The procedures for establishing, managing and overseeing special access programs (SAPs) in the Department of Defense are spelled out in an updated DoD Instruction that was issued yesterday. See “Management, Administration, and Oversight of DoD Special Access Programs,” DoD Instruction 5205.11, February 6, 2013.
A special access program is a classified program that employs security measures above and beyond those that would normally be used to protect ordinary (or “collateral”) classified information. Such measures may include special eligibility reviews, polygraph testing, cover, and other controls on information. Within DoD, SAPs fall into three broad topical categories: intelligence, acquisition, and operations and support.
DoD SAPs have been a focus of controversy in the past, because their intensive secrecy seemed to foster mismanagement. There were massive, multi-billion dollar failures (e.g., the aborted A-12 naval aircraft program) as well as the occasional eccentricity (e.g., the Timber Wind nuclear powered rocket for anti-ballistic missile missions), both of which triggered Inspector General audits.
Because of those kinds of missteps, “The special access classification system… is now adversely affecting the national security it is intended to support,” the House Armed Services Committee concluded in 1991 (H.Rept. 102-60, p. 101).
But such concerns are expressed less frequently today. This is partly because of changes in Congress, but also because the administration of special access programs at the Pentagon has become less improvisational and freewheeling, and more standardized. (Whether they are also more successful is impossible to say.)
The newly updated DoD Instruction defines the SAP “governance structure,” which consists of a multi-level SAP Oversight Committee (SAPOC), the Senior Review Group (SRG), and the SAP Senior Working Group (SSWG).
The Instruction also sheds light on the hierarchical structure of some SAPs, which are in effect SAPs within SAPs: “DoD SAPs may include subordinate activities identified as, in descending order, compartments, sub-compartments, and projects.”
There is also another SAP hierarchy along an axis of sensitivity. “Acknowledged SAPs,” whose existence may be admitted and made known to others, are the least sensitive. “Unacknowledged SAPs” (such as Timber Wind once was) are more sensitive and cannot be referenced. Their very existence is a classified fact. But both of those categories must be reported to Congress. “Waived SAPs” are the most sensitive of special access programs, and they are exempted by statute (10 USC 119e) from normal congressional notification requirements. In such cases, only eight senior members of the congressional defense committees may be advised of the program.
DoD’s SAPs are not to be confused with the intelligence community’s Controlled Access Programs (CAPs), which serve a similar function. An official within the Office of the Under Secretary of Defense (Intelligence) is responsible for “deconflict[ing] the names and abbreviations for DoD’s SAPs and DNI’s CAPs.”
It is noteworthy that the new DoD Instruction on SAP management is a public document. It rescinds and replaces a 1997 Instruction that was considered too sensitive for public release.
These ideas aim to advance the detailed policy solutions needed to foster public trust and implement fairness in the adoption of AI across diverse domains, from healthcare and government benefits to rural access, education, and worker protections.
The evidence is clear: algorithmic pay-setting is established in app-based work, and payroll/timekeeping failures show how software can produce systemic wage harm at scale
While a few states have taken steps to implement decision-making mechanisms for certain AI systems, too many leaders are simply accepting narratives about AI’s purported public benefit at face value – jumping to the “how” of AI implementation before thoroughly vetting potential systems and deciding whether they are appropriate to use at all.
When properly structured — with specific numeric targets, secured financial obligations, independent monitoring, and meaningful enforcement — CBAs transform data center deals into durable community partnerships.