Posts from May, 2012

Proliferation of Precision Strike, and More from CRS

New and updated reports from the Congressional Research Service that Congress has instructed CRS not to release to the public include the following.

Proliferation of Precision Strike: Issues for Congress, May 14, 2012

By one official reckoning, there were 35 terrorist incidents in the United States between 2004 and 2011.  See The Domestic Terrorist Threat: Background and Issues for Congress, May 15, 2012

It costs $179,750 per hour to operate Air Force One, the President’s official aircraft, according to the latest cost data from the Air Force.  See Presidential Travel: Policy and Costs, May 17, 2012

How FDA Approves Drugs and Regulates Their Safety and Effectiveness, May 18, 2012

Submission of the President’s Budget in Transition Years, May 17, 2012

Canadian oil sands are 14-20% more greenhouse-gas-intensive than the crude oil they would replace in U.S. refineries.  The effect of the Keystone XL pipeline would be to increase the U.S. greenhouse gas footprint by 3-21 million metric tons, equal to the greenhouse emissions from 588,000 to 4 million passenger vehicles.  See Canadian Oil Sands: Life-Cycle Assessments of Greenhouse Gas Emissions, May 15, 2012

Discretionary Spending in the Patient Protection and Affordable Care Act (ACA), May 18, 2012

Economic Recovery: Sustaining U.S. Economic Growth in a Post-Crisis Economy, May 17, 2012

Troubled Asset Relief Program (TARP): Implementation and Status, May 18, 2012

The Global Fund to Fight AIDS, Tuberculosis, and Malaria: Issues for Congress and U.S. Contributions from FY2001 to FY2013, May 15, 2012

Taiwan: Major U.S. Arms Sales Since 1990, May 17, 2012

DoD Establishes Civil Liberties Program

The Department of Defense today issued an Instruction that established the DoD Civil Liberties Program.

“It is DoD policy to protect the privacy and civil liberties of DoD employees, members of the Military Services, and the public to the greatest extent possible, consistent with its operational requirements,” the Instruction states.

DoD commits itself to considering privacy and civil liberties in the formulation of DoD policies, the non-retention of privacy information without authorization, and the availability of procedures for receiving and responding to complaints regarding violations of civil liberties.

See “DoD Civil Liberties Program,” DoD Instruction 1000.29, May 17, 2012.

NATO Summit Meeting in Chicago, and More from CRS

The North Atlantic Treaty Organization will hold its 2012 summit meeting in Chicago on May 20-21.  The meeting, hosted by President Obama, will be closed to the public.  The assembled heads of state are expected to discuss the future of the conflict in Afghanistan; NATO defense issues, including the possible reconsideration of the role of nuclear weapons in NATO; and other matters.

A preview of the NATO summit meeting was presented in a new report from the Congressional Research Service.  See NATO’s Chicago Summit, May 14, 2012.

Other new and updated CRS reports that were obtained by Secrecy News include the following.

Ukraine: Current Issues and U.S. Policy, May 10, 2012

U.S. Assistance Programs in China, May 11, 2012

Bahrain: Reform, Security, and U.S. Policy, May 14, 2012

Medicare Financing, May 11, 2012

Medicare: History of Insolvency Projections, May 11, 2012

Job Growth During the Recovery, May 10, 2012

Foreign Direct Investment in the United States: An Economic Analysis, May 10, 2012

Outsourcing and Insourcing Jobs in the U.S. Economy: Evidence Based on Foreign Investment Data, May 10, 2012

Keystone XL Pipeline Project: Key Issues, May 9, 2012

Immigration of Foreign Nationals with Science, Technology, Engineering, and Mathematics (STEM) Degrees, May 11, 2012

Federal Labor Relations Statutes: An Overview, May 11, 2012

FEMA’s Community Disaster Loan Program: History, Analysis, and Issues for Congress, May 10, 2012

How Measures Are Brought to the House Floor: A Brief Introduction, May 14, 2012

Carbon Capture and Sequestration (CCS): A Primer, May 14, 2012

The Presidential Nominating Process and the National Party Conventions, 2012: Frequently Asked Questions, May 14, 2012

Secrecy News will be back next week.

NSA Declassifies Secret Document After Publishing It

The National Security Agency last week invoked a rarely-used authority in order to declassify a classified document that was mistakenly posted on the NSA website with all of its classified passages intact.

The article is a historical study entitled Maybe You Had to Be There: The SIGINT on Thirteen Soviet Shootdowns of U.S. Reconnaissance Aircraft.  It was written by Michael L. Peterson and was originally published in the classified journal Cryptologic Quarterly in 1993.

Late in the afternoon of May 11 (not May 9 as stated on the NSA website), the NSA published a formally declassified version of the article with the annotation “Declassified and approved for release by NSA… pursuant to E.O. 13526 section 3.1(d)….”

Section 3.1(d) of executive order 13526 permits the declassification of properly classified information when there is an overriding public interest in doing so.  It is almost never cited and it is hard to think of another occasion when it has been used by any government agency to justify declassification.  It reads:

“3.1(d) It is presumed that information that continues to meet the classification requirements under this order requires continued protection.  In some exceptional cases, however, the need to protect such information may be outweighed by the public interest in disclosure of the information, and in these cases the information should be declassified.  When such questions arise, they shall be referred to the agency head or the senior agency official.  That official will determine, as an exercise of discretion, whether the public interest in disclosure outweighs the damage to the national security that might reasonably be expected from disclosure….”

So what was “exceptional” about this particular NSA historical study?  What was the overriding public interest in it that justified its complete declassification despite its presumed eligibility for continued classification?  What unavoidable damage was expected to result from its disclosure?  The NSA Public Affairs Office refused to answer these questions, despite repeated inquiries.

In fact, NSA was being disingenuous by invoking section 3.1(d).  There was nothing exceptional about the contents of the document, and there was no overriding public interest that would have compelled its disclosure if it had been properly classified.  Nor is any national security damage likely to follow its release.

Rather, the hasty NSA declassification action was intended to conceal the fact that NSA had mistakenly published the full classified text of the document on its website two days earlier, after having rebuffed regular requests for declassification.

In response to a May 2009 Mandatory Declassification Review request from aerospace writer Peter Pesavento, NSA had previously released a heavily redacted version of the article.  Mr. Pesavento appealed the case to the Interagency Security Classification Appeals Panel, and last month the Panel agreed that some additional portions of the document could be declassified, while the rest should remain classified.  The partially declassified document was still working its way through the appeal system and had still not been provided to Mr. Pesavento.

But then on May 9, the National Security Agency inexplicably published the entire document on its website.  Instead of censoring the text by blacking out the classified portions, those portions were actually highlighted, leaving the document fully available to startled readers.  After we contacted the NSA on May 10 to inquire about the classification status of the document, it was immediately removed from the NSA site.

But we retained a copy of the uncensored classified article as published by the NSA, which is available here.

Secrecy News submitted several questions to NSA Public Affairs last week about the classified document, and we indicated our intention to publish it ourselves since it did not appear to meet current classification standards.  NSA officials asked for a four-day extension of our deadline to give them time to respond to our questions, and we agreed.  But that proved to be a futile gesture on our part, since the NSA Public Affairs Office in the end refused to answer any of the questions we posed.  In retrospect, it appears that NSA never intended to answer any of our questions but simply wanted to preempt the reposting of the classified document by hastily declassifying it.

The newly disclosed article was originally classified SECRET SPOKE.  SPOKE is a now-defunct classification compartment for communications intelligence, explained intelligence historian Jeffrey Richelson, who first spotted the uncensored NSA publication online.  (It so happens that Dr. Richelson’s own work is cited in the article.)

In the classified version of the article that was posted online by NSA, all of the classified paragraphs of the article were marked with the basis for their classification.  In most cases, this was section 1.4(c) of the executive order on classification, which pertains to “intelligence activities, intelligence sources or methods, or cryptology.”  In some cases, the basis for classification was section 1.4(d) on “foreign relations or foreign activities of the United States, including confidential sources.’  In a couple of other cases, the justification cited was Public Law 86-36, which is the National Security Agency Act, a statutory non-disclosure provision.  A week ago, this material purportedly posed a threat of “serious damage” to national security if disclosed.  Now all of it has been made public.

While communications intelligence is among the most sensitive categories of national security information, this article is clearly remote from any contemporary security issues.  It reviews the record of signals intelligence coverage of thirteen episodes in which Soviet forces shot down U.S. aircraft.  But those incidents occurred between 1950 and 1964 — or many generations ago in terms of intelligence technology and practice.

On the other hand, the article does present what appears to be some valuable “new” information including some fine details about SIGINT coverage of the U-2 incident in May 1960.

But the author himself acknowledged that all of this is ancient history.

“Looking back over forty years,” he wrote in the conclusion of his 1993 paper, “it may be difficult to give sufficient weight to the level of anxiety over and ignorance about the Soviet Union experienced by Americans.  Moreover, the fear of another Pearl Harbor was very real.  The airborne reconnaissance program helped reduce these fears by erasing the ignorance.”

“Little of this concern prevails today,” he noted.  “Why all the fuss? Maybe you had to be there.”

But even “being there” does not help one to understand the erratic NSA classification practices reflected in this case.  NSA classification policy seems to be completely untethered from contemporary national security threats.

Among other things, the NSA’s abrupt declassification of the the document shows that the Interagency Security Classification Appeals Panel needs to recalibrate its document review procedures.  It is now clear that the Panel was unduly deferential to NSA, and that it erred last month by giving credence to the NSA’s claims that portions of the document warranted continued classification.  Today, not even the NSA says that.

Understanding China’s Political System, and More from CRS

New and updated reports from the Congressional Research Service that Congress has instructed CRS not to make publicly available include the following.

Understanding China’s Political System, May 10, 2012

Youth and the Labor Force: Background and Trends, May 10, 2012

Vulnerable Youth: Employment and Job Training Programs, May 11, 2012

Pakistan’s Nuclear Weapons: Proliferation and Security Issues, May 10, 2012

Comparison of Rights in Military Commission Trials and Trials in Federal Criminal Court, May 9, 2012

Immigration-Related Worksite Enforcement: Performance Measures, May 10, 2012

Afghanistan Casualties: Military Forces and Civilians, May 10, 2012

Pentagon Moves to Combat the “Insider Threat”

The Department of Defense has issued a new Instruction defining its response to the “insider threat” from Department personnel who engage in unauthorized disclosures of information or other activities deemed harmful to national security.

The new Instruction assigns responsibilities and authorities for systematically detecting “anomalous” employee behavior that may be an indication of an insider threat.

An insider threat is defined as “A person with authorized access, who uses that access, wittingly or unwittingly, to harm national security interests or national security through unauthorized disclosure, data modification, espionage, terrorism, or kinetic actions resulting in loss or degradation of resources or capabilities.”

A subset of the insider threat is the counterintelligence (CI) insider threat, which refers to an authorized individual who uses his access on behalf of a “foreign intelligence entity.”

A foreign intelligence entity (FIE) is “Any known or suspected foreign organization, person, or group (public, private, or governmental) that conducts intelligence activities to acquire U.S. information, blocks or impairs U.S. intelligence collection, influences U.S. policy, or disrupts U.S. systems and programs.”

All heads of DoD components are now instructed to “implement CI insider threat initiatives to identify DoD-affiliated personnel suspected of or actually compromising DoD information on behalf of an FIE.”

All military departments are expected to “conduct anomaly-based detection activities.”

See “Countering Espionage, International Terrorism, and the Counterintelligence (CI) Insider Threat,” DoD Instruction 5240.26, May 4, 2012.

The new Instruction complies with a congressional mandate in the FY2012 defense authorization act that was passed last year in response to the WikiLeaks disclosures.

What is National Security “Partnership”? And More from CRS

New and updated reports from the Congressional Research Service that Congress has not made publicly available include the following.

In Brief: Clarifying the Concept of “Partnership” in National Security, May 4, 2012

U.S. Nuclear Cooperation With India: Issues for Congress, May 7, 2012

Japan-U.S. Relations: Issues for Congress, May 4, 2012

U.S. Spent Nuclear Fuel Storage, May 3, 2012

Interest Rates on Subsidized Stafford Loans to Undergraduate Students, May 4, 2012

Racial Profiling: Legal and Constitutional Issues, April 16, 2012

Trade Primer: Qs and As on Trade Concepts, Performance, and Policy, April 16, 2012

Judicial Activity Concerning Enemy Combatant Detainees: Major Court Rulings, April 6, 2012

USAF Drones May Conduct “Incidental” Domestic Surveillance

U.S. Air Force policy permits the incidental collection of domestic imagery by unmanned aerial systems (drones), but ordinarily would not allow targeted surveillance of a U.S. person.  The Air Force policy was restated in a newly reissued instruction on oversight of Air Force intelligence.

“Air Force Unmanned Aircraft System (UAS) operations, exercise and training missions will not conduct nonconsensual surveillance on specifically identified US persons, unless expressly approved by the Secretary of Defense, consistent with US law and regulations,” the instruction stated.

On the other hand, “Collected imagery may incidentally include US persons or private property without consent.”

“Collecting information on specific targets inside the US raises policy and legal concerns that require careful consideration, analysis and coordination with legal counsel.  Therefore, Air Force components should use domestic imagery only when there is a justifiable need to do so, and then only IAW [in accordance with] EO 12333, the National Security Act of 1947, as amended, DoD 5240.1-R, and this instruction,” it said.

Legally valid requirements for domestic imagery, the instruction said, include surveillance of natural disasters, environmental studies, system testing and training, and also counterintelligence and security-related vulnerability assessments. Air Force units are authorized to acquire domestic commercial imagery for such validated purposes.

However, “Air Force intelligence components must not conduct or give the appearance of conducting collection, exploitation or dissemination of commercial imagery or imagery associated products for other than approved mission purposes.”  See “Oversight of Intelligence Activities,” Air Force Instruction 14-104, April 23, 2012.

Another new Air Force Instruction deals with the basic operation of Small Unmanned Aerial Systems in domestic and foreign environments.  Among other things, it recommends caution in the use of non-uniformed personnel in conducting drone combat missions.

“To ensure the noncombatant status of civilians and contractors is not jeopardized, commanders shall consult with their servicing judge advocate office for guidance before using civilian or contractor personnel in combat operations or other missions involving direct participation in hostilities,” the instruction advised.  See “Small Unmanned Aircraft Systems Operations,” Air Force Instruction 11-502, volume 3, April 26, 2012.

In its new mark of the FY2013 defense authorization bill, the House Armed Services Committee is proposing to provide the Air Force with even more money than it requested for its Predator and Reaper drone programs.  See “Congress Funds Killer Drones the Air Force Says It Can’t Handle” by Spencer Ackerman, Wired Danger Room, May 7, 2012.

What Is A Cyber Threat?

Cyber security is a “nebulous domain… that tends to resist easy measurement and, in some cases, appears to defy any measurement,” according to a report issued in March by Sandia National Laboratories.

In order to establish a common vocabulary for discussing cyber threats, and thereby to enable an appropriate response, the Sandia authors propose a variety of attributes that can be used to characterize cyber threats in a standardized and consistent way.

“Several advantages ensue from the ability to measure threats accurately and consistently,” the authors write. “Good threat measurement, for example, can improve understanding and facilitate analysis. It can also reveal trends and anomalies, underscore the significance of specific vulnerabilities, and help associate threats with potential consequences. In short, good threat measurement supports good risk management.”

See “Cyber Threat Metrics” by Mark Mateski, et al, Sandia National Laboratories, March 2012.