Secrecy News

The former director of the Information Security Oversight Office (ISOO) asked a federal court yesterday for permission to disclose a National Security Agency document that he said represented an egregious example of overclassification.

J. William Leonard was the ISOO director, or what is sometimes called the “classification czar,” from 2002-2008.  In that role, he was responsible to the President of the United States for oversight of classification policy and enforcement of classification standards throughout the executive branch.

In 2010, Mr. Leonard became an expert consultant for the defense of Thomas A. Drake, the former NSA official who was charged with ten felony counts alleging unlawful retention of classified information.  But the government’s case collapsed and all of the felony counts against Mr. Drake were dismissed last year.  In Count One of the indictment against Mr. Drake, he was charged with unauthorized retention of a classified NSA email message entitled “What A Success,” and it is that document which Mr. Leonard is now seeking to make public.

“Mr. Leonard seeks the Court’s permission to publicly discuss the ‘What a Success’ document and the government’s rationale for classifying the document, which, in his opinion, contained absolutely no classified information,” wrote James Wyda and Deborah L. Boardman, Mr. Drake’s public defenders, in their May 22 motion to the Maryland district court.

“It is Mr. Leonard’s firm belief that an open discussion about the government’s actions in this important case is essential to protect the integrity of the Executive Branch’s national security information classification system,” they wrote.

“I strongly believe that classification is a critical national security tool and that the responsibilities of cleared individuals to properly protect classified information are profound,” Mr. Leonard said in an affidavit appended to the motion.

But “when deciding to apply the controls of the classification system to information, government officials are in turn obligated to follow the standards set forth by the President in the governing executive order and not exceed its prohibitions and limitations. Failure to do so undermines the very integrity of the classification system and can be just as harmful, if not more so, than unauthorized disclosures of appropriately classified information,” he wrote.

“It is for that reason that the President’s Executive order governing classification treats unauthorized disclosures of classified information and inappropriate classification of information as equal violations subjecting perpetrators to comparable sanctions, to include ‘reprimand, suspension without pay, removal, termination of classification authority, loss or denial of access to classified information, or other sanctions in accordance with applicable law and agency regulation’.”

But the equal weight given to the prohibitions against unauthorized disclosure and inappropriate classification is not reflected in actual practice, Mr. Leonard said.

“While government workers, members of the military and government contractors are routinely disciplined or prosecuted for unauthorized disclosures, I know of no case in which an official was sanctioned for inappropriately classifying information.”

That needs to change, according to Mr. Leonard, and the NSA’s wrongful classification of the “What A Success” document provides an opportunity to rectify the situation, he said.

“I believe the Government’s actions in the Drake case served to undermine the integrity of the classification system and as such, have placed information that genuinely requires protection in the interest of national security at increased risk,” he wrote.

In July 2011, Mr. Leonard filed a formal complaint about the NSA document with the current ISOO Director, John P. Fitzpatrick, in which he urged that the officials responsible for its classification be subjected to appropriate sanctions.  See “Complaint Seeks Punishment for Classification of Documents” by Scott Shane, New York Times, August 1, 2011.

But the issue has still not been resolved through that approach, Mr. Leonard noted.

Mr. Fitzpatrick told Secrecy News that “I am awaiting final responses from NSA and DoJ to inquiries I made of them on the Leonard complaint.  I anticipate their responses very soon and then expect to draw that matter to conclusion.”

Mr. Drake’s attorneys indicated that the government did not consent to their motion for disclosure of the “What A Success” document, which has been declassified, and of Mr. Leonard’s ISOO complaint, which remains under seal.  So it will be up to the Court to decide whether those materials may be released.

The publication of leaked classified documents by WikiLeaks continues to confound government officials and to generate some unusual legal tangles.  Last month, attorneys for a Guantanamo prisoner asked a federal court to nullify the restrictions that the government has imposed on access to and dissemination of the leaked records, so that the prisoner can prepare a response to the disclosures contained in them.

Hundreds of files pertaining to prisoners at Guantanamo have been posted online by WikiLeaks.  In a December 2010 notice, the government advised the security-cleared attorneys who were representing detainees in their habeas corpus petitions that the WikiLeaks materials retained their classification status, despite the fact that they had been globally distributed, and that they must be treated like any other classified document.  In June 2011, the government modified its position to authorize attorneys to view the WikiLeaks documents on a non-government computer, but not to download, save, print, disseminate or transport them.

The government policy on this matter is unworkable and incoherent, argued attorneys for detainee Abdulhadi Omer Mahmoud Faraj in an April 18 motion in DC district court.  Worse, they said, it is damaging and unfair to their client.

“WikiLeaks has made available to the world Mr. Faraj’s Detainee Assessment Brief (DAB) [which] is based in significant part on unreliable claims made by individuals under conditions that amount to coercion, if not torture.”  But due to the government’s restrictions, “Mr. Faraj cannot review with his attorneys any of the pertinent documents published by WikiLeaks nor can he meaningfully consult with his attorneys to develop a response to the one-sided and negative narrative that the materials reflect,” the motion stated.

Attorneys argued that the portrayal of Mr. Faraj in the leaked Brief, which presents him as a violent Islamist extremist, places him and his family in jeopardy.

“The relief Mr. Faraj seeks here is necessary to protect his family in Syria, to the extent possible, and to preserve his prospects for resettlement or repatriation without risk of torture should he be finally set free by the Court or the government…. The false allegations in the leaked DAB, especially if left unrebutted, jeopardize Mr. Faraj’s safety upon repatriation and that of his family.”

“Because the DAB from WikiLeaks is among the top-recalled items when using a search engine such as Google to find news of Mr. Faraj, it is especially important for the Court to grant the relief sought herein so counsel and Petitioner can develop a public response to the DAB allegations,” the motion stated.

The motion presents several cogent criticisms of the government’s restrictions on use of the WikiLeaks documents.  For example, Mr. Faraj’s attorneys wrote, it makes no sense to permit “viewing” a document while prohibiting “downloading” it.

“When the security-cleared attorney views a WikiLeaks document on her personal computer, that page is stored in the computer’s memory despite the attorney’s lack of intent to download the document,” the motion noted.

Likewise, though the government “purports to prohibit transportation of WikiLeaks materials, it permits counsel to view these materials on their personal computers, leaving open the question whether counsel may access these materials on a personal laptop computer or tablet device, which by their nature are transportable.”

In a particularly interesting line of argument, the motion disputed the government’s legal right to regulate the attorneys’ access to the WikiLeaks documents in the first place, because they said the nondisclosure agreements signed by the attorneys and the protective order issued by the court apply only to information that was provided by the government.

Those agreements “refer not to all classified information in existence, but rather to the specific classified information the government releases to security-cleared attorneys in connection with habeas litigation.”  Since the WikiLeaks documents were obtained independently, they are beyond the purview of the nondisclosure agreement, the motion said.

The Faraj attorneys expressly acknowledged that they are not allowed to comment on classified information in the public domain in a way that reflects or is derived from their authorized access to non-public sources.  But “in all other regards, when the information is publicly available and neither accessed pursuant to the Nondisclosure Agreement nor the Protective Order, Mr. Faraj’s security-cleared attorneys must be treated no differently from the general public with respect to that information,” they wrote.

“Since Mr. Faraj’s security-cleared habeas counsel did not illegally disclose or come into possession of this information, but rather merely seeks to make use of it in its already-public form, they are no different from the public at large and the government may not restrict their use of WikiLeaks materials,” the motion concluded.

On May 18, government attorneys filed a response in opposition to the the Faraj motion, but that response was classified.

A reply from the petitioners is due July 16.

Another dispute over the use of WikiLeaks documents in habeas proceedings arose last year in the Paracha case, but that dispute was resolved or superseded without a court ruling.  See “Govt Opposes Attorneys’ Free Use of WikiLeaks Documents,” Secrecy News, June 16, 2011.

In a directive issued last week, Secretary of the Army John M. McHugh established a new Army Special Programs Directorate (ASPD) to administer and oversee special access programs and other “sensitive activities” conducted by the Army.

“I expect all Army commands, organizations and personnel to be proactive in affording the ASPD and the other members of my sensitive activities oversight team… unfettered and continuing access to any and all information and operational data they deem necessary to accomplish their oversight missions and functions,” Secretary McHugh wrote in the May 14 Army directive 2012-10.

The new Directorate is the successor organization to the former Technology Management Office, which performed many of the same functions.

The definition of “sensitive activities” in Army Regulation 380-381 includes:  “programs that restrict personnel access [...]; sensitive support to other Federal agencies; clandestine or covert operational or intelligence activities; sensitive research, development, acquisition, or contracting activities; special activities; and other activities excluded from normal staff review and oversight because of restrictions on access to information.”

The Army regulation indicates that special access programs (SAPs), which are a subset of sensitive activities, may be used to restrict access to “a specific technology with potential for weaponization that gives the United States a significant technical lead or tactical advantage over potential adversaries”;  “extremely sensitive activities conducted in support of national foreign policy objectives abroad, which are planned and executed so that the role of the U.S. Government is not apparent or acknowledged publicly”; “methods used to acquire foreign technology or equipment”; among other potential categories.

“SAPs are not programs or activities planned and executed with the intent to influence U.S. political processes, public opinion, policies, or media,” the 2004 Army regulation states.

Secretary McHugh stressed that he retained authority and responsibility for the Army’s special programs.

“I reserve the authority to review and take action on matters relating to our Army’s conduct of, or support of, the most sensitive or unusual activities,” he wrote to Army commanders and senior officials in his directive last week.  “I expect you to exercise your judgment as to those activities that should be forwarded for my approval even when you typically exercise approval authority for sensitive, but otherwise routine activities.”

The House of Representatives last week adopted an amendment to require the Attorney General to conduct a criminal investigation into “leaks of sensitive information involving the military, intelligence, and operational capabilities of the United States and Israel.”

Rep. Tom Price (R-GA), who sponsored the amendment to the FY2013 defense authorization act, cited stories based on leaks concerning a potential Israeli attack on Iranian nuclear facilities that were published in the New York Times, the Washington Post, and Foreign Policy.

“Our amendment calls for the Attorney General to investigate these leaks and bring those responsible to justice,” Rep. Price said. “Trust and cooperation are vital to securing a strong alliance and a future of peace.”

No one spoke in opposition to the amendment, which was approved May 18 by a vote of 379-38.

The Department of Defense today issued an Instruction that established the DoD Civil Liberties Program.

“It is DoD policy to protect the privacy and civil liberties of DoD employees, members of the Military Services, and the public to the greatest extent possible, consistent with its operational requirements,” the Instruction states.

DoD commits itself to considering privacy and civil liberties in the formulation of DoD policies, the non-retention of privacy information without authorization, and the availability of procedures for receiving and responding to complaints regarding violations of civil liberties.

See “DoD Civil Liberties Program,” DoD Instruction 1000.29, May 17, 2012.

The National Security Agency last week invoked a rarely-used authority in order to declassify a classified document that was mistakenly posted on the NSA website with all of its classified passages intact.

The article is a historical study entitled Maybe You Had to Be There: The SIGINT on Thirteen Soviet Shootdowns of U.S. Reconnaissance Aircraft.  It was written by Michael L. Peterson and was originally published in the classified journal Cryptologic Quarterly in 1993.

Late in the afternoon of May 11 (not May 9 as stated on the NSA website), the NSA published a formally declassified version of the article with the annotation “Declassified and approved for release by NSA… pursuant to E.O. 13526 section 3.1(d)….”

Section 3.1(d) of executive order 13526 permits the declassification of properly classified information when there is an overriding public interest in doing so.  It is almost never cited and it is hard to think of another occasion when it has been used by any government agency to justify declassification.  It reads:

“3.1(d) It is presumed that information that continues to meet the classification requirements under this order requires continued protection.  In some exceptional cases, however, the need to protect such information may be outweighed by the public interest in disclosure of the information, and in these cases the information should be declassified.  When such questions arise, they shall be referred to the agency head or the senior agency official.  That official will determine, as an exercise of discretion, whether the public interest in disclosure outweighs the damage to the national security that might reasonably be expected from disclosure….”

So what was “exceptional” about this particular NSA historical study?  What was the overriding public interest in it that justified its complete declassification despite its presumed eligibility for continued classification?  What unavoidable damage was expected to result from its disclosure?  The NSA Public Affairs Office refused to answer these questions, despite repeated inquiries.

In fact, NSA was being disingenuous by invoking section 3.1(d).  There was nothing exceptional about the contents of the document, and there was no overriding public interest that would have compelled its disclosure if it had been properly classified.  Nor is any national security damage likely to follow its release.

Rather, the hasty NSA declassification action was intended to conceal the fact that NSA had mistakenly published the full classified text of the document on its website two days earlier, after having rebuffed regular requests for declassification.

In response to a May 2009 Mandatory Declassification Review request from aerospace writer Peter Pesavento, NSA had previously released a heavily redacted version of the article.  Mr. Pesavento appealed the case to the Interagency Security Classification Appeals Panel, and last month the Panel agreed that some additional portions of the document could be declassified, while the rest should remain classified.  The partially declassified document was still working its way through the appeal system and had still not been provided to Mr. Pesavento.

But then on May 9, the National Security Agency inexplicably published the entire document on its website.  Instead of censoring the text by blacking out the classified portions, those portions were actually highlighted, leaving the document fully available to startled readers.  After we contacted the NSA on May 10 to inquire about the classification status of the document, it was immediately removed from the NSA site.

But we retained a copy of the uncensored classified article as published by the NSA, which is available here.

Secrecy News submitted several questions to NSA Public Affairs last week about the classified document, and we indicated our intention to publish it ourselves since it did not appear to meet current classification standards.  NSA officials asked for a four-day extension of our deadline to give them time to respond to our questions, and we agreed.  But that proved to be a futile gesture on our part, since the NSA Public Affairs Office in the end refused to answer any of the questions we posed.  In retrospect, it appears that NSA never intended to answer any of our questions but simply wanted to preempt the reposting of the classified document by hastily declassifying it.

The newly disclosed article was originally classified SECRET SPOKE.  SPOKE is a now-defunct classification compartment for communications intelligence, explained intelligence historian Jeffrey Richelson, who first spotted the uncensored NSA publication online.  (It so happens that Dr. Richelson’s own work is cited in the article.)

In the classified version of the article that was posted online by NSA, all of the classified paragraphs of the article were marked with the basis for their classification.  In most cases, this was section 1.4(c) of the executive order on classification, which pertains to “intelligence activities, intelligence sources or methods, or cryptology.”  In some cases, the basis for classification was section 1.4(d) on “foreign relations or foreign activities of the United States, including confidential sources.’  In a couple of other cases, the justification cited was Public Law 86-36, which is the National Security Agency Act, a statutory non-disclosure provision.  A week ago, this material purportedly posed a threat of “serious damage” to national security if disclosed.  Now all of it has been made public.

While communications intelligence is among the most sensitive categories of national security information, this article is clearly remote from any contemporary security issues.  It reviews the record of signals intelligence coverage of thirteen episodes in which Soviet forces shot down U.S. aircraft.  But those incidents occurred between 1950 and 1964 — or many generations ago in terms of intelligence technology and practice.

On the other hand, the article does present what appears to be some valuable “new” information including some fine details about SIGINT coverage of the U-2 incident in May 1960.

But the author himself acknowledged that all of this is ancient history.

“Looking back over forty years,” he wrote in the conclusion of his 1993 paper, “it may be difficult to give sufficient weight to the level of anxiety over and ignorance about the Soviet Union experienced by Americans.  Moreover, the fear of another Pearl Harbor was very real.  The airborne reconnaissance program helped reduce these fears by erasing the ignorance.”

“Little of this concern prevails today,” he noted.  “Why all the fuss? Maybe you had to be there.”

But even “being there” does not help one to understand the erratic NSA classification practices reflected in this case.  NSA classification policy seems to be completely untethered from contemporary national security threats.

Among other things, the NSA’s abrupt declassification of the the document shows that the Interagency Security Classification Appeals Panel needs to recalibrate its document review procedures.  It is now clear that the Panel was unduly deferential to NSA, and that it erred last month by giving credence to the NSA’s claims that portions of the document warranted continued classification.  Today, not even the NSA says that.

The Department of Defense has issued a new Instruction defining its response to the “insider threat” from Department personnel who engage in unauthorized disclosures of information or other activities deemed harmful to national security.

The new Instruction assigns responsibilities and authorities for systematically detecting “anomalous” employee behavior that may be an indication of an insider threat.

An insider threat is defined as “A person with authorized access, who uses that access, wittingly or unwittingly, to harm national security interests or national security through unauthorized disclosure, data modification, espionage, terrorism, or kinetic actions resulting in loss or degradation of resources or capabilities.”

A subset of the insider threat is the counterintelligence (CI) insider threat, which refers to an authorized individual who uses his access on behalf of a “foreign intelligence entity.”

A foreign intelligence entity (FIE) is “Any known or suspected foreign organization, person, or group (public, private, or governmental) that conducts intelligence activities to acquire U.S. information, blocks or impairs U.S. intelligence collection, influences U.S. policy, or disrupts U.S. systems and programs.”

All heads of DoD components are now instructed to “implement CI insider threat initiatives to identify DoD-affiliated personnel suspected of or actually compromising DoD information on behalf of an FIE.”

All military departments are expected to “conduct anomaly-based detection activities.”

See “Countering Espionage, International Terrorism, and the Counterintelligence (CI) Insider Threat,” DoD Instruction 5240.26, May 4, 2012.

The new Instruction complies with a congressional mandate in the FY2012 defense authorization act that was passed last year in response to the WikiLeaks disclosures.

U.S. Air Force policy permits the incidental collection of domestic imagery by unmanned aerial systems (drones), but ordinarily would not allow targeted surveillance of a U.S. person.  The Air Force policy was restated in a newly reissued instruction on oversight of Air Force intelligence.

“Air Force Unmanned Aircraft System (UAS) operations, exercise and training missions will not conduct nonconsensual surveillance on specifically identified US persons, unless expressly approved by the Secretary of Defense, consistent with US law and regulations,” the instruction stated.

On the other hand, “Collected imagery may incidentally include US persons or private property without consent.”

“Collecting information on specific targets inside the US raises policy and legal concerns that require careful consideration, analysis and coordination with legal counsel.  Therefore, Air Force components should use domestic imagery only when there is a justifiable need to do so, and then only IAW [in accordance with] EO 12333, the National Security Act of 1947, as amended, DoD 5240.1-R, and this instruction,” it said.

Legally valid requirements for domestic imagery, the instruction said, include surveillance of natural disasters, environmental studies, system testing and training, and also counterintelligence and security-related vulnerability assessments. Air Force units are authorized to acquire domestic commercial imagery for such validated purposes.

However, “Air Force intelligence components must not conduct or give the appearance of conducting collection, exploitation or dissemination of commercial imagery or imagery associated products for other than approved mission purposes.”  See “Oversight of Intelligence Activities,” Air Force Instruction 14-104, April 23, 2012.

Another new Air Force Instruction deals with the basic operation of Small Unmanned Aerial Systems in domestic and foreign environments.  Among other things, it recommends caution in the use of non-uniformed personnel in conducting drone combat missions.

“To ensure the noncombatant status of civilians and contractors is not jeopardized, commanders shall consult with their servicing judge advocate office for guidance before using civilian or contractor personnel in combat operations or other missions involving direct participation in hostilities,” the instruction advised.  See “Small Unmanned Aircraft Systems Operations,” Air Force Instruction 11-502, volume 3, April 26, 2012.

In its new mark of the FY2013 defense authorization bill, the House Armed Services Committee is proposing to provide the Air Force with even more money than it requested for its Predator and Reaper drone programs.  See “Congress Funds Killer Drones the Air Force Says It Can’t Handle” by Spencer Ackerman, Wired Danger Room, May 7, 2012.

Cyber security is a “nebulous domain… that tends to resist easy measurement and, in some cases, appears to defy any measurement,” according to a report issued in March by Sandia National Laboratories.

In order to establish a common vocabulary for discussing cyber threats, and thereby to enable an appropriate response, the Sandia authors propose a variety of attributes that can be used to characterize cyber threats in a standardized and consistent way.

“Several advantages ensue from the ability to measure threats accurately and consistently,” the authors write. “Good threat measurement, for example, can improve understanding and facilitate analysis. It can also reveal trends and anomalies, underscore the significance of specific vulnerabilities, and help associate threats with potential consequences. In short, good threat measurement supports good risk management.”

See “Cyber Threat Metrics” by Mark Mateski, et al, Sandia National Laboratories, March 2012.

The Obama Administration is urging Congress to renew provisions of the Foreign Intelligence Surveillance Act (FISA) Amendments Act that are set to expire at the end of this year.

“Reauthorizing this authority is the top legislative priority of the Intelligence Community,” wrote Director of National Intelligence James Clapper and Attorney General Eric Holder in a February 8 letter to Congress.

One of the key provisions, they explained, would permit the electronic surveillance of entire categories of non-U.S. persons who are located abroad “without the need for a court order for each individual target.”

Under this provision, “instead of issuing individual court orders, the FISC [Foreign Intelligence Surveillance Court] approves annual certifications submitted by the Attorney General and the DNI that identify categories of foreign intelligence targets.”

“The provision contains a number of important protections for U.S. persons and others in the United States,” according to a background paper attached to the February 8 letter, including limitations on targeting, minimization procedures to exclude information about U.S. persons, and other guidelines on acquisition.

“Failure to reauthorize [this section] would result in a loss of significant intelligence and impede the ability of the Intelligence Community to respond quickly to new threats and intelligence opportunities,” the background paper stated.

Proposed legislative language to enact an extension of Title VII of the FISA Amendments Act was transmitted to Congress by the DNI in a March 26 letter.

The American Civil Liberties Union disputes the adequacy of the FISA Amendment Act’s protections for U.S. persons and is challenging the constitutionality of the Act in a lawsuit that is pending before the U.S. Supreme Court.  The ACLU is also asking Congress to “Fix FISA by prohibiting dragnet surveillance, mandating more transparency about the government’s surveillance activities, and strengthening safeguards for privacy.”