An Israeli-American attorney who worked for the FBI as a translator pled guilty yesterday to unlawfully disclosing five classified FBI documents to an unidentified blogger last April, who then published information from the documents on his blog, the Justice Department announced.

In a signed plea agreement, Shamai Leibowitz stipulated that he had “knowingly and willfully caused five documents, which were classified at the Secret level and contained classified information concerning the communication intelligence activities of the United States, to be communicated… to a person not entitled to receive classified information (‘Recipient A’).  Recipient A was the host of a public web log (‘blog’) available to anyone with access to the Internet.”

“Recipient A then published on the blog information derived from the classified documents provided to Recipient A by Leibowitz.  As a result of these disclosures, intelligence sources and methods related to these documents were compromised,” the plea agreement said.

Recipient A was not named, and has evidently not been charged with any misconduct.  Leibowitz was charged under 18 U.S.C. 798, which prohibits unauthorized disclosure of communications intelligence information.

“The willful disclosure of classified information to those not entitled to receive it is a serious crime,” said David Kris, Assistant Attorney General for National Security. “Today’s guilty plea should serve as a warning to anyone in government who would consider compromising our nation’s secrets.”

Prosecutors credited Mr. Leibowitz for his “apparent prompt recognition and affirmative acceptance of personal responsibility for his criminal conduct” as well as his “timely notification of his intention to plead guilty.” Based on those and other factors, they proposed a sentence of 20 months imprisonment.

Though it has no bearing on the case, Mr. Leibowitz happens to be the grandson of Yeshayahu Leibowitz (1903-1994), a renowned Israeli scientist, orthodox Jewish philosopher, polemicist and political activist.

The case was first reported in “Israeli lawyer & peacenik guilty of leaking FBI secrets” by Josh Gerstein in Politico, December 17.  Laura Rozen, also writing in Politico, provided additional background and proposed speculatively that Leibowitz’s disclosures were behind an April 16, 2009 story in the New York Times on NSA’s “overcollection” of domestic intelligence.

After a Transportation Security Administration (TSA) manual containing “sensitive security information” was inadvertently disclosed on a government website, it was reposted on several non-governmental websites where it remains freely available.  Asked what TSA intends to do about that, Acting TSA Administrator Gale D. Rossides told Congress that her agency does not have the legal authority to compel members of the public to remove sensitive TSA documents from their websites, though she wished that they would do so.

“Do the current regulations provide you a mechanism to keep individuals from reposting this information on other web sites?” asked Rep. Charles W. Dent (R-PA), at a December 16 hearing of the House Homeland Security Subcommittee on Transportation Security.

“No, sir, they do not,” Ms. Rossides replied.  “We do not have any authority to ask non-government or non-DHS sites to take it down.”

“What action does TSA intend to take against those who are reposting this sensitive document that should not be in the public domain?” Rep. Dent persisted.

“Well, right now, there really isn’t any authoritative action we can take,” Ms. Rossides said.  “Honestly, persons that have posted it, I would, you know, hope that out of their patriotic sense of duty to, you know, their fellow countrymen, they would take it down.  But honestly, I have no authority to direct them and order them to take it down.”

But Rep. Dent expressed his own indignation at the web sites that ignored the official control markings on the TSA manual.  “To those who reposted this security information on the internet, you should share in the blame should security be breached as a result of this disclosure,” he said.

But the urgency of the need to restrict continued access to the leaked TSA manual seemed diminished by Ms. Rossides’ declared view that aviation security has not “been compromised or weakened because of this incident.”  Furthermore, she said, that manual was now obsolete because “very significant changes” have been made to airline security policy since the manual was issued.

Ms. Rossides added that in order to prevent further inadvertent disclosures of the newest security measures, she was refusing to provide a hardcopy of the latest edition of the TSA security manual to Congress.  “I just wanted to take the absolute measures to protect that information, and that’s why a hardcopy wouldn’t be presented,” she said.

Rep. Dent objected to this.  “By refusing to give a document to this committee because of concern about a public disclosure, that’s implying that this subcommittee would disclose the document.  And that’s what, I guess, troubles me the most.” He said he would press the issue.

Subcommittee chair Rep. Sheila Jackson-Lee (D-TX) said she would introduce legislation to bar contractors from access to “sensitive security information,” since contractors apparently were at fault in the inadvertent disclosure of the security manual.  “It’ll be my legislative initiative to insist that contract employees not be used to handle sensitive security information, period,” she said.

Rep. James Himes (D-CT) asked whether TSA was examining who had downloaded the security manual.

“I believe that is part of what [the TSA Inspector General] is looking at,” Ms. Rossides said.  “We do know — our CIO shop has done an initial review of who did download it and has it on their website — non-government, non-DHS websites.  We do know that.”

A Taliban video distributed last month documented the purported seizure of an abandoned U.S. military base by Taliban forces in a remote province of Afghanistan.  The 7-minute video was analyzed in a recent report (pdf) from the DNI Open Source Center.

The video “glorifies the Taliban victory by highlighting the group’s triumphant entry into the ‘captured base,’ the symbolic burning of an American flag, and the [local Taliban governor] touring the area.”  A copy of the Taliban video (.wmv) and the OSC report, obtained by Secrecy News, may be found here.

The OSC report was discussed by Bill Gertz of the Washington Times in his Inside the Ring column today (the second item).  Other aspects of the video were previously reported in Wired’s Danger Room and Al-Jazeera.

The government should replace the more than 100 different control markings that are now used to limit the distribution of sensitive but unclassified (SBU) information and should establish a single “controlled unclassified information” (CUI) policy for all such information in government, according to an interagency task force report (pdf) that was released by the Obama Administration today.

“The Task Force concluded that Executive Branch performance suffers immensely from interagency inconsistency in SBU policies, frequent uncertainty in interagency settings as to exactly what policies apply to given SBU information, and the inconsistent application of similar policies across agencies,” the report said.  “Additionally, the absence of effective training, oversight, and accountability at many agencies results in a tendency to over-protect information, greatly diminishing government transparency.”

The Task Force said that their proposal for a single “controlled unclassified information” (CUI) regime would not only facilitate information sharing among federal, state and local government agencies, it would also increase transparency and enhance public access to government information.

“Because of its uniformity, standardized training requirements, and the public availability of the registry [indicating what categories of information are controlled], the expanded scope of the CUI Framework can be expected to significantly increase the openness and transparency of government….”

Not only that, “It is foreseeable, based on the revised definition and scope of CUI recommended herein, that some information currently treated as ‘sensitive’ may be found not to warrant CUI designation.”

The Task Force presented 40 recommendations to the President on implementing the proposed CUI policy that could serve as the basis for an executive order on the subject.  It builds upon, and would expand the scope of, the CUI Framework that was established in a May 2008 memorandum issued by President Bush, which dealt with the control and sharing of terrorism-related information.  See the Report and Recommendations of the Presidential Task Force on Controlled Unclassified Information, transmitted August 25, 2009 and released December 15, 2009.

The Task Force proposal is an admirable effort to bring order to a chaotic information environment.  But it has some rough edges, and some unresolved internal contradictions.

The proposed definition of CUI seems disturbingly lax:  “All unclassified information for which, pursuant to statute, regulation, or departmental or agency policy, there is a compelling requirement for safeguarding and/or dissemination controls” (p.11).  Putting “departmental or agency policy” on a par with statutes or regulations could potentially open the door to all kinds of arbitrary or improvised controls on information.

More fundamentally, it is hard to see how the Task Force proposal could achieve its central goal of eliminating all non-CUI controls on unclassified information.  The Task Force report itself states (in Recommendation 20) that “decontrol of CUI” does not by itself authorize public disclosure; it only means removal from the CUI Framework.  But if information that has been removed from the CUI Framework does not necessarily have to be disclosed, this means that decontrolled information can still be controlled!

The report properly takes pains to distinguish information control under the CUI regime from the statutory disclosure requirements of the Freedom of Information Act, which cannot be altered by executive fiat.  “At no time, pre- or post-control, is a CUI marking itself determinative of whether it may be released,” the report stated (p. 21).  But this implies, oddly, that information marked as CUI may sometimes be released, while information that is no longer CUI may sometimes be withheld.  And if it is withheld, one must also expect it to be marked with a (non-CUI) control marking.

In short, the CUI concept still has some wrinkles that remain to be ironed out.

The Task Force recommended a ten-year life cycle for CUI that is not otherwise subject to defined disclosure deadlines.  It recommended a baseline assessment of the volume of current SBU activity, but this is probably unachievable or at least not worth the effort involved.  Staffing and resources for the “Executive Agent” that manages the whole enterprise are uncertain, but are likely to be crucial or even decisive in the success of the proposed policy.  An appendix to the Task Force report listed 117 different markings currently in use to protect SBU information (described as “a partial listing”).

The Task Force proposal is “a good foundation,” said one senior Administration official.  But before the subject is addressed in an executive order, the final policy “needs to be more forward-leaning,” he said.

Meanwhile, the Department of Defense, the intelligence agencies, and the Department of Homeland Security have already indicated that they plan to use the CUI Framework for all of their sensitive unclassified information, another official said.

Noteworthy new congressional reports and hearing volumes include the following:

“Report on Whistleblower Protection Enhancement Act of 2009,” Senate Homeland Security and Governmental Affairs Committee, Report No. 111-101, December 3, 2009.

“Report on the USA PATRIOT Act Sunset Extension Act of 2009,” Senate Judiciary Committee report 111-92, October 28, 2009.

“National Industrial Security Program: Addressing the Implications of Globalization and Foreign Ownership for the Defense Industrial Base” (pdf), House Armed Services Committee, April 16, 2008 (published November 2009).

“Upholding the Principle of Habeas Corpus for Detainees” (large pdf), House Armed Services Committee, July 26, 2007 (published November 2009).

The U.S. intelligence community is not exempt from the requirements of the Obama Administration’s December 8 Open Government Directive, and agency officials are now trying to figure out how to comply with it.

“As you can imagine, there is some scrambling going on,” one official said.  “I think it’s a good sign.”

See “Open government could present a challenge to intelligence agencies” by Aliya Sternstein, NextGov, December 11, 2009.

The Congressional Research Service, which performs policy research and analysis for Congress, is “not a happy place these days,” said a CRS staffer.

The staffer was referring to the fact that a respected CRS division chief, Morris Davis, had been abruptly fired from his position for publicly expressing some of his private opinions.  (“CRS Fires a Division Chief,” Secrecy News, December 4, 2009).  CRS Director Daniel Mulhollan, the man who fired Mr. Davis (it’s Colonel Davis, actually), evidently believes that CRS employees must have no independent public persona and must not express private opinions in public, even when such opinions are unrelated to their work at CRS, as in Davis’ case.  In short, CRS employees are expected to surrender their First Amendment rights.  Who could be happy with that?

The American Civil Liberties Union has taken up Col. Davis’ cause and in a December 4 letter (pdf), ACLU attorneys Aden Fine and Jameel Jaffer asked the Library of Congress (CRS’ parent organization) to reconsider its position by today, or else risk litigation seeking Davis’ reinstatement.  But it takes a special kind of integrity to admit error and to change course, and that is not the anticipated scenario in this case.

(Update: As expected, the Library of Congress refused to reconsider its position, setting the stage for a lawsuit. See the ACLU news release and the Library response here.)

“In spite of all that, I still believe we do excellent research,” the CRS staffer told Secrecy News.  Yet that research is still not made directly accessible to the public.

In the 2010 Legislative Branch Appropriations Act, Congress once again mandated that “no part of [the CRS budget] may be used to pay any salary or expense” to make CRS research reports available to the public without prior authorization.  This was obviously intended to block direct public access to CRS reports.  But it could also be read more satisfactorily to permit CRS employees to freely distribute CRS reports as long as they incur no additional expense when doing so.

Some notable new CRS reports obtained by Secrecy News include the following (all pdf).

“Privacy: An Overview of Federal Statutes Governing Wiretapping and Electronic Eavesdropping,” updated December 3, 2009.

“U.S. Arms Sales: Agreements with and Deliveries to Major Clients, 2001-2008,” December 2, 2009.

“War in Afghanistan: Strategy, Military Operations, and Issues for Congress,” December 3, 2009.

“The German Economy and U.S.-German Economic Relations,” November 30, 2009.

“Sexual Violence in African Conflicts,” November 25, 2009.

“Traumatic Brain Injury: Care and Treatment of Operation Enduring Freedom and Operation Iraqi Freedom Veterans,” November 25, 2009.

“Key Issues in Derivatives Reform,” December 1, 2009.

“U.S. Aerospace Manufacturing: Industry Overview and Prospects,” December 3, 2009.

“High Speed Rail (HSR) in the United States,” December 8, 2009.

The Obama Administration is expected to provide some new insight this week into its emerging policy on “controlled unclassified information” (CUI), referring to unclassified information that is withheld from disclosure for reasons of law or regulation.

Because of the indiscriminate use of such controls, information is often withheld unnecessarily from the public and information sharing within the government is often needlessly obstructed.

In a neat illustration of the undisciplined use of information controls, the Washington Times reported last week that even though some U.S. Capitol Police documents that were marked “law enforcement sensitive” were inadvertently disclosed, this did not pose any threat to public safety.  That’s because the use of the control marking was “a standard practice,” according to Police officials, rather than a reliable indication that the documents were actually sensitive.

Sgt. Kimberly Schneider of the Capitol Police explained that the “law enforcement sensitive” marking “does not necessarily indicate that the information contained there is such.”  See “Capitol Police Papers Found on Street” by Jim McElhatton, Washington Times, December 7, 2009.

Last August 25, an interagency task force transmitted a report to President Obama that presented recommendations for limiting the use of controls on unclassified information.  The White House is expected to release that report this week, though the issuance of a new CUI policy is still likely to be some months away.

Update: The August 25 Report of the Presidential Task Force on Controlled Unclassified Information has now been released.

The Obama Administration’s new open government policy has begun to elicit a response from executive branch agencies.  The Department of Defense, the Department of Justice, and other agencies issued news releases yesterday outlining the initial steps they are taking to fulfill the December 8 White House Open Government Directive (pdf).

The White House Office of Science and Technology Policy posted a request for public comment on how to enhance public access to federally-funded science and technology research.  Beginning today, “The Administration is seeking public input on access to publicly-funded research results, such as those that appear in academic and scholarly journal articles. Currently, the National Institutes of Health require that research funded by its grants be made available to the public online at no charge within 12 months of publication. The Administration is seeking views as to whether this policy should be extended to other science agencies and, if so, how it should be implemented.”

Most national security and intelligence agencies, however, met the new Open Government Directive with silence, as if it did not concern them.

But many such agencies maintain unclassified databases that are potentially of great public interest, and that ought to be broadly accessible.  We have nominated two candidates in particular for disclosure under the new open government policy.

First, there is CREST (CIA Records Search Tool), the CIA’s database of declassified historical records.  It contains millions of pages of redacted records that have already been processed for public release.  CREST is available at the National Archives in College Park, MD.  Yet the CIA has refused to publish CREST online, or to release a copy to others so that they could.  Now would be an opportune time to do so.  (See “CREST Leaves Cavity in Public Domain,” Secrecy News, April 6, 2009).

Another major record group that we believe ought to be public are the unclassified reports and analyses of the Director of National Intelligence’s Open Source Center.  This is a slightly more complicated case since many OSC products include copyrighted material that cannot readily be published without permission.  But many other OSC products are purely discursive and analytical and could be published without difficulty if there were a will to do so.  A selection of OSC products that were obtained by Secrecy News may be found here.

Writing on the White House blog yesterday, Special Counsel to the President Norm Eisen and Open Government Initiative Director Beth Noveck offered their view on “Why an Open Government Matters.”

The inadvertent disclosure of a “sensitive” Transportation Security Administration manual on procedures for screening airline passengers has prompted renewed interest in legal remedies and penalties that may be available to the government to minimize the impact of such unauthorized disclosures.

In a letter (pdf) to the Department of Homeland Security yesterday, several Republican lawmakers asked:  What can be done to prevent the continued publication of such material on non-governmental web sites (such as cryptome.org and wikileaks.org)?

“How has the Department of Homeland Security and the Transportation Security Administration addressed the repeated reposting of this security manual to other websites and what legal action, if any, can be taken to compel its removal?” wrote Reps. Peter T. King (R-NY), Charles W. Dent (R-PA) and Gus M. Bilirakis (R-FL).

“Is the Department considering issuing new regulations pursuant to its authority in section 114 of title 49, United States Code, and are criminal penalties necessary or desirable to ensure such information is not reposted in the future?”

The short answer seems to be that existing legal authorities cannot easily be used to compel the removal of such records from public websites, and that any attempt to do so would likely be counterproductive, and would itself do damage to press freedom and other societal values.

Meanwhile, conservative talk show host Rush Limbaugh yesterday lashed out at the Federation of American Scientists in his own commentary on the TSA Manual disclosure.

“What an unmitigated disaster this is,” he said.  “Every day it’s something, every day is an unmitigated disaster.  ‘The original version of the manual [is] still available online preserved by websites that monitor government secrecy and computer security’ [a quote from the Washington Post], which tells you all you need to know about the motives of these sites, such as the so-called watchdogs at the Federation of American Scientists.”

This is not as gratifying as it might have been, since FAS had nothing to do with the disclosure of the TSA Manual.  In fact, had we been the ones to discover the unredacted Manual, we probably would have refrained from publishing it.

In 2005, the National Security Agency published a tutorial on how to properly redact and publish sensitive documents.  See “Redacting with Confidence: How to Safely Publish Sanitized Reports Converted From Word to PDF” (pdf).

In a conscious and far-reaching attempt to change the culture of secrecy that prevails within many government agencies, the Obama Administration today issued a directive (pdf) that orders each federal agency to establish an open government program with mandatory new information disclosure obligations as well as opportunities for public participation.

Moving beyond the familiar rhetoric of openness, the directive imposes substantive new publication requirements, sets deadlines, promotes sharing of best practices, and promises further steps to come.

So, for example, within 45 days each agency is obliged to publish online “at least three high-value data sets” that have not been previously available online.  Within 60 days, each agency must establish a portal for public access to its open government activities, including provision for public feedback and input.  Within 90 days, OMB will issue guidance on the use of new incentives to promote further openness.

The new directive does not extend to classified national security information or controlled unclassified information, both of which are to be addressed in other pending executive orders.  But it does direct agencies to reduce any backlogs in Freedom of Information Act requests “by ten percent each year.”

Significantly, the new open government policy directive did not emerge from the exercise of “checks and balances” by the other branches of government.  Congress did not urge the Administration to promote a culture of openness, much less compel its adoption.  Instead, it is a unilateral executive branch effort, akin in its conception to Energy Secretary Hazel O’Leary’s landmark Openness Initiative of the 1990s, but now extended for the first time to the entire executive branch.

Success is not guaranteed.

The previous Administration used to invoke the theory of “the unitary executive,” which generally holds that all executive branch power and authority is vested in the President.  But the opposite may be closer to the real state of affairs, in the sense that the exercise of presidential authority is dependent on innumerable acts of compliance by scattered officials any of whom can, whether through disobedience or incompetence, frustrate the implementation of policy.  And the more ambitious the proposed change, the more likely it is to encounter resistance.

The directive is also predicated on the existence of a significant number of citizens who are motivated to engage in public policy deliberations and who are capable of doing so. The quality of public comments on the development of the open government directive last summer, which sometimes suffered from digressions into extraneous matters, was not consistently encouraging on that score.

The declared objective of the new directive is “to create an unprecedented and sustained level of openness and accountability in every agency,” and it shows every sign of good faith in attempting to realize that objective.  In any case, given the directive’s well-defined milestones and deadlines, it will soon be clear whether and to what extent the new openness initiative succeeds.

In mid-January 2009, in advance of the inauguration of President Obama, a radiological survey of downtown Washington, DC was conducted at the request of the Secret Service.

No statistically significant man-made radiological activity was detected in the survey.  Typical variations in natural background radiation were found, along with slightly elevated readings at the National World War II Memorial and elsewhere “caused by the building materials containing naturally occurring radioisotopes.”

See “Radiological Survey of Downtown Washington DC for the 2009 Presidential Inauguration” (large pdf), National Nuclear Security Administration, March 2009.