Secrecy News

The new National Cyber Security Initiative that is intended to reduce the vulnerability of government information networks and to devise an information warfare doctrine is so highly classified that it is undermining the deterrent value of the project, the Senate Armed Services Committee (SASC) said in a new report.

“It is difficult to conceive how the United States could promulgate a meaningful [information warfare] deterrence doctrine if every aspect of our capabilities and operational concepts is classified,” the Senate report said.

During the cold war, “deterrence was not possible without letting friends and adversaries alike know what capabilities we possessed and the price that adversaries would pay in a real conflict. Some analogous level of disclosure is necessary in the cyber domain.”

(Or, as Dr. Strangelove put it 40 years ago, “The whole point of a Doomsday Machine is lost if you keep it a secret!”)

As things stand, the Senate report said, “virtually everything about the [cyber security] initiative is highly classified, and most of the information that is not classified is categorized as ‘For Official Use Only’.”

“These restrictions preclude public education, awareness, and debate about the policy and legal issues, real or imagined, that the initiative poses in the areas of privacy and civil liberties.”

“The committee strongly urges the administration to reconsider the necessity and wisdom of the blanket, indiscriminate classification levels established for the initiative.”

The committee’s remarks on the National Cyber Security Initiative were published in its report on the 2009 defense authorization act, excerpted here.

Bookmark It

written by Steven Aftergood

The Senate Armed Services Committee (SASC) rejected several legislative proposals submitted by the Department of Defense that would have increased the Department’s secrecy authority.

One proposal would have granted the Defense Intelligence Agency an extension of its “operational files” exemption from the Freedom of Information Act, which expired at the end of 2007. Such an exemption would permit the agency to dismiss FOIA requests for certain types of intelligence records without searching or reviewing the records.

Another proposal would have created new criminal penalties for the unauthorized disclosure or possession of maps and other geospatial products that have been marked for Limited Distribution (LIMDIS).

“For several years, products bearing the LIMDIS caveat have wrongfully been offered for sale to the public through a variety of means from surplus stores to on-line auctions,” the Pentagon said as justification for the proposal.

“Current protection efforts have been ineffective, at least in part, because of the lack of effective penalties for unauthorized possession, sale, and use.”

A third proposal would have expanded the government’s authority to withhold certain unclassified homeland security information from disclosure under the Freedom of Information Act.

The three proposals, all of which were excluded from the Senate Committee mark up of the 2009 defense authorization act, were presented earlier this year in the Pentagon’s own draft of the authorization bill and were described in detail here.

Bookmark It

written by Steven Aftergood

A 2006 Department of Defense directive on Information Operations (pdf), which had previously been withheld as “For Official Use Only,” was released last week in response to a Freedom of Information Act request from the Federation of American Scientists.

The directive, issued by the Under Secretary of Defense (Intelligence), assigns baseline responsibilities for the conduct of information operations, an umbrella term that includes electronic warfare, computer network operations, psychological operations, military deception, and operations security.

Among related capabilities, the directive cites “public affairs,” the purpose of which is “to communicate military objectives, counter misinformation and disinformation, deter adversary actions, and maintain the trust and confidence of the U.S. population, as well as our friends and allies. Effective military operations shall be based on credibility and shall not focus on directing or manipulating U.S. public actions or opinion.”

The New York Times reported on April 20 that the Pentagon had mobilized numerous former military officials, some with unacknowledged financial interests in Department programs, to help generate favorable news coverage of the Bush Administration’s war policies. It is not clear (to me, at least) how this practice comports with the declared Pentagon policy on public affairs, i.e. whether it violates the policy, or implements it.

See “Information Operations,” Department of Defense Directive O-3600.1, August 14, 2006.

Bookmark It

written by Steven Aftergood

The Office of Legal Counsel (OLC) at the Department of Justice has been pondering the peculiar status of the Office of Vice President for decades, and has recently released a collection of more than a dozen OLC opinions regarding the Vice President, dating back to the Eisenhower Administration.

“The Vice President, of course, occupies a unique position under the Constitution. For some purposes, he is an officer of the Legislative Branch, and his status in the Executive Branch is not altogether clear,” wrote William H. Rehnquist, the future Chief Justice, in a 1969 OLC opinion (pdf) that foreshadowed a similar argument offered last year by Vice President Cheney.

“With regard to the Vice President there is even a constitutional question whether the President can direct him to abide by prescribed standards of conduct,” asserted Antonin Scalia in a 1974 OLC opinion (pdf).

“The Vice Presidential Office is an independent constitutional office, and the Vice President is independently elected. Just as the President cannot remove the Vice President, it would seem he may not dictate his standards of conduct,” the future Justice Scalia wrote.

The OLC opinions concerning the Vice President, which were previously provided to the House Judiciary and Oversight Committees, were released by OLC in response to a Freedom of Information Act request from the Federation of American Scientists.

Bookmark It

written by Steven Aftergood

The White House last week issued a long-awaited policy on “controlled unclassified information” (CUI) to provide a uniform government-wide system for safeguarding unclassified information that is deemed sensitive.

The CUI framework is supposed to replace the numerous individual agency control markings — “sensitive but unclassified,” “for official use only,” and over a hundred other designations — and thereby to overcome barriers to information sharing within the government.

But the new policy will do nothing to restore public access to government records that have been improperly withheld.

Development of the CUI policy began with a December 16, 2005 memo from the President directing agencies to “standardize procedures for sensitive but unclassified information.” Despite the passage of two and a half years, however, little progress has been made in defining the terms of the new policy.

It establishes a single CUI framework, with three graduated levels of sensitivity and security. But the definition of what information may qualify as CUI, which includes anything that “under law or policy” requires protection from unauthorized disclosure, is vague and expansive.

To put it another way, the CUI policy does not exclude anything that is currently controlled as Sensitive But Unclassified.

This is a disappointment in light of previous suggestions that wholesale disclosures of currently controlled unclassified information might ensue.

“The great majority of the information which is now controlled can be put in a simple unclassified, uncontrolled category, it seems to me,” said Amb. Thomas McNamara, program manage of the ODNI Information Sharing Environment, in 2006 testimony (pdf) before Congress.

But under the new Bush policy, “the great majority of the information” that Amb. McNamara said should be uncontrolled will remain controlled and unavailable to the public.

The CUI policy properly notes that the new policy does not modify the requirements of the Freedom of Information Act process: “CUI markings may inform but do not control the decision of whether to disclose or release the information to the public, such as in response to a request made pursuant to the Freedom of Information Act.”

But despite the passage of years since the policy was proposed, many of the hard decisions involved have been deferred to the implementation phase.

Which, if any, of the more than 100 existing control categories will be canceled, rather than absorbed into the new CUI category? The new policy does not say. At what point, if any, does the CUI designation expire? There’s no way to tell. What enforcement mechanisms are established to ensure compliance with the new policy? To be determined.

Update: Smintheus at Daily Kos has more.

Bookmark It

written by Steven Aftergood

New limitations and reporting requirements should be imposed on intelligence contractors, the Senate Select Committee on Intelligence said in its new report on the 2009 Intelligence Authorization Act.

“Several provisions of the bill are aimed at reducing the overall use of contractors by the Intelligence Community. The Committee believes these provisions are necessary for financial and accountability purposes,” the report said.

One provision, advanced by Sen. Dianne Feinstein with Sen. Feingold, “requires a one-time report to the congressional intelligence committees by the DNI describing the activities within the Intelligence Community that the DNI believes should only be conducted by governmental employees but that are being conducted by one or more contractors [and] an estimate of the number of contractors performing each such activity.”

Another provision, also moved by Sen. Feinstein and other Democratic members, would “prohibit the Director of the Central Intelligence Agency from permitting a contractor or subcontractor of the CIA to carry out an interrogation of an individual and to require that all interrogations be carried out by employees.”

Similar requirements were also adopted by the House Intelligence Committee last week (pdf).

The May 8 Senate report on the 2009 Intelligence Authorization Act, which includes many other significant intelligence policy provisions, is available here.

Bookmark It

written by Steven Aftergood

A recent Senate hearing on the subject of “secret law” drew an appreciative review today from syndicated columnist and first amendment champion Nat Hentoff.

“So important was an April 30 hearing before the Senate Judiciary Subcommittee on the Constitution that it should have been on front pages around the country,” he wrote.

“Titled ‘Secret Law and the Threat to Democratic and Accountable Government’ and chaired by Sen. Russ Feingold, Wisconsin Democrat. it focused on an issue ignored by the presidential contenders that has deeply weakened our rule of law.”

See “Let the Sunshine In” by Nat Hentoff, via The Washington Times, May 12.

“It’s a given in our democracy that laws should be a matter of public record,” wrote Senator Feingold in a Los Angeles Times opinion piece. “But the law in this country includes not just statutes and regulations, which the public can readily access. It also includes binding legal interpretations made by courts and the executive branch. These interpretations are increasingly being withheld from the public and Congress.”

See “Government in Secret,” by Sen. Russ Feingold, May 8.

Bookmark It

written by Steven Aftergood

In January 2008, the ODNI Open Source Center (OSC) published a report on “Recent Worldwide Research on Animal Pox Viruses” principally authored by Dr. Alfred D. Steinberg of the MITRE Corporation.

Secrecy News has been trying unsuccessfully to obtain a releasable copy of the document. A request to ODNI was forwarded to the Central Intelligence Agency, which manages the Open Source Center, months ago. CIA did not reply to the request. The MITRE Corporation has also been unresponsive, except for a courteous note from the author.

Readers who have ready access to the OSC report on animal pox viruses are invited to forward the unclassified document to me directly, preferably in soft copy. Confidentiality — or, alternatively, an effusive public expression of gratitude — is promised, as you prefer.

Copies of other OSC publications would also be welcome.

Bookmark It

written by Steven Aftergood

Noteworthy new reports from the Congressional Research Service that have not been made publicly accessible online include the following (all pdf).

“Defense: FY2009 Authorization and Appropriations,” May 5, 2008.

“Second FY2008 Supplemental Appropriations for Military Operations, International Affairs, and Other Purposes,” updated May 8, 2008.

“Director of National Intelligence Statutory Authorities: Status and Proposals,” updated April 17, 2008.

“Congress’s Contempt Power: Law, History, Practice, and Procedure,” updated April 15, 2008.

“Navy LPD-17 Amphibious Ship Procurement: Background, Issues, and Options for Congress,” May 6, 2008.

“U.S.-French Commercial Ties,” updated April 7, 2008.

“Strategic Airlift Modernization: Analysis of C-5 Modernization and C-17 Acquisition Issues,” updated April 15, 2008.

Bookmark It

written by Steven Aftergood

An interagency program established in 2006 by a classified Presidential directive is working to gather information on the status and security of nuclear materials around the world and to characterize them for forensic purposes. Remarkably, such a thing had never been done before in a rigorous way.

“On August 28, 2006, the national-level Nuclear Materials Information Program (NMIP) was established via National and Homeland Security Presidential Directive (NSPD-48/HSPD-17),” said Rolf Mowatt-Larssen (pdf), director of the Department of Energy Office of Intelligence and Counterintelligence at an April 2, 2008 hearing of the Senate Homeland Security and Governmental Affairs Committee.

“While the specifics of NMIP are classified, the goal of NMIP is to consolidate information from all sources pertaining to worldwide nuclear materials holdings and their security status into an integrated and continuously updated information management system,” he said.

“We have prioritized this program to focus on countries and facilities that we regard in the intelligence community to be of the highest risk,” said Mr. Mowatt-Larssen at another hearing last October 10. “So we have in fact identified the high-risk sites. We have identified what type of material is there. We have an assessment, an ongoing assessment, it’s being updated every day, on the status at the highest priority level. It’s a work in progress. It’s going to take a number of years to complete.”

“I’m very enthusiastic about what they’re doing,” said Matt Bunn, a nonproliferation expert at Harvard who has long advocated this kind of database development. “My hat’s off to them,” he said, adding that the Bush Administration deserved credit for surpassing previous efforts in this direction.

The subject matter of the classified Presidential directives NSPD-48 and HSPD-17 had not been publicly identified before Mr. Mowatt-Larssen’s testimony last month. Thanks to Jeffrey Richelson of the National Security Archive who noticed the disclosure. A list of known Bush Administration National Security Presidential Directives is available here.

Bookmark It

written by Steven Aftergood