Posts from January, 2011

Senate Offices Told to Avoid WikiLeaks

“Do not visit the WikiLeaks site,” the Office of Senate Security told Senate employees and contractors in a memorandum (pdf) that was circulated to Senate offices this past week.

Senate employees are free to access news reports that may discuss classified material, but they were instructed not to download the “underlying documents that themselves are marked classified (including classified documents publicly available on the WikiLeaks and other websites).”

The “Updated WikiLeaks Guidance” was issued by the Office of Senate Security.  The one-page memo is undated, but a Senate staffer said it was received in Senate offices within the last few days.

It represents an implicit view that respect for executive branch classification procedures should be the Senate’s paramount concern here, trumping open deliberation over the contents of the leaked materials or any other considerations.

*

In a paradoxical way, the WikiLeaks project is dependent upon the very secrecy system that it works to disrupt.  Without secrecy, after all, there cannot be leaks.  So why doesn’t the U.S. government try to “disarm” WikiLeaks by pro-actively disclosing the cables that WikiLeaks has already obtained?  Instead of passively enduring months or years of selective disclosures, the government could seize the initiative back from WikiLeaks.  Voluntary disclosure would permit it to present the most sensitive information with whatever explanatory or contextual material it wished to add.

For the moment, at least, that is not a realistic option, replied William J. Bosanko of the Information Security Oversight Office.  Though the leaked records held by WikiLeaks and its media partners are already compromised, he acknowledged, officially releasing them right now would interfere with other objectives that must take precedence.  These include briefing foreign governments whose information has been exposed, correcting security vulnerabilities, and penalizing the unauthorized disclosures.  Mr. Bosanko spoke at a January 20 panel discussion sponsored by the Collaboration on Government Secrecy at American University Washington College of Law.

DoD Takes Flexible View on Deleting Wikileaks Docs

Department of Defense employees who downloaded classified documents from Wikileaks onto unclassified government computer systems may delete them without further “sanitizing” their systems or taking any other remedial measures, the Pentagon said in a policy memo (pdf) last week.

The release of classified State Department cables and other classified documents by Wikileaks has produced special consternation among security officers, who have tended to respond “by the book” to this unprecedented breach of security procedures.  But “the book,” which is the product of an earlier era, is quickly becoming obsolete.  And in the worst case, some officials say, the government’s unimaginative response to Wikileaks could do more damage than the original disclosures.

But now some tentative signs of flexibility can be detected from Pentagon policy makers.

Under the new guidance, DoD employees and contractors who have downloaded classified documents from the Wikileaks website onto an unclassified government computer or network — which is still prohibited — do not need to take any extreme corrective measures in response, the Pentagon said.  In particular, there is no need to prepare a formal incident report or to “sanitize” their information systems by overwriting or degaussing them.  Instead, the documents can simply be deleted.

“In the case of classified documents inadvertently accessed or downloaded from the WikiLeaks website or other websites posting WikiLeaks-related classified documents, the IAM [information assurance manager] will document each occurrence and delete the affected file(s) by holding down the SHIFT key while pressing the DELETE key for Windows-based systems,” said Acting Under Secretary of Defense Thomas A. Ferguson in a January 11 memo.

Using the shift and delete keys simultaneously is a way of “permanently deleting” a document, so that it is removed from the file directory and does not appear in the Trash or Recycle Bin.  This action does not, however, physically erase or eliminate the document from the computer’s hard drive.  In other cases of inadvertent transfer of classified information to an unclassified system, a more rigorous response is often required.  But this will now be good enough for the purpose of eliminating classified Wikileaks documents.

“No incident report or further sanitization of government IT systems is required,” Under Secretary Ferguson continued.

The new flexibility only extends to Wikileaks-related documents, not to other “spillages” of classified information, he said.  “This guidance pertains only to the accessing or downloading of the classified documents described above because of the extent of the compromise and the prohibitive cost of standard sanitization procedures.  All other classified spillages must be handled in accordance with existing regulations,” according to the Pentagon memo.

See “Notice to DoD Employees and Contractors on Protecting Classified Information and the Integrity of Unclassified Government Information Technology (IT) Systems,” memorandum for senior DoD officials from Acting Under Secretary of Defense Thomas A. Ferguson, January 11, 2011.

ODNI Secrecy Activity, “Population” Increased in 2010

The Office of the Director of National Intelligence reported a notable increase in its classification activity last year, along with an even greater increase in the ODNI “population.”

The number of ODNI “derivative classification decisions” — referring to the classification of new records under previously issued guidance — increased 7.6% to 1,762,999 from the year before, wrote ODNI Information Management Director John F. Hackett in a November 12 report (pdf).  “The increase in total decisions was largely driven by population growth, which increased by 17% from last year.”

A copy of the ODNI report to the Information Security Oversight Office was obtained by Secrecy News under the Freedom of Information Act.  See Standard Form 311, Agency Security Classification Management Program Data for Fiscal Year 2010, November 12, 2010.

Among other interesting details, the ODNI report states that “There were two discretionary declassification decisions made by the Acting DNI during FY10 (declassification of ‘QUILL’ as a Radar Imager and declassification of the fact of GAMBIT/HEXAGON overhead ISR missions).”

CIA Sees Vibrant Blogosphere in China

Chinese bloggers “expressed rage and despondence after learning about the plight of 12 mentally retarded men from Sichuan province who were sold into slavery to work at a building materials plant in the Xinjiang Uighur Autonomous Region,” according to a CIA review of the Chinese blogosphere (pdf) during the week of December 10-17, 2010.

The CIA survey portrays Chinese bloggers as alert, engaged and influential in shaping government policy.

“The controversy over the mentally retarded workers set off a passionate discussion in the blogosphere on such topics as the treatment of disabled people in society and the role officials play in allowing workers to be exploited in private enterprises.”

“The public reaction resulting from the story’s popularity in the blogosphere as well as in traditional media almost certainly had an effect on the quick government response,” the CIA report said.

A copy of the report was obtained by Secrecy News. See “This Week in the Chinese Blogosphere: Week Ending 17 December 2010,” CIA Open Source Works, December 17, 2010.

Among several other current news stories, the report said, “Many Chinese Netizens continue to follow and comment on the legal case of Wikileaks.org founder Julian Assange.”

A Bumpy Start for Fundamental Classification Review

The Fundamental Classification Guidance Review is the Obama Administration’s most ambitious effort to confront the problem of overclassification. It requires each agency that classifies information to conduct a detailed review of all of its classification guides in order to identify obsolete classification requirements and to eliminate them.  As spelled out in section 1.9 of executive order 13526, the deadline for completion of the Reviews is June 29, 2012, two years after the effective date of the executive order.

So far, the Review process is off to an uneven start.  A Secrecy News survey of dozens of federal agencies shows that a few agencies are taking the process very seriously, others are ignoring or deferring it, and still others wrongly believe it does not apply to them.

By far the most impressive response comes from the Department of Energy, which has developed a detailed plan (pdf) for implementing the Review.  Over a dozen DOE working groups are set to evaluate more than 2,500 classification topics to assess their continued validity.  DOE has ordered its personnel to conduct a searching inquiry that challenges the status quo, not a perfunctory exercise that accomplishes nothing.

“Each Working Group is expected to review ‘difficult topics’ (i.e. guidance topics that are suspected of inconsistent or incorrect application by classifiers),” according to the November 4, 2010 charter for the DOE Fundamental Classification Guidance Review.  “Even though a prior analysis may have concluded that the balance [of costs and benefits] favored classification, this [Fundamental Review] will ensure consideration of acceptance of a higher level of risk.”

“With a critical and in-depth review of NSI [national security information] classification guidance, the Department will ensure necessary protection is retained and that information that doesn’t require protection will be characterized as unclassified and be made available to the public as appropriate,” wrote Glenn S. Podonsky, a senior DOE security official.

It shouldn’t be necessary to perform “a critical and in-depth review” just to reduce unnecessary classification — but evidently it is necessary, and DOE seems to be on the path to achieving that goal.

In startling contrast, the Office of the Director of National Intelligence doesn’t even mention the Fundamental Classification Guidance Review in its own December 31, 2010 plan (pdf) for implementing the president’s executive order on classification.  The ODNI plan provides all kinds of direction on training, inspection, and what-not — but it is silent on the Fundamental Review.  So it doesn’t explain how ODNI will conduct the Review, by what standards, on what schedule, or anything like that.  How can that be?  An ODNI official did not respond to a query on the subject from Secrecy News.

Several other agencies reported that they had not yet started their own Reviews.  On the other hand, United States European Command said that it had already completed its Review and found “no inefficiencies” that would justify a change in classification policy.  Others were unaware of the requirement in the first place.  The United States Pacific Command (PACOM) said (pdf) that it had no records concerning the Fundamental Review because it mistakenly believed the Review was a Department of Energy program that PACOM was not involved in.  In other words, PACOM confused the Obama Administration’s Fundamental Classification Guidance Review, which does apply to PACOM, with the similarly-named Clinton-era Fundamental Classification Policy Review at DOE, which did not.

The Fundamental Review is not an attempt to compel agencies to disclose classified information (though that is also sometimes necessary, through litigation, congressional mandate or other means).  Rather, the Review seeks to enlist agencies to act boldly in their own self-interest to eliminate unnecessary secrecy.  By stripping away the barnacles of overclassification, agencies stand to reduce costs, optimize mission performance, improve transparency and accountability, bolster information sharing, and promote public confidence in security policy.

“These reviews can be extremely important in changing the habits and the practices of classifiers throughout government,” said William H. Leary of the National Security Council last year.

But that will only be true if agencies actually carry out the Review in a meaningful way.

Towards that end, William J. Bosanko, director of the government’s Information Security Oversight Office which oversees the classification system, said that his organization will issue new instructions to agencies on implementing the Fundamental Classification Guidance Review within “the next week or so.”

Congressional Oversight Manual, and More from CRS

The purposes, authorities, and instruments of congressional oversight are described in detail in a newly-expanded Congressional Oversight Manual (pdf) prepared by the Congressional Research Service.

“Congressional oversight and investigations can often, though not always, become adversarial,” the CRS Manual observes. “This is especially true when the entity being targeted, whether a private individual, corporation, or executive branch agency, has information Congress believes is necessary to its inquiry but refuses to disclose. In those situations the targeted entity may attempt to use several methods of avoiding disclosure. A commonly used tactic to avoid disclosure is to assert that the information cannot be disclosed due to a specific law, rule, or executive decision. Another common tactic is to assert that the information itself is of such a sensitive nature that Congress is not among those entities entitled or authorized to have the information.”

The Manual proceeds to scrutinize the validity of such tactics, and discusses the options available to Congress to compel disclosure. A copy was obtained by Secrecy News. See Congressional Oversight Manual, Congressional Research Service, 168 pages, January 6, 2011.

Other noteworthy new CRS reports include the following (both pdf).

National Security Letters in Foreign Intelligence Investigations: A Glimpse of the Legal Background and Recent Amendments, December 27, 2010.

Ricin: Technical Background and Potential Role in Terrorism, December 21, 2010.

JASONs Ponder Military Role in Gene Research

The technology for sequencing human DNA is advancing so rapidly and the cost is dropping so quickly that the number of individuals whose DNA has been mapped is expected to grow “from hundreds of people (current) to millions of people (probably within three years),” according to a new report to the Pentagon (pdf) from the JASON defense science advisory panel.  The Defense Department should begin to take advantage of the advances in “personal genomics technology” by collecting genetic information on all military personnel, the panel advised.

The cost of sequencing complete human genomes has been falling by about a factor of 30 per year over the last six years, the JASONs said.  As a result, “it is now possible to order your personal genome sequenced today for a retail cost of under ~$20,000″ compared to around $300 million a decade ago.  “This cost will likely fall to less than $1,000 by 2012, and to $100 by 2013.”

“At costs below $1,000 per genome, a number of intriguing applications of DNA sequencing become cost effective.  For example, researchers will have access to thousands or even millions of human genomes to seek correlations between genotypes [i.e. the genetic makeup of individuals] and phenotypes [i.e, the expression of genetic information in observable traits].”

Currently, the understanding of “the linkages between the genotypes of individuals and their phenotypes is limited.”  But “the explosion of available human genome sequence data will provide researchers from academia and industry with the genetic information necessary to conduct large-scale efforts to link genetic markers with human traits.”

For military purposes, it will be up to the Department of Defense “to determine which phenotypes… have special relevance to military performance and medical cost containment” and then presumably to select for those.  “These phenotypes might pertain to short- and long-term medical readiness, physical and medical performance, and response to drugs, vaccines, and various environmental exposures…. More specifically, one might wish to know about phenotypic responses to battlefield stress, including post-traumatic stress disorder, the ability to tolerate conditions of sleep deprivation, dehydration, or prolonged exposure to heat, cold, or high altitude, or the susceptibility to traumatic bone fracture, prolonged bleeding, or slow wound healing.”

“Both offensive and defensive military operations may be impacted by the applications of personal genomics technologies through enhancement of the health, readiness, and performance of military personnel.  It may be beneficial to know the genetic identities of an adversary and, conversely, to prevent an adversary from accessing the genetic identities of U.S. military personnel.”

What could possibly go wrong?  Quite a few things, actually.  Besides the risk of failing to maintain the privacy and security of genetic data, the data could be used in unethical ways or their significance could be misinterpreted.  “Acting on genotype information that is not convincingly linked to specific phenotypes could lead to erroneous and detrimental decision making,” the JASONs said.

In any case, the JASONs advised the Pentagon, “The DoD should establish policies that result in the collection of genotype and phenotype data…. The complete diploid genome sequence for all military personnel should be collected” along with other related information.

A copy of the JASON report was obtained by Secrecy News.  See “The $100 Genome: Implications for the DoD,” JASON Report No. JSR-10-100, December 2010.

Various Resources

A bill in the last Congress “to provide a comprehensive framework for the United States to prevent and prepare for biological and other WMD attacks” was described in a lengthy Senate report last month.  The report provided a detailed congressional perspective on a range of biosecurity issues, inspired in part by the Graham-Talent Commission on the subject.  However, the bill was not enacted, and its provisions did not achieve consensus support.  It drew criticism in particular from Sen. Carl Levin whose dissenting comments were appended.  See “WMD Prevention and Preparedness Act of 2009″ (pdf), Report of the Senate Homeland Security and Governmental Affairs Committee, December 17, 2010.

The Indian physicist Subrahmanyan Chandrasekhar (1910-1995) was remembered in several fascinating and inspiring articles in the December 2010 issue of Physics Today.  Perhaps the most stimulating one of them, written by Freeman Dyson, is freely available to non-subscribers on the Physics Today website.  See “Chandrasekhar’s Role in 20th Century Science” by Freeman Dyson.

We were pleased to receive a copy of “The Black Bats: CIA Spy Flights over China from Taiwan 1951-1969″ by Chris Pocock with Clarence Fu, Schiffer Publishing, 2010.

Did President Calvin Coolidge really issue an executive order on “homeland security”?  That seems to be the conceit of a “Compilation of Homeland Security Related Executive Orders (EO 4601 through EO 13528) (1927-2009)” prepared and published last year by the House Committee on Homeland Security.  In fact, of course, “homeland security” is a term of recent vintage (and also a questionable one for a nation of immigrants).  It was never used by President Coolidge.  But his 1927 executive order 4601 was modified a few years ago to include reference to the Secretary of Homeland Security, thereby justifying its inclusion in this 544-page volume.  Disturbingly, the editors misspelled “Foreword” as “Foreward.”

CIA “Open Source Works” on Pakistani Leadership

Corrected below

“A review of the Pakistani media during October 2010 indicates that there is less talk of imminent political change.”  That is the rather pedestrian conclusion of a brief report (pdf) that was prepared last November by “Open Source Works,” a previously unknown initiative of the CIA Directorate of Intelligence.

Open Source Works “was charged by the Director for Intelligence with drawing on language-trained analysts to mine open-source information for new or alternative insights on intelligence issues.  Open Source Works’ products, based only on open source information, do not represent the coordinated views of the Central Intelligence Agency.”

The recent report on Pakistan seems to be the first Open Source Works document to have reached public hands, though it is more of a digest of recent news and opinion than what would properly be termed an intelligence product.  A copy was obtained by Secrecy News.  See “Pakistan Leadership Watch: October 2010,” CIA Directorate of Intelligence, November 8, 2010.

Correction: An Open Source Works document was previously made available by Public Intelligence here.

Aid to Pakistan Expected to Grow

The Obama Administration is preparing to give increased military and economic aid to Pakistan, the Washington Post reported last weekend.  (“U.S. to Offer More Support to Pakistan” by Karen DeYoung, January 8.)

Nearly $20 billion in civilian and military support has been provided to Pakistan between Fiscal Years 2002 and 2010, according to a newly updated tabulation from the Congressional Research Service.  This sum does not include covert aid.  Some $3.2 billion in aid has been requested for FY 2011.  See “Direct Overt U.S. Aid and Military Reimbursements to Pakistan, FY2002-FY2011″ (pdf), January 4, 2011.

Since June 2010, 17 new F-16 combat aircraft have been delivered by the U.S. to Pakistan (at Pakistani expense) along with numerous older armored personnel carriers, according to another Congressional Research Service fact sheet.  See “Major U.S. Arms Sales and Grants to Pakistan Since 2001″ (pdf), updated January 4, 2011.