Are government leakers bringing about the end of secrets?
In an age of Wikileaks, Hal Martin, and Shadow Brokers, is the US overclassifying documents it cannot protect?
If millions of people know something, can it really be considered a secret anymore? That’s one of the questions at the heart of an ongoing debate in Washington about how much, and which, documents to classify in the age of Wikileaks, iPhones, and Edward Snowden.
The US government has found it increasingly difficult to secure the deluge of digitally-classified information on its systems – from personnel records to hacking tools.
That challenge, underscored by Mr. Snowden’s leaks of details exposing the National Security Agency’s top-secret surveillance programs, has given transparency experts new hope that they can help intelligence agencies take advantage of new thinking around classification to ensure that what needs to be secret stays secret.
“The calculation has changed recently, because a single individual, either out of negligence or malice or some other motive, can disclose whole libraries of records,” says Steven Aftergood, director of the Federation of American Scientists’ Project on Government Secrecy. “That’s something the government has not yet figured out how to deter or prevent.”
The question of classification is one the federal government has grappled with before. At the height of the Watergate scandal that eventually brought down President Nixon, Congress appeared to be on the verge of a sweeping domestic policy overhaul – and it wasn’t an effort to reform the social safety net or create millions of jobs. With trust in the presidency then at an all-time low, legislators appeared ready to bring to light the classified national security secrets that had piled up in the White House.
“That was a time when Congress hadn’t clearly blessed the classification system,” says David Pozen, a law professor at Columbia University in New York.
Yet even with Congress clamoring for reform, that push to regulate what the US government makes secret – a procedure that’s historically been determined by the White House – didn’t bring about the legislated system of classification rules that some expected. Instead, a patchwork system emerged: Alongside the Church and Pike Committees that established congressional oversight of the intelligence community, the Freedom of Information Act allowed the public to request classified documents.
Combating the threat
With a scourge of suspected leaks allegedly involving hackers and disgruntled leakers who can make those records public with just the push of a button, the question of prevention has come to forefront in the past year.
In March, WikiLeaks dumped a cache of purported CIA hacking tools that exploited security vulnerabilities in iPhones, Android devices, Samsung TV sets, and Microsoft systems to carry out covert cyberoperations. Meanwhile, the Shadow Brokers group, which threatened to auction off a gigabyte-sized trove of alleged NSA hacking tools last summer, appears to have returned with a vengeance, releasing suspected US government tools. Those tools have already allowed hackers to remotely break into an array of consumer-facing Windows systems, cybersecurity researchers say.
Elsewhere, a former contractor for NSA’s Tailored Access Operations hacking group, Harold T. Martin, walked out of the Ft. Meade, Md., facility with more than 75 percent of the elite unit’s cybersecurity tools – including multimillion dollar exploits designed by the agency – according to The Washington Post. While a US court has charged Mr. Martin with 20 counts of willfully retaining classified information, it may be too late to undo the damage.
“All they require now is a smart phone and internet access,” said CIA Director Mike Pompeo, at a Washington think tank last month. “In today's digital environment, they can disseminate stolen US secrets instantly around the globe to terrorists, dictators, hackers, and anyone else seeking to do us harm.”
How the system works
Yet the system for classifying that information, transparency experts complain, is poorly understood and isn’t widely seen as legitimate across the scope of the US government.
The majority of US presidents since the end of World War II have issued executive orders that establish boundaries for the classification of American secrets.
The most recent iteration of those rules, established by the Obama administration in 2010, specifically mandates the authorities that can categorize US government records as secret, and allows for information to be declassified as soon as it won’t harm national security. It also created the National Declassification Center, an agency designed to coordinate those efforts.
“It’s just a modest tool compared to the size of the problem,” says Professor Pozen. “What we haven’t seen is fundamental reform. We’ve seen tweaks at the margin.”
Although transparency experts worried that then-President Barack Obama’s 2010 executive order wasn’t clear about defining when public interest outweighed the need for secrecy – the US government’s standard for declassification – it appeared to have some impact. The US Information Security Oversight Office reported that in 2014 the number of government classification decisions dropped by 18.5 percent over the prior two year period.
Mr. Obama also signed into law the Reducing Over-Classification Act earlier that year that aimed to promote the sharing of information between state, local, and federal officials, bowing to the failure of US government officials to share information ahead of the Sept. 11 attacks. That measure generally scored highly on internal reviews, though transparency experts complained they weren’t subjected to more external scrutiny by US government agencies.
But there are also national security implications behind the overclassification battle, experts say. 9/11 commissioner Richard Ben-Veniste testified in 2005 that failure to share information was the "single biggest reason" why the US government couldn't stop the attacks, and said that declassification could contribute to the free flow of information.
“Snowden was actually the collapse of secrecy,” says Richard Aldrich, a professor of history who specializes in intelligence at the University of Warwick in Coventry, England. “Ever since 9/11 we've rushed to share material, we've also had an increase in the size of the intelligence community. By definition, when 5 or 6 million people know something, it's definitely not secret anymore.”
Yet even before Snowden’s leaks, the US government began thinning the ranks of contractors and employees holding security clearances, according the Office of the Director of National Intelligence. Between 2010 and 2015, the number of US government security clearances in circulation sank from 4.7 million to 4.3 million, thanks to an Obama-era effort to reduce the number of cleared individuals by 10 percent by 2018.
Last April, former Director of National Intelligence James Clapper sent a memo calling for the 16 agencies of the US intelligence community to proactively declassify documents, eliminate some low standards of classification, and reduce the number of officials who can make classification decisions. The Trump administration hasn’t announced any efforts to continue those programs.
But the biggest problem when it comes to determining US government secrets, some experts think, is that Washington isn’t always following the reviews it aims to put in place. Though the Obama-era executive order calls on agencies to declassify information automatically after 25 years, Elizabeth Goitein, co-director of the Brennan Center for Justice’s Liberty and National Security program at New York University recently noted that there’s no system to facilitate declassification before that point.
Or maybe, says Pozen, policymakers could find a solution to the problem by looking to the Nixon-era efforts of the past.
“There’s a lot of money spent on the classification side, and there’s very little spent on the declassification side,” he says. “It couldn’t hurt to have Congress get serious about the issue.”