William J. Bosanko, the director of the Information Security Oversight Office (ISOO), has been appointed to lead a new organization at the National Archives called Agency Services.  In that capacity, he will “lead the National Archives efforts to service the records management needs of Federal agencies, and represent the public’s interest in the accountability and transparency of these records,” said Archivist of the United States David S. Ferriero in a news release yesterday.

As the new Executive for Agency Services, Mr. Bosanko will be responsible for several existing Archives components, including Records Management Policy & Oversight, the Federal Records Center Program, the Office of Government Information Services, the National Declassification Center, and ISOO.  It is a large and important portfolio, and the appointment reflects the high regard in which Mr. Bosanko is held inside and outside of government.

But it also means that he will no longer be the Director of ISOO.  Although he will now be the ISOO Director’s superior, he will no longer possess the Director’s classification oversight authorities and responsibilities, which derive from an executive order.

A new ISOO Director will have to be chosen and put in place.  At a time of profound transformation of the classification system (one may still hope), the transfer of leadership at ISOO could create some worrisome instability.

“I have committed 12 years to ISOO and believe deeply in its mission,” Mr. Bosanko said.  “Please know that I will do my best to look out for it in my new role.”

Dozens of public interest groups wrote to the Librarian of Congress last week to urge him to appoint a new Director of the Congressional Research Service who would work with Congress to promote public access to CRS reports.

“The public needs access to these non-confidential CRS reports in order to discharge their civic duties,” the letter (pdf) stated. “American taxpayers spend over $100 million a year to fund the CRS, which generates detailed reports relevant to current political events for lawmakers. But while the reports are non-classified, and play a critical role in our legislative process, they have never been made available in a consistent and official way to members of the public.”

There are several large collections of CRS reports that have been placed online by public interest groups, including the Federation of American Scientists.  But Congress has prohibited CRS from providing its products directly to the public.  And the current CRS director, Daniel Mulhollan, who is retiring in the next few weeks, has actively supported that non-disclosure policy.

What has happened under Mr. Mulhollan’s tenure is that CRS reports have been commodified.  Instead of being made freely available to the public, they are marketed by vendors.  A typical ten-page report may be sold for as much as $29.95 ($19.95 for students!).  Mr. Mulhollan has produced a litany of arguments (pdf) against public distribution of CRS reports, but all of them are mooted by the simple fact that the reports are distributed anyway– for a fee.

The appointment of a new CRS Director will be an opportunity to chart a new, more sensible course for the congressional support agency, to include free public distribution of non-confidential reports.

Some noteworthy new CRS reports include the following (all pdf).

“U.S. Response to the Global Threat of Tuberculosis: Basic Facts,” February 22, 2011.

“U.S. Response to the Global Threat of Malaria: Basic Facts,” February 22, 2011.

“U.S. Response to the Global Threat of HIV/AIDS: Basic Facts,” February 22, 2011.

Millions of feet of film of historical imagery from intelligence satellites may be declassified this year, the National Geospatial-Intelligence Agency (NGA) said.

“The NGA is anticipating the potential declassification of significant amounts of film-based imagery… in 2011,” according to an NGA announcement that solicited contractor interest in converting the declassified film into digital format.  It was published in Federal Business Opportunities on February 14, 2011.  A copy is posted here (pdf).

For planning purposes, the NGA told potential contractors to assume the need to digitize “approximately 4 million linear feet of film up to approximately 7 inches in width.”  The imagery is “stored on 500 foot spools, with many frames up to several feet in length.”  A nominal start date of October 1, 2011 was specified for the digitization project.

The NGA announcement also suggested that the winning contractor would “retain rights to distribute declassified imagery and recoup investment, for a specified period of time (negotiable).”  This would be problematic if it implied that the contractor had exclusive access to the declassified film and could prevent others from digitizing selected portions of it.

The declassification of historical intelligence satellite imagery has been largely dormant for many years.  President Clinton’s 1995 executive order 12951 promised a periodic review of classified imagery “with the objective of making  available to the public as much imagery as possible consistent with the interests of national defense and foreign policy.”  In particular, a review of obsolete film-return systems, such as the KH-8 GAMBIT and the KH-9 HEXAGON, was to be completed within five years.  This was not done, or produced no results if it was done.

During her confirmation process to become Principal Deputy Director of National Intelligence, Stephanie O’Sullivan recently noted the existence of an ODNI effort that started last year “to reinvigorate the declassification of imagery for public release.”  (“Nomination Sheds New Light on Intel Policy,” Secrecy News, February 22, 2011).

The awkwardness of using the Espionage Act to penalize the unauthorized disclosure of classified information to the press is again becoming apparent in the case of Jeffrey A. Sterling, a former CIA officer who was indicted last December in one of the several leak cases that are now underway.

An initial difficulty for the prosecution is that the espionage statute cited against Mr. Sterling (18 USC 793) concerns the protection of “national defense information.”  It does not mention “classified information.”  The two terms are not synonymous.

“The fact that the information at issue may be classified is not conclusive and is insufficient to carry the [prosecution’s] burden of proving [unauthorized disclosure of] ‘national defense information’,” the defense argued (pdf) in one of a remarkably robust series of motions for dismissal that were filed last week on behalf of Mr. Sterling.

In other words, it is quite possible for information to be classified without it qualifying as “national defense information” for purposes of the Espionage Act.  Classified diplomatic or law enforcement information, for example, would generally be outside the scope of “national defense information,” as would some types of classified intelligence information.  (On the other hand, it is also conceivable that some information that is formally unclassified could nevertheless be “national defense information” which is protected by the statute.)

Although the text of the Indictment of Mr. Sterling labels the Counts against him as “Unauthorized Disclosure of Classified Information,” “Unauthorized Retention of Classified Information,” and so forth, those actions are not what the statute prohibits, the defense accurately noted:

“A brief review of cases brought under 18 USC 793 demonstrates that prosecution for the alleged oral disclosure of ‘national defense information’ is not common which may be why the Indictment incorrectly lists these charges as classified information disclosures.”

Furthermore, the defense said it “reserves the right to challenge the constitutionality of 18 USC 793 as applied in this case.”  But previous challenges to the constitutionality of the statute have not been successful.

The defense motion for a “bill of particulars” also revealed that the government had gathered telephone, credit card and bank records of New York Times reporter James Risen, the presumed recipient of Mr. Sterling’s alleged disclosures. This was first reported by Josh Gerstein in “Feds spy on reporter in leak probe,” Politico, February 25.  See also Marcy Wheeler’s commentary.

The Obama Administration has taken several initial steps to modernize the national security classification system and to combat overclassification.  But those halting efforts are being undermined by the Department of Defense, which is not implementing the President’s policy.

DoD, which is the government’s largest producer of classified information, has failed to update its internal regulation on information security, despite a specific Presidential directive to do so.  The result is that military components today are following old, incomplete and misleading guidance on classification policy.

For example, one such component, U.S. Transportation Command (TRANSCOM), said on February 20 that it was unaware of a current requirement to update and correct its classification guidance.  It had “no records” pertaining to the performance of a Fundamental Classification Guidance Review, which was required by President Obama’s Executive Order 13526.  Why?  Because, it said, “no Review was required [by] DoD 5200.1-R,” the Pentagon’s regulation on information security (pdf).

This is a startling misunderstanding and a grievous lapse of responsibility on the part of the Pentagon. The reason that TRANSCOM is unaware of the new requirement to perform a Fundamental Classification Guidance Review is that DoD’s internal regulation 5200-1.R on classification policy has not been updated since January 1997!  In effect, DoD has been blocking the transmission of the President’s instructions to classifiers and declassifiers in the field.

This in itself is an act of defiance, particularly since the President himself ordered senior agency officials to prepare new classification policy regulations.  “Such regulations shall be issued in final form within 180 days of ISOO’s publication of its implementing directive for the order,” President Obama wrote in his December 29, 2009 memorandum that accompanied the issuance of Executive Order 13526.

The Information Security Oversight Office (ISOO) did publish its implementing directive (pdf) for the Executive Order on June 28, 2010.  Therefore, agencies officials were obliged to complete their implementing regulations 180 days later, by the end of December 2010.  At the Pentagon, officials failed to comply.

“The promulgation of implementing regulations for [President Obama’s] E.O. 13526… is not an optional activity,” said William J. Bosanko, director of the Information Security Oversight Office, which oversees the classification system.

“Such regulations serve as the foundation for the implementation of the Order at each agency,” he explained.  “Failure to update regulations in a timely manner impedes the implementation of the President’s direction and risks undermining the confidence in the classification system.  It also places classified information at needless risk and otherwise makes it difficult to hold accountable those who fail to meet their responsibilities.”

“How can we expect personnel to properly classify, safeguard, and declassify national security information if we do not provide them with the ‘rules’?  How can we maintain the trust of the American people and our State, local, tribal, private sector, and foreign partners if we don’t even comply with the most basic requirements ourselves?”

Mr. Bosanko said that ISOO was pressing for agency compliance with the requirements of the executive order.  He said the status of such compliance would be addressed in the forthcoming FY 2010 ISOO Report to the President.

Meanwhile, throughout the Department of Defense, officials are diligently following the wrong instructions. According to the DoD directives website, the 1997 regulation 5200-1.R — with all of its outdated guidance — is currently one of the top five most frequently downloaded DoD publications.

The implications of a shutdown of the federal government due to funding gaps are discussed in a newly updated report (pdf) from the Congressional Research Service.

“Failure of the President and Congress to reach agreement on interim or full-year funding measures occasionally has caused government shutdowns, the longest of which lasted 21 days, from December 16, 1995, to January 6, 1996. Government shutdowns have necessitated furloughs of several hundred thousand federal employees, required cessation or reduction of many government activities, and affected numerous sectors of the economy.”

See “Shutdown of the Federal Government: Causes, Processes, and Effects,” February 18, 2011.

See also, relatedly, this CRS report on “Reaching the Debt Limit: Background and Potential Effects on Government Operations,” February 11, 2011.

“The Indian social media scene represents a fast-emerging and influential domain of information exchange involving nearly 60% of the 83 million Internet users in the country,” according to a recent report (pdf) from the DNI Open Source Center.

Indian public attention to social media was galvanized by the November 2008 Mumbai attacks, “when citizens became instant journalists, tweeting from their mobiles what they saw.” It was reinforced by online political activity surrounding the May 2009 national elections. Social media are also employed by commercial enterprises, political dissidents and separatists and almost everybody else.

A copy of the report was obtained by Secrecy News. See “OSC Media Aid: Overview of Leading Indian Social Media,” Open Source Center, December 21, 2010.

The academic journal “Research in Social Problems and Public Policy” has devoted its latest issue to the topic of “Government Secrecy.” The special issue was edited by Susan L. Maret. The table of contents may be found here (pdf).

Two probing congressional examinations of the Espionage Act, its application and its possible reform have recently been published. The House Judiciary Committee held a December 16, 2010 hearing on “The Espionage Act and the Legal and Constitutional Issues Raised by WikiLeaks.” Also newly published is a May 12, 2010 Senate Judiciary Committee hearing volume on “The Espionage Statutes: A Look Back and a Look Forward.”

Last week the Senate confirmed Stephanie O’Sullivan to be the Principal Deputy Director of National Intelligence (PDDNI), the number two position in the Office of the Director of National Intelligence (ODNI).  Ms. O’Sullivan, a longtime CIA employee who is currently Associate Deputy Director of CIA, will be the fourth person to hold that office.

A review of the materials submitted in support of her nomination, especially a set of answers to pre-hearing questions (pdf) submitted by the Senate Intelligence Committee, turns up a number of interesting new details concerning intelligence policy.  For example:

**  ODNI began an effort last year “to reinvigorate the declassification of imagery for public release,” Ms. O’Sullivan said. She indicated that this program had been “launched in May 2010,” but there is little sign that it has had any impact to date.

On the contrary, attempts to gain access to historical intelligence satellite imagery remain as contentious and mostly as fruitless as ever.  “Trying to get [satellite imagery] declassified today, it’s like I’m taking their marbles away,” said Charles P. Vick of GlobalSecurity.org earlier this month, “and it’s over 40 years old.”  (“New Secrets of Huge Soviet Moon Rocket Revealed” by Leonard David, Space.com, February 7, 2011).

**  Over the past several years, science and technology research activities at CIA “have improved substantially,” leading to the operational use of new intelligence technologies, Ms. O’Sullivan told the Senate Intelligence Committee.

This upbeat assertion contrasts, for example, with a 2006 Intelligence Science Board report which found that technological “innovation in the Intelligence Community” was “hobble[d]” and that the problem was approaching “critical levels.”  (“Intel Science Board on ‘The New S&T Landscape’,” Secrecy News, January 10, 2011).

But Ms. O’Sullivan said that “There has been a marked increase in cutting edge technology which has been developed through research and development and successfully transitioned to operations… [The CIA Directorate of Science and Technology’s] acquisitions and operations have also delivered innovative new capabilities and technical operations that have closed collection gaps.”

The nature of these capabilities and operations was not specified.  One trusts that they did not include the fraudulent intelligence-related technologies that were central to the unfolding Dennis Montgomery/e-Treppid Technologies scandal and featured in the New York Times last weekend.  (“Government Tries to Keep Secret What Many Consider a Fraud” by Eric Lichtblau and James Risen, New York Times, February 20, 2011).

Ms. O’Sullivan also provided brief commentary on the obscure and mostly classified Comprehensive National Cybersecurity Initiative (CNCI), which she said was “progressing satisfactorily.”   She discussed in general terms the government’s response to WikiLeaks, which she said “represents the magnitude of the potential danger when technology, opportunity, and malevolent human motivation combine.”  Her answers to the pre-nomination hearing questions may be found here.

Sometimes the questions that were posed to Ms. O’Sullivan were more interesting than the answers.  Thus, in an oddly flattering formulation, the Senate Intelligence Committee observed that “The National Reconnaissance Office has historically attempted to deliver more program content that can be accomplished under the budgets requested by the President or appropriated by Congress.  We understand that this problem is again arising in the fiscal year 2012 budget build now in progress.”

A routine questionnaire for Presidential nominees asks whether the nominee has ever been arrested or charged with committing a crime.  Ms. O’Sullivan noted (pdf) that she was charged with trespassing in August 1989 for “being in a public park after closing.”  The charges were subsequently dropped.

Newly updated reports of interest from the Congressional Research Service include the following (all pdf).

“Egypt: The January 25 Revolution and Implications for U.S. Foreign Policy,” February 11, 2011.

“Amendments to the Foreign Intelligence Surveillance Act Set to Expire February 28, 2011,” February 10, 2011 (a three month extension until May 27, 2011 was passed by Congress last week).

“Intelligence Identities Protection Act,” January 28, 2011.

“Closing the Guantanamo Detention Center: Legal Issues,” February 11, 2011.

“Nanotechnology and Environmental, Health, and Safety: Issues for Consideration,” January 20, 2011.

“Foreign Aid: An Introduction to U.S. Programs and Policy,” February 10, 2011.

Former Congressman Steve Horn (R-CA), who was a leading congressional defender of the Freedom of Information Act and of public access to government information generally, died last week at age 79.

Rep. Horn was a primary sponsor, along with Sen. Patrick Leahy, of the Electronic Freedom of Information Act of 1996, which formally extended the provisions of the FOIA to electronic records. He led congressional efforts to oversee FOIA implementation and to address defects in agency compliance.

As chairman of a House Government Reform subcommittee with jurisdiction over FOIA, “What struck me then and now is the critical role that public access to Government information plays in our democracy,” Horn said in 2002. “It is key to having an informed citizenry and to supplying our citizens with the knowledge they need to hold their Government accountable. Therefore, I have always been a strong advocate of the Act.”

Rep. Horn “was outspoken against the abuse of secrecy by executive agencies and the willingness of many Congressional Committees to ignore their duties and allow such secrecy,” recalled Rep. Carolyn Maloney (D-NY) after his retirement in 2002. “He forced the CIA and the Department of Defense to release documents so that Congress could effectively perform oversight.”

In a rather modest gesture of respect, Congress named a post office after him in 2003 (the “Stephen Horn Post Office Building” at 2300 Redondo Avenue in Long Beach, California).

Update: Horn’s family invites donations in his name to the University Library, California State University, Long Beach, c/o CSULB Foundation, 1250 Bellflower Blvd., Long Beach, CA 90840 (via LAT).

Legislation introduced in the Senate this week would broadly criminalize leaks of classified information.  The bill (S. 355) sponsored by Sen. Benjamin Cardin (D-MD) would make it a felony for a government employee or contractor who has authorized access to classified information to disclose such information to an unauthorized person in violation of his or her nondisclosure agreement.

Under existing law, criminal penalties apply only to the unauthorized disclosure of a handful of specified categories of classified information (in non-espionage cases).  These categories include codes, cryptography, communications intelligence, identities of covert agents, and nuclear weapons design information.  The new bill would amend the espionage statutes to extend such penalties to the unauthorized disclosure of any classified information.

(Another pending bill, known as the SHIELD Act, would specifically criminalize disclosure — and publication — of information concerning human intelligence activities and source identities. Both bills were originally introduced at the end of the last Congress, and were reintroduced this month.)

“I am convinced that changes in technology and society, combined with statutory and judicial changes to the law, have rendered some aspects of our espionage laws less effective than they need to be to protect the national security,” said Sen. Cardin.  “I also believe that we need to enhance our ability to prosecute… those who make unauthorized disclosures of classified information.”

“We don’t need an Official State Secrets Act, and we must be careful not to chill protected First Amendment activities,” he said.  “We do, however, need to do a better job of preventing unauthorized disclosures of classified information that can harm the United States, and at the same time we need to ensure that public debates continue to take place on important national security and foreign policy issues.”

The bill would replace the Espionage Act’s use of the term “national defense information” with the broader but more precise term “national security information.”  It would outlaw any knowing violation of an employee’s classified information nondisclosure agreement, “irrespective of whether [the discloser] intended to aid a foreign nation or harm the United States.”  The bill would not criminalize the receipt of leaked information, and it would not apply to whistleblowers who disclose classified information through authorized channels.

But it would establish a rebuttable presumption that any information marked as classified is properly classified.  (The bill does not distinguish between “information” and “records.”)  This means that the government would not have to prove that the leaked information was properly classified;  the defendant would have to prove it was not. In order to mount a defense arguing “improper classification,” a defendant would have to present “clear and convincing evidence” that the original classifier could not have identified or described damage to national security resulting from unauthorized disclosure.  Such challenges to original classification are almost never upheld, and so the defendant’s burden of proof would be nearly impossible to meet.

The bill does not provide for a “public interest” defense, i.e. an argument that any damage to national security was outweighed by a benefit to the nation.  It does not address the issue of overclassification, nor does it admit the possibility of “good” leaks.  Disclosing that the President authorized waterboarding of detainees or that the government conducted unlawful domestic surveillance would be considered legally equivalent to revealing the identities of intelligence sources, the design of secret military technologies or the details of ongoing military operations.

And at a time when an unprecedented number of leak prosecutions are underway, the bill’s premise that an enhanced ability to prosecute leaks is needed seems questionable.  In fact, in a 2002 report to Congress, then-Attorney General John Ashcroft said that the laws already on the books were sufficient and that no new anti-leak legislation was required.

“Given the nature of unauthorized disclosures of classified information that have occurred, however, I conclude that current statutes provide a legal basis to prosecute those who engage in unauthorized disclosures, if they can be identified…. Accordingly, I am not recommending that the Executive Branch focus its attention on pursuing new legislation at this time,” Mr. Ashcroft wrote.

In 2000, Congress enacted legislation to criminalize all leaks of classified information, but the measure was vetoed by President Clinton.

“There is a serious risk that this legislation would tend to have a chilling effect on those who engage in legitimate activities,” President Clinton wrote in his November 4, 2000 veto message.  “A desire to avoid the risk that their good faith choice of words — their exercise of judgment — could become the subject of a criminal referral for prosecution might discourage Government officials from engaging even in appropriate public discussion, press briefings, or other legitimate official activities. Similarly, the legislation may unduly restrain the ability of former Government officials to teach, write, or engage in any activity aimed at building public understanding of complex issues.”

“Incurring such risks is unnecessary and inappropriate in a society built on freedom of expression and the consent of the governed and is particularly inadvisable in a context in which the range of classified materials is so extensive. In such circumstances, this criminal provision would, in my view, create an undue chilling effect,” President Clinton wrote.