“The Committee on Foreign Investment in the United States (CFIUS) is an interagency committee that serves the President in overseeing the national security implications of foreign investment in the economy,” the Congressional Research Service has explained (pdf).  “Originally established by an Executive Order of President Ford in 1975, the committee generally has operated in relative obscurity.”

That relative obscurity continues to prevail.  A new Department of Defense Instruction says that “The DoD CFIUS process should, to the extent possible, be a transparent process.”  Yet the same Instruction dictates that “Information or documentary material filed with CFIUS shall be exempt from disclosure [under the Freedom of Information Act] and will not be made public.”  See “DoD Procedures for Reviewing and Monitoring Transactions Filed with the Committee on Foreign Investment in the United States (CFIUS),” DoD Instruction 2000.25 (pdf), August 5, 2010.

Two informative background reports on CFIUS were recently updated by the Congressional Research Service (both pdf).  See “The Committee on Foreign Investment in the United States (CFIUS),” July 29, 2010, and “The Exon-Florio National Security Test for Foreign Investment,” July 19, 2010.

The current dispute between the Obama Administration and some members of Congress over whether to strengthen oversight of intelligence programs by the Government Accountability Office is rooted in a 1988 opinion from the Justice Department Office of Legal Counsel (OLC), which held that GAO access to intelligence information is actually barred by law.

In 1988, the GAO requested access to intelligence files concerning Panama as part of an investigation of U.S. policy towards Panamanian leader Manuel Noriega.  In response to an inquiry from the National Security Council, the Office of Legal Counsel issued an opinion (pdf) stating that the GAO was not entitled to the requested records on Panama and Noriega.  Not only that, but the opinion (written by Acting OLC head Douglas W. Kmiec) concluded categorically that “GAO is precluded by the Intelligence Oversight Act from access to intelligence information.”

Today, the FBI cites that 1988 opinion to justify its refusal to permit GAO to perform a review of the FBI counterterrorism program and other matters previously studied by GAO.

The 1988 OLC opinion “has had a broad negative impact on our access to information at the FBI and several other agencies that are part of the intelligence community,” wrote Acting Comptroller General Gene L. Dodaro in a recent letter (pdf).  “Moreover, we are concerned that this position is now being extended to cover agencies and activities that have long been subject to GAO oversight, such as human capital practices and vacancies within the FBI’s Counterterrorism Division.”

Mr. Dodaro’s June 15, 2010 letter regarding GAO access to government information was sent to Senators Charles Grassley and Richard Shelby.  A copy was obtained by Secrecy News.

The OLC opinion that GAO’s access to intelligence information is “precluded” by law seems demonstrably wrong and in any case has been overtaken by events.  A Department of Defense Instruction (7650.01) explicitly permits GAO access to DoD intelligence information.  Do the Justice Department and the FBI believe that this DoD Instruction violates the law?  And if the law prohibits GAO access to intelligence information, why have dozens of GAO analysts (73 of them as of March 2008) been granted SCI security clearances that authorize such access?

“The [OLC’s] basic legal premise — that GAO lacks legal authority to review intelligence matters — is simply wrong,” one congressional official told Secrecy News.  “To make matters more interesting, the 1988 OLC opinion is based on an old, and in my opinion misguided, GAO effort to get raw intelligence related to the Noriega mess.  How it applies to GAO’s current efforts to conduct a human capital review at FBI is baffling.”

“The fact that the Obama Administration is trying to block GAO from doing essentially the same work it did under the Bush Administration is a stunning turn of events that no one expected,” the official said.

For one year following their employment, all former government employees are prohibited by law (18 U.S.C. 207c) from contacting employees of their former agency for the purpose of influencing their official actions.

A 2006 legal opinion (pdf) from the Office of Government Ethics (OGE) said this means that former CIA employees cannot contact current CIA employees for purposes of seeking official action, even if those current CIA employees are detailed to another federal agency.  Prior to the OGE opinion, the CIA had disputed that the law extended to contacts with CIA detailees at other agencies.

“One certainly could envision circumstances in which a former senior CIA employee might have the opportunity to use his or her former position to influence a current CIA employee on detail to another agency in the Intelligence Community,” wrote OGE General Counsel Marilyn L. Glynn in her opinion prohibiting such contacts.

The OGE legal opinion was written in response to a request Steven Bradbury of the Justice Department Office of Legal Counsel.  The circumstances that prompted the inquiry are not known, nor is it known if the OLC itself issued any further guidance on the subject.  The 2006 OGE opinion was released last month under the Freedom of Information Act.

“Several events this past year — the Fort Hood Shooting and the attempted bombings on Christmas Day and in Times Square — highlight challenges, successes, and gaps in our ability to effectively share and access information,” wrote Kshemendra N. Paul, the program manager of the ODNI Information Sharing Environment (ISE) in a new annual report to Congress (pdf) on the current state of intelligence and threat information sharing.

“Looking back to the events of September 11, 2001, we have come far in our sharing of and access to information across boundaries organizational boundaries and mission domains. Yet much remains to be done to support the frontline,” Mr. Paul wrote.

The information sharing initiative is focused on overcoming barriers to communication within the government, not on public disclosure.  But sharing ought to include the public too, the report suggested at one point.

“Most of the work of building the ISE to date has been aimed at expanding information sharing across all areas of government in the U.S. and, to a lesser extent, with private sector organizations and foreign partners. As the ISE continues to evolve, however, we recognize that to support the Administration’s commitment to openness and transparency, we must extend those efforts to include the American public as well,” the new annual report to Congress said (p. 57).

The Obama Administration’s aggressive pursuit of leakers who disclose classified information to the press or to other unauthorized persons is moving forward on multiple fronts.

Shamai Leibowitz, a former FBI linguist who pleaded guilty to the unauthorized disclosure of classified intelligence information to an unidentified blogger, reported to prison this week, his attorney said (pdf).  Leibowitz has begun serving a twenty-month sentence at the Federal Correctional Institution (FCI) – Low in Petersburg, Virginia.

Thomas Drake, a former National Security Agency official who is suspected of having disclosed classified information to a reporter, pleaded not guilty to the charges against him.  Last week a jury trial in his case was scheduled (pdf) to begin on March 21, 2011.

Last Sunday, Defense Secretary Robert Gates told ABC News that Wikileaks was “morally culpable” because its massive disclosure of classified Afghanistan war records may have placed at risk individual Afghans who were named in the documents.  “That’s where I think the verdict is guilty on WikiLeaks. They have put this out without any regard whatsoever for the consequences.”

Wikileaks spokesman Daniel Schmitt said there were too many classified documents in the leaked collection to permit a careful review of all of them.

“Asked why WikiLeaks did not review all of the Afghan war logs before releasing them last month to make sure that no Afghan informants or other innocent people were identified, Schmitt said that the volume of the material made it impossible,” according to an August 3 report by Philip Shenon in the Daily Beast.  Mr. Schmitt said that Wikileaks welcomed Pentagon assistance in processing other leaked records for release.

I offered some comments on the Wikileaks case on NPR’s “On the Media” show last week.

Two civil liberties organizations said they will file a legal challenge against the government’s suspected targeting for assassination of an American supporter of Al Qaeda, arguing that under the U.S. Constitution no citizen can be “deprived of life… without due process of law.”

The American Civil Liberties Union and the Center for Constitutional Rights first filed suit against the Treasury Department, which said they needed a “license” in order to act on behalf of Anwar al-Awlaki, who has been designated as a terrorist.  After the lawsuit was filed yesterday, the Treasury Department said the license to proceed would be granted.

Meanwhile, Rep. Dennis Kucinich and several House colleagues introduced legislation last week “to prohibit the extrajudicial killing of United States citizens.”

“No United States citizen, regardless of location, can be ‘deprived of life, liberty, property, without due process of law’, as stated in Article XIV of the Constitution,” their bill said. [The cited statement is actually from the Fifth Amendment to the Constitution.]

White House spokesman Robert Gibbs said yesterday that the targeting of al-Awlaki was not done entirely without process.  “There’s a process in place that I’m not at liberty to discuss,” he said.

“If… we think that direct action [against terrorists] will involve killing an American, we get specific permission to do that,” then-DNI Dennis C. Blair told a House Intelligence Committee hearing (pdf) on February 3, 2010.

But the Kucinich bill said that “No one, including the President, may instruct a person acting within the scope of employment with the United States Government or an agent acting on behalf of the United States Government to engage in, or conspire to engage in, the extrajudicial killing of a United States citizen.”

Sixty-six American troops died in Afghanistan in July, making it the deadliest month for U.S. forces in the Afghanistan War thus far, the Washington Post and others reported.

Casualties of the Afghanistan War have recently been tabulated by the Congressional Research Service, including statistics on American forces, of whom around 1100 have been killed, as well as allied forces, and Afghan civilians.  Although the three week old CRS report does not include the very latest figures, it provides links to official and unofficial sources of casualty information that are regularly updated.  See “Afghanistan Casualties: Military Forces and Civilians,” July 12, 2010.

A number of other noteworthy new CRS reports that have not been made readily available to the public were obtained by Secrecy News, including these (all pdf):

“Terrorist Material Support: An Overview of 18 U.S.C. 2339A and 2339B,” July 19, 2010.

“Terrorist Material Support: A Sketch of 18 U.S.C. 2339A and 2339B,” July 19, 2010.

“Veterans Medical Care: FY2011 Appropriations,” July 27, 2010.

“U.S. Sanctions on Burma,” July 16, 2010.

“U.S.-Australia Civilian Nuclear Cooperation: Issues for Congress,” July 7, 2010.

Sen. John McCain inserted a nice tribute in the Congressional Record on April 28 to CRS analyst Christopher Bolkcom, our friend and former FAS colleague, who died last year.  See “Remembering Christopher C. Bolkcom.”

The vulnerabilities of critical energy infrastructure installations to potential cyber attack are normally treated as restricted information and are exempt from public disclosure.  But a recent Department of Energy report was able to openly catalog and describe the typical vulnerabilities of energy infrastructure facilities because it did not reveal the particular locations where they were discovered.

“Although information found in individual… vulnerability assessment reports is protected from disclosure, the security of the nation’s energy infrastructure as a whole can be improved by sharing information on common security problems,” the DOE report (pdf) said. “For this reason, vulnerability information was collected, analyzed, and organized to allow the most prevalent issues to be identified and mitigated by those responsible for individual systems without disclosing the identity of the associated… product.”

The specific vulnerabilities that were found are no big surprise — open ports, unsecure coding practices, and poor patch management.  But by describing the issues in some detail, the new report may help to demystify the cyber security problem and to provide a common vocabulary for publicly addressing it.  See “NSTB Assessments Summary Report: Common Industrial Control System Cyber Security Weaknesses,” Idaho National Laboratory, May 2010.

The Wikileaks publication of tens of thousands of classified U.S. military records last week is inevitably prompting a review of information security practices to identify remedial steps.  I have been arguing that one of those steps ought to be a rethinking of classification policy.  “The reform that may be needed more urgently than any other is a careful reduction in the size of the secrecy system.”  See “Afghan Leaks: Is the U.S. Keeping Too Many Secrets?” by Alex Altman, Time, July 30.

The Department of Defense has updated its doctrine on “foreign internal defense,” which refers to actions taken to support a foreign government’s efforts to combat domestic subversion, insurgency or terrorism.  See Joint Publication 3-22, “Foreign Internal Defense,” July 12, 2010.

“The Army in Multinational Operations” is the subject of a newly updated U.S. Army Field Manual, FM 3-16, May 2010.

Michel de Montaigne (1533-1592), whose essays transformed Western consciousness and literature, was not capable of solving basic arithmetic problems.  And most other people would not be able to do so either, if not for the invention of decimal notation by an unknown mathematician in India 1500 years ago.  That is the contention of a neat little essay recently published by the Department of Energy (based in part on a book by Georges Ifrah).  See “The Greatest Mathematical Discovery?” by David H. Bailey and Jonathan M. Borwein, May 12, 2010.

Congress should eliminate the classification category known as “Formerly Restricted Data” in order to simplify and streamline classification policy, the Public Interest Declassification Board was told last week.

While most national security information (NSI) is classified by executive order, information related to nuclear weapons is classified under the Atomic Energy Act.  And such classified nuclear weapons information in turn falls into two categories:  Restricted Data (RD), which deals mainly with weapons design and production of nuclear material, and Formerly Restricted Data (FRD), which typically concerns the storage, maintenance and utilization of nuclear weapons.  (Despite its somewhat misleading name, FRD is still classified information and cannot be shared with uncleared persons.)

Incredibly, each component of this three-part classification system — NSI, RD, and FRD — has different criteria for classifying, handling, and declassifying information within its scope.  So, for example, RD can be declassified by the Secretary of Energy only when it poses no “undue risk.”  But FRD can be declassified only when doing so presents no “unreasonable risk,” and only by joint action of the Secretary of Energy and the Department of Defense. And so on.  When items from different classification categories are intermingled within the same document or records group, the processing of records for declassification all but grinds to a halt.

“The entire FRD classification category should be eliminated,” I told the Board (pdf), “because it adds needless complexity to an already baroque classification system, and it poses an unnecessary obstacle to the efficient functioning of the declassification process.”

In the past, policymakers have considered transferring FRD to the regular classification system, or partitioning FRD partly into RD and partly into NSI, but they decided against it. “The cost and effort to manage such a partition, the judgment that it was unlikely for Congress [to make the needed legislative changes], and the problems discovered at NARA [where some unmarked RD and FRD were found in declassified files] resulted in no changes in the FRD category,” said Andrew Weston-Dawkes, the Director of the Office of Classification at the Department of Energy, in a statement (pdf) to the Board.

But the “no change” approach has significant long-term costs of its own, because the current three-tiered classification system is a massive impediment to the efficient production, handling and ultimate declassification of classified government records.

“A workable classification system of the future will be simple in design, easy to implement and to correct, and modest in scale,” I suggested to the PIDB.  “The Formerly Restricted Data category is not consistent with that goal, and so it needs to go.”

Dr. William Burr of the National Security Archive and Dr. Robert S. Norris of the Natural Resources Defense Council described to the PIDB the historical importance of information currently withheld as FRD, the often irrational barriers to its disclosure, and the benefits of careful declassification of historically significant FRD.  Steve Henry of the Department of Defense said that the Pentagon is currently reviewing the possible declassification of historical nuclear weapons storage locations.

In response to a request from the Department of Justice, the Senate yesterday authorized the Senate Intelligence Committee to cooperate with a pending investigation of an unauthorized disclosure of classified information.

“The Chairman and Vice Chairman of the Senate Select Committee on Intelligence, acting jointly, are authorized to provide to the United States Department of Justice, under appropriate security procedures, copies of Committee documents sought in connection with a pending investigation into the unauthorized disclosure of classified national security information, and former and current employees of the Committee are authorized to testify in proceedings arising out of that investigation,” according to Senate Resolution 600 that was passed yesterday.

The target of the leak investigation was not specified, but Senate Majority Leader Harry Reid said it involved “someone not connected with the committee.”

The Office of the Director of National Intelligence recently released a copy of Intelligence Community Directive (ICD) Number 700 on “Protection of National Intelligence” (pdf), which was issued on September 21, 2007.  Among other things, the Directive mandated the establishment of “fora for the identification and solution of issues affecting the protection of national intelligence and intelligence sources and methods.”

“I believe we are suffering what is probably the biggest transfer of wealth through theft and piracy in the history of mankind,” said Sen. Sheldon Whitehouse (D-RI), referring to the penetration and compromise of U.S. information systems by foreign nations and criminal entities.

In a statement on the Senate floor on Tuesday, Sen. Whitehouse described some of the findings of a classified Task Force that he chaired and that recently reported to the Senate Intelligence Committee.

The defense of U.S. information networks “is the greatest unmet national security need facing the United States,” he said. “The intelligence community is keenly aware of the threat and is doing all it can within existing laws and authorities to counter it.  The bad news is the rest of our country–including the rest of the Federal Government–is not keeping pace with the threat.”

Part of the problem, he said, is that “threat information affecting the dot.gov and the dot.mil domains is largely classified–often very highly classified” and so “the public knows very little about the size and scope of the threat their Nation faces…. If they knew how vulnerable America’s critical infrastructure is and the national security risk that has resulted, they would demand action.  It is hard to legislate in a democracy when the public has been denied so much of the relevant information.”

Among several proposed responses that he described, he said “we must more clearly define the rules of engagement for covert action by our country against cyber-threats.  This is an especially sensitive subject and highly classified.  But for here, let me just say that the intelligence community and the Department of Defense must be in a position to provide the President with as many lawful options as possible to counter cyber-threats, and the executive branch must have the appropriate authorities, policies, and procedures for covert cyber-activities, including how to react in real time when the attack comes at the speed of light.  This all, of course, must be subject to very vigilant congressional oversight.”

More than 40 bills on cyber security are currently pending in Congress, Sen. Whitehouse noted.