Government board aims to revamp decrepit US security classification system

Feds have over 100 ways of classifying, 230 ways of handling sensitive information

The US government's overly complicated way of classifying and declassifying information needs to be dumped and reinvented with the help of a huge technology injection if it is to keep from being buried under its own weight.

That was one of the main conclusions of a government board tasked with making recommendations on exactly how the government should transform the current security classification system.

BACKGROUND: Security absurdity: US in sensitive information quagmire

"Current page-by-page review processes are unsustainable in an era of gigabytes and yottabytes.  New and existing technologies must be integrated into new processes that allow greater information storage, retrieval, and sharing.  We must incorporate technology into an automated declassification process," the congressional Public Interest Declassification Board stated.  "The current classification system is fraught with problems. In its mission to support national security, it keeps too many secrets, and keeps them too long; it is overly complex; it obstructs desirable information sharing inside of government and with the public. There are many explanations for over-classification: most classification occurs by rote; criteria and agency guidance have not kept pace with the information explosion; and despite the Presidential order to refrain from unwarranted classification, a culture persists that defaults to the avoidance of risk rather than its proper management."

The board added that the security classification problem is growing. Agencies are creating petabytes of classified information annually, which quickly outpaces the amount of information the government has declassified in total in the previous seventeen years since Executive Order 12958 established the policy of automatic declassification for 25 year old records. Without dramatic improvement in the declassification process, the rate at which classified records are being created will drive an exponential growth in the archival backlog of classified records awaiting declassification, and public access to the nation's history will deteriorate further, the report stated.

At the heart of the classification revamp should be a number of high-tech implementations.  Available technologies, such as context accumulation, predictive analytics and artificial intelligence, should be piloted to study their effectiveness on helping implement these recommendations and to engage users and garner their trust in a new system, the board wrote

Promising new technologies should be tested through a series of pilot projects, once proven, can be deployed at multiple agencies and then expanded to include pilot projects for classification. The ultimate goal of these pilots is to discover, develop and deploy technology that will:

  • Automate and streamline classification and declassification processes, and ensure integration with electronic records management systems.
  • Provide tools for preservation, search, storage, scalability, review for access, and security application.
  • Address cyber security concerns, especially when integrating open source information into classified systems.
  • Standardize metadata generation and tagging, creating a government-wide metadata registry. Lessons learned from the intelligence community will be helpful here.
  • Accommodate complex volumes of data (such as email, non-structured data, and video teleconferencing information).

High tech is only part of the major recommendations the board  suggests.  A complete overhaul in how information is classified is likely a more sticky point. 

IN THE NEWS: The year in madly cool robots

From the report: "Classification should be simplified and rationalized by placing national security information in only two categories. This would align with the actual two-tiered practices existing throughout government, regarding security clearance investigations, physical safeguarding, and information systems domains. Top Secret would remain the Higher-Level category, retaining its current, high level of protection. All other classified information would be categorized at a Lower-Level, which would follow standards for a lower level of protection. Both categories would include compartmented and special access information, as they do today. Newly established criteria for classifying information in the two tiers would identify the needed levels of protection against disclosure of the information. Using identifiable risk as the basis for classification criteria should help in deciding if classification is warranted and, if so, at what level and duration."

In the end the board made 14 recommendations that would modernize the current system of security classification and declassification.  The recommendations:

1: The President should appoint a White House-led Security Classification Reform Steering Committee to oversee implementation of the Board's recommendations to modernize the current system of classification and declassification.

2. Classification should be simplified and rationalized by placing national security information in only two classification categories.

3. The threshold for classifying in the two-tiered system should be adjusted to align the level of protection with the level of harm anticipated in the event of unauthorized release.

4. The specific protections afforded intelligence sources and methods need to be precisely defined and distinguished.

5. Pre-decisional, tactical and operational information with short-lived sensitivity should be identified and segmented for automatic declassification without further review.

6. Agencies should recognize in policy and practice a "safe harbor" protection for classifiers who adhere to rigorous risk management practices and determine in good faith to classify information at a lower level or not at all.

7. The classification status of Formerly Restricted Data (FRD) information should be reexamined. A process should be implemented for the systematic declassification review of historical information.

8. The President should bolster the authority and capacity of the National Declassification Center (NDC) with specific measures to advance a government-wide declassification strategy.  Executive Order 13526 should be amended to eliminate the additional three years now permitted for review of multiple agency equities in all archival records (including those stored outside the NDC).

9. Historically significant records should be identified and set aside as early as possible after their creation to ensure their preservation, long-term access, and availability to agency policymakers and historians. Each agency should strive to have an in-house history staff to assist in the prioritization of records.

10. Agencies should improve records management overall by supporting and advancing the government-wide information management practices found in the President's Memorandum on Managing Government Records and its Directive.

11. The organization and integration of agency declassification programs must be improved across government.

12. Agencies should be encouraged to prepare case studies and national security histories, in classified and unclassified versions.

13.  A series of pilot projects should be used to evaluate proposals for enhancing capabilities at the NDC, streamlining the declassification system and improving access to historically significant records, including historical nuclear information.

14. The President should direct the Security Classification Reform Steering Committee to encourage collaboration and to determine how to employ existing technologies and develop and pilot new methods to modernize classification and declassification.

In 2010, the Government Accountability Office detailed the daunting federal security classification infrastructure stating that designating, safeguarding, and disseminating such important information involves over 100 unique markings and at least 130 different labeling or handling routines, reflecting a disjointed, inconsistent, and unpredictable system for protecting, sharing, and disclosing sensitive information.

In 2006 the GAO reported on a survey of federal agencies that showed 26 were using 56 different designations to protect information they deemed critical to  their missions-such as law-enforcement sensitive, sensitive security information, and unclassified controlled nuclear information. Because of the many different and sometimes confusing and contradictory ways that agencies identify and protect sensitive but unclassified information, the sharing of information about possible threats to homeland security has been difficult, the GAO stated. 

Follow Michael Cooney on Twitter: nwwlayer8 and on Facebook

Check out these other hot stories:

US, European law enforcement take down $3M high-end online fraud scheme

Ad network that secretly sniffed users' online habits settles with FTC

NASA revs-up new Mars rover, missions to grow red planet exploration program

How to get the FTC's attention: Illegally robocall consumers while spoofing the agency's consumer hot-line number

Is it time for the US to ditch the dollar bill?

DARPA program aims to find, shut backdoor, malware holes in commercial IT devices

IRS needs bigger weapons to fight exploding identity theft-related tax refund fraud schemes

DEA issues extortion scam warning involving Internet drug buys

Sandia Lab celebrates original "Mr. Clean" the clean room inventor

Cyber Monday bust: US law enforcement joins in world-wide seizure of 132 domain names

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2012 IDG Communications, Inc.

IT Salary Survey 2021: The results are in