Site menu:
Archives
|
Photographs courtesy of the National Archives
On behalf of the Board, I want to thank all those who came to our public meeting yesterday at the National Archives. We delivered our Report to the President on Transforming the Security Classification System last week and released it on our website yesterday. I also wish to thank David Ferriero, Archivist of the United States, for his hospitality and kind words yesterday – and also thank him for his continued support as we developed our recommendations.
Thank you to all who commented publicly at the event. And thank you to all who provided input as we drafted the report. We are especially appreciative for the advice and comments we received as we developed our recommendations for this report. We received comments from the public, from civil society and transparency groups, from industry and technologists, and from classifiers, declassifiers, and leaders at Federal agencies and departments.
We want to continue our discussion with you by inviting you to continue making comments on our Transforming Classification blog. Tell us what you think about the specific recommendations in the report. We are also interested in your ideas of what next steps you think we should take as a Board, either in helping to implement the recommendations, or in new projects we should seek as develop a work plan for the future.
Again, I want to reiterate our appreciation in your interest in this most important topic and we look forward to reading your comments. Please continue to follow the Board and our activities through our website and blog.
Photo courtesy of the National Archives
Today, the Public Interest Declassification Board released online its recommendations to the President on Transforming the Security Classification System. It recommends fundamental changes that ensure the classification system will function fully to protect our nation’s security and to allow for democratic discourse in the 21st century. The full report can be found at http://www.archives.gov/declassification/pidb/recommendations/transforming-classification.html.
We concluded that new policies for classifying and declassifying information are required. The classification system has not kept pace with our information age and no longer supports users as it should. The secrecy system should be streamlined and better aligned with safeguarding practices and less information should be classified overall. Overall, there needs to be a better balance between what is classified and what is available to the American public.
Technology is at the core of our recommendations for a needed transformation of the declassification system. Current page-by-page review processes are unsustainable in an era of gigabytes and yottabytes. New and existing technologies must be integrated into new processes that allow greater information storage, retrieval, and sharing. We must incorporate technology into an automated declassification process.
Our study involved the participation of stakeholders across Government, the private sector and civil society groups – thank you all for your comments and ideas. Please continue to follow the Board’s activities as we share our recommendations with our stakeholders and support this most important transformation area fundamental to transparency and open government initiatives.
Photographs courtesy of the National Archives
The classification system was created seventy years ago in an era of paper and later copier paper. Secret information was meant to be shared sparingly and disseminated to only those few Federal Government officials with a “need to know.” With the end of the Cold War, the classification system has not evolved to counter new national security threats. As the information age changed rapidly from paper to an electronic era, the classification system is unable to keep up with the dramatic changes in information creation. Filing cabinets full of paper have been replaced by gigabytes, yottabytes, and zettabytes of information created and stored within virtual systems. Managing this unimaginable volume of data requires entirely new policies unencumbered by a Cold War and paper-based mindset.
Classification and declassification are not keeping pace with the myriad of challenges facing the system: digital information creation, access for cleared persons, existing backlogs of paper holdings awaiting declassification review, long-term storage requirements, or the rights of a democratic society to as much information as possible about its Government. Agencies still review records for declassification line-by-line and page-by-page. This process is unsustainable and will not work when dealing with petabytes and gigabytes of information.
Available technologies are rarely used to meet current needs; neither are agencies preparing to use these technologies to handle the enormous volume of digital records. As a result, the Government is currently unable to preserve or provide access to a great many important records. Agencies should collaborate on policy, share technologies, pilot tests, promote best practices and develop common standards.
That is why we believe the best way to promote inter-agency collaboration, integrate technology, and reform classification processes is for the President to appoint a White House-led Security Classification Reform Steering Committee and hold them accountable for developing new methods to modernize classification and declassification. The Steering Committee would be responsible for managing the implementation of reforms required to transform current classification and declassification guidance and practice.
Part of this modernization effort will require pilot projects to test new and existing technologies that can support new policies that allow for efficient and effective classification and declassification. These pilot projects should begin at the National Declassification Center and would investigate methods for automating and streamlining declassification, away from resource-intensive and inefficient page-by-page reviews. Later, pilot projects should explore how technology could be used to combat over-classification and improve classification.
The ultimate goal of the pilot projects is to discover, develop, and deploy technology that will:
- Automate and streamline declassification and classification processes, and ensure integration with electronic records management systems.
- Provide tools for preservation, search, storage, scalability, review for access, and security application.
- Address cyber security concerns, especially when integrating open source information into classified systems.
- Standardize metadata generation and tagging, creating a government-wide metadata registry, drawing on lessons learned from the intelligence community.
- Accommodate complex volumes of data (e.g. email, non-structured data, and video teleconferencing information).
- Advance government-wide information management practices by supporting the President’s Memorandum on Managing Government Records.
Policymakers have the opportunity to transform the classification and declassification system to one that meets the needs of today’s digital information age. The use of technology will be critical to the modernization of the system.
Documents courtesy of the National Archives and the photograph is courtesy of the Defense Threat Reduction Agency.
It is time to allow certain types of historical nuclear information to be reviewed for declassification and public access. In the aftermath of World War II, the Government recognized the need to keep nuclear weapons information tightly controlled. Over time, the Government realized that there were two broad categories of nuclear weapons related information and their dissemination controls were quite different. Policy makers and Defense Department personnel needed to have operational and policy information related to the military utilization of nuclear weapons – but there was no need to give them access to critical and technical design information on how to build a nuclear weapon. The Government created special access controls and separate classification systems for these two types on information – “Restricted Data” or “RD” pertained to information that could be used to build atomic bombs, while “Formerly Restricted Data” or “FRD” concerned policy and military use. These classification systems were outside the Executive orders that governed all other classified national security information.[1]
Historical FRD information is of high interest to Cold War and nuclear policy historians. It includes storage locations, stockpile information and policy discussions of what types of bombs to build, how big to make them, and where to put them, including in foreign countries as part of our military and deterrence strategy during the Cold War. The declassification of this information AFTER A CAREFUL REVIEW would allow greater understanding of the role nuclear weapons played in our national defense and allow for analysis on their successes and shortcomings.
Yet, declassification review of this information is extremely difficult and complex. Requests for this information are routinely denied, and it is automatically excluded from declassification review under EO 13526. There is no systematic effort to allow this type of information to be considered for declassification, even though much of it is obsolete and no longer has any military or political SENSITIVITY. Requests for this information are routinely denied WITHOUT ANY SERIOUS REVIEW OF WHETHER THE INFORMATION NEEDS TO REMAIN OUT OF THE PUBLIC’S ACCESS. The public does not understand this arcane policy, especially when so much historical nuclear policy information is ALREADY in the public domain, perhaps suggesting that the policy is even confusing to those using the system. To be sure, certain of this information should retain the protection of its FRD classification if OUR NATIONAL SECURITY REQUIRES IT. The Public Interest Declassification Board recommends that the classification status of historical FRD information be re-examined. A process should be implemented for the systematic declassification review of this information that balances the concerns of agencies to protect what is needed, while serving the public interest by declassifying more. There are high costs with associated with maintaining separate and competing classification systems. There is confusion among agencies WHICH are asked to interpret two sets of policies, guidance, and procedures. While the Department of Energy (DOE) has sole ownership of RD information, FRD information is jointly owned by DOE and the Defense Department and they are responsible for administering and regulating access to FRD. But existing procedures and processes have had little effect in declassifying obsolete historical nuclear policy information. IT IS TIME TO ADDRESS THIS COMPLEX ISSUE.
[1] Restricted Data (RD) information is defined by the Atomic Energy Act as information concerning the design, manufacture, or utilization of atomic weapons; the production of special nuclear material; and the use of special nuclear material to generate electricity. FRD information primarily concerns the military utilization of nuclear weapons, including storage locations and stockpile information. As designated by the Department of Energy under 10 CFR 1045, FRD information is classified information that has been removed from the Restricted Data category after the Departments of Energy and Defense jointly determine that it relates primarily to the military utilization of atomic weapons and can be adequately safeguarded in a manner similar to national security information.
Photo courtesy of the National Reconnaissance Office
Executive Order 13526, “Classified National Security Information” and its two predecessors established specific, time-based declassification requirements for all national security agencies. Despite these identical mandates, a Government-wide approach to declassification remains elusive. Separate agency declassification programs evolved into a segmented declassification system where each agency reviewed its information and attempted to identify any classified information created by other agencies. Agencies are required to perform the same tasks, such as completing automatic, systematic, and mandatory declassification reviews, yet their design and implementation of these requirements are disintegrated and lack interoperability, resulting in inefficient inter-agency coordination.. The declassification system has become increasingly inefficient and complex. Accordingly, the public has become increasingly frustrated and confused by what it encounters when trying to navigate the labyrinth of agency programs.
Declassification performs a service crucial to democratic society, informing citizens and promoting responsible dialogue between the public and Government. There are significant policy benefits from declassification that can aid national security decisions and diplomacy. Declassification is a valuable information sharing tool, particularly when information holders must partner with stakeholders outside the intelligence and defense communities. Information may be the newest and most important policy tool of the modern era, with declassification during operations offering a strategic advantage. Public release not only makes policymakers accountable for their decisions and actions; it also affords agencies the opportunity to correct misinformation in the public domain and bolster their position in current debates.
One of the main recommendations found in the Board’s 2008 Report to the President on Improving Declassification included the recommendation of creating a center dedicated to declassification. The center would focus not only on processing the huge paper backlog of records at the National Archives, but would also work to improve the declassification system across government to make it more efficient and effective for users. The result of this recommendation was the establishment of the National Declassification Center, which has accomplished a great deal in tackling the immense 366 million page backlog of records. However, many documents still await declassification review. The NDC’s efforts are often stymied by the needlessly redundant and burdensome referral process, as well as the refusal by agencies to appropriately manage risk.
For these reasons, the Board recommends the President bolster the authority and capacity of the National Declassification Center with specific measures to advance a government-wide declassification strategy.
Specifically, Executive Order 13526 should be amended to eliminate the additional three years now permitted for review of multiple agency equities in all archival records (including those stored outside the NDC). The requirement of agencies to share declassification guidance with other classifying agencies and the NDC should be strengthened. Retention of agency declassification authority should be contingent upon sharing agency guidance. The President should direct Agencies to consult the NDC before prioritizing their records for declassification and transfer to the National Archives. The Interagency National Declassification Center Advisory Panel (NAP) should have representation from the public, including representation from the Government Openness advocacy community. An inter-agency effort to develop new declassification review processes should be coordinated by the NDC and be based on a risk management approach.
Without dramatic improvement in the declassification process, the rate at which classified records are being created will drive an exponential growth in the archival backlog of classified records awaiting declassification, and public access to the nation’s history will deteriorate further. It is am imperative that the NDC continue its leading role in working with agencies and the public to collaboratively look for new technological solutions, rooted in updated policies and practices, that tackle the growing volumes of information, particularly digital information, that await declassification review.
Photograph courtesy of the National Archives
“It is time to reexamine the long-standing tension between secrecy and openness, and develop a new way of thinking about government secrecy as we move into the next century.” -Report of the Commission on Protecting and Reducing Government Secrecy, 1997, Senate Document 105-2, Public Law 236.
Document Courtesy of the National Security Agency
After extensive research and discussions with stakeholders in and outside Government, the Board has concluded that the current classification system is too antiquated to fully support today’s national security mission. The system keeps too many secrets, and keeps them too long. Its practices are overly complex, and serve to obstruct desirable information sharing inside of government and with the public. There are many explanations for over-classification: much classification occurs essentially automatically; criteria and agency guidance have not kept pace with the information explosion; and despite numerous Presidential orders to refrain from unwarranted classification, a culture persists that defaults to the avoidance of risk rather than its proper management.
To partially address the concerns of excessive classification, we recommend that classification be simplified and rationalized by placing national security information in only two categories. This would allow proper alignment with the actual two-tiered practices existing throughout most of government for information protection security clearances, physical safeguarding, and information system accreditation.
Top Secret would remain the Higher-Level category, retaining its current, high level of protection. All other classified information would be categorized at a Lower-Level, which would follow standards for a lower level of protection. Both categories would include compartmented and special access information, as they do today.
Newly established criteria for classifying information in the two tiers would identify the needed levels of protection against disclosure of the information. Identifiable risk should be the basis for determining if a level of protection is needed and if classification is warranted and, if so, at what level and duration.
The difficulty of applying the current concept of presumed “damage” during derivative classification would be replaced by a more concrete application of the level of protection necessary for sharing and protecting. This change in guidance would reflect how classification is actually practiced by derivative classifiers – deciding how much protection is needed based on the sensitivity of the information to both protect and share appropriately.
We understand that the adoption of a two-tiered model will pose greater challenges for those agencies whose internal practices are more dependent upon current distinctions between Secret and Confidential. We are not advocating for simply eliminating the Confidential category of classification, thereby exacerbating problems of over-classification in the system. Rather, we believe the adoption of a two-tiered model would align the classification system to what is actually occurring in practice throughout Government. Confidential information is safeguarded on Secret-level systems. The Lower-level of classification in the two-tiers will be defined by the appropriate levels of protection needed to ensure the classified information may be secured and shared appropriately. Guidance must be updated and longstanding practices of rote classification in the current system must be redesigned to make classifiers re-think deep-rooted cultural biases that favor classification and instead choose not to classify in the first instance unless a risk assessment proves protection is needed.
The Public Interest Declassification Board will host an open meeting on Thursday, December 6, 2012 to discuss its recommendations to the President on Transforming the Security Classification System. The full Report to the President will be published online on December 6th at http://www.archives.gov/declassification/pidb. The meeting will focus on the Board’s fourteen recommendations for transformation. The recommendations center on the need for new policies for classifying information, new processes for declassifying information, and the imperative for using and integrating technology into these processes. Press and media are welcome to attend.
When: Thursday, December 6, 2012 from 9:00 a.m. – 10:30 a.m.
Doors Open: 8:45 a.m.
Where: The Archivist’s Reception Room, Room 105 in the National Archives Building
Address: 700 Pennsylvania Avenue, NW, Washington, D.C.
(Note: Attendees must enter through the Pennsylvania Avenue entrance.)
RSVP: pidb@nara.gov
Space is limited and attendees must register via pidb@nara.gov; provide your name and professional affiliation (if applicable). You will receive a confirmation e-mail from the Public Interest Declassification Board staff confirming your reservation. Please note that one form of Government-issued photo identification (e.g. driver’s license) is required to gain admittance.
In anticipation of the report’s release, today the Board will re-engage its followers by re-opening its blog, Transforming Classification, where it will post summaries of some of the key recommendations in the report. Be sure to stay connected to the Board’s activities and look for more information about the Board on its website: http://www.archives.gov/declassification/pidb.
The Public Interest Declassification Board is pleased to announce the completion of its report, Transforming the Security Classification System. The President asked that we study the security classification system and make recommendations for its transformation to better meet the needs of users in the digital age.
The report will be released to the public on the Board’s website on Thursday, December 6, 2012.
The Board consulted extensively with experts from the Government Openness advocacy community, civil society and transparency groups, archival researchers, and technologists and solicited opinions from distinguished civil servants, Executive department and agency officials and the Congress. Our efforts were designed to gain a broad perspective on issues confronting the classification system and led to the fourteen core recommendations in this report.
The classification system exists to protect national security, but its outdated design and implementation often hinders that mission. The system is compromised by over-classification and, not coincidentally, by increasing instances of unauthorized disclosures. This undermines the credibility of the classification system, blurs the focus on what truly requires protection, and fails to serve the public interest. Notwithstanding the best efforts of information security professionals, the current system is outmoded and unsustainable; transformation is not simply advisable but imperative.
We believe transformation will require a White House-led steering committee to drive reform, led by a chair that is carefully selected and appointed with specific authorities granted by the President. In anticipation of the report’s release, we will re-engage our followers by re-opening our blog, Transforming Classification, where we will post summaries of some of the key recommendations in the report beginning Monday, November 26, 2012. Be sure to stay connected to the Board’s activities and look for more information about the Board on our website: http://www.archives.gov/declassification/pidb.
Thank you for participating in the Transforming Classification Blog. The Blog is now closed for comments. The Board appreciates all of the comments and submissions that were received.
We will continue to evaluate the comments and submissions you posted on the blog as we consider what changes to make on how best to transform the classification system in response to the President’s request.
by admin on June 12, 2011
I read the PIDB papers as well as the submissions from the seven commentators. Rather than comment through a blog on each of the proposals, I decided to summarize my reactions and raise a few additional issues. I am numbering the paragraphs to make it easier to see the separate topics.
1. In general, I believe the Board is moving in the right direction. Certainly any transformation must be Janus-faced, just as archival systems are: looking forward to processes to be adopted in the future while finding new ways to deal with the legacy of past systems. The PIDB papers recognize that, although not always explicitly. The aim must be to reduce prospectively reduce the burden while reducing the backlog.
2. Looking forward, the promise of computer technology must be explored, including a process of continuous updating and recording the status of items or portions of items. The idea of a research laboratory somewhere, whether at NDC or in one of the agencies, is a good one. The CACI characterization of “self-declassifying documents” is a useful one to pursue. However, I think these techniques must be coupled with a greatly reduced scope of classification and therefore volume of classified items. The government needs to be very clear about what it really must protect and then do a serious job of managing those items.
3. One area that is not sufficiently explored in the papers is the problem of declassifying audiovisual and geographic material. While some of this could be tagged in the future technology system, it would likely require special handling, especially for streaming audio and video where the discrete parts are not obvious. In the past information in this format has been limited to a few specialized agencies, but it appears likely that many more agencies will use these systems in the future, whether satellite images for flood management, photos from video cams on a battlefield, or feeds to the White House during the Osama bin Laden raid.
4. Regularizing the declassification review of classified Congressional records is needed. The PIDB paper seems aimed exclusively at paper records, but any arrangement should include the full range of Congressional electronic and audiovisual records (such as video or audio of closed hearings) as well. And the availability of these records for FRUS compilers is a very important step.
5. Just as the PIDB is now looking at the legislative branch, it might be worth considering whether the judicial branch retains any classified records when a hearing involves the in-camera presentation. In particular, does the Foreign Intelligence Surveillance Court retain any classified items? If so, a process for declassifying those should also be considered.
6. Discretionary declassification and release of contemporary national security information is certainly possible, although in the past the costs have been considerable for entities like the JFK review board. Rather than set up a separate entity, Congress might give a mandatory instruction to NDC to undertake a specific project.
7. Simplifying the declassification process for historical records—Janus looking back—is essential. The PIDB paper has it just right: until the “ownership” question is solved, this referral system will stymie any other reform efforts. I favor the single centralized review option. I do not think agency training and manuals to be used by many different entities across the government, even if frequently repeated and updated, will be as effective as a single team that can be held accountable for its work.
8. The PIDB needs to address the issue of when and how the U.S. Government will protect the classified information of a foreign government. As I understand the system at present, if the information in a U.S. created item comes from a friendly government, the U.S. will consult that government and if it objects to the disclosure of the information, the U.S. will not overrule that government. This means that we vitiate our disclosure laws in favor of a stricter or more arbitrary regime in use in another country. A balance needs to be struck between the objections of a friendly power and the need for the U.S. to be the master of its own records and their disclosure
9. Another issue that needs to be solved is the problem of agencies not turning records over to the National Archives. Although the statue says that the Archivist can “direct and effect” the transfer of records over 30 years old (44 USC 2107(2)), there is no enforcement mechanism. The agencies routinely ignore the 30-year line, which means that even with a single declassification body for records in the Archives, agencies would still hold many records that include information with other equities. In theory the 30-year line could be enforced through an executive order, but those are so routinely ignored that legislation may be necessary. The Constitution Project’s proposed Historical Records Act could be a vehicle for this.
10. “Automatic” declassification at a 25-year line must have some opt-out procedures for information that truly must be kept secret for longer periods, such as information on the manufacture of weapons of mass destruction. But there also must be some final date at which all information can be open: a “don’t ask, don’t tell” rule for documents. Whether 50 years is long enough is debatable, but the debate needs to occur. The agencies must quit protecting documents such as the 200-year-old item that the NSA recently declassified. They need to turn over the original records (for non-electronic formats) not the duplicate copy that NSA sends while retaining the originals and not, as with the CIA’s two major reports on Guatemala 1954, sending NARA the still classified original while putting a declassified version on the CIA’s website. Furthermore, the records need to be sent in context; again, using NSA as an example, not a sending a selection of random documents (see the recent list which provides no context information) but instead transferring items in file units.
11. Certainly FRD must be reviewed on its merits not on the mere designation as FRD. Using the ISCAP process as described in the PIDB paper is a good idea. However, this should also be extended to RD information when it reaches 25 years of age. The principle must be that no information is withheld from the American people without review.
12. Finally, agencies need to understand that FOIA is an option for withholding information that does not require the information to be classified. It appears that some agencies think that the only way to withhold information is to classify it, ignoring the robust provisions of the FOIA.
Best wishes on the transformation of the system.
Trudy Huskamp Peterson
Certified Archivist
In order to induce a transformation of the national security classification system, the President should set a performance goal that will advance the desired transformation, and then mandate its achievement by executive branch agencies.
Instead of trying to specify each and every one of the policy and procedural changes needed for an effective transformation, this approach would seek to catalyze change by establishing a mandatory performance objective (or multiple objectives) and then requiring agencies to work out the necessary adjustments.
Several questions immediately arise. First, what is the desired transformation of the classification system that the current process seeks to promote?
My provisional answer to the question would be that the desired transformation should aim to achieve a classification system that has a reduced scope of application (i.e., fewer categories of secrets), a reduced volume of classification activity (less classification), and a reduced duration of classification. In order to best serve its national security purpose, the classification system should be “lean and mean,” not bloated and arbitrary. Its dimensions should be stable or shrinking, not perpetually growing.
What are the characteristics of a performance goal that would help to catalyze a change in classification policy?
Any performance goal that is selected should be intrinsically significant, not abstract or merely procedural. It should be worthwhile as a policy objective in its own right in order to justify and propel the desired changes in current classification policy and practice. And yet it should be reasonably achievable right now or in the near term. Vague or idealized conceptions or labor-intensive proposals that have no realistic chance of acceptance will not serve as effective catalysts.
What is a concrete example of such a performance goal?
One possible example would be a new requirement to publish a declassified documentary history of major U.S. national security policy decisions and actions no later than 25 years after the events they record, allowing for only the narrowest of exemptions. This publication would be analogous to the Foreign Relations of the United States series and to the Public Papers of the President in its professional quality and documentary character, but it would focus on publication of classified national security policy records that are to be newly declassified for this purpose.
As a performance goal for catalyzing transformation of the classification system, this proposal has several pertinent features:
First, the idea that the full record of U.S. national security policy should be regularly disclosed is an inherently powerful one that properly characterizes an open society. The nation should be able to take pride in routinely disclosing the records of its national security history, including even (or especially) shameful or problematic episodes, and airing them fully and publicly. This is a worthy objective independent of its potential for inducing transformation of classification policy– which is one of the things that make it a useful tool for purposes of catalyzing change.
Second, this proposal would engage and require the cooperation of the entire national security establishment, including its military, diplomatic and intelligence components. It would also sweep broadly across different record formats and types of media. To the extent that audio, video, and other records (including congressional records) formed an essential part of the national security record, they would be encompassed as well.
And third, the proposal is both feasible today and it is in significant tension with current classification and declassification policy, which means that it would require and inspire numerous changes in practice.
As noted above, the concept of a regular documentary record of national security policy is similar to the Foreign Relations of the United States (FRUS) series on foreign policy that is published by the U.S. State Department. But the FRUS production process is mired in administrative and classification disputes. It mainly serves a narrow constituency of diplomatic historians. It is far from meeting its goal of publishing records within 30 years of the recorded events. Agencies habitually disregard deadlines for reviewing documents for inclusion in FRUS, and they adhere to obsolete classification practices, such as censoring the amounts of half-century old intelligence budget figures.
By contrast, in the proposed initiative for a new documentary history of national security policy, most of those longstanding obstacles could be eliminated by presidential fiat. For example, the President could set new classification standards for this particular project, ordering that those 25 year old classified records that are deemed essential to a thorough, accurate and reliable account of U.S. national security history will be declassified unless they meet the narrow criteria that ordinarily permit 50 year old records to be exempted from declassification. This would mean that only information that would identify a confidential human intelligence source or reveal key design concepts for weapons of mass destruction could be withheld from publication in the new series. This step alone would drastically simplify the declassification review process by making most such reviews pointless and irrelevant. Also, the kind of missed deadlines that plague FRUS would be interpreted as concurrence by the reviewing agency.
In this way, the continuing production of an official record of national security history, vetted by professional historians (whether at the State Department or elsewhere), would have the catalytic potential to break the current logjam in production of the FRUS series and in declassification more broadly (with indirect but salutary effects on classification as well). It would generate a newly available series of permanently valuable record collections for the nation as a whole. While it would not constitute a transformation of the classification system all by itself, it would advance the process of modernizing and rationalizing classification policy, and would help to galvanize further changes.
Many other types of catalytic performance goals could be imagined and adopted. What is crucial is that they must trigger meaningful and measurable changes in classification and declassification practice in the near term.
Finally, I would like to reiterate the importance of the pending Fundamental Classification Guidance Review, which was mandated by the President in December 2009, and which must be completed by June 2012. If implemented in good faith, this process should both reduce the current scope of classification and diminish the future declassification burden. Nothing else on the near-term policy horizon has comparable transformative potential. But the Review process needs clearly articulated performance goals of its own, as well as active support, encouragement and leadership in order to succeed.
How We Got Here
In signing Executive Order 13526 – the 10th Executive Order on National Security Classification signed since Roosevelt’s Order in 1940 – President Obama also stated that he looks forward to “…reviewing recommendations from the study that the National Security Advisor will undertake in cooperation with the Public Interest Declassification Board to design a more fundamental transformation of the security classification system.”
Historians regard President Truman’s second Order, EO 10104, and President Clinton’s EO 12958 as sweeping changes to the national security classification system. Most significant of Truman’s changes was the indication that the Chief Executive was relying upon “authority vested in me by the Constitution and statutes, and as President of the United States.” Prior Orders had relied on statutes requiring the protection of military bases in the United States as the basis for classification. Also changed in Truman’s new Order was the first use of the term “national security” as the previous orders had been intended to protect only information related to “national defense.”
President Bill Clinton’s 1995 Order also included sweeping changes to classification. Most significantly it set a specific duration for classification allowing classification to expire, causing automatic declassification, rather than requiring that agencies conduct reviews to declassify information. Also included in this new order was reintroduction of the “balancing test” first introduced in EO 12065 by President Carter in 1978, a provision encouraging employees to challenge classification they believed inaccurate, and creation of the Interagency Security Classification Appeals Panel (ISCAP) as well as the Public Interest Declassification Board (PIDB). The Clinton Order also put tighter controls on the practice of reclassification of information that had been released to the public.
Much has changed in the years since the Roosevelt Order in 1940 issued during WW-II, but despite what has been regarded as “sweeping changes” the national security classification system in the US remains very much the same as it was in the 1950s.
A New Approach to Classified Information
I propose an approach where we start by defining the problem in the context of 2011 and write an entirely new solution without regard for any previous solutions or problems. We can’t continue to regard the world as paper created by typewriters. We also can’t view the world as two opposing sides in a conflict where there are only combatants and outsiders. Rigid conformance to standards based on military protocols and clearly defined roles and responsibilities must be exchanged for a system where essential elements of information are protected and other information is regarded as serving the purpose of our common defense.
No longer is our information structured along government organizational lines or pertaining to only governmental issues. The battles of the 21st Century are asymmetrical; the enemies are amorphous having no uniforms, no political boundaries, or common language. Our “side” of the battle is also not a uniformed army with trained, proven soldiers under the command of a single leader; instead we consist of military, government, private sector, state, local, tribal entities, foreign partners, and sometimes citizens. We simply can’t see classification as a tool to protect military secrets, intelligence and diplomatic affairs from everyone who is not part of the military, diplomatic or intelligence organizations. Our world has changed and we must change classification accordingly.
Terrorism is the result of extreme views manifested in violence with the intent of inflicting the greatest harm possible on every citizen of the United States and allied nations. These views are harbored by foreign citizens of a number of nations, by some American citizens, and by members of extremist factions of certain religions. Terrorists are not restrained behind international borders or organized in a recognizable fashion. They are free to move about the globe striking both our military and our citizens without any warning or notice.
Classified information prepared by the government for the government and distributed to only the government will not win the battles or serve the interests of our nation. At the same time our government has capabilities that can be lost in an instant if the information about those capabilities falls into the wrong hands. We are faced with a dilemma; do we hoard information that we painstakingly collected, knowing it will do no real good, or do we share the information knowing it will potentially be of only short term benefit as its eventual compromise means we will no longer obtain the same information without new techniques and means.
In 2011 we face challenges never envisioned in executive Orders since 1940. We’ve become increasingly aware of these challenges since 9/11/2001, but our framework for identifying information that requires protection and employing safeguards for that protection was designed during World War II and not changed fundamentally since then.
Current Classification Principles
A few core principles define the process for classification in the United States:
1) National Security: Although the definition has changed slightly over time, information subject to categorization and protection is limited to information pertaining to national defense, foreign relations, and since 2003 defense against transnational terrorism.
2) Vetting: Since at least the Eisenhower Order access to information that is marked as Confidential, Secret or Top Secret was restricted to individuals who have been vetted or “cleared” to one of those levels. Progressively more stringent investigation methods are used at each level with the intent of identifying any previous criminal behavior or other personality flaws that will potentially make the individual susceptible to coercion by foreign powers or prone to malfeasance or misfeasance leading to the compromise of the information the United States seeks to protect,
3) Levels: Information regarded as “classified” is placed in categories that are based on the sensitivity of that information. We have titled these categories “Confidential,” “Secret,” and “Top Secret” since the 1953 Eisenhower Order. We have never, however, defined clearly what damage, serious damage or exceptionally grave damage actually means. The lack of definition gives us the greatest flexibility in the current system and is also the single greatest flaw.
4) Safeguarding: For each of these levels of sensitivity a regimen of security safeguards is proscribed to help prevent individuals and adversaries who are not vetted from obtaining the categorized information. The required safeguards, like the vetting process, are progressively more stringent as the level of sensitivity increases. Other than provisions allowing waiver in the case of imminent loss of life, these standards must be firmly adhered to regardless of the volume of sensitive information.
Fundamental Transformation
Fundamental transformation may not be without significant wringing of hands by those accustomed to the system we’ve had since 1940, but we simply must change the way we protect and share information.
First, consider some core principles that may help define a new classification system:
National Interest
Orders since 1953 have narrowly focused on information of military or foreign affairs significance as being classified. The current effort to define Controlled Unclassified Information is an attempt to embrace as important to the United States information about our infrastructure, vulnerabilities of our cities and our citizens, information that crosses the boundary between law enforcement and intelligence, and information that can be used to mount, or defend against, an attack in the United States. We are moving toward a standard our foreign allies have embraced many years ago for protection of information that is in the national interest.
With the President’s signing of Executive Order 13549 on CUI, the distinction between CUI and NSI is no longer a legal distinction regarding the power of the Executive, but rather steeped in the way that the classification system has evolved over the past 70 years. The emerging standards for the administration of CUI will likely involve categories of CUI, standards for who can have access, physical and technical security standards for protection of CUI, and standards for duration of control and procedures for decontrol of CUI. We have created a system in almost perfect parallel to the national security classification system, absent only some of the vestiges of the Cold War that are outdated and present weaknesses in the national security system we use today.
We must consider as a fundamental principle of a transformed classification system the need to embrace all information that requires some protection from immediate public disclosure as part of a single system of protections and safeguards.
Validating Trust
A fundamental error made in 1940 and not corrected since is the principle that the vetting process used to validate the trustworthiness of individuals who protect sensitive information must be linked to the sensitivity level of each piece of classified information.
People are cleared at the Confidential, Secret or Top Secret level today. In practice there are really only two methods for vetting the people who are trusted with classified information. We should consider moving from three levels of vetting to just two and the ability to list those individuals who do not meet the standard for trust and confidence by the US government:
Trusted: Individuals needing routine access to sensitive information must be determined to be Trusted. To be regarded as trusted, these individuals should be free of criminal convictions or warrants and have had their bona fides verified by a competent authority. The process for hiring all military personnel, all US government civilian personnel, police, fire fighters, first responders, and those in positions requiring the public trust including elected officials must be considered a level of vetting that demonstrates a fundamental level of trust.
Highly Trusted: Individuals who need routine access to highly sensitive information must be determined to be highly trusted. These individuals must meet the standards for Trusted individuals and in addition must undergo a background investigation similar to today’s SSBI used for TS clearance and SCI access. Although not limited to US Government officials.
Excluded: Individuals who have exhibited behaviors that suggest an unacceptable risk of compromise to sensitive information may be listed as excluded from an ability to receive protected information. Only excluded individuals would be precluded from receiving classified information that they may need to do a job unless the information is judged to protect their life or the lives of others under their responsibility.
A key concept in this new approach is “routine access.” Information should always go to individuals who need the information to do their job. Non-routine access to any level of information may be given to individuals who are not either Trusted or Highly Trusted provided they are not on an Excluded list. A transformed classification system must be predicated on identifying information that requires protection from disclosure to adversaries and providing that information to anyone who can reasonably be trusted to use that information and protect it in an appropriate way.
Levels of Classification
For practical purposes there are only two levels of classification now that are tied to two types of employee vetting used by the US Government. Little if any distinction really exists between Confidential and Secret. These levels can easily be combined to a single level.
Particularly sensitive information is now protected as Top Secret and requires a distinctively greater vetting process. In a new model where routine access requires a higher level of trust, a two classification level system for information that is currently in the National Security Classification system would work.
Including aspects of the current process to codify Controlled Unclassified Information (CUI) should also be a part of the new system, particularly with its redefinition of national security to national interest.
Without paying any attention to what any new categories would be named or called, the concept of simplifying classification and including information currently in the CUI domain would look something like the model below:
We are in an electronic age managed under rules developed for paper documents. Access to electronic systems containing classified information requires that users be cleared and read-in to every level of information stored or processed on the system. This has led to the need for clearances and access to Special Access Programs in some cases to actually do unclassified work on a classified system. As a result the number of people cleared/accessed has risen dramatically actually putting at risk the information the system was designed to protect.
Safeguarding rules must also be changed to allow risk management. Systems containing a few documents at the lower levels of classification should not need to meet the more rigorous standards of systems that routinely store and process classified information. Likewise, systems with reasonable safeguards to keep users from accessing data not intended for them must not require that all users have the highest levels of trust.
Similarly, physical security standards for facilities storing hard copy or electronic classified information should also be flexible depending on the volume of data or information in any facility. Facilities holding only small amounts of low level information should be considered a low risk and meet less stringent safeguarding standards than facilities holding vast quantities of paper or electronic records containing sensitive information.
At the top tier there is still a need to identify very sensitive information that can be disseminated to a large number of people with a specific need to have the information, and provisions for some material to have significantly reduced access and additional safeguards.
Compartmentation
The current system for Sensitive Compartmented Information (SCI) and Special Access Programs (SAP) has gotten out of control with little formal guidance for most control systems on what aspects of a program are really SCI and what aspects can be protected appropriately as collateral classified information.
Compartmentation at its core is risk management. When classified information is so fragile that exposure to a large number of trusted individuals would still lead to likely compromise of the information, dissemination is restricted to far fewer individuals who are individually approved for access. Compartmentation can also be used to reduce the risk of exposure by simply taking elements of a sensitive program and only allowing a very few individuals to have the entire scope of information.
Like a jigsaw puzzle, compartmentation is a means of protecting individual pieces. It’s the reverse of mosaic or compilation where individual pieces are carved out and given to some people and other pieces are given to other people and virtually nobody gets the whole picture.
We’ve lost that concept in current implementation when hundreds of thousands of people are briefed into a compartment for access to an IT system or when virtually all information about a program is compartmented exactly the same way.
To transform national security classification we simply must look at compartmentation and produce a single set of standards for its use that make sense and are faithful to the purposes for which compartmentation was designed.
Conclusion
We need a bold new approach that starts with a clean piece of paper. Our world has changed and the way we need to protect and share information has also changed. We can no longer look at the protection of information to safeguard our nation as only related to diplomatic negotiation and military strategy and operations.
Similarly the rigid rules for access to information that work well in a military environment, no longer apply. We must separate the elements of trust, sensitivity of information and safeguarding. Each has a purpose, but when these separate sets of rules are tied inextricably to one another the system is bound in a way that makes use of the information ineffective.
I propose we convene a new kind of Continental Congress where those individuals most familiar with the needs to protect and share information can work together to chart a new course for information protection that will work well in the 21st century.
In July 2009, The Constitution Project’s (TCP) bipartisan Liberty and Security Committee published a report entitled Reining in Excessive Secrecy: Recommendations for Reform of the Classification and Controlled Unclassified Information Systems. This report included fifteen specific recommendations to the Executive Branch and three specific recommendations for Congress, all designed to reform the classification regime. In December 2009, President Obama issued Executive Order 13526, and while this Executive Order incorporated some of TCP’s recommendations, the majority were not adopted at all or were not implemented fully. Further, to date, none of TCP’s legislative proposals have been implemented. Therefore, in response to the Public Interest Declassification Board’s (PIDB) request for proposals for transforming the classification system, TCP is submitting its original recommendations, updated to reflect what progress has been made to date and what more remains to be done.
A. RECOMMENDATIONS TO THE EXECUTIVE BRANCH
Endorse Presumption of Openness
1. As TCP noted in Reining in Excessive Secrecy, the executive orders governing classification have been amended over time to increase secrecy, often counter to the goals of openness and accountability. Executive Order 13526 represents a departure from this trend, but did not go far enough. As such, the President should amend the executive order, pledging accountability in the classification process. The order should establish a new framework for designating information with a presumption in favor of openness that limits classification only to information that must be protected to avoid harm to national security, with clear standards and procedures for proper classification.
2. TCP applauds the insertion of Section 1.1(b) in Executive Order 13526, which states that if “significant doubt” exists as to whether information needs to be classified, it should not be classified. However, this provision alone does not ensure adequate safe guards against over-classification. The order should include an affirmative presumption in favor of lower level classifications, or declassification, such that decisionmakers resolve any doubts (not just “significant” doubts) by applying the lower classification level or no classification.
3. TCP previously recommended that then Section 1.1(c), which creates a presumption that foreign government information is classified, should be eliminated. This provision (now contained in Section 1.1(d)) is still unnecessary because such information is already subject to classification as one of the categories noted in Section 1.4.
4. TCP continues to urge adoption of its previous recommendation that the order should clarify that information “may” be classified if standards are met, but that the classifier has discretion. Although Section 1.1(a) clearly states that for original classifications, information “may be originally classified under the terms of this order only if all of the following conditions are met,” this is undermined by the descriptions of available classification levels which include the term “shall.” Specifically, in Section 1.2(a), which sets forth the available classification levels, each category (i.e. Top Secret, Secret, and Confidential) should state that it “applies to” the described information, rather than that it “shall be applied to” such information.
5. TCP previously recommended there be an explicit prohibition on classifying material that does not meet the definitions of Top Secret, Secret, and Confidential outlined in Section 1.2. To date, no such prohibition exists and TCP urges its creation.
Weigh Public Interest in Classification/Declassification Decisions
6. TCP urges that its prior recommendation to require consideration of the public interest before information is classified should be implemented.
7. TCP continues to recommend that the government should be required to weigh the public value of the information in declassification decisions. Specifically, Section 3.1(d) of EO 13526 should be amended to delete the current first sentence and alter the next sentence so that it reads: “Information may continue to be classified only if the need to protect such information outweighs the public interest in disclosure of the information.” Also, Section 3.5(c) should be revised so that the first sentence is expanded as follows: “Agencies conducting a mandatory review for declassification shall declassify information that no longer meets the standards for classification under this order, or where the public interest in disclosure outweighs the need to protect the information.” In the second sentence of this section, “authorized and warranted” should be changed to “required,” so that the sentence would read “They shall release this information unless withholding is otherwise required under applicable law.”
Aid Sharing of National Security Information
8. To ensure national security information may be shared among the necessary parties, TCP again urges the government to create clear and effective processes for sharing classified information.
Provide Accountability and Limits on Classification
9. The Executive Order should explicitly prohibit abuse of classification markings. To date, no such prohibition has been put into place.
10. TCP also previously recommended that the timeframes for automatic declassification be decreased. Like its predecessor order, Section 1.5(b) of EO 13526 presently states that “[i]f the original classification authority cannot determine an earlier specific date or event for declassification,” information shall be automatically declassified after 10 years, unless the sensitivity of the information requires longer classification, in which case it shall be automatically declassified after a period up to 25 years. The lower time limit of this automatic declassification range should be decreased from 10 years to 5 years, and the upper limit should be decreased from 25 years to 20 years.
11. The order should be amended to include more robust methods of systematization and improvement of the process for declassification of historical records and institute stricter standards for reclassification.
12. Contrary to TCP’s recommendation, EO 13526 did not decrease the time period for automatic declassification under Section 3.3 from 25 years down to 20 years, and TCP urges that this change should still be made. However, the order did strengthen the requirements for seeking an extension of this time period. TCP had recommended that Section 3.3(b) be amended so that an extension of the classification time period beyond 25 years should not be available if release of the information simply “could be expected to” result in one of various listed harmful results. TCP welcomes the revised standard, which permits an extension only when release of the information “should clearly and demonstrably be expected to” lead to the listed harmful results.
13. The existing classification order provides for “derivative classification” by personnel who are not required to possess original classification authority to “carry forward” the original classifications into summaries, discussions, and other documents that are created from or rely upon such classified material. While TCP is gratified that EO 13526 added Section 2.1(d), which imposes training requirements on personnel with derivative classification authority, since derivative classifications may be made by personnel who have less training and authority than original classifiers, the order should require greater oversight of the derivative classification process. Specifically, the order should require that derivative classifications must be reviewed and approved by a person with original classification authority within 5 years of the derivative classification marking in order to retain their classification.
14. TCP applauds EO 13526’s establishment of a Fundamental Classification Guidance Review. Nonetheless, despite this first step, TCP urges that the order should be amended to establish new mechanisms for oversight of the classification system to guarantee accountability and transparency. The order should be revised to strengthen the role of the Director of the Information Security Oversight Office (ISOO) by replacing “have the authority to” with “regularly” in the first sentence of Section 5.2(b)(4), so that that provision would read “regularly conduct on-site reviews of each agency’s program established under this order, and require of each agency those reports, information, and other cooperation that may be necessary to fulfill its responsibilities.” The order also should require regular audits and reporting by the Inspectors General (IGs) of each federal agency that maintains classified materials, or by some other external oversight authority.
Create Agency-Level Review of Classification
15. As noted above, TCP is gratified that EO 13526 established a Fundamental Classification Guidance Review. However, the current EO does not include sufficient public oversight. The review should be public and should include a public notice and comment period and publication in the Federal Register. The review should also have the explicit objective of reducing national security secrecy to the essential minimum and declassifying all information that has been classified without a valid national security justification, consistent with the declassification standards laid out above.
B. RECOMMENDATIONS TO CONGRESS
1. Provide Accountability and Limits on Classification by Passing Legislation to Limit Classification
It is vital that all branches of government come together to address the problems of over-classification and secrecy. The President should work with Congress to ensure passage of legislation designed to reduce over-classification.
2. Strengthen Congressional Oversight of the Classification Process
Congress should be rigorous in its oversight of the classification processes at each agency and at all levels of government. It should pass legislation designed to reduce over-classification.
3. Pass an Omnibus Historical Records Act
To increase government openness, Congress should pass an omnibus Historical Records Act that would accelerate declassification of historical records. This would ensure that historically significant information is declassified in a timely manner. The HRA would provide government transparency by decreasing unnecessary secrecy as well as increase public access to historical records.
The American Civil Liberties Union commends the Public Interest Declassification Board (PIDB) for recognizing the need to transform our broken national security classification system and for creating a public forum to solicit new and innovative ideas from the American people. The ACLU, a non-partisan organization dedicated to preserving the freedoms guaranteed by the Constitution and Bill of Rights, recognizes that while a limited amount of government secrecy is necessary in certain situations, this secrecy comes with significant costs to a free and open society. Excessive government secrecy undermines the core principles of democratic government; it cripples our constitutional system of checks and balances and kills public accountability, two essential elements for the proper functioning of a healthy democracy.
The white papers produced on the PIDB “Transforming Classification” blog offer many helpful suggestions to enhance, simplify and streamline declassification efforts, but we believe the enduring problem of excessive and unnecessary classification requires more drastic measures to protect the public’s right to know and restore the constitutional balance of powers in matters of national security and foreign relations. Despite reform measures included in the December 2009 Executive Order on classification (EO 13,526), the government made a record 76,795,945 classification decisions last year, which represents more than a 40 percent increase from 2009. Incremental reform efforts have failed because the incentive structure built into the existing classification system makes it too easy for government officials to classify information unnecessarily and keep it hidden for too long, without adequately considering the true costs or the real damage such excessive secrecy does to both national security and our democracy.
We recommend the following measures to tackle the persistent and growing problem of over-classification:
I. Reduce the Amount of Time Information Remains Classified
Reversing the current incentive structure could be accomplished most easily by drastically reducing the amount of time information may be classified before automatic declassification. Section 1.5(b) of Executive Order 13,526 authorizes classification periods of between 10 and 25 years. We recommend reducing this to a period of 3 to 10 years before automatic declassification occurs. The 1997 Moynihan Commission recommended that no information should be classified for more than ten years without recertification based on current threat assessments. Documents that must remain secret after this period could be reclassified pursuant to section 1.5(c) if necessary, but forcing a declassification review of information within an earlier time-frame would increase the likelihood of identifying improperly classified material earlier, and reduce the long-term costs of protecting unnecessary secrets. Forcing an earlier review of classification decisions would also identify more quickly the individual classifiers in need of re-training or reprimand. When officials making classification decisions realize their work will be reviewed by others while they are still employed at the agency in question, rather than long after they’ve retired, they will be more likely to use care in making classification decisions.
Finally, by putting the agency officials in the position of having to re-certify materials within a short time period before the classification automatically expires, they will have to devote more resources to the declassification review earlier in the life cycle of the information. This would force agencies to realize the expenses involved in classification at an earlier point, rather than over years in the future. The incentive would then be to reduce these costs by limiting the amount of information that is classified in the first place, and to keep to an absolute minimum the information that remains classified after review, as it would be again subject to review within a similarly shorter time period.
II. Require Original Classification Authority Review of Derivatively Classified Information
The Information Security Oversight Office reported that 99.7% of classification actions are derivative classifications made not by trained original classification authorities, but by other agency employees or contractors who may be untrained in and less familiar with classification policy. These derivatively classified materials should be reviewed by an original classification authority within a reasonable amount of time (no longer than five years), to detect and remedy improper classification more quickly. Again, by forcing agencies to face the costs of unnecessary classification earlier, they will be encouraged to provide adequate training and oversight in order to reduce these costs.
III. Restore Constitutional Checks and Balances in National Security Matters
EO 13,526 correctly proclaims that “[o]ur democratic principles require that the American people be informed of the activities of their Government.” When executive branch officials use classification to conceal crucial information from Members of Congress, the courts, and the public, they sabotage the checks and balances necessary to the proper functioning of our government and undermine the Constitution they are sworn to protect.
1. Reform the State Secrets Privilege
The most corrosive effect of excessive secrecy on our democratic principles occurs when our government is not held accountable for its actions. In its most sinister form, secrecy has been used not to protect national security, but to hide illegality or shield agencies and elected officials from liability or embarrassment. Under the Bush Administration, the state secrets privilege mutated from a common-law evidentiary rule that permitted the government to block discovery of information that would adversely affect national security, into an alternative form of immunity that is increasingly being used to shield the government from accountability for systemic violations of the Constitution. Unfortunately, the Obama administration has endorsed this expansive interpretation of the state secrets privilege and its 2009 guidelines offered only procedural reforms as an antidote to abuse.
The President should revisit these guidelines and invoke the privilege only when necessary to protect particular pieces of classified evidence, rather than to seek dismissal of lawsuits. The President should also support state secrets reform legislation that would require courts to conduct an independent review of evidence the executive claims is privileged.
2. Encourage Congressional Oversight
Frequently, excessive secrecy means that Members of Congress are not fully informed of important developments or key pieces of intelligence during critical debates. As a co-equal branch of government Congress shares the responsibility for overseeing and funding national security programs and the President should encourage robust congressional participation in national security matters. The Government Accountability Office is mandated to investigate all programs and activities of the U.S. government and report to Congress and the President recommendations regarding how these programs may be performed more efficiently. The President should intervene to prevent the intelligence agencies from obstructing GAO efforts to audit intelligence programs.
The President should also request additional funds and devote additional resources to expand existing declassification efforts. There are significant physical costs to safeguarding secrets, estimated at more than $10 billion per year, while a fraction of that amount is devoted to declassification. Additional resources expended on declassification today will reduce the unnecessary long term costs of securing information that does not need to be protected.
The Public Interest Declassification Board has offered some excellent proposals to improve the broken security classification system. To reverse the disturbing trends of massive overclassification and decreasing openness, to put declassification activities on a firmer budgetary foundation, and to focus resources toward protecting true national security secrets, the National Security Archive proposes levying a classification tax, eliminating redundancies in the equity system, and adhering to “sunshine dates” when classifying and declassifying information.
Levying a Classification Tax.
The existence of the 400 million page backlog of classified historical documents at the National Archives reflects the failure of agency declassification programs, as well as the low priority that federal budget planners have given to declassification. The government spent more than $10 billion in fiscal year 2010 on classification security, but only an infinitesimal amount, $50 million (.5%) on declassification activities. Unless the National Declassification Center and other declassification programs have a dependable source of revenue, the ebbs and flows of federal funding could cause seriously harmful setbacks. Already, federal budget cuts are leading the military services to cut declassification activities. This may be only the beginning. As its first biannual report documents, the NDC requires more funding to increase its output and make better progress in tackling the hundreds of millions of pages of historic documents which remain classified. Sufficient funding would ensure that the future generations of archivists, historians, and policymakers have access to the historic documents of the United States.
To make certain that the National Archives and other federal agencies have a reliable source of funding for declassification, and to make the agencies more directly responsible for their classification decisions, we propose a “Classification Tax,” a designated percentage of what federal agencies spend on classification and information security each year. Congress could designate 2% of the total costs of the classification system for declassification. A 2% designation on classification would produce $200 million this year, a four-fold increase, sufficient to expand funding for the NDC and other programs. While the lion’s share of the revenue should go to the NDC, declassification funds could also be divided among the agencies in proportion to their share of the secrecy budget.
Eliminating Redundancies in the Equity System.
The agency “equity” system is a problem that has ground declassification processing to a halt. This system is based on the understanding that records produced by government agencies in the national security field often contain information from a variety of agencies. For example, a situation report on a war in country X may contain information from CIA, National Security Agency, defense attachés, and embassies. Under the current system, each of those agencies have an equity, close to an ownership stake, in that situation report and each of them must consent to the declassification of their information before the document can be declassified. Because such documents are subject to multiple agency reviews, the declassification process is prolonged, sometimes for years or decades, and the cost of the review is drastically increased.
Contrary to what some agencies argue, agency “ownership” of information is not absolute. The Interagency Classification Appeals Panel frequently overrules agencies and forces declassification of “their” information. Unfortunately, most documents do not go through the ISCAP review process, so it is necessary to conceive of a system where equity interests do not trump timely declassification and efficient use of resources. One of the proposals raised on the PIDB “Transforming Classification” website suggested centralizing declassification authority in the National Declassification Center for historical documentation held at NARA. By applying guidance approved by ISCAP, the Center could take into account all and any legitimate agency concerns about equities. The National Security Archive supports this proposal because, as one commentator suggested, it is likely to “improve efficiency in the system by minimizing or ending multiple reviews, which is critical to saving resources.”
Upgrading the NDC’s authority could do much good, but it would not end the interminable delays caused by equity issues that surface in archival FOIA and other declassification requests. Therefore, we propose an interagency referral center paralleling the NDC. It could begin as a prototype center, combining officials from State, OSD and ODNI, who could promptly consider FOIA documents where multiple equities are at issue.
Adhering to “Sunshine Dates.”
The best mechanism to fundamentally transform classification is already explained in the President’s Executive Order on Classification; unfortunately, it is not followed by declassification authorities.
Executive Order 13526 mandates that “At the time of original classification, the original classification authority shall establish a specific date or event for declassification based on the duration of the national security sensitivity of the information. Upon reaching the date or event, the information shall be automatically declassified.” The executive order exempts confidential human sources, confidential intelligence sources and key design concepts of weapons of mass destruction from automatic declassification.
Adhering to this “sunshine date” and then declassifying the vast bulk of classified information at the date specified, rather than requiring a line-by-line review by a declassifying authority, would substantially decrease the universe of classified information and the burden on the limited resource of security reviewers.
Of course, no transformational declassification policy will be without critics. Transparency advocates may argue that this “sunshine date” will encourage classification authorities to establish the maximum possible classification dates –which the current executive order defines at 25 years. While all efforts should be made to train classifying authorities to properly classify documents in relation to their sensitivity, automatic declassification of documents at 25 years is better for the American public than the status quo. Currently, hundreds of millions of pages of documents ripe for declassification, all older than twenty five years, remain mothballed in storage due to lack of resources.
Supporters of the existing system may argue that the danger posed to US national security outweighs adhering to the “sunshine dates” defined in Executive Order 13526, and that it is necessary to withhold hundreds of millions of pages of classified documents from the US public. Several measures can be implemented to assuage these concerns of damage to national security. Classifying authorities must be trained or re-trained to follow the Executive Order on classification and mark each newly classified document with an accurate automatic declassification date. They must also be certain to identify human sources, intelligence sources, and WMD designs that cannot be automatically declassified and must be reviewed by declassification experts. This will ensure that all future classified information not mentioning human sources, intelligence sources, or WMD design, can be declassified on the date specified by the classifying authority without undue harm to US national security. “Sunshine dates” will ensure that information security professionals can direct the bulk of their efforts toward protecting America’s real national security secrets, rather than decades-old historic records which should be expeditiously declassified.
The amount of classified information in America is growing at an exponential rate while the amount of resources available to declassify information remains flat. The current system of declassification has become untenable. We believe that levying a classification tax of 2% to ensure steady declassification funding, reforming the equity system to eliminate redundant human declassification reviews, and adhering to “sunshine dates” to automatically declassify the bulk of information in the classified universe, are the best solutions to transform classification, to focus on protecting true national security secrets, and to ensure the public’s access to its formerly classified history.
Background
The creation of the National Declassification Center (NDC) by President Obama in December 2009 specifies the centralization and streamlining of all declassification processes with the objective of shortening the time to declassify a document. This enormous task mandates the use of the newest technology to assist with streamlining processes as well as creating consistent, more accurate processes. The Executive Order also specifies that declassification instructions accompany all document classifications. This leads the way to a major new form of support and automation for consistent declassification: by embedding or formally associating declassification information in the document at the time of creation and classification, a system can treat these documents as essentially self-declassifying, rather than requiring intensive manual labor to identify their suitability for declassification and redactions required for release.
The Problem
When classification is first applied to a document or portion, the classification authority must determine the elements of content that cause the classification and the reason that this content must be classified. In addition, according to Executive Order 13526, the classification authority must establish a date or event for the declassification of the material, at the occurrence of which the material automatically becomes declassified. Making full practical use of this information requires a new approach to classification and declassification. Without this, the fact that the material becomes declassified as a matter of policy may have no direct effect in practice; a reviewer must still read the material, consider its original classification, determine the applicability of declassification, and apply the change. This creates essentially duplicate work, and it limits the value of identifying the declassification criteria at the time of the original classification. To take full advantage of the available declassification criteria therefore requires a new approach, with automation that follows the content through its classification life cycle.
Proposal
We envision a system that enables document self-declassification while maintaining security safeguards and the extent of manual verification and additional review required by policy. The self-declassification (SDC) system should consist of a set of software and networked components to track and apply declassification instructions. Any person who creates a document, or edits one if allowed by policy, must enable the association of applicable classification information. The classification authority must specify not only the classification of each portion but also the conditions for declassification of any classified portion. The system should then aid declassification in two ways:
- Based on its own recognition, the system should identify when documents become releasable, or when certain document portions as no longer require redaction before release. For example, the system can recognize on its own that the date for declassification has arrived, and can automatically identify this document for declassification, either applying the automatic declassification directly or placing the document in a queue for any final review that a specialized policy may require. The system may also include a capability to track events that are entered by authorized individuals, in order to automatically apply event-driven declassification; this is likely to apply primarily to events that may affect the classification of large numbers of documents.
- The system should further present documents or redactions for potential release to a reviewer, with a specification of the conditions for release. This allows the reviewer to determine directly whether those conditions have been met, without requiring the reviewer to engage in a labor-intensive process of considering all content in the document for potential sensitivity. This approach is suitable for conditions the system cannot verify directly. Once the reviewer has identified that release criteria are met, the system should handle the document as above, thus relieving the reviewer of the requirement to read the entire document and re-apply the same reasoning that was applied when the document or portion was originally classified.
The SDC system should thus support classification awareness throughout the life cycle of a document.
- At creation and editing time, classification and declassification information should be associated with the document and its portions, systematically and securely, in a form designed for use with automated systems. Documents for which this information is complete and unchanging should be considered “closed” and unavailable for editing, a condition that the system should enforce.
- Declassification can be triggered either by automated recognition that the criteria are satisfied or by external system or human request.
- All declassification should be performed to the maximum extent possible by automated application of previously defined rules.
- All information about the classification decision and the rules applied in this decision should be made directly available to the individuals who perform any required manual review.
Benefits
A self-declassification system as described will streamline the declassification process by allowing subject matter experts to make decisions about classification only once. By maintaining full classification and declassification information tightly linked to the document and its portions throughout the content life cycle, the system will take responsibility for maintaining a consistent application of the decision made by the original classifier. In essence, from the point of view of an information consumer or declassification reviewer, each document will perform its own declassification, subject only to the entry of information not directly available to the system and to any specialized manual review that is required for verification and policy.
A “fundamental transformation” of the classification system, as proposed by President Obama, is long overdue. Experts of all political stripes have agreed for decades that overclassification is rampant and that it carries unacceptable costs—to national security, to representative democracy, and to the public fisc. The extent and persistence of the problem underscore the need for change that is profound rather than incremental.
There are three aspects to transforming the classification system: (1) revisiting the rules that govern classification decisions; (2) ensuring compliance with the rules; and (3) improving the declassification process. The second aspect is the subject of an upcoming Brennan Center report and the main focus of this white paper, although we present suggestions in all three categories.
I. Revisiting the rules. Agency classification guides provide the substantive criteria for derivative classification decisions not based on source documents. There are several problems with the guides: they are outdated, and much of the information they identify no longer requires classification (if it ever did); they give derivative classifiers far too much discretion, in essence having them act as original classifiers; and many are opaque and unwieldy, to the point that classifiers have no idea how to use them. The President has ordered agencies to review and revise their guides. This effort is critical to the success of classification reform, yet early reports suggest that not all agencies have approached the undertaking in the right spirit. The President should make clear that this is a priority.
A second problem is that agencies have interpreted the National Security Act of 1947 to permit the classification of “intelligence sources and methods” regardless of whether disclosing the information would cause harm. This interpretation is a major source of needless classification. The President should ask Congress to amend the Act to specify that “intelligence sources and methods” may be classified only if their disclosure could reasonably be expected to damage national security.
II. Ensuring compliance with the rules. Currently, there are many powerful incentives to classify documents even when the national security implications are questionable. To name a few: There is a culture of secrecy among many agencies; information control provides a useful weapon in agency turf wars; employees who fail to protect information are subject to harsh sanctions; and there is tremendous pressure to err (and to err liberally) on the side of secrecy, given the perceived stakes. There are essentially no forces pushing in the other direction, as the process of classifying documents is quick and easy; those who needlessly classify documents are never held accountable; and there are no rewards for challenging improper classification decisions.
Whatever rules are adopted for classification, compliance with those rules will continue to be an elusive goal unless the underlying incentive structure is changed and accountability is introduced. To this end, our upcoming report will set forth a five-prong proposal, to be implemented as a pilot program (via executive order and implementing ISOO directive) at one or more agencies:
A. Electronic questionnaires. Classifiers would be required to enter answers to a series of drop-down questions when classifying a document; the answers would become part of the document’s metadata. In addition to providing basic information that already is required (e.g., personal identifier, date or event for declassification, etc.), original classifiers would be required to articulate why disclosure of the information could reasonably be expected to harm national security; derivative classifiers, when relying on a guide, would be required to explain how the information meets guide criteria. Classifiers operating under an urgent deadline could provisionally classify the information for a 10-day period without answering all the questions.
The purpose of the electronic questionnaire is fourfold: (1) requiring classifiers to articulate the justification for classification would help to ensure that such justification exists; (2) the process of completing the questionnaire, while minimally burdensome, might dissuade those whose only reason for classifying the document is “Why not?”; (3) the information provided would be used to facilitate the audits discussed below; and (4) the metadata could be used to help manage the information (for example, it would facilitate automatic declassification).
B. Audits of classifiers. For each agency participating in the pilot program, the Office of the Inspector General (OIG) would be asked to conduct a periodic “spot audit” of original and derivative classifiers, reviewing a sample of classification decisions for each person audited. The Information Security Oversight Office (ISOO) would provide training and guidance to OIGs on how to conduct the audits. OIGs could use the questionnaire answers to assess whether a facially legitimate justification for classification existed. In those cases where OIGs had questions that they lacked the expertise to resolve, the Interagency Security Classification Appeals Panel (ISCAP) would serve in a consulting role.
C. Consequences for the classifier. Employees found to be overclassifying at high rates would be subject to repeat audits every six months. Agencies would put in place a series of mandatory escalating consequences for employees who failed to self-correct over time, beginning with remedial training and culminating in temporary or even permanent revocation of classification authority.
D. Consequences for the agency. Because sanctions at the individual classifier level will go only so far if the agency’s culture of secrecy persists, and because organizational culture is a top-down phenomenon, managers must be held accountable for the performance of the employees they supervise. If managers failed to instill proper classification practices among their employees (as evidenced by OIG audits), that failure would be reflected in their personnel evaluations and affect their eligibility for bonuses and other performance-related benefits.
Moreover, if successive OIG audits suggested a high rate of overclassification agency-wide, the agency would be required to develop a specific plan—and to allocate the necessary resources—to reduce that rate. ISOO would review the plan and could order revisions. Once approved by ISOO, the plan would be forwarded to the President. If the agency did not meet its goals in subsequent audits, it would be required to submit a report to ISOO explaining any shortcomings and detailing its plans for addressing them.
E. Rewards for challenges. Although Executive Order 13526 obligates authorized holders of information to challenge classification decisions that appear improper, they rarely do so. Employees at agencies participating in the proposed pilot project would be able to bring challenges anonymously, and those who succeeded would be given small cash awards under the law that permits cash prizes for “a special act or service in the public interest.” 5 U.S.C. §§ 4503-4504.
III. Improving declassification. Neither human nor computer effort is up to the task of reviewing the massive backlog of documents awaiting so-called “automatic” declassification. The only solution is for the President to put meaning behind the term “automatic” by declassifying the documents through executive order. (First, Congress must amend the “Kyl-Lott Amendment” so that page-by-page review is required only for documents that are likely to contain information about atomic weapons or nuclear material.) Although the information thus disclosed would be more than 25 years old, it is possible that some minute fraction of that information might still be sensitive. Allowing the continued, indefinite classification of hundreds of millions of records that are critical to understanding our nation’s history and identity is the greater evil.
The most successful elements of current declassification policy are Mandatory Declassification Review and ISCAP. They should be “scaled up.” Agencies currently spend only about 0.5% of their information security budgets on declassification; they should be required to increase that percentage to 5%. ISCAP’s influence should be amplified by giving its decisions precedential value, and consideration should be given to establishing multiple panels (turning “ISCAP” into “the ISCAP system”) in order to increase the volume of documents reviewed.
The Public Interest Declassification Board will host a Public Forum on Thursday, May 26, 2011 on Transforming the National Security Classification System. The meeting will focus on the Board’s eight draft White Papers on transforming classification, the White Papers submitted by the public for the Blog, and additional ideas you have on transforming the classification system. The Board looks forward to hearing your thoughts.
When: May 26, 2011 from 10am-12:30pm
Doors Open: 9:45am
Where: McGowan Theater in the National Archives Building
Address: 700 Pennsylvania Avenue, NW, Washington, DC
(Please enter through the Constitution Avenue entrance.)
RSVP: pidb@nara.gov
To facilitate access through the Special Events entrance, the PIDB asks that all attendees RSVP by e-mail and provide their full name and contact information.
The PIDB would like to hear from all interested parties. To help with scheduling, please e-mail the PIDB if you wish to speak so that they may plan accordingly. In the interest of time, please limit your comments to five minutes.
Now that you have had the opportunity to review and comment on the Board’s draft proposals for transforming the classification system, we would like to invite you to submit your own specific ideas. Submissions should:
- Provide transformative but plausible ideas and actionable implementation strategies
- Promote innovation and especially address the challenges of classified digital data
- Be between 800 and 1200 words
The deadline for submitting draft proposals is May 13, 2011. All submissions should be provided via email to pidb@nara.gov. The Board will review the submissions, group them by topic, and post them for public comment accordingly on May 18. We reserve the right not to post white papers which are off topic. Your submissions and the Board’s prior white papers will be discussed in a public forum on May 26, 2011 at the National Archives Building.
Background
Classified information concerning the technical design and manufacture of atomic weapons and the production or use of special nuclear material in the production of energy is categorized as Restricted Data (RD) by the Department of Energy (DOE) under the Atomic Energy Act of 1954. Formerly Restricted Data (FRD) is a separate category of information (defined under 10 CFR 1045) concerning the military utilization of atomic weapons as jointly determined by DOE and the Department of Defense (DoD).
FRD includes broad categories related to military utilization, including storage locations, military planning information, stockpile numbers, negotiations with foreign nations concerning nuclear weapons, and testing information. Unlike information classified by Executive Order 13526, “Classified National Security Information,” (the Order) or its predecessor orders, RD and FRD information remains classified indefinitely with no distinction between sensitive, current information and innocuous, historical information.
While there is high researcher interest in accessing historical FRD information, much of this information remains needlessly classified. Weapons systems are decommissioned, as are the military units who maintained them. War plans become obsolete and are changed to account for advances in weaponry and technology as well as altered to account for changes to current national security policy. Stockpile and storage locations change over time, and nuclear weapons information is disclosed to other nations as treaties are negotiated and signed. Despite its operational obsolescence, this historical information remains classified as FRD and is needlessly safeguarded in the same manner as our current active nuclear policies and plans. As a result, there are large gaps in the public’s understanding of the role of nuclear weapons in our national security history. Significant Cold War events, like the Cuban Missile Crisis, have yet to be fully detailed as most records marked FRD remain locked in classified vaults.
The Problem
For historians, national security policy scholars, and the public, access to this information is integral to understanding our national security history. Yet, a regular, systematic process to review FRD for declassification and public access does not exist. FRD has been declassified in a few isolated instances, but these decisions were usually ad hoc and inconsistent.
The public has no formal means of requesting the declassification review of FRD information. Unlike other categories of classified information, information marked as FRD is automatically excluded from all reviews for declassification under the Order, including 25-year automatic declassification reviews and Mandatory Declassification Review requests. Agencies are required to process and review records containing FRD under the Freedom of Information Act (FOIA), but the FRD information itself is pro forma exempted and not reviewed on its merits. On those rare occasions when DoD and DOE choose to consider specific FRD information for declassification, there is no mechanism to appeal an exemption/denial decision.
Recommendations
The Public Interest Declassification Board (the Board) recommends that the classification designation FRD be eliminated on all historical records that are 25 years old or older. These records should be reviewed for declassification in the same manner as all other classified national security information. Historical FRD information – stockpile numbers, storage locations, military planning information, basic testing and yield information, and non-technical nuclear information as it relates to the military utilization of nuclear weapons – would formally become classified national security information and reviewed for declassification according to the Order. Agencies could seek exemptions from the automatic declassification provisions of the Order from the Interagency Security Classification Appeals Panel (ISCAP) and exempt this information accordingly. DOE could participate in ISCAP deliberations as a temporary representative when FRD information is discussed.[1]
Historical FRD information that describes technical design information relating to the military utilization of nuclear weapons would be converted to the RD classification, in effect correcting erroneous FRD markings of the past. As part of this transition, DoD and DOE would need to create a declassification guide to provide clear and precise instructions on what should properly be classified as RD and what should be classified by the Order as national security information and what should be declassified. To ensure proper treatment of FRD, this guidance would be disseminated to all agencies that hold historical FRD information in their records.
[1] This is identical to an existing procedure used to provide representation for the CIA when their equities are being adjudicated by ISCAP.
The PIDB would like to invite you to post your comments on two new proposals for transforming the classification system. The new topics concern:
Paper 5: Stewardship of Our Classified History
Paper 6: Information Security and Access in the Electronic Environment
A forthcoming paper will address historical Formerly Restricted Data.
Additionally, be sure to mark your calendar for Thursday, May 26, 2011, when the Board will host a public meeting on these and prior topics.
The Problem
The current records management system does not ensure those records of historical significance are identified in such a way as to promote their timely review for declassification and public release. With greater reliance on digital records to decide policies and conduct missions, there is a great danger that, unless changes are made, our nation will be unable to document these historical decisions for future generations.
Proposals
Stewardship of our national security history requires a two-tiered approach: capturing historically significant records at their creation and prioritizing their review for declassification. Each agency leader should establish an agency-wide history program. These programs should instill a greater sense of history in records management by fully integrating agency historians with records managers.
Mission-essential employees should collaborate with agency historians to further define the events and activities of historical significance. Using a continuum approach to information management, records managers and archivists should partner with mission-essential employees and historians to identify file series that detail historically significant events and activities. This process should maintain the provenance and original order of the records to guarantee users and future researchers contextual accuracy. When the records in question are electronic, information technology staff should ensure that the records’ metadata reflect their significance so as to ease future retrieval efforts. The stewardship of national security history demands a strong focus on electronic records management, as future historians will rely increasingly on information to be managed appropriately in the digital environment.
Historians should use these records to compose both classified and unclassified histories. The Center for the Study of Intelligence at the Central Intelligence Agency could serve as a model for this approach and act as a facilitator for the history programs of the Intelligence Community. Although individual military units have historians and conduct “lessons learned” exercises and draft after action reports, the Board believes it essential for the Department of Defense to also adopt this integral approach to agency history programs. The historically significant records used to compose these histories should be prioritized for declassification review as these records would be of greatest interest to the public and are most likely to be subject to Freedom of Information Act or Mandatory Declassification Review requests. These early releases will increase public access while reducing the volume of potential requests. Communication between agency historians, records managers, archivists, and declassification reviewers is essential to fostering this holistic approach to records management, which the electronic environment and the information age necessitate.
Benefits
Improved stewardship of the national security history of our Government would significantly enhance both Government operations and public access and knowledge. Timely access to the documentary record benefits policymakers who can reflect on past agency decisions when developing new policies. Effective records management practices will strengthen their ability to readily retrieve agency history and prevent the loss of historically significant records. Changes to contemporary information management practices would ensure that records of greatest historical significance are automatically identified at their creation, made accessible to users through metadata and enhanced records management, and prioritized for timely declassification review and public release.
Effective records management programs are essential, both to the information retrieval capability of policymakers and to the stewardship of agency history. The resources agency leaders invest in joint history and records management programs can earn real-time payoffs. Just as after-action reports improve future military operations, authored histories can provide immediate assistance by lending historical context to contemporary policymaking. Policymakers should use these histories of prior decisions and lessons learned to inform contemporary policy initiatives and train new staff. The impact of these studies depends largely on the timeliness and comprehensiveness of the historical record available. Agencies should recognize that history and records management are vital to their missions. Agency histories will remind agency personnel of the historical significance of their work, and unclassified versions will increase transparency by providing the public a view into agencies’ contemporary actions
By adopting a comprehensive records management program, agencies will be better positioned to address the challenges of the e-records environment and provide the public with the most sought-after materials. With the massive growth in electronic records, future historians are likely to be buried in data as they attempt to find important records. Employing a continuum model with accompanying metadata tagging will preposition records for easier retrieval by agencies and the public. Moreover, prioritizing historically significant records at the onset will reduce the eventual request burden on researchers, the NDC, and agency declassification offices. Most importantly, improved records management will enable agencies to automatically declassify records without review, as was the original intent of the automatic declassification program.
Background
Individuals generating or working with classified information are required to obey established procedures for accessing, annotating, handling, and safeguarding that information. The system is managed much as it was before the advent of digital communication. Protocols governing these transactions were developed at the beginning of the Cold War and reflect the paper-based world in which they were created.
The electronic environment has radically changed how classified information is created and transmitted. Secure networks make it possible to exchange information readily between agencies. Innovations have revolutionized information sharing among agencies, but these advances have also made the system more susceptible to unauthorized disclosures, as the Wikileaks incidents have demonstrated.
While technology has transformed the way classified information is generated and transmitted, the classification system itself largely operates as it always has. Many of the policies currently in place for managing classified information represent 20th century approaches to 21st century problems. For example, current policy requires visible classification markings on records created digitally or made available online but makes no provision for the standardized electronic tagging of this information.
In this digital age, classification and access provisions must be as understandable by a computer system as they are by a human. Yet, today’s methods for managing and monitoring access to classified materials do not acknowledge this reality. Clearances remain agency-centric, burdensome to renew, and cumbersome to transfer between agencies. Conversely, an individual’s access to a classified network is based on ill-defined determinations of “need-to-know” and granted on a mostly system-wide basis. For both clearance and access, the antiquated design does not reflect an individual user’s needs and purposes. Accessibility is complex when it needs to be simple and simple when it needs to be complex. In recent years, the evolution of the Government’s internal business practices has exacerbated these issues and highlighted the need for reform.
Changing the System
Advances in the electronic environment have increased demands on the classification system, and new technology also offers the means to improve the methods by which classified information is managed. Coupled with reforms to the clearance process, adopting new methods for curating digital information records could significantly improve classification management.
As we have previously detailed, metadata can describe and label electronic records so that they are easier to retrieve, analyze, manage, and process. The benefits of comprehensive metadata standards are not limited to records management, but also offer the opportunity to enhance information security by providing sophisticated means to tailor and audit access.
Metadata for information stored on classified networks can limit access only for those with appropriate credentials. Credentials can be changed to include or exclude individuals as policies and sensitivities change. This approach can ensure all authorized users access to basic categories of information while compartmenting access to more sensitive items, not requiring an entirely separate network for highly sensitive information. For new records derived from multiple sources, the classification and disclosure policies of the source information can transfer to the new record through underlying metadata and prevent unauthorized access. The automated imprinting of e-records with background information in their metadata would act as a digital bibliography or provenance to aid eventual declassification review.
Metadata can also be used to monitor and audit activity on classified networks. Records can be imprinted with transactional metadata showing their access history. By tracking patterns of use, security managers will be able to use metadata to identify insider threats, in the same way the credit card industry detects fraud. Capturing a record’s modification history will aid future researchers, who will be able to see how national security policymakers used the information in their analyses and deliberations.
The adoption of this credential-oriented approach would eliminate some of the shortcomings of the existing clearance process. Under this new system, when individuals receive their initial security clearances, they would be assigned unique, permanent identifiers, akin to Social Security numbers. These identifiers would be granted and maintained by a single government entity. Once a cleared individual begins work, her identifiers would be assigned access credentials based on her specific responsibilities and work environment. When a user accesses or modifies classified records, his identifiers would be automatically appended to that record’s metadata. Clearance identifiers would follow an individual’s transfers to another office or agency, receipt of new government contracts, or transition back into federal service after working elsewhere, and agencies would grant them new accesses as appropriate. By eliminating the need for entirely new security investigations at every juncture, this process would save resources, increase efficiency, centralize the clearance process, and improve national security.
Implementing These and Other Changes
Various questions regarding these and other changes to the classification system would need to be addressed:
- Would proposed changes to the system be improved if accompanied by changes to the number of classification levels?
- Would proposed changes to the system be improved if definitions of secrecy and risk were redefined? If so, what should those new definitions be?
- What entity or entities would manage a streamlined classified network? A unified clearance system?
- How should oversight of the classification system change to match the realities of the electronic environment?
- Should a metadata registry be maintained? How might its requirements be enforced and by whom?
- Should classification decisions be monitored and audited for compliance and consistency at the onset by an enforcement entity?
The PIDB looks forward to hearing your comments on the following new papers:
Paper 3: Regularizing the Declassification Review of Classified Congressional Records
- Systematize and prioritize the declassification review of Legislative records at the NDC
Paper 4: Discretionary Declassification and Release of Contemporary National Security Information
- Encourage policymakers to consider the advantages of not classifying certain categories of information or declassifying before prescribed deadlines
Paper 5: Simplifying the Declassification Review Process for Historical Records
- Transfer agency declassification authority to the National Declassification Center (NDC) after declassification exemption timelines have lapsed
The Problem
The current process by which classified Congressional records are transferred to the National Archives & Records Administration (NARA), reviewed for declassification, and released to the public does not adequately reflect the importance of these records and the special status they must enjoy as records of the Legislative Branch that are managed by the Executive. At present, no formal procedures exist for the organized review of these records, and declassification only occurs as a result of ad hoc committee requests or occasional researcher mandatory declassification review (MDR) requests. These collections are unique in capturing concisely the views and dialogue of both senior executive and congressional officials. They are of immeasurable value to the historical record, and their declassification review should be regularized.
The classified records created and collected by the Congress provide extraordinary insight into the Legislative branch’s oversight and involvement in national security decision-making. Transcripts of closed session hearings often contain frank assessments from agency representatives on American foreign policy, military planning, intelligence activities, and other national security concerns, as well as candid exchanges and debates between these individuals and members of Congress regarding past and future policy decisions. This is information of constitutional significance; it demonstrates the interplay between the Legislative and Executive branches not available in any other records.
There are challenges associated with reviewing these records for declassification. Legislative branch records are not subject to the automatic declassification provisions of Executive Order 13526, “Classified National Security Information” (the Order); however, these records contain Executive branch classified information that would otherwise be exempted from declassification under section 3.3 of E.O. 13526.
Proposals
A standardized process needs to be developed jointly with cognizant Legislative Branch officials to respect congressional ownership of these records and, consistent with House and Senate rules, ensure that these comprehensive collections of historical records are made available to the public in a manner befitting their distinct significance.
With the approval of Legislative branch officials, equity-holding agencies should review appropriate records to determine the suitability of their release. Because most of these records lack declassification markings or instructions, any initial review for declassification will be especially time-consuming. Furthermore, records of executive sessions, investigations, or nomination hearings that are less than 50 years old are subject to additional withholding restrictions under House and Senate Rules.
Memoranda of understanding between NARA and the Clerk of the House of Representatives and the Secretary of the Senate, respectively, should establish new procedures to enable and provide:
- Subject to Congressional approval, all appropriate classified committee records be transferred to NARA when they reach 25 years of age and be accompanied by folder title lists and box-level descriptions of the records. Whenever possible, folder title lists should be unclassified and made available to the public for MDR request purposes.
- Approved classified Congressional records between 25 and 50 years old continue to be accessible to researchers through the MDR process and eligible for declassification review through the National Declassification Center (NDC).
- With permission of the appropriate Congressional committees, the Office of the Historian at the Department of State to have access to House and Senate committee records 25 years old or older to identify especially significant records for possible inclusion in the Foreign Relations of the United States (FRUS) series. Congress prioritized these types of foreign policy records in Public Law 102-138, which codified the FRUS series in statute. Including representative Legislative records after they reach 30 years old will help fulfill the statute’s requirement that FRUS provide a “thorough, accurate, and reliable documentary record of major United States foreign policy decisions.” The NDC should give high priority status in their review plan to any Congressional records identified by the Historian’s Office and approved for review and release by the corresponding committees.
- The NDC to give high priority status to Congressional records over 50 years old in their review plan and conducts line-by-line reviews of these records.
- Congressional committees to authorize the NDC to make all declassified records over 50 years old immediately available to the public.
Limiting the comprehensive review of Congressional records to those collections over 50 years old acknowledges and accommodates Congressional prerogatives and significantly reduces the review burden as agencies ability to exempt records over 50 years old is restricted to only those specific topics under section 3.3(h) of the Order. These reviews would focus on identifying human intelligence sources and weapons of mass destruction information and would be limited primarily to those agencies (CIA, DOD, and DOE) which are best equipped to manage increases in workload. [1]
Benefits
A regularized declassification process for Congressional records would guarantee the public access to as complete a record as possible of committee activities. [2] While new requirements will obligate Executive branch agencies, the NDC, and Congressional committees to augment their current practices, the enhanced commitment of all parties will ensure efficient archival processing and declassification. The implementation of a regularized review process will provide the public what they have heretofore lacked: access to a comprehensive documentary record of Congress’ contributions to national security and foreign policy decision-making.
[1] Sections 3.3(h) (2) and 3.3(h) (3) permit the exemption of additional information from declassification at 50 years with the approval of the Interagency Security Classification Appeals Panel (ISCAP). Should the ISCAP approve additional exemptions, other subject areas and agencies may need to be included in the review process.
[2] The records of the rare closed sessions of the full House and Senate that involved national security information could also be addressed, although the bulk of the records of interest are committee transcripts.
The Problem
Classification and declassification decisions are based on risk assessments and time-based standards for withholding. Agencies determine whether to protect information through classification by evaluating the damage its release would cause to the national security. Information deemed worthy of classification is marked as such, assigned a declassification date based on its perceived sensitivity, and protected for the duration of its classification. Too little attention is given to the value of declassifying information ahead of these deadlines or not classifying information in the first instance.
A Role for the Executive Branch
Policymakers should consider the advantages of declassifying information before prescribed deadlines or not classifying certain information. Discretionary declassification of information less than twenty-five years old should become a hallmark of the classification system, and less information should be classified from the start.
Executive Order 13526 (the Order) encourages discretionary declassification when the benefits of protecting information are outweighed by the public’s interest in its disclosure. At present, however, this provision is seldom used. Discretionary declassification provides policymakers a means of aligning classification determinations with contemporary events and superseding the abstract deadlines associated with time-based declassification. To a greater extent, declassification of contemporary information freed from the constraints of arbitrary declassification dates empowers democratic discourse and enables more transparent and informed decision making. As President Barack Obama’s May 2010 decision to release the size of the U.S. nuclear stockpile demonstrated, these discretionary determinations have the capacity to strengthen national security, reduce the quantity of material that is classified, and hasten the public’s access to Government information. The value of discretionary declassification is compounded when decisions are incorporated into agency classification and declassification guidance.
As they revise their classification guidance in accordance with the Fundamental Classification Guidance Review requirement of the Order, agencies should also reduce the duration of classifications. When information is classified because of the sensitivity of a decision rather than the inherent sensitivity of the supporting information, declassification instructions should specify concrete events (e.g., “conclusion of mission”) in place of arbitrary dates or provide an event that may supersede the date. In some cases, agencies should apply a future date, less than 25 years, possibly only weeks or months, when the classification would be “self-extinguishing.”
In recognition of the public interest and the costs of protecting information in the digital age, agencies should better employ the presumption against classification. Maintaining massive amounts of information as classified limits the choices available to policymakers and threatens national security by restricting information sharing and affording costly protection to increasingly unmanageable amounts of data. Treating increasing volumes of Government information as classified heightens public cynicism toward the legitimacy of classification and, in some instances, fosters an attitude of indifference amongst authorized users toward their information security responsibilities. By reducing the quantity of information protected, agencies can restore public trust in the system’s validity and devote resources to protecting only the worthiest items.
A Role for the Legislative Branch
In recent years, Congress has recognized the value of specifically-directed, expedited declassification review through legislation. Statutes such as the President John F. Kennedy Assassination Records Collection Act and the Nazi War Crimes Disclosure Act have mandated accelerated declassification review for classified records associated with topics of great national interest and directed agencies to withhold only the narrowest categories of information when they conduct their reviews. Contemporary Congressional commissions, such as the National Commission on Terrorist Attacks Upon the United States (the 9/11 Commission), have likewise encouraged the release of their records to the fullest extent possible. [1]
Records released through these efforts have broadened Americans’ historical understanding and, in some cases, compelled agencies to revise their declassification guidance in favor of greater disclosure. In the future, when controversy surrounding a past Government action or historical event becomes extraordinarily acute, Congress should contemplate appropriating funds for topical review boards to support the National Declassification Center in expediting the declassification review of all reasonably related Federal records.
Benefits
Agencies and the public will greatly benefit from decisions to discretionarily declassify or maintain as unclassified categories of contemporary national security information. By protecting less information as classified, agencies will reduce the costs associated with storing, transmitting, and declassifying classified information. Tailoring release decisions to contemporary circumstances will overcome some of the obstacles and delays associated with declassification and allow for more rapid public access to Government information.
Minimizing the quantity of information classified will increase public confidence in the system while bolstering the Government’s ability to protect the information most deserving of classification. Of course, the intended benefits of a better informed public and increased public confidence in the decisions of its Government are only realized if releases are full disclosures of the matter revealed. This might only be a number, as in the size of the nuclear stockpile or the aggregate amount of the intelligence budget, but may also be a large volume of records explaining a major effort of the government. Whatever the case, advantageous release must be intended to fully inform, and not to mislead.
[1] Commissions like the 9/11 Commission worked diligently with classification authorities to produce extensive unclassified reports (by avoiding key words, dates, names, etc.) and have captured related classified information with an eye toward early declassification.
The Problem
National security records frequently contain classified information from more than one agency. Under Executive Order 13526, “Classified National Security Information” (the Order), only the agency that creates classified information can declassify it. [1] If an agency produces a record containing its own information as well as information from one or more other agencies, it must not only review its own information for declassification but must also refer the record to each agency that “owns” the additional classified information (called “equities”) in question. A final declassification determination on information in the record is made only after all agencies have rendered decisions on their respective equities.
For the past 16 years, no single policy consideration has generated more difficulties for the conduct of the Automatic Declassification program than the principle of agency ownership. The principle of agency ownership of information has added to delays, costs, and errors in meeting the goals of the Executive order. The National Declassification Center (NDC) and the Joint Referral Center were created in an attempt to address this problem by co-locating agency personnel at one location to accomplish their independent reviews. Both efforts represent an important transitional attempt to bring order and efficiency to the declassification process. Nonetheless, having multiple reviewers and multiple agencies processing the same record severely limits the benefits of this approach by failing to eliminate the inherent redundancies of the current model.
In many instances today, the final declassification determination on a record is needlessly delayed when the other agency’s equity is superficial or minimal. The rote referral to another agency regarding information that might easily have been evaluated in the initial review obstructs the declassification process and prevents the timely release of declassified records to the public.
The increase in the volume of records subject to review in the automatic declassification program requires a reassessment to the current policy of agency ownership. Since 1995 agencies have attempted to execute the program within policy strictures that never envisioned such a massive undertaking. This cumbersome process has resulted in a backlog of approximately 420 million pages. Given the dramatic increase in electronic records that will require a review for declassification, continuing to use the same antiquated review process will result in even further gridlock.
Background
A fundamental tenet of the current classification system is that each federal agency retains ownership and control over its information, regardless of the information’s age. The basis for that principle is the belief that the expertise necessary to render proper declassification decisions resides exclusively with the agency that created the information.
Extensive training has been underway since the earliest days of the program to ensure that declassification reviewers from every agency can identify those equities of other agencies in their records that require referral. Absent accurate identification, the referral requirement becomes a moot point. Yet while the current system recognizes that training can and must ensure an agency can consistently identify the equities of another agency, it refuses to accept the idea that similar training could enable that agency to accurately implement the declassification policies of the other. Identifying the imbedded information of other agencies is a more demanding task than the rendering of the declassification decision itself, if the specific policies and guidance are understood.
Proposals
The Board is currently exploring two proposals as solutions to the issue of agency ownership. In both proposals a single, properly trained reviewer would conduct declassification review for all equities in a record followed by a single quality control review. Such a change must be directed by the President, since the current structure has existed in the “Classified National Security Information” Executive orders since 1995. Since agencies are reticent to allow anyone other than their own reviewers to review their information, any change in the Order should direct that agencies continue to write declassification guides and submit them to the Interagency Security Classification Appeals Panel (ISCAP) for approval. The NDC and/or agencies would then be trained to conduct their comprehensive reviews according to approved declassification guidance. This process will provide a strong incentive for agencies to submit detailed and specific declassification guides.
Option 1: Single Agency Review
One option would be to replace the current approach by vesting the agency that created a record with the authority to review it and declassify it in its entirety, including any information within the record that was incorporated from other agencies. The agency in possession of the record would have the authority to exempt specific information in accordance with ISCAP approved declassification guides.
Additionally, this approach would include at least three major roles for the NDC:
- Ensuring a robust training program for all agencies on the declassification policies of their counterparts;
- Conducting quality control reviews by sampling multi-equity records to ensure agencies are properly executing their responsibilities; and
- Serving as the focal point for the declassification review of all Presidential library records.
Placing the responsibility for declassifying Presidential library records with the NDC eliminates the inefficiencies of the current system. Presidential records are very likely to contain multiple agencies’ equities, best reviewed for declassification in a comprehensive fashion by a government-wide authority. Placing responsibility for their review in the NDC would help alleviate the processing delays in declassifying these historically significant records. It would also ensure that the agencies staff the NDC with their strongest officers.
Option 2: Single Centralized Review
The NDC, applying ISCAP approved declassification guidance, would become the single government-wide authority empowered to review all historical classified information for exemption beyond its initial automatic declassification date. [2] Centralizing this authority within the NDC would eliminate the inefficiencies of the existing model. Furthermore, synthesizing declassification guidance and streamlining the review process will strengthen the consistency of declassification reviews. Moreover, it would also ensure that declassification reviews of historical records are scheduled for review in accordance with NDC review priorities and occur in the context of full archival processing that will allow declassified records to reach the public shelves.
Net Result for the Future
This simplified declassification review environment will amplify the benefits of implementing new technologies, particularly context accumulation capabilities, to make the declassification of records quicker, more consistent, and more effective. For records containing multiple agencies’ information, it will be much easier and more efficient to use technology that identifies and reviews for all agencies information than to develop multiple programs or systems that operate in isolation. A comprehensive system would ingest reviewer decisions on all types of records and have the ability to identify patterns and inconsistencies in declassification guidance and determinations across agencies. Reviewing the information of all agencies simultaneously will maximize the system’s corpus of contextual knowledge, allowing the reviewer to produce the most precise and consistent determinations in the timeliest manner.
[1] Agencies can waive their ownership. In one of the best success stories, the National Security Staff (NSS) has longstanding waiver agreements with the National Archives, the State Department, the Defense Department, and the Central Intelligence Agency. Apart from a limited number of well-defined and easily identified exceptions, the NSS waives their interest in reviewing their equities in most documents over 25 years old.
[2] In most cases this would transfer declassification authority to a single government-wide authority when records reach 25 years of age. For records initially exempted from automatic declassification under 3.3(h) of E.O. 13526, declassification authority would be transferred in accordance with the timeline outlined in that section.
Transforming Classification: An Introduction
Welcome to Transforming Classification, a blog sponsored by the Public Interest Declassification Board. President Obama has charged the Board with designing a more fundamental transformation of the security classification system. In response to his request, we are proposing new solutions that address the shortcomings of the current system and tackle the challenges of digital records. By reducing inefficiencies and increasing public access, our proposals aim to improve the classification/declassification’s system capacity to protect and serve the American people.
Every other Wednesday over the next eight weeks, we will post either two or three “white paper” synopses to the blog describing an element of our proposed transformation. White papers will address the following topics:
Paper 1: Using Technology to Improve Classification and Declassification
- Employ predictive analytics and context accumulation technology to encourage consistency in classification and efficiency in declassification
Paper 2: Reconsidering Information Management in the Electronic Environment
- Implement a universal metadata standard for classified electronic (e-) records and integrate information and records management functions with archival processing
Paper 3: Regularizing the Declassification Review of Classified Congressional Records
- Systematize and prioritize the declassification review of Legislative records at the NDC
Paper 4: Discretionary Declassification and Release of Contemporary National Security Information
- Encourage policymakers to consider the advantages of not classifying certain categories of information or declassifying before prescribed deadlines
Paper 5: Simplifying the Declassification Review Process for Historical Records
- Transfer agency declassification authority to the National Declassification Center (NDC) after declassification exemption timelines have lapsed
Paper 6: Stewardship of Our Classified History
- Preposition topics of historical significance for declassification and underscore the importance of preserving agency contributions to national security history
Paper 7: Information Security and Access in the Electronic Environment
- The role metadata and access controls can play in information security
Paper 8: A Half-Life for Historical Formerly Restricted Data (FRD)
- Converting certain categories of FRD to national security classified information after 25 years and allowing for its review for declassification
We encourage you to post your comments on these white papers under their respective threads and comment on the posts of others. Your thoughts and suggestions on these topics will be of great assistance to us as we finalize our proposals to the President.
To strengthen the quality of discussion we ask that you follow the following Blog Etiquette:
- Always ask yourself before you post:
- Is this advancing the conversation?
- Does it add new relevant information?
- Does it raise a concern with a proposal?
- Does it suggest a way to improve a proposal?
- Does it express an opinion on the strength or weakness of the proposal?
- Does it raise a new way of solving the problem in the topic of the post?
- Does this comment engage civilly with other commenters?
- Please use the same username for all your comments.
- You can comment without using your real name, but be consistent with your username and do not pretend to be someone other than yourself.
- This will strengthen the dialog.
- Never use two usernames to have a conversation with yourself or to applaud your own comments.
- Please use the subject line of your comment to indicate the item you are commenting on. If you see an existing thread on a subject, please post your comment in that thread rather than create a new thread. This will allow all conversations on that subject to occur in one place, thus making the conversation easier to follow. If you are responding to a specific comment, please use the comment link under that comment so that your response will be threaded to the comment you are responding to.
- If you use an acronym, please spell out what it stands for the first time.
- This is an unclassified blog.
The Problem
Advances in the electronic environment have led to a pronounced increase in the amount of classified information being produced. Staggering volume and scarcity of resources make the eventual human review of these records for declassification impossible. Human review as it is done today is estimated at two full-time employees (FTEs) per gigabyte. At one intelligence agency alone, the growth of classified records is approximately 1 petabyte (1 million gigabytes, ~49 million cubic feet of paper) every 18 months. The Government cannot dedicate 2 million FTEs a year to review 1 petabyte, much less over 20 million FTEs a year to review the tens of petabytes of classified records being created across the Government.
A Technological Solution for Both Declassification and Classification
Technology can be employed to address the challenges of mass declassification in a more accurate, cost-effective, and efficient manner. Existing technologies such as information retrieval tools, natural language processing, optical character recognition software, predictive analytics, and cloud computing can serve as a foundation for future innovation, but the Public Interest Declassification Board (PIDB) believes the most integral and necessary component to a new system will be a robust context accumulation capability.
Context accumulation is a means by which computers predict classification and declassification dispositions. Human inputs, either as priori rules or individual decisions based on classification and declassification guidance, direct the process. The system ingests the decisions of human reviewers to classify or declassify (in full or in part) pieces, categories, or associations of information, using reviewers’ determinations as the basis for future, automated decisions. The greater the body of knowledge (e.g., reviewer decisions, classification and declassification guides, previously released documents, open source material) ingested into the system, the better the predictions the computer would generate.
Based on these data points, the computer learns how to sort information into release and withholding bins. In instances of conflicting context, the system would require human input by reviewers and subject matter experts. The decisions of these individuals would train the system to better sort information. As the system learns through more human input, its declassification review ability will evolve. For those areas in which the system’s aptitude is sufficiently advanced, meticulous human review will no longer be necessary. In time, reviewers will be able to focus exclusively on evaluating those pieces of information identified by the system as posing unique challenges. Reviewers’ decisions on the rationale for the withholding or declassifying of this information will provide context to the system to address and sort all other appearances of that information. As more of these review precedents are established, the volume of records reviewable by the system will continue to increase.
Because a context accumulation tool ingests both declassification and classification guidance, any system could serve concurrently as an automated classification tool. Allowing computers to classify information minimizes the user burden. Moreover, automating classification reduces the potential for over-classification by ensuring that classification determinations are made in the strictest accordance with current policy and only in appropriate circumstances. The rationale for classification determinations would be digitally imprinted on documents, creating metadata which the system could later use to locate and declassify this information as policy guidance changes.
The accuracy and consistency afforded by this system will enhance information security and thus national security.
Approaches to Context Accumulation
A context accumulation system can be implemented in two ways. Policy guidance (“rules”) can be input at the onset and used as the basis for initial classification decisions, or decision-making criteria can be based entirely on the ingestion of documents whose classification status is then determined by individual reviewers based on existing policy guidance. Assigning rules at the onset entails a potentially protracted battle over classification standards but ensures that the computer begins with standardized criteria. Developing rules organically based on the ingestion of documents increases the likelihood for poor review from human error but mitigates intra- or interagency disputes over classification guidance and allows for quicker implementation.
Benefits
Employing these technologies, and context accumulation tools in particular, would:
- Improve consistency and accuracy of classification and declassification decisions.
- Minimize instances of over-classification by automating routine classification and consistently aligning classification decisions with established guidance.
- Facilitate the immediate implementation of changes in classification and declassification guidance.
- Reduce the administrative burden of declassification reviewers, allowing them to focus exclusively on the rationale for declassification or classification.
- Audit individual human inputs to measure reviewer performance and identify areas for improvement.
- Identify to cleared users exactly what information is and is not classified or available through open sources.
- Reinforce classification standards in real time as documents are created in the classified environment.
- Replace document-level, pass/fail reviews with redaction-level reviews, significantly increasing the volume and quality of material declassified.
Technology and the National Declassification Center (NDC)
A research laboratory could be created within the NDC for launching and evaluating pilot projects that incorporate these technologies. Digital records collections of historically significant records could be used to field test a new system (based on either of the two approaches outlined above). The NDC provides an ideal interagency environment in which to share classification guidance and draw on the expertise of subject matter experts. Successful projects could encourage future interagency cooperation and innovation in this area.
The Public Interest Declassification Board (PIDB) recommends that a policy be implemented for uniform government-wide metadata standards for classified electronic records (e-records). The adoption of metadata standards will make declassification review of e-records more effective and efficient. The current focus on analog records (paper and special media) has kept attention from this looming and monumental problem and the need to find methods to deal with the challenge of reviewing petabytes of classified electronic records for declassification.
Background
The Government creates massive amounts of information or data in a variety of digital environments and formats. It needs a metadata strategy designed to preserve and manage this digital information across domains and over time.
Metadata [1] are structured information which describes the format, content, context and organization of the underlying information in a document or record. Adequate metadata are essential for information management professionals to discover, identify, describe, manage, and preserve records over time and to support the use of records.
Our Government depends on these records to inform history. Records provide policymakers a memory of past decisions and shape future business decisions. Since the 1980s, records have been created in multiple electronic formats, and the number of formats is growing. There is no national metadata strategy or standardized practice across agencies. Without a thoughtful and planned strategy informed by existing national and international metadata standards, it will be impossible to administer this increasingly incoherent records and data environment.
Agencies currently maintain and use various metadata elements to suit their short-term needs without regard to recordkeeping or archival practices. In order to improve access for policymakers and for the public, a comprehensive national standard is needed for the management of digital records. Absent a national metadata strategy and standards, it will become ever more difficult to retrieve important information and conduct efficient declassification review of classified e-records.
Deficiency in metadata elements will lead to an inability to locate and share critical information. Without necessary technical metadata, digital records may not be able to be read or used, and without contextual metadata, [2] records may not be given accurate meaning. Poor metadata may compromise the authenticity and reliability of e-records. [3]
A New Recordkeeping Model
The Government currently uses the lifecycle model of records management, an approach for managing paper records which evolved after World War II. Under this model, creators, users, record managers, and archivists are isolated actors. Classified records are created, maintained by agency records managers, and transferred to the National Archives and Records Administration (NARA), where they come under the custodial care of archivists and are eventually reviewed for declassification. This process creates an artificial distance between archivists and those who originally create and manage this information. In the electronic records environment, this model hinders efficient processing and creates potential obstacles to declassification review and public access.
The continuum model approach to information management provides a consistent, coherent system of records management processes from the time of records creation through preservation and archiving. Throughout the life of the e-record, recordkeeping actions are continuously captured and linked in metadata. This approach integrates recordkeeping and archival functions and mitigates barriers between records creators, users, records managers, and archivists.
Proposals
We propose that the Government, under the leadership of the Chief Information Officers (CIO) Council, adopts a metadata strategy which reflects the continuum model of information management. The CIO Council should solicit the input of agencies, technologists, archivists, and commercial practitioners and develop comprehensive standards. Specifically, these standards should:
- Automate the creation and management of metadata. Whenever possible, computer systems should generate metadata to minimize the burden on users.
- Keep metadata schema simple to limit costs and complexity.
- Establish and implement clear processes and procedures throughout classifying offices to prevent potential poor-quality metadata and gaps in metadata.
- Stress that the creation and management of metadata is a shared responsibility.
- Be updated regularly to reflect changes in Government policy and operations regarding classified information and to ensure quality control and assurance.
Conclusion
Mandating standardized metadata tagging of records at creation offers several important benefits. Metadata fields will document user actions, create audit trails, normalize declassification instructions, and reinforce access controls to ensure that classified information is appropriately safeguarded. Metadata tags will reveal agency equities to improve the efficiency and accuracy of declassification review. When paired with context accumulation tools, metadata will limit overclassification by allowing records managers and reviewers to monitor classification actions more effectively. Lastly, adopting the continuum model will allow all parties—records creators and users, records managers, archivists, and researchers—more timely and efficient access to records and information, as appropriate.
[1] In an information technology context, metadata is data about data or database systems.
[2] Contextual metadata, very simply, surrounds data to provide context to the data; it is secondary, deeper; e.g., “provenance assertions are a form contextual metadata . . .” Available at : http://www.w3.org/2005/Incubator/prov/wiki/What_Is_Provenance#Provenance.2C_Metadata.2C_and_Trust
[3] Adrian Cunningham of the National Archives of Australia citing an international workshop held in the Netherlands in 2000 described recordkeeping metadata as “[s]tructured or semi-structured information which enables the creation, management and use of records through time and across domains. Recordkeeping metadata can identify, authenticate and contextualise records and the people, processes and systems that create manage and use them.” Recent Developments in Standards for Archival Description and Metadata, Presented at the International Seminar on Archival Descriptive Standards, University of Toronto, March 2001. Available at: http://enj.org/portal/biblioteca/funcional_y_apoyo/archivistica/42.pdf
|
