United States through espionage, terrorism, [or] unauthorized disclosure of national security information,” according to the newly disclosed National Insider Threat Policy, issued in November 2012.

One of the implications of aggregating spies, terrorists and leakers in a single category is that the nation’s spy-hunters and counterterrorism specialists can now be trained upon those who are suspected of leaking classified information.

The National Insider Threat Policy directs agencies to “leverag[e] counterintelligence (CI), security, information assurance, and other relevant functions and resources to identify and counter the insider threat.”

“Agency heads shall ensure personnel assigned to the insider threat program are fully trained in… counterintelligence and security fundamentals….”

Agency heads are directed to grant insider threat program personnel access to “all relevant databases and files” needed to identify, analyze, and resolve insider threat matters.

The National Insider Threat Policy was developed by the Insider Threat Task Force that was established in 2011 by executive order 13587.  The Policy document itself was issued by the White House via Presidential Memorandum on November 21, 2012 but it was not publicly released until last week.

The document was disclosed by the National Counterintelligence Executive (NCIX) after it was independently obtained and reported by Jonathan Landay and Marisa Taylor of McClatchy Newspapers. (“Obama’s crackdown views leaks as aiding enemies of U.S.,” June 20, 2013).

“The National Insider Threat Policy policy is intended to provide direction and guidance to promote the development of effective insider threat programs within departments and agencies to deter, detect, and mitigate actions by employees who may represent a threat to national security,” according to NCIX.

Among the activities mandated by the National Insider Threat Policy is the routine monitoring of user activity on classified government computer networks. “This refers to audit data collection strategies for insider threat detection, leveraging hardware and/or software with triggers deployed on classified networks to detect, monitor, and analyze anomalous user behavior for indicators of misuse.”

But a different sort of approach to combating leaks — an approach not represented in the Insider Threat Policy — would require an ongoing critical examination of the scope and application of official secrecy.  This view was articulated by the late Senator Daniel P. Moynihan when he said “If you want a secret respected, see that it’s respectable in the first place.”

“The best way to ensure that secrecy is respected, and that the most important secrets remain secret,” Sen. Moynihan said, “is for secrecy to be returned to its limited but necessary role. Secrets can be protected more effectively if secrecy is reduced overall.”

In response to an October 2012 presidential directive on “protecting whistleblowers with access to classified information,” the Department of Defense and the Department of Energy have produced their implementing policies.  These would generally prohibit retaliation against individuals who make “protected disclosures” of information to an authorized recipient.

The intelligence community may be retreating from its vision of a uniform community-wide information technology architecture, and may permit individual agencies to retain their “native agency system domain,” reports Bob Brewin in NextGov.  See “Intelligence Community Backs Off Information Sharing,” July 15

The lagging development of the Internet in Africa and its consequences were discussed in “The Emergence of the Internet and Africa” by Les Cottrell, SLAC National Accelerator Laboratory, May 13, 2013

The transcript of the July 9 public meeting of the Privacy and Civil Liberties Oversight Board is now posted here.

 

The inspector general of each executive branch agency that classifies national security information is required to produce an evaluation of the agency’s classification program by the end of September, pursuant to the Reducing Over-classification Act of 2010.  The goal of the reviews is to identify policies and procedures “that may be contributing to persistent misclassification of material.”

This is not a straightforward assignment because classification is not a purely objective process that lends itself to external validation;  rather, it is an expression of presidentially-delegated authority.  And if proper classification is a matter of judgment, then so is overclassification.

“Classifying and controlling the dissemination of information is an inherently subjective process,” said the Department of Defense Office of Inspector General, which prepared guidance earlier this year for other agencies’ inspectors general to help them conduct the required classification reviews.

“Key terminology, such as ‘over-classification’ and ‘damage to national security’ has not been defined [by executive order or regulation], causing those determinations to be made by personnel in the Departments and Agencies,” the DoD IG guidance observed.

But having achieved this insight, the DoD IG guidance does not consider those subjective “determinations” any further. Instead, it retreats into matters can be objectively assessed and measured, focusing on the faithful implementation of the executive order’s requirements.  This is not a useless exercise, but if that is as far as the IG evaluations go, they will not have grasped the root of the problem.

The essence of over-classification is not located in mistaken markings of documents or in non-compliance with the formal procedures of the executive order.  It is to be found above all in an official’s subjective “determination” that classification is necessary.  Thus, for example, when an agency’s classification judgment is overruled by the Interagency Security Classification Appeals Panel — which happens with some frequency — it is not because of an error in procedure but because of an error in judgment.

But the official DoD guidance that has been provided for conducting the pending Inspector General reviews is not well suited for identifying (much less correcting) such errors in classification judgment.  That would require something akin to a peer review process that would evaluate individual classification decisions on their national security merits and, if appropriate, flag them for revision.  Unfortunately, a probing review of this sort does not seem to be on the agenda of the Inspectors General.

On June 21, the Director of National Intelligence issued an updated version of Intelligence Community Directive 710 on Classification Management.  The revised Directive somewhat belatedly reflects the requirements of the December 2009 executive order 13526 on classification policy.

So the forthcoming Inspector General review will be able to confirm that intelligence community classification guidance is now consistent with executive branch policy.  But whether over-classification has thereby been reduced in the slightest is a separate question.

Recent disclosures of NSA collection of records of US telephone and email traffic have some unfortunate parallels and precedents in the early history of the Agency that were thought to have been repudiated forever.

“After World War II, the National Security Agency (NSA) established and directed three programs that deliberately targeted American citizens’ private communications,” wrote Army signals intelligence officer Major Dave Owen in a paper published late last year in an Army intelligence journal.

The three programs were Project SHAMROCK (1945 to 1975), which collected telegraph communications;  Project MINARET (1960 to 1973), which functioned as a watch list for terms, names and references of interest;  and Drug Watch Lists (1970 to 1973), which focused on communications of individuals and organizations believed to be associated with illegal drug traffic.  Information about these programs first became public in the 1970s upon investigation by the U.S. Senate Select Committee to Study Governmental Operations with respect to Intelligence Activities, known as the Church Committee.

A capsule summary of the three programs was presented by Major Owen in A Review of Intelligence Oversight Failure: NSA Programs that Affected Americans, which was published in the October-December 2012 issue of Military Intelligence Professional Bulletin.

Major Owen writes that the work of the Church Committee “led to legal restrictions on the NSA’s foreign intelligence authorities, as well as robust intelligence oversight processes to ensure that NSA continued to adhere to these legal restrictions.”

But then he makes an assertion that, in light of recent revelations, can only be viewed as disingenuous or uninformed:

“These [oversight] processes have formed and continuously reinforce an NSA culture that is extremely adverse to any issue that may be construed as collecting on American citizens.”

Major Owen admits vaguely that “this culture has shifted slightly over the last decade.”  But what reader would have imagined that it could possibly extend to the collection of call records and email metadata generated by nearly every American citizen?

“In our view, the bulk collection and aggregation of Americans’ phone records has a significant impact on Americans’ privacy,” wrote Senators Ron Wyden, Mark Udall and numerous Senate colleagues in a June 27 letter to the Director of National Intelligence.

The secret bulk collection of American communication records was, among other things, a colossal error in classification judgment as well as a historic failure of intelligence oversight.

If a fair account of these intelligence collection programs “had been told to the American public at the time when Congress was debating what the scope of surveillance powers should be, it might well be that we would have less public distrust of the government, and maybe even Snowden wouldn’t have done what he did,” said Kate Martin of the Center for National Security Studies at a forum held at the Newseum on June 26.

“The American people shouldn’t be treated as idiots,” she said.

In 2007, Congress passed legislation to grant the Director of National Intelligence “new authority to conduct accountability reviews of significant failures or deficiencies with the Intelligence Community.”  Up to now, however, that authority has never been exercised.

In 2011, the DNI issued Intelligence Community Directive (ICD) 111 on “Accountability Reviews.” That recently disclosed Directive “establishes policy and procedures governing the conduct of such reviews.”

“It is essential that alleged failures or deficiencies involving an IC element or senior IC personnel in the management or execution of IC missions be carefully reviewed and fully resolved,” DNI James R. Clapper wrote in ICD 111.

But in response to a query about how many accountability reviews have been conducted, and on which topics, Michael G. Birmingham of the Office of the Director of National Intelligence this week said that “There have been no accountability reviews conducted under the authorities in ICD 111.”

The Senate Intelligence Committee said in 2007 that the authority to perform accountability reviews was justified by a perceived lack of internal accountability for intelligence failures.

“This enhancement to the authority of the Director of National Intelligence is warranted given the apparent reluctance of various elements of the Intelligence Community to hold their agencies or personnel accountable for significant failures or deficiencies,” according to the Senate Intelligence Committee report on the FY 2008 Intelligence Authorization Act (section 401, p. 16).

“Recent history provides several examples of serious failures to adhere to sound analytic tradecraft,” the Committee report said. “In its reviews of both the September 11, 2001 terrorist attacks and the faulty Iraq prewar assessments on weapons of mass destruction, the Committee found specific examples of these failures yet no one within the Intelligence Community has been held accountable. Other examples of a lack of accountability within the Intelligence Community can be found by examining the history of certain major system acquisition programs. Despite clear management failures that resulted in significant cost overruns and unreasonable scheduling delays, these programs continue to stumble along without any imposition of accountability.”

“The Committee hopes that this modest increase in the Director of National Intelligence’s authorities will encourage elements within the Intelligence Community to put their houses in order by imposing accountability for significant failures and deficiencies,” the Senate Committee report said.

The measure was passed by both houses of Congress as section 408 of the FY 2008 Intelligence Authorization Act. Though that bill was vetoed by the President, the provision on accountability reviews was later enacted into law as Section 102A(f)(7) of the National Security Act.

The ICD stated that accountability reviews would not be conducted (“except in extraordinary circumstances”) or would be deferred whenever the same issues were under review by law enforcement, inspectors general or other investigative bodies.

Earlier this month, the Director of National Intelligence issued another Intelligence Community Directive on the subject of Outside Employment.  ICD 117, dated 09 June 2013, implements a statutory requirement “prohibiting IC personnel from engaging in outside employment if such employment creates a conflict of interest or the appearance thereof.”

The creation of new national security secrets dropped sharply in 2012, recently released government data show.  While the proper boundaries of official secrecy remain a matter of intense dispute, the secrecy system itself is showing surprising new signs of restraint and even contraction.

In 2012, the number of original classification decisions, or decisions to classify new information, decreased by 42 percent from the year before to 73,477, according to the latest annual report from the Information Security Oversight Office (ISOO).  This was the lowest reported level of new classification activity since at least 1989 and possibly longer.

Meanwhile, the number of executive branch officials who are authorized to generate new classified information also dropped last year to a record low of 2,326, the ISOO report said.

The 2012 ISOO Annual Report was transmitted to the President by ISOO Director John P. Fitzpatrick on June 20.

Significantly, the reductions in new secrecy activity are not considered to be a statistical fluke or within the range of normal variability but appear to be the consequence of deliberate policy choices, the ISOO Report said.

“A large part of this decrease [in original classification activity] can be attributed to the Fundamental Classification Guidance Review process and the appropriate recording of classification decisions in security classification guides,” according to ISOO.

The Fundamental Classification Guidance Review was a systematic examination of all government classification instructions that took place between 2010 and 2012 in an effort to validate current classification guidance and to eliminate obsolete or unnecessary secrecy requirements.

The argument for a fundamental review of classification policy was presented in a 2009 paper I wrote on “Reducing Government Secrecy: Finding What Works,” Yale Law & Policy Review, Spring 2009. That paper documented the failure of most classification reform initiatives over the past half century to reduce government secrecy, but also noted that some such initiatives had not failed. The Department of Energy’s Fundamental Classification Policy Review during the 1990s had been a notable success and, it was suggested, could serve as a template for a broader government-wide reconsideration of classification policy.

This proposal was briefed to the National Security Staff in July 2009, and was incorporated in President Obama’s December 2009 executive order 13526, although in attenuated form.  Unlike the earlier review done by the Energy Department, the Obama Fundamental Review did not provide for public comment at the beginning and before the end of the process, nor did it bring to bear (as it was supposed to) “the broadest possible range of perspectives” to critique current classification policy.  So the resulting reductions in secrecy are attenuated correspondingly.

Nevertheless, the newly reported data on reductions in original classification provide evidence that the secrecy system is not an autonomous entity beyond effective control, as might have been supposed, but that it can be modified and constrained by using the levers of public policy.

Other data reported in the new ISOO annual report indicate that classification error correction mechanisms are at least partially functional.

During 2012, government employees filed 402 internal classification challenges disputing the classification of particular items of information.  While the current classification status was affirmed in two-thirds of those cases, classification of the information was overturned in whole or in part in one-third of them.

Appeals of mandatory declassification review requests that had been denied by agencies also received a favorable reception in many cases from the Interagency Security Classification Appeals Panel.  Out of 163 documents considered by the Panel last year, prior agency classification decisions were fully affirmed in only 8 percent of the cases, while 39 percent of the documents were fully declassified at the direction of the Panel and 53 percent were partially declassified.

While all of this is quite encouraging, it does not mean that all is well in the classification system.

Derivative classification, or the application of previous classification decisions to new documents, increased by 3% to a new high of more than 95 million classification actions. (One would have expected the Fundamental Classification Guidance Review to have had greater impact on derivative classification — since it is based on the newly reviewed guidance — than it did on original classification, but that’s not what happened.)

The declassification process remains slow, cumbersome and predicated on an absolute risk avoidance standard that is simply unworkable.  Incredibly, the President’s directive to process the backlog of 25 year old historically valuable document for declassification and public release by December 2013 will apparently not be achieved, although the new ISOO report somehow neglects to mention this.

Nor has the problem of overclassification been solved.  Many classification decisions are still excluded from critical scrutiny and instances of overclassification are not hard to find. For example, the ISOO annual report states that although most agencies’ information security costs are public information, the estimated costs of security incurred by intelligence agencies are nevertheless classified, as in the past, “in accordance with Intelligence Community classification guidance.”  It’s hard to believe that any impartial observer would agree that these cost estimates are properly classified and that their disclosure would cause damage to national security.  (ISOO notes that the suppressed cost estimate is “approximately 20%” of the overall government total.)

Speaking of costs, the total cost of classification-related activities was $9.77 billion in 2012, ISOO noted. Though this figure remains historically high, it is over a billion dollars less than the year before.  In fact, it represents the first annual reduction in secrecy-related expenditures ever reported by ISOO.

Much of the continuing controversy over intelligence surveillance policy revolves around whether the sweeping collection of U.S. telephone data by intelligence agencies violates constitutional norms.  But it is also an occasion to assess the quality of intelligence oversight, and to review the performance of oversight mechanisms in representing the public and defending its interests.

So it was disappointing to read that the Senate Select Committee on Intelligence has blocked its former general counsel, Vicki Divoll, from speaking to Talking Points Memo (TPM) on the record about how the Committee functions.

“TPM was reporting a story based on interviews with members of Congress and current and former aides about the successes and pitfalls of intelligence oversight on Capitol Hill,” wrote Brian Beutler of TPM DC.

“The goal was to answer some basic questions for readers: How does a classified process differ from public oversight? What challenges do the combination of government secrecy, classified briefings, and strict committee protocols present to legislators trying to control the nation’s sprawling intelligence apparatus?”

A Committee spokesman told TPM that this kind of information was “committee sensitive” and that therefore Ms. Divoll’s remarks on the subject should not be made public.  See “Senate Intel Committee Blocks Former Staffer From Talking To Press About Oversight Process,” June 18.

In an earlier era — twenty years ago — it was still possible for a staff member of the Senate Intelligence Committee to speak candidly in public about the strengths and weaknesses of intelligence oversight.

The intelligence oversight process is constrained by size, time, personnel and secrecy, wrote Mary K. Sturtevant in 1992, when she was a Senate Intelligence Committee staffer.

“Because of the classified nature of the programs we review, we are especially reliant on information provided by the very Community we hope to oversee,” she wrote. “We lack alternative sources of information and points of view on intelligence budget requests, as there are few constituents with legitimate access to intelligence programs who wish to bring information forward to the Committees.”

“The fact that these programs are highly classified imposes an extra burden on already busy Senators because they must, as a practical matter, either come to the Committee staff or hearing spaces to review classified information, or read it in their offices in the presence of one of the Committee’s security staff. They might also be orally briefed in their offices or during Committee hearings by their designees or other Committee staff, but frequently this is on the fly and without benefit of note-taking.”

“Also, the arcane, often technical subject matter keeps all but the most persistent senators from delving into the details of intelligence programs where I am reliably told the devil resides. The net result of this situation is that this handful of Congressional budget staff end up providing most of the detailed recommendations — to eliminate, cut, increase, or even create programs — that are decided by Committee Members during mark-up of the Intelligence Authorization bill.”

“Although we occasionally hear the charge of ‘micromanagement,’ we always shake our heads in wonder that this could be so. In toto, we are perhaps one dozen or so full-time budget staff supporting the Intelligence Authorization and Appropriations Committees of both the House and the Senate reviewing activities conducted by tens of thousands of civilian and military personnel and programs valued in the multiple billions of dollars.”

“For better or for worse, the way budgets are put together and presented to Congress places the small number of new and on-going initiatives — those ideas most likely to reflect needed changes in direction — under the microscope of Congressional attention, while the great majority of continuing, or ‘base,’ programs, go unscrutinized.”

And so forth.  While much has changed in intelligence and oversight in the past twenty years, some of the enduring difficulties of overseeing secret government operations are frankly acknowledged in Ms. Sturtevant’s article.  See “Congressional Oversight of Intelligence: One Perspective,” American Intelligence Journal, Summer 1992 (posted with permission of the publisher).

One problematic aspect of congressional oversight of intelligence that is not often addressed is the heavy, disproportionate representation of former intelligence community employees (like Ms. Sturtevant and Ms. Divoll) among the professional staff of the oversight committees.

On one hand, this is perfectly understandable since such former intelligence employees bring much-needed subject matter expertise to the task of oversight, along with an existing security clearance.  On the other hand, they may also possess a narrow, compliant perspective and a set of personal interests that limit their effectiveness, particularly if they ever hope to return to the ranks of their former employers.  Meanwhile, it is hard to think of an intelligence committee staff member who joined the committee following a career devoted to civil liberties, government accountability or personal privacy.

A 2006 report from the Center for American Progress said Congress had failed in its duty to perform effective oversight of intelligence, and that the oversight function needed to be fixed.  See “No Mere Oversight: Congressional Oversight of Intelligence is Broken” by Denis McDonough, Mara Rudman and Peter Rundlet, June 13, 2006.

The lead author of that report, Mr. McDonough, now serves as the White House Chief of Staff.