Modernizing the Government’s Classification System

By way of background, I got my first SECRET clearance when I was a young Army 2nd Lieutenant in 1986, followed by a full Top Secret/​Special Compartmented Information (TS/SCI) clearance when I joined the Central Intelligence Agency two years later. I also held a TS clearance from 2007–2014 when I worked for then‐​Rep. Rush Holt (D‑NJ), who was subsequently named to the National Commission for the Review of the Research and Development Programs of the United States Intelligence Community. I staffed him on the committee, during which I regained my TS/SCI plus a Q clearance.

Accordingly, I know the necessity of keeping some things secret. I also know, from the historical record and direct, personal experience inside and outside of government, that often times Executive branch secrecy, administrative control measures, or Freedom of Information Act (FOIA) noncompliance is used as a legal cloak to hide waste, fraud, abuse, mismanagement, and even criminal conduct.

Today, I’ll share some of those key illustrative experiences with you and offer what I hope you’ll find to be potentially workable solutions to the problem. First, let me address in brief the history of how we got to where we are with our overclassification crisis.

Background

As I noted in a piece in The Hill earlier this year, the word “secrecy” appears only once in the Constitution — and not in Article II, which deals with the presidency. Instead, it appears in Article I, Section 5, Clause 3: “Each House shall keep a Journal of its Proceedings, and from time to time publish the same, excepting such Parts as may in their Judgment require Secrecy…”

Thus, Congress was the original classification authority in the federal government. Indeed, nowhere in Article II of the Constitution will you find explicit language that permits the president or his designees to classify a single document. How then did the Executive branch become the dominant player in the world of federal secret keeping?

Throughout most of our nation’s history, Congress never asserted its constitutional prerogatives or authority in this area. As a result, successive presidents claimed the authority to decide what would or would not be kept secret.

During the Taft administration, the 1911 Defense Secrets Act¹ represented the first effort to codify national defense‐​related secrets and it featured stiff penalties for violations of the Act: at least a year in jail and a $1,000 fine.

Once the United States declared war on Germany in April 1917, the military services, as well as the Departments of State, Justice, and Treasury (via the Secret Service), all engaged in domestic surveillance operations that were shielded from public view behind a veil of secrecy. Penalties for exposing things deemed secret were made ever more draconian through the passage of the Espionage Act.²

From the end of World War I to the present day, internal practices and procedures for creating and keeping secrets within the executive branch have grown and evolved, with a 1953 Supreme Court landmark case creating the “state secrets privilege” seemingly legitimizing a de facto Executive branch monopoly on creating and keeping secrets.³ Only rarely has Congress been active in legislating select aspects of the national secrecy system, such as the Atomic Energy Act,⁴ National Security Agency Act,⁵ and the Classified Information Procedures Act.⁶

Ironically, by enacting these bills, Congress effectively yielded further ground to the executive branch vis‐​a‐​vis deciding what is, or is not, classified information.

What is more, not even the major intelligence scandals unearthed by the Church Committee during the Ford administration motivated Congress to prohibit the misuse of the classification system to conceal waste, fraud, abuse, mismanagement, or criminality. Instead, Congress allowed presidents, via executive orders, to self‐​police any potential Executive branch classification overreach, the current version being EO 13526.⁷ That decision to allow the

Executive branch to effectively “go it alone” on managing the nation’s classified information has been a costly mistake with real‐​world consequences.

The Financial Price of Excessive Government Secrecy

When the national Commission on Protecting and Reducing Government Secrecy issued its final report in March 1997, it estimated that in 1995 the total cost to taxpayers and industry for maintaining and protecting classified data was at least $5.6 billion.⁸ Nearly 15 years later (in 2011), the cost had doubled, to $11.36 billion⁹ but just one year later the Information Security Oversight Office (ISOO) estimated that the 2012 financial costs of maintaining federal government secrets had actually decreased to $10.96 billion, a 13 percent reduction largely attributable to improved reporting requirements that excluded unclassified data management costs.¹⁰ For FY2017, the estimated costs wer $18.39 billion¹¹. That figure excluded classification costs for industry, which was estimated at $1.49 billion. I note that ISOO has not published a comprehensive cost report since 2017, and that in the 2021 report to the President, ISOO Director Mark Bradley stated that, “…my staff and I determined that the cost information that we had collected about the CNSI system for years was neither accurate nor reliable.”¹²

FOIA and MDR: A Bifurcated, Dysfunctional Records Release Process

On a daily basis, if a member of the public or the press seeks federal government records, they have only two pathways to obtain them: FOIA or the Mandatory Declassification Review (MDR) process. FOIA is of course a statute, whereas the MDR process is governed by Executive Order 13526, Classified National Security Information. The very fact that the government has allowed two different—and fundamentally disparate—systems for responding to government records request to exist is our first major clue that the system is dysfunctional.

Under FOIA, if a requester exhausts administrative appeals and the agency or department still refuses to release the material at issue, the requester can sue in federal court. The MDR process precludes litigation.

Under FOIA, entire documents must be released in full unless the agency or department can sustain their burden of proving that one of the nine statutory exemptions covers the information sought. The MDR process only deals with purely classified information (i.e., things that under FOIA would fall under exemptions b1 and/​or b3). Thus, requesters seeking records on defense, intelligence, or law enforcement related activities are almost always better served by using FOIA vice the MDR process.

And despite the fact that EO 13526 mandates declassification reviews at the 25‐​year point for classified documents, those reviews include nine broadly (and often poorly) worded carveouts that agencies or departments can invoke to deny the release of records. Even ISOO Director Mark Bradley has acknowledged the current MDR system is hopelessly broken.

In ISOO’s 2021 annual report to President Biden, Bradley noted the need to overhaul, if not eliminate, the automatic declassification system currently in use because it “is unable to meet the requirements for existing paper records and will never keep up with the tsunami of digital CNSI [classified national security information] being created daily, making it likely that most of it will never be reviewed for declassification.”¹³

American taxpayers seeking information on what their government is up to in their name should not be forced to navigate a needlessly bifurcated, byzantine federal records request process. The MDR process as it exists should be eliminated. Individual citizen requests for all federal agency and department records should be subject to and processed through a revised and far more user‐​friendly FOIA statute (about which I will have more to say below).

The costs to taxpayers of needless government secrecy and duplicative records requests and processing structures are measurable not just in dollars and cents, however. The federal government’s frequent misuse of the classification system and FOIA obstructionism to conceal waste, fraud, abuse, mismanagement, or even criminal conduct comes with an even higher cost—public trust and the violation of constitutional rights.

Secrecy and Redaction as Misconduct Shield

For over 50 years and counting, American taxpayers and Congress have learned—most often through whistleblowers—of multiple, devastating examples of federal agency and department misconduct carried out under color of law or regulation in secret.

The first major episode was exposed in January 1970 by former Army Captain Christopher Pyle, who revealed a massive Army domestic spying campaign targeting political dissidents dating from at least 1965.¹⁴

Eighteen months later, a group of Philadelphia‐​area academics and anti‐​war activists, suspicious that they had been targets of FBI surveillance, broke into the FBI office in Media, Pennsylvania and liberated thousands of FBI reports that confirmed their suspicions. It was the first time that any information on the FBI’s infamous Counterintelligence Program (COINTELPRO) had been made public.¹⁵

These episodes led to multiple Congressional investigations between 1971 and 1975, the results of which exposed even more details of Army and FBI domestic surveillance and disruption operations against Americans engaged in First Amendment protected activities, as well as unconstitutional surveillance operations and mail intercepts carried out by NSA and the CIA, respectively.¹⁶

Those hearings led to legislation designed to prevent such abuses in the future. The Foreign Intelligence Surveillance Act (FISA), the Inspector General Act, and the creation of dedicated, standing House and Senate intelligence committees were all enacted in the hope that nothing like COINTELPRO or other unconstitutional acts could be perpetrated in the future. While well‐​intentioned, those reforms have clearly failed.

Less than four years after the reforms I mentioned were enacted, the FBI once again began a secret, illegal, nationwide criminal predicate‐​free surveillance operation targeting the Committee in Solidarity with the People of El Salvador (CISPES), which was opposed to Reagan administration policies involving several Central American countries. The operation was eventually exposed and subsequently ended, but no FBI personnel were prosecuted.¹⁷

During the Clinton administration, the FBI would again open, in secret, a nationwide investigation without a valid criminal predicate, this one targeting Arab and Muslim Americans in the Chicago area under the code name VULGAR BETRAYAL. One of the reasons the full details on this FBI surveillance scandal remain unclear is because the Bureau has only provided Cato roughly 35,000 of the nearly 1.3 million pages of material it has on the episode.¹⁸

Unfortunately, Cato had to abandon that FOIA request. The reason is that since the Bureau will never release more than 500 pages per month to a FOIA requester in the D.C. Circuit (absent the very rare order from a federal judge to produce more per month), it would take 215 years for Cato to receive all the records. This is a de facto form of constructive denial of Cato’s request. It also allows the Bureau to continue to hide the magnitude of its misconduct and failures in the VULGAR BETRAYAL episode.

During the Bush 43 presidency, one of the most consequential secret and unconstitutional government surveillance programs of the last 50 years only came to light because of yet another government whistleblower‐​then‐​Justice Department attorney Thomas Tamm.

Tamm’s revelations about the STELLAR WIND warrantless mass electronic surveillance program to the New York Times resulted in its exposure in December 2005 and Tamm initially being targeted for prosecution. That threat of jail time—for exposing a completely illegal domestic spying program—hung over Tamm’s head for years, and he nearly lost his law license in the process.¹⁹

Later in the Bush 43 administration would come another Army secrecy scandal, this one exposed by then‐​Army soldier Chelsea Manning. Manning allegedly provided the Wikileaks organization with secret Army documents implicating Army personnel in war crimes in Iraq, including murder. This was yet another case in which the whistleblower was prosecuted for exposing criminal conduct by the federal government.²⁰

The last in my string of examples of the classification system being used to conceal misconduct by federal agencies and departments involves still another whistleblower—a former NSA contractor by the name of Edward Snowden.

On June 6, it will be 10 years since the Guardian newspaper published Snowden’s first major revelation—the federal government’s programmatic collection of telephone metadata on virtually every American.²¹ The program made a mockery of the 4th Amendment’s individualized, particularized, probable cause‐​based warrant requirement. The Executive branch’s reaction to Snowden’s revelations was to once again prosecute a whistleblower for exposing federal government domestic surveillance misconduct.

I note that every time Executive branch officials have claimed that these kinds of surveillance authorities are necessary and effective, subsequent investigation—either by the press, Congress, or civil society groups utilizing FOIA—those claims have almost invariably been proven false. That was the case with the STELLAR WIND²²program revealed by Tamm and the PATRIOT Act’s Section 215 telephone metadata program revealed by Snowden.²³ Those are critical facts to bear in mind as the Congress contemplates whether or not to renew the deeply controversial and scandal ridden FISA Section 702 program, set to expire on New Years’ Eve 2023.

The fact that the federal secrecy system has been and continues to be used to conceal Executive branch malfeasance should be seen for what it is: an intolerable pattern and practice that Congress should end via legislative and oversight actions. Yet preventing the abuse of the traditional classification system may not be enough to ensure the kind of government transparency required in a functioning republic. Under then‐​President Obama, a new effort was initiated to keep even unclassified information from the American people.

Administrative Control Measures: Controlled Unclassified Information Edition

Created by Executive Order 13556 on November 4, 2010, the ostensible purpose of establishing the “Controlled Unclassified Information” program was to mandate “an open and uniform program for managing information that requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, and Government‐​wide policies, excluding information that is classified under Executive Order 13526 of December 29, 2009, or the Atomic Energy Act, as amended.”²⁴

As one recent commentator has observed:

In preparation for this hearing, I searched in vain for a credible contemporary explanation as to why, in 2010, the existing exemptions under the FOIA and the Privacy Act (PA) were somehow deemed to be inadequate to protect things like the names of non‐​public federal employees, their Social Security numbers, clearance status, etc. I found none.

What’s more, there has never been a Government Accountability Office (GAO) examination of the rationale for the CUI program, whether existing FOIA & PA exemptions are somehow inadequate to protect potentially sensitive but unclassified information, and whether much of the information under the CUI umbrellas is not already in the public domain.

And we already have a prominent example of an attempt to use the CUI designator to keep the public in the dark about a very recent, and deadly, incident: the August 29, 2021, U.S. drone strike on Kabul, Afghanistan that killed 10 civilians, including seven children.²⁶

A subsequent New York Times FOIA lawsuit revealed that the CUI designator had been used on a document listing 24 key pieces of documentary and related evidence about the strike, which the Pentagon initially defended but later acknowledged was a “tragic mistake.”²⁷

It’s worth noting that this and the many other episodes I’ve described thus far have been exposed only because certain specific, well‐​resourced institutions in our society (be it the New York Times, a prominent think tank like Cato, or a large, well‐​financed civil liberties group like the ACLU) have been willing to litigate in court and slug it out for the documents. What about the average requester without access to qualified FOIA counsel seeking records on a still‐​embarrassing‐​to‐​the‐​government but not‐​in‐​the‐​headlines issue?

A Classification and Records Management Reform Proposal

The massive request backlogs at federal agencies and departments have only grown worse over the past decade, with more than 150,000 backlogged requests in 2021 alone, and a third of those belonged to the department charged with implementing FOIA: the Justice Department.²⁸

The FOIA and MDR model of handling individual requests is not working. We need a new statutory framework that, while still allowing and encouraging individual requests,

1) mandates disclosure of all federal agency and department records 25 years old or older within five years of enactment and continue such disclosures annually henceforth;

2) disallows the release of information that would:

3) In no event would any information covered under subsections A through J be withheld from public release if the records in question reveal evidence of waste, fraud, abuse, mismanagement, violation of any statute or provision of the Constitution by a United States government official or contractor.

4) In all cases in which a plaintiff brings a civil action against a federal agency or department under the Freedom of Information Act involving any of the records covered under subjections A through J of this Act, the presiding judge shall conduct an in camera de novo review of the records at issue with the assistance of a Special Master with appropriate security clearances and in the employ of the Court.

Administrative control measures like CUI, SBU, etc. should be expressly prohibited. Information is either classified because it is a genuine secret (i.e., not in the public domain and its exposure would jeopardize one of the interests covered by subsections A through J, above) or it is not.

The revamped system I am proposing would not only ensure historically valuable documents are released expeditiously and on a fixed schedule, it would also ensure that more contemporary national security and law enforcement records of potentially major public significance are not forever kept secret because a federal judge believes he or she must show “due deference” to Executive branch claims of secrecy. At the same time, my proposed framework would give federal agencies and departments the legal basis to protect genuine secrets from untimely exposure.

I thank the committee for its time and attention, and I look forward to your questions.