The revelation that the Office of Vice President Richard Cheney has refused to comply with an executive order requiring it to file an annual report on how it handles classified national security information has drawn attention to several complex issues in the area of government secrecy.
Executive Order 12958 — first signed by President Bill Clinton in 1995 and reissued by President George W. Bush in 2003—seeks to establish a uniform, government-wide system for safeguarding classified information. Under the order, classification can only be mandated by officials and individuals who can clearly justify their action.
The Information Security Oversight Office (ISOO) at the National Archives and Records Administration is responsible for ensuring that the executive branch protects classified information. ISOO conducts yearly audits of the federal government’s classification process, including the amount of classified material in each agency’s possession, its procedures for safeguarding that information, and financial costs associated with these procedures.
Starting in 2003, Cheney’s office has declined to respond to ISOO’s inquiries into how it manages classified information. Cheney’s staff claims that the vice president should be exempt from the executive order on the grounds that the vice president’s office is not solely an executive branch agency. Under the U.S. Constitution, the vice president also serves as president of the Senate, giving him certain legislative functions such as casting votes to break ties. When the ISOO persisted in its investigation, Cheney’s staff tried to abolish the office.
Within the U.S. government, classified information falls into two main categories. By the authority of Executive Order 12958, as amended, information can be classified as Top Secret, Secret, or Confidential. Information that does not meet the standards established by the executive order, but that an agency considers sufficiently sensitive to warrant restricted dissemination, is designated as Sensitive but Unclassified (SBU). Documents under these seals range from law enforcement testimony to critical infrastructure data.
This U.S. government classification system is based on the assumption that government officials will classify truly sensitive information responsibly and not broadly use their authority to keep documents secret for purposes unrelated to protecting national security (e.g., to conceal poor decisions or questionable behavior). Two problems endure despite this assumption: overclassification and pseudoclassification. The problem of overclassification refers to the classification of information that should not have been classified or that was given a level of classification higher than necessary. The challenge of pseudoclassification refers to the improper or overuse of the SBU designation.
The main cause of overclassification within the U.S. intelligence community is the continued adherence to the “need to know” principle. The Soviet bloc’s comprehensive intelligence collection efforts during the Cold War justified the use of compartmentalized and decentralized intelligence operations. Terrorist groups, however, primarily use open source material and on-site observations to plan operations rather then attempt to steal classified information. For this reason, it is generally more effective to encourage a more liberal exchange of information that allows analysts to “connect the dots” in order to identify and preempt terrorist threats. The United States should replace the “need to know” approach with a “need-to-share” principle.
In addition, although President Bush has mandated the standardization of procedures for designating, marking, and handling SBU information across the federal government, this goal remains unrealized nearly six years after the 9/11 attacks. A 2006 report (pdf file) by the Government Accountability Office (GAO) on how federal agencies treat SBU information identified 56 different designations for SBU information among the 26 agencies it surveyed. (One agency used 16 different SBU designations.) For example, the Department of Energy may mark documents with SBU information as “Official Use Only (OUO),” or it may choose to use another one of its sixteen designations for SBU information. In contrast, the Department of Defense uses the designation “For Official Use Only (FOUO),” while the Department of Homeland Security employs the designation “Protected Critical Infrastructure Information (PCII).”
Of these 56 designations, only a few have any basis in formal statute. Most were created by individual agencies employing their own criteria and policies, resulting in the uncoordinated growth of designations that restrict vaguely defined classes of information. Cheney’s office reportedly created its own category: Treated As: Top Secret/SCI for unclassified information that they wanted to keep out of the public, such as talking points for reporters. In contrast to procedures regarding classified information, moreover, government agencies typically do not provide means by which public groups can challenge SBU classifications.
This lack of a government-wide, comprehensive, interoperable SBU designation system interferes with information sharing in two ways. Not only do various agencies classify different information using dissimilar labels, but they often classify different information under the same labels. Indeed, the 2006 GAO report stated that half of the agencies covered reported that they had encountered challenges in sharing SBU information. The GAO also found that most agencies do not limit which or how many employees have authority to make designations, do not provide adequate training for employees making designation decisions, and fail to undertake periodic reviews to verify the proper use of classified designations.
In recent congressional hearings, many speakers from diverse backgrounds testified that the federal government had yet to overcome these problems. For example, ISOO Director William Leonard stated that the number of federal government classification decisions has approximately doubled since the September 2001 terrorist attacks. As a result, the cost of managing the U.S. information classification system has reached a record high. An ISOO audit last year also found that almost two-thirds of the trained classifiers they reviewed made mistakes in determining the appropriate level of classification.
Leonard did not address the issue of SBU data since it falls outside the oversight authority of his office—as well as that of any other independent executive branch body. Instead, individual agencies can decide for themselves whether they are correctly designating and managing sensitive information.
Since the September 2001 terrorist attacks, the ISOO has struggled to maintain a balance between the needs of national security and public disclosure. Partly due to the exigencies of the war on terrorism, the Bush administration has classified much more information than previous administrations. Last year, historians and advocates of open government complained when seemingly innocuous or previously declassified documents held by the National Archives were suddenly reclassified by various government agencies.
Keeping operational secrets out of the hands of terrorists is important, but excessive classification will prove counterproductive by vitiating efforts to establish the Information Sharing Environment called for by the Final Report of the 9/11 Commission and other homeland security experts.