Posts categorized as Secrecy RSS feed for this section

Prioritizing Topics for Declassification

The Public Interest Declassification Board, which advises the President on classification and declassification policy, is proposing to recommend that certain historically significant topics and events be prioritized for expedited declassification.

The Board has invited public input into the formulation of its recommendations for prioritization, which currently fall into five broad categories:  Topics 25 Years Old and Older, Topics 25 Years Old and Younger, Topics Related to Formerly Restricted Data (FRD) Information, General Topics of Interest, and Topics Specifically Gathered from Presidential Libraries.

The working list of potential declassification topics that are less than 25 years old includes many worthy subjects including, for example, 9/11 Commission records and “Guantanamo / Detainee issues.”  On the other hand, it does not yet include many other high priority items for declassification, such as the Senate Intelligence Committee’s massive report on CIA interrogation practices.

“We invite the public to comment on these topics and offer its own suggestions on what should be on this list of topics younger than 25 years,” the Board statement said. “We hope the List will serve as a guide to aid agencies in reviewing the information the public wants to see.  This is your opportunity to spark a much-needed conversation about the sustainability of the current declassification system and what our priorities collectively should be to make the most impact.”  Comments can be submitted through the Board’s blog, Transforming Classification.

But Is Prioritizing Declassification Topics the Right Approach?

There is a longstanding disagreement over whether it is appropriate to prioritize some areas for declassification because of their topicality, or whether it is better to gradually declassify everything in an orderly and systematic way.  (Or whether the right answer, as I thought, was to do some of both.)

Some have argued that prioritization of special declassification projects is the wrong way to go.

“If effective, routine, comprehensive systematic declassification review were in place for all agencies, and if the public believed in the integrity and thoroughness of those review processes, then important documentation… would be routinely reviewed and declassified without an expensive special search,” said Rutgers historian Warren F. Kimball at a 2000 hearing of the Senate Committee on Governmental Affairs.

“Those boutique declassification efforts… devour resources that should go to systematic declassification review,” Prof. Kimball said then. “Some of those special searches have been legitimate. Some have been trivial. Many have been repetitive and unrewarding…. All have been exorbitantly expensive in both money and work hours. All were or should have been unnecessary.”

Not only are topic-based “special searches” more resource-intensive than regular, systematic declassification, but they may also subtly distort the historical record by removing individual documents from their context, and by favoring “popular” topics over others whose deeper significance may be unrecognized.

That may all be true, say proponents of prioritization.  But the reality is that many records that are supposedly “historically valuable” are of no interest to anyone, and will not be read even if they are declassified.  And besides, the current systematic declassification review  program cannot keep up with the current and anticipated declassification workload.  So in practice, there is little choice but to prioritize.

Whichever argument seems more persuasive, the Public Interest Declassification Board, composed of presidential and congressional appointees, has now tipped the balance in favor of prioritization.  The support of the Board doesn’t guarantee that it will happen, but it makes the issue a newly live one.

If prioritization of particular declassification topics does go forward, then there are important questions to consider beyond the identification of the topics themselves. One question is, how can the declassification of the prioritized topics be made as productive as possible?  Another question is, what happens to all the documents that are not prioritized?

Revise the Standards for Prioritized Declassification

Specialized declassification projects have the greatest impact when they do more than simply move a particular topic to the front of the queue for declassification. The best of them, like the one performed by the JFK Assassination Records Review Board, also involve revised standards for declassifying the prioritized information in order to maximize disclosure.

Interestingly, it appears that agencies already tend to be more forthcoming in declassification projects that they initiate themselves than they are when applying legacy declassification standards in response to FOIA requests. This is true even (or especially) in the case of secrecy-intensive organizations like CIA or NSA. (The CIA and the National Declassification Center will sponsor a symposium in January on the history of the Berlin Wall featuring some newly declassified documents.)

In any event, the utility of the prioritization approach to declassification could be maximized if the adoption of a prioritized topic were accompanied by an appropriate revision of declassification criteria to ensure that only the least necessary amount of information relevant to the topic will be withheld. (Ideally, such a revision of project-related declassification standards would be performed or supervised by an independent third party, such as the Interagency Security Classification Appeals Panel.)

An updated review of classification and declassification criteria is clearly necessary in order to overcome residual, obsolete barriers to disclosure.

When DNI James Clapper released voluminous records concerning foreign intelligence surveillance programs last week, he noted that “President Obama directed me to declassify and make public as much information as possible about certain sensitive programs while being mindful of the need to protect sensitive classified intelligence activities and national security.”

The tacit implication was that without the President’s direction, the DNI would not “declassify and make public as much information as possible….”  Similar direction to “declassify as much as possible” ought to be applied in the case of each prioritized declassification project.

Set a Drop Dead Date for Classification to Expire

A necessary consequence of prioritization of some records for declassification is that other records will be pushed back in the queue. What this means is that, without remedial action, more and more records may never be declassified.

President Obama’s executive order 13526 declared for the first time that “No information may remain classified indefinitely” (section 1.5d).  But it is not clear how that dictum is to be translated into actual declassification policy.

Records that were exempted from “automatic declassification” at 25 years were supposed to be automatically declassified beginning at the end of this year when they turned 50 years old.  Exceptions had been provided for records that revealed the identities of human intelligence sources or of key design concepts for weapons of mass destruction.  In practice, however, it appears that much more than such narrow categories will now be withheld.  According to a January 23, 2013 notice from the Information Security Oversight Office, numerous agencies have been granted authority to exempt records from declassification even at the 50 year point.

Unfortunately, this continuing deferral of declassification compounds the problem and may take it beyond any practical resolution.

What is needed instead is a “drop dead date” beyond which classification controls will simply expire.  Records of a certain age would not need to be “reviewed” for declassification. In fact, they would not need to be formally “declassified” at all. Rather, their status as classified records would just terminate.

A drop dead date would be consistent with the President’s direction that classification cannot continue indefinitely.  And as backlogs of classified records continue to accumulate, this approach would finally cut through the endless and increasingly intractable cycle of declassification review.

If, as the PIDB recommends, some records are going to be prioritized for declassification, then new consideration should be given to a drop dead date for all of those classified records that remain “unprioritized” for decade after decade.

In its version of the pending FY 2014 intelligence authorization bill (section 307), the Senate Intelligence Committee proposed to extend the charter of the Public Interest Declassification Board from December 2014, when it would otherwise expire, to December 2018.

IG Finds Classification Program at EPA Full of Errors

A new review by the Inspector General of the U.S. Environmental Protection Agency found that classified documents at the Agency are riddled with errors.

Because the EPA has a minuscule classification program that hardly generates any classified material, it may be seen as a microcosm of the larger classification system. Only eight original classifications have been approved since the EPA Administrator was given authority to classify by President Bush in 2002, with a modest number of derivative classifications based on those.

Even so, the Inspector General wrote, “Our review of both originally and derivatively classified documents generated by three offices found that the EPA does not sufficiently follow national security information classification standards.”

“Of the two originally classified documents we reviewed, portions of one needed different classification levels and the other contained numerical data that was incorrectly transferred from another document,” the IG report said.

Meanwhile, “None of the 19 derivatively classified documents we reviewed completely met the requirements of Executive Order 12356 and the implementing regulations.”

See EPA Does Not Adequately Follow National Security Information Classification Standards, Environmental Protection Agency Office of Inspector General, November 15, 2013.

Some of the IG’s objections seem persnickety.

“A classified paragraph portion was incorrectly marked as U/FOUO rather than as U//FOUO,” the report stated. This is considered a problem because “Having one versus two slashes can change the meaning.”

Other findings can easily be generalized to the entire classification system.

“EPA needs to declassify information in a timelier manner,” the IG said.

As with other agency IG reviews of classification policy required under the Reducing Over-Classification Act, the EPA Inspector General deliberately took a superficial view of the problem of overclassification. The IG review examined EPA compliance with existing classification policies and procedures. But it did not consider whether those policies and procedures are themselves to blame for widespread overclassification and, if so, how they ought to be changed.

Secrecy News From All Over

The Director of National Intelligence yesterday declassified and released hundreds of pages of records concerning collection under the Foreign Intelligence Surveillance Act, illuminating the origins of bulk collection of email metadata, as well as interactions with the FISA Court and Congress.

“We will make the information public that we can make public, and we will be more transparent about this than has ever been the case in history,” said White House press secretary Jay Carney at an October 28 news briefing.  “That is already true.  We have released more information about what the NSA [does] than has ever been released before.”

By themselves, the latest disclosures (provided in response to FOIA litigation brought by ACLU and EFF) are unlikely to resolve ongoing disputes about NSA intelligence gathering. The legitimacy of bulk collection of email and telephone metadata may ultimately be more of a value judgment rather than a factual or legal one. At a minimum, perhaps the new documents will provide a more substantial basis for informed debate.

But there is disagreement even about that.

“Some would like to believe these disclosures have started a debate about the propriety and efficacy of NSA surveillance programs but, in fact, to a substantial degree, recent unauthorized disclosures have ended the debate because, once disclosed, the programs at issue become substantially less effective,” according to a November 12 report from the Senate Intelligence Committee. “The nation will suffer as a result.”

The Public Interest Declassification Board will hold an open meeting at the National Archives on Thursday, November 21. The Board proposes to focus on prioritizing topics and events for declassification. The intended emphasis is on declassification of historical records, but it need not be limited to that.

Although willful abuse of classification authority is not unheard of, there seems to be no case in which it has ever been penalized. “I am extremely concerned that the integrity of the classification system continues to be severely undermined by the complete absence of accountability in instances such as this clear abuse of classification authority,” wrote J. William Leonard, the former director of the Information Security Oversight Office, in an October 18 letter. He was responding to the controversial classification of evidence concerning the defilement of human remains in Afghanistan.  See Marine Corps fight escalates over handling of case involving troops urinating on corpses, Washington Post, November 15;  and Marine Corps Commandant Accused of Improper Classification, Secrecy News, July 30.

DoD Special Access Records to Stay Classified at Least 40 Years

Department of Defense special access programs (SAPs) will normally remain classified for at least 40 years, according to newly issued DoD SAP marking guidance.

SAPs are established to protect particularly sensitive government information by imposing access requirements that exceed those for other classified information.

“SAP documents, dated prior to January 1, 1982, shall be declassified on December 31, 2021,” the DoD marking guidance said. “SAP documents dated after January 1, 1982, shall be declassified on December 31 of the 40th year after the date of the document, unless it is reviewed and submitted for another extension.” See Special Access Program (SAP) Security Manual: Marking, DoD Manual 5205.07, vol. 4, October 10, 2013.

The use of special access controls by the Department of Defense has proved problematic over the years because it disrupts the oversight protocols that would otherwise be in effect.  DoD SAPs have produced several multi-billion dollar program failures, including the A-12 aircraft, the TSSAM missile, and others.

There is a substantial record of improper creation of SAPs at DoD, and failure to properly terminate them. A 1992 DoD Inspector General audit of one such program, for example, found that “the decision to protect the program using special program measures was not adequately justified” AND DoD “continued to safeguard its association with the technology for reasons that were not related to national security.”

Unfortunately, a recent DoD Inspector General report on Department classification policy completely failed to assess the current use of special access controls by DoD. It was one of several defects and omissions in the DoD IG report.  (“DoD Inspector General Report on Overclassification Misses the Mark,” Secrecy News, October 24, 2013.)

Number of Secret Inventions Grew Last Year

There were 139 new “secrecy orders” granted on patent applications during Fiscal Year 2013, according to new data released under the Freedom of Information Act by the U.S. Patent and Trademark Office.

Under the Invention Secrecy Act of 1951, secrecy orders may be imposed by government agencies on patent applications if their disclosure would be “detrimental to national security.”

With the new secrecy orders granted over the past year, and the 21 orders that were rescinded, the total number of invention secrecy orders in effect at the end of FY 2013 was 5,445.  This is the highest annual total since FY 1994, when the number reached 5,540.

The latest orders included 21 so-called “John Doe” orders, a term that refers to secrecy orders that are imposed on private inventors whose inventions and patent applications were generated without any government or military support (or “property interest”).  These John Doe orders, which were not identified further, may be particularly vulnerable to a First Amendment challenge as instances of prior restraint.  But no challenge of this kind seems to have been brought before a court.

The new invention secrecy statistics, while impressive in a way, are in the end opaque and unrevealing. There is nothing in the raw numbers that would provide an indication of the validity of the decision to block disclosure of a patent application, whether a secrecy order was appealed or challenged, and what adverse impacts, if any, such an order might have had.

Some inventors say that the Invention Secrecy Act has deprived them of the benefits of their own inventions by forcing them to miss commercial opportunities.  See “Government secrecy orders on patents keep lid on inventions” by G.W. Schulz, The Center for Investigative Reporting, April 16, 2013.

More broadly, national security secrecy, including official use of the state secrets privilege, is an additional source of friction in the patent process, which already can be highly contentious and litigious.

“The government can take whatever technology it wants from a U.S. company and hide behind military secrecy in refusing just compensation,” according to an opinion piece in Aviation Week & Space Technology (“USAF Seized Stealth Advantage, Literally” by Zsolt Rumy, October 7, 2013).

Last week, a bill (HR 3332) to promote judicial review of state secrets claims by the government was reintroduced by Congressman Jerrold Nadler and colleagues in both parties.

“In recent years, the executive branch has used the state secret privilege aggressively, often seeking outright dismissal of entire cases based on the claim that the very subject matter of a case is too secret to be heard by a court,” said Rep. Nadler. “This troubling trend cannot continue.”

DoD Inspector General Report on Overclassification Misses the Mark

The Department of Defense Inspector General yesterday released its Evaluation of Over-Classification of National Security Information.  Unfortunately, the new report is superficial, incomplete and sheds little light on either the problem of overclassification or any potential solution.

Like other Inspectors General who have recently been evaluating classification policy under the Reducing Over-Classification Act, the DoD IG had to confront the fact that there is no generally accepted definition of overclassification. (See “What Is Overclassification?”, Secrecy News, October 21, 2013).

So the DoD IG review treats classification policy mainly as a procedural issue (how classification is performed) rather than a substantive one (what gets classified and why).

This is a limited though straightforward approach that lends itself to quantification. And there is no shortage of procedural faults in DoD classification activity. No less than 70% of all documents reviewed by the IG had “classification discrepancies,” such as faulty markings or citations to proper authority, the report said. Startlingly, “One-hundred percent of emails we reviewed contained errors in marking or classification.”

All of that is fine and interesting, but it is also beside the point.  The point is that the national security classification system has expanded beyond all consensus so that even the President of the United States has spoken of “the problem of over-classification.” The classification system is suffering a crisis of credibility, and it may be headed towards catastrophic failure.

According to a report last year from the congressionally-mandated Public Interest Declassification Board, “The classification system exists to protect national security, but its outdated design and implementation often hinders that mission. The system is compromised by over-classification….”

But if the classification system is “compromised by over-classification,” no one told the DoD Inspector General. Or maybe he neglected to ask. Although the Public Interest Declassification Board includes members with deep knowledge and experience of DoD classification policy (including former heads of the NRO and the NSA), the IG report does not acknowledge the Board’s work or contend with its findings.  Instead of advancing the debate, the IG report actually sets it back by ignoring established facts and prior analyses.

The IG report is also oblivious to current events. In recent years, including the period of the IG’s evaluation, the Department of Defense has suffered the most extensive and voluminous breaches of classification controls in its history. Remarkably, the perpetrators of those breaches (Manning and Snowden) expressed a perception that the information they released had been inappropriately classified and withheld from the public, and cited this as a motive for their actions. Strictly from a security policy point of view, it seems vital to evaluate such claims. Are similar perceptions widely held by others inside and outside the Department? And in retrospect, have such claims proved to be valid, even partially?  Unfortunately, the DoD Inspector General does not recognize any link between overclassification and unauthorized disclosures of classified information, and so such questions are neither asked nor answered in the report.

The DoD IG also has nothing to say about one of the most arresting failures of national security classification policy in recent memory, which is now transpiring: A December 2013 deadline set by President Obama himself (in 2009) for declassification and public release of the backlog of 25 year old historically valuable records will not be met.  This is a revelatory development. If the declassification process is not fully responsive even to direct presidential instruction, then it is truly broken and in need of repair. As the largest producer of classified records, the Department of Defense bears some responsibility for this problem, and also for its correction.  But lamentably, the DoD IG refused to engage, or even to acknowledge the problem. It is a missed opportunity.

In 1995 an earlier report from the DoD Inspector General was willing to admit that “The declassification process suffers from deficiencies that seriously impair its operation.”

But the latest DoD IG report does not even mention its own earlier finding, let alone any deficiencies or impairments in the operation of the declassification system, though these have arguably gotten worse as the volume of classified information has increased.

In fact, the new DoD IG report said it “did not evaluate declassification” at all. The entire topic was ignored. That is “because ISOO recently completed its five-year on-site assessment of agency declassification programs.” Readers of the IG report are referred to a scanty two-page summary in the latest annual report from the Information Security Oversight Office that did not even evaluate declassification productivity or efficiency.  Nor did the ISOO report address the imminent failure to complete the declassification and public release of the 25 year old backlog.

The DoD IG report also slights other important concerns, such as the disruptive effect of classification of nuclear weapons-related information under the Atomic Energy Act on the classification and declassification of other national security information. Instead of helping to chart a way forward towards simplification and reconciliation of the dual classification systems, the IG just says nothing on the subject.

In short, the new DoD Inspector General report on over-classification is a defective product. It should be rescinded and redone.

Withdrawal of a published IG report would be an extraordinary step, but it is warranted by the importance of the topic.

The DoD Inspector General could begin by consulting members of Congress and other inside and outside of government who have expressed dissatisfaction with DoD classification policy in order to understand their critique. The IG should review the existing literature on reform of classification and declassification practices (including its own prior work). The IG should assess the nature of the link between overclassification and unauthorized disclosures of classified information. It should diagnose the ongoing failure to timely declassify historically valuable records, and recommend appropriate changes. It should evaluate amendments to the Atomic Energy Act that may be needed to streamline and simplify the Department’s classification practices.

A more rigorous and probing Inspector General evaluation along those lines would be a service to the Department of Defense, to the government as a whole, and to the interested public.

What is Overclassification?

When people criticize overclassification of national security information, what exactly are they talking about?  Is it too much secrecy?  The wrong sort of secrecy?  Classifying something at too high a level?  Oddly, there is no widely-accepted definition of the term.

But since the solution to overclassification, if any, will naturally be shaped by the way the problem is understood, it is important to specify the problem as clearly as possible.

In 2010 Congress passed (and President Obama signed) the Reducing Over-Classification Act, which mandated several steps to improve classification practices in the executive branch.  But in a minor act of legislative malpractice, Congress failed to define the meaning of the term “over-classification” (as it was spelled in the statute).  So it is not entirely clear what the Act was supposed to “reduce.”

Among its provisions, the Act required the Inspectors General of all classifying agencies to perform an evaluation of each agency’s compliance with classification rules.

To assist them in their evaluations, the Inspectors General turned to the Information Security Oversight Office (ISOO) for a working definition of overclassification that they could use to perform their task.  ISOO’s answer was cited by the Inspector General of the Department of Justice in its new report.  (Audit of DOJ’s Implementation of and Compliance with Certain Classification Requirements, Inspector General Audit Report 13-40, September 2013.)

“Over-classification,” according to ISOO, means “the designation of information as classified when the information does not meet one or more of the standards for classification under section 1.1 of Executive Order (EO) 13526.”  If something is classified in violation of the standards of the executive order– then it is “over-classified.”

So, for example, information that is not owned by the government, such as a newspaper article, cannot be properly classified under the terms of the executive order.  And neither can information that has no bearing on national security, such as an Embassy dinner menu.  And yet information in both categories has been known to be classified, which is indeed a species of overclassification.

Unfortunately, however, this ISOO definition presents the problem so narrowly that it misses whole dimensions of overclassification.

The most important and the most urgent aspect of overclassification pertains to classified information that does meet the standards for classification under the executive order, but that nevertheless should not be classified for one reason or another.

It is important to understand that the executive order on classification does not require the classification of any information at all. It is permissive, not mandatory.  It consistently says that information “may” be classified under certain circumstances, not that it “must” be classified.

(Even some government officials who should know better sometimes get this wrong.  The new DoJ Inspector General report states in passing that “Section 1.4 of EO 13526… includes intelligence sources or methods as a category of information that shall be classified” (p. 23, footnote 27, emph. added).  That’s a mistake.  Section 1.4 speaks of information that may or may not be “considered for classification,” including intelligence sources of methods, but it does not dictate the classification of such information.)

But while the executive order does not require classification of anything, it allows classification of an overwhelming, practically unlimited volume of information.  And it is within this permissible range of classification, far more than outside of it, that overclassification needs to be addressed.

The new Department of Justice Inspector General report didn’t grapple with this core problem.  It did find a surprisingly high number of errors in DOJ classification practices, including numerous errors in marking of classification records, as well as ignorance or misunderstanding of classification guidance (or faulty guidance), and inconsistencies in the application of classification controls.  These are serious administrative flaws, which should be amenable to improvement through training.  But fixing them will not do much to reduce overclassification.

Using the narrow ISOO definition of overclassification, the Justice Department Inspector General report said that it “did not find indications of widespread misclassification.”

But a more comprehensive and penetrating definition would have produced a different result, at DoJ and at other agencies.  Such an alternative definition might go something like this:

Overclassification refers to the classification of information that should not be classified, even if it falls within the scope of the executive order, because doing so interferes with some other critical function, such as a desirable process of information sharing, or because it precludes the possibility of public consent to major national security activities.

This contrasts with the ISOO definition in two important ways:  it applies to information that does meet the standards of the executive order, and it takes into account the adverse impact of classification on other important functions and values.  The contrast can be extended to actual (over)classification judgments.

So, for example, the use of simulated drowning as a CIA interrogation technique (“water boarding”) or the Justice Department legal reviews of the subject would not have been considered overclassified by the ISOO standard, since these are clearly within the scope of national security information defined by the executive order.  But they would be overclassified by the standard that requires an opportunity for public consent to major national departures from previously accepted norms.

Similarly, the bulk collection of American telephone records by the National Security Agency and the Justice Department opinions that seek to justify such collection would not be overclassified under the ISOO definition.  But they would be deemed overclassified under a standard that requires public consent to major intelligence initiatives affecting Americans’ own information.

On the other hand, not every mistaken classification decision is equally problematic, and many of them may be insignificant. If a particular component of a classified weapon program is classified Top Secret instead of Secret or Unclassified, it may not matter much at all.  But very often, classification decisions do matter a lot, and new efforts are needed to get them right.

When President Obama spoke of “the problem of over-classification” (in a May 27, 2009 memorandum), he almost certainly was not thinking of the kind of administrative errors in marking classified documents discovered by the DoJ Inspector General, but of something far more consequential.  It is a problem that still remains to be addressed in a systematic way.

If the classification process were exclusively a matter of information security, then it could be safely left to security professionals to implement as they see fit. But because the decision to classify often has broader implications for national policy and for democratic governance, it cannot properly be relegated to security officials alone;  even when applied in good faith, the security perspective by itself is too narrow. And so is any other singular perspective.

But if one grants that classification decisions often involve a multiplicity of important interests (or “equities”), then it follows that a broader, more consensual approach to classification is needed than the existing reliance on the judgment of individual classifiers can provide.  (I argued for such an approach here.)

In addition to the Department of Justice IG report, inspector general reports required under the Reducing Over-Classification Act have also been publicly released by the IGs of the Department of Homeland Security and the Department of Commerce. Others are pending.

Agency inspectors general “are now playing a significant role in monitoring national security practices curtailing individual rights,” according to a recent law review article on the subject.  “IGs are well suited to increase transparency, evaluate the propriety of national security conduct, and reform internal practices; on the other hand, their independence can be undermined, they may avoid constitutional questions, and they rely on political actors to implement reforms.”  See Protecting Rights from Within? Inspectors General and National Security Oversight by Shirin Sinnar, Stanford Law Review, Vol. 65, p. 1027, Spring 2013.

Cryptographer Adi Shamir Prevented from Attending NSA History Conference

In this email message to colleagues, Israeli cryptographer Adi Shamir recounts the difficulties he faced in getting a visa to attend the 2013 Cryptologic History Symposium sponsored by the National Security Agency. Adi Shamir is the “S” in the RSA public-key algorithm and is “one of the finest cryptologists in the world today,” according to historian David Kahn. The NSA Symposium begins tomorrow. For the reasons described below, Dr. Shamir will not be there.

From: Adi Shamir
Date: October 15, 2013 12:16:28 AM EDT
Subject: A personal apology

The purpose of this email is to explain why I will not be able to attend the forthcoming meeting of the History of Cryptology conference, even though I submitted a paper which was formally accepted. As an active participant in the exciting developments in academic cryptography in the last 35 years, I thought that it would be a wonderful opportunity to meet all of you, but unfortunately the US bureaucracy has made this impossible.

The story is too long to describe in detail, so I will only provide its main highlights here. I planned to visit the US for several months, in order to attend the Crypto 2013 conference, the History of Cryptology conference, and to visit several universities and research institutes in between in order to meet colleagues and give scientific lectures. To do all of these, I needed a new J1 visa, and I filed the visa application at the beginning of June, two and a half months before my planned departure to the Crypto conference in mid August. I applied so early since it was really important for me to attend the Crypto conference – I was one of the founders of this flagship annual academic event (I actually gave the opening talk in the first session of the first meeting of this conference in 1981) and I did my best to attend all its meetings in the last 32 years.

To make a long story short, after applying some pressure and pulling a lot of strings, I finally got the visa stamped in my passport on September 30-th, exactly four months after filing my application, and way beyond the requested start date of my visit. I was lucky in some sense, since on the next day the US government went into shutdown, and I have no idea how this could have affected my case. Needless to say, the long uncertainty had put all my travel plans (flights, accommodations, lecture commitments, etc) into total disarray.

It turns out that I am not alone, and many foreign scientists are now facing the same situation. Here is what the president of the Weizmann Institute of Science (where I work in Israel) wrote in July 2013 to the US Ambassador in Israel:

“I’m allowing myself to write you again, on the same topic, and related to the major difficulties the scientists of the Weizmann Institute of Science are experiencing in order to get Visa to the US. In my humble opinion, we are heading toward a disaster, and I have heard many people, among them our top scientists, saying that they are not willing anymore to visit the US, and collaborate with American scientists, because of the difficulties. It is clear that scientists have been singled out, since I hear that other ‘simple citizen’, do get their visa in a short time.”

Even the president of the US National Academy of Science (of which I am a member) tried to intervene, without results. He was very sympathetic, writing to me at some stage:

“Dear Professor Shamir

I have been hoping, day by day, that your visa had come through. It is very disappointing to receive your latest report. We continue to try by seeking extra attention from the U. S. Department of State, which has the sole authority in these matters. As you know, the officers of the Department of State in embassies around the world also have much authority. I am personally very sympathetic and hopeful that your efforts and patience will still yield results but also realize that this episode has been very trying. We hope to hear of a last-minute success.

Yours sincerely, Ralph J. Cicerone”

What does all of this have to do with the History of Cryptology conference? In January 2013 I submitted a paper titled “The Cryptology of John Nash From a Modern Perspective” to the conference, and a short time afterwards I was told by the organizers that it was accepted. In July 2013 I told the NSA-affiliated conference organizers that I was having some problems in getting my visa, and gently asked whether they could do something about it. Always eager to help, the NSA people leaped into action, and immediately sent me a short email written with a lot of tact:

“The trouble you are having is regrettable…Sorry you won’t be able to come to our conference. We have submitted our program and did not include you on it.”

I must admit that in my 35 years of attending many conferences, it had never happened to me that an accepted paper of mine was yanked out from the official program in such a unilateral way. However, since I never try to go to places where I do not feel wanted, I decided to inform MIT that a window had become available in my busy schedule. They immediately invited me to visit them on October 17 and 18, and to give a major lecture during my visit. Naturally, I accepted their gracious invitation.

The final twist in this saga happened a few days ago, when out of the blue I was suddenly reinvited by the conference organizers to attend the event and to present my paper. However, this is too late now, since I am already fully committed to my visit to MIT.

So what is the bottom line of this whole unhappy episode? Clearly, no one in the US is trying to see the big picture, and the heavy handed visa bureaucracy you have created seems to be collapsing under its own weight. This is not a security issue – I have been to the US close to a hundred times so far (including some multi-year visits), and had never overstayed my visas. In addition, the number of terrorists among the members of the US National Academy of Science is rather small. As a friend of the US I am deeply worried that if you continue to delay visas in such a way, the only thing you will achieve is to alienate many world-famous foreign scientists, forcing them to increase their cooperation with European or Chinese scientists whose countries roll the red carpet for such visits. Is this really in the US best interest?

Best personal wishes, and apologies for not being able to meet you in person,

Adi Shamir

Dept of Defense to Report on “Authorized Leaks”

A new Department of Defense directive requires the Pentagon to notify Congress whenever a DoD official discloses classified intelligence to a reporter on an authorized basis, or declassifies the information specifically for release to the press.

The new directive on “Congressional Notification for Authorized Public Disclosure of Intelligence Information” applies to all components of the Department of Defense.

It was issued last week — despite the government shutdown — in response to a provision in the FY2013 Intelligence Authorization Act (section 504) that was passed by Congress last year as part of an effort to stem leaks of classified information.

The Senate Intelligence Committee explained then:  “This provision is intended to ensure that the intelligence committees are made aware of authorized disclosures of national intelligence or intelligence related to national security that are made to media personnel or likely to appear in the press, so that, among other things, these authorized disclosures may be distinguished from unauthorized ‘leaks’.”

Notification to Congress is required whenever the intelligence that is disclosed “is currently classified or if it is declassified for the purpose of the disclosure,” the directive states.  The reporting requirement does not apply to regular declassification activities, or to releases under the Freedom of Information Act or through litigation.

The new requirement casts a spotlight on the anomalous category of authorized disclosures of classified information, which would normally be considered a contradiction in terms.

Although there is an allowance for emergency disclosures of classified information in order to address an imminent threat (section 4.2b of executive order 13526), there is no recognized authority for non-emergency disclosures of classified intelligence to the press or to anyone who does not hold a security clearance and who has not signed a non-disclosure agreement. (Perhaps a lawyerly reading of the executive order would say that the prohibition against unauthorized disclosures of classified information to an uncleared person does not apply if the disclosure is authorized.)

In any case, official disclosures of classified information to the press — sometimes described as “authorized leaks” — are known to occur with some regularity.

What is unclear is what impact, if any, the new DoD directive will have on daily interactions with the press.  Will the Secretary of Defense actually file a report to Congress if he privately reveals a classified fact to a reporter?  That’s a little hard to imagine, though that’s what the law demands.  Or will the new reporting obligation instead serve to discourage authorized leaks to the press?

Because Congress imposed a one-year sunset on its new reporting requirement, the new DoD directive will expire on January 14, 2014, three months from now, unless it is renewed.  It will be interesting to see if even a single report of an authorized disclosure of classified intelligence is filed by then.


In Case You Missed It

New legislation to restore due process protections for federal employees who serve in “sensitive” positions was introduced last week by Rep. Eleanor Holmes Norton. Her bill was prompted by a widely criticized court ruling last August (in Kaplan v. Conyers and MSPB) that effectively stripped existing protections from such employees.

The latest annual report from examines the most recent indicators of secrecy in the federal government, noting continuing difficulty in curbing national security secrecy.

A new report from the Committee to Protect Journalists on “The Obama Administration and the Press” says that “government officials are increasingly afraid to talk to the press” due to invasive and punitive responses to unauthorized disclosures.

A new book on Lee Harvey Oswald’s sojourn in the Soviet Union was reviewed by Priscilla Johnson McMillan in Max Holland’s Washington Decoded.  Ms. McMillan, author of the genuinely extraordinary 1977 volume Marina and Lee (reissued last summer), must be the only person ever to have known both JFK and Oswald. In her book review, she finds significant virtues and faults in the new book, The Interloper by Peter Savodnik.