The U.S. government acknowledges that U.S. military forces were involved in “armed conflict” this year in Libya, but it does not acknowledge that they were engaged in “hostilities.”

Earlier this year, State Department legal advisor Harold H. Koh attempted to parse these distinctions, which have significant legal consequences, and to deflect some pointed questions from members of the Senate Foreign Relations Committee.  His responses to Senators’ questions for the record (pdf) from a June 28 Committee hearing were published last month.  The full hearing volume is here (pdf).

New reports from the Congressional Research Service that have not been made readily available to the public include these (both pdf):

“U.S. Arms Sales: Agreements with and Deliveries to Major Clients, 2003-2010,” December 16, 2011.

“Pakistan: U.S. Foreign Aid Conditions, Restrictions, and Reporting Requirements,” December 15, 2011.

Congress has given the U.S. military a green light to conduct offensive military activities in cyberspace.

“Congress affirms that the Department of Defense has the capability, and upon direction by the President may conduct offensive operations in cyberspace to defend our Nation, allies and interests,” said the FY 2012 defense authorization act that was adopted in conference this week (section 954).

The blanket authorization for offensive cyber operations is conditional on compliance with the law of armed conflict, and the War Powers Resolution, which mandated congressional consultation in decisions to go to war.

“The conferees recognize that because of the evolving nature of cyber warfare, there is a lack of historical precedent for what constitutes traditional military activities in relation to cyber operations and that it is necessary to affirm that such operations may be conducted pursuant to the same policy, principles, and legal regimes that pertain to kinetic capabilities,” the conference report on the defense authorization act said.

“The conferees also recognize that in certain instances, the most effective way to deal with threats and protect U.S. and coalition forces is to undertake offensive military cyber activities, including where the role of the United States Government is not apparent or to be acknowledged.”

“The conferees stress that, as with any use of force, the War Powers Resolution may apply.”

This is an odd formulation which suggests that the War Powers Resolution may also not apply.  In any case, the Resolution is a weak reed that has rarely been used by Congress to constrain executive action.

According to the Congressional Research Service, “Debate continues on whether using the War Powers Resolution is effective as a means of assuring congressional participation in decisions that might get the United States involved in a significant military conflict.”

Update: There’s more from Wired Threat Level and Lawfare.

Congress ordered the Secretary of Defense to establish an information security program for detecting “unauthorized access to, use of, or transmission of classified or controlled unclassified information.”  The provision was included by the FY2012 defense authorization act that was approved in conference this week (section 922).

The insider threat detection program, conceived as a response to WikiLeaks, is intended to “allow for centralized monitoring and detection of unauthorized activities.”  Among other things, it is supposed to employ technology solutions “to prevent the unauthorized export of information from a network or to render such information unusable in the event of the unauthorized export of such information.”

The Congressional action was partially anticipated by President Obama’s executive order 13587 of October 7, 2011, which established new governance procedures for improving the security of classified information.

The new legislation adds some further detail and imposes deadlines for compliance.

In an abrupt reversal, the Central Intelligence Agency said that it will process a Freedom of Information Act request for documents pertaining to the establishment of Open Source Works, the CIA’s in-house open source intelligence organization.

Intelligence historian Jeffrey Richelson had requested the charter of Open Source Works under the Freedom of Information Act, only to be told that the CIA could not confirm or deny the existence (or non-existence) of responsive records.  See “Charter of Open Source Org is Classified, CIA Says,” Secrecy News, December 12.

But Dr. Richelson said that CIA Information and Privacy Coordinator Susan Viscuso called him yesterday to inform him that the request would be processed after all.  The earlier response, she said, was “an administrative error.”

The amount of money that the Pentagon requested for the Military Intelligence Program (MIP) in FY2012 — around $25 billion — is classified and will not be disclosed, the Department of Defense said last week in response to a Freedom of Information Act request for the figure.

The MIP budget request number “is currently and properly classified in accordance with Executive Order 13526 Section 1.4(g) concerning vulnerabilities or capability of systems, installations, infrastructures, projects, plans or protection services relating to the national security,” the December 7 denial letter stated.

The decision to withhold the MIP budget request number is incongruous, considering that the MIP appropriation is unclassified ($24 billion in FY2011).

Not only that, but the amount of money that was requested for the National Intelligence Program (NIP) is unclassified and has been released by the Director of National Intelligence ($55 billion for FY2012).

“No identifiable damage to national security was caused by the release of the NIP budget request figure,” we noted yesterday in an appeal of the initial FOIA denial.

“From a classification policy perspective, there is no substantive difference between the NIP and the MIP.  Each Program involves intelligence sources and methods requiring protection, classified acquisition programs, and other sensitive and properly classified activities.”

“Just as disclosure of the NIP budget request caused no damage to national security, it is clear that disclosure of the MIP budget request would be likewise harmless,” we wrote in the December 13 appeal.

Like other questionable classification choices, the decision to classify the MIP budget request is ripe for reconsideration and correction in the ongoing Fundamental Classification Guidance Review.

We hope that all Secrecy News readers will give generously to charitable causes that help relieve those who are in distress.  After you have done that, we hope you may also contribute to Secrecy News and the work of the FAS Project on Government Secrecy.

As readers know, we do not charge anyone for subscriptions to Secrecy News or for access to the records we collect.  We want to make our work available even to those who can’t or don’t want to pay for it.

But one way or another, we need to pay our bills like everyone else.  And so– this appeal.

If your situation permits, please consider making a tax deductible contribution to the Federation of American Scientists to support Secrecy News.  (Thanks to those who have already done so!)

Donations can be made online here (specify that your donation should be directed to “government secrecy”).  If contributing via Paypal, send us a separate email to let us know you want your contribution allocated to the FAS Project on Government Secrecy.  Checks payable to FAS may also be mailed to:

Secrecy News
Federation of American Scientists
1725 DeSales Street N.W.
6th Floor
Washington D.C. 20036

Updated below

Open Source Works, which is the CIA’s in-house open source analysis component, is devoted to intelligence analysis of unclassified, open source information.  Oddly, however, the directive that established Open Source Works is classified, as is the charter of the organization.  In fact, CIA says the very existence of any such records is a classified fact.

“The CIA can neither confirm nor deny the existence or nonexistence of records responsive to your request,” wrote Susan Viscuso, CIA Information and Privacy Coordinator, in a November 29 response to a Freedom of Information Act request from Jeffrey Richelson of the National Security Archive for the Open Source Works directive and charter.

“The fact of the existence or nonexistence of requested records is currently and properly classified and is intelligence sources and methods information that is protected from disclosure,” Dr. Viscuso wrote.

This is a surprising development since Open Source Works — by definition — does not engage in clandestine collection of intelligence.  Rather, it performs analysis based on unclassified, open source materials.

Thus, according to a November 2010 CIA report, Open Source Works “was charged by the [CIA] Director for Intelligence with drawing on language-trained analysts to mine open-source information for new or alternative insights on intelligence issues. Open Source Works’ products, based only on open source information, do not represent the coordinated views of the Central Intelligence Agency.”

As such, there is no basis for treating Open Source Works as a covert, unacknowledged intelligence organization.  It isn’t one.

(Even if Open Source Works were engaged in classified intelligence analysis, the idea that its charter must necessarily be classified is a non-sequitur.  Illustrating the contrary proposition, the Department of Defense last week issued a new Instruction on “Geospatial Intelligence (GEOINT),” setting forth the policies governing that largely classified intelligence domain.)

Beyond that, it is an interesting question “why the CIA felt the need to establish such a unit given the existence of the DNI Open Source Center,” said Dr. Richelson.  The Open Source Center, the successor to the Foreign Broadcast Information Service, is the U.S. Government’s principal open source agency.  It is, naturally, a publicly acknowledged organization.

“An even more interesting question,” he added, is “why would the CIA, whose DI [Directorate of Intelligence] organization structure is published on its website, feel it necessary to refuse to confirm or deny the existence of this new open source component?”

The CIA’s extreme approach to classification policy is timely in one sense:  It provides a convenient benchmark for evaluating current progress in combating overclassification.

If the charter of CIA’s Open Source Works remains classified six months from now, when the Obama Administration’s Fundamental Classification Guidance Review will have completed its first cycle, that will be a decisive indication that the Review failed to eliminate even the most blatant examples of overclassification.

Update: On December 13, the CIA informed Dr. Richelson that its response to his FOIA request was “an administrative error,” and that the request would be processed.

There are more than 50 federal statutes that pertain to some aspect of cybersecurity, according to the Congressional Research Service. Those statutes, and the potential impact on them of several pending legislative proposals, are described in a new CRS report.  See “Federal Laws Relating to Cybersecurity: Discussion of Proposed Revisions,” December 7, 2011.

The U.S. State Department insists that the publication of many thousands of classified diplomatic cables by WikiLeaks does not alter their classification status.  In response to a Freedom of Information Act lawsuit filed by the American Civil Liberties Union for 23 of the cables, the Department of State this week released redacted versions of 11 of them and withheld the other 12 in their entirety — even though the full text of all of them is readily available online.

In principle, the question of whether unauthorized disclosure of classified information is tantamount to declassification of that information is not new, although the WikiLeaks case presents it with new force.  The government has always contended, and courts have generally accepted, that unauthorized or unofficial disclosure does not imply or require declassification.

The “official acknowledgment by an authoritative source” of information that is already in the public domain adds a quantum of validity and may itself constitute “new information that could cause damage to the national security” the DC Circuit Court said in Afshar v. Department of State (1983).

Similarly, “there can be a critical difference between official and unofficial disclosures” in the “arena of intelligence and foreign relations,” the DC Circuit said in Fitzgibbon v. CIA (1990).

The Fitzgibbon ruling set forth three conditions that must be met in order for a prior disclosure to overcome a government claim of proper classification and to justify release:   (1) the information requested must be as specific as the information previously released;  (2) the information requested must match the information previously released;  and (3) the information requested must have been previously made public through an official and documented disclosure, i.e. not “leaked.”

Within the FOIA context, this restrictive construct all but shuts the door to an argument that prior public disclosures justify a mandatory release of classified information that has been withheld.  It seems designed to prevent new disclosures, not to enable them.  Without having researched the question in depth, I believe I may be the only FOIA litigant ever to use the Fitzgibbon criteria to compel an agency to disclose information that it wished to withhold.  And even then, I only received what I had already obtained independently.  See “Judge Orders CIA to Disclose 1963 Budget,” Secrecy News, April 5, 2005.

The WikiLeaks disclosures, however, represent a qualitatively new factual scenario because they involve not merely the release of “information” but of actual documents, whose authenticity is not in doubt.

Thus, a Zimbabwe political figure said last week that the Zimbabwe officials who were named in the WikiLeaks cables are like “lice” who will be dealt with at an appropriate time.  (“We will deal with ‘WikiLeaks lice’ appropriately – Sibanda,” Newsday [Harare], November 29, 2011.)  These ominous remarks took for granted that the cables are authentic.  Formal confirmation of their authenticity from the U.S. government at this point could hardly aggravate the situation and would be considered superfluous.

Interestingly, the law does admit the possibility — at least outside of the FOIA context — of an unofficial disclosure that is so widespread that any official acknowledgment becomes redundant and moot.

“One may imagine situations in which information has been so widely circulated and is so generally believed to be true, that confirmation by one in a position to know would add nothing to its weight,” the Fourth Circuit wrote in Alfred A. Knopf Inc. v. William Colby (1975).

But the court did not articulate specific criteria for determining when such imaginary situations had become a reality.  And it said that “appraisals of such situations by the judiciary would present a host of problems and obstacles.”

The Congressional Research Service gained a new Director this week, but it has recently lost several of its most experienced and accomplished analysts.

Librarian of Congress James Billington appointed Mary B. Mazanec to be the new CRS Director of the Congressional Research Service.  She has been serving as acting Director since the retirement of her predecessor, Daniel Mulhollan, last April.

“Dr. Mazanec has advanced degrees in law and medicine and brings a breadth of experience that will be valuable in leading CRS and ensuring that CRS continues to provide comprehensive and objective research and analysis that meets the needs of Members and staff,” the Librarian said in a December 5 news release.

But with the departure of numerous senior staff, CRS is also experiencing deeper changes that will leave it with diminished capacity to provide original analysis and insight to Congress and other would-be consumers.

The CRS Foreign Affairs, Defense and Trade division lost one intelligence policy analyst, Alfred Cumming, earlier this year.  Another, Richard Best, is retiring.  “Those positions will not be filled for the foreseeable future,” according to a CRS official.  Two other positions in the Asia section are also not going to be filled, the official said, due to budget constraints.

Last month, CRS Specialist Frederick M. Kaiser, author of hundreds of studies on government secrecy, congressional oversight and related issues, retired after more than three decades at CRS.  His expertise and his institutional memory could not be easily replaced even if there were a will and a budget to do so.  Senator Daniel Akaka (D-HI) paid tribute to Mr. Kaiser this week in the Congressional Record.

Bruce Bartlett, a conservative libertarian who is a former congressional staffer and Reagan Administration official, contended recently that congressional support agencies — such as CBO, GAO, CRS and, earlier, OTA — had been deliberately targeted by some Republican leaders.  As centers of nonpartisan analysis and evaluation, he said, these agencies are perceived by some as an obstacle to ideological control of congressional debate that must be weakened or eliminated. (“Gingrich and the Destruction of Congressional Expertise,” New York Times Economix blog, November 29, 2011.)

“It is essential that Congress not cripple what is left of its in-house expertise,” he wrote.

A new report from the Congressional Research Service explores ongoing legal debates over the tracking of private cell phones and vehicles by law enforcement agencies.

“It is undeniable that… advances in technology threaten to diminish privacy,” the CRS report says.  “Law enforcement’s use of cell phones and GPS devices to track an individual’s movements brings into sharp relief the challenge of reconciling technology, privacy, and law.”

The 22 page CRS report provides a survey of relevant Fourth Amendment law, federal electronic surveillance statutes and case law, pending GPS-vehicle tracking cases, and electronic surveillance legislation that is before Congress.

“The primary debate surrounding cell phone and GPS tracking is not whether they are permitted by statute but rather what legal standard should apply: probable cause, reasonable suspicion, or something less,” the report says.

A copy of the CRS report was obtained by Secrecy News.  See “Governmental Tracking of Cell Phones and Vehicles: The Confluence of Privacy, Technology, and Law,” December 1, 2011.