Classified materials and their handling appears to still be a news story. Back in 2016, I wrote a bit [stderr] about Clinton (Hillary)’s personal email server, which was accurate as far as I could make it, but that story has been somewhat shaded by recent mis-handling stories. Having to watch journalist and lawyers on the topic can be extremely painful, because of my constant awareness that the information about how classification regimes work is out there and all you need to do is a day or 2 of research.
The problem is, it’s boring wonky stuff and security always seems to “get in the way” of important people spreading information all over the place. That, by the way, is why we have these problems. Let’s say a president wants to have his corrupt son-in-law sit in on a meeting where something classified will be discussed: that’s not supposed to happen, unless everyone in the meeting is cleared for the secret. But … how inconvenient. Let’s just whip off a few copies of that classified document on our copier and hand one to Jared anyway.
I’m a non-fan of government secrecy; I think it is contrary to the premises of representative democracy – am I expected to trust, say, Jim Jordan to make wise decisions on my behalf at all let alone about something I don’t get to know anything about? Rousseau had nothing to say on the topic, if I recall correctly, but knowledge and management of knowledge is critical to there being a social contract. After all, I cannot assent to the actions of a government that I know nothing about, therefore government is not legitimate and is cloaking its actions behind need to know and saying I don’t. Or something like that. Spinoza’s comment (roughly) on secret diplomacy is that by definition any government engaging in secret diplomacy is doing something that The People do not agree with, or to. Why else keep it secret?
Anyhow, I’d like to clarify a few things about classification regimes and how they work in the US. There are many many fine points on this topic and I admit in advance that I may get something wrong, since my knowledge dates to the mid 1990s. I know, for example, that after 9/11, the Bush regime announced a direction toward “need to share rather than need to know” which would have profound impact. I was part of a Senior Industry Review Group for the NSA, MITRE corp, MIT, Lincoln Labs, Microsoft, Oracle, and others, and sat in a lot of meetings (and wrote a “I do not completely agree” report on the topic, which was promptly classified and I could never look at it again) (question: what about my copies on my hard drive at home?) (answer: I wiped that drive) anyhow, it’s complicated and journalists and lawyers are ignoring the complexity to all of our detriment.
I will proceed in a loose format, mostly defining terms but then commenting at length what the meaning of those definitions is, operationally and how the details matter. But defining terms gives a basic structure for the discussion. In fact, I will start with the first point, from which an entire month-long series of lectures could easily be built. I will bold the terms as I throw new ones into the mix:
Classification Authority – last time I checked there were something like 27 classification authorities, or agencies, in the federal government. The list of classification authorities would approximately map to “the intelligence community” with the addition of other agencies that might produce something secret that needs to be placed under secrecy controls. In practice, this may be squished around a bit: imagine the Howard Hughes Medical Institution (HHMI), working on behalf of Federal Bureau of Investigation (FBI) discovers that a novel virus was manufactured, and escaped, from somewhere. They report it to FBI, FBI goes, “yup that’s a big secret” and tells the researchers at HHMI “we are classifying that top secret, don’t talk about it or we will send people to fuck you up forever” and the HHMI folks hear the voice of their funding source and continue creating secrets for the FBI. In terms of classified materials regimes, the FBI (which is a classification authority, dealing with domestic and foreign espionage and terrorism) is a classification authority and when they take that document from the HHMI folks they would assign it a classification level, and then a bunch of stuff happens.
First off there is a Classification Level which is “Sensitive but Unclassified” (SBU) or “Classified” and then you have “Classified Top Secret” and “Compartmented Information” So, “TS SCI” is “Top Secret Sensitive Compartmented Information”. SCI stuff gets fun: the classification authority assigns the new secret to a “compartment” which is, to say, “nobody who is not part of the compartmented group gets to see this” and in order to flag that they assign it a Code Word and one way that a person can show they have been evaluated as having Need to Know about that compartment’s documents is “read into” the compartment in a secret briefing, and given the code word. Let’s continue with our imaginary HHMI document and pretend it is the first piece of documentation regarding this novel virus’ origins, so someone at FBI creates a new compartment and assigns it a code word. Let’s say that the code word is “HAVE WORMS”. Now, if we’re having a meeting about that topic, someone could start off the meeting by asking, “is everyone cleared for HAVE WORMS?” Technically, even the code word is secret, because knowing the code word means you know the secret exists which is interesting in its own right, but the system needs a handle that can be relatively safely used to move the information around without asking “does everyone hear know about the novel virus lab leak?” See what I mean? HAVE WORMS is not ideal but it’s actually pretty practical. This system (I am not sure) dates back to the 1920s. Some agencies have historically been very much on the ball about classified material handling, e.g.: NSA, Bletchley Park, MI6, Mossad, KGB, CIA, and all the folks you’d think of as hardcore spooks. Others, like NASA, not as much. (NASA by definition has to know where all US spy satellites and orbital assets are, which is extremely secret information) So, let me back up to “read into” that is the process for bringing someone into the compartmented information if they have a need to know. In principle, you don’t just share top secret information with people at random, they have to have a need to know, which is assessed (naturally!) but the classification authority. After all, when HAVE WORMS was created, the only people who knew about it are a few at FBI and the civilians at HHMI. Another term that comes in around here is Original Classification Authority (OCA) which is what it sounds like: they created the classified material. The OCA owns the document for its life-span and the OCA is (in principle) the only agency that can declassify a document they own.
When you get read into HAVE WORMS you are sat down, possibly given a form to sign saying you acknowledge that you may spend a long time in a military prison (Ft Leavenworth, usually) if you distribute this information inappropriately, and then you’re given a while, in your little locked room, to read the contents of the folder. Now you have been “read into” HAVE WORMS and if there is more HAVE WORMS stuff down the road the person in charge of that particular program might say “I have some more stuff for you, can you come down to the Secure Compartmented Information Facility (SCIF) and review it?” The SCIF is a small room that is generally shielded from emissions monitoring, where you go and sign a log by the door when you arrive and depart, and the person running the SCIF will make sure you leave your iPhone and Dick Tracy Camera Watch in the lockable drawer on the table right by the sign-in log. Some buildings are treated like a sort of super SCIF where security on the whole building is not to bring devices in or out, and then there are SCIFs inside the SCIF. Once when I was a young pup, I went to a meeting at NSA’s OPS2, the main building where meetings are generally held, and because I was with a couple of heavy hitting bigshots, I got waved through security. We had our meeting, left, and were standing in the parking lot coordinating a subsequent meeting and I pulled out my laptop … everyone froze. “Where was that?” It had been in my briefcase. “Are you kidding?” Nope, I had carried my laptop into OPS2 right through security, and back out. Normal procedure would have been that everyone with my gets written up for a security violation, my laptop is taken and thrown into a crusher, and I never get through security at any NSA facility ever again. But that would have been awkward. I was with bigshots and one of them said, “just never do that again, and never mention it to anyone.” And, until now, I haven’t.
There are important points about SCIFs: 1) they are expensive to build 2) they are expensive to maintain 3) if you are transmitting inter-agency materials, you need expensive couriers to carry things from one SCIF to another 4) in principle anything that goes into and out of a SCIF is logged 5) in principle anyone who goes into and out of a SCIF is logged and you could easily correlate who was in there at the same time as a particular folder.
Let’s talk about the nameless guy at FBI who assigned the name HAVE WORMS and created the compartment. Generally that guy’s title is Site Security Officer (SSO) or something agency-specific. As you might imagine, the SSO of an organization like NSA is a kind of spooky person because, in principle, they have the keys to the whole classification morass. It’s more complicated, to prevent KGB from just grabbing that guy and waterboarding him: there are randomizing name-generators for codenames, and automated materials encryption and management systems, etc. But let’s keep things simple: the FBI Supervisory Special Agent comes back from his meeting at HHMI with a folder with the civilians’ report in it, takes it to SSO and comes back a couple hours later with a new folder that looks sort of like this:
Its intended to be obviously marked as “not a normal folder” because, in agencies that care about this stuff, the SSO or their deputies may do a walk-through of the offices at night and if one of those folders is sitting on your desk… you’re fucked. Well, not fucked, but you’re written up for a security violation and your clearance may not get renewed. Unless you are someone important.
There’s a lot of other stuff on the folder that HCS-P / SI / TK – I am not sure of all the acronyms but that’s just the folder cover – inside the folder is a bunch of papers and the papers are further marked with the OCA, origin date, classification (Sensitive, Classified, Classified Top Secret) compartment information, etc. There are loads of possible additional codes and some are OCA specific. For example, the Department of Energy actually does have a Q Clearance (or so I am told!) that is basically “classified, dealing with nuclear weapons manufacture” which is different from the other one that deals with nuclear power plant design flaws, etc. So our HAVE WORMS document would says something to the effect that it was TS / SCI / NOFORN / HAVE WORMS. [inside the folder. The cover sheet would say TS/SCI but “HAVE WORMS” is itsel classified and would appear on the header of documents in the folder] NOFORN is a directive, “no foreigners” and (so I am told) there is a NATO directive which means what it sounds like, etc. I believe that there are directives that can be created that are specific to a certain problem where stuff needs to move around faster and has a short life-span. For example, if you have NATO doing maneuvers and (I am making this up) the Swiss Navy is participating, there might be a directive added that basically controls distribution to NATO + SWISS or something like that.
Eventually, HAVE WORMS becomes public knowledge. Now, as a former CIA officer once told me, “there is a difference between believing something and knowing it.” He was referring to a time when a coalition aircraft was shot down during the Gulf War. He had to run in to HQ for meetings about it and came back and his wife said, “it’s all over CNN.” He said, “the thing is that they believe that an aircraft was shot down but I know the mission it was flying, that the pilot survived and was captured, and that it was an F-16 flying out of a specific air field.” Those are details that don’t matter to CNN (and they’d get them wrong, anyhow) but the underlying facts remain important to an expert in the field, presumably someone with need to know, who had been read into the compartment. This is one of the reasons I was so head-poppingly angry about the whole bullshit about the Wuhan coronavirus outbreak: FBI went to the news and said a bunch of stupid stuff, mostly amounting to “we have top secret files about that incident” but what mattered was the quality of the information in those files. Which gets us to Sources and Methods. Simply, that’s what it sounds like: how was the information obtained, was it from a person, or was it collected by a method? In the case of HAVE WORMS the sources would be listed in the document cover, because those are the researchers who produced the research. It might be necessary to ask them for more information some day. Or, more likely, they’d be good people to ask about other viruses created in labs. Sources are obviously sensitive: those guys at HHMI would really not like to have a bunch of conspiracy nuts trying to debrief them about their work. Ditto methods: a satellite does not just return imagery, the images from the satellite say a great deal about the capabilities of the satellite. And that can reveal stuff you might not immediately think of, so in general methods are not discussed unless strictly necessary. Sometimes, especially when the FBI engages in “Parallel Construction” there is a secondary evidence-path created specifically to hide the actual evidence path. Let’s say that undercover informant Fred says “I saw Joe Bang shoot this guy in the face at 0:34am last friday.” That information is too sensitive to put Fred down as the source so they have some analyst go collect surveillance camera footage showing 3 people entering a building at 0:00am, and then 2 people leave, carrying another one, at 0:50 – put that in the folder and keep informant Fred out of the picture unless strictly necessary. I believe (never worked much with FBI and never on classified cases) that it might result in a compartment being created with Fred’s information, which the FBI director is the only person cleared for, and the file about the murder and Joe Bang’s activities gets updated with the parallel construction.
I’m sure you can see that this gets complicated pretty quickly. But that is what an intelligence agency does is deal with that complication. “In wartime, truth is so precious that she should always be attended by a bodyguard of lies,” as Churchill said. Another related issue I won’t go into much is Deconfliction which is a fascinating, humongous, problem: lets say that you have the FBI and NSA investigating HAVE WORMS. How do you keep the CIA from dropping a bag over one of the researchers at HHMI and waterboarding them, they’re a friendly source. Obviously that’s not a real example, but when you start adding confidential informants, phone surveillance, then Belgian Military Intelligence agency into the mix, how do you keep your operation from getting so top-heavy it burns itself? Or, in a more spy movie scenario, what if you’ve got a guy on the inside, and another guy on the inside shoots them because they don’t realize they are on the same side? [I actually proposed to one project I was working on that we build a “deconfliction oracle” – a system you could ask only, “is there someone I should talk to regarding this thing or that thing?” and it would say “yes” or “no” or maybe “you need to talk to so-and-so at such-and-such agency.” The looks of horror in the room were comical. Because, of course, giving out the fact that so-and-so knew anything about this thing or that thing was a huge secret to leak.]
Now, let’s talk about Accidental Disclosures and Declassification. Think back to my example about CIA guy and the F-16 shootdown. At a certain point, if the media reporting about the incident is detailed and accurate enough, it’s no longer worth keeping that secret. Or, perhaps let’s say that HAVE WORMS needs to become public knowledge, or partially public knowledge. There is a meeting of the OCA and FBI and CDC and a couple other stake-holders and it is decided to recommend that some facts from HAVE WORMS be declassified and published. Then, ensues a mature discussion about what is the amount of information and its accuracy that needs to be disclosed. Probably not the fact that HHMI researchers were involved in the analysis, and absolutely not their names. Someone from CDC pipes up and says “they used a specific RNA analysis on the spike protein and if we mention that everyone in the virology community will know who did it. So dance carefully around that it was RNA analysis and say it was done using blah blah genomics blah.” Then, the OCA might decide to declassify some facts from HAVE WORMS, which is done by one of two processes: 1) create a new document that is not classified to begin with, and write a memo explaining what information was Downgraded from the original HAVE WORMS document set. That would be signed by a big shot at the OCA and would go into the HAVE WORMS document set. Or perhaps 50 years later the whole matter is sufficiently aired out that the OCA does a declassification review and decides that HAVE WORMS is now declassified. Except they might Redact the names of the original researchers. The way this is done is, literally, someone goes through the HAVE WORMS folder with a special magic marker that is immune to floroscopy or neutron activation analysis, and marks out the names of the researchers. Then, the document is stamped “Declassified” and the date/time, who did the declassification, etc., added. Lastly a photocopy is made (to defeat attempts to get through the redaction) and the original documents are logged out of the system and put in the “burn bag” for destruction. Notable facts: 1) the OCA is also the authority for declassifying a particular secret, 2) everything regarding who and when and why it was declassified is recorded in the log, 3) the original documents that were declassified are destroyed, 4) new unclassified documents are created.
Did I mention that this system has been in place for a long time? The system of “need to know” and secret document management is not a new art. By the way, the process for declassifying things basically has not changed; there is absolutely no automatic declassification of anything. In my opinion, journalists and lawyers who even tolerate hearing anyone making statements to the effect that there is, are guilty of professional misconduct.
This is big but it’s got a lot of cool stuff in it:
“Pursuant to your request to assign agents to assist Mr [obscured] in Chicago on the Juice Grapes investigation”… At the bottom of the first page is the declassification stamp, with date/time and initials. Then, there is the official “received” stamp, on page 2, with initials, when the document was created and logged into the system. I think the 62-24154 is the document identifier.
That’s an FBI declassified secret document. One thing I did not mention earlier is that different classification authorities have slightly different procedures. The procedures are all broadly governed under an executive order (12958 ) establishing the framework for managing classified materials. [arch] CIA’s rubber stamps are cooler, in my opinion. The framework for managing classified materials is broadly descriptive (and I think I have done it justice here) in terms of intent but the implementation details can be organization-dependent. For example, had the Apollo 11 astronauts found a candy wrapper on The Moon, they would have taken it and that information back to NASA, which would have then figured out the classification – they would not have needed to create a classified document there and then, on the spot. The process is not stupid and is designed to, basically, separate the obviously stupid from the non-stupid. Which, again, is why I think journalists and lawyers who have not made any effort to understand this stuff, are engaging in professional malfeasance.
Just to cherry pick a few bits:
(4) Each delegation of original classification authority shall be in writing and the authority shall not be redelegated except as provided in this order. Each delegation shall identify the official by name or position title.
Back to the lunar candy wrapper:
(d) Original classification authorities must receive training in original classification as provided in this order and its implementing directives. Such training must include instruction on the proper safeguarding of classified information and of the criminal, civil, and administrative sanctions that may be brought against an individual who fails to protect classified information from unauthorized disclosure.
(e) Exceptional cases. When an employee, government contractor, licensee, certificate holder, or grantee of an agency who does not have original classification authority originates information believed by that person to require classification, the information shall be protected in a manner consistent with this order and its implementing directives. The information shall be transmitted promptly as provided under this order or its implementing directives to the agency that has appropriate subject matter interest and classification authority with respect to this information. That agency shall decide within 30 days whether to classify this information. If it is not clear which agency has classification responsibility for this information, it shall be sent to the Director of the Information Security Oversight Office. The Director shall determine the agency having primary subject matter interest and forward the information, with appropriate recommendations, to that agency for a classification determination.
In other words, “we expect that sometimes you may have to figure this stuff out.”
There is a bunch of stuff about declassification, including that the OCA can specify “HAVE WORMS” will automatically declassify, except with appropriate redactions, on ${date}, or sooner, if reviewed, redacted, declassified and logged out of the system. This is actually pretty cool how it works and generally has worked fairly well. For example the NSA automatically declassified VENONA, a breach in Soviet one-time pad communications that indicated Julius Rosenberg was spying under cover. The FBI had to do some parallel construction in order to “catch” him based on other methods because the fact that the soviets were re-using one-time pads was an utterly astonishing security failure and nobody wanted them to catch on to it. [VENONA]
There are a few notable things on that document, namely that it appears to have been multi-compartmented: BRIDE and VENONA. So, BRIDE would have probably been the compartment regarding the FBI’s investigation of Rosenberg, while VENONA (which does not appear anywhere on the document) was NSA’s compartment regarding the break in Soviet crypto. Sources and methods!
Also, notice the Copies mark. Let’s talk about copies, and then I’ll wrap this up with a few notes about the Executive Office of The President as a classification authority. Inside a SCIF there is, notably, not a copier. If you’re in the SCIF and you stick your head out the door and ask the SSO if he could run you off a couple copies of this document, the SSO will call for the marine guards.
By the way, the NSA had a small contingent of marines at OPS2, who did carry M-16s and did have ammunition. In a security context, Marines are great, “Sir, I do not care who you think you are, but you are going to step back from that line and put down your briefcase right now, OK?” Yeah, OK. Marines are splendid because they combine a high degree of capability to cause harm with utter uncaring about whatever you are telling them that is outside of their mission focus, and a certain natural stupidity that makes you not doubt for a second that they will actually brag to their friends that they shot you. And their friends will say “I wish I was there” because they’d have shot you too.
Anyhow, the point of all of this is that the classification system is an information management architecture based on limited supply and controlled access, with strong audit and logging controls. And the occasional marine with an M-16.
Raw Intelligence is a rough term of art referring to the actual, undigested, un-summarized, details. In my fictional example of HAVE WORMS, the raw intelligence is the paper from the HHMI guys. That data might be turned by the supervisory special agent at the FBI into a summary, basically saying “we have on good authority that the novel coronavirus was deliberately constructed and accidentally released.” That summary, of course, would be classified, since it’s basically a summary of the most salient fact of HAVE WORMS. The supervisory special agent would bounce that summary (in a TS/SCI/ NOFORN folder with HAVE WORMS on the cover) to the director of the FBI. Absolutely, that information is explosive. The director would move that summary into the FBI’s contribution to the President’s Daily Briefing, (PDB) e.g. National Security Council (NSC) for the daily coffee klatsch held at the White House. The PDB is a summary of top secret stuff, and sensitive stuff, and is treated as a product of the executive office of the president, which is also a classification authority. In theory the way this works is that the PDB is printed out, 30 or whatever numbered copies, and handed out at the NSC meeting so everyone can have a look at it, including Jared Kushner, who is not cleared for HAVE WORMS or anything at all, really. At the end of the meeting, in theory, the copies are collected, counted, and handed off to the SSO to store in the safe in the SCIF at the White House. When I was working at the White House in the 1st Clinton presidency, I never got to the level of having to deal with any handling of important stuff, but the security people I was working with regularly complained about how casually secret materials were handled. The problem was that the office of the president does have a legitimate need to receive, digest, and handle all sorts of insanely sensitive material, but the Executive Office of the President (EOP) as a classification authority can choose to not classify some things that probably should be classified. However, mostly, what they are dealing with at NSC meetings is OCA classified materials summarized by CIA, NSA, FBI, US Coast Guard, DHS, NRO, etc. In terms of proper handling of classified materials, the PDB is problematic but necessary – the president needs to know this stuff, but the agencies providing the briefing summaries are already and have always been careful about keeping raw intelligence out of the feed. The president does not need to see the RNA analysis paper from HHMI, but does need to know roughly about HAVE WORMS and has to be able to trust that the data is solid. In return, the agencies providing the summaries are assuming that the EOP isn’t going to put VENONA intercepts on Twitter, or something absurd like that.
In practice what would happen if POTUS posted chunks of the HHMI paper from HAVE WORMS on Twitter is there would be a very quiet, top secret, compartmented, shit-storm. The SSA from FBI would have a screaming fit in some meeting where everyone involved had been read into HAVE WORMS and would swear up and down that they were never going to give POTUS a full briefing about anything ever again. The security guys from NSA would look very serious and nod, briefly, once, because they figured that out a long time ago, and that’s why they generally are extremely cagey about sources and methods. Actually, my example is probably not super-realistic because FBI also understands this, and no president, ever, would get the raw intelligence on something as explosive as HAVE WORMS unless they grabbed the SSO of FBI by his nut-sack and asked for it nicely. Or something. That’s a real thing. Consider and imagine the discussions around the National Reconnaissance Office (NRO) and NSA telling President Kennedy that the Soviets were emplacing nukes in Cuba, and then the question of whether the photos from the CORONA satellite could be presented as evidence, and how. I do not know this for a fact but I would bet that the CORONA satellite pictures were degraded in quality before they were released, deliberately, since they were going to get printed in newspapers – there must have been some really fascinating discussions around what information regarding the pictures needed to be released and how and what format etc., etc.
Actually, that’s interesting as hell, to me. The picture is angled, which means that CIA probably sent a U-2 (SR-71 didn’t enter service ’till 1966) to shoot some pictures specifically for publication. Or, wow, that’s a detailed low-angle shot, maybe they sent a plane from Miami to scoot by at low altitude. Or maybe they had someone in Cuba with a plane? See what I mean: sources and methods. And that’s not just an academic question; if the Cubans had figured out it was shot from a local aircraft a lot of local pilots would have been tortured until one of them convincingly confessed. I thought that the original photos that started the crisis going were CORONA satellite pictures. [for intelligence nerds, there is a discussion of U-2 imagery vs CORONA during the Cuban missile crisis here.]
The point is that POTUS can certainly declassify any intelligence that the EOP generates, which is kind of an oxymoron, but otherwise they are working on summaries and synopses of other intelligence from OACs in the intelligence community. And, Trump, when he was president, burned a few sources and methods, fairly publicly. You may remember this: [npr]
NRO subsequently declassified the image, which was classified at the time Trump put it on Twitter, in order to prevent embarrassment. It’s amusing to note the reference right in the image to the part of the US code classification system that Trump violated. 50 usc 3024 pursuant to the Director of National Intelligence (DNI)’s responsibility for providing classified materials to the EOP. (It also says right on the image, not to use it for the creation of derivative classification, e.g.: “do not paste this into your sensitive documents because that will make them highly classified nation intelligence information) There is a great deal about methods that can be learned from that image, from the angle of the photo, the angle of the shadows, the detail, etc. – but also the fact that the US knew about the accident (“was it an accident?”) and how quickly, etc. That’s a good example of “raw intelligence” where a summary would have probably worked better. Apparently there was a toddler in the White House with a camera-phone, who was given “picture book” PDBs because he was too stupid to read text, especially if it was arranged into those complicated things called “sentences” and – god forbid – “paragraphs.”
[Edit] The Presidential Records Act (PRA) How does the PRA fit into all of this? Simple: it doesn’t. The classification framework system dates back to the 1920s or earlier and the PRA dates back to 1976 and was legislated as a reaction to Richard Nixon’s attempt to destroy the now infamous White House audio recordings. The PRA was also relevant to Iran/Contra and the “shredding party” and Fawn Hall’s destruction of documents to implement a cover-up which did, successfully, protect Ronald Reagan from his crimes. Eight administration officials were eventually convicted regarding the cover-up, but six were pardoned. When I was working on internet connectivity security for the White House in 1992 (Clinton’s first administration) there was considerable awareness that GHW Bush’s outgoing people had apparently shredded some stuff, too, but they had done it smoothly and weren’t caught. We were instructed as part of a briefing related to security what the PRA was, and how anything that was created as a White House document needed to be preserved – even if, especially if, it was stupid and would clog the system. If any of you have worked legal support, you have probably also been counseled regarding records retention – what to keep and what never to write down in the first place so as to avoid discovery. I was, literally, told by my White House contact that if I had something important to say I should wait and casually mention it while we were walking down the hall, and never say it in an open meeting.
The PRA says what documents get saved and when and where they go. It does not apply to classified material, because that is managed under the classification system and rather obviously, TS/SCI material can’t just be handed over to the National Archives. So, the President’s Daily Briefing (in theory) goes back to the SCIF for eventual destruction, and the president’s personal notes scrawled on separate paper eventually go to the National Archives. So, imagine if President Kennedy’s PDB includes pictures of the nuclear missiles in Cuba, and he doodles, “oh, fuck” in sharpie on a napkin. The napkin legitimately belongs in the National Archives, and the PDB belongs in a burn bag, since the NRO and CIA source documents are maintained in a separate “stack” for eventually being declassified and winding up in a museum. This is why Donald Trump’s claims about the PRA are utterly absurd to anyone who has the slightest understanding of this topic. Also, I mentioned above: you get briefings on the PRA if you may be involved with material that falls under its terms. You get briefings on handling classified materials as part of getting your security clearance, and you get more briefings if you are read into a SCI compartment. Donald Trump either ignored the PRA briefing, or was out playing golf, instead. There are a lot of people in the Trump White House who have a lot of questions to answer, that they won’t be asked, such as how Donald Trump’s staff were able to squirrel away so much classified material in the first place, and how much classified material was exposed to non-cleared persons like Jared Kushner. Somewhere, I assume, is a bunch of memos stamped “IGNORE” from the White House SSO complaining that documents are not being returned to the SCIF and that copies of the PDB are not being returned and that Mark Meadows is improperly using the residence’s fireplace to destroy presidential records.
There are a lot of questions that the SSO for the White House ought to answer. But, to be fair, the name of that person is probably a closely guarded secret. Unfortunately, we have seen over and over how the information management process becomes politicized when theory and practice of security bump into the “needs” of powerful and important people. Or self-important people.
State Department is also a classification authority, and has its own security operations in line with the overall framework for managing secret materials. Having your email forwarded to a personal server is probably a no-no even though, by definition, emails should not contain classified materials.
Background checks and Clearances: a security clearance is when a particular agency assesses someone’s history, vulnerabilities, and attitudes and decides if they are authorized to handle classified material. As usual, there is an overall framework for clearances, but each agency has its own detailed approach. Some agencies will accept other agencies’ clearances at par but usually that’s not done. I.e.: if you have a TS/SCI clearance at CIA you do not necessarily automatically have the same at NSA. A certain amount of that is inter-agency pissing contests, but there are some agencies that are considered to be less competent at handling secrets, so their clearances are not treated as rating the same level of materials. Largely this is not a big issue, because of the code word system – the SCI stuff, you have to be “read in” to, in which case the holder of the materials can decide if your agency clearance is good enough and your history indicates you are probably trustworthy. In some cases, if you have an agency clearance and change agencies, they will just slide it over – NSA clearances and NRO clearances are sometimes called a “golden ticket” because pretty much everyone assumes that (as long as you are not Edward Snowden) an NSA clearance is a sign you’re a good secret-keeper.
Background checks can take quite a while to complete, so there is pressure to simply wave people in (e.g.: Jared Kushner) rather than a more detailed background check. In 1991 I had the clearance forms handed to me, 26 pages in all, to get a White House TS/SCI clearance. The questionnaire was, frankly, rank crap. It wanted to know if I had had any contact with communists since high school (why, yes, I dated a communist in college and, in my opinion, only communists and socialists have any deep engagement with political philosophy) and complete career history including all customer contacts. As a consultant, at the time, it would have taken me months just to fill it all out, and if I’d made one mistake I’d get my application rejected and that would hurt my chances of getting a clearance anywhere else. Many people have listed me as a reference on their clearance paperwork, and I’ve had interviews before – for the NSA clearances that used to involve a visit from the FBI, but later it became just a phone call from an outsourced researcher. When talking to the FBI interviewers, I pretty quickly figured out that doing the interviews as an assignment they used for new employees to get a chance to figure out the ropes.
One of the things I did during my involvement with the White House’s internet presence was set up the inbound public email president@whitehouse.gov system. That system resided on a Sun SPARC 4 server that sat next to my desk in Glenwood, Maryland – it received the emails, bunched them up, deduplicated them, searched for threatening patterns (and forwarded those to the protective detail POC) and processed them onto archival 1.44MB floppy disks which I sent to the EOP POC (for public mail) by FEDEX once a week. The messages were examined by the same volunteers who score incoming letters, and sometimes an email was selected and fowarded to Clinton attached to the PDB. That made the floppies presidential records. So, perhaps, somewhere in the National Archives is a shoebox full of floppy disks (now, basically unreadable) with labels covered with my doctors’ scrawl writing. I wish I had kept one as a piece of personal history.
Here’s another funny story. I used to have a bunch of very old (1960s?) classification stickers that I … found on a shelf, somewhere, and pocketed a sheet of. That was a “no no” at the time, possibly a pretty big one. The stickers sat in a tray of curios on my desk in my home office, for years. One day an Australian expat, Boyd Roberts, was visiting, took a liking to the stickers, and put one on his laptop for the bad-ass factor. Australia is part of the “5 eyes” UK/USA treaty group and has very good intelligence relations with the US. When Boyd tried to get back into Australia, someone at customs saw the laptop and the sticker, freaked out, and Boyd was pulled out of line and taken to an interrogation room, whereupon he proceeded to mouth off severely to the highly unamused security people at the airport. The upshot was that he continued his trip sans laptop, which wound up getting tossed with due ceremony into a shredder. Outside of the White House there are people who are serious about security. I used to be one, in fact!
I have said this elsewhere, but it is utter bullshit that there is discussion surrounding whether or not Trump needs access to the classified documents that he stole, as exculpatory evidence. It’s laughable but the judges and prosecutors aren’t laughing, unfortunately. There is no need to have an evidentiary discussion about whether or not this or that is classified, the discussion needs to be an expert testifying whether it does, in fact, exist. That’s it. Here’s an analogy: what Trump is doing is the equivalent of if a child pornographer got busted, saying that they need their entire archive to review and possibly present as evidence in their defense. That’s complete bullshit. That sort of case is tried, unfortunately, very often and what happens is the prosecutor says “here are some sample images with the nasty bits blacked out.” and then “Here is our subject matter expert who did review the images and is qualified to comment on them, their content, and whether they were child pornography.” Then the expert says, “it is, indeed, most vile and obscene material.” Done. Convicted.
JM says
I agree with the general sentiment but there are good reasons to keep diplomacy secret. Say the enemy is over there and your negotiating a treaty with another country over there. The enemy is going to strenuously object to another country signing a treaty with your country but there is little they can do if the whole thing is announced and signed in one go. Even more practically, countries surrendering often are more willing to do so if they can negotiate in secrecy. That way it isn’t clear who exactly made the practical decision to surrender or the surrender can happen before a group can refuse to surrender. A treaty negotiated in secret probably makes somebody unhappy but it may not be the population of your country, it may not be a group that represents the majority and it may allow for signing a better treaty for everybody.
Or it may allow for screwing somebody over. The Treaty of Versailles probably would have been much better if the negotiations had been made public. The public of several allied countries likely would have objected to the pointless vindictiveness of the treaty and that would have put a lot of pressure on the officials involved.
xohjoh2n says
@1:
Or some of them might have objected that it wasn’t vindictive enough.
JM says
What happens if they need to run something compartmentalized through a computer? A analyst looks at the HAVE WORMS information in the SCIF and comes to the conclusion he needs to run some simulations based on that information? I would assume some of the big buildings that are entirely SCIFs are done just so they can have a big computer inside the SCIF but that isn’t going to work for everybody. And trying to isolate information on a network or multi-process computer is harder then isolating it between people. I can see having a computer off the network for some simulations that are just a pile of math but if they are using constantly updated information like global maps that isn’t going to be practical.
Marcus Ranum says
JM@#3:
What happens if they need to run something compartmentalized through a computer? A analyst looks at the HAVE WORMS information in the SCIF and comes to the conclusion he needs to run some simulations based on that information? I would assume some of the big buildings that are entirely SCIFs are done just so they can have a big computer inside the SCIF but that isn’t going to work for everybody.
Great question! Worth a few pages of post but I am tired of writing.
Short form: when I got into this stuff, computers were still on the edge of the question “how do we handle classified material on a computer?!” Obviously, copying documents is a whole lot easier, as Edward Snowden demonstrated. When I was working on this stuff, a lot of the really important material was still paper-based. Or, if you were working on a computer model of something highly classified, your computer was in a locked room running a lot of monitoring software, not connected to a network.
At that time (not the same now) there was a lot of research into what was called “multi level security” – the idea being that a computer could treat classification level as a file attribute that was propagated reliably through the system. There were prototypes and it got tricky – for example, the research place where I was working at the time had a prototype system running an extended version of X-windows that tracked classification through the windowing system. If you tried to display bytes that were TS on an UNCLAS window, it would just show blank. If you cut and pasted TS data into an UNCLAS document it would either give you a blank, or it would reclassify the underlying document to TS itself. It was cool and complicated stuff but it was unusable because of a thing that we later called “classification creep” – it turned out that pretty quickly all the data on a given system would migrate to TS.
So then there was the notion of “system high” which won out in the end: all the data on the system was treated as being at the highest classification level of any of the data on the system. At which point, it was OK to connect that system to a network that was also at the same classification level. This was after my time, but it sounds like the systems evolved to: everyone gets an NSA clearance and once they do, they get access to the NSA private TS/NSA network and everything is treated as at the NSA classification level. Back in my day, none of us would have found that acceptable without a lot of heart-felt screaming, because it’s not just classification creep that is the problem – it encourages break down of “need to know” and favors “building great big data dumps” which leads to “put a search engine on top of it.” Around the early 00’s I did hear that Google was selling search appliances to some federal agencies so they could dig stuff out of their inner-agency “clouds” which resulted in: highly classified search indexes!
Cloud computing probably put an ice-pick through the heart of what was left of computer security. Now, you have an enclave of systems run at Amazon Web Services, by (cleared?) Amazon staff, who promise that they won’t do an Edward Snowden and bring in a hard drive and copy a few buckets of data.
Snowden was the fulfillment of a risk model many of us had been screaming about for decades.
I can see having a computer off the network for some simulations that are just a pile of math but if they are using constantly updated information like global maps that isn’t going to be practical.
So there is a thingie called “a trusted guard” which is classified-speak for “a firewall” (and that is where I got involved in the whole mess, building firewalls) guards typically act as a data diode. For example, let’s say your mission involves scraping data from NOAA (atmospheric and weather maps) and doing something with it. You’d have a guard that scraped the data using an UNCLAS internet connection, which then carefully checked for blobs of executable code or whatever in the data, then pushed it up to a repository on a classified network running system high. Data comes in, but it doesn’t go out. [Not as simple as it sounds, USENET contained plenty of executable code]
My firewall work for CIA involved implementation and design of “open source intelligence” collection networks, which basically did that: suck in stuff like USENET, scrub it, push it in, make sure nothing comes back out.
If you can imagine the murderous theological debates around “how many angels can dance on the head of a pin” we had meetings of similar intensity regarding “how much of an NNTP ihave/sendme transaction can be pushed down the classification boundary without information leaking?”
Marcus Ranum says
Addendum to #4:
It turns out that just having a variety of systems is much much cheaper than trying to produce verifiable software implementations of multi-level security. Many agencies have something like a CITRIX cloud connected to the internet, so people who need to do UNCLAS stuff can hop into a virtual machine environment and get out, without having to worry about classified material, i.e.: two computers on the desk, one connected to the system high intranet, the other to a system connected to the internet. The activities on those systems are fairly closely monitored.
There was a story that when Edward Snowden was scraping tons of classified material from the aggregated servers, someone noticed he was accessing a whole lot of files. Whereupon he said he was testing some backup software and everyone shrugged.
C Sue says
At this point (and I retired less than 5 years ago) there is basically no such thing as pure “collateral” classified anymore – which is JUST Secret, TS, whatever. Everything has a codeword or a compartment or some weird-ass thing slapped onto it.
And don’t get me started about CIA and their fucking ORCON.
Marcus Ranum says
C Sue@#6:
At this point (and I retired less than 5 years ago) there is basically no such thing as pure “collateral” classified anymore – which is JUST Secret, TS, whatever. Everything has a codeword or a compartment or some weird-ass thing slapped onto it.
I guess the counterpart of “classification creep” is “classification complexity”
When I was at TIS, we had a guy researching how to build systems to manage systems of classification. Ugh.
And don’t get me started about CIA and their fucking ORCON.
I had never heard of it until now, and looked it up. God. Sounds like a secret squirrel version of the kind of systems lawyers use to allow remote access to controlled assets. I was a non-testifying expert on a multi hundred million$ suit and my job was to review the VHDL and C++ code of one product to compare it for overlap with another. I had to go to a room in Newport Beach where they would lock me in (with a bucket of thai or indian food, coffee and bagels) with a terminal that was remote attached to a computer at one of the vendors in the suit that had copies of the source code. Wow, that was blazingly fast. I started threatening to bring a chamber pot because I was tired of having to buzz in and out to pee… Good times. To be fair, that gig paid off my mortgage.
starblue says
Regarding the stickers, it seems they are the still current version from 1987 (not 60s), and government agencies can get them: https://www.gsa.gov/reference/forms/classified-sci-label
While going down this rabbit hole I also found this nice summary of security forms and stickers https://www.archives.gov/isoo/security-forms
seachange says
Swiss Navy makes silicone lubricant. :)
It seems to me that an intrepid prankster could print these stickers up and slap them on other people’s electronics all sneaky like. The stickers don’t look at that special.
StevoR says
But, but, Trump can just mentally magickally declassify anything by his mind still right? Right? ;-)
(Does this really need a sarc tag?)
outis says
Small side note: some of the Cuba pics were made by F-101 Voodoos, the recce version. I don’t have it on hand now, but I remember one with the aircraft’s shadow very visibly portrayed in the foreground. Low-altitude missions, I bet the pilots were overjoyed…
https://en.wikipedia.org/wiki/McDonnell_F-101_Voodoo