Posts from January, 2011

Intel Science Board on “The New S&T Landscape”

The diminishing U.S. lead in various scientific disciplines related to national security has posed a particular challenge for U.S. intelligence agencies, according to a newly released 2006 report (pdf) of the Intelligence Science Board.

“While the overall effect of a declining S&T [science and technology] position on the United States remains the subject of debate, there can be no debate concerning its enormous impact on the Intelligence Community,” the report said.  “Today’s collection and analysis needs… require an entirely new approach to increasing the contribution of S&T to the intelligence enterprise.  Neither the Intelligence Community nor the S&T establishment has put forth viable strategies for accomplishing this change.”

The authors endorse the creation of the Intelligence Advanced Research Projects Activity (IARPA), which was in fact established.  Otherwise, the report is largely derivative of previous studies on similar topics, and is mostly devoid of original analysis.  See “The Intelligence Community and Science and Technology: The Challenge of the New S&T Landscape,” Intelligence Science Board, November 2006, released December 2010.

The Intelligence Science Board, which was disestablished last year, provided independent science advice to the Director of National Intelligence.  Its most important and influential product was a 2006 report entitled “Educing Information: Interrogation: Science and Art” (pdf) on the weak scientific basis for prisoner interrogation practices.

Meeting Set on Sharing of Classified Info

A new government advisory committee on access to classified information by state, local and other non-federal bodies will hold its first meeting in Washington tomorrow.  The State, Local, Tribal, and Private (SLTP) Sector Policy Advisory Committee “will advise the President, the Secretary of Homeland Security, the Director of the Information Security Oversight Office, and other executive branch officials on all matters concerning the policies relating to access to and safeguarding of classified national security information by U.S. State, Local, Tribal, and Private Sector Entities.”  The Committee will meet January 11 at the National Archives.

One excellent way to improve access to classified information, of course, is to declassify it.  An outfit called the “Interagency Threat Assessment and Coordination Group (ITACG) Detail” is responsible for finding classified intelligence information that could usefully be shared with state and local officials in unclassified form.

“A critical function of the Detail is to identify intelligence products which should be downgraded in classification for release to SLTP partners,” according to a new ITACG annual report (pdf).

“The Detail reviews reporting from the IC on a daily basis, looking for products which cover information that may be of interest to SLTP partners.  Once a product or specific information contained therein is identified, the Detail contacts the author or the originating agency’s disclosure office and requests a classification downgrade.  Once the downgrade is approved and completed, the Detail requests the document be posted to the appropriate portal for SLTP customers.”

“Last year, the Detail requested a classification downgrade for 74 products on behalf of SLTP partners.  Based on these requests, 58 products were downgraded; ten of the requests were denied due to source sensitivities; and six requests are pending as of the date of this report.”  See “2010 Report on the Interagency Threat Assessment and Coordination Group (ITACG),” prepared by the Program Manager, Information Sharing Environment, December 9, 2010.

DoD Agencies Have Prohibited Waterboarding, IG Says

Defense agencies have complied with a recommendation to prohibit the use of military survival training techniques — such as waterboarding — in prisoner interrogation, the DoD inspector general confirmed in a report (pdf) last year.

In response to a previous Inspector General report (pdf), a 2008 DoD directive (pdf) stated that “Use of SERE [survival, evasion, resistance, and escape] techniques against a person in the custody or effective control of the Department of Defense or detained in a DoD facility is prohibited.”  Likewise, a 2009 memorandum for the military services and the Special Operations Command specified that use of “SERE techniques for interrogations of personnel in DoD custody or control is prohibited.”

The 2010 IG report found that “all US Air Force, US Army, US Navy, US Marine Corps, and [Joint Personnel Recovery Agency] SERE training programs included, as part of their curriculum, a prohibition against the use of SERE techniques for interrogation of personnel in DoD custody or control.”  See “Field Verification-Interrogation and Survival, Evasion, Resistance, and Escape (SERE) Techniques Recommendation,” DoD Inspector General Report 10-INTEL-05, April 16, 2010 (released under FOIA in December 2010).

SERE training provides “a reasonable means to train [U.S. military personnel] for the most challenging captivity environment where captors do not abide by the Geneva Conventions,” the IG report said.  But “the physical and psychological pressures developed for… SERE training were not intended for real-world interrogations.  Intelligence resistance training does not qualify a SERE Specialist instructor to conduct interrogations or provide subject matter expertise to those who are trained in that specialty.”

Another Indictment in a Leak Case

The Obama Administration yesterday announced an unprecedented fifth prosecution in a case involving unauthorized disclosures of classified information.

Former Central Intelligence Agency officer Jeffrey A. Sterling was arrested on charges of disclosing classified intelligence information concerning a foreign nuclear weapons program to an unnamed author.  From the context, it is evident that the alleged recipient [referred to as Author A] is New York Times reporter James Risen and the foreign nuclear program is that of Iran.

A copy of the indictment, dated December 22, 2010 and unsealed January 6, 2011, is here (pdf).

Aside from the intrinsic interest of the allegations, the indictment includes numerous incidental details worthy of note.  For example:

**  “In or about early May 2003, senior management from Author A’s employer informed a senior United States government official that the newspaper article would not be published.”  That is, the New York Times decided not to publish the classified information at issue after the U.S. government argued that its revelation would damage national security.  But Mr. Risen reached a different conclusion and went on to write about the material in his 2006 book State of War.  In a contest of this sort, the party that is willing to publish naturally determines the outcome.

**  “Between on or about February 9, 2004, and on or about April 24, 2004, Author A placed fourteen interstate telephone calls from Author A’s personal residence to the temporary residence of defendant STERLING and sent one interstate email.”  This indicates that Mr. Risen or Mr. Sterling or both were under close surveillance at that time.

**  The indictment shows some prosecutorial creativity in adding charges such as “mail fraud,” along with alleged violations of the espionage statutes.  This is based on the allegation that Mr. Sterling “did knowingly cause to be delivered by the United States Postal Service … a shipment of Author A’s published books for sale at a commercial retail bookstore,” thereby somehow defrauding the CIA.  Also citing the distribution of Mr. Risen’s book, the indictment additionally charges Mr. Sterling with “unauthorized conveyance of government property.”

The record number of leak prosecutions in the Obama Administration now include Mr. Sterling, former FBI linguist Shamai Leibowitz, former NSA official Thomas A. Drake, Army private Bradley Manning, and former State Department contractor Stephen Kim.

See further coverage in Former CIA officer Jeffrey A. Sterling charged in leak probe by Greg Miller, Washington Post, January 7, and Ex-C.I.A. Officer Named in Disclosure Indictment by Charlie Savage, New York Times,” January 7.

A Century of Camouflage

Although concealment and misdirection of adversaries are primordial acts, the word “camouflage” did not enter the English language until World War I.  Author Nicholas Rankin observed in his book “A Genius for Deception” that “the Oxford English Dictionary’s first example of published usage is from the Daily Mail in May 1917: ‘The act of hiding anything from your enemy is termed “camouflage”.’”

Nearly a century later, there is a full-fledged theory of camouflage, which is neatly presented in a new U.S. Army manual (pdf).  The theory carefully distinguishes among related techniques such as hiding, blending, disguising, disrupting and decoying, each of which means something different.

The manual provides practical advice.  When selecting foliage for camouflage, “coniferous vegetation is preferred to deciduous vegetation since it maintains a valid chlorophyll response” — against an enemy’s infrared sensors — “longer after being cut.”

And it reflects the lessons of experience.  “Warfare often results in personnel losses from fratricide.  Fratricide compels commanders to consider [camouflage's] effect on unit recognition by friendly troops.”

See “Camouflage, Concealment, and Decoys,” Army Tactics, Techniques, and Procedures 3-34.39, November 2010.

Tightening Security in the “Post-WikiLeaks” Era

The Obama Administration is moving to increase the security of classified information in response to the massive leaks of classified documents to Wikileaks in recent months.  The White House Office of Management and Budget yesterday issued a detailed memorandum (pdf) elaborating on the requirement to conduct an initial assessment of agency information policies and to initiate remedial steps to tighten security.  Agency assessments are to be completed by January 28.

The Wikileaks model for receiving and publishing classified documents exploits gaps in information security and takes advantage of weaknesses in security discipline.  It therefore produces greater disclosure in open societies, where security is often lax and penalties for violations are relatively mild, than in closed societies.  Within the U.S., the Wikileaks approach yields greater disclosure from those agencies where security is comparatively poor, such as the Army, than from agencies with more rigorous security practices, such as the CIA.

What this means is that Wikileaks is exercising a kind of evolutionary pressure on government agencies, and on the government as a whole, to ratchet up security in order to prevent wholesale compromises of classified information.  If the Army becomes more like the CIA in its information security policies, or so the thinking goes, and if the U.S. becomes more like some foreign countries, then it should become less vulnerable to selective security breaches.

The government’s response to this pressure from Wikileaks, which was entirely predictable, is evident in the new memorandum circulated by OMB, which calls on agencies to address “any perceived vulnerabilities, weaknesses, or gaps in automated systems in the post-WikiLeaks environment.”  See “Initial Assessments of Safeguarding and Counterintelligence Postures for Classified National Security Information in Automated Systems,” Office of Management and Budget, January 3, 2011.

In an attachment to the OMB memo, the National Counterintelligence Executive and the Information Security Oversight Office provided an 11-page list of questions and requirements that agencies are supposed to use in preparing their security self-assessment.  “If your agency does not have any of the required programs/processes listed, you should establish them.”

Agencies are asked to “deter, detect, and defend against employee unauthorized disclosures” by gathering “early warning indicators of insider threats” and also by considering “behavioral changes in cleared employees.”

So, for example, agencies are asked “Do you capture evidence of pre-employment and/or post-employment activities or participation in on-line media data mining sites like WikiLeaks or Open Leaks?”  It is unclear how agencies might be expected to gather evidence of “post-employment” activities.

Among other troubling questions, agencies are asked:  “Are all employees required to report their contacts with the media?”  This question seems out of place since there is no existing government-wide security requirement to report “contacts with the media.”  Rather, this is a security policy that is unique to some intelligence agencies, and is not to be found in any other military or civilian agencies. Its presence here seems to reflect the new “evolutionary pressure” on the government to adopt the stricter security policies of intelligence.

“I am not aware of any such requirement” to report on media contacts, a senior government security official told Secrecy News.  But he noted that the DNI was designated as Security Executive Agent for personnel security matters in the 2008 executive order 13467.  As a result, “I suspect that an IC requirement crept in” to the OMB memo.

Security Practices at DoD Facilities Reviewed

There are security weaknesses at many of the research facilities operated by the Department of Defense, according to a DoD Inspector General survey issued last year.

“All [military] Services identified compliance issues related to information assurance,” the IG report (pdf) found, based on a review of 37 out of 121 research, development, test and evaluations facilities.

“Classification marking requirements remain a problem at Army laboratories.  The most common issues are a lack of declassification instructions, as well as failures to mark classified folders, media, and working papers properly…. The use of portable electronic devices in areas where classified information is discussed continues to be a problem for one-third of the Army laboratories inspected.”

On the plus side, “the Army clearly has made great strides during the past year by strengthening biological surety policy… especially in the areas of inventory management and accountability.”  See “Summary Report of FY2009 Inspections on Security, Technology Protection, and Counterintelligence Practices at DoD Research, Development, Test, and Evaluation Facilities” (redacted), DoD Inspector General Report 10-INTEL-06, May 21, 2010.

Air Force SAP Policy Limits Congressional Contacts

The Air Force issued updated guidance (pdf) last week concerning its highly classified special access programs, including new language prohibiting unauthorized communications with Congress.

Special access programs (SAPs) involve access and safeguarding restrictions that are more extensive than those that apply to other classified programs. SAPs are nominally established “to protect the Nation’s most sensitive capabilities, information, technologies and operations.”

The new Air Force guidance emphatically limits contacts with Congress concerning SAPs.

“It is strictly forbidden for any employee of the Air Force or any appropriately accessed organization or company to brief or provide SAP material to any Congressional Member or staff without DoD SAPCO [Special Access Program Central Office] approval.  Additionally, the Director, SAF/AAZ will be kept informed of any interaction with Congress.”  See Air Force Policy Directive 16-7, “Special Access Programs,” December 29, 2010.

Secrecy and Classification — Two Diverging Domains

One aspect of the current crisis in classification policy is the growing discrepancy between what is secret and what is classified.  All too often, official classification controls are imposed (or retained) on information that is public, thereby generating confusion and loss of confidence in the integrity of the classification system.  The problem was underscored recently by the government’s response to the publication of classified State Department cables by Wikileaks, which was to insist that they remain classified despite their broad availability.  “So, my grandmother would be allowed to access the cables, but not me,” one official complained to us last month.

The increasing divergence between secrecy and classification is exacerbated by new media for disclosure and publication, and it is not at all limited to U.S. government secrecy policy.  A current controversy in Russia over the alleged publication of classified information provides a vivid illustration of the problem.

The Russian news magazine Kommersant-Vlast has twice been rebuked recently by the Russian Federal Service for Communications (Roskomnadzor) for publishing state secrets, placing the future of that publication in legal jeopardy.  But the purported secrets were all derived from open sources, the magazine explained (pdf), including sources such as Russian government websites.

One of the offending news stories, entitled “All About Missile Forces” and published in December 2009, described the deployment, composition and combat strength of Russian strategic missile forces.  The government said this story included Secret and Top Secret information, and therefore violated the Russian Federation Law on Mass Media.

But in its defense, Vlast-Kommersant argued that this Secret information was not, in fact, secret:  “One of the sources of ‘state secrets’ for Vlast was the official website of the RF President and Commander in Chief.”

In a discussion of “Where to Find ‘State Secrets’,” Vlast writer Mikhail Lukin provided a detailed account of how his publication assembled the story on Russian missile forces by using public databases, search engines, previous news stories and scholarly works, and the public statements of government officials.  “It turns out that the President of Russia, the Minister of Defense, the RVSN Commander-in-Chief, the commanders of missile armies [and others] number among the divulgers of [ostensibly secret] information about [missile] deployment….”

Vlast presented all of this information to the Moscow City Court in a legal challenge to the warnings that it had received from the Russian government.  But in October 2010, the Court ruled against the news magazine, and in favor of the government.

In paradoxical terms that would be familiar to U.S. classification officials, the Moscow Court held that “the fact of the information being published in open sources does not in any way impact on its level of secrecy.”

An appeal to the Russian Supreme Court is pending. See “The Obvious Becomes Secret” by Mikhail Lukin, Kommersant-Vlast, October 26, 2010, translated by the National Virtual Translation Center and obtained by Secrecy News. The Russian original is here.

Leaks to AIPAC Said to be “Common”

The American Israel Public Affairs Committee (AIPAC), the pro-Israel lobby organization, has often received and distributed confidential government information, including classified materials, asserted former AIPAC official Steven J. Rosen in his pending lawsuit against the organization.

“There is evidence that the receipt and distribution of confidential foreign policy information is a common practice for AlPAC,” he argued in a December 14 legal filing (pdf).  The organization disputes that claim.

Mr. Rosen contends that he was wrongfully terminated by AIPAC after he and fellow AIPAC employee Keith Weissman became the subjects of a federal investigation for the unlawful receipt and disclosure of classified information they obtained from former Pentagon official Larry Franklin.  Rosen and Weissman were indicted in 2005 but the federal case against them was withdrawn by prosecutors in 2009.

On previous occasions, Mr. Rosen said in his current lawsuit, “AIPAC condoned the receipt and distribution of classified information.”  In 1984, Rosen recalled, he had received and shared classified information that members of the Libyan UN delegation had provided money to a US presidential candidate’s staff.  His conduct in that matter was supported by the organization, he said.

“There were in fact other situations before the 2004 Larry Franklin matter involving Steven Rosen and Keith Weissman in which AIPAC employees were involved in receiving classified material,” including the 1984 acquisition of a classified US Trade Representative document, some details of which been redacted from the public version of Mr. Rosen’s filing.

The latest developments in the case of Rosen v. AIPAC were reported in “Steve Rosen Fires Back in His Law Suit Against AIPAC” by Nathan Guttman, Forward, December 15. Selected case files are available from the Institute for Research: Middle Eastern Policy here.

An AIPAC spokesman told the Forward that it “strongly disagrees with Mr. Rosen’s portrayal of events and circumstances related to this litigation.” He said that “senior employees at AIPAC testified under oath during this litigation that they had never been involved with seeking or knowingly disclosing classified information as part of their jobs at AIPAC.”

AIPAC has stated that Rosen and Weissman were fired because their behavior “did not comport with standards that AIPAC expects of its employees.”

But Rosen’s December 14 pleading said that there were no AIPAC standards on handling classified information, and therefore he could not have violated them.  “At no time in the 23 years Steven Rosen was employed by AIPAC did the organization provide in writing or orally any guidance or standards that he and other employees were expected to follow regarding the receipt and sharing of secret, sensitive or ‘classified’ information that might be offered by government officials.”