If The Justice Department Has A Plan To Fix Its Overclassification Problem, It's Probably Classified

Failures

from the moving-at-the-speed-of-treading-water dept

The problem of over-classification continues, not that it ever wasn’t a problem. An Office of Inspector General (OIG) report on the DOJ’s classification policies and procedures notes that the 9/11 Commission, which was formed in 2002, reached the same conclusion almost a decade ago. In the wake of the largest terrorist attack on the US, the Commission pointed out that over-classification “interferes with accurate and actionable information sharing, increases the cost of information security, and needlessly limits stakeholder and public access to information.” Basically stated, over-classification has the ability to kill.

Despite that warning, it continues, not only unimpeded but in new and spectacular ways. As Ryan Gallagher at Slate points out, the problem is widespread, systemic and the direct result of bureaucratic expansion.

According to the Information Security Oversight Office, in 2012 alone, executive branch agencies issued more than 95 million “classification decisions.” That’s a 3 percent increase on the figure for 2011 (92 million), and a 25 percent rise on the figure for 2010 (77 million).

The IG report says that while misclassification at the DOJ is not “widespread,” redactions done by the department are sometimes wrong and unnecessary, and that officials appear to have a blasé approach to classification. The IG reviewed a sample of 141 documents in total—from the FBI, the DEA, the National Security Division, and the Criminal Division—and found a total of 357 “classified document marking errors,” meaning that they either did not contain required classification markings or contained incorrect classification markings.

The report breaks it down a bit more dryly, but without blunting the impact.

[W]e found several documents in which unclassified information was inappropriately identified as being classified. We also identified many documents that either did not contain required classification markings or contained incorrect classification markings. Some of these marking errors included missing, incomplete, or incorrect classification blocks, source references, portion markings, dissemination markings, and declassification instructions.

The lack of clear direction and best practices has led directly to this bizarre classification “system,” in which each person makes their own rules and builds upon the similarly made-up “rules” of their peers.

In addition, we found that the National Security Division, Criminal Division, and the DEA incorrectly categorized many decisions to classify information as “original” classification decisions when these decisions actually were derivative classification decisions, as the classified information in the documents had been classified previously. The risk inherent in this practice is that individuals who inappropriately apply original decisions could apply these decisions inconsistently for the same types of information and information that should be treated similarly will be classified differently across programs. Also, this practice could result in classifiers believing that they could establish the classification levels, dissemination controls, or declassification dates of their choosing rather than the ones previously established by the actual original classification decision.

That’s the sort of sloppiness that leads to 95 million “classification decisions” in a single year. The promised transparency of the current administration doesn’t stand a chance when thousands of DOJ employees are making millions of these “decisions” every year. This widespread and chaotic “system” also defangs FOIA laws, as anything deemed classified can reasonably be withheld from requesters.

But what’s more disturbing than the secrecy-driven bureaucracy is the fact that it’s gone on for so long with almost no perceptible improvement. Every OIG report over the past several years has detailed problems and made specific recommendations for improvement, but these seem to be routinely ignored or, at best, briefly entertained before the various entities return to business as usual.

In 2006, the Government Accountability Office (GAO) also reviewed DOJ’s management of classified information. This review included an assessment of DOJ’s implementation of NARA’s Information Security Oversight Office on-site inspection recommendations. GAO reported that DOJ did not know the optimum number of staff it needed for its classification program because it had not assessed its needs and did not have a strategy to identify how it would use additional resources to address classification program deficiencies. GAO found that, as a result of these resource issues, DOJ had not fully implemented various recommendations from NARA’s Information Security Oversight Office and DOJ’s ability to oversee classification practices across components was insufficient.

Seven years have passed and the DOJ still hasn’t fully implemented the recommendations and its oversight it still “insufficient.” Not only is the DOJ uninterested in improving, it’s also taken a hands-off approach to ensuring its own security, making the over-classification of documents even more useless, considering many of these could be viewed by people without proper clearance or just walk right out the door.

The Office of the Inspector General (OIG) reviewed personnel security processes throughout DOJ and issued reports in September 2012 and March 2013 that included recommendations to increase resources devoted to certain security program issues. These reports found that SEPS [Security and Emergency Planning Staff] did not implement adequate personnel security processes to identify security violations and enforce security policies. Moreover, SEPS issued minimal guidance for components to follow in managing their contractor security programs and the guidance does not provide standards for maintaining accurate rosters on contract employees or periodic reinvestigations.

The report also details ongoing issues. Money spent on automated tools meant to prevent “original” classification decisions is wasted as the tools are rolled out unevenly and without adequate training. The DOJ’s internal inspection reports are loaded with “methodological errors” and, in some cases, mandatory annual inspections were only being performed every third year. In other cases, information pertaining to classification violations was withheld from SEPS oversight (and consequently, the OIG).

According to FBI officials, in 2010 the FBI incorrectly entered Top Secret information from an Intelligence Community agency into a Secret-level FBI database used to track terrorist threats. The incident was identified when an FBI employee was informed by the Intelligence Community agency that certain information, when combined, was classified at the Top Secret level. As part of this review, in March 2013 the OIG learned of the incident followed up with the FBI to determine whether the classified information had been removed from the Secret database and whether the classified information might also have been inappropriately included in other FBI systems. FBI officials told us that they were not certain whether the information was included in other FBI systems. Ultimately, it was not until July 2013, approximately 3 years after the incident and after multiple inquiries by the OIG, that the FBI completed the removal of the information from other FBI systems.

Notably, we found that the FBI did not inform SEPS of the compromise. In August 2013, after the OIG inquired about why the FBI had not met its responsibility to notify SEPS of the incident, the FBI officials informed us that they would notify SEPS that month.

Like many other OIG reports, the overall picture painted is depressing. The bloat associated with a large-scale bureaucracy (over 115,000 employees in the DOJ alone — and many other agencies under its purview) makes any change in course abysmally slow, almost to the point of being imperceptible. This problem is made worse by the DOJ’s preference towards erring on the side of secrecy.

Eleven years since the 9/11 Commission’s report and nothing has changed. But this should come as no surprise, considering there’s very little being deployed in the way of incentives or deterrents that might effect a change. If there’s no impetus, there’s no forward motion.

The DOJ will continue to veer towards secrecy because that is the standard MO of nearly any government agency — especially those involved in our two greatest “battles,” terrorism and drugs. “Original” classification decisions will continue to be a problem simply because the government has drilled low-level, terrorism-related panic into everyone’s brains. No one wants to be the person whose unclassified document is waved around as the reason the terrorists are winning. Better safe than sorry.

Two consecutive administrations have leveraged these two wars to create a rift between the “combatants” and the public, further encouraging greater secrecy — the same secrecy that threatens the success of the “combatants” by compartmentalizing intelligence and data into bureaucratic fiefdoms patrolled by men and women with itchy “CLASSIFIED” trigger fingers.

The upsides to a cohesive and restrained classification system belong almost solely to the public — greater transparency and information dissemination. Our public servants, when faced with national security and other existential threats, will almost always find the public good being pushed to the bottom of the priority list. Annual reports come and go, but a classified document stays locked up for dozens of years.

The OIG has no carrot and no stick. The improvements needed have to come from above and within, but neither show much willingness to change.

Filed Under: doj, overclassification