A lot of folks here at Balloon Juice, just as a lot of folks everywhere, seem to have a lot of interest in the unauthorized release of classified information and briefings these days. This seems to be due to the current presidential election cycle. Since there are so many questions, I figured it was easier just to point everyone in the right directions.
Lets start with what, exactly, is classified information as defined by the US government. Executive Order 13526/Classified National Security Information defines the terms:
Sec. 1.4. Classification Categories. Information shall not be considered for classification unless its unauthorized disclosure could reasonably be expected to cause identifiable or describable damage to the national security in accordance with section 1.2 of this order, and it pertains to one or more of the following:
(a) military plans, weapons systems, or operations;
(b) foreign government information;
(c) intelligence activities (including covert action), intelligence sources or methods, or cryptology;
(d) foreign relations or foreign activities of the United States, including confidential sources;
(e) scientific, technological, or economic matters relating to the national security;
(f) United States Government programs for safeguarding nuclear materials or facilities;
(g) vulnerabilities or capabilities of systems, installations, infrastructures, projects, plans, or protection services relating to the national security; or
(h) the development, production, or use of weapons of mass destruction.
And the actual classification levels are:
Sec. 1.2. Classification Levels. (a) Information may be classified at one of the following three levels:
(1) “Top Secret” shall be applied to information, the unauthorized disclosure of which reasonably could be expected to cause exceptionally grave damage to the national security that the original classification authority is able to identify or describe.
(2) “Secret” shall be applied to information, the unauthorized disclosure of which reasonably could be expected to cause serious damage to the national security that the original classification authority is able to identify or describe.
(3) “Confidential” shall be applied to information, the unauthorized disclosure of which reasonably could be expected to cause damage to the national security that the original classification authority is able to identify or describe.
(b) Except as otherwise provided by statute, no other terms shall be used to identify United States classified information.
(c) If there is significant doubt about the appropriate level of classification, it shall be classified at the lower level.
The people authorized to classify are:
Sec. 1.3. Classification Authority. (a) The authority to classify information originally may be exercised only by:
(1) the President and the Vice President;
(2) agency heads and officials designated by the President; and
(3) United States Government officials delegated this authority pursuant to paragraph (c) of this section.
(b) Officials authorized to classify information at a specified level are also authorized to classify information at a lower level.
(c) Delegation of original classification authority.
(1) Delegations of original classification authority shall be limited to the minimum required to administer this order. Agency heads are responsible for ensuring that designated subordinate officials have a demonstrable and continuing need to exercise this authority.
(2) “Top Secret” original classification authority may be delegated only by the President, the Vice President, or an agency head or official designated pursuant to paragraph (a)(2) of this section.
(3) “Secret” or “Confidential” original classification authority may be delegated only by the President, the Vice President, an agency head or official designated pursuant to paragraph (a)(2) of this section, or the senior agency official designated under section 5.4(d) of this order, provided that official has been delegated “Top Secret” original classification authority by the agency head.
(4) Each delegation of original classification authority shall be in writing and the authority shall not be redelegated except as provided in this order. Each delegation shall identify the official by name or position.
(5) Delegations of original classification authority shall be reported or made available by name or position to the Director of the Information Security Oversight Office.
(d) All original classification authorities must receive training in proper classification (including the avoidance of over-classification) and declassification as provided in this order and its implementing directives at least once a calendar year. Such training must include instruction on the proper safeguarding of classified information and on the sanctions in section 5.5 of this order that may be brought against an individual who fails to classify information properly or protect classified information from unauthorized disclosure. Original classification authorities who do not receive such mandatory training at least once within a calendar year shall have their classification authority suspended by the agency head or the senior agency official designated under section 5.4(d) of this order until such training has taken place. A waiver may be granted by the agency head, the deputy agency head, or the senior agency official if an individual is unable to receive such training due to unavoidable circumstances. Whenever a waiver is granted, the individual shall receive such training as soon as practicable.
(e) Exceptional cases. When an employee, government contractor, licensee, certificate holder, or grantee of an agency who does not have original classification authority originates information believed by that person to require classification, the information shall be protected in a manner consistent with this order and its implementing directives. The information shall be transmitted promptly as provided under this order or its implementing directives to the agency that has appropriate subject matter interest and classification authority with respect to this information. That agency shall decide within 30 days whether to classify this information.
So that’s the basic terminology, but if you really want to understand this, then you need to click on across and read the whole policy statement.
What a lot of the questions I’ve been getting are actually about is what happens if something is reported on that’s classified and then someone with a clearance remarks on it. Given news reporting on US governmental activities, it is often possible to find classified information in newspapers, online news and commentary sites, and on TV and radio news broadcasts. The DOD and other government agencies put out warnings to their employees when this happens. For instance:
“Classified information, whether or not already posted on public websites, disclosed to the media, or otherwise in the public domain remains classified and must be treated as such until it is declassified by an appropriate U.S. government authority,” wrote Timothy A. Davis, Director of Security in the Office of the Under Secretary of Defense (Intelligence), in a June 7 memorandum.
“DoD employees and contractors shall not, while accessing the web on unclassified government systems, access or download documents that are known or suspected to contain classified information.”
“DoD employees or contractors who seek out classified information in the public domain, acknowledge its accuracy or existence, or proliferate the information in any way will be subject to sanctions,” the memorandum said.
Finally, we have spillage of classified information. Spillage, in this context, is defined as:
Classified (or sensitive) data spills occur when classified data is introduced onto an unclassified information system, to an information system with a lower level of classification, or to a system not accredited to process data of that restrictive category, according to DoD Manual 5200.01-v3, Protection of Classified Information. Although it is possible that no actual unauthorized disclosure occurred, classified data spills are considered and handled as a possible compromise of classified information involving information systems, networks and computer equipment until the inquiry determines whether an unauthorized disclosure did or did not occur.
If you want a more comprehensive understanding of classification and how the US government deals with it, here’s some unclassified links for you all.
Department of Defense Manual 5200.01/Marking of Classified Material
Department of State Classification Guide/DSCG 11-01 (Declassified After Review per FOIA Request)
US Government Publication Office Publishing Guidelines Pertaining to Classified Information
The EPA’s Information Procedure for Dealing with Spillage of Classified Information onto Unclassified Systems
The FAA’s Procedure for Dealing with Spillage of Classified Information onto Unclassified Systems
The Federation of American Scientists Project on Government Secrecy
The Center for Development of Security Excellence’s Primer on Original Classification Authority
Update at 2:35 PM EDT
Here’s the link to the Office of the Director of National Intelligence’s page containing the Intelligence Community’s Directives. You’ll find anything and everything you can think you might be interested in regarding this stuff there.