September 16, 1996
Dear Mr. President:
We are pleased to submit the Information Security Oversight Office's 1995 Report to the President.
As we note at the beginning of our report, fiscal year 1995 was indeed an extraordinary year. You issued three Executive orders that were the first to bring the security classification system into the post-cold war era. Moreover, the agencies of the executive branch classified far fewer documents than in any other year for which we have data, and in conjunction with your Executive Order 12937, "Declassification of Selected Records Within the National Archives of the United States," they declassified in a year more than one-quarter of all the formerly classified pages opened to the public since 1979.
With the effective date of your Executive Order 12958, "Classified National Security Information," commencing in fiscal year 1996, we can anticipate a continuation of these positive trends. Already, preliminary data suggest that many agencies will meet the very high standards you have established in Executive Order 12958. However, our initial exposure to implementation also suggests that compliance will be uneven. Top management support of the reforms you have called for remains critical to their accomplishment.
Our next report will document the first year's experience under Executive Order 12958. As before, we expect to benefit from the commitment of thousands of individuals throughout the executive branch and industry toward achieving its lofty goals.
The "Fiscal Year 1995 Report to the President" is the 13th report and the last to examine the security classification program under Executive Order 12356. The following data highlight ISOO's findings.
I. Executive Order 12958, "Classifted National Security Information"
On April 17, 1995 President Clinton issued Executive Order 12958, "Classified National Security Information." Effective in fiscal year 1996, the Order implements the commitment that the President called for early in his administration to bring the security classification system into the post-cold war era. The statement that the President issued in signing Executive Order 1 2958, reprinted below, highlights the scope of its reforms. For a copy of the complete Order, please refer to ISOO's Report to the President for 1994, or contact ISOO.
Statement by the President
In issuing this order I am seeking to bring the system for classifying, safeguarding, and declassifying national security information into tine with our vision of American democracy in the post-Cold War world.
This order strikes an appropriate balance. On the one hand, it will sharply reduce the permitted level of secrecy within our Government, making available to the American people and posterity most documents of permanent historical value that were maintained in secrecy until now.
On the other, the order enables us to safeguard the information that we must hold in confidence to protect our Nation and our citizens. We must continue to protect information that is critical to the pursuit of our national security interests There are some categories of information-for example, the war plans we may employ or the identities of clandestine human assets-that must remain protected.
This order also will reduce the sizable costs of secrecy the tangible costs of needlessly guarding documents, and the intangible costs of depriving ourselves of the fullest possible flow of information.
This order establishes many firsts: Classifiers will have to justify what they classify; employees will be encouraged and expected to challenge improper classification and protected from retribution for doing so; and large-scale declassification won't be dependent on the availability of individuals to conduct a line-by-line review.
Rather, we will automatically declassify hundreds of millions of pages of information that were classified in the past 50 years.
Similarly, we will no longer tolerate the excesses of the current system. For example, we will resolve doubtful calls about classification in favor of keeping the information unclassified. We will not permit the reclassification of information after it has been declassified and disclosed under proper authority. We will authorize agency heads to balance the public interest in disclosure against the national security interest in making declassification decisions. And, we will no longer presumptively classify certain categories of information, whether or not the specific information otherw ise meets the strict standards for classification. At the same time, however, we will maintain every necessary safeguard and procedure to assure that appropriately classified information is fully protected.
Taken together, these reforms will greatly reduce the amount of information that we classify in the first place and the amount that remains classified. Perhaps most important, the reforms will create a classification system that Americans can trust to protect our national security in a reasonable, limited, and cost-effective manner.
In keeping with my goals and commitments, this order was drafted in an unprecedented environment of openness. We held open hearings ond benefited from the recommendations of interested Committees of Congress and nongovernmental organizations, groups, businesses, and individuals. The order I have signed today is stronger because of the advice we received from so many sources. I thank all those who have helped to establish this new system as a model for protecting our national security within the framework of a Government of, by, and for the people.
On November 10, 1994, President Clinton issued an Executive order that declassified, in bulk, a selection of classified records within the National Archives of the United States maintained by NARA. This unprecedented order declassified approximately 45 million pages or 14 percent of the NARA permanent holdings of classified material, including clas- sified holdings through the end of World War II and an equal number dating into the 1970s. For a copy of this Executive order, please refer to ISOO's Report to the President for 1994, or contact ISOO.
III. Executive Order 12951, "Release of Imagery Acquired by Space-Based National Intelligence Reconnaissance Systems"
On February 22, 1995, President Clinton issued an Executive order that, for the first time, will result in the declassification and public availability of historical intelligence imagery, Specifically, before the end of 1996, the public will have access to imagery from Corona, Argon, and Lanyard rnissions. For a copy of this Executive order, please refer to ISOO's Report to the President for 1994, or contact ISOO.
IV. Classification Actions and Pages Declassified
Overshadowed, perhaps, by the extraordinary policy developments during fiscal year 1995, the classifiers and declassifiers of the executive branch also made their mark in record- breaking fashion during the same year. Classification actions reached record low levels, and the nurnber of pages declassified in a year reached record high levels. These charts illustrate the magnitude of these accomplishments.
Fiscal Year Actions in Millions 1980 8.8 1981 10.2 1982 10.3 1983 10.9 1984 12.5 1985 15 1986 10.8 1987 11.9 1988 10.5 1989 6.8 1990 6.8 1991 7.1 1992 6.3 1993 6.4 1994 4.8 1995 3.6
Fiscal Year Pages in Millions 1980 24.6 1981 28.7 1982 16.8 1983 8 1984 11.5 1985 8.5 1986 14.5 1987 9.2 1988 5.1 1989 7.2 1990 12.3 1991 14.1 1992 9.5 1993 6.8 1994 11.5 1995 24 1995 45 (additional under executive order 12937)
Roslyn A. Mazer, Chair
Department of Justice
Joan A. Dempsey
Department of Defense
Michael J. Kurtz
National Archives and Records Administration
William H. Leary
National Security Council
Frank M. Machak
Department of State
Richard J. Wilhelm
Information Security Oversight Office
For copies of the ISCAP's bylaws or other information, contact ISOO:
Telephone: 202-219-5250 Fax 202-219-5385 E-mail firstname.lastname@example.org
Physical Security: That portion of security concerned with physical measures designed to safeguard and protect classified facilities and information, domestic or foreign.
Information Security: includes two subcategories. Classification Management: The system of administrative policies and procedures for identifying, controlling, and protecting from unauthorized disclosure classified information the protection of which is authorized by Executive order or statute. Classification management encompasses those resources used to identify, control transfer, transmit retrieve, inventory, archive, declassify, or destroy classified information. Information Systems Security: Measures and controls that ensure confi- dentiality, integrity and availability of the classified information processed and stored by a computer or information technology system. It can include, but is not limited to the provi- sion of all security features needed to provide an accredited system of protection for com- puter hardware and software and classified information, material or processes in auto- mated systems.
Professional Education, Training, and Awareness: The establishment, maintenance, direction, support, and assessment of a security training and awareness program; the certi- fication and approval of the training program; the development, management, and mainte- nance of training records; the training of personnel to perform tasks associated with their duties; and qualification and/or certification of personnel before assignment of security responsibilities related to classified information.
Security Management and Planning: Development and implementation of plans, procedures, and actions to accomplish policy requirements, develop budget and resource requirements, oversee organizational activities, and respond to management requests related to classified information.
Unique Items: Those department- or agency-specific activities that are not reported in any of the primary categories but are nonetheless significant and need to be included.
The total security classification costs estimate for fiscal year 1995 was $2.7 billion. This figure encompasses estimates provided by 32 executive branch agencies, including DOD, whose estimate incorporates the National Foreign Intelligence Program. It does not include, however, the cost estimates of CIA.
TOTAL $2.7 billion Personnel Security $633 million Physical Security $175 million Information Security $1.5 billion $312 million for Classification Management $1.2 billion for Information Systems Security Professional Education, Training, Awareness $67 million Security Management $257 million Unique Items $6.4 million
TOTAL $5.6 billion Government $2.7 billion Industry $2.9 billion
A joint DOD and industry group developed a cost collection methodology for those costs associated with the use and protection of classified information within industry. Because industry accounts for its costs differently than Government, cost estimate data were not provided by category. Rather a sampling method was applied that included volunteer com- panies from four different categories of facilities. The category of facility is based on the complexity of security requirements a particular company must meet in order to hold a classified contract with a Government agency.
The 1995 cost estimate totals for industry pertain to the 12-month accounting period for the most recently completed fiscal year of each company that was part of the industry sample. For most of the companies included in the sample, December 31, 1995 was the end of their fiscal year. The estimate of total security costs for 1995 within industry was $2.9 billion.
Because this was Government and industry's first attempt at estimating security classification costs, we expect the collection methods and the reliability of the data to improve with each year. Certainly, there are many lessons to be learned from this effort, Knowing "what it costs" shouid, in the long run, help considerably in the management of the security classification program.
ISOO is repeatedly asked two questions that, despite all the data we collect and analyze, we cannot definitively answer: (1) How much classified information is out there (i e , how big is the classified mountain)? (2) Which was greater this year: the buildup of the classified mountain through classification or the erosion of the mountain through declassification? Central to our inability to answer these questions with any statisti cal support is the lack of data concerning the duplication of classified information.
While ISOO collects, analyzes, and reports data on classification actions or decisions-- and has done so since 1979-- a classification action is not readily convertible into a measurement that denotes size (e.g , a certain number of pages or even an estimated number of pages). A classification action may apply to a single word or two, or it may apply to a report hundreds of pages long.
Even if an archivist, records manager or statistician were able to tell us that the "average" classified document is a certain number of pages long, we could not multiply this number by the number of classification actions and arrive at the number of classified pages produced in that year. This is because of the widespread duplication that accompanies the production of almost every document, whether classified or unclassified and whether the document exists in paper form electronically or both. Today, the producer of a document routinely creates it on a computer and can distribute hundreds of "copies" electronically by pushing a single button, and the producer and receiver of the electronic document are usually only a few steps away from a printer and copier that can produce hundreds of paper copies in a few minutes.
Therefore in terms of the size of the classified mountain, classification actions are the apples, and pages declassified are the oranges. Knowing about each enriches our understanding and monitorship of the security classification system. However, comparing 10 classification actions to 10 pages of information declassified tells us little or nothing about the overall size of the classified universe.
For fiscal year 1995, the number of original classifiers throughout the executive branch was 5,379, which represents a reduction of 82 classifiers from the previous year. This figure, for the fifth consecutive year, represents the lowest number of original classifiers ever reported by ISOO. Since 1990, the number of original classifiers has decreased by more than 17 percent, which ISOO primarily attributes to the end of the cold war and the ongoing efforts to downsize Government. However, since disparities exist among agencies with comparable original classification authority, ISOO believes additional reductions are possible without having a negative impact on agency operations.
TOTAL 5,379 Top Secret 1,336 Secret 3,031 Confidential 1,102
Executive Order12958 placesmore stringent accountability on original classifiers than previous orders did. For this reason, ISOO anticipates further reductions in the number of original classifiers. These reductions should enhance the credibility of the classification system as a whole by improving the quality and reducing the number of classification decisions.
In fiscal year 1995, agencies reported decreases in the number of original classifiers for all three classification levels. At the Top Secret and Secret levels, agencies reported decreases of 0.6 percent, while the number of Confidential original classifiers decreased by 5 percent. ISOO wishes to recognize several agencies for their efforts to reduce the number of original classifiers. Most impressive were the efforts of FEMA, NASA, and DOE which reported decreases of 25 percent, 22 percent and 16 percent, respectively. Although the reductions in the number of original classifiers are not as significant as in those agencies mentioned above, ISOO also wishes to recognize NRC, DOD, AID and CIA for reducing their number of original classifiers.
For fiscal year 1995, agencies reported a total of 167,840 original classification decisions This figure represents a decrease of 18 percent from the number of original classification decisions reported in fiscal year 1994 and replaces last year's figures as the lowest number of original classification actions ever reported by ISOO. ISOO maintains that the decrease in the number of original classification decisions over the past several years is a result of ongoing efforts to downsize Government and the end of cold war tensions and the increased use of classification guides as the source for classification. ISOO also attributes the decrease to efforts by several agencies to keep original classification to a minimum. By classification level, both Secret and Confidential decisions decreased by 31 percent and 17 percent respectively. However, the number of Top Secret original classification actions increased by 211 percent. Justice, through the FBI, is the primary contributor to this increase. ISOO is examining why the FBI had such a large increase from the fiscal year 1994 figure of 5,216 to the fiscal year 1995 figure of 21,871. Over the past 4 years, the FBI has been transitioning into an automated collection process, which may partially account for the increase. In fiscal year 1993, Justice reported 15,108 original Top Secret decisions. It appears that the fiscal year 1994 figure is the anomaly for the 3 fiscal years. Nevertheless, ISOO will need to closely monitor this area of Justice's program.
Four agencies-- Justice, CIA, DOD, and State-- continue to account for almost 96 percent of ali original classification decisions. Of these agencies, CIA reported the highest number, with a total of 55,822 actions. However, this number represents a decrease of 3 percent in original classification decisions at CIA from the figure reported in fiscal year 1994. DOD reported a total of 43,542 original classification decisions, which represents an increase of less than 1 percent from the previous year. Whiie Justice's Top Secret original classification actions significantly increased, its total number of actions decreased by 46 percent to 39,678. State reported 1,252 actions, a 5-percent decrease in the number of its original classification decisions.
For several of the agencies with smaller information security classification programs, the data collected show a marked decrease in the number of original classification decisions. In particular, ISOO commends DOT, FEMA, NASA, ONDCP, PFIAB, and Treasury, which reported decreases of 89 percent, 100 percent, 50 percent, 100 percent, 58 percent, and 35 percent, respectively, in the number of original classification decisions.
As part of the original classification process, the classifiers must determine a timeframe for the protection of the information. This is commonly called the "duration" of classification. Executive Order 12356, superseded by Executive Order 12958, provided classifiers with two means of designating the duration of classification for national security information. First, the information could be marked for declassification upon a specific date or event. For example, a classifier could determine that the information's sensitivity would lapse upon the completion of a particular project. The event would be noted on the face of the document, and when the project had been completed, the information would automatically be declassified. Only if a specific date or event could not be determined at the time of classification would the classifier be authorized to use the second means, marking the document with the notation "Originating Agency's Determination Required" (OADR). OADR indicated that the information had to be reviewed by the originating agency before declassification action could be taken. Executive Order 12958 eliminates the use of OADR.
During fiscal year1995, the last year that OADR was an acceptable marking for original classification decisions, 9 percent of all original classification decisions were marked for declassification with a specific date or event, compared to 8 percent of all actions reported in fiscal year 1994.
For fiscal year1995, agencies reported 3,411,665 derivative classification actions. This figure represents a significant decrease of just over 25 percent from that reported in fiscal year 1994, which at the time was the lowest number ever reported by ISOO. Again, ISOO attributes this significant decrease to the continuing efforts to downsize Government programs, operations and personnel and the absence of any major international conflict involving the United States.
TOTAL 3,411,665 Top Secret 374,244 Secret 2,344,629 Confidential 692,792During fiscal year 1995, the four major classifying agencies reported significant reductions in the number of derivative classification actions. Among these agencies, Justice led the way reporting a 26-percent reduction in derivative classification actions. DOD reported a 38-percent reduction. State reported an 18-percent reduction, and CIA reported a 3-percent reduction from fiscal year 1994. ISOO applauds Justice, DOD State, and CIA for their efforts in reducing significantly the number of derivative classification actions. All other agencies reported 42,759 derivative classification actions, a 4-percent reduction from the year before. Among those agencies JSOO commends the following agencies for reducing the number of derivative classification actions for fiscal year 1995: NSC (58 percent), NRC (54 percent), FRS (40 percent), NASA (32 percent), and USDA (29 percent).
TOTAL 3,579,505 Top Secret 396,115 Secret 2,434,824 Confidential 748,566
DOD accounted for 47 percent of all combined classification activity reported for fiscal year 1995; CIA 40 percent; Justice, 8 percent; and State, 4 percent. As in the past, the remainirg agencies accounted for only 1 percent of the combined classification activity.
ISOO is pleased to report that during fiscal year1995, the product of the systematic review program showed a tremendous increase. During fiscal year 1995, agencies reviewed slightly over 25 million pages, 11.7 million (89 percent) more than reviewed in fiscal year 1994. Of the pages reviewed, 94 percent were declassified, a significant increase from the 84 percent declassification rate reported in fiscal year 1994. As a result of the number of pages reviewed and the improved declassification rate, 23 million pages were declassified under the systematic review program in fiscal year 1995, over 11 million more pages than in fiscal year 1994.
ISOO believes that this dramatic increase is due to the agencies' anticipation of the declassification reforms contained in Executive Order 12958. As predicted in last year's Report, the new approach to deal with the buildup of older permanently valuable classified records is redefining the future of declassification.
Although the efforts of several agencies contributed to the increase, DOD, State, and NARA account for much of the program's substantial improvement. State accounted for the highest volume of pages reviewed in fiscal year 1995. State reviewed over 10 million pages, 5 million more than in fiscal year 1994, and declassified 9.7 million pages. DOD accounted for the second highest volume of pages reviewed in fiscal year 1995 8.6 million pages, a 2-million-page increase from fiscal year 1994. Of the 8.6 million pages reviewed DOD declassified 7.6 million pages.
In fiscal year 1995, the number of pages NARA reviewed increased from 2,320,531 in fiscal year 1994 to 6,136,000, with a slightly increased declassification rate of 97 percent. NARA's primary explanation for the increase in its systematic review activity was its retention of experienced document reviewers throughout the fiscal year.
Fiscal year 1995 saw an exceptional increase in the amount of declassification activity flowing out of three programs: (1) Executive Order 12937, "Declassification of Selected Records Within the National Archives of the United States," issued by the President early in fiscal year 1995 and described and reproduced in ISOO's last Annual Report; (2) systematic declassification review; and (3) mandatory declassification review. In a year, almost 70 million pages of formerly classified information were declassified. This represents an unprecedented ard extraordinary achievement in the area of declassification and bodes well for the future of the program as we begin implefnenting the declassification reforms of Executive Order 12958.
During fiscal year 1995, agencies processed 101 appeals that comprised 568 documents totaling 1,658 pages. Of these, 80 percent of the pages were granted in whole or in part.
Although the rate is 8-percent lower than last year, this rate still suggests that researchers can continue to anticipate greater returns in declassified information if they pursue an appeal.
For the fifth year in a row, agencies reported a decrease in the number of self-inspections, For fiscal year1995, agencies reported 2,517 fewer self-inspections, a 20-percent decrease from the number reported in fiscal year 1994. This decrease is largely attributed to DOD, which conducted 2,550 fewer self-inspections. Other agencies with significant decreases include GSA, HUD, Justice, NARA, NRC, State, Treasury, and USIA. These reductions in self-inspections are primarily attributed to the continued downsizing and reorganizations throughout the Government. Other factors that contributed to the reductions in self-inspections are the Government shutdowns and extended periods without authorized appropriation bills for some agencies that occurred during fiscal year 1996. Those agencies reporting major increases in self-inspections, thus enhancing their oversight capability, include AID, CIA, DOE, FEMA, and DOT.
In fiscal year 1995, agencies detected a total of 8,622 infractions. Compared to fiscal year 1994, this figure represents a 33-percent decrease. The average number of infractions discovered per inspection significantly decreased from 1.02 in fiscal year 1994 to 0.84 in fiscal year 1995. These figures are not encouraging, and they suggest that not all agencies have effective self-inspection programs. ISOO has consistently held that agencies would identify a far greater number of infractions if agencies conducted more quality self-inspections. ISOO believes that the uniform standards for comprehensive self-inspections in subpart C of the implementirig directive for Executive order 12958, if consistently implemented, will help to improve the quality of agency self-inspections.
New Marking Booklet
This booklet, fresh off the presses, is a general, illustrated guide on how to mark classified documents in accordance with the requirements of Executive Order 12958 and its implementing directives. Authorized original and derivative classifiers as well as administrative personnel who prepare classified documents can rely on this booklet whenever there is a question about the marking of a classified document.
Updated SF 312 Briefing Booklet
This booklet remains popular with agency ard industry security managers who are tasked with providing briefings on the SF 312, "Classified Information Nondisclosure Agreement." It includes the complete text of all the laws and regulations that must be available if requested by someone signing the SF 312, including the text of Executive Order 12958, a copy of the SF 312, and updated answers to almost all the questions that employees are likely to raise about the nondisclosure agreement.
The SF 312 Video
This 13-minute video provides an entertaining but informative approach to answering most of the questions that employees raise about the purpose of the nondisclosure agreement and their obligations under it. It provides an excellent base for an employee briefing on the SF 312.
Executive Order 12958 and Implementing Directive Packet
This packet is a three-hole punched, shrink-wrapped document that includes Executive Order 12958, its implementing directives, the President's Original Ciassification Authority designations, and amendment. Tabs identify each of these items. They are all printed in a very clear and very easy to read format. This is one of the most "user-friendly" versions of the Order and its related documents.