If it wanted to, the Obama Administration could instantly increase oversight of the national security classification system by tasking the Offices of Inspector General (IG) at each of the major classifying agencies to assume some responsibility for secrecy oversight. In coordination with the Information Security Oversight Office, those IGs could perform periodic audits of classification activity to ensure that agencies are complying with declared policies (the urgent need to revise those policies is a separate issue) and they could flag excessive use of secrecy in the course of their other duties, for further investigation by the ISOO.
In fact, the IGs already do some classification-related oversight, but only on a sporadic, ad hoc basis. In 1992, the Defense Department IG investigated and confirmed (pdf) an allegation made by the Federation of American Scientists that a secret nuclear rocket program called Timber Wind was improperly classified as an unacknowledged special access program.
But instead of combating wrongful secrecy, it seems that Inspectors General are more often called upon to investigate unauthorized disclosures of controlled information.
Most recently, the IG of the U.S. Government Printing Office (GPO) examined (pdf) the unintended publication of a report to the International Atomic Energy Agency listing U.S. civilian nuclear sites and facilities and marked as “sensitive.” Secrecy News discovered the document on the GPO web site in late May, and it subsequently made headlines around the world. (“US Declares Nuclear Sites to the IAEA,” Secrecy News, June 1, 2009.) After the New York Times and other news organizations picked up the story on June 3, “a torrent of media activity ensued,” the GPO IG report said.
“Our investigation found no wrongdoing on the part of GPO or its employees,” the IG concluded last week (as first reported by Ed O’Keefe of the Washington Post, August 10). Rather, GPO simply acted at the direction of its client, the House of Representatives, which transmitted the report for publication.
The GPO IG did not independently evaluate the actual sensitivity of the document (large pdf), and did not inquire whether it disclosed any information that was not previously in the public domain or, if so, what the consequences were likely to be. (Our view is that while the report may be diplomatically sensitive, given that such national declarations to the IAEA are not normally published, it does not reveal sensitive technology or security information.) A separate investigation of the publication of the report on nuclear facilities is still being conducted by the General Accounting Office.
In another recent case, the Inspector General at the Library of Congress (LOC) was asked to investigate the unauthorized publication of thousands of Congressional Research Service (CRS) reports last February by Wikileaks.org, a website which publishes confidential or restricted documents. Although more, and more recent, CRS reports had previously been disclosed by OpenCRS.com, FAS, and others, the audacity of the Wikileaks move set off alarms at CRS and among some in Congress.
“My question is, have you taken steps necessary to prevent it from happening again and determine how it is that it happened in the first place?” asked Rep. Debbie Wasserman Schultz (D-FL) at an April 29, 2009 House Appropriations Committee hearing (at p. 285 in a very large pdf file).
“We have left it for the IG to do that and to then report how it happened,” replied CRS director Daniel Mulhollan.
This seems like an exceptionally poor use of the IG, especially since throughout Mr. Mulhollan’s tenure the supposed confidentiality of most CRS reports has been routinely violated, without adverse effect and arguably to the benefit of CRS. Broad public disclosure of CRS reports has increased the Service’s stature in the press and elsewhere, and has also permitted the correction of published errors in those reports. (CRS memoranda that are prepared for individual Members are generally protected more effectively than the CRS reports that are intended for general distribution.) For the past decade and longer, new CRS reports have been published for sale nearly every day by commercial vendors of CRS products such as PennyHill Press, Gallery Watch, and Lexis-Nexis– yet somehow it is only free access for members of the public that triggered official outrage and led to an IG investigation.
The LOC Office of the IG did not respond to an inquiry from Secrecy News this week concerning the status or outcome of its investigation of the disclosure of CRS reports to Wikileaks.
As a rule, we believe IGs could be more productively employed by pursuing unnecessary or inappropriate restrictions on disclosure of government information. In particular, the forthcoming Obama executive order on national security classification could authorize and direct executive branch agency IGs to help identify cases of needless secrecy, and to help fix them.