A national policy on “insider threats” was developed by the Obama Administration in order to protect against actions by government employees who would harm the security of the nation.  But under the rubric of insider threats, the policy subsumes the seemingly disparate acts of spies, terrorists, and those who leak classified information.

The insider threat is defined as “the threat that an insider will use his/her authorized access, wittingly or unwittingly, to do harm to the security of the United States.  This threat can include damage to the United States through espionage, terrorism, [or] unauthorized disclosure of national security information,” according to the newly disclosed National Insider Threat Policy, issued in November 2012.

One of the implications of aggregating spies, terrorists and leakers in a single category is that the nation’s spy-hunters and counterterrorism specialists can now be trained upon those who are suspected of leaking classified information.

The National Insider Threat Policy directs agencies to “leverag[e] counterintelligence (CI), security, information assurance, and other relevant functions and resources to identify and counter the insider threat.”

“Agency heads shall ensure personnel assigned to the insider threat program are fully trained in… counterintelligence and security fundamentals….”

Agency heads are directed to grant insider threat program personnel access to “all relevant databases and files” needed to identify, analyze, and resolve insider threat matters.

The National Insider Threat Policy was developed by the Insider Threat Task Force that was established in 2011 by executive order 13587.  The Policy document itself was issued by the White House via Presidential Memorandum on November 21, 2012 but it was not publicly released until last week.

The document was disclosed by the National Counterintelligence Executive (NCIX) after it was independently obtained and reported by Jonathan Landay and Marisa Taylor of McClatchy Newspapers. (“Obama’s crackdown views leaks as aiding enemies of U.S.,” June 20, 2013).

“The National Insider Threat Policy policy is intended to provide direction and guidance to promote the development of effective insider threat programs within departments and agencies to deter, detect, and mitigate actions by employees who may represent a threat to national security,” according to NCIX.

Among the activities mandated by the National Insider Threat Policy is the routine monitoring of user activity on classified government computer networks. “This refers to audit data collection strategies for insider threat detection, leveraging hardware and/or software with triggers deployed on classified networks to detect, monitor, and analyze anomalous user behavior for indicators of misuse.”

But a different sort of approach to combating leaks — an approach not represented in the Insider Threat Policy — would require an ongoing critical examination of the scope and application of official secrecy.  This view was articulated by the late Senator Daniel P. Moynihan when he said “If you want a secret respected, see that it’s respectable in the first place.”

“The best way to ensure that secrecy is respected, and that the most important secrets remain secret,” Sen. Moynihan said, “is for secrecy to be returned to its limited but necessary role. Secrets can be protected more effectively if secrecy is reduced overall.”

A new report from the Congressional Research Service provides a detailed review of the Defense Production Act of 1950, which “confers upon the President a broad set of authorities to influence domestic industry in the interest of national defense.”

“The authorities can be used across the federal government to shape the domestic industrial base so that, when called upon, it is capable of providing essential materials and goods needed for the national defense.”  But unless extended by Congress, nearly all of these presidential authorities will expire next year.  See The Defense Production Act of 1950: History, Authorities, and Reauthorization, June 14, 2013.

Other new and updated CRS reports that have not been made publicly available by Congress include the following.

Reserve Component Personnel Issues: Questions and Answers, updated July 12, 2013

The New START Treaty: Central Limits and Key Provisions, updated July 12, 2013

ESEA Reauthorization Proposals in the 113th Congress: Comparison of Major Features, July 12, 2013

Broadband Loan and Grant Programs in the USDA’s Rural Utilities Service, updated July 12, 2013

Oman: Reform, Security, and U.S. Policy, July 12, 2013

 

In response to an October 2012 presidential directive on “protecting whistleblowers with access to classified information,” the Department of Defense and the Department of Energy have produced their implementing policies.  These would generally prohibit retaliation against individuals who make “protected disclosures” of information to an authorized recipient.

The intelligence community may be retreating from its vision of a uniform community-wide information technology architecture, and may permit individual agencies to retain their “native agency system domain,” reports Bob Brewin in NextGov.  See “Intelligence Community Backs Off Information Sharing,” July 15

The lagging development of the Internet in Africa and its consequences were discussed in “The Emergence of the Internet and Africa” by Les Cottrell, SLAC National Accelerator Laboratory, May 13, 2013

The transcript of the July 9 public meeting of the Privacy and Civil Liberties Oversight Board is now posted here.

 

It may be easier for litigants to mount a constitutional challenge to intelligence surveillance programs that gather U.S. data such as telephone and internet metadata now that those programs have been documented through leaks of classified records. Or, says a new report from the Congressional Research Service, it may not be.

Unlike previous cases, “the litigants in these newly filed lawsuits would appear to have a stronger argument for how they have been injured [than prior litigants did, and they] have evidence that the government is actually using its authority to gather data that is pertinent to the plaintiffs,” the CRS report said.

“However, the plaintiffs in these lawsuits may still have significant difficulties in establishing standing, as they have arguably not alleged that they have been specifically targeted by the government or injured in any concrete and particularized way by the government’s conduct,” the CRS author speculates. See Foreign Surveillance and the Future of Standing to Sue Post-Clapper, July 10, 2013.

Other new or newly updated CRS reports include the following.

Cluster Munitions: Background and Issues for Congress, July 9, 2013

Points of Order in the Congressional Budget Process, July 11, 2013

Europe’s Energy Security: Options and Challenges to Natural Gas Supply Diversification, July 11, 2013

Kuwait: Security, Reform, and U.S. Policy, July 10, 2013

A new report from the Congressional Research Service summarizes for Congress what is publicly known about the two National Security Agency surveillance programs that were disclosed by Edward Snowden and reported last month by The Guardian and The Washington Post.

“Since these programs were publicly disclosed over the course of two days in June, there has been confusion about what information is being collected and what authorities the NSA is acting under. This report clarifies the differences between the two programs and identifies potential issues that may help Members of Congress assess legislative proposals pertaining to NSA surveillance authorities.”

The CRS report does not present any new factual material concerning the surveillance programs. But it identifies some outstanding questions about them — the word “unclear” is used several times — and it formulates topics for congressional consideration.  See NSA Surveillance Leaks: Background and Issues for Congress, July 2, 2013.

Other new or newly updated CRS reports that Congress has not made publicly available include the following.

Ecuador: Political and Economic Conditions and U.S. Relations, July 3, 2013

China Naval Modernization: Implications for U.S. Navy Capabilities — Background and Issues for Congress, updated July 5, 2013

China-U.S. Trade Issues, updated July 3, 2012

China’s Economic Rise: History, Trends, Challenges, and Implications for the United States, updated July 3, 2013

U.S.-Taiwan Relationship: Overview of Policy Issues, updated July 2, 2013

Taiwan: Major U.S. Arms Sales Since 1990, updated July 3, 2013

The inspector general of each executive branch agency that classifies national security information is required to produce an evaluation of the agency’s classification program by the end of September, pursuant to the Reducing Over-classification Act of 2010.  The goal of the reviews is to identify policies and procedures “that may be contributing to persistent misclassification of material.”

This is not a straightforward assignment because classification is not a purely objective process that lends itself to external validation;  rather, it is an expression of presidentially-delegated authority.  And if proper classification is a matter of judgment, then so is overclassification.

“Classifying and controlling the dissemination of information is an inherently subjective process,” said the Department of Defense Office of Inspector General, which prepared guidance earlier this year for other agencies’ inspectors general to help them conduct the required classification reviews.

“Key terminology, such as ‘over-classification’ and ‘damage to national security’ has not been defined [by executive order or regulation], causing those determinations to be made by personnel in the Departments and Agencies,” the DoD IG guidance observed.

But having achieved this insight, the DoD IG guidance does not consider those subjective “determinations” any further. Instead, it retreats into matters can be objectively assessed and measured, focusing on the faithful implementation of the executive order’s requirements.  This is not a useless exercise, but if that is as far as the IG evaluations go, they will not have grasped the root of the problem.

The essence of over-classification is not located in mistaken markings of documents or in non-compliance with the formal procedures of the executive order.  It is to be found above all in an official’s subjective “determination” that classification is necessary.  Thus, for example, when an agency’s classification judgment is overruled by the Interagency Security Classification Appeals Panel — which happens with some frequency — it is not because of an error in procedure but because of an error in judgment.

But the official DoD guidance that has been provided for conducting the pending Inspector General reviews is not well suited for identifying (much less correcting) such errors in classification judgment.  That would require something akin to a peer review process that would evaluate individual classification decisions on their national security merits and, if appropriate, flag them for revision.  Unfortunately, a probing review of this sort does not seem to be on the agenda of the Inspectors General.

On June 21, the Director of National Intelligence issued an updated version of Intelligence Community Directive 710 on Classification Management.  The revised Directive somewhat belatedly reflects the requirements of the December 2009 executive order 13526 on classification policy.

So the forthcoming Inspector General review will be able to confirm that intelligence community classification guidance is now consistent with executive branch policy.  But whether over-classification has thereby been reduced in the slightest is a separate question.

A long-running personnel dispute at the Congressional Research Service offers up conflicting visions of the proper role of the congressional support agency, which provides policy and legal analysis to Congress.

In 2009, then-CRS Director Daniel Mulhollan fired then-CRS Division Chief Col. Morris Davis, a former Guantanamo prosecutor, after Davis publicly criticized the military commission process in an op-ed article in the Wall Street Journal.  (“CRS Fires a Division Chief,” Secrecy News, December 4, 2009)

By engaging in public controversy (even as a private citizen), Col. Davis had deviated from CRS norms, according to Library of Congress General Counsel Elizabeth Pugh.

“Because the sole mission of CRS is providing objective and non-partisan research and analysis to Congress to aid in the legislative process, CRS expects its employees to conduct themselves appropriately at all times and to exercise good judgment in the performance of their duties for the Congress. This include: dealings with the media and outside writing or speaking engagements. Hence, CRS staff members must avoid conduct that would undermine the appearance of objectivity and non-partisanship and adhere to established CRS procedures,” Ms. Pugh wrote in a December 2009 letter to the American Civil Liberties Union, which has represented Mr. Davis in a lawsuit against former CRS Director Mulhollan and the Library of Congress.

But the notion that analytical non-partisanship implies non-participation in matters of controversy is a misconception, wrote former CRS analyst Richard F. Grimmett in a ringing declaration filed June 28 in support of Mr. Davis.

“It is simply not possible for CRS analysts to do their job to provide Congress with an expert, non-partisan analysis of key issues without risking some controversy,” Mr. Grimmett wrote. “There is no fully neutral, totally non-controversial way to address the key elements of a contested policy issue.”

“CRS analysts cannot fulfill the mandate of their jobs to serve the U.S. Congress as non-partisan experts in their subject areas without addressing, in the course of their written and briefing work, issues that are highly charged politically,” he wrote.

As one example of a CRS product that generated “significant public controversy,” Mr. Grimmett cited a January 2006 memorandum on the Bush Administration’s warrantless surveillance program.  The CRS memorandum, which was widely reported in the press, concluded that it was “unlikely” that the program had been authorized by Congress. This finding left an intelligence committee chairman “extremely upset” — at the memorandum, not the surveillance program. (The cited memorandum may have had some additional resonance since the lawsuit brought by Morris Davis and the ACLU is being heard by Judge Reggie Walton, who is also the presiding judge of the Foreign Intelligence Surveillance Court.)

But the authors of that CRS memorandum were not chastised or disciplined, Mr. Grimmett noted.  On the contrary, their work was considered exemplary within CRS.

“CRS is charged in the Legislative Reorganization Act of 1970 with being a ‘non-partisan’ resource for the U.S. Congress,” Grimmett wrote. “That Act does not stipulate that CRS work products be neutral, but it does stipulate that CRS carry out its work ‘without partisan bias’.”

By contrast, the instruction given to CRS employees by then-CRS Director Mulhollan to maintain neutrality “was a vague and confusing directive lacking in appreciation of the political environment in which CRS analysts actually work, and the purpose for which CRS was established in the first place,” he wrote.

As appealing as Mr. Grimmett’s perspective may be, one could say that it too is “lacking in appreciation of the political environmental in which CRS analysts actually work.” It assumes that Congress truly wants an independent, critical analysis of divisive political issues.  But that may not be the case.  The Office of Technology Assessment, a sister agency to CRS, was famously disestablished by Congress in 1995 despite the generally high quality of its work, much of which retains value decades later.  And congressional leaders have been notably silent on the dispute between Mr. Davis and Mr. Mulhollan, implicitly siding with CRS management and the Library of Congress against Mr. Davis.  Congress also continues to irrationally insist that CRS reports, even though non-confidential, should not be publicly distributed online by CRS.

Meanwhile, the fact is that most CRS reports are not controversial in any sense.  In most cases, they provide a balanced, authoritative account of a current policy issue.  In some cases, as in many of the reports on U.S. arms sales authored by Mr. Grimmett in the course of his CRS career, they reflect privileged access to government information that is not available elsewhere.  In a few cases, CRS experts will render a judgment on a matter of public controversy.  It is the future of the latter category of reports that may be at stake in outcome of the Morris Davis proceeding.

“Due to the important but frequently divisive nature of the public policy and legal issues with which CRS analysts must grapple, it is not realistic to expect well-researched and factually-based reports and memoranda by CRS experts on such subjects to be neutral and to avoid generating controversy among political figures who may disagree with the substance of a non-partisan CRS product,” Mr. Grimmett wrote.

“To my knowledge, during my decades of service as a CRS analyst, the complaints lodged against CRS reports and memoranda were nearly always made because the analysis and commentaries in them in some manner did not lend support to the partisan view or political philosophy of the complaining staff person or member of Congress,” he wrote.

The latest CRS products include the following.

Pakistan: U.S. Foreign Assistance, updated July 1, 2013

Puerto Rico’s Political Status and the 2012 Plebiscite: Background and Key Questions, updated June 25, 2013

Cloture Attempts on Nominations: Data and Historical Development, updated June 26, 2013

Wildfire Management: Hotshot Crews, July 1, 2013

Col. Davis is set to testify today as a defense witness in the court martial of Pfc. Bradley Manning.

Government programs to declassify national security information are not meeting public expectations, the needs of historians, or even the requirements of law, said the State Department’s Historical Advisory Committee (HAC) in a report last week.

A 1991 statute mandated that the State Department publish the documentary record of U.S. foreign policy (known as Foreign Relations of the United States, or FRUS) no later than 30 years after the events described.  That requirement is not being fulfilled and, the HAC said, is unlikely to be met any time soon due to “substantial delays in the declassification and publication processes.”

“The HAC is not sanguine about the prospects of the series achieving its goal of publishing the majority of the Foreign Relations volumes 30 years after the event in the near future–or possibly ever.”

The HAC, a panel of distinguished historians chaired by Prof. Richard Immerman of Temple University, presented its assessment in an annual report to the Secretary of State.

The members expressed “great concern” that the National Declassification Center (despite “commendable progress”) will not meet the goal set by President Obama to complete the processing of the backlog of 25 year old records awaiting declassification by the end of December 2013.

But failure to complete the required processing is not the only problem. The HAC also expressed dismay that “a substantial percentage of those records that have been reviewed by the NDC have not been cleared for release to the public.  In the opinion of the HAC, the relatively high number of reviewed documents that remain withheld from researchers and citizens raises fundamental questions about the declassification guidelines.”

The HAC said that the National Archives (NARA) needs to exercise greater initiative to address the issue. “The requirements of a transparent society and informed citizenry demand finding solutions. The HAC perceives a lack of urgency on the part of the NARA Administration to find a solution.”

While classification policy is showing some tentative signs of contraction, producing fewer new secrets last year than it has in decades, the declassification process seems to be falling farther behind, underscoring the need for a substantially new approach to declassification.

Instead of a nominal 25 year rule for declassification of most historically valuable documents, the HAC report said, “the opening of declassified records at NARA is trending toward a 35-year if not longer line.”

New and newly updated publications from the Congressional Research Service that Congress has withheld from online public access include the following.

Egypt: Background and U.S. Relations, updated June 27, 2013

Mixed-Oxide Fuel Fabrication Plant and Plutonium Disposition: Management and Policy Issues, June 25, 2013

Ballistic Missile Defense in the Asia-Pacific Region: Cooperation and Opposition, June 24, 2013

Constitutional Analysis of Suspicionless Drug Testing Requirements for the Receipt of Governmental Benefits, updated July 1, 2013

School Resource Officers: Law Enforcement Officers in Schools, June 26, 2013

President Obama’s Climate Action Plan, June 26, 2013

EPA Standards for Greenhouse Gas Emissions from Power Plants: Many Questions, Some Answers, June 26, 2013

Leaving Congress: House of Representatives and Senate Departures Data Since 1989, updated June 26, 2013

The Commodity Futures Trading Commission: Background and Current Issues, June 24, 2013

Tax Provisions Expiring in 2013 (“Tax Extenders”), updated June 27, 2013

Foreign Holdings of Federal Debt, updated June 24, 2013

Criminal Prohibitions on the Publication of Classified Defense Information, updated June 24, 2013

U.S. May Face Significant Obstacles in Attempt to Apprehend Edward Snowden, June 2013

In May 2010, the Department of Defense disclosed that the U.S. nuclear weapons arsenal consisted of 5,113 warheads (as of September 30, 2009).

This was a disclosure of great significance, the Pentagon explained:  “Increasing the transparency of global nuclear stockpiles is important to non-proliferation efforts, and to pursuing follow-on reductions after the ratification and entry into force of the New START Treaty,” the Department of Defense said then.

The disclosure was also an unprecedented breakthrough in secrecy reform.  Never before had the U.S. government revealed the current size of its nuclear arsenal.  The Obama Administration’s promise to be “the most transparent Administration ever” is often viewed ironically in view of the perceived prevalence of overclassification. But when it comes to nuclear stockpile secrecy (and at least a few other important topics), that promise was fulfilled quite literally.

For all of those reasons, it was dispiriting to learn that the size of the U.S. nuclear arsenal today is once again classified.

In response to a Freedom of Information Act request from the Federation of American Scientists for a copy of records indicating the current size of the U.S. nuclear weapons stockpile, the Pentagon said that the requested information was exempt from disclosure because it is classified under the Atomic Energy Act.

We have appealed the denial, citing the arguments made by a “Senior Defense Official” at a Pentagon press briefing in 2010 to justify the Department’s declassification of the stockpile size through September 2009.

“The objective is to show through our transparency a model that we hope that others will follow. And we think it’s going to have benefits for both nonproliferation and for our future work in arms control,” the Senior Defense Official said then.

We have also asked the Department of Energy to initiate its own declassification of the stockpile size, invoking a federal regulation (10 C.F.R. 1045.20) which allows members of the public to propose declassification of information classified under the Atomic Energy Act.

According to an unofficial estimate by Hans Kristensen and Robert S. Norris of the Federation of American Scientists, the current number of warheads in the U.S. arsenal is approximately 4,650.

Recent disclosures of NSA collection of records of US telephone and email traffic have some unfortunate parallels and precedents in the early history of the Agency that were thought to have been repudiated forever.

“After World War II, the National Security Agency (NSA) established and directed three programs that deliberately targeted American citizens’ private communications,” wrote Army signals intelligence officer Major Dave Owen in a paper published late last year in an Army intelligence journal.

The three programs were Project SHAMROCK (1945 to 1975), which collected telegraph communications;  Project MINARET (1960 to 1973), which functioned as a watch list for terms, names and references of interest;  and Drug Watch Lists (1970 to 1973), which focused on communications of individuals and organizations believed to be associated with illegal drug traffic.  Information about these programs first became public in the 1970s upon investigation by the U.S. Senate Select Committee to Study Governmental Operations with respect to Intelligence Activities, known as the Church Committee.

A capsule summary of the three programs was presented by Major Owen in A Review of Intelligence Oversight Failure: NSA Programs that Affected Americans, which was published in the October-December 2012 issue of Military Intelligence Professional Bulletin.

Major Owen writes that the work of the Church Committee “led to legal restrictions on the NSA’s foreign intelligence authorities, as well as robust intelligence oversight processes to ensure that NSA continued to adhere to these legal restrictions.”

But then he makes an assertion that, in light of recent revelations, can only be viewed as disingenuous or uninformed:

“These [oversight] processes have formed and continuously reinforce an NSA culture that is extremely adverse to any issue that may be construed as collecting on American citizens.”

Major Owen admits vaguely that “this culture has shifted slightly over the last decade.”  But what reader would have imagined that it could possibly extend to the collection of call records and email metadata generated by nearly every American citizen?

“In our view, the bulk collection and aggregation of Americans’ phone records has a significant impact on Americans’ privacy,” wrote Senators Ron Wyden, Mark Udall and numerous Senate colleagues in a June 27 letter to the Director of National Intelligence.

The secret bulk collection of American communication records was, among other things, a colossal error in classification judgment as well as a historic failure of intelligence oversight.

If a fair account of these intelligence collection programs “had been told to the American public at the time when Congress was debating what the scope of surveillance powers should be, it might well be that we would have less public distrust of the government, and maybe even Snowden wouldn’t have done what he did,” said Kate Martin of the Center for National Security Studies at a forum held at the Newseum on June 26.

“The American people shouldn’t be treated as idiots,” she said.

In 2007, Congress passed legislation to grant the Director of National Intelligence “new authority to conduct accountability reviews of significant failures or deficiencies with the Intelligence Community.”  Up to now, however, that authority has never been exercised.

In 2011, the DNI issued Intelligence Community Directive (ICD) 111 on “Accountability Reviews.” That recently disclosed Directive “establishes policy and procedures governing the conduct of such reviews.”

“It is essential that alleged failures or deficiencies involving an IC element or senior IC personnel in the management or execution of IC missions be carefully reviewed and fully resolved,” DNI James R. Clapper wrote in ICD 111.

But in response to a query about how many accountability reviews have been conducted, and on which topics, Michael G. Birmingham of the Office of the Director of National Intelligence this week said that “There have been no accountability reviews conducted under the authorities in ICD 111.”

The Senate Intelligence Committee said in 2007 that the authority to perform accountability reviews was justified by a perceived lack of internal accountability for intelligence failures.

“This enhancement to the authority of the Director of National Intelligence is warranted given the apparent reluctance of various elements of the Intelligence Community to hold their agencies or personnel accountable for significant failures or deficiencies,” according to the Senate Intelligence Committee report on the FY 2008 Intelligence Authorization Act (section 401, p. 16).

“Recent history provides several examples of serious failures to adhere to sound analytic tradecraft,” the Committee report said. “In its reviews of both the September 11, 2001 terrorist attacks and the faulty Iraq prewar assessments on weapons of mass destruction, the Committee found specific examples of these failures yet no one within the Intelligence Community has been held accountable. Other examples of a lack of accountability within the Intelligence Community can be found by examining the history of certain major system acquisition programs. Despite clear management failures that resulted in significant cost overruns and unreasonable scheduling delays, these programs continue to stumble along without any imposition of accountability.”

“The Committee hopes that this modest increase in the Director of National Intelligence’s authorities will encourage elements within the Intelligence Community to put their houses in order by imposing accountability for significant failures and deficiencies,” the Senate Committee report said.

The measure was passed by both houses of Congress as section 408 of the FY 2008 Intelligence Authorization Act. Though that bill was vetoed by the President, the provision on accountability reviews was later enacted into law as Section 102A(f)(7) of the National Security Act.

The ICD stated that accountability reviews would not be conducted (“except in extraordinary circumstances”) or would be deferred whenever the same issues were under review by law enforcement, inspectors general or other investigative bodies.

Earlier this month, the Director of National Intelligence issued another Intelligence Community Directive on the subject of Outside Employment.  ICD 117, dated 09 June 2013, implements a statutory requirement “prohibiting IC personnel from engaging in outside employment if such employment creates a conflict of interest or the appearance thereof.”