Defense, Critique of NSA Classification Action Released

A persistent controversy involving allegations of overclassification reached a new level of intensity on Friday when the National Security Agency released its explanation for the disputed classification of an NSA email message that was used to support an Espionage Act prosecution.

Also cleared for release on Friday was the 2011 complaint filed by former secrecy czar J. William Leonard which presented a withering critique of the NSA classification decision.

The dispute concerns the validity of the classification of an internal NSA email message entitled “What a Wonderful Success!” that was found in the home of former NSA official Thomas Drake and that served as the basis for a felony charge against him, which was ultimately dismissed.  The email message, which was formally declassified in 2010, was itself publicly released the week before last.

On the surface, at least, the contents of the “What a Wonderful Success!” email message appear harmless and and even banal.  But a newly-disclosed NSA “expert disclosure letter” dated November 29, 2010 said that the mail message was properly classified at the Secret level because “the information contained therein reveals classified technical details of NSA capabilities and a specific level of effort and commitment by NSA.”

That sounds impressively ominous.  But it is false and misleading, according to J. William Leonard, who previously served as the nation’s most senior classification oversight official.  He also served as an expert for the defense in the Drake case.

“As a plain text reading of the ‘What a Success’ document reveals, this explanation is factually incorrect– it contains absolutely no technical details whatsoever,” wrote J. William Leonard, the former director of the Information Security Oversight Office, in a complaint he filed with the current ISOO director, John Fitzgerald, a year ago.

As for the line about revealing “a specific level of effort and commitment by NSA,” Mr. Leonard wrote, “it is also factually incorrect in view of the fact that the document is absolutely devoid of any specificity.”

Instead, “all that is revealed in this otherwise innocuous ‘rally the workforce’ missive is multiple unclassified nicknames with absolutely no reference to the classified purposes, capabilities, or methods associated with the programs or other classified events or initiatives represented by the unclassified nicknames.”

A second newly-disclosed NSA letter dated March 7, 2011 proposed a different rationale for classification of the email message: “This document also discussed NSA efforts related to a malicious computer attack by an external actor or third party on a U.S. government computer system….  The fact that a specific malicious computer activity had been found on a U.S. government computer system or network, and the U.S.’s identification of and/or response to the malicious activity, was classified as SECRET. Unauthorized disclosure… of the success or failure of a malicious computer activity against a U.S. government computer system would provide a determined adversary insight into the strengths and/or vulnerabilities of U.S. government computer systems or networks and allow a more focused intrusion.”

Mr. Leonard concurred that “specific information associated with a malicious attack on a U.S. government computer system could be classified.”  But, he said, “no such information is contained” in the NSA email message.  Moreover, if it had contained such information, “it should rightfully continue to be classified to this day,” which it has not been.

In short, the NSA rationale for classification of the “What a Wonderful Success” email message appears vulnerable to independent scrutiny even — or especially — from a leading proponent of the classification system.

In his formal complaint to the current ISOO director, Mr. Leonard stressed that together with classification authority comes a responsibility to exercise that authority properly, and that “Section 5.5 of the [executive order on classification] treats unauthorized disclosures of classified information and inappropriate classification of information as equal violations of the Order subjecting perpetrators to comparable sanctions.”

In an email message to Secrecy News, Mr. Leonard said he was not particularly urging that the individual who originally composed and classified the email should be sanctioned.  Rather, he said that it was the senior officials who reviewed the email and allowed it to be used as a basis for a felony prosecution who had violated the public trust and needed to be held accountable.

“Through their conduct, these high level officials at both NSA and DoJ have displayed contempt for the critical national security tool of classification. If these individuals are not held accountable for this abuse of the classification system, I cannot imagine any other circumstance warranting accountability for improper classification of information, thus rendering that provision of the executive order utterly feckless.”

The current efforts in the executive branch and in Congress to combat unauthorized disclosures of classified information suffer from a related failing to distinguish between legitimate and illegitimate secrets, he said.

“Notwithstanding the recent plethora of ‘anti-leak’ initiatives, the Government appears unwilling to take one of the most effective and obvious steps they can to protect classified information, i.e. ensure that only truly sensitive information is protected by the classification system in the first place.”

Mr. Leonard’s complaint is still pending at the Information Security Oversight Office, said the current ISOO director, John Fitzpatrick.

“I have great respect for Bill Leonard and admire his high ideals for the classification system,” Mr. Fitzpatrick said in an email message this morning.  “With regard to his complaint, I hesitate to comment in depth, as it is my intent to provide him with a response directly when all inquiries are complete.  I will say that the Order provides clear guidance for resolving the classification questions in his complaint, though it is less clear on the interaction of such issues in the context of criminal prosecution.  It is my aim to address both.”

The story was first reported a year ago in “Complaint Seeks Punishment for Classification of Documents” by Scott Shane, New York Times, August 1, 2011.

“The more that classification is used to hide the trivial, inconvenient or embarrassing, the less useful it is for genuine national security secrets,” the Washington Post wrote in an editorial on Saturday about Mr. Leonard’s complaint.  See “Is the U.S. classification system dysfunctional?”, July 28, 2012.

One Response to “Defense, Critique of NSA Classification Action Released”

  1. C Ronk July 30, 2012 at 12:35 PM #

    “In an email message to Secrecy News, Mr. Leonard said he was not particularly urging that the individual who originally composed and classified the email should be sanctioned. Rather, he said that it was the senior officials who reviewed the email and allowed it to be used as a basis for a felony prosecution who had violated the public trust and needed to be held accountable.”

    Minor observation: with great respect for Mr. Leonard, the “held accountable” phrase is hackneyed and, I think, ineffective. If Mr. Drake can be prosecuted, and so easily, then so should the top guns for abusing the classification power, and so should those calling for accountability for such abuse start calling more frankly for such criminal prosecutions. The law goes both ways, at least it is supposed to. If it doesn’t, this aspect of classification reform, or secrecy reform (which is what it should be called), will have zero credibility.

    P.S. Steven – the Captcha is very hard to read sometimes.