Instead of new forms of secrecy, new mechanisms for actively informing the public about threats to homeland security are needed, said Stephen E. Flynn (pdf) of the Council on Foreign Relations at a May 15 hearing of a House Homeland Security subcommittee.

“The targets of choice for current and future terrorists will be civilians and infrastructure,” he said. “Safeguarding those targets can only be accomplished with an informed, inspired and mobilized public. The first preventers and the first responders are far more likely to be civilians and local officials, not soldiers or federal law enforcement officers.”

On September 11, 2001, Mr. Flynn recalled, the only hijacked aircraft that was prevented from reaching its target was stopped not by security professionals with Top Secret clearances but “by one thing alone: an alert and heroic citizenry.”

Yet “overwhelmingly, the national defense and federal law enforcement community have chosen secrecy over openness when it comes to providing the general public with details about the nature of the terrorist threat and the actions required to mitigate and respond to that risk.”

“The discounting of the public can be traced to a culture of secrecy and paternalism” that is rooted in the Cold War, when the Soviet threat dictated adoption of a highly compartmented security regime. “Despite the passage of nearly two decades since the fall of the Berlin Wall, this secretive system remains almost entirely intact.”

“What is required is a truly collaborative approach which engages civil society and taps extensive private-sector capabilities and ingenuity for managing risk and coping with disasters. A critical barrier to advancing collaboration,” Mr. Flynn said, “is excessive secrecy throughout the federal government reinforced by a reflexive tendency to classify material or to designate it as ‘For Official Use Only’ or ‘Treat as Classified’.”

A copy of his May 15 hearing testimony before the House Homeland Security Subcommittee on National Security is available here.

Stephen Flynn, a former Coast Guard officer, addressed related issues in the March/April 2008 issue of Foreign Affairs and at greater length in a 2007 book “The Edge of Disaster: Rebuilding a Resilient Nation.”

While such views are congenial to proponents of open government, they stop short of answering all of the questions that a responsible policy maker (let alone a classification officer) would feel obliged to ask. Under exactly what conditions does public disclosure of infrastructure vulnerabilities promote security rather than diminish it? As a practical matter, how does one distinguish between those types of information, such as personal privacy or confidential source data, that everyone agrees should be protected and threat information that an engaged public needs to know?

There may not be simple answers to such questions. But by framing the issue in a way that takes public information needs into account, Mr. Flynn and others are helping to redefine the terms of the debate.

Two new judges were named to the Foreign Intelligence Surveillance Court this week, Secrecy News has learned, one a Clinton appointee and one a Reagan appointee.

Judge Mary A. McLaughlin of the Eastern District of Pennsylvania and Judge James B. Zagel of the Northern District of Illinois were appointed to seven year terms on the secret court by the Chief Justice to replace Judge James G. Carr and Judge Nathaniel M. Gorton, whose terms expired on May 18.

The Foreign Intelligence Surveillance Court is responsible for reviewing and approving government applications under the Foreign Intelligence Surveillance Act for domestic electronic surveillance and physical search of suspected foreign intelligence agents or terrorists.

But it does more than that. The Court also reinterprets the terms of the Act in an undisclosed fashion, producing in effect a body of “secret law,” a matter discussed at an April 30 hearing of the Senate Judiciary Committee.

“The FISC has in fact issued… legally significant decisions that remain classified and have not been released to the public,” observed Judge John D. Bates, a member of the FIS Court, when he denied (pdf) an ACLU motion for disclosure of portions of those decisions last December.

The appointment of new judges to the FIS Court assumes particular importance today because of a proposal pending in Congress that would refer existing lawsuits alleging illegal warrantless surveillance to the secret FIS Court in what would likely be a severely constrained adjudicative process. The proposal is being considered as an alternative to granting outright immunity to telephone companies that allegedly cooperated with the President’s surveillance program.

Judge Mary A. McLaughlin was appointed to the bench in 2000 by President Clinton. She was formerly an Assistant U.S. Attorney in the District of Columbia, and a special counsel to the Senate Judiciary Subcommittee on terrorism during the Ruby Ridge hearings in 1995.

Judge James B. Zagel was appointed in 1987 by President Reagan. Judge Zagel is “an intelligent, tough-minded jurist,” said the Chicago Council of Lawyers, a public interest association, in a 1991 evaluation. However, “some lawyers are concerned that he will bring a political agenda to bear in certain classes of cases.”

The new appointments were confirmed for Secrecy News today by Sheldon L. Snook of the administrative office at the D.C. District Court.

A new appointment to the Foreign Intelligence Surveillance Court of Review, an appeals court, has not yet been formally announced, he said. But the Providence Journal (RI) reported on April 14 that Judge Morris Sheppard Arnold of the 8th District had been named to the Review Court.

An updated roster of the membership of the Foreign Intelligence Surveillance Court is here.

“During calendar year 2007, the Government made 2,371 applications to the Foreign Intelligence Surveillance Court for authority to conduct electronic surveillance and physical search for foreign intelligence purposes,” the Justice Department told Congress in the latest annual report on FISA activity (pdf).

The National Cyber Security Initiative, which is “the single largest… and most important initiative” in next year’s budget, is being conducted under “excessive classification,” the House Permanent Select Committee on Intelligence (HPSCI) said in its new report on the 2009 intelligence authorization act.

For the cyber security program to function as intended, “it will require a partnership with industry unlike any model that currently exists. The excessive classification of the [Initiative], however, militates against the collaboration necessary to achieve that partnership.”

That view coincides with the recent assessment of the Senate Armed Services Committee regarding overclassification of the cyber security program.

The 121-page House Intelligence Committee report is full of grist for the intelligence policy mill.

The Committee flexed its oversight muscles by imposing a limit on spending for covert action to no more than 25 percent of the allocated funds until each member of the Committee has been briefed on all covert actions.

“The obligation to report to the committees is not negotiable,” the report declared. “It is not an obligation that the President can ignore at his discretion. It is not an obligation that can be evaded by claiming that briefing the congressional intelligence committees will require other committees to be briefed. It is not an obligation that can be evaded by broad assertions of executive power.”

The Committee would establish a new Inspector General for the entire intelligence community, and would impose new limits and new reporting requirements on intelligence contractors.

The Republican minority said that more should have been done to combat unauthorized disclosures of classified information:

“We are disappointed that the Committee has held no hearings and conducted little to no substantial oversight on this issue during this Congress. In addition, we are concerned that the issue is becoming increasingly politicized, sometimes under the false premise that there are ‘good leaks’ and ‘bad leaks’. The Committee should take a firm and clear position that no unauthorized disclosures of classified information should be tolerated.”

The minority also insisted that “the United States does not torture,” a view that is increasingly hard to reconcile with the public record, including a new report (large pdf) from the Justice Department Inspector General that catalogued many abusive forms of interrogation by U.S. military and intelligence personnel.

See the House Intelligence Committee Report on the 2009 Intelligence Authorization Act, H.Rep. 110-665, May 21.

A new searchable index of hundreds of thousands of documents held by the Air Force Historical Research Agency has been created by private researchers and posted online.

The index does not provide access to the underlying documents, which must be requested from AFHRA. Nevertheless, it has several interesting features.

For one thing, it represents a step forward in improving accessibility to declassified government records. The new Air Force index provides a simple illustration of what can be done to alert the interested public to the existence of particular records and suggests how much more still needs to be done, including providing online access to the records themselves.

Second, the new index represents an unusual, implicit public-private partnership. Researchers gained access to the Air Force bibliographical data and installed a search engine on top, then posted it online in the public interest. The researchers said they preferred to remain anonymous.

The National Archives and Records Administration today announced the establishment of a new Controlled Unclassified Information (CUI) Office that is intended to lead the implementation and oversight of a new White House policy on CUI, which is unclassified information that is deemed to require protection from disclosure.

The CUI Office, to be headed by Information Security Oversight Office director William J. Bosanko, is tasked with developing implementation guidance, training, and oversight of the new government-wide policy.

Noteworthy new reports from the Congressional Research Service, obtained by Secrecy News, include the following (all pdf).

“U.S. Nuclear Cooperation With India: Issues for Congress,” updated May 20, 2008.

“Nuclear Weapons: The Reliable Replacement Warhead Program,” updated May 19, 2008.

“Suits Against Terrorist States By Victims of Terrorism,” updated May 1, 2008.

“Syria: Background and U.S. Relations,” updated May 1, 2008.

“China’s Economic Conditions,” updated May 13, 2008.

U.S. defense intelligence agencies should aim to “eliminate” the capabilities of opponents to operate effectively against the United States from outer space or cyber space, according to a new Pentagon strategy for defense intelligence (pdf).

Defense intelligence shall “eliminate any advantage held by our adversaries to operate from and within the space and cyber domains,” says the new strategy document, “Defense Intelligence 2008” (strategic objective IV).

“As stated in the U.S. National Space Policy, the focus of defense intelligence in space will be to ensure full situational awareness for military and civilian decision-makers, support military planning initiatives, and satisfy operational requirements. As addressed within the Comprehensive National Cybersecurity Initiative, cyberspace has become a vital national interest economically, militarily and culturally, and the current patchwork of passive defense is likely to fail in the face of greater vulnerabilities and more sophisticated threats.”

“Defense intelligence must do its part to defeat this critical threat.”

See “Defense Intelligence 2008” (flagged by BeSpacific.com).

Intergovernmental contacts between North Korean and Syrian officials during the last two years were scrutinized by the DNI Open Source Center (pdf), but even in retrospect the available record presents no indication of joint work on a secret nuclear facility destroyed by Israel last September (large pdf).

“A review of available North Korean and Syrian print and online media in the period 2005-2007 has yielded the names of dozens of DPRK and Syrian officials involved in military, scientific, trade, and other aspects of bilateral relations,” the OSC analysis said.

However, “no obvious indications of covert military cooperation surfaced in the highly-censored media of North Korea or Syria in this period.”

In other words, assuming the allegations of clandestine nuclear cooperation are true, open source intelligence provided no clues concerning the activity.

Like most other OSC products, the new analysis has not been approved for public release. But a copy was obtained independently by Secrecy News. See “DPRK-Syria Bilateral Contacts, 2005-2007,” Open Source Center, May 2, 2008.

U.S. intelligence employees who are collecting open source intelligence online should do more to ensure that they are not identified as intelligence personnel, the House Armed Services Committee said in its new report on the 2009 Defense Authorization Act.

Failure to conceal the identity of open source intelligence collectors could conceivably lead to spoofing, disinformation or other forms of compromise.

“Efforts in this area [i.e., open source intelligence] will require collectors to operate in benign cyberspace domains, such as media websites and academic databases, as well as more hostile areas, such as foreign language blogging websites and even websites maintained by terrorist or state-actors groups. The committee is concerned about the ability of our adversaries to be able to track and attribute collection activities to U.S. and allied forces. Technology exists to provide non-attribution services to protect identities, especially source country of origin.”

“The committee urges the Secretary of Defense to ensure, through the use of all reasonable means, protection of government investigators involved in gathering open source intelligence. These means should include proven non-attribution services, as well as development of appropriate tactics, techniques and procedures that are incorporated into manuals and training programs.”

The Committee generally welcomed the growing investment in open source intelligence.

“The committee recognizes that open source intelligence provides a critical complementary capability to traditional intelligence gathering and analysis. The committee is encouraged by the growing recognition within the military and intelligence communities of the value of open source intelligence which is punctuated by the establishment of the Open Source Center and the development of an Army field manual on open source intelligence.”

See “Non-attribution of open source intelligence research,” excerpted from House Report 110-652, May 16.

A copy of the Army field manual on open source intelligence, which has not been approved for public release, was obtained by Secrecy News and is available here (pdf).

The ODNI Open Source Center has imposed some rather ferocious controls on its unclassified products in order to shield them from public access.

Even when its publications are not copyrighted, they are to be “treated as copyrighted” and in any case they “must not be disseminated to the public.”

The following notice was recently posted on the password-protected OSC website:

“Content available via this website must not be disseminated to the public. All content available via this website is treated as copyrighted material and is provided for U.S. Government purposes only. Such purposes may include rebroadcast, redistribution, dissemination, copying, and hyper-linking provided it is for official U.S. Government purposes only. Any removal or redistribution of content outside of official U.S. Government channels requires the advance authorization of OSC. Information under the control of external websites to which OSC may provide hyperlinks may have separate restrictions and shall be accessed only in accordance with any usage policies and restrictions applicable to those sites.”

“Authorized system users may use the content available via this website to support official U.S. Government business and may disseminate this information to other U.S. Government components. In disseminating this content for other U.S Government component use, U.S. Government personnel must use a password-protected email system. System users who are partners (e.g. those who have a formal relationship with OSC), may also use the content, as authorized by OSC, to support their official business and must use a password-protected email system. Contractors with access to this site may only have that access during the time period as required to fulfill their contract responsibilities.”

Meanwhile, the Office of the Director of National Intelligence has scheduled a conference on open source intelligence on September 11-12 in Washington, DC which will be open to the public (advance registration required).

Noteworthy new reports from the Congressional Research Service that have not been made readily available to the public include the following (all pdf).

“Defense Contracting in Iraq: Issues and Options for Congress,” updated May 6, 2008.

“The National Security Council: An Organizational Assessment,” updated April 21, 2008.

“Homeland Security Department: FY2009 Request for Appropriations,” May 6, 2008.

“Japan’s Nuclear Future: Policy Debate, Prospects, and U.S. Interests,” May 9, 2008.

“Does Price Transparency Improve Market Efficiency? Implications of Empirical Evidence in Other Markets for the Health Sector,” updated April 29, 2008.

“The “Red-Dead” Canal: Israeli-Arab Efforts to Restore the Dead Sea,” May 13, 2008.

The new National Cyber Security Initiative that is intended to reduce the vulnerability of government information networks and to devise an information warfare doctrine is so highly classified that it is undermining the deterrent value of the project, the Senate Armed Services Committee (SASC) said in a new report.

“It is difficult to conceive how the United States could promulgate a meaningful [information warfare] deterrence doctrine if every aspect of our capabilities and operational concepts is classified,” the Senate report said.

During the cold war, “deterrence was not possible without letting friends and adversaries alike know what capabilities we possessed and the price that adversaries would pay in a real conflict. Some analogous level of disclosure is necessary in the cyber domain.”

(Or, as Dr. Strangelove put it 40 years ago, “The whole point of a Doomsday Machine is lost if you keep it a secret!”)

As things stand, the Senate report said, “virtually everything about the [cyber security] initiative is highly classified, and most of the information that is not classified is categorized as ‘For Official Use Only’.”

“These restrictions preclude public education, awareness, and debate about the policy and legal issues, real or imagined, that the initiative poses in the areas of privacy and civil liberties.”

“The committee strongly urges the administration to reconsider the necessity and wisdom of the blanket, indiscriminate classification levels established for the initiative.”

The committee’s remarks on the National Cyber Security Initiative were published in its report on the 2009 defense authorization act, excerpted here.