Security Classification Policy and Procedure: E.O. 12958, as Amended

Order Code 97-771 GOV Updated January 7, 2005 CRS Report for Congress Received through the CRS Web Security Classification Policy and Procedure: E.O. 12958, as Amended Harold C. Relyea Specialist in American National Government Government and Finance Division Summary After two years of preparation, E.O. 12958, prescribing security classification policy and procedure, was signed by President William Clinton in mid-April 1995. The order was prompted by changing security conditions in the aftermath of the end of the cold war and a desire for more economical and effective management of classified information. The directive was modified in late March 2003 by E.O. 13292, issued by President George W. Bush. Largely prescribed in a series of successive presidential executive orders issued over the past 50 years, security classification policy and procedure provide the rationale and arrangements for designating information officially secret for reasons of national security, and for its declassification as well. Background Although formal armed forces information security orders had been in existence since 1869, security classification arrangements assumed a presidential character in 1940. The reasons for this late development are not entirely clear, but it probably was prompted by desires to clarify the authority of civilian personnel in the national defense community to create official secrets, to establish a broader basis for protecting military information in view of growing global hostilities, and to better manage a discretionary power of increasing importance to the entire executive branch. Relying upon a 1938 statute concerning the security of armed forces installations and equipment and “information relative thereto,”1 Franklin D. Roosevelt issued the first presidential security classification directive, E.O. 8381, in March 1940. However, the legislative history of the statute which the President relied upon to issue his order provided no indication that Congress anticipated that such a security classification arrangement would be created. 1 52 Stat. 3. Congressional Research Service ˜ The Library of Congress CRS-2 Other executive orders followed. E.O. 10104, adding a fourth level of classified information, aligned U.S. information security categories with those of our allies in 1950. A 1951 directive, E.O. 10290, completely overhauled the security classification program. Information was now classified in the interest of “national security” and classification authority was extended to non-military agencies which presumably had a role in “national security” policy. Criticism of the 1951 order prompted President Dwight D. Eisenhower to issue a replacement, E.O. 10501, in November 1953. This directive and later amendments to it, as well as E.O. 11652 of March 8, 1972, and E.O. 12065 of June 28, 1978, successively narrowed the bases and limited discretion for assigning official secrecy to agency records. Shortly after President Ronald Reagan issued E.O. 12356 on April 2, 1982, it came under criticism for reversing the limiting trend set by classification orders of the previous 30 years by expanding the categories of classifiable information, mandating that information falling within these categories be classified, making reclassification authority available, admonishing classifiers to err on the side of classification, and eliminating automatic declassification arrangements. With the democratization of many eastern European countries, the demise of the Soviet Union, and the end of the cold war, President Clinton, shortly after his inauguration, initiated a sweeping review of cold war rules on security classification in general and of E.O. 12356 in particular with a view to reform.2 Many began to suspect that the security classification program could be improved when the Department of Defense Security Review Commission, chaired by retired General Richard G. Stilwell, declared in 1985 that there were “no verifiable figures as to the amount of classified material produced in DoD and in defense industry each year.” Nonetheless, it was concluded that “too much information appears to be classified and much at higher levels than is warranted.”3 The cost of the security classification program became clearer when the General Accounting Office reported in October 1993 that it was “able to identify governmentwide costs directly applicable to national security information totaling over $350 million for 1992.” After breaking this figure down — it included only $6 million for declassification work — the report added that “the U.S. government also spends additional billions of dollars annually to safeguard information, personnel, and property.”4 Established in April 1993, the President’s security classification task force transmitted its initial draft order to the White House seven months later. Circulated among the departments and agencies for comment, the proposal encountered strong 2 Tim Weiner, “President Moves to Release Classified U.S. Documents,” New York Times, May 5, 1993, p. A18. 3 U. S. Department of Defense, Department of Defense Security Review Commission, Keeping The Nation’s Secrets (Washington: GPO, 1985), pp. 48-49. 4 U. S. General Accounting Office, Classified Information: Costs of Protection Are Integrated With Other Security Costs, GAO Report GAO/NSIAD-94-55 (Washington: Oct. 1993), p. 1. CRS-3 opposition from officials within the intelligence and defense communities.5 More revision of the draft directive followed. As delay in issuing the new order continued, some in Congress considered legislating a statutory basis for classifying information in the spring of 1994.6 In the fall, the President issued an order declassifying selected retired records at the National Archives.7 After months of unresolved conflict over designating an oversight and policy direction agency, a compromise version of the order was given presidential approval in April 1995. Clinton Order The Clinton order, as initially issued, authorizes the classification of information for reasons of “national security,” which “means the national defense or foreign relations of the United States.”8 Regarding the threshold consideration as to whether a classification action should occur, the order states: “If there is significant doubt about the need to classify information, it shall not be classified.” No explanation of the term “significant” is provided. Nonetheless, the policy of E.O. 12356, directing classifiers to err on the side of classification in questionable cases, is reversed. E.O. 12958 retains three classification levels, identified by the traditional Top Secret, Secret, and Confidential markings. Again reversing E.O. 12356 policy, the Clinton order states: “If there is significant doubt about the appropriate level of classification, it shall be classified at the lower level.” In this regard, E.O. 12356 had called for classification at the higher level. The classification categories specified in E.O. 12958 — identifying inclusively the information subjects that may be considered for classification — are the same as those of E.O. 12356, with one exception. In E.O. 12356, explicit provision was made for the President to create additional classification categories. No such allowance is stated in E.O. 12958, but additional categories could be appended by a subsequent order amending E.O. 12958. Prescribing Declassification. Unlike E.O. 12356, the Clinton order limits the duration of classification. When information is originally classified, an attempt is to be made “to establish a specific date or event for declassification.” Alternatively, if a shortterm time or event for declassification cannot be determined, the new order sets a 10-year terminus. However, allowance is made for extending the duration of classification beyond the 10-year limit in selected cases and in accordance with prescribed procedures 5 See David C. Morrison, “For Whose Eyes Only?,” National Journal, vol. 26, Feb. 26, 1994, pp. 472-476; Tim Weiner, “U.S. Plans Overhaul on Secrecy, Seeking to Open Millions of Files,” New York Times, Mar. 18, 1994, pp. A1, B6; R. Jeffrey Smith, “CIA, Others Opposing White House Move to Bare Decades-Old Secrets,” Washington Post, Mar. 30, 1994, p. A14. 6 See U. S. Congress, House Permanent Select Committee on Intelligence, A Statutory Basis for Classifying Information, hearing, 103rd Cong., 2nd sess., Mar. 16, 1994 (Washington: GPO, 1995). 7 See E.O. 12937 of November 10, 1994, in Federal Register, vol. 59, Nov. 15, 1994, pp. 5909759098. 8 See Federal Register, vol. 60, Apr. 20, 1995, pp. 19825-19843. CRS-4 and conditions. In brief, the intent appears to be that only a small quantity of the most highly sensitive information would be maintained under security classification for periods longer than 10 years. Other arrangements are specified for the automatic declassification of historic government records — those that are more than 25 years old and have been determined by the Archivist of the United States to have permanent historical value. E.O. 12958 mandates the beginning of governmentwide declassification of historic records five years hence, shortly after the turn of the century. Allowance is made for continuing the classification of these materials in selected cases and in accordance with prescribed procedures and conditions. Once again, the intent appears to be that only a small quantity of the most highly sensitive historic records would be maintained under security classification. The Archivist, according to the Clinton order, “shall establish a Governmentwide database of information that has been declassified.” Furthermore, E.O. 12958 continues the mandatory declassification review requirement of E.O. 12356. This provision authorizes a person to request that almost any classified record be reviewed with a view to being declassified and publicly disclosed. Similarly, if an agency record requested pursuant to the Freedom of Information Act is found to be security classified, mandatory declassification review also occurs. Controversial Areas. A few provisions of E.O. 12958 may be considered controversial. The Clinton order states that information “may not be reclassified after it has been declassified and released to the public under proper authority.” The reference to “proper authority” means that the information has not been disclosed through a leak. However, some question remains as to how “public” the proper disclosure must be to preclude retrieval and reclassification when some higher authority, having second thoughts, wants to stop disclosure. Similarly, the Clinton order states: “Compilations of items of information which are individually unclassified may be classified if the compiled information reveals an additional association or relationship that (1) meets the standards for classification under this order; and (2) is not otherwise revealed in the individual items of information.” At issue here is the so-called “mosaic theory” that individual items of unclassified information, in aggregation, result in classifiable information. At dispute is the question of perception: government officials classify aggregated unclassified information items because they fear that harm to the national security could result if the aggregation were publicly disclosed. E.O. 12958 continues to allow agency officials to “refuse to confirm or deny the existence or nonexistence of requested information whenever the fact of its existence or nonexistence is itself classified under this order.” Classification Challenges. Among the new features of E.O. 12958 is the authorization of classification challenges. “Authorized holders of information who, in good faith, believe that its classification status is improper,” says the order, “are encouraged and expected to challenge the classification status of the information in accordance with agency procedures.” The willingness of federal employees to engage in this mild form of “whistleblowing,” and resulting retribution, has not been a matter of controversy. CRS-5 A Balancing Test. Another innovation, first introduced by E.O. 12065, President Jimmy Carter’s security classification directive, but eliminated in E.O. 12356, is the socalled balancing test. According to E.O. 12958, where “the need to protect ... information may be outweighed by the public interest in disclosure of the information, and in these cases the information should be declassified,” the question “shall be referred to the agency head or the senior agency official” responsible for classification matters for resolution. Because there was insufficient opportunity for the balancing test of E.O. 12065 to be implemented, the effect of the provision could not be assessed. E.O. 12958 provides an opportunity to conduct such an analysis sometime in the future. Program Direction. E.O. 12958 originally vested responsibility for implementing and supervising the security classification program in the director of the Office of Management and Budget (OMB), assisted by the director of the Information Security Oversight Office (ISOO).9 The Clinton order also indicates that the Security Policy Board, a secretive body established in May 1994 by Presidential Decision Directive 29, a classified instrument, “shall make a recommendation to the President ... with respect to the issuance of a Presidential directive on safeguarding classified information.” This subsequent directive, according to E.O. 12958, “shall pertain to the handling, storage, distribution, transmittal and destruction of and accounting for classified information.” New Organizations. Finally, E.O. 12958 creates two new entities. The first of these, the Interagency Security Classification Appeals Panel (ISCAP), is composed of senior level representatives of the Secretary of State, Secretary of Defense, Attorney General, Director of Central Intelligence, Archivist of the United States, and Assistant to the President for National Security Affairs. The President selects the panel’s chair from among its members. The ISOO director serves as the ISCAP executive secretary and provides support staff. The functions of the panel, as specified in the Clinton order, are (1) to make final determinations on classification challenges appealed to it; (2) to approve, deny, or amend exemptions from automatic declassification sought by agencies; (3) to make final determinations on mandatory declassification review requests appealed to it; and, generally, to advise and assist the President “in the discharge of his constitutional and discretionary authority to protect the national security of the United States.” The second body established by the Clinton executive order, the Information Security Policy Advisory Council (ISPAC), is “composed of seven members appointed by the President for staggered terms not to exceed four years, from among persons who have demonstrated interest and expertise in an area related to the subject matters of [E.O. 12958] and are not otherwise employees of the Federal Government.” The functions of the ISPAC, as specified in the order, are to “(1) advise the President, the Assistant to the President for National Security Affairs, the Director of the Office of Management and Budget, or such other executive branch officials as it deems appropriate, on policies established under [E.O. 12958] or its implementing directives, including recommended changes to those policies; (2) provide recommendations to agency heads for specific 9 Conferees on the FY1995 Treasury, Postal Service, and Executive Office of the President appropriation transferred ISOO from the General Services Administration to OMB (H.Rept. 103741, p. 42). At the recommendation of the OMB director, conferees on the FY1996 Treasury, Postal Service, and Executive Office of the President appropriation transferred ISOO to the National Archives and Records Administration (H.Rept. 104-291, pp. 41-42). CRS-6 subject areas for systematic declassification review; and (3) serve as a forum to discuss policy issues in dispute. E.O. 12958 became effective on October 15, 1995, 180 days from the date of its issuance by the President.10 An amending directive, E.O. 13142 of November 19, 1999, largely effected technical changes reflecting the transfer of ISOO to the National Archives and the administrative direction of the Archivist.11 Bush Amendments Further amendment of E.O. 12958 occurred in late March 2003 when President George W. Bush issued E.O. 13292.12 The product of a review and reassessment initiated in the summer of 2001, the directive, among other changes, eliminated the Clinton order’s standard that information should not be classified if there is “significant doubt” about the need to do so; treated information obtained in confidence from foreign governments as classified; and authorized the Vice President, “in the performance of executive duties,” to classify information originally. It also added “infrastructures” and “protection services” to the categories of classifiable information; eased the reclassification of declassified records; postponed the starting date for automatic declassification of protected records 25 or more years old from April 17, 2003, to December 31, 2006; eliminated the requirement that agencies prepare plans for declassifying records; and permitted the Director of Central Intelligence to block declassification actions of the ISCAP, unless overruled by the President. 10 The OMB implementing regulation appears in Federal Register, vol. 60, Oct. 13, 1995, pp. 53492-53502. 11 E.O. 13142 appears in Federal Register, vol. 64, Nov. 23, 1999, pp. 66089-66090. 12 See Federal Register, vol. 68, Mar. 28, 2003, pp. 15315-15334.