It is popular to point out examples of over-classification for dishonest reasons. However, despite the incentives to do otherwise, there are also many examples of material that is too lightly classified, usually because it is too difficult for some poor schlub at the bottom to bend the ear of the classification authority.

A notorious recent example was a criminal case which collapsed when it turned out that a certain piece of software (that had been mishandled) was only classified as RESTRICTED, despite containing detailed parametric data about the design of US weapons that were classified TOP SECRET and codeword compartmentalized. Another example would be fundamental research into the design parameters of EFPs. That was cleared to be published in unclass peer reviewed journals because the Russkies already knew that stuff. Well, the Russkies may have already known about it, but the Iranians very probably learned it from those engineering journals.

The real issue is that the whole system of “levels” was an expedient used to make management of information practical in the pre-computer age. At a very basic level, it really doesn’t make a lot of sense: if you can’t afford the time and effort to clear someone properly, why are you even giving that person access to CONFIDENTIAL data? And if a person is in fact completely trustworthy with CONFIDENTIAL data, why do you think he or she would suddenly turn traitor if given access to TOP SECRET? Sure, you want compartments in order to minimize losses when you make a mistake, but that concept is completely orthogonal to classification levels. Classification levels exists because older systems couldn’t manage compartments efficiently, plus it gives us a nice false sense of security about the fact that many classified information users are not fully vetted.

The whole system needs a total overhaul for the 21st century.

It’s more problematic, even assuming uniform and precise definitions of national security there is no systemic independent testing for a significant correlation between those uniform and precise definitions and the original classification authority or between the original classification authority and derivative classification actions for individual documents or portions thereof.

Of course this is destructive and debilitating as more unnecessary and useless derivative classification actions occur. The system becomes clogged and overwhelmed just tracking and accounting for documents. There’s no time to test whether the documents were ever correctly classified or to ensure they get correctly (re)classified in the first place. Such testing may entail costly meetings and discussions with a variety of program personnel. Most of whom would rather be anywhere but in a meeting discussing what is the correct classification level for a piece of information or document!

Wonder how many program managers, engineers, and others have been upbraided by program security for failing to account for an unnecessarily or uselessly classified document?