President Clinton issued the first systematic post-cold war reform of government secrecy policy on April 17. Executive order 12958 on classified national security information, which will take effect on October 16, should lead to the near-term declassification of hundreds of millions of pages of cold war documents.
The final text of the executive order closely resembles that of the last major draft (see S&GB 44), with its requirement for automatic declassification of most older documents at 25 years, and provisions for automatic declassification of most new documents after 10 years. Changes made since the last draft include the following:
The emerging turf battle between the Information Security Oversight Office (ISOO) and the interagency Security Policy Board (SPB) was resolved by giving the SPB authority for safeguarding classified information-- e.g. establishing policies on locks, safes, German shepherds, etc.-- while ISOO retained authority for everything else.
"The Security Policy Board got a foot in the door, but they didnUt get any of the prestigious stuff," said one official who believes that some aspects of secrecy policy are prestigious.
The next big challenge is to assure implementation of the new policy. The first order of business is the preparation of five new directives. Directives on classification and marking principles; on security education and training programs; on agency self-inspection programs; and on classification and declassification guides are to be prepared by the ISOO. A fifth directive on safeguards is to be prepared by the SPB.
"We want the new directives out as quickly as possible," said ISOO director Steven Garfinkel on April 20, since they will be needed by the agencies to prepare their own internal guidelines and directives. Mr. Garfinkel said that longstanding interagency disputes had subsided with the issuance of the new order, and that all parties were moving expeditiously to achieve compliance with the new order. He described the situation as "hopeful."
With all of its compromises and limitations, the new executive order is probably about as forthcoming as it could be at the present time, given the Administration's insistence on consensus decision-making. "The national security agencies came very far [to concur with the new order]," said one White House official. "Not as far as they need to, but surprisingly far."
In fact, one might be grateful that the new order was issued at all. The deliberative process dragged on so long that the whole effort could easily have been abandoned, and probably would have been if not for a few committed government officials, like Garfinkel and others. "Please don't give me credit for this," said the White House official, who deserves some of the credit.
Mr. Garfinkel noted that revisions to the current classification system were first drafted in 1985. "This wasn't a two year reform process, it was a ten year reform process!" he said. At that rate, it will soon be time to start working on the classification system after next.
EO 12958 appeared in the Federal Register on April 20 (pp. 19825-19843).
The CIA is abolishing certain overlapping or obsolete intelligence classification markings in an attempt to relieve some of the bottlenecks in the flow of classified information.
On April 12, Acting Director of Central Intelligence Studeman eliminated two common classification markings-- WNINTEL and NOCONTRACT-- which, he said, "have clearly outlived their usefulness." The decision was implemented in a new revision of DCI Directive 1/7, "Security Controls on the Dissemination of Classified Information." A copy was obtained by S&GB.
WNINTEL (pronounced win-in-tel) stands for "Warning Notice - Intelligence Sources or Methods Involved." NOCONTRACT indicates "Not Releasable to Contractors/ Consultants."
"WNINTEL was always used in conjunction with one or more other control markings and added no value to understanding the content of the material," Admiral Studeman wrote in a transmittal memo.
"NOCONTRACT will no longer be used on any newly created documents or other materials," he instructed. "In all but unresolved conflict of interest and unfair competitive advantage cases, Senior Officials of the Intelligence Community will now be able to release intelligence bearing the NOCONTRACT marking to appropriately cleared and access-approved contractors."
The elimination of NOCONTRACT is potentially significant since it will facilitate contractor access to counterintelligence (threat) data, which has long been in demand. The action may also enhance industry access to foreign economic intelligence, although that subject is not mentioned by the Acting DCI.
More generally, the new Directive declares for the first time that "It is the policy of the Director of Central Intelligence that intelligence be disseminated on a timely basis and as widely as possible...."
Next on the CIA's agenda is the elimination of NOFORN ("not releasable to foreign nationals") and ORCON ("dissemination and extraction of information controlled by originator"), due within 120 days of the April 12 directive.
The Security Policy Board (SPB) is taking preliminary steps to forge a government-wide computer security policy in seeming disregard of legal and other obstacles. Its first task will be to prepare a terms of reference (TOR) document to identify the major information systems security issues that need to be addressed.
The vulnerability of U.S. information systems to interception, disruption or destruction is "a very, very big national problem that is very, very expensive to do something about," said then-Deputy Defense Secretary John Deutch at an April 24 meeting of the SPB.
Moreover, Dr. Deutch said, the whole problem is "ideally designed for the U.S. government not to be able to cope with it," according to draft minutes of the SPB meeting obtained by S&GB.
Indeed, the entire computer security policy process is stymied by the swift pace of technological development, competing bureaucratic interests, legal barriers, and widespread suspicion of the SPB itself.
"There's been no change in DOD [computer] security policy for twenty years," said John Elliff of the Office of the Assistant Secretary of Defense (C3I) on April 20. "It's way out of date." Richard Grau of Rincon Research Corporation noted that some important new information technologies did not even exist six months ago when the latest security standards were being drafted.
The Security Policy Board has, if anything, set the reform process back by attempting to claim authority over all government information systems, including the vast majority that do not involve classified national security information. The SPB stance has elicited strong opposition from the Commerce Department and other civilian agencies (see S&GB 47). Furthermore, it appears to conflict with the Computer Security Act of 1987, which deliberately established separate spheres of authority for the classified and unclassified worlds. And it has inspired at least one lawsuit, filed by the Electronic Privacy Information Center.
But "separation is not a real option any longer," Dr. Deutch told the SPB, which he co-chairs. He said that an initial "no holds barred" inquiry into preparing a comprehensive, government- wide computer security policy should proceed. "Let's try it and see where it goes."
Raymond Kammer of the National Institute of Standards and Technology asserted darkly that "once the issues are clearly defined, there is a great potential for intentional distortion by some people."
A poll of U.S. public attitudes has found that "Overall support for security and counter-espionage measures is quite strong. Only in terms of the classification of secrets does the majority favor the anti-security position."
A survey last year found that 56% of the public believes that too many documents are classified. At the same time, however, 76% support a "high level of secrecy" when it comes to protecting technologies with military applications.
The poll was commissioned by the Department of Defense Personnel Security Research Center (PERSEREC) in Monterey, Calif. The report on the survey, entitled "Public Attitudes Towards Security and Counter-Espionage Matters in the Post Cold War Period" (November 1994), is available from S&GB for $2.
Confronted with the proposition that "Given the world situation, the government protects too many documents by classifying them as Secret and Top Secret," 13.9% of the respondents strongly agreed, 42% agreed, 17.1% neither agreed nor disagreed, 17.5% disagreed, 4.4% strongly disagreed, and a scrupulous 5% said they "don't know."
Public attitudes towards secrecy and security policies such as background checks were also correlated in the survey with a variety of social factors such as attitudes towards government and the military, patriotism, political orientation, religious sentiment including a belief in Bible inerrancy, concern with civil liberties, crime, obedient children, personal freedom, deviance, and misanthropy.
Of course, polls can be devised to confirm any prejudice that the pollster may have. 74% of the public knows that. But the PERSEREC survey has every appearance of methodological rigor. Thus, "a factor analysis with a varimax rotation does indicate that there is not a simple and general security dimension" (p. 2)- - which seems indisputable.
While acknowledging public concern about over- classification, PERSEREC Director Roger P. Denk concluded that "It appears that current government personnel security policy in connection with granting access to classified information is in synch with the climate of public opinion."