home | about | documents | news | postings | FOIA | research | internships | search | donate | mailing list

Watch Archive Director Tom Blanton talk about openness and security at the Georgetown University Law Center conference: "Security, Technology, and Privacy: Shaping a 21st Century Public Information Policy," April 24, 2003
Windows Media Files:
Hi-Res (42 MB)
Lo-Res (5.8 MB)


Related Posting
Dubious Secrets
Archive Electronic Briefing Book Looks at the Problem of Overclassification

Press Release:
25 February 2005

"Chairman Shays to Hold March 2 Hearing on Overclassification and Pseudo-classification of Information"

More Documentation from the March 2, 2005 Hearing: "Emerging Threats: Overclassification and Pseudo-classification"

Witness List

Statement of Rep. Christopher Shays

Statement of Rep. Henry Waxman

Press Release from Rep. Carolyn Maloney

Statement of J. William Leonard
Director, Information Security Oversight Office, National Archives and Records Administration

Statement of Christopher J. McMahon
RADM, USMS, Departmental Office of Intelligence, Security, and Emergency Response, U.S. Department of Tranportation

Statement of Harold C. Relyea
Congressional Research Service

Statement of Richard Ben-Veniste
Former Commissioner, National Commission on Terrorist Attacks Upon the United States

Testimony of Harry Hammitt
Editor/Publisher, Access Reports

Related Hearing:
24 August 2004

"Too Many Secrets: Overclassification as a Barrier to Information Sharing" - House Committee on Government Reform

Hearing Transcript

Opening Statement of Rep. Christopher Shays, Chairman

Prepared Statement of J. William Leonard, Information Security Oversight Office

Prepared Statement of Carol A. Haave, Office of the Undersecretary of Defense for Intelligence

Prepared Statement of Steven Aftergood, Federation of American Scientists

Prepared Statement of Bill Crowell, Markle Foundation Task Force on National Security

Related Web Site

For release March 2, 2005
For more information contact:
Thomas Blanton - 202/994-7000

Archive Director Testifies Before Congressional Hearing on "Overclassification and Pseudo-classification"

Briefing slides | Testimony

Statement by Thomas S. Blanton, National Security Archive, George Washington University
March 2, 2005

Hearing on "Emerging Threats: Overclassification and Pseudo-classification"

2154 Rayburn House Office Building
Subcommittee on National Security, Emerging Threats, and International Relations
Committee on Government Reform
U.S. House of Representatives

Click here to download this statement as a PDF file

Mr. Chairman, and members of the Committee, thank you for this opportunity to speak with you about the growing problem of government secrecy and the danger it poses to our security. This Subcommittee has become a model for the Congress as a whole in its diligent oversight of a difficult problem, and I applaud your commitment to air diverse views and to question conventional thinking.

I have reviewed in detail the record of your hearing on August 24, 2004, to which my own organization, the National Security Archive, contributed a reader of declassified documents entitled "Dubious Secrets," featuring General Pinochet's drink preferences (scotch and pisco sours) and a joke terrorist attack on Santa Claus (the secret was that the CIA occasionally has a sense of humor). Mr. Chairman, you asked the question whether overclassification was a 10% problem or a 90% problem, and your witnesses provided some remarkable yardsticks. The deputy undersecretary of defense for counterintelligence and security confessed that 50% of the Pentagon's information was overclassified. The head of the Information Security Oversight Office said it was even worse, "even beyond 50%." The former official who participated in the Markle Foundation study cited by the 9/11 Commission on information sharing stated that 80-90% (at least in the area of intelligence and technology) was appropriately classified at first, but over time that dwindled down to the 10-20% range.

My own experience is in the realm of declassified national security information. The National Security Archive ranks as probably the most active and successful non-profit user of the Freedom of Information Act: We have filed more than 30,000 Freedom of Information and declassification requests in our nearly 20 years of operations, resulting in more than six million pages of released documents that might otherwise be secret today (some of them have in fact been reclassified, but the government won't tell us which ones). We have published more than half a million pages on the Web and other formats, along with more than 40 books by our staff and fellows, including the Pulitzer Prize winner in 1996 on Eastern Europe after Communism. We won the George Polk Award in April 2000 for "piercing self-serving veils of government secrecy." We have partners in 35 countries around the world doing the same kind of work today, opening the files of secret police, Politburos, military dictatorships, and the Warsaw Pact, and leveraging openness in both directions.

My own estimate of overclassification in the United States today tends towards the high end of your 90% range, Mr. Chairman. Let me put on the record here several expert assessments to support this view. For example, the distinguished former Solicitor General of the United States who prosecuted the Pentagon Papers case, Dean Erwin Griswold, wrote in the Washington Post (15 February 1989) that: "It quickly becomes apparent to any person who has considerable experience with classified material that there is massive overclassification and that the principal concern of the classifiers is not with national security, but with governmental embarrassment of one sort or another. There may be some basis for short-term classification while plans are being made, or negotiations are going on, but apart from details of weapons systems, there is very rarely any real risk to current national security from the publication of facts relating to transactions in the past, even the fairly recent past."

Senator Daniel P. Moynihan's commission on reducing and protecting government secrecy quoted Rodney B. McDaniel, a career Navy officer and executive secretary of President Reagan's National Security Council, who estimated in 1991 that only 10% of classification was for "legitimate protection of secrets." The Moynihan report contrasted this view with that of the then-head of the Information Security Oversight Office, Steven Garfinkel, who stated that overclassification was only a 10% problem. (1997 Report, p. 36) As this Subcommittee heard in August, Mr. Garfinkel's successor has now moved the official estimate above 50%.

A Cox News Service report last summer (21 July 2004) headlined "Lawmakers Frustrated By Delays In Declassifying Documents," quoted the Republican former governor of New Jersey and then-chair of the 9/11 Commission, Thomas H. Kean, as saying, "Three-quarters of what I read that was classified shouldn't have been" - a 75% judgment. The material Mr. Kean was reviewing included the most recent and sensitive terrorism-related intelligence and counterterrorism information. The same Cox article quoted Senator Trent Lott (R-Miss.) on his frustration with the Senate Intelligence Committee report on Iraq, as reviewed by the CIA: "The initial thing that came back was absolutely an insult and would be laughable if it wasn't so insulting, because they redacted half of what we had. A lot of it was to redact a word that revealed nothing."

I agree with Senator Lott and Governor Kean: national security secrecy is skyrocketing, but like the ballistic missile defense system, it cannot tell the real threat from the decoys. Let's start with the core statistics, or least the most recent ones available, provided by the Information Security Oversight Office in last year's report to the President. New classification decisions are up from 9 million in 2001, to 11 million in 2002, to 14 million in 2003. If you look at that ISOO data all the way back to the first year in which it was collected - 1980 - you will discover that the number of new secrecy decisions in 2003 is the highest ever recorded, higher even than the peak years of the Cold War in the mid-1980s.

Tracking the same ISOO data since 1980, we can also see the rise and fall of declassification in the 1990s. The ISOO reports show many years of low levels (around 20 million pages per year) until the numbers leap in 1995, stay at the 200 million page level for three years, and then plummet down under 50 million pages a year now. I think it's fair to say that President Clinton's executive order on secrecy produced the declassification of more historic national security secrets than all previous presidents put together. But now, the system is almost completely out of whack - a point that ISOO's director made at your August hearing.

At least the national security classification system has formal checks and balances. By all the evidence of overclassification, these checks do not work very well, but they do exist. They desperately need strengthening. I'm thinking not only of ISOO, that lean machine of a small, well-trained professional staff providing audits and oversight, within its limited means, of a vast and sprawling system. There is also the Interagency Security Classification Appeals Panel (ISCAP), which has ruled for openness in some 60% of its cases (there's another marker on the overclassification gauge), although the total number of cases is quite small and involves mostly historical rather than current information. There is also the Office of Management and Budget requirement, first included in appropriations bills in the 1990s, that agencies add up and report their classification costs (the CIA's are still classified, of course) - thus giving us a benchmark number and some sense of comparative expense to the taxpayer. These numbers, over $6.5 billion in fiscal 2003, remind us that every secrecy decision generates a stream of direct costs to the taxpayer, in addition to the indirect costs of inefficiency and information asymmetries.

Likewise, the executive orders governing classification have been around long enough that a cottage industry of insiders and outsiders have developed expertise on how the system works or ought to work. And at least since the 1974 amendments to the Freedom of Information Act, the courts have provided some guidance on classification. In general, the courts defer to the executive (to a fault, I would argue), but along the way, the extra levels of review during litigation almost always force out information that the agencies originally withheld. In other words, we lose the final decision, but we get documents.

What's most alarming is that the new forms of secrecy, the "pseudoclassifications" like Sensitive But Unclassified (SBU) or Sensitive Security Information (SSI) or Sensitive Homeland Security Information (SHSI), have no such checks and balances. Where is the audit agency, tracking the basic data on the number and extent of new restrictions? Where is the appeals panel, overriding the reflexive instincts of agencies? Where is the cost reporting, or do the agencies lack any clue as to how much the secrecy costs them? Where is the cost-benefit analysis inside agencies, or do they not see the double-edged sword inherent in secrecy? Where are the bureaucratic centers of countervailing power, pressing for declassification? Where are the court cases, or will judges continue blind deference to executive judgments? Where is the Congress, when the President's lawyers assert unilateral authority over secrecy, detentions, interrogations, and energy policy, among many other topics?

The National Security Archive's experience with pseudoclassification is not encouraging. Among our many projects, we are pursuing the public release of the actual primary sources cited and quoted by the 9/11 Commission, and we have been on the receiving end of an object lesson in reflexive pseudosecrecy at the Transportation Security Administration. For example, last year we asked for the five Federal Aviation Administration warnings to airlines on terrorism in the months just prior to 9/11 - warnings that were quoted in the 9/11 Commission report and discussed at length in public testimony by high government officials. The TSA responded by denying the entire substance of the documents under five separate exemptions to the Freedom of Information Act, and even withheld the unclassified document titles and Information Circular numbers as "Sensitive Security Information." When we pointed out that the titles, dates, and numbers were listed in the footnotes to the number one best-selling book in the United States, the 9/11 Commission report, the TSA painstakingly restored those precise digits and letters in its second response to us, but kept the blackout over everything else.

We have heard from officials at the Department of Justice that these new pseudoclassifications are simply guidance for safeguarding information, and do not change the standards under the Freedom of Information Act. But such a claim turns out to be mere semantics: In every case, the new secrecy stamps tell government bureaucrats "don't risk it"; in every case, the new labels signal "find a reason to withhold." In another TSA response to an Archive FOIA request, the agency released a document labeled "Sensitive But Unclassified" across the top, and completely blacked out the full text, including the section labeled "background" - which by definition should have segregable factual information in it. The document briefed Homeland Security Secretary Tom Ridge on an upcoming meeting with the Pakistani Foreign Minister, but evidently officials could not identify any national security harm from release of the briefing, and fell back on the new tools of SBU, together with the much-abused "deliberative process" exemption to the Freedom of Information Act.

As William Leonard of ISOO pointed out at the GovSec Expo (July 29, 2004), SBU protection regimes still exist that date back to the Cold War, and none have been officially discarded. The government, instead, is adding regimes year after year, Mr. Leonard remarked, "without any regard to what's been done before to a point where I'm concerned today that if you wanted to identify the person in the government or outside the government who understands all the various protection regimes, understands what all the requirements are, understands what all the standards are - that person doesn't exist."

This dynamic is fundamentally what's wrong with the Markle Foundation recommendations for the SHARE network that were embraced by the 9/11 Commission and about which you heard from Mr. Bill Crowell at your August 2004 hearing. I read his testimony and the two editions of the Markle report with great interest, because the group seems to have begun with the assumption that you share, Mr. Chairman, that the "need to know" secrecy culture is working against our security. But the group's recommendations do not actually challenge the "need to know" culture. Instead, they embrace the SBU attitude, the official-use-only elitism. The language in Mr. Crowell's testimony and in the underlying reports gives a remarkable amount of attention to the ways that the SHARE system would help agencies control and track and audit employees, preventing leaks and authenticating information, keeping the data in the hands of only the relevant players.

That's the key phrase. Mr. Crowell's direct quote before this Subcommittee was: "While certain information, particularly about sources and methods, must be protected against unauthorized disclosure, the general mindset should be one that strives for broad sharing of information with all of the relevant players in the network." Who exactly decides who are the relevant players? Where do we draw the line? Are firefighters included in but not health inspectors? Epidemiologists but not general practitioners? Power plant managers but not the plant's workers? First responders but not neighbors? Aren't we right back where we started at the need to know? What will stop the SHARE system from turning into the mother of all pseudoclassifications? The strength of our open society is the free flow of information but the SHARE concept looks more like the Soviet GOSPLAN.

We could spend billions of dollars implementing the computer networks necessary for SHARE, or we could invest a few million in real openness and government accountability. President Bush nominated members for the Public Interest Declassification Board but did not include the Board's $600,000 allowance in his budget. We could establish an independent review board with a small staff like ISOO at every major federal agency for a million dollars each per year, less than the cost of our excellent military marching bands.

The number one lesson of 9/11 is that the "relevant players" include the public, front and center. As the staff director of the Congressional Joint Inquiry on 9/11 found, "The record suggests that, prior to September 11th, the U.S. intelligence and law enforcement communities were fighting a war against terrorism largely without the benefit of what some would call their most potent weapon in that effort: an alert and informed American public. One need look no further for proof of the latter point than the heroics of the passengers on Flight 93 or the quick action of the flight attendant who identified shoe bomber Richard Reid." After all, the only part of our national security apparatus that actually prevented casualties on 9/11 was the citizenry - those brave passengers on Flight 93 who figured out what was going on before the Pentagon or the CIA did, and brought their plane down before it could take out the White House or the Capitol.

Look at the case of the Unabomber, the Harvard-educated terrorist who blew up random scientists with letter bombs. Years of secret investigation turned up nothing but rambling screeds against modernity and the machine, and only after the madman threatened more violence unless his words were published, did the FBI relent and give the crank letter file to the newspapers. The Washington Post and the New York Times went in together on a special section to carry the 35,000 words in 1995, but the key paper was the Chicago Tribune, read at the breakfast table in a Chicago suburb by the bomber's brother, who said, sounds like crazy Ted, guess I'd better call the cops.

How did we catch the Washington sniper? The police had been chasing a white van for weeks with no luck, and finally changed the description to a blue sedan based on an eyewitness report. They refused to give out the license plate number (because the sniper would then change the plates, of course); but finally an unnamed police official took it upon herself to leak the license number at midnight, local radio and TV picked it up, and a trucker was listening who saw a blue sedan in a rest area in western Maryland. He checked the plate number, and bingo, within three hours of the leak they arrested the sniper. Openness empowers citizens.

The entire 9/11 Commission report includes only one finding that the attacks might have been prevented. This occurs on page 247 and is repeated on page 276 with the footnote on page 541, quoting the interrogation of the hijackers' paymaster, Ramzi Binalshibh. Binalshibh commented that if the organizers, particularly Khalid Sheikh Mohammed, had known that the so-called 20th hijacker, Zacarias Moussaoui, had been arrested at his Minnesota flight school (he only wanted to fly, not to take off or land) on immigration charges, then Bin Ladin and KSM would have called off the 9/11 attacks. And wisely so, because news of that arrest would have alerted the FBI agent in Phoenix who warned of Islamic militants in flight schools in a July 2001 memo that vanished into the FBI's vaults in Washington. The Commission's wording is important here: only "publicity" could have derailed the attacks.

This is why Ms. Carol Haave, the deputy undersecretary of defense, framed the problem wrongly at your August 24 hearing. She testified, "In the end, this is a discussion about risk. How much risk is the nation willing to endure in the quest to balance protection against the public's desire to know? It's a complex question that requires thought and ultimately action." She and the Pentagon have missed the point. We are not balancing protection against the public's desire to know. The tension is actually between bureaucratic imperatives of information control versus empowering the public and thus making us more safe. Yes, there are real secrets that must be protected, but the lesson of 9/11 is that we are losing protection by too much secrecy. The risk is that by keeping information secret, we make ourselves vulnerable. The risk is that when we keep our vulnerabilities secret, we avoid fixing them. In an open society, it is only by exposure that problems get fixed. In a distributed information networked world, secrecy creates risk - risk of inefficiency, ignorance, inaction, as in 9/11. As the saying goes in the computer security world, when the bug is secret, then only the vendor and the hacker know - and the larger community can neither protect itself nor offer fixes. Publicity is not a SHARE network limited to relevant players. Publicity is TV, the newspapers, the Internet, and the highly efficient information distribution system that is our open society. That is our strength, not our weakness.

So how do we put countervailing pressure on the secrecy system, and on the new SBU systems, to force publicity, to empower the public? We can start the way the framers did, with checks and balances. If you create a power center for creating and holding secrets, like the new intelligence czar, then you need a counter center for declassifying secrets. The Moynihan commission, for example, recommended setting up a formal Declassification Center based at the National Archives and staffed by an interagency group with delegated powers from their agencies. Their performance would be measured by their openness. Just such a group served the Congress well during the Iran-contra investigations by reviewing and declassifying more than 30 thick volumes of testimony and documents in record time, with enormous benefits for government accountability and without damage to national security.

Another model is the Public Interest Declassification Board authorized in the intelligence reform bill last year. Not all the members have yet been named, so the jury is still out on whether this Board will meet the expectations of Senators Lott and Wyden, for example. But every previous experience with a statutory independent review board has been a major success, pushing out of the system the secrets that do not need keeping. These include the Assassination Records Review Board, the State Department's historical advisory committee, and the Interagency Working Group on Nazi and Japanese War Crimes. Every agency needs a review board like these, with authority in statute, with scholars and former officials doing the oversight, with regular reporting requirements and open meetings. The model we should not follow is that of the CIA, where the advisory committee has no statute behind it and, by allowing its recommendations to remain confidential, has voluntarily given up what little leverage it might have had.

One of William Leonard's recommendations is that the new secrecy systems have to be coordinated with the old ones. He makes the valid point that it would be a major reform and potential restraint to have a common set of standards across all agencies in place of the differentiated, culture-driven, idiosyncratic standards that have arisen in the multiple secrecy regimes. Such differences create huge uncertainties among officials about what behavior is expected and how much information to share.

Even part of the CIA agrees with this critique. For example, a 1977 study by the CIA of its own codeword compartments (declassified in 2002) found that the proliferation of compartments had deleterious psychological effects that "seem to diminish rather than enhance security," and recommended that the DCI abolish all existing compartments and replace them with one uniform Sources-and-Methods compartment. The intelligence community is moving in this direction (witness the 1999 abolition of the COMINT codewords UMBRA, SPOKE, MORAY and the TALENT-KEYHOLE codeword ZARF); but bureaucratic inertia and turf-consciousness pose major obstacles to the rational consolidation of SBU and secrecy rules today. Yet, the secrecy skeptic in me thinks that perhaps centralization is not the cure-all, that perhaps the diversity of our bureaucracy is actually a protection for dissenting views, for multiple perspectives, and for alternative policy options.

More important than centralization, we must build into all of our secrecy systems multiple provisions for cost-benefit analysis, audits, oversight offices, cost accounting, and independent reviews. We must limit the number of officials who have the power to wield the secret or SBU stamp. We must increase the number of officials whose jobs and careers depend on opening information. We must change the internal bureaucratic incentives, by tying promotions and raises to declassification and information sharing, while providing real penalties for knee-jerk secrecy and information hoarding.

There are interesting examples of carrot-and-stick provisions on government openness both abroad and at home. We could look to Sweden, for example, where the bishop of Stockholm, a public official, had to pay a fine (nearly $2,000) last year for violating the open records law, by withholding letters from priests in the state-supported church about their problems and challenges. Or we could look to Florida, where an Escambia County school board member went to jail for a week in 2003 for refusing to provide a public record to a Pensacola mother. The name of that school board member is now a household word among officials in Florida, deterring bad behavior. It's a more difficult question, but one we must address, about how to deter absurd classification decisions like the CIA's claim (now upheld by a federal court) that it can declassify the 1997 intelligence budget figure with no damage to national security, but the 1947 number still must be secret (Steven Aftergood testified in detail about this case at the August 24, 2004 hearing). Secrecy decisions like this one actually undermine the credibility of the entire information security system and make our real secrets less safe.

In the final analysis, of course, it is openness that empowers our citizens, weeds out the worst policy proposals, ensures the most efficient flow of information to all levels of law enforcement, makes a little more honest the despots who are our temporary allies against terrorism, and keeps our means more consistent with our ends.

Thank you, Mr. Chairman, and I look forward to any questions you may have.

home | about | documents | news | postings | FOIA | research | internships | search | donate | mailing list

Contents of this website Copyright 1995-2017 National Security Archive. All rights reserved.
Terms and conditions for use of materials found on this website.