A “fundamental transformation” of the classification system, as proposed by President Obama, is long overdue. Experts of all political stripes have agreed for decades that overclassification is rampant and that it carries unacceptable costs—to national security, to representative democracy, and to the public fisc. The extent and persistence of the problem underscore the need for change that is profound rather than incremental.
There are three aspects to transforming the classification system: (1) revisiting the rules that govern classification decisions; (2) ensuring compliance with the rules; and (3) improving the declassification process. The second aspect is the subject of an upcoming Brennan Center report and the main focus of this white paper, although we present suggestions in all three categories.
I. Revisiting the rules. Agency classification guides provide the substantive criteria for derivative classification decisions not based on source documents. There are several problems with the guides: they are outdated, and much of the information they identify no longer requires classification (if it ever did); they give derivative classifiers far too much discretion, in essence having them act as original classifiers; and many are opaque and unwieldy, to the point that classifiers have no idea how to use them. The President has ordered agencies to review and revise their guides. This effort is critical to the success of classification reform, yet early reports suggest that not all agencies have approached the undertaking in the right spirit. The President should make clear that this is a priority.
A second problem is that agencies have interpreted the National Security Act of 1947 to permit the classification of “intelligence sources and methods” regardless of whether disclosing the information would cause harm. This interpretation is a major source of needless classification. The President should ask Congress to amend the Act to specify that “intelligence sources and methods” may be classified only if their disclosure could reasonably be expected to damage national security.
II. Ensuring compliance with the rules. Currently, there are many powerful incentives to classify documents even when the national security implications are questionable. To name a few: There is a culture of secrecy among many agencies; information control provides a useful weapon in agency turf wars; employees who fail to protect information are subject to harsh sanctions; and there is tremendous pressure to err (and to err liberally) on the side of secrecy, given the perceived stakes. There are essentially no forces pushing in the other direction, as the process of classifying documents is quick and easy; those who needlessly classify documents are never held accountable; and there are no rewards for challenging improper classification decisions.
Whatever rules are adopted for classification, compliance with those rules will continue to be an elusive goal unless the underlying incentive structure is changed and accountability is introduced. To this end, our upcoming report will set forth a five-prong proposal, to be implemented as a pilot program (via executive order and implementing ISOO directive) at one or more agencies:
A. Electronic questionnaires. Classifiers would be required to enter answers to a series of drop-down questions when classifying a document; the answers would become part of the document’s metadata. In addition to providing basic information that already is required (e.g., personal identifier, date or event for declassification, etc.), original classifiers would be required to articulate why disclosure of the information could reasonably be expected to harm national security; derivative classifiers, when relying on a guide, would be required to explain how the information meets guide criteria. Classifiers operating under an urgent deadline could provisionally classify the information for a 10-day period without answering all the questions.
The purpose of the electronic questionnaire is fourfold: (1) requiring classifiers to articulate the justification for classification would help to ensure that such justification exists; (2) the process of completing the questionnaire, while minimally burdensome, might dissuade those whose only reason for classifying the document is “Why not?”; (3) the information provided would be used to facilitate the audits discussed below; and (4) the metadata could be used to help manage the information (for example, it would facilitate automatic declassification).
B. Audits of classifiers. For each agency participating in the pilot program, the Office of the Inspector General (OIG) would be asked to conduct a periodic “spot audit” of original and derivative classifiers, reviewing a sample of classification decisions for each person audited. The Information Security Oversight Office (ISOO) would provide training and guidance to OIGs on how to conduct the audits. OIGs could use the questionnaire answers to assess whether a facially legitimate justification for classification existed. In those cases where OIGs had questions that they lacked the expertise to resolve, the Interagency Security Classification Appeals Panel (ISCAP) would serve in a consulting role.
C. Consequences for the classifier. Employees found to be overclassifying at high rates would be subject to repeat audits every six months. Agencies would put in place a series of mandatory escalating consequences for employees who failed to self-correct over time, beginning with remedial training and culminating in temporary or even permanent revocation of classification authority.
D. Consequences for the agency. Because sanctions at the individual classifier level will go only so far if the agency’s culture of secrecy persists, and because organizational culture is a top-down phenomenon, managers must be held accountable for the performance of the employees they supervise. If managers failed to instill proper classification practices among their employees (as evidenced by OIG audits), that failure would be reflected in their personnel evaluations and affect their eligibility for bonuses and other performance-related benefits.
Moreover, if successive OIG audits suggested a high rate of overclassification agency-wide, the agency would be required to develop a specific plan—and to allocate the necessary resources—to reduce that rate. ISOO would review the plan and could order revisions. Once approved by ISOO, the plan would be forwarded to the President. If the agency did not meet its goals in subsequent audits, it would be required to submit a report to ISOO explaining any shortcomings and detailing its plans for addressing them.
E. Rewards for challenges. Although Executive Order 13526 obligates authorized holders of information to challenge classification decisions that appear improper, they rarely do so. Employees at agencies participating in the proposed pilot project would be able to bring challenges anonymously, and those who succeeded would be given small cash awards under the law that permits cash prizes for “a special act or service in the public interest.” 5 U.S.C. §§ 4503-4504.
III. Improving declassification. Neither human nor computer effort is up to the task of reviewing the massive backlog of documents awaiting so-called “automatic” declassification. The only solution is for the President to put meaning behind the term “automatic” by declassifying the documents through executive order. (First, Congress must amend the “Kyl-Lott Amendment” so that page-by-page review is required only for documents that are likely to contain information about atomic weapons or nuclear material.) Although the information thus disclosed would be more than 25 years old, it is possible that some minute fraction of that information might still be sensitive. Allowing the continued, indefinite classification of hundreds of millions of records that are critical to understanding our nation’s history and identity is the greater evil.
The most successful elements of current declassification policy are Mandatory Declassification Review and ISCAP. They should be “scaled up.” Agencies currently spend only about 0.5% of their information security budgets on declassification; they should be required to increase that percentage to 5%. ISCAP’s influence should be amplified by giving its decisions precedential value, and consideration should be given to establishing multiple panels (turning “ISCAP” into “the ISCAP system”) in order to increase the volume of documents reviewed.
Liza, thanks for this paper and for your presentation at our public forum.
In your discussion of auditing classifiers, do you see any value in also implementing “safe harbor” protections for classifiers and reviewers who either make a mistake or who report errors of other classifiers? Part of the change you advocate is a change in culture among the agencies, and while many of your points mention consequences for classifiers and the agency, there may also be some merit in considering if agencies’ threshold for acceptable risk. Would it be possible to give classifiers and reviewers some whistleblower-style protection so that they would be more likely to err on the side of openness and either not classify or declassify?
Many thanks for inviting me to speak at the forum and for your attention to, and comments on, the Brennan Center’s proposal. In fact, after listening to your comments at the forum (in particular, your observation that classifiers need to “feel safe”), I’ve been working on a possible addition to our proposal in the form of a “hold harmless” rule that would apply to (a) derivative classifiers in cases where there is some ambiguity about the status of the information, and (b) original classifiers who make a good faith decision not to classify information (since original classification is never technically “required”). The rule would officially prohibit sanctions in such cases, but it is much harder to address the risk of “un-official” repercussions. That’s a problem that plagues any type of whistleblower-style protection effort and I’m not sure how to get around it.