Secrecy Reform Stymied by the Pentagon

The Obama Administration has taken several initial steps to modernize the national security classification system and to combat overclassification.  But those halting efforts are being undermined by the Department of Defense, which is not implementing the President’s policy.

DoD, which is the government’s largest producer of classified information, has failed to update its internal regulation on information security, despite a specific Presidential directive to do so.  The result is that military components today are following old, incomplete and misleading guidance on classification policy.

For example, one such component, U.S. Transportation Command (TRANSCOM), said on February 20 that it was unaware of a current requirement to update and correct its classification guidance.  It had “no records” pertaining to the performance of a Fundamental Classification Guidance Review, which was required by President Obama’s Executive Order 13526.  Why?  Because, it said, “no Review was required [by] DoD 5200.1-R,” the Pentagon’s regulation on information security (pdf).

This is a startling misunderstanding and a grievous lapse of responsibility on the part of the Pentagon. The reason that TRANSCOM is unaware of the new requirement to perform a Fundamental Classification Guidance Review is that DoD’s internal regulation 5200-1.R on classification policy has not been updated since January 1997!  In effect, DoD has been blocking the transmission of the President’s instructions to classifiers and declassifiers in the field.

This in itself is an act of defiance, particularly since the President himself ordered senior agency officials to prepare new classification policy regulations.  “Such regulations shall be issued in final form within 180 days of ISOO’s publication of its implementing directive for the order,” President Obama wrote in his December 29, 2009 memorandum that accompanied the issuance of Executive Order 13526.

The Information Security Oversight Office (ISOO) did publish its implementing directive (pdf) for the Executive Order on June 28, 2010.  Therefore, agencies officials were obliged to complete their implementing regulations 180 days later, by the end of December 2010.  At the Pentagon, officials failed to comply.

“The promulgation of implementing regulations for [President Obama’s] E.O. 13526… is not an optional activity,” said William J. Bosanko, director of the Information Security Oversight Office, which oversees the classification system.

“Such regulations serve as the foundation for the implementation of the Order at each agency,” he explained.  “Failure to update regulations in a timely manner impedes the implementation of the President’s direction and risks undermining the confidence in the classification system.  It also places classified information at needless risk and otherwise makes it difficult to hold accountable those who fail to meet their responsibilities.”

“How can we expect personnel to properly classify, safeguard, and declassify national security information if we do not provide them with the ‘rules’?  How can we maintain the trust of the American people and our State, local, tribal, private sector, and foreign partners if we don’t even comply with the most basic requirements ourselves?”

Mr. Bosanko said that ISOO was pressing for agency compliance with the requirements of the executive order.  He said the status of such compliance would be addressed in the forthcoming FY 2010 ISOO Report to the President.

Meanwhile, throughout the Department of Defense, officials are diligently following the wrong instructions. According to the DoD directives website, the 1997 regulation 5200-1.R — with all of its outdated guidance — is currently one of the top five most frequently downloaded DoD publications.