On to Chapter Eleven.
Chapter 10.
CLASSIFICATION OF COMPILATIONS OF INFORMATION** This chapter is essentially the same as an article by the author that appeared in Viewpoints, 2, 7–16 (1992), a periodical of the National Classification Management Society, Rockville, Md.
INTRODUCTION
Information is given a security classification when its unauthorized disclosure reasonably could be expected to cause damage to the national security. The classification of information results in unavoidable costs. Because of those classification costs, it is important to classify only information that truly warrants protection and information that can be kept from an adversary.
It might seem obvious that compilations of unclassified items of information should not be classified. When an individual item of information is unclassified, then a decision has been made that this item of information does not need the special kind of protection prescribed for classified information and that the information does not need to be kept from an adversary for national security reasons. If individual items of information are not protected from an adversary, then an adversary can obtain and compile them. Consequently, it would seem that a compilation of items of unclassified information should not be classified when an adversary can independently prepare the same compilation. However, there are many instances where compilations of previously unclassified information have been classified.+
+ For example, compilations of unclassified titles or unclassified summaries of classified DoD projects have sometimes been determined to be classified because trends of classified DoD research and development are thereby revealed. If trends of classified research warrant classification and those trends are revealed by compiling unclassified titles or abstracts of the classified projects, then the titles or abstracts of individual projects should be classified so that the trends are not revealed. Otherwise, there is no way to ensure that an adversary could not obtain the unclassified titles or abstracts and thereby detect those trends.
It is important, for two major reasons, not to classify compilations of unclassified information. The first reason is to avoid classification costs when the classified information cannot be protected-- when an adversary can obtain that information by independent, nonespionage efforts. The second reason is to maintain the credibility of the classification program, an important aspect of successful classification policy. It is difficult to maintain classification credibility or to ensure that information that truly warrants protection for national security reasons is protected when information that obviously cannot be protected is nevertheless assigned a classification category and level.Classification specialists do not agree that compilations of unclassified information should be unclassified in all circumstances. This chapter provides a comprehensive discussion of the classification of compilations of unclassified information. It also examines whether a compilation of many items of information classified at one level (e.g., Confidential) can sometimes be classified at a higher level (e.g., Secret). Finally, this chapter proposes certain rules for use when the classification of compilations of information is being considered.
It should be noted that the classification of information because of its association with other information is a subject different than the classification of compilations of information. Information that is unclassified per se can be classified when it is associated with certain other information (e.g., materials or components that are unclassified per se may be classified when associated with a classified project or hardware item). This chapter's discussion about classification of compiled information assumes that there is no association of information within the compilations that would make the compilations classified. Classification of associations is discussed in Chapter 9.
DEFINITION OF THE TERM COMPILATION
Many of the differences of opinion about the classification of compilations of unclassified information probably are a result of ambiguities from the meaning of "compilation." Some of those differences can therefore be eliminated by defining compilation. In this report, a compilation is defined as an orderly arrangement of preexisting materials (facts, statistics, etc.) gathered from many sources into one document.
To further aid in the discussion of classification of compilations, it is useful to establish two major types of compilations: (1) compilations that have had no substantive value (information) added by the compiler (true compilations), and (2) compilations to which substantive value has been added by the compiler. The first type of compilations contains only information present in the individual items of information that constitute the compilation. The second type of compilations contains substantive information added by the compiler [e.g., the compiler used expert judgment to select certain information for the compilation, or the compiler added new substantive information (e.g., critical comments) to available information]. The same classification rule does not apply to both types of compilations. The following two sections consider these two kinds of compilations.
COMPILATIONS OF UNCLASSIFIED INFORMATION
WITH NO SUBSTANTIVE VALUE ADDEDDescription of Compilations with No Substantive Value Added
Compilations of information to which no substantive value (information) has been added by the compiler merely contain existing information arranged in an orderly fashion (i.e., they are true compilations). The compiler has not used judgment to select or discard items of information and has not otherwise added information based on subject-matter expertise-- the compiler has not added any substantive value to the information selected for the compilation. Also, the compiler has not added any information that was not present in the individual items that constitute the compilation. The compiler has not increased the total store of knowledge concerning the subject of the compilation.
These kinds of compilations may be prepared by someone without expertise in the subject matter of the compilation. One example of such a compilation is a township map that shows the location, size, and ownership of parcels of land as obtained from public records. Another example is data on the highway mileage between all the cities in a state, prepared from city, county, or state highway maps available to the public. A third example is a directory of names in alphabetical order and addresses of residents of a city produced from an unordered file containing those names and addresses. A final example is a list of all of the report titles prepared for a specific governmental agency during a fiscal year and sent to the National Technical Information Service (NTIS), where the individual report titles were obtained from NTIS publications or the NTIS data base. The compilations could be prepared by clerical personnel, in contrast to surveyors, tax assessors, or technical experts. These compilations are useful because a compiler has gathered all of the pertinent information on a subject and arranged it in a form that enables the convenient use of that information.
Classification of Compilations with No Substantive Value Added
Proposed Classification Rule and Its Rationale. Compilations of unclassified information to which the compiler has added no substantive value (i.e., no substantive information) should not be classified. This conclusion is based on a fundamental principle of classification—that classified information cannot be completely subdivided into separate, unclassified components. DOE has stated this principle as follows:
Information that is classified under the Atomic Energy Act must not be so subdivided that all its components (including contextual information) are unclassified.*
This is sometimes called the keystone principle of classification. This keystone principle may be visualized by considering a classified photograph or drawing that has been subdivided into many components (e.g., pieces of a puzzle), each of which reveals an item of information. According to the keystone principle of classification, not all of the components can be unclassified if the entire entity is classified. One or more key pieces must be classified so that the entire "picture" cannot be obtained when all of the unclassified pieces are assembled. Thus, if individual items of information are truly unclassified (i.e., if no classification error has been made), then assembling (compiling) the items cannot reveal classified information.
* This rule is stated in several DOE classification guides.
A proposed rule for classifying compilations of unclassified information when no substantive value has been added by the compiler is as follows. This is a corollary to the basic DOE classification principle.
If all components (including contextual information) of a compilation are unclassified, and no substantive information (value) has been added by the compiler, then the compilation should not be classified.
The essence of this rule was set forth over 30 years ago by the AEC in a 1958 AEC Monthly Classification Bulletin:
A compilation of unclassified information is unclassified. Therefore, if an area of information has an overall classification some, if not all, of the data which makes up this area must be classified.+
The Nuclear Regulatory Commission has published similar guidance for the classification of compilations:+ A 1959 AEC Monthly Classification Bulletin contained the following statements that are of interest with respect to classification of compilations and are consistent with the proposed rule:
Attention is called to the fact that a collection of apparently individually unclassified data may reveal classified information, for example, (1) through association or (2) by revealing a significant quantity or rate. In the first case, certain technical data might be quite properly unclassified but would reveal classified information concerning a particular program if related to it. Any data indicating this association should be classified to avoid this. In the second case, certain production, processing, or shipping records reveal, individually, such a minor quantity of work or material or cover such a minor period of time that they are handled as unclassified or of relatively low classification. A sufficient number of such records taken together, however, can reveal totals which are significant enough to the program to carry a higher classification. Therefore, enough of the individual records must carry the higher classification so that the sufficient number referred to cannot be assembled at the lower classification. Note that these particular records will not be overclassified, because the basic rule is that classification should not be by content alone but by what is revealed in conjunction with other classified information.Compilations of unclassified information are generally considered to be unclassified unless some additional factor is added in the process of compilation. For example: (a) The fact that the information is complete for its intended purposes may be classified; or (b) the fact that compiled information represents an official evaluation may be classified.1
This proposed rule for the classification of compilations of unclassified information is consistent with a requirement of EO 12356 for the classification of information. EO 12356 indicates that only information that is "owned by, produced by or for, or is under the control of the United States Government" can be classified as National Security Information.*, 2 If individual items of information that constitute a compilation are unclassified, then they are not under the control of the government to the extent required by security procedures for protecting classified information (e.g., the documents containing the items of information are not kept in secure repositories while they are unattended, and they are not marked to be kept from unauthorized persons). According to EO 12356, if none of the items of information in a compilation is controlled by the government to the extent required for classified information, then the compilation should not be classified as NSI.* Restricted Data or Formerly Restricted Data do not have this explicit control requirement. However, it would generally be futile to classify such information if the dissemination of the information could not be controlled by the government.
Another EO 12356 requirement supports the conclusion that compilations of unclassified information with no substantive value added by the compiler should not be classified. EO 12356 states that information may be classified only if its unauthorized disclosure reasonably could be expected to cause damage to the national security.3 That order defines three levels of classification -- Confidential, Secret, and Top Secret -- that correspond to three levels of damage—damage, serious damage, and extremely grave damage.4 Providing three different damage levels indicates that damage quantification is expected. If the unauthorized release of an item of information reasonably could be expected to cause damage, then the information is considered Confidential.5 Let us assume that the damage caused by the release of an item of Confidential information would be 1 on an arbitrary scale of damage. (For Secret and Top Secret information, the damage value would be greater.) The release of an unclassified item of information would cause no damage (0) to the national security (by definition of what constitutes classified information). Therefore, no matter how many items of unclassified information are compiled, the sum of the damages caused by their release would still be zero and the compilation should not be classified.++ Note that this rationale might not always lead to this conclusion if classification's risks and benefits are required to be balanced before a classification decision is made. This is because when considering a number of items of information, the risks might be independent and completely additive whereas some of the benefits might be identical and therefore should not be counted more than once. Therefore, when balancing the risks and benefits of classification of certain individual items of information, a result might be that the benefits would always exceed the risks, but when considered as a whole, the sum of the risks might exceed the sum of the benefits. The other reasons for not classifying compilations of unclassified information, given above, are not affected if risks and benefits are balanced when making classification decisions.
EO 12065, the immediate predecessor to EO 12356, included a statement that "references to classified documents that do not disclose classified information may not be classified or used as a basis for classification."6 This seems to indicate that a compilation of unclassified titles of classified documents would not have been considered classified under EO 12065.** There have been instances where compilations of unclassified titles to classified documents were assigned a classification. See a following section for such an example.
Trade Secret Law and the Proposed Classification Rule. There are many similarities between the classification and protection of national defense and foreign relations information (state secrets) and the identification and protection of trade secrets (see Appendix A). Therefore, it is useful to examine the extent to which compilations of information important to businesses are protected under trade secret law to help determine whether similar compilations of government information should be classified.A compilation of unclassified technical information is analogous to a combination of a series of widely known industrial processes such as common shop practices. A combination of common shop practices will not be considered a trade secret unless the combination is unique (i.e., unless something substantive or some special insight was added when that combination was developed).7 "A trade secret can exist in a combination of characteristics and components, each of which, by itself, is in the public domain, but the unified process, design and operation of which is in unique combination, affords a competitive advantage, and is a protectable secret"8 (emphasis added). The rule that a compilation of unclassified information should not be classified if it has had no substantive value added by the compiler is therefore consistent with trade secret law, which requires that a combination of publicly available information have substantive value added before that combination (compilation) is a trade secret.
Copyright Law and the Proposed Classification Rule. Classification and copyright protection are also somewhat analogous to common shop practices since classification protects information from unauthorized disclosure to adversaries and copyright protects materials from unauthorized use by a competitor.
Copyright protection is provided by a U.S. statute to "original works of authorship,"9 including compilations.10 Under copyright law, a compilation is defined as "a work formed by the collection and assembling of preexisting materials or data that are selected, coordinated, or arranged in such a way that the resulting work as a whole constitutes an original work of authorship."11 An important question concerning the copyrightability of compilations of information available to the public (i.e., unclassified) is what constitutes an "original work of authorship." Originality, with respect to compilations and copyright law, may be achieved by arranging facts in a systematic fashion,12, 13 or by adding material to facts,+, 14 (e.g., adding substantive value). It is the selection (e.g., names in a social register, stocks in the Dow Jones listings15) or arrangement of facts that is copyrightable, not the facts themselves.16, 17, 18 Copyrighting a compilation does not affect the status of the materials that are in the public domain and from which the compilation was made.19, 20
+ If material is added to existing facts, then the result would not seem to be a mere compilation but would include added information, added value, and would be copyrightable for that reason.
Copyright law requires that a compiler of information available to the public use subjective judgment before a compilation can be copyrighted. Therefore, the rule that compilations of unclassified information cannot be classified unless substantive value is added by the compiler is consistent with copyright law, which protects only compilations that derive their value from the compiler's expert judgment or originality used in preparing the compilation.Judicial Decisions Supporting the Proposed Classification Rule. A 1976 Federal District Court case involved a compilation of unclassified titles of technical reports on research projects under way for DoD. Some of the technical reports were classified, but their titles were unclassified. Compilations of those unclassified report titles (Technical Abstract Bulletin Indexes) had been issued as unclassified for several years until DoD began classifying them because the compilations were believed to reveal research directions and trends of national defense importance. A FOIA request was made for the classified document (the compilation of unclassified titles), the request was refused by DoD, and the matter was litigated. A Federal District Court ordered DoD to release all of the unclassified entries in the document.21 Since that meant that all of the report titles in the compilation would have to be released, DoD released the entire document as an unclassified document.22 Although the court did not address the question of whether the compilation was improperly classified, the practical effect of its decision was that the compilation itself was an unclassified document. This result is consistent with the proposed classification rule.
Views Not Supporting the Proposed Classification Rule. The proposed rule that compilations of unclassified information should not be classified unless substantive value is added by the compiler is not unanimously accepted. Those opposing this rule believe that compiled items of unclassified information should sometimes be classified. Sometimes a compilation is said to be classified when it contains a nearly complete list of certain items of information that are unclassified when they are isolated items of information. For example, classification guides dealing with communications security (COMSEC) matters have included guidance to the effect that individual inventory reports of certain COMSEC materials are unclassified, but reports that contain a "substantially complete" listing of those materials at a facility are classified. As discussed earlier, it does not seem effective to classify such a listing because an adversary could obtain the same information from the unclassified individual reports.*
* In addition to not being a sound classification guide, such guidance cannot be applied consistently because of differing interpretations by classifiers as to what quantitatively constitutes a "substantially complete" listing. Is it 75% of the total? 85%? 95%? 99%? See also E. Smith, "Applying Derivative Classification," J. Natl. Class. Mgmt. Soc., 18, 106–115 (1982), p. 114, which discussed a hypothetical situation where information giving the location of one U.S. missile silo was unclassified but the locations of all (e.g., 500) silos were classified. Some unanswered questions were: What was the classification of the location of 23 missile silos? Of 499 missile silos? Of 498 missile silos?
Sometimes a compilation is said to provide information not present without the compilation. That is, it is said the compilation itself makes evident some classified information not revealed by individual items of information when they are isolated from each other. This new information is perceptible because of the compilation.22, 23, 24 Under that situation, some classifiers believe that the compilation should be classified. This view receives some support from DoD.* DoD stated that normally a compilation of unclassified items should not be classified, but that "in unusual circumstances, classification may be required if the combination of unclassified items of information provides an added factor that warrants classification . . . ."+, 25 Individually unclassified items that become classified when associated with one another have been cited as an example of this added factor.++, 26 However, as mentioned earlier, classification because of associations is a separate topic from classification of compilations.
Another problem with such vague classification guidance is that when a derivative classifier, the intended user of the guide, determines the specific number of inventory items that constitutes a substantially complete list of those items, which he or she must do to determine whether a list of those items is classified, then that derivative classifier is making an original classification decision. The derivative classifier is defining what is meant by "substantially complete." Derivative classifiers are not authorized to make original classification decisions. Therefore, it seems that such classification guidance (the "substantially complete" guidance) can be used only by original classifiers. That result certainly was not intended by the agency that issued the classification guide.* However, DoD's Coolidge Committee cited DoD's classification of compilations of unclassified data as an example of DoD's "attempt to do the impossible—to keep as classified [that] information which can no longer be withheld" [Report to the Secretary of Defense by the Committee on Classified Information, C. A. Coolidge, Chairman, Department of Defense, Nov. 8, 1956, p. 8]. The Coolidge Committee was a special committee established by the Secretary of Defense to investigate the classification of information within DoD. The Committee Chairman was C. A. Coolidge, a former Assistant Secretary of Defense. The other members of the committee were four senior retired officers from the Air Force, Army, Marine Corps, and Navy. The report's conclusion on the inappropriateness of classifying compilations of unclassified information is especially notable because of the high quality of the members of the Coolidge Committee and their considerable experience in dealing with classified information. Others have also remarked on a DoD tendency to inappropriately classify compilations of unclassified information [W. G. Florence in "Executive Classification of Information—Security Classification Problems Involving Exemption (b)(1) of the Freedom of Information Act (5 U.S.C. 552)," HR 93-221, Third Report by the Committee on Government Operations, U.S. House of Representatives, 93d Cong., 1st Sess., Supt. of Documents, 1973, p. 46ff].
In situations such as those described in the preceding paragraph when classified information is alleged to have been obtained via compilations of unclassified information, it is likely that a classification error was made. That is, the classification guidance applicable to the situation was not comprehensive. The guidance did not include all of the inferences that an expert could draw from the information under consideration for classification. The inferences should include the associations that could be made when combining the information under consideration for classification with all of the existing unclassified information. A classification determination must always be based on the assumption that any person who receives the information under consideration for classification is (1) highly qualified in that particular field of technology and (2) thoroughly familiar with all related information that has already been issued as unclassified.*, + Thus, when a compilation of unclassified information is said to reveal new, classified information, it is probable that the existing classification guidance should be revised to classify one or more of the individual items of information that lead to the revelation of this new information.+ The author wonders whether DoD's views on classification of compilations might not be strongly influenced by, or a consequence of, DoD's policy on classification paragraph marking (i.e., specifically designating the classification of each paragraph in a document). Paragraph marking has long been practiced in DoD for National Security Information. [See, for example, G. MacLain, "Panel--Government Classification Management Policies and Programs," J. Natl. Class. Mgmt. Soc., 2, 69–75 (1966), p. 74.] Portion marking, essentially the same as paragraph marking, is now required by Executive Order [EO 12356, Fed. Reg., 47, 14874 (Apr. 6, 1982), §1.5(b); Information Security Oversight Office, "Directive No. 1," 32 CFR 2001.5(a)(3)]. DOE does not paragraph mark Restricted Data or Formerly Restricted Data. One of the reasons for not paragraph marking is that within a document, the classification of a paragraph has to be evaluated in the context of the information contained in the other paragraphs of the document [R. R. Fredlund and D. E. Whitman, "The Great Debate . . . Continues," J. Natl. Class. Mgmt. Soc., 22, 152–192 (1986), pp. 156–157, 163]. Therefore, when following DoD rules for paragraph marking, the importance of connections or associations of information in the paragraph with other information in the document may be overlooked. [See, for example, K. Wilson, comments at a National Classification Management Society meeting as reported in J. Natl. Class. Mgmt. Soc., 3(2), 91 (1967).] It is only when the isolated paragraphs are closely connected (e.g., as part of a compilation) that the correct classification, which includes the effects of associations, becomes more apparent. Therefore, if a document has been paragraph marked, then one may have to invoke the "compilation theory" to correct the classification errors caused by portion marking. (This is, admittedly, an oversimplification of the situation, but it does help to explain why DoD sometimes finds it necessary to invoke the compilation theory.)
++ As stated earlier in this paper, such an example should be classified because of associations, not because it is a compilation.
* "The significance of one item of information may frequently depend upon knowledge of many other items of information. What may seem trivial to the uninformed, may appear of great moment to one who has a broad view of the scene and may put the questioned item of information in its proper context" [United States v. Marchetti, 466 F.2d 1309, 1318 (4th Cir.), cert. denied, 409 U.S. 1063 (1972)].
EO 12356 is said by some to provide a basis for classification of a compilation of unclassified bits of information. Section 1.3(b) states that before information can be classified, an original classifier must determine "that its unauthorized disclosure, either by itself or in the context of other information, reasonably could be expected to cause damage to the national security"27 (emphasis added). The phrase "either by itself or in the context of other information," which was not present in the immediately preceding EO, is said to be recognition of the "compilation theory" of classification.28 A better interpretation of Sect. 1.3(b) would be that "in the context of other information" refers to associations of information, rather than compilations. As stated previously, it is a long-standing classification principle that allows associations of information to be classified when the association reveals classified information.+ "The business of foreign intelligence gathering in this age of computer technology is more akin to the construction of a mosaic than it is to the management of a cloak and dagger affair. Thousands of bits and pieces of seemingly innocuous information can be analyzed and fitted into place to reveal with startling clarity how the unseen whole must operate" [Halkin v. Helms, 598 F.2d 1, 8 (U.S. App. D.C., 1978)].
Judicial Decisions not Supporting the Proposed Classification Rule. In a 1982 case [Taylor v. Department of The Army, 684 F.2d 99 (D.C. Cir., l982)], a newspaper reporter had requested, under FOIA, the U.S. Army's numerical ratings for the four measured resource area ratings (MRARs) for all of its 168 major combat units. At the time of the request, an Army regulation unequivocally stated that the MRARs for single units were unclassified. However, the Army interpreted its regulation to mean that the raw data were unclassified, not the MRARs, and refused to provide the MRARs because they were considered by the Army to be classified. Subsequently, a Federal District Court directed the Army to release the information.
The District Court held that the requested MRARs should be released because an Army regulation concerning the MRARs specifically stated that the MRARs for a single unit were unclassified. Although the Army argued that the information should be denied because it was a compilation of unclassified information with an added factor and was therefore classified under another Army regulation, the District Court rejected this argument. The District Court said that requesters could avoid the compilation problem by having different individuals submit FOIA requests, one-by-one, for the ratings of the different units. The District Court was not convinced otherwise by an Army affidavit that stated that an attempt to get the MRARs one by one "would have been uncovered at a very early stage" and that those individual MRARs would not have been provided by the Army.29
The Army appealed that decision to a Circuit Court, which reversed the District Court decision. The Circuit Court accepted the argument that the information was classified, relying on affidavits from three Army generals which stated that this information had always been considered classified by the Army (the applicable Army regulation had been promulgated about 18 years earlier). The court stated that the Army should be accorded great deference in construing its own regulation.*, 29 The Circuit Court also may have been influenced by the Army's action, taken immediately after they first denied the request for the MRARs, to change its regulation to specifically classify the MRARs for a single unit as Confidential.+ The court also accepted the Army's argument (supported by the affidavits of two generals) that the requested information was a compilation of unclassified information with an added factor of sensitivity and was classifiable under another Army regulation.++
* It is the general rule that courts extend great deference to an agency's interpretation of its own regulations, especially when those regulations concern information of national security significance (i.e., classified information).
Although the Court in Taylor v. Department of the Army accepted the argument that compilations of unclassified information could be classified, the Court's decision appears to rely mostly on the Army's affidavits that the Army had always considered the requested information to be classified and on the fact that the Army had immediately revised its regulations to explicitly declare that information to be classified. Also, the court stated that the requested compilation had an "added factor."30 An added factor such as substantive information provides a basis other than the compilation theory by which a compilation can be classified (see the following section). Therefore, upon detailed analysis, Taylor v. Department of the Army does not appear to be inconsistent with the proposed rule which forbids the classification of compilations of unclassified information without substantive information (value) being added.+ It is also of interest to note that one of the reasons why "vulnerabilities or capabilities" was included in the list of classifiable areas of NSI in EO 12356 was DoD's request to add this area so that there would be an additional, specific basis for classifying information on the readiness of Army units [S. Garfinkel, "An Information Security Oversight Office Overview of Executive Order 12356 and Its Implementing Directive," J. Natl. Class. Mgmt. Soc., 18, 17–23 (1982), pp. 20–21].
++ The portions of the affidavits cited in the court's opinion are not convincing with respect to the "added factor" argument. The affidavits seem to state that one could determine the Army's combat potential from the compilation and that the compilation was therefore "clearly classifiable information" [Taylor v. Department of the Army, 684 F.2d 99, 103 (D.C. Cir., l982)]. The Army's combat potential is not an added factor to the compilation but is an accurate indication of the information that can be deduced from the individual items of information contained in the compilation.
A 1987 U.S. Circuit Court decision also appears to lack support for the proposed rule. This decision, American Friends Service Committee v. Department of Defense,31 concerned DoD's Technical Abstract Bulletins (TABs). DoD used the "compilation" theory to classify those TABs. A U.S. District Court decided, via summary judgment, that the TABs were properly classified. The Circuit Court to which the District Court's decision was appealed also accepted the compilation theory. However, the Circuit Court's discussion of the compilation theory described it as classification in context,32 which as mentioned earlier has long been accepted as a legitimate reason for classification. Although the DoD compilation theory was accepted, the Circuit Court vacated the District Court decision and remanded the case for several findings of fact. One question to be answered on remand was whether a significant number of the TAB entries were also published in the NTIS catalog, which is available at public libraries.33 By the time the case was considered again by the District Court, DoD was no longer publishing the TABs but was publishing another document that omitted certain information contained in the TABs. Therefore, future information of the type requested by the plaintiff, American Friends Service Committee, was available. Since this action by DoD appeared to demonstrate that the information contained in the previous TABs was segregable, the plaintiff asked that DoD provide the requested information from those TABs. However, the District Court denied that request.*
* The information concerning the action of the District Court on remand was provided to the author by Ms. Julie Shapiro, Philadelphia, Penn., attorney for American Friends Service Committee. A written opinion has not been filed by the District Court.
COMPILATIONS OF UNCLASSIFIED INFORMATION
WITH SUBSTANTIVE VALUE ADDEDDescription of Compilations with Substantive Value Added
A compilation of information with substantive value (information) added by the compiler is a compilation prepared by a compiler whose expertise in the subject of the compilation was necessary to prepare that compilation. This type of compilation is significantly different from a mere compilation of information. The compiler's expert judgment may have been used to select specific, pertinent information (e.g., the "reliable" information) from a broader array of available information. Technical handbooks (e.g., the Handbook of Chemistry and Physics34) are examples of such compilations. Substantive value is also added when a compiler includes all relevant information and then provides critical comments (expert evaluations) on the accuracy or reliability of that information. Scientific and technical review articles are examples of this type of evaluation. The latter "substantive value added" compilation is frequently designated a review, a critique, an analysis, an evaluation, or some other similar term.
Classification of Compilations with Substantive Value Added
If a compiler has added some information of substantive value to a compilation of unclassified information, then the resulting compilation should be classified (1) if the added information is considered to be classified per se, (2) if the added information is classified because of association with the preexisting information, or (3) if the preexisting information is classified when associated with the added information. This is not a new rule proposed for the classification of compilations of unclassified information with substantive value added. Rather, it is a principle by which all documents are evaluated to determine the security classification of the information contained therein.
Judicial Decisions on Classification of Compilations
with Value AddedA 1978 Federal District Court case involved a request for the release of a compilation of the number and exact titles of National Security Study Memoranda and National Security Decisional Memoranda issued between January 20, 1969, and the date of the request.35 The National Security Council (NSC) compiled that information but then refused to release this compilation because it contained classified information (i.e., the compilation included classified and unclassified titles and also gave the chronological sequence in which the individual reports were produced). The requester then asked for a compilation of the unclassified titles, and the NSC again refused to release the requested information. The staff secretary of the NSC submitted an affidavit stating that "access to the unclassified titles in their totality would . . . enable a foreign intelligence analyst to identify the kinds of issues of grave concern to the United States and the way in which this government reacts to world events, and also to gain unique insights into the method by which issues of this kind are identified, studied and resolved by the President."36 Government affidavits also stated that the compilation would provide other nations "with valuable information and insight pertaining to the focus and timing of key U.S. foreign policy concerns."37 The court determined that the list was "reasonably classified in full, unclassified titles included,"38 and exempted the list from release. The sequential nature of the titles on the lists may have been a major factor in the decision, since the court said that "this decision is, however, without prejudice to any future claim by plaintiff for access to any unclassified documents now in existence, or any unclassified documents that may come into existence, which list the unclassified titles . . . in `scrambled' sequence and in edited form . . . ."39
Although the titles to the reports in the compilation were unclassified, the compiler had listed those titles in chronological order and had included the dates when the reports were prepared. The court was of the opinion that those dates added substantive information (value) to the compilation, particularly with respect to intelligence considerations. The court therefore upheld the agency's determination that the compilation should be a classified document. This outcome is consistent with the general rule that compilations of unclassified information should be classified if no substantive value is added by the compiler.*
* This outcome is also very consistent with the general rule that courts should extend the utmost deference to opinions of an agency's experts concerning the classification of documents generated by that agency.
COMPILATIONS OF UNCLASSIFIED INFORMATION
REQUIRING SUBSTANTIAL EFFORT TO COMPILEOne reason for classifying information is to make an adversary expend its own resources to get that information. A typical example of this situation is the classification of scientific or technical data that would be useful to an adversary and that the adversary could obtain by the straightforward application of its available scientific or technical resources and by other well-known methods. If the data are classified, then the adversary must expend its resources to get the data, resources that might otherwise be used to harm our nation. However, because of the inherent costs associated with classifying information, normally such scientific or technical data are not classified unless substantial resources would be required to obtain the data. That is, the information is not classified unless publishing it would save an adversary a substantial amount of effort in acquiring that information by the adversary's own efforts.
A potential rule (and an exception to the previously proposed rule) for the classification of compilations of information that have required substantial efforts to produce is as follows:
If a substantial effort was required to produce a compilation of unclassified information and if an adversary would expend about the same effort to independently get that information, then that compilation should be classified.
There is even reasonable quantitative guidance available as to what constitutes substantial effort.** See Chap. 5, which mentions a 15 person-year effort established as a guideline when considering the declassification of information during the Manhattan Project.
However, the "substantial effort" principle, with respect to classifying scientific or technical data, is limited to data obtained by using scientific or technical expertise. Even though the effort to obtain scientific or technical data is a straightforward application of known principles, scientific or technical expertise is necessary to apply the principles and obtain the data. The compilations to which the above-mentioned potential rule would apply are those which require no subject-matter expertise to produce.+ The two situations are not comparable. The accepted classification principle that allows classification of scientific or technical data when substantial scientific or technical effort was required to produce that data is analogous to the classification of compilations that require expertise for their production (compilations with substantive value added during their production). Thus, there appears to be no basis to classify a compilation simply because substantial effort was required to produce that compilation.+ If expertise in the subject matter of the compilation was required for production of the compilation, then the compilation could be classified because of the substantive value added by the expert(s) (see previous discussion).
This conclusion is consistent with copyright and trade secret law. The majority view in copyright law holds that the effort required to obtain information for a compilation is not a factor in determining whether the result is copyrightable.++ Although some courts have extended copyright protection to certain types of compilations to protect "the product of the compiler's industry,"40 or "the compiler's effort in collecting the data,"41 theirs is a minority view. The policy of that minority line of decisions seems to be to prevent unfair use of an author's efforts, that is, to require others to do independent research to get the benefits therefrom.**, 42 Trade secret law is consistent with copyright law on this matter. The effort required to develop a new arrangement of preexisting, publicly available information is not a factor in deciding whether that arrangement is a trade secret.+++, *** Therefore, a "substantial effort exception" to the proposed rule on classification of compilations of unclassified information is not supported by the majority views in copyright or trade secret law.++ Most U.S. Circuit Courts hold that the labor required to produce a compilation is not a factor in determining whether the product can be copyrighted. [See D. E. Shipley and J. S. Hay, "Protecting Research: Copyright, Common-Law Alternatives, and Federal Preemption," N. Car. L. Rev., 63, 125–181 (1984).]
CLASSIFICATION LEVEL OF COMPILATIONS** Those cases seem to hold that when significant labor is expended to produce a compilation, even though the compiler has not created a unique arrangement of pre-existing data, then someone else should not be able to use those fruits of the compiler's labor without the authorization of the compiler. However, the majority view seems to be that "protection of original research of information in the public domain [e.g., compilations of publicly available information] is better afforded under an unfair competition [legal] theory" [Southern Bell Telephone and Telegraph Company v. Associated Telephone Directory Publishers, 756 F.2d 801, 809–810 (11th Cir., 1985), note 9].
+++ It has been implied that if substantial effort is required to develop a series of common shop practices into a process, that the combination will be considered a trade secret [D. C. Maizel, "Trade Secrets and Technical Data Rights in Government Contracts," Military L. Rev., 114, 227–298 (1986), p. 233, citing Comp. Gen. Dec. B-187051 (Apr. 15, 1977), 71-1 CPD para. 262]. However, there is little case authority to support this result [R. M. Milgrim, Milgrim on Trade Secrets, Matthew Bender & Co., Inc., New York, 1987, §2.02[2], p. 2-33].
*** However, the extent of effort (e.g., research and development effort) required to develop information is a factor in determining whether information is a trade secret. The distinction is between creative efforts and efforts dealing with pre-existing public domain information.
OF CLASSIFIED INFORMATIONThe accepted rule concerning the classification of compilations of classified information is that the compilation is classified at the same level as the highest classification level of any item of information contained therein. However, consistent with sound classification principles, under certain conditions a compilation of many items of information, all of which are classified at one level (e.g., Confidential), can be classified at a higher level (e.g., Secret). This conclusion is based on certain classification of information requirements contained in EO 12356 as described in the following paragraph.
EO 12356 states that information may be classified only if its unauthorized disclosure reasonably could be expected to cause damage to the national security.3 The three levels of classification defined by this order -- Confidential, Secret, and Top Secret -- correspond to three levels of damage—damage, serious damage, and extremely grave damage.4 Providing for three levels of damage indicates quantification of that damage by a classifier. If the unauthorized release of an item of information reasonably could be expected to cause damage, then it is considered Confidential information5 (assume 1 on an arbitrary damage scale). Release of an item of Secret information could cause serious damage (assume 100 on the damage scale). Release of an item of Top Secret information could cause extremely grave damage (assume 10,000 on the scale). On that basis, the release of a compilation of l00 different* items of Confidential information, with each item causing a damage of 1 if released, could cause an aggregate damage of 100. Therefore, a compilation of 100 or more different items of Confidential information should be classified Secret since its release could cause damage of 100 or more. The same rationale would apply to classifying as Top Secret a compilation of 100 or more different Secret items of information.
* The requirement that the items of information be different is meant to preclude classifying at a higher level a compilation of items of information, each item of which carries a lower classification level, where each item reveals essentially the same information. Thus, a list of 100 different codes, each classified as Confidential, where each code provides access to the same classified computer system, would not be classified Secret because the release of all of the codes would probably not cause much more damage than release of one code.
On the basis of the foregoing discussion, a potential rule for the classification level of compilations of classified information is as follows:A compilation of many different items of information classified at one level (e.g., Confidential) should be classified at a higher level (e.g., Secret) if the total damage caused by the unauthorized release of all of these items of information would equal or exceed the damage caused by the release of one item of information classified at that higher level.
This is, in theory, a potentially useful principle to help determine classification levels of documents. Although it is difficult to quantify damages for the unauthorized disclosure of each item of information to the extent required to apply this rule, that difficulty is not different from the problems already frequently encountered by original classifiers when determining whether information should be classified and, if so, at what level. Unfortunately, there appear to be some security-related obstacles to implementing such a rule. Consider Confidential Restricted Data (CRD), which is available (within DOE on a need-to-know basis) to L-cleared personnel, and Secret Restricted Data (SRD), which is available to Q-cleared personnel but not to L-cleared personnel. Consider also the previously mentioned values for individual different items of Confidential information (1) and Secret information (100). Presumably, an L-cleared person could acquire, on a need-to-know basis, over 100 different CRD items of information. By the previously shown rule for classification level of compilations, that L-cleared person then would have knowledge of SRD information, which would not be in accord with DOE's security regulations. What would the Security Department do in such a situation—request a Q-clearance for that employee or give someone a security infraction for providing SRD to an L-cleared person? Consider also two reports containing only CRD information. One contains 60 CRD items and the other contains 50 CRD items, for a total of 110 different CRD items of information. An L-cleared person would need only acquire those two reports to obtain information classified as SRD by the rule shown above. These types of situations would occur frequently if the above-mentioned rule was implemented. Obstacles cited above would cause significant problems in applying this rule.CONCLUSIONS
The general rule proposed for the classification of compilations of unclassified information is as follows:
If all components (including contextual information) of a compilation are unclassified and no substantive information (value) has been added by the compiler, then the compilation should not be classified.
A "substantial effort" exception to this rule was considered and rejected as inconsistent with other classification principles and with trade secret and copyright law.The following rule was considered for establishing the classification level of compilations of classified information:
A compilation of many different items of information classified at one level (e.g., Confidential) should be classified at a higher level (e.g., Secret) if the total damage caused by the unauthorized release of all of these items of information would equal or exceed the damage caused by the release of one item of information classified at that higher level.
This latter rule appears sound in theory, but security-related difficulties associated with applying it to real-world situations may preclude its general use.REFERENCES
1. 10 CFR Part 75, App. A, Introduction, §D.6.
2. Executive Order 12356, Fed. Reg., 47, 14874 (Apr. 6, 1982), §6.1(b) and §6.1(c). Hereafter cited as "EO 12356."
3. EO 12356, Preamble.
4. EO 12356, §1.1(a).
5. EO 12356, §1.1(a)(3).
6. Executive Order 12065, 43 Fed. Reg. 28949 (July 3, 1978), §1-604.
7. Imperial Chemical Industries v. National Distillers and Chemical Corp., 342 F.2d 737 (2nd Cir., 1965); M. F. Jager, Trade Secret Law, Clark Boardman Co., Ltd., New York, 1988, pp. 5-53, 5-54, and citations therein.
8. Imperial Chemical Industries v. National Distillers and Chemical Corp., 342 F.2d 737, 742 (2nd Cir., 1965).
9. 17 U.S.C. §102(a) (1982).
10. 17 U.S.C. §103 (1982).
11. 17 U.S.C. §101 (1982).
12. T. M. Gerritzen, "Copyrighting the Book of Numbers—Protecting the Compiler: West Publishing Co. v. Mead Data Central, Inc.," Creighton Univ. L. Rev., 20, 1133–1166 (1987), p. 1163, n. 353. Hereafter cited as "Gerritzen."
13. Gerritzen, p. 1163.
14. Gerritzen, p. 1163, n. 349.
15. D. E. Shipley and J. S. Hay, "Protecting Research: Copyright, Common-Law Alternatives, and Federal Preemption," N. Car. L. Rev., 63, 125–181 (1984), pp. 141–142. Hereafter cited as "Shipley and Hay."
16. Rockford Map Publishers, Inc. v. Directory Service Co., 768 F.2d 145, 149 (7th Cir.), reh'g denied, 768 F.2d 145 (7th Cir. 1985).
17. Shipley and Hay, p. 125 ff.
18. Shipley and Hay, p. 138 (citations omitted). See also p. 141 ff.
19. 17 U.S.C. §103 (1982).
20. Gerritzen, p. 1146, n. 142.
21. Florence v. Department of Defense, 415 F. Supp. 156 (D.D.C. 1976).
22. A. Van Cook, "Department of Defense Panel," J. Natl. Class. Mgmt. Soc., 12(2), 29–42 (1977), pp. 39–40.
23. F. W. May, "Panel--Government Classification Management Policies and Programs," J. Natl. Class. Mgmt. Soc., 2, 76–80 (1966), p. 78.
24. G. MacClain, "Special Remarks," J. Natl. Class. Mgmt. Soc., 6, 105–110 (1970), p. 106.
25. U.S. Department of Defense, Information Security Program Regulation, DoD 5200.1-R, August 1982, §2-211.
26. A. L. Thomas, "Application of Security Classification Guides," J. Natl. Class. Mgmt. Soc., 25, 139–158 (1989), p. 145.
27. EO 12356, §1.3(b).
28. A. F. Van Cook, "Information Security and Technology Transfer, An OUSD Overview of Executive Order 12356 and DoD's View Concerning Implementation," J. Natl. Class. Mgmt. Soc., 18, 1–7 (1982), p. 3.
29. Taylor v. Department of the Army, 684 F.2d 99, 104 (D.C. Cir., 1982).
30. Taylor v. Department of the Army, 684 F.2d 99, 103-104 (D.C. Cir., 1982).
31. American Friends Service Committee v. Department of Defense, 831 F.2d 441 (3rd Cir. 1987).
32. American Friends Service Committee v. Department of Defense, 831 F.2d 441, 445 (3rd Cir. 1987).
33. American Friends Service Committee v. Department of Defense, 831 F.2d 441, 446 (3rd Cir. 1987).
34. Handbook of Chemistry and Physics, 69th Edition, R. C. Weast (ed.), CRC Press, Inc., Boca Raton, Fla., 1988.
35. Halperin v. National Security Council, 452 F. Supp. 47 (D.D.C. 1978).
36. Halperin v. National Security Council, 452 F. Supp. 47, 50 (D.D.C. 1978).
37. Halperin v. National Security Council, 452 F. Supp. 47, 50 (D.D.C. 1978), affidavit of Z. Brzezinski, Assistant to the President for National Security Affairs.
38. Halperin v. National Security Council, 452 F. Supp. 47, 52 (D.D.C. 1978).
39. Halperin v. National Security Council, 452 F. Supp. 47, 52, n.6 (D.D.C. 1978).
40. Schroeder v. William Morrow & Co., 566 F.2d. 3 (7th Cir. 1977), p. 5.
41. Rand McNally & Co. v. Fleet Management Systems, Inc., 600 F. Supp. 933 (N.D. Ill. 1984), p. 941.
42. Shipley and Hay, p. 135, citing Toksvig v. Bruce Publishing Co., 181 F.2d 664 (7th Cir. 1950), and Holdredge v. Knight Publishing Corp., 214 F. Supp. 921 (S.D. Cal. 1963).