SECRECY NEWS
from the FAS Project on Government Secrecy
Volume 2009, Issue No. 104
December 24, 2009

Secrecy News Blog: http://www.fas.org/blog/secrecy/

GAO: RELEASE OF NUCLEAR DOCUMENT CAUSED NO DAMAGE

A five-month long investigation by the Government Accountability Office determined that the inadvertent publication of a 267 page document describing U.S. civilian nuclear research facilities caused no damage to national security and did not require any remedial security measures at the cited facilities. Yet surprisingly, even though its publication had no adverse consequences at all, GAO endorsed the claim that the document was "sensitive" and recommended that rigorous new procedures be adopted to prevent public disclosure of such information in the future.

See "Managing Sensitive Information: Actions Needed to Prevent Unintended Public Disclosures of U.S. Nuclear Sites and Activities," Government Accountability Office report GAO-10-251, December 2009:

The inadvertently disclosed document, a draft U.S. government declaration to the International Atomic Energy Agency (IAEA), was transmitted from the White House to Congress in May 2009. Though it was identified in a cover letter as "sensitive but unclassified," it was forwarded to the Government Printing Office for publication and was incorporated in an online GPO document database. Secrecy News identified the document and republished it on June 1 ("U.S. Declares Nuclear Sites to the IAEA," June 1). The New York Times, the Washington Post and other publications reported on it on June 3. Concluding that a mistake had been made, the GPO removed the document from its public database and recalled the hardcopy editions. But by that time, tens of thousands of copies had been downloaded around the world. Speaker of the House Nancy Pelosi asked the GAO to investigate who was at fault, and what damage had been done.

Almost everyone involved was at fault, the GAO concluded. But what is more remarkable is that the disclosure of the ostensibly "sensitive" document was found to have caused no damage to security at all.

GAO said that the agencies that prepared the unclassified compilation had carefully reviewed it prior to transmitting to Congress "to ensure that information of direct national security significance was not included." In cases where site-specific details were described in the draft declaration, such information "was publicly available on agency Web sites or other publicly available documents." Department of Energy officials told GAO that "no information detrimental to national security was included in the document."

After the unintended disclosure of the draft declaration occurred, agencies once again reviewed facility security in light of the document's public availability. "Based on these assessments, DOE officials told us they did not increase security at any site," the GAO said. Operators of an NRC facility likewise "determined the procedures they had in place were sufficient, even with the release of the draft declaration."

Unfortunately, instead of critically questioning the "sensitivity" of such a demonstrably innocuous document, the GAO report took for granted that it should never have been published. Worse, GAO proposed strict new procedures to limit any future disclosures of this kind.

But if a document produces no detrimental effects when disclosed, then it is not sensitive in any meaningful sense of the word. More rigorous procedures are needed to prevent the unnecessary protection of such material, not to enforce it. Having missed that central point, the GAO report represents a lost opportunity to advance a more sensible information security policy.

* * *

The public disclosure of the draft declaration generated an unusual volume of confusion and misinformation.

"It is probably not that dangerous," said David Albright of the Institute for Science and International Security in the Washington Post (6/3/09), "but it is a violation of the law." But that is not correct. There is no law prohibiting disclosure of the information in the draft declaration, and so there was no violation of the law.

The document is "a one-stop shop for information on U.S. nuclear programs," I found myself saying in the New York Times (6/3/09). Besides being glib, that wasn't correct either. The draft declaration dealt only with civilian research programs and excluded U.S. military nuclear programs.

Sen. Christopher Bond (R-MO) said it was all FAS's fault. "There's a group called the Federation of American Scientists - a far Left-wing fringe group that wants to disclose all our vulnerabilities," he explained to reporters. "I don't know what their motives are but I think they are very dangerous to our security." ("Senator Bond concerned by online posting of civilian nuke sites" by Steve Walsh, Missouri News, June 3, 2009.)

In fact, it is now clear from the GAO investigation that no vulnerabilities were disclosed, no damage to security resulted, and no corrective security measures were required.

* * *

Although the International Atomic Energy Agency said in response to an inquiry from FAS that it had no objection to publication of the draft declaration (a fact not noted by the GAO), officials from several U.S. agencies months later remained adamantly opposed to continued public access to the document.

At an August meeting at the State Department, an NRC official told FAS's Ivan Oelrich and me that the document contained information on the uranium enrichment capacity of certain U.S. companies, the disclosure of which could somehow put them at a commercial disadvantage with foreign uranium producers. But there are no known indications that anything like that has come to pass.

Another official with the rank of Ambassador made the astonishing claim that if other countries saw just how cursory the U.S.'s reporting of its nuclear activities was, they would soon reduce their own cooperation with the IAEA to a similar, minimal level.

A senior State Department official therefore urged FAS to remove the draft declaration from our website. The official acknowledged that the document had already been widely disseminated internationally, that it was still posted on several other websites, and that removing it from the FAS website would not make any practical difference of any kind. But the official courteously requested that we do so, as a "favor." We agreed.

Some day, and that day may never come, we will call upon the State Department to do a favor for us.

******************************

Secrecy News is written by Steven Aftergood and published by the Federation of American Scientists.

See also "Reducing Government Secrecy: Finding What Works" by Steven Aftergood, Yale Law and Policy Review, vol. 27, no. 2, Spring 2009:
      http://www.fas.org/sgp/eprint/aftergood.pdf

The Secrecy News blog is at:
      http://www.fas.org/blog/secrecy/

To SUBSCRIBE to Secrecy News, go to:
     http://www.fas.org/sgp/news/secrecy/subscribe.html

To UNSUBSCRIBE, go to:
      http://www.fas.org/sgp/news/secrecy/unsubscribe.html

OR email your request to saftergood@fas.org

Secrecy News is archived at:
      http://www.fas.org/sgp/news/secrecy/index.html

SUPPORT the FAS Project on Government Secrecy with a donation here:
      http://www.fas.org/member/donate_today.html