Information Security Oversight Office (ISOO)

Director's Message

It would be a mistake to look at the audit results set forth in this report solely in the context of declassification and reclassification. While the issues identified in these areas are significant, they are reflective of challenges confronting the classification system as a whole.

The ability and authority to classify national security information is a critical tool at the disposal of the Government and its leaders to protect our nation and its citizens. In this time of constant and unique challenges to our national security, it is the duty of all of us engaged in public service to do everything possible to enhance the effectiveness of this tool. Yet, some of the practices highlighted by this audit can actually serve to undermine the integrity of the very system we depend upon to ensure that our nation's adversaries cannot use national security related information to harm us.

To be effective, the classification process is a tool that must be wielded with precision. Few, if any, both within and outside Government, would deny that too much of the information produced by our agencies is classified - even the most ardent defenders of the status quo do not call for more classification. Yet, it is disappointing to note, as indicated by the sample contained in this audit, that even trained classifiers, with ready access to the latest classification and declassification guides, and trained in their use, got it clearly right only 64% of the time in making determinations as to the appropriateness of continued classification. This is emblematic of the daily challenges confronting agencies when ensuring that the 3 million plus cleared individuals with at least theoretical ability to derivatively classify information get it right each and every time.

Added to the above challenges are the deliberate decisions highlighted in this audit that constitute a misuse of the classification system. On the one hand, it is good news to note that no one in the Government truly considered many of the Cold-war era documents highlighted in media coverage of the issue that accompanied this audit to truly be classified. The disappointing news, however, is that deliberate decisions were made to make it appear to the public that the Government did consider such documents to be classified in order to conceal other, more sensitive classified equities. As a consequence, in addition to members of the public, other Government officials, to include Freedom of Information Act (FOIA) reviewers and even members of this audit team, were confronted with the impossible task of differentiating on their own between those marked records which truly contained classified information and those that remained marked as classified solely to obfuscate other, more sensitive equities. The damage such practices can inflict on the integrity of the classification system cannot be denied.

In response to the above and the findings of this audit, I am writing to all agency heads asking for their personal attention in ensuring that all of us engaged in advancing our country's security perform our duty to ensure the highest effectiveness of this critical national security tool. To that end, I will request agency heads to:

  • Demonstrate personal commitment to the risk management principles embodied in Executive Order 12958, as amended, "Classified National Security Information" (the Order), and avoid the risk-averse practices that can serve to undermine the classification process (Section 5.4(a), the Order).
  • Ensure that quality classification guides of adequate specificity and clarity are prepared and updated to further accurate and consistent derivative classification decisions (Section 2.2, the Order).
  • Emphasize to all authorized holders of classified information the affirmative responsibility they have under the Order to challenge the classification status of information that they believe is improperly classified (Section 1.8(a), the Order).
  • Review agencies' procedures to ensure that they facilitate classification challenges (Section 1.8(b), the Order). In this regard, agencies are encouraged to consider the appointment of impartial officials whose sole purpose is to seek out inappropriate instances of classification and to encourage others to adhere to their individual responsibility to challenge classification, as appropriate.
  • Routinely sample current classified information to determine the propriety of classification and the application of proper and full markings (Section 5.4(d)(4), the Order). Consideration should be given to reporting the results of these audits to agency personnel as well as to the officials designated above who would be responsible to track trends and assess the overall effectiveness of the agency's efforts and make adjustments, as appropriate.
  • Ensure that information is declassified as soon as it no longer meets the standards for classification (Section 3.1(a), the Order). In this regard, steps must be taken to ensure that prior to exercising the national security exemption as set forth in 5 U.S.C. 552b(1) when responding to FOIA requests, that the information involved clearly meets the standards for continued classification irrespective of the markings, to include declassification instructions, contained on the document
  • Support the development and implementation of the National Declassification Initiative at the National Archives and Records Administration (Sections 3.2(c) and 5.4(c), the Order). This initiative can more effectively integrate the declassification efforts of all agencies and ensure sound decisions in an efficient, expeditious, and cost-effective manner.

In furtherance of the above, the Information Security Oversight Office (ISOO) will be enhancing our efforts in a number of areas. Within the next 60 days, we will be offering new training opportunities to agency personnel to recognize the appropriateness of classification actions. This training will be offered on a number of different levels and directed to everyday users of classified information as well as agency personnel assigned the responsibility to audit classified products as well as to perform FOIA reviews. We will also be offering within the next 60 days workshops to researchers and other members of the public with respect to how to file mandatory declassification review requests and appeals when they believe they are being denied access to a record that is inappropriately classified.

In addition, ISOO will be enhancing our oversight of the quality of agency classification decisions and declassification reviews. We will be emphasizing the appropriateness of such decisions and will routinely report the results to facilitate the tracking of trends and the assessment of the effectiveness of agencies' efforts in this area.

Finally, I will request agency heads to provide a status report within 120 days on the action taken with respect to these initiatives as well as with regard to the recommendations contained within this audit report. ISOO will report publicly on these actions.

The integrity of the security classification program is essential to our nation's continued well-being. The consequences of failure are too high. Thus, the American people expect and deserve nothing less than that we effectively utilize this program each and every day.