SECRECY NEWS
from the FAS Project on Government Secrecy
Volume 2011, Issue No. 11
February 2, 2011

Secrecy News Blog: http://www.fas.org/blog/secrecy/

ISOO SPURS AGENCIES TO PERFORM CLASSIFICATION REVIEW

In a focused effort to combat overclassification, President Obama has ordered executive branch agencies to conduct a "Fundamental Classification Guidance Review." The two year Review process, mandated in the December 2009 executive order 13526 (sect. 1.9) is intended to identify and eliminate obsolete classification requirements in current agency policies.

Last week, the Information Security Oversight Office (ISOO) told selected senior agency officials that the Review is more than a formality, and that they must make a serious commitment to its implementation.

"The scope of this review needs to be systematic, comprehensive, and conducted with thoughtful scrutiny involving detailed data analysis," wrote ISOO director William J. Bosanko in a memorandum dated January 27.

Merely rubber-stamping the status quo is not going to be enough, he explained to the senior agency officials.

"Please be advised that a review conducted only by the pertinent original classification authority is not sufficient." Instead, "the broadest possible range of perspectives" shall be brought to bear on reviewing agency classification guidance.

Moreover, the resulting recommendations for eliminating obsolete classification guidance should be clear and actionable.

"Agencies should be specific in their determinations as to what no longer requires protection," Mr. Bosanko wrote. "An example would be a specific part of a weapon system versus the weapon system as a whole. The user of the guide must be able to identify the specific element of information that does or does not require protection."

Interim status reports on agency progress are to be provided every six months, Mr. Bosanko advised.

The present Fundamental Classification Guidance Review is loosely modeled on the Fundamental Classification Policy Review that was performed by the Department of Energy in the mid-1990s. That Review led to the declassification by DOE of numerous areas of classified information that had ceased to be sensitive (as well as increased protection for a smaller number of other areas deemed highly sensitive).

Until now, a similar approach has never been tried on a government-wide basis. If diligently implemented, it holds the promise of a measurable reduction in the scope of national security secrecy. On the other hand, if it does not produce meaningful results, then the prospects for classification reform will become vanishingly small.


RAND: WHAT SHOULD BE CLASSIFIED?

What is the rationale for classifying information? The RAND Corporation attempted to articulate an answer to that question and then to apply it in practice to a current national security issue.

In a new study prepared for the Pentagon's Joint Staff, RAND researchers "developed a general framework for judging classification decisions" that, they suggested, might have broad use. Their methodology depends on "the systematic application of common sense." If so, then it is a major breakthrough in classification policy, where common sense is often scarce.

"Apart from situations in which the security value of classification is obvious -- e.g. protecting the identity of a clandestine source -- how should decisions be made about what pieces of data should be classified? Since classifying information creates costs, it should be approached as an explicit cost-benefit comparison (understood to include factors that cannot be monetized)."

"We defined four criteria that must be met even before a classification argument can even be considered: (1) classification must reduce information flow to the adversary, (2) the data obtained must change what the adversary knows, (3) the knowledge must affect the adversary's decisions, and (4) the decisions must damage the United States in some way."

"Only if the failure to classify a piece of information means that an adversary is more likely to get it *and* if having it changes the adversary's estimate of a key piece of knowledge *and* if the change in knowledge alters a decision (or the probability of a decision) *and* if this decision is adverse to the United States would any case exist for classifying it -- and then only if the costs of classification, broadly understood, are not greater. If classification yields no measurable benefit, there is no justification for it even if the costs of classification are zero, which they never are," the RAND study said.

More generally, "The public debate about classification policy does raise the question of whether the degree of damage [associated with release of a particular piece of information] is being estimated well. Put simply, just because a specific piece of information or a data set is useful in some way and relates to areas of security concern, it does not necessarily follow that the same information is useful to an adversary. Indeed, knowing that potential adversaries are interested in the information is no proof that their satisfaction would damage U.S. national security. If it is not damaging, restricting access to it will not, in fact, produce the expected security benefit."

The RAND authors proceeded to apply their construct to the specific problem that the Joint Staff asked them to address, namely whether or not to classify the DoD's "Global Force Management Data Initiative" (GFM DI), which is a set of protocols for information sharing.

"Having laid out a systematic process [for evaluating the question], we... found no good reason to classify GFM DI as a whole," the study concluded. (Some related subsets of data may require protection, the authors said.)

See "What Should Be Classified?" by Martin C. Libicki, et al, RAND National Defense Research Institute, 2010:

The RAND study was conducted independently of the the Obama Administration's pending Fundamental Classification Guidance Review, but it exemplifies much of what the Review is intended to achieve: namely, a searching inquiry into the validity of specific classification decisions in light of their actual costs and benefits.


WALL POSTER: MAJOR IRANIAN NEWSPAPERS

Key characteristics of seventeen leading Iranian newspapers are described in a wall poster prepared last year by the DNI Open Source Center.

With an estimated circulation of 350,000-450,000, "Hamshahri appears to be the most widely read newspaper in Iran thanks to its voluminous classified advertisement supplement, attracting individuals seeking to buy a car, house or major goods and services. Others buy it for its football pages."

A copy of the poster was obtained by Secrecy News. See "Ownership, Affiliation, and Influence of Major Iranian Newspapers," Open Source Center, March 2010 (10.7 MB pdf file):

******************************

Secrecy News is written by Steven Aftergood and published by the Federation of American Scientists.

The Secrecy News blog is at:
      http://www.fas.org/blog/secrecy/

To SUBSCRIBE to Secrecy News, go to:
     http://www.fas.org/sgp/news/secrecy/subscribe.html

To UNSUBSCRIBE, go to:
      http://www.fas.org/sgp/news/secrecy/unsubscribe.html

OR email your request to saftergood@fas.org

Secrecy News is archived at:
      http://www.fas.org/sgp/news/secrecy/index.html

SUPPORT the FAS Project on Government Secrecy with a donation here:
      http://www.fas.org/member/donate_today.html