Information Security Oversight OfficeThe President
National Archives and Records Administration
700 Pennsylvania Avenue, NW
Washington, DC 20408
September 17, 2001
The White House
Washington, DC 20500
Dear Mr. President:
We are pleased to submit the Information Security Oversight Office's (ISOO) 2000 Report to the President.
Year five of implementation of Executive Order 12958, "Classified National Security Information," shows mixed results in the security classification program in the executive branch during FY 2000. Declassification activity within the executive branch continued to add significantly to the unprecedented number of pages declassified. However, classification activity within the executive branch increased dramatically as the change from paper to an electronic environment continues to render old sampling systems obsolete. Other areas of the security classification program noted modest increases, i.e., original classification authorities and security cost estimates.
In the declassification program, agencies of the executive branch reported declassifying almost 75 million pages of records having permanent historical value. Combined with figures reported in the first four years of the Order's implementation, the executive branch has declassified almost 795 million pages of records since October 1995. This is an extraordinary accomplishment, particularly given the increasing obstacles that the agencies must face to declassify records. The hundreds of millions of pages declassified under this Order will provide researchers and historians with information that will help write our nation's history for years to come.
In recent years ISOO has raised concerns about the data collected by the agencies regarding their security classification programs, particularly increases in classification activity. The FY 2000 data for derivative classification activity showed a dramatic increase from FY 1999. The increase is not a result of new programs. We believe the primary factor responsible for this dramatic increase is the rapidly expanding electronic environment. Today, information once exchanged in millions of secure telephone conversations that clearly were not counted as classification decisions is now being relayed through secure e-mail which is electronically tabulated and counted as classification decisions. The impact of the electronic environment is clearly reflected in the data reported by the agencies to ISOO and points to a need to review data collection methods and to formulate a new baseline from which to analyze the data. ISOO has embarked on such a project with a goal towards developing standard guidelines for the sampling methods and the calculation of a new baseline.
Classification and declassification activities are primary components of the security classification program. When indicators such as we have been seeing with classification occur, policies governing these indicators need to be reexamined. Through an interagency effort, ISOO will begin this process with an eye towards improving the security classification program. Please be assured that the staff of ISOO and thousands of other individuals throughout the executive branch and industry who are responsible for implementing the security classification program look forward to working with you in our mutual effort to optimize performance.
Steven Garfinkel, Director
The following Report to the President is the fifth report under E.O. 12958, which went into effect in October 1995. The following data highlight ISOO's findings.
Summary of FY 2000 Program Activity
- The number of original classification authorities increased by 284, to 4,130.
- Reported original classification decisions increased by almost 51,191, to 220,926.
- Please see below for explanation concerning total derivative and combined classification activity.
- Under Automatic and Systematic Review Declassification programs, agencies declassified 74,644,993 pages of historically valuable records.
- Agencies received 3,014 new mandatory review requests.
- Under mandatory review, agencies declassified in full 32,584 pages; declassified in part 57,901 pages; and retained classification in full on 4,465 pages.
- Agencies received 86 new mandatory review appeals.
- On appeal, agencies declassified in whole or in part 1,511 additional pages.
Implementation of the Automatic
Declassification Provision of
Executive Order 12958 --
"Classified National Security Information"
Executive Order 12958, "Classified National Security Information," issued on April 17, 1995, and effective on October 14, 1995, marked a significant departure from the secrecy policies of the past. The first order to revise the security classification system since the end of the Cold War, E.O. 12958 included major changes which have already resulted in a dramatic increase in the amount of information being declassified. Fiscal Year 2000 marked the fifth year in which the policies of the Order have been in effect.
The declassification provisions of Section 3.4 contain the most far-reaching reforms in the new security classification system. This section, entitled "Automatic Declassification," requires the automatic declassification of most historically valuable information that is 25 years old. In the past, these older classified records remained classified indefinitely. Under E.O. 12958, these same records, including approximately 1.627 billion pages created over the past 50 years, were subject to automatic declassification five years from the issuance date of the Order, or April 17, 2000. Executive Order 13142, issued on November 19, 1999, amended E.O. 12958, to extend the date of the imposition of the automatic declassification provision until October 14, 2001. For two groups of records, those that contain information classified by more than one agency and those that almost invariably contain information pertaining to intelligence sources and methods, E.O. 13142 extended the date of imposition of the automatic declassification provision an additional eighteen months, until April 17, 2003.
In order to keep information classified beyond 25 years, agency heads must be able to demonstrate that: (1) particular information falls within narrow exemptions to automatic declassification. This determination is then subject to outside review by an interagency panel of senior officials; or (2) particular file series, identified by the agency head and approved by the President, almost invariably contain exempted information. On March 9, 1999, 10 agencies were granted specific "File Series Exemptions" for series which were replete with information that almost invariably fell into one or more of the exemption categories. For further information, please see ISOO's FY 1998 Report to the President on ISOO's home page at www.nara.gov.
In effect, E.O. 12958 reverses the resource burden. Unlike prior systems, in which agencies had to expend resources in order to declassify older information, under E.O. 12958, agencies must expend the resources necessary to demonstrate why older, historical information needs to remain classified.
2. PAGES DECLASSIFlED
The data gathered by the Information Security Oversight Office (ISOO) for this report reveal that in Fiscal Year 2000, the agencies of the executive branch continued to declassify historically valuable documents in numbers unprecedented before the issuance of Executive Order 12958. In FY 2000, executive branch agencies declassified almost 75 million pages of permanently valuable historical records. Although this represents a reduction of approximately 41 percent from the number of pages declassified in FY 1999, it exceeds the yearly average under prior executive orders by six-fold. Agencies continued to do significant declassification even with the legislation [Section 3161 of Public Law 105-261, entitled "Protection Against Inadvertent Release of Restricted Data and Formerly Restricted Data."] that requires the re-review of those records that have previously been declassified before they are made available to the public. The purpose of this legislation is to make certain that the declassified records do not inadvertently contain information classified under the terms of the Atomic Energy Act, called "Restricted Data" and "Formerly Restricted Data." Records classified under the Atomic Energy Act are not subject to E.O. 12958 or its declassification provisions.
While the number of pages declassified in FY 2000 decreased by approximately 41 percent from the number of pages declassified in FY 1999, the achieved product is still remarkable. It took place in the face of another year in which the National Archives and Records Administration (NARA) experienced a further reduction in its declassified product, brought about by legislation referenced above, which dramatically diverted resources away from new declassification review at NARA. NARA had previously accounted for more than 50 percent of the number of pages declassified. As explained in more detail in the "Declassification" section of this report, the legislation requires a page by page declassification review and re-review of documents already declassified in order to search for information that might be classified under the Atomic Energy Act. The Department of Defense, led by the Departments of Navy and Army, declassified over 51 million pages of permanently valuable records in FY 2000. While a decrease of 28 million pages from FY 1999, DOD's total represents 69 percent of the total number of pages declassified in FY 2000. The FY 2000 total for the executive branch remains extraordinary given the reduction in the current universe of records subject to automatic declassification, and the various legislative provisions that restrict the resources dedicated to systematic review.
During the first five years that E.O. 12958 has been in effect, the agencies of the executive branch have declassified approximately 795 million pages of permanently valuable historical records. In FY 1995, after the Order was signed, but prior to its effective date, an additional 69 million pages of permanently valuable historical records were declassified. Since ISOO came into existence in late 1978, and began collecting and analyzing data beginning with FY 1980, it has reported the declassification of permanently valuable historical records totaling approximately 1.05 billion pages. Of that total, 864 million pages, or 86 percent, have been declassified due in large part to the automatic declassification provision of E.O. 12958 or its imminent effective date.
1.05 Billion Pages Declassified Fiscal Years 1980 - 2000 FY 1980-1994 188.3 million pages (Average per year: 12.6 million pages) FY 1995 69 million pages FY 1996 196 million pages FY 1997 204 million pages FY 1998 193 million pages FY 1999 127 million pages FY 2000 75 million pages Status of Declassification of Permanently Valuable Records Declassified 1980-1994 188 million pages Declassified 1995 69 million pages Declassified 1996-2000 795 million pages Exempted from Automatic Declassification 306 million pages To be Reviewed 526 million pages
3. LOOKING AHEAD
- In spite of increasing obstacles, the agencies of the executive branch continue to declassify unprecedented numbers of records of permanent historical value.
- Each of the major classifying agencies has in place an infrastructure for systematic review for declassification, something that almost none of these agencies had when E.O. 12958 was issued.
- The issuance of E.O. 13142 offers a more realistic time frame for the completion of declassification reviews undertaken before the onset of automatic declassification.
- Coordination and communication among the classifying and declassifying agencies continue to increase and improve.
- The hundreds of millions of pages declassified under the Order will serve as an irreplaceable resource for historians and other researchers for generations to come.
- The ability of the executive branch to protect information in our national security interest has been enhanced by the massive reduction in the number of documents that are no longer sensitive but remained unnecessarily classified.
- Declassification and public access have been slowed by legislation that, in ISOO's view, amounted to unnecessary overkill.
- Declassification activity remains so prolific that it exceeds the ability of agency systems and resources to process the records for public access, and the ability to advise other agencies and the public about what information has been declassified.
- Little progress has been achieved in actually declassifying records which contain more than one agency's classification equities, and many of the records that remain to be reviewed have such multi-agency equities.
- An estimated 526 million pages of records subject to automatic declassification at the deadlines extended by E.O. 13142 remain to be reviewed.
Interagency Security Classification Appeals Panel
Section 5.4 of Executive Order 12958, "Classified National Security Information."FUNCTIONS
(1) To decide on appeals by authorized persons who have filed classification challenges under Section 1.9 of E.O. 12958.MEMBERS
(2) To approve, deny or amend agency exemptions from automatic declassification as provided in Section 3.4(d) of E.O. 12958.
(3) To decide on mandatory review appeals by parties whose requests for declassification under Section 3.6 of E.O. 12958 have been denied at the agency level.
William H. Leary, Acting ChairEXECUTIVE SECRETARY
National Security Council
Carl A. Darby
Robert O. Davis
Department of Justice
Michael J. Kurtz
National Archives and Records Administration
J. William Leonard
Department of Defense
Frank M. Machak
Department of State
Steven Garfinkel, DirectorSUPPORT STAFF
Information Security Oversight Office
Information Security Oversight OfficeSummary of Activity
The Interagency Security Appeals Panel (ISCAP) was created under E.O. 12958 to perform the critical functions noted above. The ISCAP, comprised of senior level representatives appointed by the Secretaries of State and Defense, the Attorney General, the Director of Central Intelligence, the Archivist of the United States, and the Assistant to the President for National Security Affairs, began meeting in May 1996. The President designates its Chair, the Director of ISOO serves as its Executive Secretary, and ISOO provides its staff support.
Declassification Guidance Under Section 3.4(d); ISCAP Approves CIA and DIA Guides
Perhaps the most significant change brought to the classification system by E.O. 12958 is that historically valuable records are no longer subject to indefinite classification. In order for information to remain classified beyond 25 years, an agency head must demonstrate that: (1) a particular file series, identified by the agency head and approved by the President, almost invariably contains information that falls within one or more narrow exemptions; (2) specific information, identified by the agency head and subject to the approval of the ISCAP, falls within one or more narrow exemptions to automatic declassification.
To assist agency heads with the exemption of specific information under Section 3.4(d) of E.O. 12958, ISOO's Government-wide implementing directive (32 CFR Part 2001) provides for the submission of declassification guides to the ISCAP for approval. On May 18, 2000, the ISCAP approved the DIA's declassification guide, the first declassification guide approved by the ISCAP. The CIA's declassification guide was approved by the ISCAP on May 17, 2001. Prior to their approval, the CIA and DIA declassification guides were revised at the request of the ISCAP to meet its concerns. The approval of these two guides is of particular importance as they come from within the intelligence community. Moreover, each of these guides provides firm parameters for the future declassification review of all exempted information. Both CIA and DIA are to be commended for their commitment to the declassification provisions of the Order.
Although agencies are not required to submit such guides until 180 days prior to automatic declassification, Army, DOE, JCS, Navy, NIMA, NRO, OSD, and State have already submitted declassification guides for the ISCAP's approval. The ISCAP expects a number of these declassification guides to be approved in the near future and looks forward to the submission of additional guides from other agencies.
Decalssification Appeals Under Section 3.6
To date, the bulk of the ISCAP's efforts has focused on mandatory declassification review appeals. Viewing the totality of its decision docket from May 1996 through June 2001, the ISCAP has decided appeals seeking the declassification of 244 documents that remained fully or partially classified upon the completion of agency processing. Of these, the ISCAP declassified information in 80% of the documents upon which it has voted (94 documents in full, 39%; 100 documents in part, 41%). The ISCAP has voted to affirm the agency's classification action fully in 50 documents (20%).
The ISCAP's decisions to date illustrate how faithful application of the declassification standards for 25-year-old information results in access to historically valuable records. Several examples of portions of the documents declassified by the ISCAP during the past year are reproduced on the following pages. [not included here]
A database of decisions rendered by the ISCAP is available from ISOO in electronic form. The database is maintained in Microsoft Access 97. Documents declassified by the ISCAP are made available through the entity that has custody of them, usually a NARA presidential library.
Additional information about the ISCAP, including its bylaws and communiques, can be found at the ISOO web site. For additional assistance, please contact the ISCAP Staff at ISOO.
E-MAIL: [email protected]
WEB SITE: http://www.nara.gov/isoo/iscap/iscap.html
The security classification program is now in its sixth year of reporting costs for both Government and industry. Congress first requested security classification cost estimates from the executive branch in 1994. In addition, ISOO is tasked through Executive Order 12958 to report these costs to the President. Executive Order 12829, "National Industrial Security Program," also requires that industry or contractor costs be collected and reported by ISOO to the President.
Security Classification: What Does it Cost?
Until the last few years, the costs for the security classification program were deemed non-quantifiable, intertwined with other somewhat amorphous overhead expenses. While many of the program's costs remain ambiguous, ISOO continues to monitor the methodology used to collect the cost estimate data. Requiring agencies to provide exact responses to the cost collection efforts would be cost prohibitive. Consequently, ISOO relies on sampling. The measurements of costs of the security classification system will be estimates. Nevertheless, by maintaining stability in methodology, ISOO should gain over time a good indication of the total cost burden and its upward and downward trends.
GOVERNMENTThe data presented below were collected by categories based on common definitions developed by an executive branch working group. The categories are defined below.
Personnel Security: A series of interlocking and mutually supporting program elements that initially establish a government or contractor employee's eligibility, and ensure suitability for the continued access to classified information.
Physical Security: That portion of security concerned with physical measures designed to safeguard and protect classified facilities and information, domestic or foreign.
Information Security: Includes three sub-categories:
Classification Management: The system of administrative policies and procedures for identifying, controlling and protecting classified information from unauthorized disclosure, the protection of which is authorized by executive order or statute. Classification management encompasses those resources used to identify, control, transfer, transmit, retrieve, inventory, archive, declassify or destroy classified information.Professional Education, Training and Awareness: The establishment, maintenance, direction, support and assessment of a security training and awareness program; the certification and approval of the training program; the development, management, and maintenance of training records; the training of personnel to perform tasks associated with their duties; and qualification and/or certification of personnel before assignment of security responsibilities related to classified information.
Declassification: The authorized change in the status of information from classified information to unclassified information. It encompasses those resources used to identify and process information subject to the automatic, systematic or mandatory review programs authorized by executive order or statute.
Information Technology Systems (Automated Information Systems (AIS) or Information Technology Systems Security): Measures and controls that ensure confidentiality, integrity and availability of the classified information processed and stored by a computer or information technology system. It can include, but is not limited to, the provision of all security features needed to provide an accredited system of protection for computer hardware and software, and classified information, material, or processes in automated systems.
Security Management and Planning: Development and implementation of plans, procedures and actions to accomplish policy requirements, develop budget and resource requirements, oversee organizational activities and respond to management requests related to classified information.
Unique Items: Those department or agency-specific activities that are not reported in any of the primary categories but are nonetheless significant and need to be included.
The total security classification costs estimate within Government for FY 2000 is $4,270,120,244. This figure represents estimates provided by 35 executive branch agencies including the Department of Defense, whose estimate incorporates the National Foreign Intelligence Program. It does not include, however, the cost estimates of the CIA, which that agency has classified.
Because of expressed interest in the declassification programs established under Executive Order 12958, ISOO also requested agencies to identify that portion of their cost estimates in the category of information security/classification management that was attributable to their declassification programs. For FY 2000, the agencies reported declassification cost estimates of $230,903,374, or 5.4 percent of their total cost estimates.
Government Security Classification Costs Estimate Fiscal Year 2000 Total $4.3 billion Personnel Security $426 million Physical Security $272 million Information Security $2.9 billion Information Technology Security $2.5 billion Classification Management $213 million Declassification $231 million Professional Education Training & Awareness $112 million Security Management & Planning $439 million Unique Items $25 million
INDUSTRYA joint Department of Defense and industry group developed a cost collection methodology for those costs associated with the use and protection of classified information within industry. Because industry accounts for its costs differently than Government, cost estimate data are not provided by category. Rather a sampling method was applied that included volunteer companies from four different categories of facilities. The category of facility is based on the complexity of security requirements that a particular company must meet in order to hold a classified contract with a government agency.
The 2000 cost estimate totals for industry pertain to the twelve month accounting period for the most recently completed fiscal year of each company that was part of the industry sample. For most of the companies included in the sample December 31, 2000, was the end of their fiscal year. The estimate of total security costs for 2000 within industry was $958,543,000.
The Government cost estimate shows a 14 percent increase above the cost estimate reported for FY 1999. Industry, on the other hand, reported a 22 percent decrease in its cost estimate. The total cost estimate for Government and industry for 2000 is $5.2 billion, $200,000,000 more than the total cost estimate for Government and industry in 1999.
The increase in cost estimates for Government does not appear to result from any new programs. The following categories showed increases from FY 1999: Personnel Security (5%); Professional Education Training and Awareness (23%); Information Security, specifically, Information Technology (27%); and Unique Items (38%). Decreases occurred in the following categories: Physical Security (33%); Security Management Oversight and Planning ((6%); and in the subcategories of Information Security, Classification Management (2%) and Declassification (1%).
With respect to the decrease in contractor costs, this year's estimate appears to be the middle ground for industry. The wide variations between the years 1996, 1997, and 1998 are not reflected in the 1999 estimate of $1.2 billion nor are they in the 2000 estimate of $958 million, a 22 percent decrease from last year. The current estimate was based on sampling from a larger pool of companies as was last year's. This year 80 percent more companies participated in the collection than in 1998; last year almost 86 percent more participated than in 1998. Again, the larger sample tends to suggest greater accuracy. It appears the Department of Defense, the Executive Agent for the National Industrial Security Program, was correct in its assumption that a larger mix of small and large companies reporting data would provide a better sample. ISOO expects that future estimates will continue to include this larger mix of small and large companies, which appears to yield the most realistic data reported to date in what remains an evolving process.
Comparing Total Costs for Government and Industry Fiscal Years 1995 - 2000 FY 2000 Total $5.2 billion FY 1999 Total $5 billion FY 1998 Total $5 billion FY 1997 Total $4.1 billion FY 1996 Total $5.2 billion FY 1995 Total $5.6 billion FY 2000 Government $4.3 billion FY 1999 Government $3.8 billion FY 1998 Government $3.6 billion FY 1997 Government $3.4 billion FY 1996 Government $2.6 billion FY 1995 Government $2.7 billion FY 2000 Industry $958,543,000 FY 1999 Industry $1.2 billion FY 1998 Industry $1.4 billion FY 1997 Industry $692,823,000 FY 1996 Industry $2.6 billion FY 1995 Industry $2.9 billion
ClassificationIn recent years ISOO has raised concerns about the data collected by the agencies regarding their security classification programs, particularly increases in classification activity. As Government transitions its work and communication methods to an increasingly electronic environment, the techniques used by the agencies to collect data related to the paper environment are becoming ineffective, and possibly obsolete. Today, information once exchanged in millions of secure telephone conversations that clearly were not counted as classification decisions, is now being relayed through secure e-mail which is electronically tabulated and counted as classification decisions. Letters addressed to single addressees can now be copied to hundreds of others with the click of a button. ISOO has witnessed wide variances in increases in classification activity over the past four years; we have tried to extrapolate data to accommodate the issues and concerns the electronic environment has posed, because reported classification decisions were markedly increasing in an environment in which actual classified programs were static or even decreasing. However, the data for FY 2000 have raised even more concerns that extrapolation cannot accommodate and ISOO questions the value of reporting the data. Consequently, we have changed the reporting method in this section of the Report to the President for Fiscal Year 2000 to address the concerns that the FY 2000 data raise. Because Derivative classification activity increased so dramatically, the Derivative and Combined parts of this section will provide some explanation and possible means to address the collection of classification activity data in an electronic environment. Original Classification Authorities and Activity will be similar to prior years' reporting.
Original classification authorities (OCAs), also called original classifiers, are those individuals designated in writing, either by the President or by selected agency heads, to classify information in the first instance. Under Executive Order 12958, only original classifiers determine what information, if disclosed without authority, could reasonably be expected to cause damage to the national security. Original classifiers must also be able to identify or describe the damage.
For fiscal year 2000, the number of original classifiers throughout the executive branch was 4,130, an increase of 284 from the previous year. The increase in this year's figure is a result of an anomaly reported by the Department of State, which will be discussed later. If the State figures are extracted, the number of OCAs represents a reduction of 65. ISOO believes that the agency heads' careful scrutiny and reissuance of delegations of original classification authority continues to be the largest contributing factor to this decrease. In ISOO's view, some agencies have reached a level in the number of original classification authorities that seems reasonable for the conduct of their missions. Nevertheless, some larger agencies that had comparable classification activity, but many more OCAs, could reduce the number of OCAs without negatively affecting operations through increased use of classification guidance.
Last year ISOO commented on the consolidation and reorganization of several agencies as a potential factor in reducing OCAs. These organizational changes included the emergence of the Defense Threat Reduction Agency from a consolidation of the Defense Special Weapons Agency, the On-Site Inspection Agency and several components of the Office of the Secretary of Defense, and the transfer of the functions of the United States Arms Control and Disarmament Agency and the United States Information Agency to the Department of State. This year DTRA reported 9 additional OCAs, which is not an alarming number, and might simply reflect continued evolution within the agency. The more unusual and notable figure is the 30 percent increase in State's OCAs, an increase totaling 534. According to State, its figure reflects the first exact count in years of the total number of OCAs located in the Department of State, the US Mission to the UN and at posts abroad, and includes the integration of the United States Arms Control and Disarmament Agency and the United States Information Agency; in recent years the figure was an extrapolation. ISOO continues to believe that State can reduce the number of its OCAs and continues to prod State to do so. Further, State's development of classification and declassification guides would clearly reduce the need for as many original classifiers.
In fiscal year 2000, agencies a 6 percent increase in the number of original classifiers for the Top Secret level and a 10 percent increase for the Secret classification level. OCAs declined 17 percent at the Confidential level. The Department of Stat's increase was the largest and most troubling. State increased OCAs at the Top Secret level by 40 and at the Secret level by 494 for the reasons stated above. Overall, State increased its number of OCAs by 30 percent. The Department of Defense increased OCAs at the Top Secret level by 17, decreased OCAs at the Secret level by 37, and increased OCAs at the Confidential level by 4. Overall, DOD reduced its number of OCAs by 1 percent. ISOO commends NRC and Treasury for significantly reducing its total number of OCAs by 36 and 29 percent, respectively.
Original Classifiers Fiscal Year 2000 Total 4,130 Top Secret 934 Secret 2,981 Confidential 215
Original Classification is an initial determination by an authorized classifier that information requires extraordinary protection, because unauthorized disclosure of the information could reasonably be expected to cause damage to the national security. The process of original classification ordinarily includes both the determination of the need to protect the information and the placement of markings to identify the information as classified. By definition, original classification precedes all other aspects of the security classification system, e.g., derivative classification, safeguarding and declassification. Therefore, ISOO often refers to the number of original classification actions as the most important figure that it reports.
For fiscal year 2000, agencies reported a total of 220,926 original classification decisions. This figure represents an increase of 30 percent over the number of original classification decisions reported in fiscal year 1999, essentially all of which is attributable to increases reported by the Department of State. By classification level, Top Secret increased by 79 percent, Secret decreased by 15 percent and Confidential increased by 169 percent. A review of original classification activity under E.O. 12958 does not show a steady trend. During fiscal year 1997, the second full year of implementation of the Order, original classification activity increased by 51 percent, while fiscal year 1998 saw a decrease of 14 percent and fiscal year 1999 an increase of 24 percent. The increase for fiscal year 2000 reflects a change in how certain agencies are collecting the data and may also be a function of the requirement to review and issue classification guides.
Three agencies -- DOD, Justice, and State -- now account for 96 percent of all original classification decisions. DOD reported a total of 49,505 original classification decisions, a 44 percent decrease from the previous year. It is not clear whether this is a result of new classification guides for DOD or whether the decrease represents a decline in unique events requiring DOD operations.
For the fourth consecutive year, Justice also reported an increase. This year's 4 percent increase is significantly lower than last year's increase of 29 percent. State registered a 394 percent increase. This dramatic increase might be in part the result of changes in State noted above, i.e., change and scope of reporting procedures, and the incorporation of ACDA and USIA into the Department. While acknowledging that these changes might have significantly affected State's figures, ISOO continues to believe security classification guides will help reduce the number of State original classification decisions and authorities. State's figures for both original classifiers and original classification strongly suggest the need for increased internal and external oversight.
Original Activity Fiscal Year 2000 Total 220,926 Top Secret 6,446 Secret 106,494 Confidential 108,129
Several agencies with smaller security classification programs reported marked decreases in the number of original classification decisions. In particular, ISOO commends CEA, PFIAB, Treasury, USTR, and NSC, which reported decreases of 100 percent, 79 percent, 39 percent, 38 percent, and 25 percent respectively.
Original Classification Levels Fiscal Year 2000 Top Secret 3% Secret 48% Confidential 49%
As part of the original classification process, the classifiers must determine a time frame for the protection of the information. This is commonly called the "duration" of classification. Executive Order 12958 creates three possible outcomes at the time of original classification. First, if applicable to the duration of the information's national security sensitivity, information should be marked for declassification upon a specific date or event. For example, a classifier could determine that the information's sensitivity will lapse upon the completion of a particular project. The event would be noted on the face of the document, and when the project had been completed, the information would automatically be declassified. Second, if the original classification authority could not determine an earlier specific date or event for declassification, information should ordinarily be marked for declassification 10 years from the date of the original decision. Third, if the specific information falls within one or more of eight categories, the classifier may exempt it from declassification at 10 years. In almost all instances, this will result in the information being subject to automatic declassification at 25 years. The indefinite duration marking used under Executive Order 12356, "Originating Agency's Determination Required" or "OADR," was eliminated with the issuance of E.O. 12958.
Original Activity by Agency Fiscal Year 2000 State 110,859 Justice 57,310 DOD 49,505 All Others 3,252
During fiscal year 2000, classifiers chose declassification upon a specific date or event less than 10 years, or upon the 10-year date for 129,386 (59%) original classification decisions. On the remaining 91,540 (41%) original classification decisions, original classifiers elected to apply an exemption from 10-year declassification. The 59 percent noted for the 10-year or less category is the highest percentage reported by the agencies under this Order. ISOO hopes that the originating agencies continue this very positive trend. The long-term effect of assigning a specific date, event or 10 year date suggests that more information will be declassified earlier, without the need for costlier reviews in the future.
Duration of Classification Fiscal Year 2000 10 Years or Less 59% (129,386) Exempt from 10 Year 41% (91,540)
Derivative and Combined
Derivative classification is the act of incorporating, paraphrasing, restating, or generating in a new form classified source information. Information may be classified in two ways: (a) through the use of a source document, usually correspondence or publications generated by an original classification authority; or (b) through the use of a classification guide. A classification guide is a set of instructions issued by an original classification authority. It pertains to a particular subject and describes the elements of information about that subject that must be classified, and the level and duration of classification. Only executive branch or Government contractor employees with the appropriate security clearance, who are required by their work to restate classified source information, may classify derivatively.
Combined classification is the sum of both original and derivative classification activities. While original classification represents the smaller portion of combined (2%), it precedes all other aspects of the security classification system and is the more important aspect of combined classification. Original classification decisions are the root of every derivative classification action. Historically, derivative actions have outnumbered original decisions, varying in the last four years anywhere from 40 to 54 derivative actions to one original decision. During fiscal year 2000 this ratio changed dramatically and is discussed in more detail below.
Fiscal year 2000 data on derivative classification activity within the executive branch showed a dramatic increase from fiscal year 1999. This increase was so high, ISOO questioned the value of reporting the data because it seemed so enormous and hardly comparable to the data reported in prior years. The data showed a 186 percent increase in derivative classification -- from almost 8 million actions in FY 1999 to almost 23 million actions in FY 2000. Two of the largest classifying agencies account for the increases: Department of Defense and Central Intelligence Agency. ISOO firmly believes that the increase is not a result of new programs. We recognize the primary factor responsible for this dramatic increase in derivative classification activity is the burgeoning electronic environment. The lack of a universal sampling method used by the agencies to collect the data coupled with a lack of a common understanding and application of definitions describing the data being collected further complicate the process. These combined factors clearly point to the need to recalculate the baseline figures used for analysis to account for the implications of the electronic environment. Collection of these data would be governed by a common and clearly defined sampling method. [Interim guideance on this topic as developed will be posted on our home page.]
As Government has become increasingly dependent upon electronic methods to do business and communicate, the techniques used by the agencies to collect data about the security classification program do not take into account the impact of the electronic environment on the data being collected. Today, information once exchanged in secure telephone conversations is now being relayed through secure e-mail. Letters addressed to a single addressee can now be copied to hundreds of others with the click of a button. We know that some agencies can now tabulate all classification actions electronically. What they have not been able to do yet is differentiate in that tabulation each classification decision in the context of the definition provided in the instructions of the data collection form, the Standard Form 311, Agency Security Classification Management Program Data (SF 311). [A classification decision, original or derivative, is a finished product for dissemination or retention, regardless of the media.] For example, if the secure telephone conversations now replaced by secure e-mails were considered in the context of the SF 311 definition of a classification decision, it is likely that many of the e-mails would not be included in the collection.
The methods used by agencies to collect data on their security classification programs, as mandated by Executive Order 12958 and prior Orders, vary by agency. As noted above, some agencies have the ability to collect actual data on how many classification decisions, whether original or derivative, their classifiers make in a particular fiscal year. Other agencies, because they are so large and diverse in mission and location, use a sampling method to collect classification data. Each agency that uses a sampling method has had that method approved by ISOO.
Generally, the methods involve randomly selecting one-week time periods in each quarter of a fiscal year and requiring classifiers to count the number of decisions made during those weeks. Then those figures are multiplied by a factor, for example 13 (52 weeks divided by 4 weeks equals 13), to arrive at a total for each of the classification categories listed in the data collection form, the SF 311. While the methods used by the agencies appeared to have worked well, those same agencies were not satisfied with the results and looked for better ways to collect the data.
To assist agencies in this endeavor, ISOO has also embarked on a project to develop guidance for sampling methods to be used in data collections for agency security classification programs. CIA has already revamped its sampling method, taking into account the electronic environment, and applied it to the fiscal year 2000 collection. We believe that CIA's FY 2000 data are probably the most valid to date. Additional years of data will help to either support or disclaim this point. In any event, the work that CIA has done will serve as an excellent beginning to developing a guideline for use across the executive branch and will help in establishing a new baseline against which future data collections can be compared.
A common understanding and application of definitions of the data being collected are important aspects of any sampling method. ISOO has found that, while definitions for various terms appear both in E.O. 12958 and in the instructions to the SF 311, agencies do not interpret the definitions in the same way. For example, one agency's understanding of an original classification decision is that a memo or letter could contain several original decisions. Therefore, a letter or memo would not count as one original classification decision, but would count for as many decisions as are contained in the memo or letter. As part of developing the guideline, ISOO will need to address how to reconcile the differences in the understandings and applications of the various terms used in collecting data concerning agency security classification programs, particularly in the context of the electronic environment.
The electronic environment raises many questions about the characteristics of the classified information contained in them. ISOO has noted the problems that the electronic environment has posed for the security classification program in its past Reports to the President. Specifically, our FY 1999 Report said, "ISOO is convinced that the vastly increased use of automated information systems, and advancements in technology will continue to affect how information is created, collected, analyzed, and disseminated, thus affecting the tabulation of derivative classification activity." Clearly, this point is vividly illustrated in the derivative classification data reported by the agencies for fiscal year 2000. In its guidance development project concerning sampling methods, ISOO will try to answer questions like: When does the classified information contained in these systems become accountable and countable? Are the e-mail message and any attachments each considered separately as an individual action or classification decision? How should the baseline be measured to accommodate electronic classification decisions in addition to paper? Answers to these questions and others will help to provide a clearer view of the Government's classification activity in an electronic environment. Until the guideline and new baseline are developed, ISOO expects to provide interim guidance to the agencies to help mitigate some of the disparities in the data being reported.
During fiscal year 2000, declassification activity within the executive branch declined for the second year in a row. Nevertheless, declassification under this Order continued to exceed the average under prior executive orders by tenfold. Instituting two declassification programs under E.O. 12958: (1) "Automatic Declassification," Section 3.4 of E.O. 12958; and (2) "Systematic Declassification Review," Section 3.5 of the Order, has very clearly driven the increase in declassification activity. The "Automatic Declassification" program began in mid-October 1995 with the effective date of Executive Order 12958. Under the "Automatic Declassification" program, information appraised as having permanent historical value is automatically declassified once it reaches 25 years of age unless an agency head has determined that it falls within a narrow exemption that permits continued classification. Fiscal year 1996 was the first full year of implementation for this program.
Started in 1972, "Systematic Review for Declassification" is the program under which classified permanently valuable records are reviewed for the purpose of declassification after the records reach a specific age. Under E.O. 12356, NARA was the only agency required to conduct a systematic review of its classified holdings. Now E.O. 12958 requires all agencies that originate classified information to establish and conduct a systematic declassification review program, which is undertaken in conjunction with the potential onset of automatic declassification. In effect, systematic review has become an appendage of the automatic declassification program. ISOO has collected data on declassification that does not distinguish between the two programs because they are now so interrelated.
During FY 2000, the executive branch declassified almost 75 million pages of permanently valuable historical records. Although this figure represents a 42 percent decrease from that reported for FY 1999, it is important to note that it represents an increase of 62 million declassified pages when compared to the average yearly declassification activity reported under prior executive orders. The declassification of so many pages is remarkable in light of the many obstacles faced by executive branch agencies.
ISOO estimates that agencies have completed work on approximately 68 percent of the pages subject to automatic declassification, either by declassifying or exempting them. Those records remaining to be reviewed (an estimated 526 million pages) tend to be the later (1975 and earlier) and more complex and sensitive bodies of records. Such records require more time to review and process. The "low-hanging fruit," those records that are the oldest and least sensitive, such as operational records of Army components created during World War II, have almost all "been picked." Agencies reviewed these types of records in their backlog first; now the more difficult records have come to the forefront for review. Consequently, a decrease, such as we have seen in fiscal years 1999 and 2000, should be considered as an inherent part of the declassification process.
However, other factors outside the process affect declassification activity. For example, as reported in ISOO's FY 1999 Report to the President, legislation enacted in FY 1999, addressing the protection of Restricted Data and Formerly Restricted Data, required agencies to shift resources away from the automatic and systematic declassification programs to meet the requirements of the legislation. This legislation and other special topical searches mandated by other legislative initiatives such as the Nazi War Crimes Disclosure Act of 1998 and the Japanese Imperial Government Disclosure Act of 2000, again affected NARA's declassification program.
NARA's pages declassified in FY 2000 decreased by 57 percent from FY 1999. In past years NARA has been the lead agency in the number of pages declassified. NARA cites the same reasons for the decrease in FY 2000 as was cited in FY 1999, namely: (1) NARA reviewers began the re-review of previously declassified records to determine, as required by legislation, whether these records inadvertently contained Restricted Data or Formerly Restricted Data under the Atomic Energy Act; (2) many NARA staff members who previously worked on declassification were assigned to assist in the massive transfer of permanently valuable records from the Washington National Records Center to the National Archives in College Park; and (3) those NARA staff members who continued to do declassification review were required by the legislation pertaining to Restricted Data and Formerly Restricted Data to review everything on a page-by-page basis; in the past as much as 85 percent of NARA's declassification actions involved sampling methods. In addition to these reasons, NARA notes another factor that has affected their declassification activity, reviewing intelligence records related to the Nazi War Crimes Disclosure Act of 1998 and the Japanese Imperial Government Disclosure Act of 2000. These records, according to NARA, are "more difficult to review and take longer to process than average."
In the five years that Executive Order 12958 has been in effect, over 795 million pages have been declassified. Compared to the total of pages declassified under two prior executive orders (E.O. 12065 and E.O. 12356) over the course of 15 years, 257 million pages, the executive branch in the past five years has more than tripled the number of pages declassified. For the 20 years during which ISOO has been collecting data, declassification activity within the executive branch resulted in over 1 billion pages declassified.
1.05 Billion Pages Declassified Fiscal Years 1980-2000 Fiscal Years 1996-2000 795 million pages (76%) Fiscal Years 1980-1995 257 million pages (24%) Fiscal Year 2000 75 million pages (7%) Fiscal Year 1999 127 million pages (12%) Fiscal Year 1998 193 million pages (18%) Fiscal Year 1997 204 million pages (19%) Fiscal Year 1996 196 million pages (19%) Fiscal Year 1995 69 million pages (7%) Fiscal Years 1980-1994 188 million pages (18%)
For the second year in a row DOD led the executive branch in the number of total pages declassified in FY 2000, accounting for more than 69 percent of the total. Although DOD was the lead agency, it reported a decrease in its total pages declassified of 35 percent. AID (95%), NARA (57%), NASA (40%), DOE (29%), and State (29%) also experienced significant decreases. Some agencies reported remarkable increases in their declassification activity in FY 2000 as compared to FY 1999: Treasury (9,721%), Justice (96%), CIA (72%), and NSC (31%). ISOO commends these all of these agencies, whatever their outcomes in FY 2000, and encourages them to sustain their efforts.
Number of Pages Declassified by Agency -- Fiscal Year 2000 TOTAL 74,644,993 DOD 51,667,194 Navy 27,559,043 Army 16,869,450 Air Force 2,665,902 NIMA 1,756,830 DTRA 1,106,775 WHS 1,027003 All Others 682,191 NARA 7,900,000 STATE 5,980,420 CIA 5,180,000 TREASURY 1,500,000 JUSTICE 1,265,697 DOE 591,388 AID 480,600 NSC 72,395 NASA 6,748 NRC 500 COMMERCE 32 DOT 19
Mandatory ReviewUnder Executive Order 12958, the mandatory review process permits individuals or agencies to require an agency to review specified national security information for purposes of seeking its declassification. Requests must be in writing and describe the information with sufficient detail to permit the agency to retrieve it with a reasonable amount of effort. Mandatory review remains popular with some researchers as a less contentious alternative to Freedom of Information Act (FOIA) requests. It is also used to seek the declassification of presidential papers or records, which are not subject to the FOIA. Also, some researchers are now choosing mandatory review over FOIA in order to retain the right of appeal to the ISCAP (see above).
Mandatory Review Pages Processed Fiscal Years 1999-2000 FY 1999 Total 90,744 FY 2000 Total 94,950 FY 1999 Granted in Full 61,356 FY 2000 Granted in Full 32,584 FY 1999 Granted in Part 22,785 FY 1998 Granted in Part 57,901 FY 1999 Denied in Full 6,603 FY 1998 Denied in Full 4,465
During FY 2000 agencies processed 3,039 cases totaling 94,950 pages. The number of pages processed increased by 5 percent from the previous year. Both the number of pages and the percentage of pages declassified in whole or in part increased, from 84,141 pages and 93 percent to 90,485 pages and 95 percent. The percentage of pages declassified in whole or in part has remained high under Executive Order 12958, with this year's rate being the highest of the last five years. While outside factors, such as legislation, have had an impact on how many mandatory declassification review requests can be processed by the agencies, ISOO believes that mandatory review remains a very successful means for declassifying information.
Mandatory Review Appeals Disposition Fiscal Year 2000 Granted in Full 22% Granted in Part 31% Denied in Full 47%
During FY 2000, agencies processed 92 appeals that comprised 2,841 pages. Of these, 53 percent of the pages were granted in whole or in part. The rate is 39 percent lower than last year. The lower rate of declassification suggests three things: (1) Less information remains classified following the initial mandatory review; (2) more recent records are being requested; and (3) agencies are retaining the classification because the sensitivity of the information continues to meet the criteria under the Order. The lower rate further suggests that the ISCAP may expect to see an increase in appeals from denied requesters.
Executive Order 12958 brought many changes in principles, practices, and procedures. Security education remains more critical than ever. Familiarizing those who have access to classified information with the requirements of the classification system is a major undertaking for security professionals in both Government and industry. ISOO continues to explore ways to coordinate the dissemination of as many security education tools as possible or to develop them within the context of budgetary considerations. For now, ISOO has available a marking pamphlet to serve as a general guide for use by both original and derivative classifiers. We have also revised our popular Standard Form (SF) 312 briefing booklet by including the Executive Order 12958, reprinting new legislation that is pertinent to individuals signing the SF 312, updating the "Questions and Answers" segment and including a copy of the updated SF 312 form (edition date 1/00). ISOO has also launched a home page under the National Archives and Records Administration Web site.
Security Training Aids
This booklet is a general, illustrated guide on how to mark classified documents in accordance with the requirements of Executive Order 12958 and its implementing directives. Authorized original and derivative classifiers as well as administrative personnel who prepare classified documents can rely on this booklet whenever there is a question about the marking of a classified document.
SF 312 BRIEFING BOOKLET
This booklet remains popular with agency and industry security managers who provide briefings on the SF 312 "Classified Information Nondisclosure Agreement." It includes the complete text of all the laws and regulations that must be available if requested by someone signing the SF 312, including the text of Executive Order 12958, a copy of the SF 312 and updated answers to the most frequently asked questions about the nondisclosure agreement. The revised SF 312 Booklet includes the latest version of the SF 312 form (edition date 1/00) and the text of new legislation that is pertinent to individuals signing the SF 312.
THE SF 312 VIDEO
This 13-minute video provides an entertaining but informative approach to answering most of the questions that employees raise about the purpose of the nondisclosure agreement and their obligations under it. It provides an excellent base for an employee briefing on the SF 312.
EXECUTIVE ORDER 12958 AND IMPLEMENTING DIRECTIVE PACKET
This packet is a three-hole punched, shrink-wrapped document that includes Executive Order 12958, its implementing directives, the President's Original Classification Authority designations, and amendments. Tabs identify each of these items. They are printed in a very clear and a very easy to read format. This is one of the most "user friendly" versions of the Order and its related documents.
FOR COPIES OF THESE TRAINING AIDS, CONTACT ISOO:
E-mail: [email protected]