Most Agencies Are Out of Compliance with Secrecy Policy

Most executive branch agencies failed to meet a December 2010 deadline set by President Obama to issue implementing regulations for his December 2009 executive order on national security classification policy, dealing a setback to the Administration’s classification reform agenda.

Despite last year’s presidential deadline, “As of March 15, 2011, only 19 of 41 agencies have issued their implementing regulations in final form,” according to the latest Annual Report to the President (pdf) from the Information Security Oversight Office (ISOO), made public today.

“Given that less than half of agencies have issued implementing regulations in the 15 months since the President issued the order and the 9 months since ISOO revised the government-wide implementing regulations for the order, it is clear that the means by which agencies modify and issue implementing regulations are not sufficient to accommodate changes in national security policy,” the ISOO Report said.

“ISOO sees this as the biggest impediment to implementing the reforms called for by the President and as a real threat to the efficient and effective implementation of the overall classification system.”

Among other things, the delayed implementation of the executive order means that many agencies have still not begun to perform the Fundamental Classification Guidance Review that requires them to seek out and eliminate obsolete classification requirements.

ISOO Acting Director William A. Cira said that even with the lag in implementation, many agencies were actually moving faster to adopt the new classification order than they had done in the past.  For example, after President Clinton issued executive order 12958 in April 1995, the Department of Defense did not issue an implementing regulation for nearly two years.  Following President Bush’s 2003 executive order 13292, the Department of Defense never got around to issuing an updated regulation at all!

On the other hand, no previous President had personally set a deadline for agencies to adopt implementing regulations, as President Obama did in a December 29, 2009 memorandum.  This creates the awkward and disturbing circumstance that most affected agencies are now out of compliance with a direct presidential order.

That’s true, said Mr. Cira of ISOO, but it should be understood as a reflection of antiquated bureaucratic procedures, not as deliberate agency defiance of the President.

“In a lot of agencies, especially the larger ones, the bureaucratic processes for publishing formal regulations tend to be quite difficult and time consuming,” he said. “This can be just as frustrating for those people in the agency that have drafted the regulation and are trying to get it through the approval process as it is for anyone outside the agency.”

The ISOO annual report is one of very few published sources of official data on classification and declassification activity in the government.  This year, for example, the report said that agencies generated 224,734 original classification decisions in FY2010, a hefty 22.6 percent increase from the year before.

But the impact of the annual reports is hard to establish.  In recent years, the President has not even acknowledged receipt of the report, much less engaged with its findings.