On to Chapter Two.
The main purpose of this document is to comprehensively develop and describe principles for the classification of information. The classification principles of interest are those principles that guide the original classification of information, as contrasted to principles for the derivative classification of documents or materials. Original classification is a determina-tion that information requires protection for national security reasons and that this information is not already classified under existing classification guidance. Derivative classification is a determination that a document or material contains or reveals information already classified.
Although this document focuses on principles for the original classification of information, derivative classifiers should also find its contents interesting and useful. Many derivative classifiers help prepare classification guides, which are written records of original classification decisions. Therefore, a knowledge of classification principles, and the rationale for those principles, should assist those classifiers when they help prepare classification guides.
Classification decisions, whether original or derivative, are frequently difficult to make. Objective principles are needed to help make those decisions. Although security classification of information for national defense and foreign relations reasons (national security reasons) is an ancient practice, the basic principles that guide classification decisions have never been comprehensively discussed. Existing classification principles need to be explicitly identified, explained, and compiled so that classifiers can be aware of them, can understand them, and can use them to make effective and consistent classification decisions. Additional classification principles need to be formulated because existing principles do not ensure that all matters pertinent to classification decisions are considered when those decisions are made. This document was prepared to comprehensively discuss existing principles for classification of information and to describe some proposed new principles.
Although classification of certain information by our government is necessary for national security reasons, such withholding of information from the public is to some extent at variance with our nation's fundamental principle of having a public informed about all governmental activities. Therefore, it is especially important that a system of classification-of-information principles have a solid foundation and framework so that information is classified only when necessary. To the author's knowledge, such a foundation has not yet been described. Such a foundation needs to be proposed; this document attempts to describe such a foundation.
To develop a foundation for the security classification of information, this author found it reasonable to examine some other fields of knowledge, analogous to classification of information, for rules or guidelines that might be similar to classification principles. If that other field has been long established, with rules that have survived rigorous debate and that have their roots deep in our culture, then one can be reasonably confident that those rules are soundly based. If some classification principles are similar to some of those rules, then one can be reasonably confident that those classification principles are also soundly based. Further, an examination of the other field of knowledge might also provide insights that would lead to new classification principles.
Trade secret law is a field of knowledge that is analogous to classification of information, especially to the classification of scientific and technical information. Trade secret law is a particularly useful field from which to draw analogies because our legal system has an especially firm foundation. Therefore, classification principles that are similar to legal principles should be very reliable.
Since analyzing trade secret law as a possible foundation for or support of classification-of-information principles is somewhat outside the main purpose of this document, that analysis has been relegated to Appendix A, which provides a discussion of the many similarities between trade secret law and classification of information and, more importantly, describes some rules of trade secret law that are analogous to certain classification of information principles. Later chapters of this document mention those trade secret law rules to provide support for existing and proposed classification principles.
This volume's comprehensive discussion of classification of information principles starts in Chapter 2 with a description of the two major broad types of classified information-- subjective secrets and objective secrets. Unfortunately, not much has been written about broad types of classified information since shortly after the end of World War II. At that time, scientists and others were concerned about the continued extensive classification of much scientific or technical information that had been generated during that war. In particular, there were intense discussions about how much and what kind of atomic energy information should continue to be classified. Chapter 2 summarizes the published knowledge on the major broad types of classified information. It is hoped that this presentation will stimulate more discussion about characteristics of the major types of classified information.
Chapter 3 presents an overview of classification of information, including a discussion of the differences between National Security Information and classified "atomic energy information." That chapter mentions the major decisions that need to be made to determine whether information should be classified and outlines the steps that need to be taken to reach those decisions.
The heart of this document is contained in Chapters 4 through 6. The primary objective of those chapters is to describe three major steps which must be carried out when deciding whether information should be classified. Those steps are (1) determining whether information under consideration for classification is or can be controlled by the government (Chapter 4); (2) determining the risks and benefits of information disclosure (the benefits and costs of classifying information) (Chapter 5); and (3) balancing information disclosure risks and benefits to establish whether disclosure of the information could, on balance, damage the nation (Chapter 6).
Chapter 5 proposes six criteria for evaluating information disclosure risks and eight criteria for evaluating information disclosure benefits. Elements of each criterion are discussed. Chapter 6 gives an extensive rationale for incorporating a risk-benefit balancing process into classification decisions. This balancing process, which has always been an essential part of declassification decisions on atomic energy information (Restricted Data and Formerly Restricted Data), does not appear to be widely used for making classification decisions for National Security Information, the other category of classified information. Such balancing should be a required step in making all classification (and declassification) of information decisions. Chapter 6 also includes some proposed standards for balancing information disclosure risks and benefits. Those standards are based on atomic energy information declassification standards and on rules of our legal system for weighing evidence in civil and criminal trials.
The classification level of information (Top Secret, Secret, or Confidential) and the duration of classification of information are described in Chapters 7 and 8, respectively. The little guidance existing for determining classification levels is summarized in Chapter 7, and some new guidance is proposed. Chapter 8, in addition to generally discussing principles for determining the duration of classification of information, also proposes that in some instances the estimated duration of classification might be based on the number of people who know the classified information. This proposal is extensively discussed in Appendix G. The equation derived in Appendix G for estimating the probability of unauthorized disclosure of classified information might be very useful in assessing vulnerabilities in information security programs for classified projects.
Classifying information because of its association with other information is described in Chapter 9. The principles to be used in those classification decisions are relatively straightforward and are widely accepted. However, there is extensive disagreement among classifiers on whether compilations of unclassified information should sometimes be classified and whether compilations of many items of information classified at one level (e.g., Confidential) should sometimes be classified at a higher level (e.g., Secret). Chapter 10 discusses classification of compilations in detail and proposes some rules to be used in those situations.
Throughout most of this document the discussions are about classification of information. Since principles for declassifying information are quite similar to principles for classifying information, it should be understood that, in general, those discussions could equally apply to declassification of information situations. Also, principles for downgrading information (i.e., reducing its classification level) are similar to principles used to determine the classification level of classified information. The last chapters of this document discuss principles for downgrading and declassifying information.
The major classification area of interest throughout this document is on scientific or technical information, regardless of whether the classified information is Restricted Data, Formerly Restricted Data, or National Security Information. Although this is only one area of classifiable information, it is the area of most interest to the author. It is also the area of most interest to contractors to the Department of Energy and the Department of Defense. However, as a matter of general interest and to provide some insight into classification principles used for other classifiable National Security Information areas, brief discussions on the classification of those other areas are included as appendixes to this document.