“Aftergood is too close to the center of power,” said Julian Assange.  “He is not an independent fighter for freedom of information.”

The passing criticism of me (I’m also “jealous”) was the first thing that caught my eye in the new book “Staatsfeind WikiLeaks” by Der Spiegel reporters Marcel Rosenbach and Holger Stark.  But the book itself is quite a bit more interesting and perceptive than that.

The authors, who are neither fans nor opponents of WikiLeaks, go out of their way to gather new information about the origins and development of the project.  They seek out contrasting perspectives and bring them to bear in interesting and challenging ways.  Of course, the story is unfinished.

“WikiLeaks is an organization in transition, with a dialectical relation to the mass media.  WikiLeaks has changed journalism, but journalism has also changed WikiLeaks,” they write.

See the Spiegel website on “Staatsfeind WikiLeaks” here.  An English-language excerpt, published last month, is here.

At the Office of the Director of National Intelligence, “The original classification of information is rarely necessary,” according to an October 2010 ODNI Instruction.  But that’s because most relevant information is already classified.  There is not much need for new classification activity.

Several recent ODNI Instructions that govern the administration of the classification and declassification programs within the Office were released this week under the Freedom of Information Act (all pdf):

“Classification of ODNI Information,” ODNI Instruction 80.12, October 25, 2010.

“Original Classification Authority Delegation,” ODNI Instruction 80.16, October 21, 2010.

“ODNI Director, Information Management,” ODNI Instruction 10.20, May 18, 2009.

“Particular care should be exercised to avoid both over and under classifying ODNI information,” the Instructions say.

CIA analysts studied data on major floods due to rainfall in North Korea since 1996 in order to devise a framework for evaluating the significance of such floods and their likely consequences for North Korean agriculture.

The analysts identified four principal variables:  the intensity of the rainfall, the location of the rainfall, the time of year, and damage to non-agricultural infrastructure.

“Rainfall intensity and geography of flooding appear to be key variables with the most impact,” their report (pdf) said. “Critical periods in the agricultural growth cycle — for sowing, growing, and harvesting — and the scope and severity of infrastructure damage are compounding variables that can magnify the impact of major floods in key food producing areas.”

All four elements were present in 1996 and 2007, when flooding produced the most severe agricultural impact.  But using the methodology described, analysts judge that the cumulative impact of two instances of heavy rain in 2010 “has been relatively low.”

A copy of the CIA report was obtained by Secrecy News.  See “North Korea: Assessing the Impact of Flooding on Agricultural Output,” CIA Open Source Works, December 15, 2010.

Updated below to reflect withdrawal of the new Air Force guidance

Americans who have accessed the WikiLeaks web site may have violated the Espionage Act, under an extreme interpretation of the law advanced by Air Force officials last week.

Many government agencies have instructed their employees not to download classified materials from the WikiLeaks web site onto unclassified computer systems.  The government’s position is that although the material is in the public domain, its classification status is unaffected.  Therefore, to preserve the integrity of unclassified systems, the leaked classified information should not be accessed on such systems.  If it is accessed, it should be deleted.

But on February 3, Air Force Materiel Command (AFMC) at Wright-Patterson Air Force Base issued startling new guidance stating that the leaked documents are protected by the Espionage Act and that accessing them under any circumstances is against the law, not simply a violation of government computer security policy.

“According to AFMC’s legal office, Air Force members — military or civilian — may not legally access WikiLeaks at home on their personal, non-governmental computers, either. To do so would not only violate the SECAF [Secretary of the Air Force] guidance on this issue,… it would also subject the violator to prosecution for violation of espionage under the Espionage Act,” the AFMC legal office said.

Then, in an astounding interpretive leap, the AFMC went on to say that similar prohibitions apply to the relatives of Air Force employees.

“If a family member of an Air Force employee accesses WikiLeaks on a home computer, the family member may be subject to prosecution for espionage under U.S. Code Title 18 Section 793.”

This is a breathtaking claim that goes far beyond any previous reading of the espionage statutes.

“That has to be one of the worst policy/legal interpretations I have seen in my entire career,” said William J. Bosanko, director of the Information Security Oversight Office, by email.

If taken seriously for a moment, the AFMC guidance raises a host of follow-on questions.  What if a family member accessed WikiLeaks on a computer outside the home?  What if a non-family member accessed WikiLeaks on the home computer?  What if one learns that a neighbor has accessed WikiLeaks in the neighbor’s home?  Is the Air Force employee obliged to intervene or to report the violation to authorities?  And how could any of this possibly be constitutional?

Since the AFMC guidance is not based in existing case law or past practice, these questions have no immediate answers.

Last December, a Department of Homeland Security official complained to Secrecy News that government policy on WikiLeaks produced the incongruous result that “my grandmother would be allowed to access the cables but not me.”  But if the new Air Force guidance can be believed, this is incorrect because the official’s grandmother would be subject to prosecution under the Espionage Act.

In reality, there does not seem to be even a remote possibility that anyone’s grandmother would be prosecuted in this way.

Instead, ironically enough, the real significance of the new AFMC guidance could lie in its potential use as evidence for the defense in one of the pending leak prosecutions under the Espionage Act.  Defendants might argue that if the Espionage Act can be seriously construed by Air Force legal professionals to render a sizable fraction of the American public culpable of espionage, then the Act truly is impermissibly broad, vague and unconstitutional.

For a standard view of the general subject see “The Protection of Classified Information: The Legal Framework” (pdf), Congressional Research Service, January 10, 2011.

Update: Josh Gerstein at Politico was told by the Air Force Monday afternoon that the AFMC guidance “is being taken down pending a further review of the legal opinions it was based on.”

However, several copies of the AFMC statement were also entered into the Lexis-Nexis database by States News Service, Targeted News Service and US Fed News. Those remain in circulation and unaffected.

Update 2: Air Force Lt. Col. Richard Johnson provided this statement on the evening of February 7:

“Air Force Materiel Command (AFMC) recently published an internal news story that discussed the implications of downloading presumed classified information from WikiLeaks. The release was not previously coordinated with Headquarters Air Force and has been removed from the AFMC website. The Air Force has provided guidance to military members and employees to avoid downloading what could be classified information into Air Force unclassified networks and reminded them that publication of information does not itself constitute declassification of such information. The Air Force guidance did not address family members who are not Air Force members or employees. The Air Force defers to the Department of Justice in all non-military matters related to WikiLeaks.”

“The government routinely overclassifies information,” so the mere fact that something is classified is not sufficient to establish that its unauthorized disclosure is prohibited by law, according to a defense motion (pdf) that was filed last week in the case of former State Department contractor Stephen Kim.  Mr. Kim was accused under the Espionage Act of leaking classified information to a news reporter, reportedly concerning North Korth’s nuclear test program.

“There is no better evidence of this gross overclassification than this very case,” the January 31 defense motion said.  “Even though the news media has reported extensively on this case, including reporting on the name of the ‘foreign country’ it believes is at issue…, the prosecution claims that the name of that ‘foreign country’ is classified.”

“Because the system of classification is an imperfect one, the court cannot simply interpret [the espionage statutes] to provide adequate constitutional notice any time the matter at hand pertains to a government employee alleged to have leaked classified information,” the defense said in its motion to dismiss the charges against Mr. Kim.

Defense attorneys also argued that “leaking is widespread and has become an essential tool that is frequently employed by officials at every level of government.”  Yet prosecutions for leaking are comparatively rare, thereby resulting in “arbitrary and discriminatory enforcement.”  (See related coverage from Josh Gerstein and Marcy Wheeler.)

Perhaps the most interesting and original legal argument presented by the defense is that the use of the Espionage Act to punish unauthorized disclosures of classified information is an improper attempt to expand the definition of treason, whose scope is strictly limited by the Constitution.

The defense explained in a separate January 31 motion (pdf) that the framers of the Constitution, who were themselves “traitors” against the British, deliberately chose to limit the definition of political crimes against the nation to “levying war against [the United States], or… adhering to their Enemies, giving them Aid and Comfort.”  This definition of treason excluded other types of political actions against the government.  In particular, the defense argued, it meant that acts of speech against the government could not be punished as treason.

“Today we typically look to the First Amendment to protect the freedom of speech, but the Framers of the original Constitution expected the Treason Clause to do some heavy lifting on that front, particularly because the First Amendment… was not added to the Constitution until later.”

What is happening now, the defense said, is that “the government has taken conduct it alleges to have injured the state [namely leaking] and squeezed it into a successor statute [the Espionage Act] that punishes treason under a different name, but without providing Mr. Kim with the substantive and procedural guarantees that he is entitled to under the Constitution” in a case of treason, such as a requirement for the government to produce two witnesses to the alleged crime.

Mr. Kim is represented by Abbe D. Lowell and his colleagues at McDermott Will & Emery.  Government responses to the defense motions are due March 2.

Russian experts are persuaded that Iran’s space program is serving to advance development of intercontinental ballistic missiles that could be used against targets throughout the Middle East and Russia, according to a CIA review of open source reporting.

“Over the past year Moscow appears to have become more worried about the security implications of assisting Tehran with the further development of its space capability,” the November 2010 CIA report (pdf) said.

The CIA document was first reported by Bloomberg News (“Russian Scientists Worried Iran Uses Their Know-How for Missiles” by Roxana Tiron and Anthony Capaccio, February 3). A copy was obtained by Secrecy News. See “Russia: Security Concerns About Iran’s Space Program Growing,” CIA Open Source Works, November 16, 2010.

On February 7, Iranian officials displayed four new prototype satellites that they said would be launched in the near future.

In order to help determine the origins of microbial threats in terrorist incidents or epidemics, it would be useful to have a deep archive of various strains of lethal bacteria, the JASON defense advisory panel told the National Counterproliferation Center in a newly released 2009 report (pdf).

Because of the natural variation in the microbes of interest, “we believe that a ‘Library of Congress’ for microbial pathogens is needed,” the JASONs said.

“This library would consist of strains collected worldwide by methods that preserve sample properties, and capture all relevant data (e.g. geolocation, local environmental conditions). It should include laboratory isolates, natural isolates, and DNA sequence data.”

Actually, it seems that the nucleus of such a library already exists.

“We were impressed with the efforts of the National Bioforensic Reference Collection along these lines.  The NBRC was initiated in October 2005 to receive and store reference materials for forensic analyses.  It currently has more than 30,000 samples of bacteria, viruses, and toxins, from both select and non-select agents, and is authorized to handle classified materials,” the JASONs said.

The JASON report assesses the current state of “microbial forensics,” which refers to the characterization of microbe samples in terrorism or law enforcement cases to establish their origins.

For reasons explained in the report, the forensic task is not a simple one.  In fact, “it is never possible to definitively link a sample to an attack based on genetic evidence alone.”

A copy of the JASON report was obtained by the Federation of American Scientists under the Freedom of Information Act.  See “Microbial Forensics,” JASON report JSR-08-512, May 2009.

A January 31 Secrecy News item on “Diane Roark and the Drama of Intelligence Oversight” focused on the personal friction and hostility that are sometimes generated by the intelligence oversight process.  Unfortunately, what I wrote did an injustice to Ms. Roark, the former House Intelligence Committee staffer, and to Thomas Drake, the former National Security Agency official, as well as to the larger issues involved.

I should have made it clear that I do not endorse the criticism of Ms. Roark that was expressed by Barbara McNamara, another NSA official.  On the contrary, under prevailing circumstances the “intrusiveness” that Ms. Roark was accused of is likely to be a virtue, not a defect.  It is the NSA, not Ms. Roark, that stands accused of mismanaging billions of dollars and operating in violation of the Foreign Intelligence Surveillance Act.

Ms. Roark together with Thomas Drake and others did exactly what they should have done by bringing their concerns about NSA mismanagement to the attention of the DoD Inspector General, among other things.  Significantly, they had nothing to gain for themselves.  Their actions did not embody any motive of personal interest or self-aggrandizement, but something more like the opposite.  They were acting in the public interest, as they understood it.  That they (and especially Mr. Drake, who is now under indictment) are suffering for it is a worrisome sign of a broken system.

I also should not have repeated the insinuation in the Drake indictment that he and Ms. Roark had an intimate relationship.  This would be irrelevant in any case, but in this case it is also false.

My apologies to Ms. Roark and Mr. Drake.

In a focused effort to combat overclassification, President Obama has ordered executive branch agencies to conduct a “Fundamental Classification Guidance Review.”  The two year Review process, mandated in the December 2009 executive order 13526 (sect. 1.9) is intended to identify and eliminate obsolete classification requirements in current agency policies.

Last week, the Information Security Oversight Office (ISOO) told selected senior agency officials that the Review is more than a formality, and that they must make a serious commitment to its implementation.

“The scope of this review needs to be systematic, comprehensive, and conducted with thoughtful scrutiny involving detailed data analysis,” wrote ISOO director William J. Bosanko in a memorandum (pdf) dated January 27.

Merely rubber-stamping the status quo is not going to be enough, he explained to the senior agency officials.

“Please be advised that a review conducted only by the pertinent original classification authority is not sufficient.”  Instead, “the broadest possible range of perspectives” shall be brought to bear on reviewing agency classification guidance.

Moreover, the resulting recommendations for eliminating obsolete classification guidance should be clear and actionable.

“Agencies should be specific in their determinations as to what no longer requires protection,” Mr. Bosanko wrote.  “An example would be a specific part of a weapon system versus the weapon system as a whole. The user of the guide must be able to identify the specific element of information that does or does not require protection.”

Interim status reports on agency progress are to be provided every six months, Mr. Bosanko advised.

The present Fundamental Classification Guidance Review is loosely modeled on the Fundamental Classification Policy Review that was performed by the Department of Energy in the mid-1990s.  That Review led to the declassification by DOE of numerous areas of classified information that had ceased to be sensitive (as well as increased protection for a smaller number of other areas deemed highly sensitive).

Until now, a similar approach has never been tried on a government-wide basis.  If diligently implemented, it holds the promise of a measurable reduction in the scope of national security secrecy.  On the other hand, if it does not produce meaningful results, then the prospects for classification reform will become vanishingly small.

What is the rationale for classifying information?  The RAND Corporation attempted to articulate an answer to that question and then to apply it in practice to a current national security issue.

In a new study prepared for the Pentagon’s Joint Staff, RAND researchers “developed a general framework for judging classification decisions” that, they suggested, might have broad use.  Their methodology depends on “the systematic application of common sense.”  If so, then it is a major breakthrough in classification policy, where common sense is often scarce.

“Apart from situations in which the security value of classification is obvious — e.g. protecting the identity of a clandestine source — how should decisions be made about what pieces of data should be classified?  Since classifying information creates costs, it should be approached as an explicit cost-benefit comparison (understood to include factors that cannot be monetized).”

“We defined four criteria that must be met even before a classification argument can even be considered: (1) classification must reduce information flow to the adversary, (2) the data obtained must change what the adversary knows, (3) the knowledge must affect the adversary’s decisions, and (4) the decisions must damage the United States in some way.”

“Only if the failure to classify a piece of information means that an adversary is more likely to get it and if having it changes the adversary’s estimate of a key piece of knowledge and if the change in knowledge alters a decision (or the probability of a decision) and if this decision is adverse to the United States would any case exist for classifying it — and then only if the costs of classification, broadly understood, are not greater.  If classification yields no measurable benefit, there is no justification for it even if the costs of classification are zero, which they never are,” the RAND study said.

More generally, “The public debate about classification policy does raise the question of whether the degree of damage [associated with release of a particular piece of information] is being estimated well. Put simply, just because a specific piece of information or a data set is useful in some way and relates to areas of security concern, it does not necessarily follow that the same information is useful to an adversary. Indeed, knowing that potential adversaries are interested in the information is no proof that their satisfaction would damage U.S. national security. If it is not damaging, restricting access to it will not, in fact, produce the expected security benefit.”

The RAND authors proceeded to apply their construct to the specific problem that the Joint Staff asked them to address, namely whether or not to classify the DoD’s “Global Force Management Data Initiative” (GFM DI), which is a set of protocols for information sharing.

“Having laid out a systematic process [for evaluating the question], we… found no good reason to classify GFM DI as a whole,” the study concluded.  (Some related subsets of data may require protection, the authors said.)  See “What Should Be Classified?” by Martin C. Libicki, et al, RAND National Defense Research Institute, 2010.

The RAND study was conducted independently of the the Obama Administration’s pending Fundamental Classification Guidance Review, but it exemplifies much of what the Review is supposed to achieve:  namely, a searching inquiry into the validity of specific classification decisions in light of their actual costs and benefits.

Key characteristics of seventeen leading Iranian newspapers are described in a wall poster (large pdf) prepared last year by the DNI Open Source Center.

With an estimated circulation of 350,000-450,000, “Hamshahri appears to be the most widely read newspaper in Iran thanks to its voluminous classified advertisement supplement, attracting individuals seeking to buy a car, house or major goods and services. Others buy it for its football pages.”

A copy of the poster was obtained by Secrecy News.  See “Ownership, Affiliation, and Influence of Major Iranian Newspapers,” Open Source Center, March 2010.

Last Wednesday, Rep. Ron Paul (R-TX) read brief excerpts from a classified U.S. State Department cable on the House floor. The cable was written in 1990 by U.S. Ambassador to Iraq April Glaspie and described her conversation with Iraqi leader Saddam Hussein shortly prior to Iraq’s invasion of Kuwait. It was released January 1 by WikiLeaks.

Since the cable specified that its “entire text” is classified secret, this means that by reading a passage or two from the document, Rep. Paul was technically publicizing classified information and introducing it into the Congressional Record.

This action was not nearly comparable in significance or audacity to Sen. Mike Gravel reading the Pentagon Papers into the public record in 1971. It would hardly be noteworthy at all except for the contrast it presents with current congressional guidance to avoid the material released by WikiLeaks altogether. The Senate Office of Security, for example, has directed that Senate employees should not even visit the WikiLeaks website, much less circulate its contents.

Like other members of the House of Representatives, Rep. Paul has taken an oath (under House Rule XXIII, clause 13) that “I will not disclose any classified information received in the course of my service with the House of Representatives, except as authorized by the House of Representatives or in accordance with its Rules.”

Presumably, Rep. Paul could say that he did not receive the classified cable “in the course of my service with the House of Representatives” and that it is therefore outside the scope of his oath.

“The secrecy of the [Glaspie cable] was designed to hide the truth from the American people and keep our government from being embarrassed,” Rep. Paul said, assigning malicious intent to the classification of the document.

But since many unembarrassing and uninformative documents are also classified, a better explanation might be that the application of classification controls today is indiscriminately broad, and that classification status is not a reliable indicator of sensitivity.