recommended reading

Obama misses key elements in rolling back secrecy practices

The initiative calls for a review of the Bush administration's policy on classified information.Matt Slocum/AP

President Obama's plan for rolling back Bush-era government secrecy practices might not go far enough, some digital records specialists say.

"The emphasis has to be on how you control the information from the beginning," said Scott Armstrong, a historian who in 1993 successfully sued the government to bar the destruction of National Security Council e-mails.

The president's two-pronged initiative outlined on Wednesday includes a review of the Bush administration's policy on classified information and a review of handling restricted, unclassified information.

Obama released an executive memo that ordered Gen. James L. Jones, the president's national security adviser, to propose revisions to a 2003 executive order on classified national security information that critics say unnecessarily prolongs the declassification process.

Armstrong, who is now executive director of the Information Trust, a nonprofit organization focused on freedom of expression, argued that declassification should be secondary to devising guidelines for handling sensitive information as soon as it is created. "How and why do we classify or control anything has to be explicit," he said. "It's not just about openness. If the system doesn't work well, security doesn't work well [either]."

For example, intelligence that terrorists might be operating out of Palestinian-run convenience stores in Seattle should be controlled initially, not classified, he said. Federal officials would first want to inform local police that the stores may be involved in terrorist activity. Eventually, officials would decide what information should be publicly released and what should be categorized as classified information.

The details of how that intelligence was intercepted would be classified or, as Armstrong said, go into an "aluminum, soldered and sealed vault." The fact that there was a concern about Palestinians should get out to the public first, in case the intelligence was a case of prejudice against Palestinians, he said.

The approach should be that "all information is inherently not controlled, but we're going to package it in different ways for different purposes," Armstrong said.

Also, the memo should have touched on the challenge of releasing information from classified information technology systems, he added. Typically, the process is arduous, requiring printouts and manual reviews of all the information saved. "I don't think anybody understands the mechanics of it very well," Armstrong noted.

Jones is required in the 90-day review to look at creating a National Declassification Center within the National Archives and Records Administration and information sharing among legitimate users. He also must consider the issue of overclassification and handling classified information in the electronic environment.

"This memo could have, and probably should have, made reference to how digital communication is becoming the norm, and solving the specific challenges of handling sensitive information in the digital environment," not just classified information, said Meredith Fuchs, general counsel at the National Security Archive. The archive is a nongovernmental institute that makes available declassified documents through the Freedom of Information Act.

The memo does not mention the treatment of electronic communications that fall under the second information category, controlled unclassified information, which is restricted to certain individuals for privacy or security reasons.

In that area, "I feel like the administration doesn't understand the direction it wants to go so the task force has a broad range of responsibilities," Fuchs said. "I would think that the task force would have to look at the electronic information issues, but it isn't spelled out here."

Bill Leonard, former director of the Information Security Oversight Office under the Archivist, said he was "heartened to see they are not starting from scratch" in the memo.

The memo assigns Attorney General Eric H. Holder Jr. and Homeland Security Department Secretary Janet Napolitano to head an interagency task force on CUI that will examine suggestions from various commissions that met under the Bush administration.

"One of the things I'd like to see come out of this, [which is] one of the things we tried to push several years ago, is quite frankly doing away with the entire concept of need to know," or letting the information-holder decide who is allowed to see classified information, said Leonard, now a consultant and teacher dealing with national security issues.

The need-to-know rule places the information sharing burden on the recipient, he added. "First of all, I need to know that you exist. Also, it's a little arrogant, because I need to know your job at least, as well as you know your job, if not better."

Eliminating need-to-know restrictions also would make information sharing on government networks easier, Leonard said. For example, a report of an incident involving the water supply in Colorado might be useful to public health officials who are attempting to treat an unknown ailment in the region. But local officials might not know about the mystery disease, so the report should be automatically accessible to cleared personnel, he said.

"By doing away with that need to know, the networks would still be secure, but the presumption is that the people at [the Centers for Disease Control and Prevention] aren't using that information for anything other than an official purpose," Leonard said.

An e-record issue the Obama administration overlooked is the release of existing or historical records that are controlled but may be made available in the future. In many cases, those records are not physically ready for online publication, open access advocates say. Significant effort and expense may be required to scan them for digital distribution.

"That could take many years after the decision to release," said Steven Aftergood, who heads the Project on Government Secrecy at the Federation of American Scientists.

He views the memo as "an opening step" in a process that will be carried out during a period of months or perhaps years. "There are difficult, bureaucratic issues that will take time to navigate, but what [the] memorandum does is to say, 'Get started. We want you to move in the direction of greater transparency,' " Aftergood said.

Marc Rotenberg, executive director of the Electronic Privacy Information Center, considers the move good news for open government advocates. "The initiative is intended to get a handle on, [then to] slow, and then reverse the tendency of bureaucracies to conceal decision-making," he said.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.