The processes by which sensitive government information is protected often includes placing a security classification on the piece of information. There are few, if any governments which do not use a form of data classification to ensure the most sensitive and perhaps damaging to a nation’s well being is protected appropriately. Similarly, information which has little or no sensitivity should never be affixed with that same classification used by the most sensitive information. When this occurs, we call this “over classification,” and over classification truly is the enemy of classification.
Over classifying at the NRO
Over classifying information turns out to be an insidious resource suck on organizations charged with protecting the truly classified information. Resources, physical infrastructure, systems, processes or human capital are all components of keeping national secrets truly secret. The US National Reconnaissance Office (NRO) was recently raked over the coals by their own NRO Inspector General for the number of classification errors discovered during an internal audit (declassified and released publicly on 03 February 2014 – “NRO – Office of Inspector General: Evaluation of the National Reconnaissance Office Classification Management under Public Law 111-258, the Reducing Over-Classification Act (30 September 2013).”
The summary of recommendations, while directed to the NRO and their employees who handle classification of information, contains teachable moments for others in the US government who are also entrusted with the responsibility to classify (or declassify) sensitive information. When the Inspector General provides guidance to adhere with public law, it may be signalling to the entity that there is gross non-compliance. In this instance, an internal dust-up occurred with the NRO’s Office of Security and Counterintelligence issuing a non-concurrence to the Inspector General as it “did not provide specific comments on the recommendation.” What the inspection did show, however, is that the inspectors found:
- NRO Classification policies do not fully capture the federal classification requirements, and the NRO is not adhering to its classifications policies
- NRO Classification training is not adhering to its classification policies
- NRO OCA’s and derivative classifiers are not consistently classifying in accordance with the Order and Directive
- NRO OCA’s and derivative classifiers lack sufficient knowledge of their classification responsibilities; and
- NRO does not have a classification management self-inspection program in line with the requirement.
The report continued, because of these issues the “NRO is susceptible to the risk of persistent misclassification of NRO documents and information.” The year 2014 should be the year those classifying information redouble their efforts to ensure only information requiring classification is classified.
Are there too many cleared personnel?
The NRO’s Inspector General report was introspective, a separate and equally pointed report issued by the Office of Management and Budget (OMB) ” Suitability and Security Process Review – Report to the President” (February 2014) articulates the cost of the clearance process and the displeasure at the sheer number of cleared personnel – 5,150,379. Five million plus is admittedly large number of cleared personnel (of which approximately one million are contractor personnel), the OMB found that only 60 percent of those who had undergone background investigations and had been issued a security clearance at the Confidential/Secret or the Top Secret level of access actually “had access to classified information.” The cost of those clearances is not insignificant. According to the OMB, the Office of Personnel Management currently charges between $210-272 for a Secret level background investigation and processing and approximately $3959 for each for Top Secret access. As the OMB report states, “these costs add up.”
All US government agencies/departments handling classified information will attest, if they spend funds protecting that which does not require protection, they have wasted their operational expenditure, and the tax dollars of the nation. Recommendation: Classify only that which requires protection; submit for clearances only those who require access.
