New publications from the Congressional Research Service that Congress has withheld from online public disclosure include the following.

A New Authorization for Use of Military Force Against the Islamic State: Comparison of Current Proposals in Brief, October 21, 2014

U.S. Citizens Kidnapped by the Islamic State, CRS Insights, October 17, 2014

Smartphone Data Encryption: A Renewed Boundary for Law Enforcement?, CRS Insights, October 17, 2014

Last week government attorneys submitted 28 documents concerning “watchlisting” procedures to a federal court for in camera review that they said should be protected from disclosure under the state secrets privilege.  The documents had been sought by the plaintiff in Gulet Mohamed v. Eric Holder, a case challenging the constitutionality of the “no fly” list.

The government had previously argued that it was “not appropriate” for a court to perform its own review of such privileged records. But it nevertheless complied with a court order to produce them (under seal).

The government reiterated its position that “the assertion of the state secrets privilege in this case is proper, and the appropriate consequence of the assertion of the privilege is dismissal of Plaintiff’s case.”

Beyond that, government attorneys also took the opportunity to rebut the court’s criticism of the use of the state secrets privilege, and to defend several past assertions of the privilege.

In a September 15 court order, Judge Anthony J. Trenga, who is hearing the Gulet Mohamed case, had commented (in a footnote at p.5) that “The government’s assertion of the state secrets privilege in certain cases has been less than reassuring.” He mentioned several problematic instances beginning with Reynolds v. US, the 1953 Supreme Court case that recognized the state secrets privilege based on claims that were later called unfounded or even fraudulent.

The government pushed back against those comments and defended each of the controversial assertions of the state secrets privilege cited by Judge Trenga.

“The suggestion that the privilege assertion in Reynolds lacked a proper basis is mistaken,” the government insisted, noting that courts had rejected persistent allegations of government fraud in that case.

Among the documents that the government submitted to the court on Friday is the Watchlisting Guidance that defines the procedures and criteria for adding someone to the no-fly list.

In its public filing, the government did not acknowledge that the purportedly privileged Watchlisting document has been publicly disclosed and published online (by The Intercept). But government attorneys had previously argued that any purported leak did not necessarily alter the privileged status of the leaked document. It will now be up to Judge Trenga to determine whether or not that is so.

The documents submitted for review were accompanied by a heavily redacted declaration from Michael Steinbach, Assistant Director of the FBI Counterterrorism Division.

In another pending state secrets case, Restis v. United Against Nuclear Iran, several civil liberties groups asked for leave to submit an amicus curiae brief concerning the proper use of the state secrets privilege. Somewhat mysteriously, the government intervened to assert the state secrets privilege in that case, though it was not a party to it. Nor would it reveal which executive branch agency is actually asserting the privilege — which may be a roundabout way of saying, “It’s the CIA.”

“The proposed [amicus] brief will address the scope and nature of the state secrets privilege, the procedures that must accompany any proper assertion of the privilege, and the public interest at stake when the Government seeks to invoke the privilege,” wrote Dror Ladin on behalf of the ACLU, the Brennan Center for Justice, the Center for Constitutional Rights, the Constitution Project, the Electronic Frontier Foundation, and the Sunlight Foundation.

Without objection from any of the parties, the civil liberties groups were granted permission to submit their brief by October 29.

New and updated publications from the Congressional Research Service that Congress has withheld from online public distribution include the following.

Cybercrime: An Overview of the Federal Computer Fraud and Abuse Statute and Related Federal Criminal Laws, October 15, 2014

Insurance and Climate Change: Do Governments Have a Duty to Protect Property Owners?, CRS Legal Sidebar, October 16, 2014

Home Is Where They Have To Take You In: Right to Entry For U.S. Citizens, CRS Legal Sidebar, October 16, 2014

Conflict Minerals and Resource Extraction: Dodd-Frank, SEC Regulations, and Legal Challenges, October 15, 2014

EPA’s Upcoming Ozone Standard: How Much Will Compliance Cost?, CRS Insights, October 15, 2014

Eleventh Circuit Provides Guidance for the Definition of “Foreign Official” under the FCPA, CRS Legal Sidebar, October 15, 2014

Nuclear Energy Policy, October 15, 2014

Turkey-U.S. Cooperation Against the “Islamic State”: A Unique Dynamic?, CRS Insights, October 15, 2014

The executive branch interprets the 2001 Authorization for Use of Military Force to permit military action against terrorist groups that are “associated” with Al Qaeda. Such associated forces are considered co-belligerents with Al Qaeda and the Taliban and are therefore legal targets of U.S. military force.

But some groups or individuals may be “affiliated” with Al Qaeda ideologically or otherwise without being “associated” with it operationally. Those affiliated (but non-associated) groups would not be authorized targets of U.S. military operations under the 2001 AUMF.

Which groups are which? That is classified.

“A Pentagon spokesperson in mid-2013 stated that a list identifying which groups the Administration viewed as associated forces should remain classified, arguing that its release would damage national security by bolstering the groups’ credibility,” a new report from the Congressional Research Service noted.

Some officials say that even the more expansive category of “affiliated” groups has become too confining. “A broader category is that of ‘like-minded groups’ that may or may not be operationally linked with Al Qaeda, but potentially share at least some of its traits,” CRS said.

The CRS report profiles many of the Al Qaeda-affiliated organizations based on open sources, including reports from the CIA Open Source Center that are not publicly available. See Al Qaeda-Affiliated Groups: Middle East and Africa, October 10, 2014.

Other noteworthy new CRS products include the following.

(No) Papers, Please: No Passports for U.S. “Foreign Fighters”, CRS Legal Sidebar, October 10, 2014

Federal and State Quarantine and Isolation Authority, updated October 9, 2014

A report to Congress on authorized disclosures of classified intelligence to the media — not unauthorized disclosures — is classified and is exempt from disclosure under the Freedom of Information Act, the National Security Agency said.

The notion of an authorized disclosure of classified information is close to being a contradiction in terms. If something is classified, how can its disclosure be authorized (without declassification)? And if something is disclosed by an official who is authorized to do so, how can it still be classified? And yet, it seems that there is such a thing.

Confronted by a pressing question from a reporter on a classified matter, an official might opt to acknowledge or disclose classified information in response, without necessarily intending to broadcast that information to everyone. In such cases, the information might be disclosed without being declassified, especially if it is already known to the reporter through other channels.

In the Intelligence Authorization Act for FY 2013 (sec. 504), Congress directed that “In the event of an authorized disclosure of national intelligence” to the media, the government official responsible for authorizing the disclosure shall notify Congress in a timely fashion whenever the intelligence disclosed is classified (or declassified for the purpose of the disclosure).

The purpose of that requirement was to ensure that the congressional intelligence committees are made aware of authorized disclosures to the press “so that, among other things, these authorized disclosures may be distinguished from unauthorized ‘leaks’,” according to the Senate report on the FY2013 intelligence bill.

So what disclosures of classified intelligence to the media were approved by government officials and reported to Congress, we asked earlier this year? The National Security Agency refuses to disclose those disclosures.

“The document responsive to your request has been reviewed by this Agency as required by the FOIA and has been found to be currently and properly classified in accordance with Executive Order 13526,” according to an October 2 letter signed by retiring NSA FOIA chief Pamela N. Phillips. “The document is classified because its disclosure could reasonably be expected to cause exceptionally grave damage to the national security.”

We appealed the denial.

“It is well established that information, including classified information, that has been publicly disclosed on an authorized basis loses its exemption from disclosure under FOIA,” the FAS appeal letter said.

“Since the requested document addresses ‘authorized public disclosures,’ the substance of those authorized disclosures may no longer be withheld.”

Security policies in the executive branch are being overhauled in response to a potential “insider threat.” But while some progress is being made, the intended functionality will not be available for several more years to come.

The insider threat includes “the threat of those insiders who may use their authorized access to compromise classified information.” Three years ago, due in part to the unauthorized disclosures by then-Pfc. Bradley Manning to WikiLeaks, President Obama issued Executive Order 13587 directing agencies to “implement an insider threat detection and prevention program.”

Last week, the Department of Defense finally issued an internal directive establishing department policy on the subject. The policy aims to establish “an integrated capability to monitor and audit information for insider threat detection and mitigation,” including “the monitoring of user activity on DoD information networks.” See “The DoD Insider Threat Program,” DoD Directive 5205.16, September 30, 2014.

But that is easier said than done. The timetable for achieving a government-wide insider threat program does not envision an Initial Operating Capability until January 2017, and even the achievement of that operational milestone is considered to be “at risk,” according to the latest quarterly report on Insider Threat and Security Clearance Reform (at p. 15).

Prior to 2010, Army regulations “never adequately addressed the ‘insider threat’,” said a 2011 Army investigative report on the Compromise of Classified Information to Wikileaks that was released by the Army in redacted form last month.

“Disenchanted idealists are… a fertile source of information” for adversaries, according to Army Regulation 530-1 on Operations Security, updated 26 September 2014.

New and updated reports from the Congressional Research Service that Congress has withheld from online public distribution include the following.

The Ebola Outbreak: Select Legal Issues, CRS Legal Sidebar, October 6, 2014

Ebola: Basics About the Disease, October 3, 2014

As Midterm Election Approaches, State Election Laws Challenged, CRS Legal Sidebar, October 7, 2014

Child Welfare: Profiles of Current and Former Older Foster Youth Based on the National Youth in Transition Database (NYTD), October 6, 2014

Agriculture in the WTO Bali Ministerial Agreement, October 6, 2014

Ozone Air Quality Standards: EPA’s 2015 Revision, October 3, 2014

Beverage Industry Pledges to Reduce Americans’ Drink Calories, CRS Insights, October 6, 2014

Palestinian Authority: U.S. Payments to Creditors as Alternative to Direct Budgetary Assistance?, CRS Insights, October 6, 2014

Offices of Inspector General (OIGs) are generally known for performing investigations of executive branch agencies in order to combat waste, fraud and abuse. But many IGs also have a law enforcement function, and many of their employees are armed.

The most recent data available (from 2008) indicate that 33 Offices of Inspector General had a total of 3,501 agents who were authorized to carry firearms, according to a recent report from the Congressional Research Service. Intelligence community IGs do not appear to be among them.

Why does the US Department of Agriculture IG, for example, need staff with guns?

Agriculture IG employees regularly conduct undercover operations, according to information that USDA provided to CRS. “The types of investigations conducted by OIG special agents include criminal activities such as fraud in farm programs; significant thefts of Government property or funds; bribery and extortion; smuggling; and assaults and threats of violence against USDA employees engaged in their official duties.” See Offices of Inspector General and Law Enforcement Authority: In Brief, September 8, 2014.

Other new and updated CRS reports that Congress has withheld from online public distribution include the following.

Comprehensive Nuclear-Test-Ban-Treaty: Background and Current Developments, updated September 29, 2014

Increased Department of Defense Role in U.S. Ebola Response, CRS Insights, October 1, 2014

Syria’s Chemical Weapons: Progress and Continuing Challenges, CRS Insights, October 1, 2014

Israel’s Iron Dome Anti-Rocket System: U.S. Assistance and Coproduction, CRS Insights, September 30, 2014

Iran: U.S. Concerns and Policy Responses, updated October 1, 2014

India-U.S. Economic Relations: In Brief, September 26, 2014

Venezuela: Background and U.S. Relations, updated October 2, 2014

Temporary Professional, Managerial, and Skilled Foreign Workers: Legislation in the 113th Congress, September 30, 2014

Reauthorizing the Office of National Drug Control Policy: Issues for Consideration, updated September 30, 2014

Dark Pools in Equity Trading: Policy Concerns and Recent Developments, September 26, 2014

Hydraulic Fracturing: Selected Legal Issues, updated September 26, 2014

Legislative Research for Congressional Staff: How to Find Documents and Other Resources, updated September 25, 2014

 

The challenges of identifying the perpetrators of a nuclear attack on the United States and communicating that information to senior leadership were considered in a 2009 workshop sponsored by the Office of the Director of National Intelligence. A declassified report on the workshop was released last week in heavily redacted form. See “Transforming Nuclear Attribution: Culture, Community, and Change (SHARP 2009)” (redacted), Office of the Director of National Intelligence, July 2009.

One of the challenges is that the task may be impossible. “The outcome from the assessment of all the evidence and sources may be that a definitive answer is not achievable.”

In the best of cases, “There will almost certainly be a disconnect between the speed at which the national leadership must respond to the policy/political environment and the slower pace at which forensic evidence, technical analysis, and law enforcement investigations can proceed. This gives rise to an anchoring problem (i.e. a tendency to anchor on the usual suspects in attributing responsibility for an event).”

“Given the magnitude of the likely national response to any substantial WMD event, those involved in the attribution process need to be cautious of leaping to conclusions ahead of the evidence.”

The report considers the problem of “hot cognition,” referring to analysis that is performed under conditions of emotional agitation or distress.

“Hot cognition has an immense potential for distorting our perceptions of the environment and how we interpret information. It leads us to more extreme judgments of information, perhaps far beyond what they warrant. And it may lead us to fill in the gaps of missing or ambiguous information with emotional filler that could seriously distort our assessments.”

The workshop was conducted as part of the ODNI Summer Hard Problem (SHARP) program. In the roughly 50% of the resulting report that was not redacted by ODNI and the Department of Energy, there are a number of passages of interest concerning the psychology of intelligence analysis, and other topics. For example:

*  “Resolving an information need is not just about finding a ‘nugget.’ Information must be actively incorporated into the mind. New information has to be assimilated into a person’s preexisting context or state of information about the world. ‘Meaning construction’ takes place when this new information can connect with what is already understood. Our ability to absorb new information is limited. People selectively attend to new information that connects, and may be oblivious to the rest.”

*  Assembling an “all-star” team of outstanding intelligence analysts to tackle the attribution problem may not be the right approach. “It has been observed in a number of professional level sporting events that all-star teams — that is, teams created by joining the most exceptional players from across the league — rarely produce the best team overall. While their members have exceptional skills and are tremendous atheletes individually, these all-star teams typically do not perform as well as expected, nor do individual all-stars perform as well as they performed on their originating team.”

*  “In the case of a nuclear event, it is likely that individual private citizens will have images stored on cell phones or digital cameras that could help [resolve] the attribution question. [Word deleted – AFTAC?] should make arrangements in advance of any actual emergency that would give the public a way to send information to government servers for analysis.”

*  “For every one casualty actually caused by a [WMD] event, as many as fifty other individuals may descend upon local medical facilities presenting with psychosomatic symptoms.”

*  “Current limits to information sharing exist for good reasons, including the need to protect sources, the need to avoid tainting legal prosecution, and the need to protect rights to privacy. These reasons will remain important in a nuclear emergency, but cannot be allowed to impede the higher priority of protecting thousands or millions of human lives…. We must prepare IT tools and approaches now, that when activated for a nuclear emergency, allow relevant players to share knowledge at the speed of technology, not the speed of bureaucracy.”

*  “Having examined the range of capabilities that the US Government will bring to the issue of nuclear attribution, we conclude that IC, LE, and TNF [intelligence community, law enforcement, and technical nuclear forensics] capabilities, as currently configured, are likely to result in eventual success. By this we mean that we are confident that these efforts would eventually result in identification of those who mounted and sponsored any nuclear-related attack on the US or engaged in related activities. We are far less confident that as currently configured these agencies will be able to deliver meaningful, rapid success.”

The Central Intelligence Agency has asked for authority to destroy email messages sent by non-senior officials of the Agency. The National Archives and Records Administration (NARA) has tentatively approved the proposal.

In an August 18 appraisal of the CIA request, Meredith Scheiber of NARA wrote that any permanently valuable material in the emails would almost certainly be captured in other permanent CIA records.

“It is unlikely that permanent records will be found in these email accounts that is not filed in other appropriate files appraised as permanent,” the appraisal said.

“There are multiple records systems to capture the actions and decisions of employees and multiple internal controls in place in the event an employee was engaged in malicious activities.”

Any “remaining email not captured in other recordkeeping systems is routine or administrative in nature; transitory; or personal in nature.”

The NARA appraisal of the CIA proposal noted in passing that “The Agency’s current email policy is to print and file” rather than to save permanently valuable email in softcopy format.

“The average career of an Agency employee is 22 years,” the NARA appraisal also observed.

The CIA proposal for email disposal authority and the accompanying NARA appraisal were announced for public comment in the Federal Register on September 17.

The CIA should not have redacted the amount that was paid for a Commodore Amiga portable computer in 1987 from a recently declassified article, a CIA official said today. (CIA: Cost of Personal Computer in 1987 is a Secret, Secrecy News, September 29).

“The redaction of the cost of the Commodore Amiga computer was in fact an error,” said Joseph W. Lambert, Director of CIA Information Management Services.

“Although we would normally redact budget figures, this clearly does not constitute a budget figure and should not have been redacted. The mistake was made in a high volume court deadline environment,” he said, referring to a FOIA lawsuit brought by former CIA official Jeffrey Scudder.

“I have instructed my folks to make the appropriate corrections by lifting the redactions in question and then subsequently re-post the document to our website,” Mr. Lambert said via email. The revised document should be posted tomorrow. (Update: The document with cost figures restored is now posted here.)

The Scudder lawsuit was not settled by the latest releases of hundreds of articles from CIA’s Studies in Intelligence journal. The parties told the court on Monday that Scudder intends to challenge some of CIA’s withholdings.

Updated below

Under the prevailing information policies of the Central Intelligence Agency, even some well-known public facts, such as the price of a popular personal computer, may be withheld from public disclosure.

“We bought our first Commodore Amiga in 1987 for less than [price redacted] including software,” according to a paper entitled “NPIC, Amiga, and Videotape” from the CIA journal Studies in Intelligence. It was among hundreds of papers posted online this month in response to a FOIA lawsuit brought by Jeffrey Scudder.

The redacted Amiga price figure is marked “(b)(3)(c)”, signifying that the information is being withheld under The CIA Act of 1949, by which CIA may withhold information about the organization, functions, names, official titles, salaries, or numbers of personnel employed by the Agency.

But is the cost of a publicly available consumer item like the Commodore Amiga computer properly subject to this exemption? A CIA information management official did not respond to an inquiry on the subject from Secrecy News.

Based on previous official statements, however, the CIA would likely say that even if the cost of the Commodore Amiga in 1987 is not intrinsically sensitive, the fact that CIA expended that amount makes it so.

Moreover, CIA seems to have adopted a declassification rule dictating that all of its expenditures, no matter how trivial, shall be withheld from disclosure, except in extraordinary cases (or the occasional mistake). The Agency might go on to argue that such a rule actually facilitates disclosure by expediting the declassification review process. That’s because instead of needing to pause to consider the potential ramifications of any individual spending disclosure, the Agency can proceed more quickly by simply withholding all such figures.

However, by adopting such sweeping non-disclosure practices, the CIA inevitably withholds more information than it should. And it lacks a reliable mechanism for correcting errors and excesses.

This has been a longstanding problem when it comes to withholding information concerning “intelligence sources and methods,” as authorized and required by the National Security Act [a FOIA exemption designated “(b)(3)(n)” in CIA’s internal notation].

The 1997 Report of the Commission on Protecting and Reducing Government Secrecy (the Moynihan Commission) said that the “sources and methods” justification for secrecy had been invoked too broadly and required clarification.

“Neither the National Security Act nor any of the relevant executive orders has defined what constitutes a ‘source’ or a ‘method,’ and the use of these provisions has been the subject of frequent criticism. Protection of sources and methods has been used to justify the classification of a range of information sometimes only indirectly related to a specific source or method,” the Moynihan Commission said (in Chapter 2 of its Report).

“In practice, the sources and methods rationale [for withholding information] has become a vehicle for agencies to automatically keep information secret without engaging in the type of harm analysis required by executive orders as a prerequisite to keeping other kinds of information secret. The statutory requirement that sources and methods be protected thus appears at times to have been applied not in a thoughtful way but almost by rote,” the Commission said (in Chapter 3).

But no action was taken on the Commission’s critique, and 15 years later the Public Interest Declassification Board still found reason to recommend that “The specific protections afforded intelligence sources and methods need to be precisely defined and distinguished.” So far, the Board’s 2012 recommendation to clarify the parameters of the National Security Act on this point has also gone unheeded.

Meanwhile, based on CIA’s promiscuous use of its withholding authorities as evidenced in the newly posted Studies in Intelligence papers, similar remedial action seems to be required with respect to the CIA Act as well.

And what was the cost of the Commodore Amiga in 1987 that CIA believes is exempt from disclosure today?

According to an online history, the Amiga 500 cost $699 in 1987, while the high end Amiga 2000 (with 1 MB RAM and a monitor) cost $2395.

Update: A CIA official said on October 1 that the redaction of the cost of the Amiga was an error, and that it would be corrected.

Update 2: The paper has been re-posted by CIA with cost figures restored here.