Posts from February, 2011

Administering Classification Policy at ODNI

At the Office of the Director of National Intelligence, “The original classification of information is rarely necessary,” according to an October 2010 ODNI Instruction.  But that’s because most relevant information is already classified.  There is not much need for new classification activity.

Several recent ODNI Instructions that govern the administration of the classification and declassification programs within the Office were released this week under the Freedom of Information Act (all pdf):

“Classification of ODNI Information,” ODNI Instruction 80.12, October 25, 2010.

“Original Classification Authority Delegation,” ODNI Instruction 80.16, October 21, 2010.

“ODNI Director, Information Management,” ODNI Instruction 10.20, May 18, 2009.

“Particular care should be exercised to avoid both over and under classifying ODNI information,” the Instructions say.

CIA Assesses Flooding in North Korea

CIA analysts studied data on major floods due to rainfall in North Korea since 1996 in order to devise a framework for evaluating the significance of such floods and their likely consequences for North Korean agriculture.

The analysts identified four principal variables:  the intensity of the rainfall, the location of the rainfall, the time of year, and damage to non-agricultural infrastructure.

“Rainfall intensity and geography of flooding appear to be key variables with the most impact,” their report (pdf) said. “Critical periods in the agricultural growth cycle — for sowing, growing, and harvesting — and the scope and severity of infrastructure damage are compounding variables that can magnify the impact of major floods in key food producing areas.”

All four elements were present in 1996 and 2007, when flooding produced the most severe agricultural impact.  But using the methodology described, analysts judge that the cumulative impact of two instances of heavy rain in 2010 “has been relatively low.”

A copy of the CIA report was obtained by Secrecy News.  See “North Korea: Assessing the Impact of Flooding on Agricultural Output,” CIA Open Source Works, December 15, 2010.

Accessing WikiLeaks Violates Espionage Act, USAF Says

Updated below to reflect withdrawal of the new Air Force guidance

Americans who have accessed the WikiLeaks web site may have violated the Espionage Act, under an extreme interpretation of the law advanced by Air Force officials last week.

Many government agencies have instructed their employees not to download classified materials from the WikiLeaks web site onto unclassified computer systems.  The government’s position is that although the material is in the public domain, its classification status is unaffected.  Therefore, to preserve the integrity of unclassified systems, the leaked classified information should not be accessed on such systems.  If it is accessed, it should be deleted.

But on February 3, Air Force Materiel Command (AFMC) at Wright-Patterson Air Force Base issued startling new guidance stating that the leaked documents are protected by the Espionage Act and that accessing them under any circumstances is against the law, not simply a violation of government computer security policy.

“According to AFMC’s legal office, Air Force members — military or civilian — may not legally access WikiLeaks at home on their personal, non-governmental computers, either. To do so would not only violate the SECAF [Secretary of the Air Force] guidance on this issue,… it would also subject the violator to prosecution for violation of espionage under the Espionage Act,” the AFMC legal office said.

Then, in an astounding interpretive leap, the AFMC went on to say that similar prohibitions apply to the relatives of Air Force employees.

“If a family member of an Air Force employee accesses WikiLeaks on a home computer, the family member may be subject to prosecution for espionage under U.S. Code Title 18 Section 793.”

This is a breathtaking claim that goes far beyond any previous reading of the espionage statutes.

“That has to be one of the worst policy/legal interpretations I have seen in my entire career,” said William J. Bosanko, director of the Information Security Oversight Office, by email.

If taken seriously for a moment, the AFMC guidance raises a host of follow-on questions.  What if a family member accessed WikiLeaks on a computer outside the home?  What if a non-family member accessed WikiLeaks on the home computer?  What if one learns that a neighbor has accessed WikiLeaks in the neighbor’s home?  Is the Air Force employee obliged to intervene or to report the violation to authorities?  And how could any of this possibly be constitutional?

Since the AFMC guidance is not based in existing case law or past practice, these questions have no immediate answers.

Last December, a Department of Homeland Security official complained to Secrecy News that government policy on WikiLeaks produced the incongruous result that “my grandmother would be allowed to access the cables but not me.”  But if the new Air Force guidance can be believed, this is incorrect because the official’s grandmother would be subject to prosecution under the Espionage Act.

In reality, there does not seem to be even a remote possibility that anyone’s grandmother would be prosecuted in this way.

Instead, ironically enough, the real significance of the new AFMC guidance could lie in its potential use as evidence for the defense in one of the pending leak prosecutions under the Espionage Act.  Defendants might argue that if the Espionage Act can be seriously construed by Air Force legal professionals to render a sizable fraction of the American public culpable of espionage, then the Act truly is impermissibly broad, vague and unconstitutional.

For a standard view of the general subject see “The Protection of Classified Information: The Legal Framework” (pdf), Congressional Research Service, January 10, 2011.

Update: Josh Gerstein at Politico was told by the Air Force Monday afternoon that the AFMC guidance “is being taken down pending a further review of the legal opinions it was based on.”

However, several copies of the AFMC statement were also entered into the Lexis-Nexis database by States News Service, Targeted News Service and US Fed News. Those remain in circulation and unaffected.

Update 2: Air Force Lt. Col. Richard Johnson provided this statement on the evening of February 7:

“Air Force Materiel Command (AFMC) recently published an internal news story that discussed the implications of downloading presumed classified information from WikiLeaks. The release was not previously coordinated with Headquarters Air Force and has been removed from the AFMC website. The Air Force has provided guidance to military members and employees to avoid downloading what could be classified information into Air Force unclassified networks and reminded them that publication of information does not itself constitute declassification of such information. The Air Force guidance did not address family members who are not Air Force members or employees. The Air Force defers to the Department of Justice in all non-military matters related to WikiLeaks.”

Stephen Kim Leak Defense Cites Overclassification

“The government routinely overclassifies information,” so the mere fact that something is classified is not sufficient to establish that its unauthorized disclosure is prohibited by law, according to a defense motion (pdf) that was filed last week in the case of former State Department contractor Stephen Kim.  Mr. Kim was accused under the Espionage Act of leaking classified information to a news reporter, reportedly concerning North Korth’s nuclear test program.

“There is no better evidence of this gross overclassification than this very case,” the January 31 defense motion said.  “Even though the news media has reported extensively on this case, including reporting on the name of the ‘foreign country’ it believes is at issue…, the prosecution claims that the name of that ‘foreign country’ is classified.”

“Because the system of classification is an imperfect one, the court cannot simply interpret [the espionage statutes] to provide adequate constitutional notice any time the matter at hand pertains to a government employee alleged to have leaked classified information,” the defense said in its motion to dismiss the charges against Mr. Kim.

Defense attorneys also argued that “leaking is widespread and has become an essential tool that is frequently employed by officials at every level of government.”  Yet prosecutions for leaking are comparatively rare, thereby resulting in “arbitrary and discriminatory enforcement.”  (See related coverage from Josh Gerstein and Marcy Wheeler.)

Perhaps the most interesting and original legal argument presented by the defense is that the use of the Espionage Act to punish unauthorized disclosures of classified information is an improper attempt to expand the definition of treason, whose scope is strictly limited by the Constitution.

The defense explained in a separate January 31 motion (pdf) that the framers of the Constitution, who were themselves “traitors” against the British, deliberately chose to limit the definition of political crimes against the nation to “levying war against [the United States], or… adhering to their Enemies, giving them Aid and Comfort.”  This definition of treason excluded other types of political actions against the government.  In particular, the defense argued, it meant that acts of speech against the government could not be punished as treason.

“Today we typically look to the First Amendment to protect the freedom of speech, but the Framers of the original Constitution expected the Treason Clause to do some heavy lifting on that front, particularly because the First Amendment… was not added to the Constitution until later.”

What is happening now, the defense said, is that “the government has taken conduct it alleges to have injured the state [namely leaking] and squeezed it into a successor statute [the Espionage Act] that punishes treason under a different name, but without providing Mr. Kim with the substantive and procedural guarantees that he is entitled to under the Constitution” in a case of treason, such as a requirement for the government to produce two witnesses to the alleged crime.

Mr. Kim is represented by Abbe D. Lowell and his colleagues at McDermott Will & Emery.  Government responses to the defense motions are due March 2.

CIA Views Russian Concerns Over Iran’s Space Program

Russian experts are persuaded that Iran’s space program is serving to advance development of intercontinental ballistic missiles that could be used against targets throughout the Middle East and Russia, according to a CIA review of open source reporting.

“Over the past year Moscow appears to have become more worried about the security implications of assisting Tehran with the further development of its space capability,” the November 2010 CIA report (pdf) said.

The CIA document was first reported by Bloomberg News (“Russian Scientists Worried Iran Uses Their Know-How for Missiles” by Roxana Tiron and Anthony Capaccio, February 3). A copy was obtained by Secrecy News. See “Russia: Security Concerns About Iran’s Space Program Growing,” CIA Open Source Works, November 16, 2010.

On February 7, Iranian officials displayed four new prototype satellites that they said would be launched in the near future.

Political Transition in Tunisia, and More from CRS

Noteworthy new reports from the Congressional Research Service include the following (all pdf).

“Political Transition in Tunisia,” February 2, 2011.

“National Security Letters: Proposals in the 112th Congress,” February 1, 2011.

“Murder or Attempted Murder of a Member of Congress and Other Federal Officials and Employees: Implications in Federal Criminal Law and Procedure of Events in Tucson,” January 25, 2011.

“The U.S. Foreign-Born Population: Trends and Selected Characteristics,” January 18, 2011.

JASON Proposes a “Library of Congress” for Pathogens

In order to help determine the origins of microbial threats in terrorist incidents or epidemics, it would be useful to have a deep archive of various strains of lethal bacteria, the JASON defense advisory panel told the National Counterproliferation Center in a newly released 2009 report (pdf).

Because of the natural variation in the microbes of interest, “we believe that a ‘Library of Congress’ for microbial pathogens is needed,” the JASONs said.

“This library would consist of strains collected worldwide by methods that preserve sample properties, and capture all relevant data (e.g. geolocation, local environmental conditions). It should include laboratory isolates, natural isolates, and DNA sequence data.”

Actually, it seems that the nucleus of such a library already exists.

“We were impressed with the efforts of the National Bioforensic Reference Collection along these lines.  The NBRC was initiated in October 2005 to receive and store reference materials for forensic analyses.  It currently has more than 30,000 samples of bacteria, viruses, and toxins, from both select and non-select agents, and is authorized to handle classified materials,” the JASONs said.

The JASON report assesses the current state of “microbial forensics,” which refers to the characterization of microbe samples in terrorism or law enforcement cases to establish their origins.

For reasons explained in the report, the forensic task is not a simple one.  In fact, “it is never possible to definitively link a sample to an attack based on genetic evidence alone.”

A copy of the JASON report was obtained by the Federation of American Scientists under the Freedom of Information Act.  See “Microbial Forensics,” JASON report JSR-08-512, May 2009.

Confronting Neglected Tropical Diseases

There are seventeen so-called Neglected Tropical Diseases (NTDs), such as Chagas disease, dengue fever and leprosy, that are found in some 149 countries, a new report (pdf) from the Congressional Research Service explains.

“Estimates indicate that some 2 billion people are at risk of contracting an NTD, of whom more than 1 billion people are afflicted with one or more. Roughly 534,000 people are believed to be killed by an NTD annually. Although these diseases are concentrated among the world’s poor, population shifts and climate change increase the vulnerability of the United States to some of these diseases, particularly Chagas disease and dengue,” the CRS report said.

Efforts to combat the diseases, and the challenges facing those efforts, are described by the CRS in “Neglected Tropical Diseases: Background, Responses, and Issues for Congress,” January 21, 2011.

Another Word on Diane Roark and Intelligence Oversight

A January 31 Secrecy News item on “Diane Roark and the Drama of Intelligence Oversight” focused on the personal friction and hostility that are sometimes generated by the intelligence oversight process.  Unfortunately, what I wrote did an injustice to Ms. Roark, the former House Intelligence Committee staffer, and to Thomas Drake, the former National Security Agency official, as well as to the larger issues involved.

I should have made it clear that I do not endorse the criticism of Ms. Roark that was expressed by Barbara McNamara, another NSA official.  On the contrary, under prevailing circumstances the “intrusiveness” that Ms. Roark was accused of is likely to be a virtue, not a defect.  It is the NSA, not Ms. Roark, that stands accused of mismanaging billions of dollars and operating in violation of the Foreign Intelligence Surveillance Act.

Ms. Roark together with Thomas Drake and others did exactly what they should have done by bringing their concerns about NSA mismanagement to the attention of the DoD Inspector General, among other things.  Significantly, they had nothing to gain for themselves.  Their actions did not embody any motive of personal interest or self-aggrandizement, but something more like the opposite.  They were acting in the public interest, as they understood it.  That they (and especially Mr. Drake, who is now under indictment) are suffering for it is a worrisome sign of a broken system.

I also should not have repeated the insinuation in the Drake indictment that he and Ms. Roark had an intimate relationship.  This would be irrelevant in any case, but in this case it is also false.

My apologies to Ms. Roark and Mr. Drake.

ISOO Spurs Agencies to Perform Classification Review

In a focused effort to combat overclassification, President Obama has ordered executive branch agencies to conduct a “Fundamental Classification Guidance Review.”  The two year Review process, mandated in the December 2009 executive order 13526 (sect. 1.9) is intended to identify and eliminate obsolete classification requirements in current agency policies.

Last week, the Information Security Oversight Office (ISOO) told selected senior agency officials that the Review is more than a formality, and that they must make a serious commitment to its implementation.

“The scope of this review needs to be systematic, comprehensive, and conducted with thoughtful scrutiny involving detailed data analysis,” wrote ISOO director William J. Bosanko in a memorandum (pdf) dated January 27.

Merely rubber-stamping the status quo is not going to be enough, he explained to the senior agency officials.

“Please be advised that a review conducted only by the pertinent original classification authority is not sufficient.”  Instead, “the broadest possible range of perspectives” shall be brought to bear on reviewing agency classification guidance.

Moreover, the resulting recommendations for eliminating obsolete classification guidance should be clear and actionable.

“Agencies should be specific in their determinations as to what no longer requires protection,” Mr. Bosanko wrote.  “An example would be a specific part of a weapon system versus the weapon system as a whole. The user of the guide must be able to identify the specific element of information that does or does not require protection.”

Interim status reports on agency progress are to be provided every six months, Mr. Bosanko advised.

The present Fundamental Classification Guidance Review is loosely modeled on the Fundamental Classification Policy Review that was performed by the Department of Energy in the mid-1990s.  That Review led to the declassification by DOE of numerous areas of classified information that had ceased to be sensitive (as well as increased protection for a smaller number of other areas deemed highly sensitive).

Until now, a similar approach has never been tried on a government-wide basis.  If diligently implemented, it holds the promise of a measurable reduction in the scope of national security secrecy.  On the other hand, if it does not produce meaningful results, then the prospects for classification reform will become vanishingly small.