Administration should consider policies on how to handle sensitive information when it is created and how it applies to electronic forms, records specialists say.
President Obama's plan for rolling back Bush-era government secrecy practices might not go far enough, some digital records specialists say.
"The emphasis has to be on how you control the information from the beginning," said Scott Armstrong, a historian who in 1993 successfully sued the government to bar the destruction of National Security Council e-mails.
The president's two-pronged initiative outlined on Wednesday includes a review of the Bush administration's policy on classified information and a review of handling restricted, unclassified information.
Obama released an executive memo that ordered Gen. James L. Jones, the president's national security adviser, to propose revisions to a 2003 executive order on classified national security information that critics say unnecessarily prolongs the declassification process.
Armstrong, who is now executive director of the Information Trust, a nonprofit organization focused on freedom of expression, argued that declassification should be secondary to devising guidelines for handling sensitive information as soon as it is created. "How and why do we classify or control anything has to be explicit," he said. "It's not just about openness. If the system doesn't work well, security doesn't work well [either]."
For example, intelligence that terrorists might be operating out of Palestinian-run convenience stores in Seattle should be controlled initially, not classified, he said. Federal officials would first want to inform local police that the stores may be involved in terrorist activity. Eventually, officials would decide what information should be publicly released and what should be categorized as classified information.
The details of how that intelligence was intercepted would be classified or, as Armstrong said, go into an "aluminum, soldered and sealed vault." The fact that there was a concern about Palestinians should get out to the public first, in case the intelligence was a case of prejudice against Palestinians, he said.
The approach should be that "all information is inherently not controlled, but we're going to package it in different ways for different purposes," Armstrong said.
Also, the memo should have touched on the challenge of releasing information from classified information technology systems, he added. Typically, the process is arduous, requiring printouts and manual reviews of all the information saved. "I don't think anybody understands the mechanics of it very well," Armstrong noted.
Jones is required in the 90-day review to look at creating a National Declassification Center within the National Archives and Records Administration and information sharing among legitimate users. He also must consider the issue of overclassification and handling classified information in the electronic environment.
"This memo could have, and probably should have, made reference to how digital communication is becoming the norm, and solving the specific challenges of handling sensitive information in the digital environment," not just classified information, said Meredith Fuchs, general counsel at the National Security Archive. The archive is a nongovernmental institute that makes available declassified documents through the Freedom of Information Act.
The memo does not mention the treatment of electronic communications that fall under the second information category, controlled unclassified information, which is restricted to certain individuals for privacy or security reasons.
In that area, "I feel like the administration doesn't understand the direction it wants to go so the task force has a broad range of responsibilities," Fuchs said. "I would think that the task force would have to look at the electronic information issues, but it isn't spelled out here."
Bill Leonard, former director of the Information Security Oversight Office under the Archivist, said he was "heartened to see they are not starting from scratch" in the memo.
The memo assigns Attorney General Eric H. Holder Jr. and Homeland Security Department Secretary Janet Napolitano to head an interagency task force on CUI that will examine suggestions from various commissions that met under the Bush administration.
"One of the things I'd like to see come out of this, [which is] one of the things we tried to push several years ago, is quite frankly doing away with the entire concept of need to know," or letting the information-holder decide who is allowed to see classified information, said Leonard, now a consultant and teacher dealing with national security issues.
The need-to-know rule places the information sharing burden on the recipient, he added. "First of all, I need to know that you exist. Also, it's a little arrogant, because I need to know your job at least, as well as you know your job, if not better."
Eliminating need-to-know restrictions also would make information sharing on government networks easier, Leonard said. For example, a report of an incident involving the water supply in Colorado might be useful to public health officials who are attempting to treat an unknown ailment in the region. But local officials might not know about the mystery disease, so the report should be automatically accessible to cleared personnel, he said.
"By doing away with that need to know, the networks would still be secure, but the presumption is that the people at [the Centers for Disease Control and Prevention] aren't using that information for anything other than an official purpose," Leonard said.
An e-record issue the Obama administration overlooked is the release of existing or historical records that are controlled but may be made available in the future. In many cases, those records are not physically ready for online publication, open access advocates say. Significant effort and expense may be required to scan them for digital distribution.
"That could take many years after the decision to release," said Steven Aftergood, who heads the Project on Government Secrecy at the Federation of American Scientists.
He views the memo as "an opening step" in a process that will be carried out during a period of months or perhaps years. "There are difficult, bureaucratic issues that will take time to navigate, but what [the] memorandum does is to say, 'Get started. We want you to move in the direction of greater transparency,' " Aftergood said.
Marc Rotenberg, executive director of the Electronic Privacy Information Center, considers the move good news for open government advocates. "The initiative is intended to get a handle on, [then to] slow, and then reverse the tendency of bureaucracies to conceal decision-making," he said.