DoD Leaks Now Termed “Serious Security Incidents”

Unauthorized disclosures of classified information, leaks to the news media, acts of espionage, and certain other information security offenses are now to be collectively designated as “serious security incidents,” according to a Department of Defense directive that was published this week.

The new terminology was adopted in order to standardize procedures for preventing, identifying, investigating and reporting such violations when they occur. See “Management of Serious Security Incidents Involving Classified Information,” DoD Directive 5210.50, October 27, 2014.

The new directive replaces a previous directive from 2005, which had simply been titled “Unauthorized Disclosure of Classified Information to the Public.”

Not every episode of mishandling classified information qualifies as a “serious security incident.” But that term applies whenever there is an unauthorized disclosure of classified information in the news media, or an act of espionage, or a willful disclosure of classified information to an unauthorized person that involves large amounts of classified information, or that reveals a systemic weakness in classification practices, among other circumstances. The threshold is determined by what is reportable to senior to DoD authorities (as specified in DoD Manual 5200.01, vol. 3, enclosure 6, at p. 88).

(Strictly speaking, the creation of an unauthorized DoD “special access program” would also appear to constitute a “serious security incident” requiring investigation, reporting and accountability. But that possibility is not mentioned in the new directive.)

“Serious security incident investigations and reporting will integrate security, counterintelligence, law enforcement, and other appropriate DoD interests to ensure that the causes of serious security incidents are identified and that all appropriate means are utilized to identify and mitigate damage to national security and avoid similar occurrences,” the new directive states.

This week, Michael Isikoff of Yahoo News reported that the FBI had identified a new leaker (“Feds identify suspected ‘second leaker’ for Snowden reporters,” October 27). The story also cited concerns among some intelligence officials that the Department of Justice may be reluctant to initiate new criminal prosecutions of suspected leakers due to criticism of past overzealousness.

It is hard to confirm from a distance that such reluctance on the part of Justice Department officials exists. But in fact, the government has always had alternatives to Espionage Act prosecutions of suspected leakers, including civil or administrative penalties and loss of security clearance.

The new DoD directive says that “DoD personnel responsible for serious security incidents may be held accountable, as appropriate, in a criminal proceeding, civil judicial action, disciplinary or adverse administrative action, or other administrative action authorized by federal law or regulations.”

Likewise, a July 2013 Department of Justice review of policies concerning the news media said that “The Department will work with others in the Administration to explore ways in which the intelligence agencies themselves, in the first instance, can address information leaks internally through administrative means, such as the withdrawal of security clearances and imposition of other sanctions.”