[House Hearing, 108 Congress]
[From the U.S. Government Publishing Office]





     TOO MANY SECRETS: OVERCLASSIFICATION AS A BARRIER TO CRITICAL 
                          INFORMATION SHARING

=======================================================================

                                HEARING

                               before the

                   SUBCOMMITTEE ON NATIONAL SECURITY,
                   EMERGING THREATS AND INTERNATIONAL
                               RELATIONS

                                 of the

                              COMMITTEE ON
                           GOVERNMENT REFORM

                        HOUSE OF REPRESENTATIVES

                      ONE HUNDRED EIGHTH CONGRESS

                             SECOND SESSION

                               __________

                            AUGUST 24, 2004

                               __________

                           Serial No. 108-263

                               __________

       Printed for the use of the Committee on Government Reform


  Available via the World Wide Web: http://www.gpo.gov/congress/house
                      http://www.house.gov/reform


                                 ______

                    U.S. GOVERNMENT PRINTING OFFICE
98-291                      WASHINGTON : 2005
_____________________________________________________________________________
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpo.gov  Phone: toll free (866) 512-1800; (202) 512�091800  
Fax: (202) 512�092250 Mail: Stop SSOP, Washington, DC 20402�090001

                     COMMITTEE ON GOVERNMENT REFORM

                     TOM DAVIS, Virginia, Chairman
DAN BURTON, Indiana                  HENRY A. WAXMAN, California
CHRISTOPHER SHAYS, Connecticut       TOM LANTOS, California
ILEANA ROS-LEHTINEN, Florida         MAJOR R. OWENS, New York
JOHN M. McHUGH, New York             EDOLPHUS TOWNS, New York
JOHN L. MICA, Florida                PAUL E. KANJORSKI, Pennsylvania
MARK E. SOUDER, Indiana              CAROLYN B. MALONEY, New York
STEVEN C. LaTOURETTE, Ohio           ELIJAH E. CUMMINGS, Maryland
DOUG OSE, California                 DENNIS J. KUCINICH, Ohio
RON LEWIS, Kentucky                  DANNY K. DAVIS, Illinois
TODD RUSSELL PLATTS, Pennsylvania    JOHN F. TIERNEY, Massachusetts
CHRIS CANNON, Utah                   WM. LACY CLAY, Missouri
ADAM H. PUTNAM, Florida              DIANE E. WATSON, California
EDWARD L. SCHROCK, Virginia          STEPHEN F. LYNCH, Massachusetts
JOHN J. DUNCAN, Jr., Tennessee       CHRIS VAN HOLLEN, Maryland
NATHAN DEAL, Georgia                 LINDA T. SANCHEZ, California
CANDICE S. MILLER, Michigan          C.A. ``DUTCH'' RUPPERSBERGER, 
TIM MURPHY, Pennsylvania                 Maryland
MICHAEL R. TURNER, Ohio              ELEANOR HOLMES NORTON, District of 
JOHN R. CARTER, Texas                    Columbia
MARSHA BLACKBURN, Tennessee          JIM COOPER, Tennessee
PATRICK J. TIBERI, Ohio              BETTY McCOLLUM, Minnesota
KATHERINE HARRIS, Florida                        ------
------ ------                        BERNARD SANDERS, Vermont 
                                         (Independent)

                    Melissa Wojciak, Staff Director
       David Marin, Deputy Staff Director/Communications Director
                      Rob Borden, Parliamentarian
                       Teresa Austin, Chief Clerk
          Phil Barnett, Minority Chief of Staff/Chief Counsel

 Subcommittee on National Security, Emerging Threats and International 
                               Relations

                CHRISTOPHER SHAYS, Connecticut, Chairman

MICHAEL R. TURNER, Ohio
DAN BURTON, Indiana                  DENNIS J. KUCINICH, Ohio
STEVEN C. LaTOURETTE, Ohio           TOM LANTOS, California
RON LEWIS, Kentucky                  BERNARD SANDERS, Vermont
TODD RUSSELL PLATTS, Pennsylvania    STEPHEN F. LYNCH, Massachusetts
ADAM H. PUTNAM, Florida              CAROLYN B. MALONEY, New York
EDWARD L. SCHROCK, Virginia          LINDA T. SANCHEZ, California
JOHN J. DUNCAN, Jr., Tennessee       C.A. ``DUTCH'' RUPPERSBERGER, 
TIM MURPHY, Pennsylvania                 Maryland
KATHERINE HARRIS, Florida            JOHN F. TIERNEY, Massachusetts
                                     DIANE E. WATSON, California

                               Ex Officio

TOM DAVIS, Virginia                  HENRY A. WAXMAN, California
            Lawrence J. Halloran, Staff Director and Counsel
                        Robert A. Briggs, Clerk
             Andrew Su, Minority Professional Staff Member


                            C O N T E N T S

                              ----------                              
                                                                   Page
Hearing held on August 24, 2004..................................     1
Statement of:
    Leonard, J. William, Director, Information Security Oversight 
      Office, National Archives and Records Administration; Carol 
      A. Haave, Deputy Under Secretary of Defense, 
      Counterintelligence and Security, U.S. Department of 
      Defense; Steven Aftergood, Federation of Concerned 
      Scientists; and William P. Crowell, the Markle Foundation 
      Task Force on National Security in the Information Age.....    22
Letters, statements, etc., submitted for the record by:
    Aftergood, Steven, Federation of Concerned Scientists, 
      prepared statement of......................................    43
    Crowell, William P., the Markle Foundation Task Force on 
      National Security in the Information Age, prepared 
      statement of...............................................    61
    Haave, Carol A., Under Secretary of Defense for Intelligence, 
      U.S. Department of Defense, prepared statement of..........    36
    Kucinich, Hon. Dennis J., a Representative in Congress from 
      the State of Ohio, prepared statement of...................     9
    Leonard, J. William, Director, Information Security Oversight 
      Office, National Archives and Records Administration, 
      prepared statement of......................................    25
    Shays, Hon. Christopher, a Representative in Congress from 
      the State of Connecticut, prepared statement of............     3

 
     TOO MANY SECRETS: OVERCLASSIFICATION AS A BARRIER TO CRITICAL 
                          INFORMATION SHARING

                              ----------                              


                        TUESDAY, AUGUST 24, 2004

                  House of Representatives,
Subcommittee on National Security, Emerging Threats 
                       and International Relations,
                            Committee on Government Reform,
                                                    Washington, DC.
    The subcommittee met, pursuant to notice, at 10:05 a.m., in 
room 2154, Rayburn House Office Building, Hon. Christopher 
Shays (chairman of the subcommittee) presiding.
    Present: Representatives Shays, Platts, Kucinich, 
Ruppersberger, and Tierney.
    Staff present: Lawence Halloran, staff director and 
counsel; Thomas Costa, professional staff member; Jean Gosa, 
minority assistant clerk; and Andrew Su, minority professional 
staff member.
    Mr. Shays. A quorum being present, the Subcommittee on 
National Security, Emerging Threats, and International 
Relations hearing entitled, ``Too Many Secrets: 
Overclassification is a Barrier to Critical Information 
Sharing,'' is called to order.
    An old maxim of military strategy warns, ``He who protects 
everything, protects nothing.''
    Nevertheless, the United States today attempts to shield an 
immense and growing body of secrets using an incomprehensibly 
complex system of classifications and safeguard requirements. 
As a result, no one can say with any degree of certainty how 
much is classified, how much needs to be declassified, or 
whether the Nation's real secrets can be adequately protected 
in a system so bloated, it often does not distinguish between 
the critically important and the economically irrelevant.
    This much we know: There are too many secrets. Soon after 
President Franklin Roosevelt's first executive order on 
classification in 1940, the propensity to overclassify was 
noted. Since then, a long and distinguished list of committees 
and commissions has studied the problem. They all found it 
impossible to quantify the extent of overclassification because 
no one even knows the full scope of the Federal Government's 
classified holding at any given time. Some estimate 10 percent 
of current secrets should never have been classified. Others 
put the extent of overclassification as high as 90 percent.
    During the cold war, facing a monolithic foe determined to 
penetrate our national secrets, overclassification may have 
provided a needed security buffer. But the risk/benefit 
calculation has changed dramatically. Against a stateless, 
adaptable enemy, we dare not rely on organizational stovepipes 
to conclude, in advance, who should have access to one piece of 
an emerging mosaic. Connecting the dots is now a team sport. 
The cold war paradigm of ``need to know'' must give way to the 
modern strategic imperative, ``the need to share.''
    The National Commission on Terrorist Attacks Upon the 
United States, referred to as the 9/11 Commission, concluded 
that, ``Current security requirements nurture 
overclassification and excess compartmentation of information 
among agencies. Each agency's incentive structure opposes 
sharing, with risks--criminal, civil, and internal 
administrative sanctions--but few rewards for sharing 
information. No one has to pay the long-term costs of 
overclassifying information, though these costs--even in 
literal financial terms--are substantial.''
    The National Archives' Information Security Oversight 
Office, ISOO, reported that in 2003, more than 14 million 
documents were classified by the 3,978 Federal officials 
authorized to do so. They classified 8 percent more information 
than the year before. But recently declassified documents 
confirm the elaborate and costly security applied to some 
information is simply not worth the effort or expense. A former 
dictator's cocktail preferences and a facetious plot against 
Santa Claus are not threats to national security in the public 
domain, yet both were classified.
    The most recent ISOO report correctly concludes ``allowing 
information that will not cause damage to national security to 
remain in the classification system or to enter that system in 
the first instance, places all classified information at 
needless increased risk.''
    Current classification practices are highly subjective, 
inconsistent and susceptible to abuse. One agency protects what 
another releases. Rampant overclassification often confuses 
national security with bureaucratic, political or a diplomatic 
convenience.
    The dangerous, if natural, tendency to hide embarrassing or 
inconvenient facts can mask vulnerabilities and only keeps 
critical information from the American people. The terrorists 
know their plans. Fewer people classifying fewer secrets would 
better protects national security by focussing safeguards on 
truly sensitive information, while allowing far wider 
dissemination of the facts and analysis, the 9/11 Commission 
says, must be shared.
    Any discussion of intelligence reform must include a new 
approach to classification, one that sheds cold war shackles 
and serves the strategic needs to share information. Our 
witnesses this morning bring impressive experience and insight 
to this important issue and we look forward to their testimony. 
I welcome each of them.
    At this time, the Chair would recognize the ranking member 
of the committee, Mr. Kucinich.
    [The prepared statement of Hon. Christopher Shays follows:]

    [GRAPHIC] [TIFF OMITTED] T8291.001
    
    [GRAPHIC] [TIFF OMITTED] T8291.002
    
    [GRAPHIC] [TIFF OMITTED] T8291.003
    
    Mr. Kucinich. Thank you very much, Mr. Chairman. Thank you 
for calling this very important hearing. I want to thank the 
witnesses for their attendance and acknowledge the presence of 
my colleagues.
    The overclassification of Federal materials is a growing 
problem, a problem that has been highlighted once again in the 
final report of the 9/11 Commission. Overclassification has 
serious fiscal costs. It also reduces the accountability and 
reduces our security. But the real problem is not the quantity 
of materials classified and declassified. Thereal problem, I 
would submit, is the systemic and reflexive secrecy rampant 
throughout officials in this administration.
    But I have to say, as the witnesses certainly know, this 
problem of overclassification, of secrecy, has been a problem 
throughout the history of this country. And in a book, Mr. 
Chairman, which you may be familiar with, Chalmers Johnson, who 
is a scholar, wrote a book about secrecy and his relationship 
to what he calls ``militarism secrecy and the end of the 
Republic.'' The book is called ``The Sorrows of Empire.'' And 
he was also the person who is the author of an a book called 
``Blow Back,'' which talks about the consequences of the U.S. 
foreign policy on what happens here at home.
    This book really makes the connections on how secrecy 
undermines our country. And in a culture of increased military 
spending, together with the secrecy, it makes it very difficult 
for taxpayers to have any idea what is going on and how their 
dollars are being spent; and it really reflects on the 
priorities of the country.
    This problem of secrecy is also something we have to deal 
with as Members of Congress. How many so-called ``secret 
briefings'' has the Congress had over the past few years where 
we were just fed misinformation for the purposes of being able 
to gain support in Congress for things that people otherwise 
would not have supported. But the meetings were kept secret and 
that is a way that you stop a discussion in a free society.
    Now, the current situation with this administration--
instead of making information available or sharing information, 
this administration reversed a trend started in the Clinton 
administration, a trend toward openness, the Clinton Executive 
Order 2958. Under this order there is a presumption against 
classification, and this presumption was used in case of doubt, 
and where there was doubt about the appropriate level of 
classification, the order specified that the material be 
classified at the lower level. An interagency security 
classification appeals panel was established and historical 
records were declassified at record rates and on a timely 
automated schedule.
    In contrast, the current administration has dramatically 
increased the volume of Federal materials concealed from the 
American people. Executive Order 13292, issued in March 2003, 
18 months after September 11, permitted officials to classify 
information when there was doubt whether or not to do so, 
allowed officials to classify information at the more 
restrictive level when there was a question as to the 
appropriate level.
    The order also delayed and weakened the system of automatic 
declassification established under the Clinton executive order 
and underutilized the appeals panel. As a result, as has been 
noted earlier, a record 14 million classification actions were 
reported last year, costing U.S. taxpayers an all-time high of 
$6.5 billion.
    The total number of pages declassified by this 
administration was the lowest in the last 10 years, annual FOIA 
requests, Freedom of Information Act requests, have become more 
tightly controlled, surpassing the $3 million mark last year 
for the first time in history and costing the government $325 
million.
    Secrecy is on the rise throughout the administration. 
Officials at the Environmental Protection Agency, the 
Department of Agriculture, the Department of Health and Human 
Services now have been granted classification authority, while 
the Office of the Vice President has become exempt from certain 
mandatory declassification reviews.
    The FCC, Federal Communications Commission, recently stated 
that outage reports from wireless, line, cable and telecom 
providers would be protected from public disclosure because of 
``increasing concern about homeland security and national 
defense.''
    In addition, the Nuclear Regulatory Commission recently 
decided that information about the physical security of nuclear 
facilities would no longer be publicly available or updated on 
the agency's Web site, though this information would be 
critical for public health and safety. And I want to say that I 
am pleased this subcommittee will be holding hearings on this 
issue of nuclear plant security in the coming weeks.
    Information seems to be arbitrarily and unnecessarily 
classified. Last week, the American Civil Liberties Union 
released court documents showing that the Justice Department 
tried to file secret affidavits in two civil court cases 
challenging the USA Patriot Act. These affidavits can only be 
viewed by the judge and would not be seen by the public or even 
the plaintiffs.
    The attack on the civil liberties of U.S. citizens now 
includes this new tactic. The Justice Department even attempted 
to redact harmless information, such as a quotation from a 1972 
Supreme Court ruling, and general descriptions of a company and 
the fact that it did consulting work.
    Even more egregiously, we have seen the declassification 
used as an excuse to avoid embarrassment to the administration. 
The Senate Intelligence Committee's report on prewar 
intelligence concerning the Iraqi WMD program was redacted. The 
entire report of Major General Antonio Taguba, detailing the 
mistreatment of Iraqi prisoners at Abu Ghraib prison, was 
classified, though it did not reveal intelligence sources or 
methods.
    Even in this committee, we saw how the Pentagon 
retroactively classified sections of a report critical of the 
proposed national missile defense plan by Philip Coyle, 
Director of the Department of Defense Office of Operational 
Test and Evaluation. The information in the report which had 
been disclosed and widely disseminated was subsequently 
withheld from Congress for 8 months. The Pentagon then marked a 
report ``For Official Use Only'' and classified the 50 specific 
recommendations stated in Mr. Coyle's report so it could not be 
released to the public for scrutiny.
    The final report of the 9/11 Commission confirms what many 
of us already know too well. The Bush administration's 
excessive use of classification, delay in declassifying Federal 
materials and encroachments on the civil rights of individuals 
are antithetical to democratic principle; and it is our 
responsibility, as Congress, to provide effective checks and 
balances, which is really the purpose of this committee.
    Thank you, Mr. Shays.
    [The prepared statement of Hon. Dennis J. Kucinich 
follows:]

[GRAPHIC] [TIFF OMITTED] T8291.004

[GRAPHIC] [TIFF OMITTED] T8291.005

[GRAPHIC] [TIFF OMITTED] T8291.006

[GRAPHIC] [TIFF OMITTED] T8291.007

[GRAPHIC] [TIFF OMITTED] T8291.008

[GRAPHIC] [TIFF OMITTED] T8291.009

    Mr. Shays. I thank the gentleman.
    At this time the Chair would recognize Mr. Tierney.
    Mr. Tierney. Thank you, Mr. Chairman. Mr. Chairman, I join 
with members of the public and Members of Congress and, of 
course, the September 11 families in hoping that Congress will 
act swiftly to implement the unanimous bipartisan 
recommendation of the 9/11 Commission Report.
    I must say that as we address today's issue, the 
Commission's strong and unequivocal recommendations that the 
executive branch move from treating information on a ``need to 
know'' to a ``need to share'' basis, I am uncertain that this 
transformation can occur within an administration that has 
overemphasized classification at the expense of congressional 
oversight and, in some cases, at the expense of common sense.
    I know during the last administration, in 1995, the 
President reset previous default settings, directing 
classifiers not to shield information of doubtful value and to 
classify information at the lowest rather than the highest 
possible level. Reclassification was prohibited if the material 
had otherwise been properly put in the public domain.
    Under this President Bush, his executive order reverts to a 
``when it doubt, classify'' standard, expands classification 
authorities and categories, and postpones automatic 
declassification on some records.
    Now, this leads us here today to ask the witnesses, how can 
the administration convince a skeptical public that the 
administration is committed to changing this culture when, even 
as we speak, they are continuing to classify, in some cases 
retroactively, information pertaining to our national defense.
    One key example was mentioned briefly by Mr. Kucinich, and 
it has to do with missile defense. I happen to have a longer 
history with this issue, and so I want to take a moment to 
recount it. And the chairman has shared this history.
    In the context of the 9/11 Commission Report, the most 
immediate threat is not an incoming intercontinental ballistic 
missile, but an act of terror, some biological or chemical 
agent introduced in this country, or a dirty bomb delivered in 
a suitcase. Even our own intelligence agencies prioritize 
threats in this manner. So the public has the right to ask, why 
is this administration spending more than $10 billion per year 
on a national missile defense system instead of protecting our 
ports, equipping the Coast Guard or our local first responders, 
protecting chemical facilities, our nuclear reactors, and so on 
down the line--the many things that need to be done, which are 
underfunded seriously in the President's budget and in the 
majority's budget.
    The public has the right to an answer.
    Do experts and security personnel think this system will 
work? The answer is ``no.'' Forty-nine previous generals and 
admirals and other higher retired military individuals speak 
out against deployment at this point in time. In a letter to 
the President, they clearly set out, ``As you have said, Mr. 
President, our highest priority is to prevent terrorists from 
acquiring and employing weapons of mass destruction. We agree. 
We therefore recommend, as the militarily responsible course of 
action, that you postpone operation and deployment of the 
expensive and untested GMD system and transfer the associated 
funding to accelerated programs to secure the multitude of 
facilities containing nuclear weapons and materials and to 
protect our ports and borders against terrorists who may 
attempt to smuggle weapons of mass destruction into the United 
States.''
    In addition, 31 former government officials called the 
missile defense deployment a ``sham.'' These are officials who 
worked for Presidents Eisenhower, Kennedy, Johnson, Nixon, 
Carter, Reagan, George H.W. Bush, and Clinton, and argued that 
the missile defense system planned for rollout in September 
will provide no real defense, as they called it a ``sham.'' The 
officials worked at the Pentagon, the Department of State, the 
National Security Council, the Office of Management and Budget, 
the Arms Control and Disarmament Agency; and their letter 
accused the administration of rushing a program into a field 
that is largely untested and missing major components.
    The fact of the matter is, the public should know whether 
or not this President, for political purposes, is satisfying 
his ideological extremists by deploying an unproven, 
inadequately tested system; and in fact, is he living in the 
past instead of addressing the concerns that we have in the 
21st century. But instead of allowing for a public examination, 
this administration has classified relevant critical reports 
and facts, even reclassifying some that have been in the public 
domain for as much as 4 or 5 years for what can be argued as 
``political purposes.''
    I will not go through the long rendition, Mr. Chairman, of 
the many letters we have, but starting back in September 8, 
2000, this subcommittee held a hearing with the then-Director 
of Operational Tests and Evaluation, the Pentagon's own person, 
Phil Coyle, who testified about the inadequacies of the missile 
defense system. And at that time I asked the subcommittee, and 
the subcommittee agreed without objection, to enter his report 
detailing 50 recommendations for how this system should be 
tested. And we put that in the public record.
    What occurred after that was a pattern of stonewalling and 
repeated resistance from the Department of Defense that lasted 
over 8 months. Finally, on May 31, 2001 the Coyle report was 
delivered to Congress. As Mr. Kucinich mentioned, it was first 
marked ``For Official Use Only,'' but when challenged, the 
Department of Defense was unable to respond to what that 
category meant and certainly did not indicate that it was 
classified in any sense.
    Finally, Chairman Shays took the lead and decided to make 
this information available to the public on June 2001. It was 
on the Web site. It was in public documents. And since that 
point in time, we have had numerous hearings in this committee. 
We have had testimony from experts. We have had poster boards 
set up with the information on it. We have had it on our own 
Web sites.
    And finally, I asked the General Accounting Office to 
prepare a report to tell us in September 2004 what would the 
condition of deployment be, especially with respect to the 50 
issues by Mr. Coyle. After fighting for an inordinate period of 
time, the General Accounting Office was finally able to issue a 
report. It no sooner hit my desk than this administration 
classified that report. You can imagine for yourself whether it 
was a favorable report to their position or unfavorable.
    Not satisfied with that, we asked them to go back and look 
over every line and tell us what was classified and was not. 
Having done that, they issued a classified report and an 
unclassified report. The unclassified report, in my estimation 
was damning. You can imagine what the classified report was. 
But then the administration took the additional step of going 
back in, reclassifying all the previously open, available 
information upon which those reports were based, none of them 
previously having been classified, all of the information 
having been in the public domain for some 4 years.
    You can answer the question better than I can, but why 
should this administration be trusted with the recommendation 
of the September 11 Commission to move toward a culture of 
``need to share'' as opposed to ``need to know?''
    But it is not all about the missile defense system. There 
is a disturbing pattern in this administration of using secrecy 
as a means to defend or advance their political purposes and 
policies.
    When confronted with allegations that the Energy Task 
Force, which the Vice President convened, was predominantly 
comprised of industry members who would be inclined to favor 
the status quo energy policy in this country, the Bush 
administration refused to come clean and disclose participants 
of the task force, arguing that such inquiries into Federal 
agencies are off limits to the courts, the Congress, and thus, 
the American people.
    In June 2003, when the Environmental Protection Agency 
released a report on the state of the environment, the detailed 
assessment of climate change, which among other things was to 
conclude that carbon dioxide emissions are contributing to 
global warming, was deleted by the White House and replaced 
with language that was deliberately vague and disingenuous 
about the scientific causes of global warming.
    After hearing the compelling evidence of defective tires on 
certain automobiles and the tragedies that ensued on America's 
roads, Congress passed a law making certain that auto safety 
data be made available to the public. But this administration's 
National Highway Traffic Administration has decided that such 
information regarding unsafe automobiles which may be 
detrimental to their companies will remain secret.
    And now, according to Friday's Washington Post, the 
Department of Justice in its court battle with the American 
Civil Liberties Union over portions of the Patriot Act has 
attempted to rely on secret evidence. As Mr. Kucinich also 
mentioned, one aspect of that was inessential censoring a dozen 
seemingly innocuous passages on national security grounds, 
including an attempt to redact a quotation from a 1972 Supreme 
Court ruling that simply said, ``The danger to political 
dissent is acute where the government attempts to act under so 
vague a concept as the power to protect domestic security. 
Given the difficulty of defining the domestic security 
interests, the danger of abuse and acting to protect that 
interest become apparent.''
    Now, there is a dangerous statement if I ever heard one. 
But this administration's Department of Justice thought that 
had to be redacted from a court proceeding.
    This reliance on classification and withholding of 
information does not just prevent transparency and 
accountability in public policymaking. It is an act that is 
fundamentally opposed to the public; it is opposed to their 
health, to their civil liberties, to their consumer interests, 
and most importantly, to their safety.
    How can we trust that this administration with this record 
will commit itself to implementing the 9/11 Commission's 
recommendation that we have more transparency, that we move to 
a culture of sharing, a ``need to share'' versus a ``need to 
know''? At a time when it is so important that we put our 
resources where the dangers appear most and not on some 
ideological extreme program that is unproven and untested, 
hiding the facts is not doing this country any service. And we 
have to take the recommendations of the 9/11 Commission 
seriously.
    I hope these hearings, Mr. Chairman, will move us in that 
direction of classifying only what needs to be classified and 
sharing the rest, so that the American people can make the 
right choices and the right priorities for our safety. Thank 
you.
    Mr. Shays. I thank the gentleman for his statement.
    At this time the Chair would recognize Mr. Ruppersberger, 
who serves on the House Intelligence Committee.
    Mr. Ruppersberger. Mr. Chairman, I want to thank you. We 
have a tremendous opportunity at this time in our history to 
provide for national security as a result of what happened on 
September 11. I want to first praise the Commission and all of 
those people involved, including the families of those who died 
in the September 11 incident.
    At this point, it is very, very important that we deal with 
this issue in a nonpartisan way. And it is important that we 
also understand that there are different elements we have to 
deal with as far as the 9/11 Commission's report.
    First, it is extremely important that we do have one person 
that can hold all the intelligence communities accountable. We 
have to make sure that the intelligence communities, all of 
them, including the military, the DOD, CIA, NSA, all the 
intelligence communities, work as a team and that they 
integrate the information. We can be extremely sophisticated in 
our intelligence community, but if we do not get to the bottom 
line and do what needs to be done and get the right information 
to the right people, we will not be successful in what is our 
goal of national security.
    Now, the issue we are dealing with today is 
overclassification as a barrier to critical information. I 
think it is extremely important that we deal with this issue. 
Just one aspect of this overclassification is also the barrier 
in getting people cleared and how ridiculous it is. I have a 
Federal Times, August 16, ``482,000 Wait For Clearance, Backlog 
of Security Checks Holds Up Work, Wastes Billions of Dollars.''
    Now, one of the American intelligence community's greatest 
problems is the cult of classification in which information, 
both rare and commonplace, is a safeguard with equal zeal. Both 
cases also illustrate the intense political pressures on 
intelligence and counterintelligence agencies, diluting the 
value of the Nation's intelligence. These are parts of our 
system that are broken, the ones that no one in Washington 
wants to talk about, but we are going to have to deal with to 
fix this testimony.
    There is certainly vital information that must be protected 
from foreign espionage. These secrets worth saving should be 
held closely. Far too much effort is being wasted protecting 
nonsecrets which allows vital secrets to slip through.
    In Washington, classification has led to sort of a game, 
creating those ``in the know'' and those who are ``not in the 
know.'' This game heightens the power of bureaucrats, but so 
much is classified that it is impossible for people with 
security clearances to know what is derived from a spy 
satellite and what is plucked out of the newspaper, which is 
considered open source.
    So what is a secret? Nuclear secrets should be kept secret. 
The names of U.S. agents in other countries must be kept 
secret. Operation capabilities of U.S. weapons should be kept 
secret. Unlike today's situation, a secret requires that there 
not be the slightest hint that even a secret exists. To do 
that, the government would need to follow just a few simple 
rules instead of the myriad of complexities it has erected. And 
whether it is a Democratic administration, or a Republican, 
there is not consistency in what we do as far as this 
classification is concerned. And we need consistency. We need 
standards.
    First, there must be few secrets. Unless you are willing to 
stash people, it is easiest to keep a small number of secrets. 
Second, give secrets to fewer people. The idea of hundreds of 
thousands of people wandering around with secrets is absurd. Do 
not use access to classified materials as a justification for 
doing background checks on military officers. Just do 
background checks.
    Do not classify as secret that which is in the New York 
Times and on the Internet. Do not use secrecy as a shield to 
protect idiotic political and policy decisions.
    I am looking forward to hearing what your recommendations 
would be to deal with this very important issue. It is a strong 
component of what we need to deal with to provide the best 
national security for our country.
    Intelligence clearly is the best defense against terrorism, 
but we need to get our system right, consistent, and focused. 
Thank you.
    Mr. Shays. I thank the gentleman, especially your comments, 
given that you do serve on the Intelligence Committee. I would 
just say, I appreciate the gentleman breaking a family vacation 
to be here.
    I have the opportunity to ask the first questions. I am 
going to defer to you to start off, and then we'll go to Mr. 
Kucinich, Mr. Tierney and myself. I ask unanimous consent that 
all members of the subcommittee be permitted to place an 
opening statement in the record and that the record remain open 
for 3 days for that purpose.
    Without objection, so ordered.
    I ask further unanimous consent that all witnesses be 
permitted to include their written statement in the record.
    Without objection, so ordered.
    This is a fairly big document that I have shown the ranking 
member. It's entitled, ``Dubious Secrets: A Briefing Book of 
Overclassified Documents,'' prepared by the National Security 
Archive, George Washington University. I am going to ask that 
it be submitted into the record.
    Without, objection.
    [Note.--The report entitled, ``Dubious Secrets: A Briefing 
Book of Overclassified Documents,'' may be found in 
subcommittee files. A copy of the title page follows:]

[GRAPHIC] [TIFF OMITTED] T8291.010

    Mr. Shays. I want to just note that the George Washington 
Archive maintains a body of documentation demonstrating the 
inconsistency and the arbitrariness of many classified 
decisions. They find documents released by one agency 
classified in whole or in part by another, and they track a 
declassification process they find to be extraordinarily slow 
and litigious.
    Without objection, we will put that in the record.
    At this time, I recognize our witnesses. We have Mr. 
William Leonard, Director, Information Security Oversight 
Office, National Archives and Records Administration. We have 
Carol Haave, Deputy Under Secretary of Defense for 
Counterintelligence and Security, Department of Defense; Mr. 
Steven Aftergood, Federation of American Scientists; and Mr. 
William P. Crowell, the Markle Foundation Task Force on 
National Security in the Information Age.
    We truly have four experts on this issue. It is not an easy 
issue to deal with, and given that we have one panel, we will 
have the 5 minutes that you may speak; you can trip over a 
little bit. I'd just as soon you not take another 5 minutes but 
you have that right. Then we will go to 10 minutes of 
questioning.
    At this time, we will swear in our witnesses. Is there 
anyone else that has accompanied you that might provide 
information so they can stand and be sworn in at this time.
    Is there anyone else?
    No one else.
    [Witnesses sworn.]
    Mr. Shays. Note for the record our witnesses have responded 
in the affirmative.
    At this time we will begin with you, Mr. Leonard. Thank you 
for being here.

    STATEMENTS OF J. WILLIAM LEONARD, DIRECTOR, INFORMATION 
   SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS 
   ADMINISTRATION; CAROL A. HAAVE, DEPUTY UNDER SECRETARY OF 
 DEFENSE, COUNTERINTELLIGENCE AND SECURITY, U.S. DEPARTMENT OF 
DEFENSE; STEVEN AFTERGOOD, FEDERATION OF CONCERNED SCIENTISTS; 
  AND WILLIAM P. CROWELL, THE MARKLE FOUNDATION TASK FORCE ON 
            NATIONAL SECURITY IN THE INFORMATION AGE

    Mr. Leonard. Mr. Chairman, Mr. Kucinich, members of the 
panel. I wish to thank you for holding this hearing on security 
classification and declassification issues. As Director of the 
Information Security Oversight Office, I am responsible to the 
President for overseeing the governmentwide classification 
program within both government and industry.
    Executive Order 12958, as amended, sets forth the basic 
framework by which executive branch agencies classify national 
security information. Pursuant to his constitutional authority 
in this order, the President authorizes a limited number of 
individuals to apply classification to certain national 
security-related information. While the order is clear that the 
employment of classification is based in large part upon the 
judgment of an original classifying authority, in delegating 
classification authority, the President has established clear 
parameters for its use and certain burdens that must be 
satisfied.
    Classification authority is not without limits. The 
President has spelled out some very clear prohibitions with 
respect to the use of classification. Specifically, in no case 
can information be classified in order to conceal violations of 
law or prevent embarrassment to a person, an organization, or 
an agency. Unfortunately, there have been instances giving the 
impression that information has been classified in violation of 
the order. In each case I am aware of, I have found that this 
often arises due to lack of proactive oversight within agencies 
or a lack of effective training and awareness provided to some 
cleared personnel.
    I believe that the overall policy for security 
classification as set forth in the current executive order is 
fundamentally sound. While I and others, including the 9/11 
Commission, have advocated revisions to basic concepts such as 
the ``need-to-know'' principle, the order as currently 
configured is replete with measures to ensure the 
classification system's continued effectiveness. Many agencies 
are excelling at fulfilling these requirements; others are not.
    It is no secret that the government classifies too much 
information. Many senior officials will candidly acknowledge 
the problem of excessive classification. This is supported in 
part by agency input to my office that indicates that overall 
classification activity is up over the past several years.
    What I find most troubling, however, is that some 
individual agencies have no idea how much information they 
generate is classified, whether the overall quantity is 
increasing or decreasing, what the explanations are for such 
changes, which elements within their organization are most 
responsible for the changes, and most importantly of all, 
whether the changes are appropriate.
    The identification of baseline information such as this is 
essential for agencies to be able to ascertain the 
effectiveness of the classification efforts.
    My current concerns extend to the area of declassification 
as well. It's disappointing to note that declassification 
activity has been down for the past several years. In some 
quarters, when it comes to classification in times of national 
security challenges, when available resources are distracted 
elsewhere, the approach toward classification and 
declassification can be to err on the side of caution. Yet the 
classification system is too important and the consequences 
resulting from improper implementation too severe to allow 
error to be the part of any implementation strategy.
    Both too little and too much classification is not an 
option. Too much classification unnecessarily impedes effective 
information sharing. And inappropriate classification 
undermines the integrity of the entire process. Too little 
classification can subject our citizens, our democratic 
institutions, our homeland security, and our interactions with 
foreign nations to potential harm.
    Proactive oversight by agencies of their security 
classification program and involvement by senior leadership is 
crucial.
    The security classification system is permissive, not 
prescriptive. It identifies what information can be classified, 
not what information must be classified. The decision to 
classify information or not is ultimately the prerogative of an 
agency and its original classification authorities. The 
problem, however, with all due apologiesto John Donne, is that 
no agency is an island.
    The exercise of agency prerogative to classify certain 
information has ripple effects throughout the entire executive 
branch, as well as the Nation as a whole. It can serve as an 
impediment to sharing information with another agency or with 
the public who have a genuine need to know about the 
information.
    The 9/11 Commission has recommended that information 
procedures should provide incentives for sharing to restore a 
better balance between security and shared knowledge. The 
administration is currently developing guidelines and 
regulations to improve information sharing both among Federal 
departments and agencies and between the Federal Government and 
State and local entities.
    On August 2 of this year, President Bush announced that he 
will be issuing a directive requiring all relevant agencies to 
complete the task of adopting common data bases and procedures 
so that intelligence and homeland security information can be 
shared and searched effectively, consistent with privacy and 
civil liberties.
    I thank you for inviting me here today Mr. Chairman. I will 
be happy to answer any questions you and the committee may 
have.
    Mr. Shays. Thank you, Mr. Leonard.
    [The prepared statement of Mr. Leonard follows:]

    [GRAPHIC] [TIFF OMITTED] T8291.011
    
    [GRAPHIC] [TIFF OMITTED] T8291.012
    
    [GRAPHIC] [TIFF OMITTED] T8291.013
    
    [GRAPHIC] [TIFF OMITTED] T8291.014
    
    [GRAPHIC] [TIFF OMITTED] T8291.015
    
    [GRAPHIC] [TIFF OMITTED] T8291.016
    
    [GRAPHIC] [TIFF OMITTED] T8291.017
    
    [GRAPHIC] [TIFF OMITTED] T8291.018
    
    [GRAPHIC] [TIFF OMITTED] T8291.019
    
    Mr. Shays. Ms. Haave.
    Ms. Haave. Good morning, Chairman Shays, Mr. Kucinich, and 
members of the panel.
    I appreciate the chance to speak with you today about the 
protection of classified information within the Department of 
Defense. My opening statement will be brief, as I believe the 
time we have here can best be spent in direct dialog.
    Protection of classified information is one of the most 
important priorities of the Department. No one wants to provide 
information outside of proper channels that would do our 
servicemen and women, as well as our civilian coworkers harm. 
Nor does anyone want to give away what is our economic and 
military advantage by providing information about advanced 
science and technology, sources or methods of our operations.
    The question becomes, how do we balance the risk of 
disclosure and its often incalculable consequences against the 
public's desire to know? The issue before us today is 
overclassification and whether it is an impediment to 
information sharing.
    I have not found within the Department of Defense that 
people are intentionally overclassifying. That's not to say 
that it doesn't and isn't happening. More, I have found that 
these problems stem from time-driven, operational circumstances 
and a misunderstanding of classification guidance. In the end, 
people simply don't want to make mistakes that could have both 
personal and national security consequences.
    Does this impact information sharing? Sometimes it does.
    We in DOD are working to ensure our policies are clear 
about when and how to classify information, as well as ensuring 
personnel know and understand their responsibilities in sharing 
with those who must have the information.
    Much data that is transported on DOD networks is protected 
by classification guidance provided by other government 
organizations. We adhere to that guidance, but we certainly can 
improve the way we do it. For example, how do we deal with 
originator-controlled documents in an electronic environment?
    The 21st century is about information technology. It is 
about the seamless availability of information across security 
domains consistent with the governance strategy that ensures 
people are properly vetted and trained.
    The collectors of information and also, normally, the 
original classifiers can never know the myriad ways that their 
information might be used for good purpose. Therefore, we have 
to migrate to a user-driven environment to support true 
competitive intelligence, to ensure the warfighters and 
policymakers have the information that they need to make good 
decisions, and to mutually support other organizations and 
agencies in successfully accomplishing their missions as well.
    We must break down the functional stovepipes and 
institutional barriers in favor of a more horizontally 
integrated collaborative enterprise characterized by 
cooperation and incentivized, shared goals. We must make better 
use of all-source analysis to blur the origin of information 
and right to release using automated terror lines.
    ``Need to know,'' while still a valid concept that drives 
information security, must now also include the need to share 
information more broadly at multiple classification levels, as 
well as in the unclassified public domain.
    Technology is not the problem. The technology we need is 
here today, or is being developed, and there are any number of 
initiatives that are moving us collectively in the right 
direction. Instead, I would offer that the problem is 
institutional and cultural, and no agency or organization is 
immune. Change is always difficult and fear of making a mistake 
precludes people from moving forward in ways that are 
consistent with technology and business process improvements.
    In the end, this is a discussion about risk. How much risk 
is the Nation willing to endure in the quest to balance 
protection against the public's desire to know? It is a complex 
question that requires thought and, ultimately, action.
    The Department of Defense has been taking that action with 
respect to information that it alone controls. As stated in my 
formal statement, the Department has embraced a network-centric 
enterprise with common standards and protocols and a robust 
information assurance and protection schema. But this 
architecture and enterprise are not cheap, and when extended to 
other governments, as well as State, local and other 
organizations, the costs are high.
    We are working closely with the intelligence community, the 
Department of Homeland Security, and others to extend the 
enterprise, to facilitate the collaboration and cooperation 
that the public deserves, and we are better for it.
    Thank you.
    Mr. Shays. Thank you very much, Ms. Haave.
    [The prepared statement of Ms. Haave follows:]

    [GRAPHIC] [TIFF OMITTED] T8291.020
    
    [GRAPHIC] [TIFF OMITTED] T8291.021
    
    [GRAPHIC] [TIFF OMITTED] T8291.022
    
    [GRAPHIC] [TIFF OMITTED] T8291.023
    
    [GRAPHIC] [TIFF OMITTED] T8291.024
    
    Mr. Shays. Mr. Aftergood.
    Mr. Aftergood. Thank you, Mr. Chairman.
    I was going to begin by attempting to document for you the 
state of the classification system as it is perceived from 
outside the government. I was going to explain to you that 
classification policy is often arbitrary, inconsistent, that 
classifiers sometimes classify contrary to their own rules. 
Sometimes, as in the case of the Taguba report, they use 
classification to conceal criminal activity, and the 
classification system is, in other ways, unsatisfactory.
    I have documented some of those rather serious charges in 
my formal testimony. I know from your opening statements that 
all of you already are aware of many of these problems.
    Mr. Shays. Let me ask how long would it take for you to do 
that.
    Mr. Aftergood. I can do it very quickly.
    Mr. Shays. I would like it to be part of the public record. 
So you have the time to do it. In the course of your presenting 
those documents, it gives us something to question everybody 
with.
    Mr. Aftergood. OK. I will do that briefly.
    Mr. Shays. We will start the clock over again.
    Mr. Kucinich. Mr. Chairman, if I may, I think the witness 
ought to feel very comfortable in going over this material with 
the committee, and we eagerly await your recitation of your 
report.
    Mr. Aftergood. Thank you very much. I have selected not 
quite at random, but a cross-section of cases that have come 
into my hands that include several anomalies in classification 
policy.
    The recent Senate intelligence report on prewar 
intelligence on Iraq included abundant redactions, that is, 
removals of information from the report that in some cases were 
inconsistent or inexplicable.
    On one page attached to my testimony it was stated that 
Iraqi agents agreed to pay up to a ``deleted'' amount for 
certain aluminum tubes. This is a point of controversy having 
to do with Iraq's nuclear weapons program. But on another page 
of the same report, CIA reviewers included the very same 
information: Iraqi agents agreed to pay up to $17.50.
    At a minimum, this is inconsistent. It shows a lack of 
professionalism in classification; but more than that, I think 
it shows an improper attempt to withhold information that has 
no business being classified. Obviously, the Iraqis know what 
they paid. The vendors know what they paid. They know that we 
know. There is nothing sensitive that's being concealed here, 
but it held up the release of the report, and it helped turn it 
into a kind of Swiss cheese.
    A second example is the Taguba report on abuses of 
prisoners at Abu Ghraib prison in Iraq. As you can see from the 
title page of the report, which is also appended to my 
testimony, the whole report was classified as Secret. That is, 
the Secret classification level means that its disclosure could 
reasonably be expected to cause serious damage to national 
security.
    If you look at page 16 of the report, you can see that 
several individual paragraphs of the report were also 
classified Secret, such things as a finding that numerous 
incidents of sadistic, blatant and wanton criminal abuses were 
inflicted on detainees; punching, slapping and kicking 
detainees; jumping on their naked feet and so on. These 
individual findings were classified Secret.
    That is not only inappropriate, it actually is a violation 
of the rules governing the classification system itself. Those 
rules state in President Bush's executive order that in no case 
shall information be classified in order to conceal violations 
of law. Yet it appears that is exactly what happened here. When 
agencies violate their own classification rules, one thing that 
tells you is that oversight is inadequate.
    A third example that I pulled from my written statement is, 
to me, the most extreme example of overclassification, and that 
has to do with CIA's insistence on classifying historical 
intelligence budget data. In 1997 and 1998, the CIA 
declassified, under pressure of litigation, the total 
intelligence budget for those years, for 1997 and 1998. But in 
2000 they said that similar information from 50 years earlier 
is still properly classified.
    To state the obvious, that is a logically incoherent 
position. There is no national security construct that permits 
the declassification of the 1997 budget, but prohibits the 
declassification of the 1947 budget.
    What that tells me is that the CIA has completely lost its 
bearings when it comes to classification of budget information, 
and that there is no one to stop them from arbitrary and 
mistaken classification actions.
    There are many other examples. The document you entered 
into the record, Mr. Chairman, ``Dubious Secrets,'' from the 
National Security Archive, is filled with other cases. I 
imagine that anyone who has had dealings with the national 
security system, either as a government employee or as a 
concerned citizen, has their own horror stories to tell. 
Certainly the public is increasingly becoming concerned.
    I am a member of the steering committee of a new coalition 
of politically diverse organizations under the rubric 
openthegovernment.org, that has come together to try to remedy 
this situation.
    I would just like to say one final word about what is in a 
way the most important aspect of this hearing. That is, what's 
the solution? The solution is not a broad policy critique. I 
don't think the solution is to try to fix the whole system at a 
single blow. I think the solution was identified by the 9/11 
Commission. That is start with a very specific, tangible 
change. Start with declassification of intelligence budget 
information. There is no other category of information that has 
been as vigorously maintained as Secret for so long with so 
much energy as intelligence budget information. If we can fix 
that, then the road becomes clear to fixing a whole range of 
other erroneously or improperly classified categories of 
information; and that's the point I wanted to stress.
    Thank you very much.
    Mr. Shays. Thank you, Mr. Aftergood.
    [The prepared statement of Mr. Aftergood follows:]

    [GRAPHIC] [TIFF OMITTED] T8291.025
    
    [GRAPHIC] [TIFF OMITTED] T8291.026
    
    [GRAPHIC] [TIFF OMITTED] T8291.027
    
    [GRAPHIC] [TIFF OMITTED] T8291.028
    
    [GRAPHIC] [TIFF OMITTED] T8291.029
    
    [GRAPHIC] [TIFF OMITTED] T8291.030
    
    [GRAPHIC] [TIFF OMITTED] T8291.031
    
    [GRAPHIC] [TIFF OMITTED] T8291.032
    
    [GRAPHIC] [TIFF OMITTED] T8291.033
    
    [GRAPHIC] [TIFF OMITTED] T8291.034
    
    [GRAPHIC] [TIFF OMITTED] T8291.035
    
    [GRAPHIC] [TIFF OMITTED] T8291.036
    
    [GRAPHIC] [TIFF OMITTED] T8291.037
    
    [GRAPHIC] [TIFF OMITTED] T8291.038
    
    [GRAPHIC] [TIFF OMITTED] T8291.039
    
    Mr. Shays. Mr. Crowell. I want to say it correctly. Is it 
Crowell?
    Mr. Crowell. It's Crowell. That's to avoid getting confused 
with a certain admiral that I'm always confused with.
    Good morning, Chairman Shays, Mr. Kucinich, and members of 
the subcommittee. I would like to thank you for this 
opportunity to testify this morning on recommendations that are 
made by the Markle Foundation Task Force on National Security 
in the Information Age.
    I think you will find that our observations are in 
agreement, Mr. Chairman, with your opening statement of the 
problem. The Markle Foundation Task Force is seeking, though, 
to outline and propose a new strategy of information sharing 
that can benefit our war on terrorism.
    Information and information sharing are key to fighting 
terrorism and enhancing our security. Today, our government 
still does not have all of the information it needs to fight 
terrorism, and the information it does have is sometimes 
isolated in different agencies, and therefore it is more 
difficult to see its significance.
    While the discussion about how to implement the 9/11 
Commission's recommendation to restructure the intelligence 
community is important, another key 9/11 Commission 
recommendation that is creating and implementing a trusted 
information network to facilitate better information sharing 
among our intelligence and law enforcement organizations at the 
Federal, State and local levels could actually make America 
safer today.
    The 9/11 Commission embraced the recommendations for 
creation of a System-wide Homeland Analysis and Resource 
Exchange, the acronym SHARE, network, made last December by the 
Markle Foundation Task Force on National Security in the 
Information Age.
    The Markle Foundation Task Force consists of leading 
national security experts from four administrations, as well as 
widely recognized experts on technology and on civil liberties. 
The SHARE network concept represents a virtual reorganization 
of government by fundamentally altering how people in the many 
organizations ask to fight terrorism, how they share 
information to facilitate better and faster decisionmaking.
    Such an approach when paired with strong divide lines that 
govern the system is also the best way to protect privacy and 
civil liberties. The SHARE network is aimed at moving us from 
our current need-to-know system into the need-to-share culture 
that you've been describing. However, one of the barriers to 
enabling that move involves classification and information-
security practices.
    Decisions about sharing intelligence in the Government 
today are still made largely in the context of a system of 
classification that was developed during the cold war. During 
the cold war, the use of information was dominated by a culture 
of classification and tight limitations on access in which 
information was shared only on the need-to-know basis.
    The current system assumes that it is possible to determine 
in advance who needs to know particular information and that 
the risks associated with disclosure are greater than the 
potential benefits of wider information sharing. The results of 
the incentives currently in place to protect information 
results and far more information being classified initially and 
remaining classified than is necessary or appropriate.
    Another problem with the current system is that each agency 
has its own classification practices which leads to cultural 
tensions when agencies attempt to share information with each 
other. This cold war mindset of classification, sanitization 
and tight limits on sharing information is ill-suited to 
today's homeland security challenge. While certain information, 
particularly about sources and methods, must be protected 
against unauthorized disclosure, the general mindset should be 
one that strives for broad sharing of information with all of 
the relevant players in the network.
    The Markle Foundation Task Force approach is to develop new 
concepts of operation and to use new technology to achieve a 
sharing culture. The SHARE network concept is a decentralized, 
loosely coupled, secure and trusted network that sends 
information to and pulls information from all participants in 
the system. Such an approach empowers all participants, from 
local law enforcement officers to senior policymakers.
    Our approach combines policy and technical solutions to 
create a network that would substantially improve our ability 
to predict and prevent terrorist attacks. The SHARE network is 
based upon the right to share concept. By taking steps, by 
creating tear-line reports, it moves us from a system of 
classification to one that is based on authorization and 
encourages reports that contain the maximum possible amount of 
shareable information.
    In addition, SHARE would use existing technologies that can 
facilitate the sharing of sensitive information with 
inappropriate channels and with protections for privacy. 
Screening tools can be used to help the redaction process to 
create less classified reports and can also tell us when 
sensitive information is about to be sent to parties who lack 
the proper permission to receive it.
    To address the need for information about reliability of a 
source without having to rely on classified descriptions, we 
recommend the use of reputation meters, similar to those that 
are used today to rate sellers in e-bay in formats, and also to 
use standard formats for intelligence documents.
    Auditing technology could be deployed to track the flow of 
information to different players and to record how the 
information is used, which could help deter leaks. Information-
rights management technologies when combined with digital 
certificates can also help by allowing agencies to create self-
enforcing rules about who can have access to particular 
documents, how they can be used and how long the documents can 
be viewed before access expires.
    Finally, information can be accompanied by clear, more 
specific handling requirements and dissemination limitations.
    In conclusion, Mr. Chairman, information sharing itself is 
not the goal. Rather, it is the means by which we can 
effectively enhance security and protect privacy, by maximizing 
our ability to make sense of all of the available information. 
To accomplish this, particularly in fighting terrorism, we must 
shed our current cold war need-to-know mentality and replace it 
with a culture based on need-to-share. Information security is 
a legitimate concern, but it can be appropriately addressed in 
the ways that I've outlined above. What is needed now is the 
leadership by both Congress and the President to get the 
information flowing.
    Thank you, Mr. Chairman.
    [The prepared statement of Mr. Crowell follows:]

    [GRAPHIC] [TIFF OMITTED] T8291.040
    
    [GRAPHIC] [TIFF OMITTED] T8291.041
    
    [GRAPHIC] [TIFF OMITTED] T8291.042
    
    [GRAPHIC] [TIFF OMITTED] T8291.043
    
    Mr. Shays. Thank you, Mr. Crowell.
    Let me just make a few observations before Mr. 
Ruppersberger begins the questions, and one is that I carry a 
basic view that when the executive branch gets more power, it 
must be accompanied with more legislative oversight. I also 
take the view that classification practices impede oversight by 
Congress for the public.
    I have read, in my 17 years in Congress, confidential--in 
terms of the rates of classification, confidential documents, 
secret documents, top secret documents, and then we have 
compartmentalized with code-word access and special access and 
so on, but much what I've read under confidential and secret 
and, in some cases, top secret, but not obviously as often, it 
has been information I have wondered why it has been 
classified.
    In a meeting I had with the chairman of the 9/11 
Commission, Governor Kean said to me his biggest surprise was 
reading hours of information, wondering why in the world was 
this classified.
    Just another observation, that yesterday we were talking 
about fighting a network called Al Qaeda. We were told we need 
a human and a communication network. This was in public 
diplomacy, and I'm hearing today, no, we need to break out of 
our stovepipes and have a data network. It's just interesting 
that the word network keeps showing up.
    Finally, to conclude my observation, we have nearly 4,000 
people classifying information, 14 million documents, but some 
of those documents could, literally, have been a book. They 
could be extensive. So even when I think of 14 million, the 
document could be small, you know, just bit of information, or 
it could just be pages and pages and pages of information.
    So, in the end, I'm interested in is learning what the 
solution is. That's my interest, and we'll start with Mr. 
Ruppersberger.
    You have 10 minutes. If you need to run over, we can be 
informal with this.
    Mr. Ruppersberger. Thank you, Mr. Chairman.
    First, Mr. Leonard, in your opening statement, you said 
that each agency has its own classification criteria, but no 
agency is an island. This creates both confusion and 
inconsistency that impedes the necessary bounds for national 
security and transparency in a democracy.
    My question is this, do you believe a National Security 
Intelligence Director would help to solve part of this problem 
if that person had the authority both--also budgetary control 
to implement the policies that are necessary, some of the 
recommendations in the 9/11 Commission Report, but especially 
as it deals with the issue we're talking about here today, 
overclassification, making sure that what is classified needs 
to be classified and what is not is not?
    Mr. Leonard. Thank you, Congressman.
    One thing I don't want to do is to presuppose any 
particular outcomes, but let me address it along these lines.
    Mr. Ruppersberger. I'm asking your opinion. I know this is 
in debate now. The President has recommended a National 
Security Director. The issue of budgetary still is not there. 
We're trying to get information.
    Let me say this. The reason I'm asking these questions and 
we're all here is, we have an opportunity, I think now, to 
really do something very positive as it relates to our national 
security and intelligence, and it's very important that, based 
on your expertise, we get your opinion.
    Mr. Leonard. Yes, sir.
    Mr. Ruppersberger. I know you are not speaking for the 
administration, but I'm asking, from your expertise, what your 
opinion would be as far as a National Security Director, as far 
as the budgetary issues are concerned, so that person might be 
able to implement what we're talking about here today.
    Mr. Leonard. Yes, sir. Let me address that along these 
lines.
    One of the most significant challenges we have, I think, in 
this area is that we do have a basic framework for 
classification, as I mentioned, but superimposed upon that are 
multiple variations of the system which are all designed to 
achieve the same end. So, for example, currently, the DCI has 
his own unique authorities with respect to protecting sources 
and methods. The Secretary of Energy has his own unique 
authorities with respect to protecting atomic energy 
information. The director of NSA has his own unique authorities 
with respect to protecting communication security information. 
The Secretary of Defense has his own unique authorities with 
respect to protecting NATO-related information, and the list 
goes on and on and on and on.
    Those variations are, I think, significant impediments to 
information sharing. When it comes to protecting information, I 
see it as a binary state: Either it's protected or it isn't 
protected. And we have all these variations on the system that 
have minor nuances and differences in terms of how we protect 
information, how we credit systems, how we mark them and things 
along those lines.
    If a single individual had the authority, had the authority 
to overcome the existing statutory and regulatory authority 
that allows multiple agencies to come up with their own nuances 
and variations on the system, yes, I think that would be a good 
thing.
    Mr. Ruppersberger. In your opinion, do you feel that person 
would need budgetary control, also, of those agencies?
    Mr. Leonard. Let's put it this way, Congressman, it's one 
thing to have the authority to write regulations. There always 
has to be consequences for noncompliance with regulations. I 
find budgetary authority is one of the best means in which to 
get people's attention with respect to compliance and 
noncompliance of the regulations.
    Mr. Ruppersberger. I guess you need the power to do what 
you need to do, I guess.
    Mr. Leonard. Yes, sir.
    Mr. Ruppersberger. Mr. Aftergood, there was an intelligence 
open hearing, I believe last week or the week before, where 
they talked about the intelligence budget, and you addressed 
that in your testimony as far as whether or not that needs to 
be public. And I think there's a bipartisan consensus that 
there is a lot in the intelligence budget that could be made 
public, but there also was a concern that some of that should 
not be made public, and I think in your report you seem as if 
the whole budget.
    I would be concerned that, line by line, could be very 
dangerous to both our military and to some of our CIA people or 
NSA people throughout the world. Could you give me your opinion 
on whether or not you think that the whole budget should be out 
front and open or whether or not we should focus on the areas 
which could cause some type of problem to our people who are 
fighting and working for our national security?
    Mr. Aftergood. Yes, sir. I do believe that there are 
portions of the intelligence budget that should remain 
classified. I would be guided by the recommendations of the 9/
11 Commission which said that the total, the top line number, 
as well as the individual agency budget totals should be made 
public but nothing beyond that. I think that's a reasonable 
middle ground that would provide oversight. It would break the 
logjam of secrecy in this area, but it would keep sensitive 
programs protected.
    Mr. Ruppersberger. OK. I'm going to ask--I don't know how 
long I have. It's a broad question to the whole panel, but the 
9/11 Commission endorsed the creation of a decentralized, 
technologically advanced, trusted information network to make 
threat information more widely accessible and to reverse cold 
war paradigms and cultural biases against information sharing. 
The Commission noted such a network had been described in a 
task force report commissioned by the Markle Foundation, Mr. 
Crowell, but the concept has not yet been converted into 
action.
    My question to the whole panel if we have time--and I know 
it's a broad question, but I would like your point of view--
what would you recommend to Congress as to how you would start 
to implement the changes that need to be done in order to 
effectuate the issue that we're talking about here today, 
overclassification, need-to-know? I mean, there are many issues 
that need to be classified in that question. But we have a 
tremendous amount of volume. We have a lot of agencies.
    Part of the problem in intelligence is just getting this 
enormous amount of volume on Internet and all that we get and 
then analyzing it and then getting it to the right people so 
they can implement and use it to protect our national security.
    You have to remember now, we're focused on this. The 
country is focused. How would you begin to implement the 
changes that need to be made? You want to start with Mr. 
Crowell and then go down that way. Thanks.
    Mr. Crowell. Thank you very much. Let me start by saying 
that we have just concluded a preliminary session at the Aspen 
Institute in Colorado in which we were addressing the very 
issue that you raised, which is, what are the next steps for 
implementing a SHARE concept network? It's a very difficult 
problem, and it's a long kind of effort because it's a very 
large undertaking.
    We believe that it begins with legislation that would 
essentially outline the kind of network that the Congress would 
like to see, based upon some of the principles which I will 
very briefly describe, and that the President then put together 
the cross-agency kind of implementing process that is 
necessary, because once you begin working across agencies, 
funding and management of large undertakings like this become 
very, very difficult and very complex.
    All of this to be done with a short deadline, so that we 
can move this along, using existing technology, not inventing 
new technologies.
    We think that this concept can be fleshed out. I'd like to 
just add, before I mention the characteristics of the network, 
that the larger problem in trying to achieve the balance that 
was described earlier is to not only have a network which 
encourages sharing but also to have the kind of guidelines and 
policy that encourage sharing; that we train people in sharing 
concepts and in classification concepts; and that we have 
metrics and auditing capabilities so we can see whether or not 
they're following the policy and guidance.
    Mr. Ruppersberger. And standards. You need standards.
    Mr. Crowell. Yes, and we need standards. We need compliance 
enforcement, both for protecting information that needs to be 
protected but also for sharing information that will benefit 
the public, the public good.
    Just one last quick thing, some of the concepts that we 
believe are important then are concepts that have flexible 
access controls, authentication authorizations, so people trust 
the system; that they have a publish-and-subscribe capability 
in which people can say, I want to be able to get certain kinds 
of information to assist me in doing my mission or to assist me 
in doing my analysis, and they will get it; that it be a 
distributed system in which it's a system of systems. You don't 
build it centrally and manage it centrally from some place in 
the U.S. Federal Government. There's a longer list----
    Mr. Ruppersberger. I understand. We have other witnesses. I 
just want to make sure that we understand that we have done so 
much in identifying the problem; let's get to the 
implementation.
    My yellow light has gone on so the quicker you can go, but 
I probably will not be able to ask you any more questions.
    Mr. Aftergood. Very quickly, a couple of points. The 
problem will never be fixed; it will never be over. It will 
always require continuing oversight, continuing refinement. 
Therefore, I would say, don't attempt to do too much. Do 
attempt to get the process started.
    The other point I would just like to mention quickly is, 
when I hear trusted information network, I get concerned that, 
when barriers go down between agencies, they're going up 
between the Government and the public. So I would say keep in 
mind the question of public access. Keep in mind the option of 
allowing a way for the public to gain access to information 
that it needs sometimes.
    Mr. Ruppersberger. I would say this, we always sometimes 
have a tendency to overreact, and we still have to keep our eye 
on the ball and make sure that information, which can be very 
dangerous to this country or to the people working for this 
country, needs to be classified. And really there is an issue 
that hasn't been discussed, and I think if you can't trust the 
people with the information, then they shouldn't be in that 
position.
    Ms. Haave.
    Ms. Haave. The first thing that we have to do is to ensure 
that people are properly classifying information. What you find 
is, where there are seams, there's friction. So, as you're 
trying to create a trusted information network that spans the 
different Government agencies, local, State, etc., what we need 
are common standards and protocols.
    For example, the Department of Defense and CIA have 
recently come to agreement on a metadata standard. Metadata is 
important so that computers can do for us what takes us a long 
time to do, and that is parse information with respect to 
security classifications in a way that people get the 
information that they are entitled to and not information that 
they're not.
    Cross-domain security systems that allow accreditation 
across domains, not necessarily making one generic network, but 
having separate networks where the cross-domain security, that 
governance strategy, is already mandated and agreed to by all, 
will facilitate that movement of information across the 
network.
    There are a number of things that we can do, automated 
tear-lines, etc., and I think we are down the path of looking 
at doing all of those things. The DCI runs an Information-
Sharing Working Group. There are number of congressionally 
directed actions that we are looking at with respect to that, 
and we are making progress toward that.
    In the end, however, what it requires is that all of us 
come together with the common standards and protocols to 
facilitate that sharing, and that's an issue that's above any 
one Department.
    Mr. Leonard. Very quickly, sir, the one thing I would 
recommend being addressed is, as I alluded to before, the issue 
of unique agency prerogatives, especially those that are 
legislatively based. We currently have what I refer to as a 
patchwork quilt of various information protection and sharing 
regimes, not just in the classified arena but in the 
unclassified arena as well. We have literally dozens of 
unclassified--of protection regimes for controlled, 
unclassified information, many of which date back to the cold 
war, that we've never revisited. And we add to them every year.
    We now have controlled critical infrastructure protected 
information. We have sensitive security information in the 
transportation field. We have sensitive homeland security 
information. All these are unique regimes that are being 
created and unique rules that are being written that will 
definitely impede when people then try to fuse all these 
various types of information in a network environment.
    Mr. Shays. I thank the gentleman.
    At this time the Chair would recognize Mr. Kucinich.
    Mr. Kucinich. Thank you very much.
    I would first like to speak to the testimony of Mr. 
Aftergood. In part three of your testimony, you speak of the 
classification of the historical intelligence budget data, and 
you also get into the discussion, which Mr. Ruppersberger 
alluded to, about whether or not intelligence budgets ought to 
be classified.
    This is not an arcane question or one that actually can be 
left solely to the Department of Defense or the Central 
Intelligence Agency. This is a constitutional matter. We take 
oaths, not to defend the CIA or the Defense Department; we take 
an oath to defend the Constitution of the United States. So to 
provide an appropriate frame for this discussion, let me cite 
Article I, Section 9, Clause 7 of the Constitution, ``No money 
shall be drawn from the Treasury but in consequence of 
appropriations made by law, and a regular statement and account 
of the receipts and expenditures of all public money shall be 
published from time to time.''
    The Constitution of the United States makes it very clear, 
you can't have secret budgets. Our Founders anticipated that 
the only way to protect a democracy was to have it be open and 
that we know exactly how the taxpayers' money is being spent.
    Now, I alluded at the beginning of this hearing to a book 
called The Sorrows of Empire by Chalmers Johnson. Here's what 
he says about this article, about Article I, Section 9, Clause 
7 of the Constitution. He says, ``This article is one that 
empowers Congress and makes the United States a democracy. It 
guarantees the people's representatives will know what the 
State apparatus is actually doing, and it authorizes full 
disclosure of these activities. It has not been applied to the 
Department of Defense or the Central Intelligence Agency since 
their creation. Instead, there's been a permanent policy of 
``don't ask don't tell.'' The White House has always kept the 
intelligence agencies budget secret, and deceptions in the 
Defense budget date back to the Manhattan Project of World War 
II and the secret decisions to build atomic bombs and use them 
against the Japanese.
    ``In 1997, then Senator Robert Torricelli, a Democrat of 
New Jersey, proposed an amendment to the 1998 Defense 
Authorization Bill requiring that Congress disclose aggregate 
intelligence expenditures. He lost, but he was able to make the 
point that the intelligence agencies spend more than the 
combined gross national products of North Korea, Libya, Iran 
and Iraq, and they do so in the name of the American people, 
without any advice or supervision from them,'' from Chalmers 
Johnson.
    Now, I want to go a little bit more into this discussion, 
Mr. Aftergood. What about this? I mean, we are talking about 
something that is key to the survival of our democracy, are we 
not?
    Mr. Aftergood. We are talking about fundamental principles. 
It's easy to look at this, and think, oh, this is a detail, who 
really cares anyway. It's a fundamental principle.
    Budget disclosure is one of only two categories of 
Government information whose publication is required by the 
Constitution, and as you correctly say, Government officials 
don't take oaths to particular agencies. They take oaths to 
uphold and defend the Constitution.
    In this area, most Government officials have been derelict. 
I would add that it's not simply the White House. It's not 
simply the Bush administration. It's the Clinton 
administration. It's past administrations. It's the Congress. 
The last time the matter was voted on in the Congress in 1997, 
majorities in both the House and Senate voted against budget 
disclosure. I consider it a serious lapse.
    I should say that the Constitution doesn't say that 
everything must be open and must be published right now. It 
says it must be published from time to time, and that allows 
the possibility that things could remain secret for a period of 
time. But when the CIA says that 50-year-old intelligence 
budgets must remain secret, that tells me that they are acting 
in bad faith. When the Justice Department defends the CIA, as 
they are doing now, in Freedom of Information Act litigation 
against having to disclose such historical information, that 
tells me they are also acting in bad faith and not in accord 
with constitutional values.
    Mr. Kucinich. Thank you.
    I want to move on to Ms. Haave.
    Today's headline, Washington Post, Iraqi Teens Abused At 
Abu Ghraib, Report Finds; Officials say inquiry also confirms 
prisoners were hidden from aid groups. The article goes on to 
say among other things that speaking on the condition of 
anonymity, because the report has not been released, other 
officials at the Pentagon say the investigation also 
acknowledges that military intelligence soldiers kept multiple 
detainees off the recordbooks and hid them from international 
humanitarian organizations.
    Now, Ms. Haave, there have been several examples given 
today of instances where the Department of Defense has acted 
questionably in classifying information. These include large 
sections of the Senate Intelligence Committee's report on 
Iraq'sWMD program and the report of General Taguba on Abu 
Ghraib prison. Did your office make the decisions to classify 
those reports?
    Ms. Haave. Sir, my office did not make those decisions. 
Original classification authorities make those decisions as 
documents are being prepared. The review for security 
declassification is also made by the original classifying 
authority.
    Mr. Kucinich. Now, this morning's Post that I just pointed 
out to you points that you have several of these new reports on 
the Abu Ghraib prison abuse; they're near completion. This one 
report by Major General Fay describes the use of dogs to attack 
and frighten detainees, including Iraqi teenagers.
    So let me just ask you, for the record, will this report be 
made public, unclassified, in whole, and what about the report 
of the independent commission led by former Defense Secretary 
James Schlesinger that is also pending?
    Ms. Haave. Sir, I have not seen Mr. Schlesinger's report, 
so I can't answer that question. With respect to the Taguba 
report, for example, I know there were places where information 
was classified, and there were other places in the report where 
that same information was not classified. There is a security 
review being undertaken today that should be done in the next 
couple of weeks, and so that security review and its results 
will be made available to you.
    With respect to the General Fay report, I also have not 
seen that report in its entirety. I think large portions of it 
are unclassified, but again, I have asked, as a result of the 
interest in these reports, that the original classifying 
authorities go back and review and be sure that they are 
classifying properly those portions of the report that are 
classified, if they are.
    Mr. Kucinich. Have you ever been involved in keeping things 
classified as a way of protecting the administration from any 
embarrassment?
    Ms. Haave. Sir, I have not.
    Mr. Kucinich. Now, these instances that we just discussed 
occurred recently in regard to operations in Iraq, Mr. Tierney 
pointed out earlier--and he and I have had the opportunity to 
work together on the issues relating to the testing at the 
Department of Defense--how you had results withheld from this 
committee for 8 months relating to the planned National Missile 
Program, and the report and all 50 recommendations it made were 
then reclassified, though the report had been publicly 
available and disseminated before. Do you have any idea why 
this was done?
    Ms. Haave. Sir, I don't. I only just learned of this 
instance yesterday when my staff brought it to my attention. 
What I am willing to do, however, is to go back and review it, 
pull the information as best I can and have a conversation with 
you about what the results are after I do an independent 
assessment. I know that's not probably satisfying to you.
    Mr. Kucinich. How long have you been involved in this 
particular assignment that you have?
    Ms. Haave. In this assignment, as a deputy under, for about 
1 year, sir, and then, prior to that, I was a deputy assistant 
secretary for security and information.
    Mr. Kucinich. Are you familiar with the challenges which 
this committee made to the administration over gaining access 
and public release of materials with respect to the Missile 
Defense Program?
    Ms. Haave. Sir, not always. Typically, what happens----
    Mr. Kucinich. Is that a yes or a no?
    Ms. Haave. Sometimes, I am. For example, with respect to 
Abu Ghraib right now, I am aware of those things.
    With respect to missile defense, what happens is that the 
original classification authority, which in this case is 
probably the Missile Defense Agency, would handle those. I 
would not necessarily be apprised of those.
    Mr. Kucinich. Do you have any oversight over them at all? 
Do you look at their classification decisions?
    Ms. Haave. We do have oversight over the Department. Most 
of that is conducted at multiple levels, decentrally, and so 
they have a responsibility to assure that their people are 
properly trained. They have a responsibility to conduct self-
inspections and to report. We often will answer questions for 
them, and we sometimes go and visit. I cannot remember the last 
time that we had a conversation on this subject with the 
Missile Defense Agency.
    Mr. Kucinich. Mr. Chairman, the question that I think needs 
to be asked here is, who has the final word on classification? 
I mean, you can chase this thing around a tree forever. Who has 
the final word on classification, let's say, on the Missile 
Defense Program? Do you have the final word or don't you?
    Ms. Haave. No, sir. The Missile Defense Agency has the 
final word, to the best of my knowledge. What we have done 
inside the Department, that is a recent change, for example, 
with respect to the habeas cases at Guantanamo is that we have 
convened a group of people, for example, from Guantanamo, from 
SouthCOM, from the office of the Secretary of Defense in order 
to take on these classification/declassification issues. And 
where there are impasses, where people cannot come to 
agreement, those things will now be brought forward to me, and 
I will make the final classification decision. That is new in 
the Department of Defense.
    Mr. Shays. At this time, the Chair would recognize Mr. 
Tierney.
    Mr. Tierney. Thank you, Mr. Chairman.
    Ms. Haave, I don't mean to pick on you, but I do want to 
followup on this line of thought. First of all, I'm grateful 
for your offer to look at that information and get back to us. 
I presume you will do that within a week or two.
    Ms. Haave. Yes, sir, I will.
    Mr. Tierney. I'll tell you why, because I think the public 
needs confidence that this classification system is not being 
used for political purposes, that it's not being used to 
demonize somebody or to avoid embarrassment. We have serious 
issues here, and they are how we're going to apportion our 
resources and whether we're going to apportion them fighting 
the cold war and looking backward with a National Missile 
Defense System that's unproven and untested, or whether we're 
going to acquire resources for the most immediate threat 
according to our own intelligence agencies and almost every 
other independent body that has looked at what our needs are at 
this point in time.
    You heard my rendition of how we press this matter, and I 
want you to know that Mr. Waxman, who is the ranking member of 
the full Committee on Government Reform, and I sent a letter as 
far back as March 25th of this year, March 25th to Secretary 
Rumsfeld objecting to his reclassification of already public 
information, as well as his classification of a report based on 
that.
    And essentially, we found that this is important 
information. What he is doing is preventing a public debate on 
this. We can always debate whether that's a system that's 
necessary or not, but we do need a debate on whether or not it 
should be going to the field unproven or untested and how much 
money we are going to spend or how we're going to spend $10 
billion. And that's something that the American people need 
confidence that those decisions are being made.
    He has not responded yet. So you should know, we can give 
you a copy of that letter, but since March 25th, they haven't 
had any hesitation in going forward and saying that they're 
going to deploy this system and making a big political 
hullabaloo about it for those that they're interested in 
satisfying, but they haven't found time to respond to, I think, 
very legitimate instances.
    Let me share with you one other aspect you may want to 
investigate when you look at this. Theodore Postol is a 
Professor of Science and Technology and National Security at 
the Massachusetts Institute of Technology. At one point in 
time, he wrote a letter to the White House that described how 
the Missile Defense Agency had doctored results of the National 
Missile Defense test to hide the fact that they could not tell 
the difference between simple decoys and warheads. He described 
how the Agency had altered its entire test program to hide that 
flaw.
    Subsequently, two General Accounting Office reports issued 
in March 2002 verified the facts that he had written about to 
the White House.
    The way the Agency responded to that was by claiming that 
it was classified. What it did beyond that was it then sent 
three agents to deliver a letter to Mr. Postol that was 
classified as secret. The letter contained nothing more than 
publicly available information deemed classified by the 
Government, in his words, so that the Agency could claim that 
he would be violating security agreements if he continued to 
speak on the matter of national security. That's pretty 
extraordinary.
    That's going to a pretty extreme length, and that's just 
not a matter of oversight for somebody making a bad decision 
about that. That's a conscious decision to try and muzzle 
somebody who had very specific and worthwhile information for 
the public to know and for us to make determinations on how 
we're going to allocate our resources.
    So I hope you will also look into that matter. We can send 
you some information on that. Will you do that?
    Ms. Haave. Yes, sir.
    Mr. Tierney. Thank you. That should make every American 
concerned about just how these decisions are being made.
    So with that in mind, and I note, Mr. Aftergood, you had a 
very nice thought in your report that congressional oversight 
is necessary and important, but you say it need not be arduous 
or an elaborate undertaking; it can be as simple as posing a 
question to the Pentagon. That's not so. We have been posing 
this question for years and getting stonewalled on it.
    So I think what we might discuss here is beyond--now, 
that's the way Government should work and that's the way we'd 
like this administration to work. They clearly are not working 
that way, given the lengths to which they go to get Mr. Postol 
quieted and the fact that we haven't had an answer from March 
25th. It took us to 2000 to get this information first to the 
public domain and then reclassified.
    What's a better way for congressional oversight--and that's 
the question I pose to each of the members of the panel--after 
we have the challenge or the classification determination made 
within the administration by the Interagency Security 
Classification Appeals Panel, ISCAP, which is nothing more than 
executive officers looking it over, although they have had a 
pretty good record of ordering some declassification that's not 
a 100 percent when they don't agree with the public, when the 
public raises a question about reclassification, and as to 
declassification, where do they go? What should be Congress' 
role? How do we get some decent oversight that sticks to what 
we are trying to do here and not go beyond that?
    Mr. Leonard, I'll start with you and maybe go left to 
right.
    Mr. Leonard. If I understand your question correctly, sir, 
is, where would the public go after, for example----
    Mr. Tierney. Well, when Members of Congress who says we'd 
like have this declassified, the executive says no, then you 
have Mr. Aftergood's recommendations, have a nice letter 
saying, please reconsider and let us know what your thoughts 
are, and they basically send you off into ether space 
somewhere.
    Mr. Leonard. Basically, pursuant to the order right now, 
you've identified one of the two primary routes individuals 
have. One is to go through the courts, through the Freedom of 
Information Act process.
    Mr. Tierney. What's the record been on that? Is anybody 
familiar with any court----
    Mr. Leonard. My understanding is that almost without 
exception the courts will always defer to the executive branch.
    Mr. Tierney. Exactly.
    Mr. Leonard. And the other process that you alluded to, 
that's provided for in the Executive order, is to go to this 
administrative appeals process, to this interagency group which 
does have at least somewhat of a more favorable record with 
respect to releasing the information.
    My experience has been that, when a group of agency 
representatives get together rather than just the owner of the 
information, you get a less parochial view of the situation, a 
more holistic assessment, and I believe, off the top of my 
head, the historical record is that, approaching 60-some odd 
percent of the time, the panel will override an agency's 
determination in whole or in part.
    Mr. Tierney. I appreciate that account.
    Now, we get to the point where, in instances, the decision 
back to thepetition, whether it be a Member of Congress or a 
member of the public in general, is unsatisfactory, Congress 
should have a role to play here. That's our oversight 
responsibility. We've had hearings here. We get stonewalled 
left and right. So what you're saying, our only response is to 
subpoena and beat it out of them, and in that sense of the 
word, ought there to be some statutory change? What's your 
opinion where we should go from here?
    Mr. Leonard. The challenge there is that, by and large, the 
exercise of classification authority has primarily been 
pursuant to the President's constitutional Article II 
authorities, and that, of course, would complicate any sort of 
legislative remedy with respect to ultimate decisions along 
those lines.
    Mr. Tierney. So you're saying, nowhere, we're stuck?
    Mr. Leonard. I do believe that there can be more responsive 
means by which to resolve disputes. I believe the ISCAP process 
can be enhanced. I believe----
    Mr. Tierney. How would you do that?
    Mr. Leonard. One of my concerns is the ISCAP process right 
now is primarily--and I'm not trying to be disparaging here--
but is primarily a hobby horse for historical researchers. And 
again, that's important that they get that kind of information, 
but I believe that process can be used for more relevant, more 
timely information as well, and I believe it can be stepped up, 
possibly with some sort of specific time limitations for action 
and with consequences if action is not taken; for example, 
absent of a decision, such and such would occur. Those types of 
remedies at least provide for a responsiveness and provide for 
some consequences if attention and resources are not devoted to 
that topic.
    Mr. Tierney. Ms. Haave, since that's in a Presidential 
Executive order, would you recommend to the President that he 
take that kind of action and step it up, as Mr. Leonard says, 
or what would be your remedy for Congress and the American 
public?
    Ms. Haave. I think there are a number of things that we can 
do that are different from how we've been doing this in the 
past. The first step I just described, within the Department of 
Defense, for this limited classification review for these 
reports, but that's not to say that we shouldn't put in place a 
process whereby that information comes to me or comes to 
whoever sits in my position or in a different position as 
decided by the Secretary and is an adjudicator within the 
Department. That may, in fact, facilitate and speed some of the 
questions and answers that you appear to want.
    I think the ISCAP could, in fact, be expanded a bit beyond 
its typical historical base to do those kinds of adjudication 
when the Congress is feeling that it's not getting the 
information that it needs.
    On that committee sit representatives from each of the 
agencies. We review the information that's in question. We 
research it, and we make our decisions. And that could, in 
fact, for your information, be provided to you.
    Mr. Tierney. Is my understanding correct that right now 
ISCAP does not do that? For instance, if the Secretary ever 
decided to respond to our March 25, 2004, letter, and we wanted 
to appeal that to ISCAP, we'd be thrown in the pile and maybe 
never reached at all.
    Ms. Haave. Mr. Leonard could probably answer this. I don't 
know that the Congress has ever come to ISCAP and asked for 
that.
    Mr. Leonard. There's no reason why that could not be 
processed according to those procedures.
    Mr. Tierney. With respect, of course, that then those 
executives, which would include the Department of Defense 
Secretary, would then want to respond from that body where they 
haven't responded individually.
    Mr. Leonard. That's correct.
    If I could make one further point, Mr. Congressman, that I 
neglected to make. There is currently on the statutory books 
since 2001 a Public Interest Declassification Board. This is an 
outgrowth of Senator Moynihan's Secrecy Commission. It was his 
legacy. It does exist on the books, as I say.
    The administration has taken action to look to appointing 
some members, but quite frankly, there has been no action from 
the legislative branch that I'm aware of to appoint their 
members. And this is an existing forum that does exist that 
will allow for some of these issues that you addressed to be 
worked out in such manner.
    Mr. Tierney. Thank you.
    Mr. Aftergood.
    I'm taking license here, Mr. Chairman, for the last two of 
these. Thank you.
    Mr. Aftergood. There's a pending proposal that's been 
introduced in the House and the Senate. In the House, it's H.R. 
4855, to create an independent National Security Classification 
Board, which I believe is intended to serve as a forum to 
mediate these kinds of disputes. In several ways, it really 
replicates the Public Interest Declassification Board that Mr. 
Leonard mentioned, but it's something that's maybe worth 
considering.
    To answer your question directly, what to do, I think look 
at what works and strengthen it. ISCAP works on a small scale. 
It has led to the declassification of all or part of the 
majority of disputed cases it has worked on.
    ISOO, Mr. Leonard's organization, if he will forgive me, 
works. A couple of months ago, I faxed him, Mr. Leonard, a 
letter pointing out the Taguba report seemed to be improperly 
classified. He responded to me the very same day, initiating an 
investigation and carrying on some work he already had 
underway. I thought it was an extraordinary response from a 
Government agency. Nobody responds like that.
    But ISOO is a tiny organization, particularly when it's 
compared to the vast expanse of the Government classification 
system.
    But look at what works and strengthen it. I would even say 
that your questions that have been stonewalled are not without 
effect. I don't think Ted Postol would say that you have 
accomplished nothing. I would think he would say you have 
accomplished a great deal by standing up for his interests over 
a period of years.
    Regular hearings are very important. I think, perhaps when 
Mr. Leonard's organization puts out his annual review of the 
classification system, it might be an opportune time to hold 
regular oversight hearings on what's going on in the 
classification system, what's going right, what's going wrong.
    Harness the courts. The scope of judicial review has 
shrunken over the years to the point that courts now routinely 
defer to executive branch agencies. They say, if you say it's 
classified, that's all we need to know, we're not going to look 
further. That is not what Congress intended when it enacted the 
Freedom of Information Act. I think if there is the political 
will, it would be very desirable if Congress could say our 
intention is that the courts do real review of classification 
decisions. That doesn't mean overturn them all the time. It 
means look at them and see if they make sense. Do not defer. 
Exercise your judicial function. If that can be accomplished, 
then a great deal will have been done.
    Mr. Tierney. Thank you.
    Mr. Crowell.
    Mr. Crowell. Mr. Tierney, I think, in fairness to the 
Markle Foundation, I should say that they have not studied this 
issue, and I cannot represent them on it, but I do have 
personal views.
    Mr. Tierney. Well, let me hear your personal views.
    Mr. Crowell. First of all, I participated in the Commission 
on Secrecy that Senator Moynihan conducted, and as a result of 
some of that participation, I have seen large numbers of 
Government documents released and declassified.
    My personal belief is that we have to start with the 
policies that currently exist and the guidelines that currently 
exist at the department and agency levels, and we have to 
refine them and redefine them in some ways in which we 
emphasize what needs to be released to the public and what must 
be shared with other agencies in order to conduct the fight on 
terrorism, as opposed to the current mechanism which is owing 
it toward what must be protected.
    Second, guidelines that are completely inconsistent with 
those policies should be developed in each agency. Each agency 
has a unique problem that they have to deal with in terms of 
substance and so on, but they should be refined even further 
to--and issued in each agency and then reviewed by those 
departments to make sure they are consistent with the policies 
of release and of sharing.
    Third, there should be metrics and audits that are 
conducted, as many of them as possible conducted in automated 
means, which means that you actually look at trends that were 
discussed here by the committee, and each agency expected to 
review those audits and those trends and make reports.
    Finally, there should be a compliance mechanism which says, 
here are the consequences of not following these policies.
    And I said finally, but I think the final thing is that 
there should be reports to Congress which essentially say how 
the policies and guidelines are being followed and how 
consistent the practices and conformance is across the entire 
Government. I think that's at least a fair way in which we can 
approach the problem.
    Mr. Tierney. That's very helpful.
    I thank all of you for your testimony.
    Mr. Shays. I thank the gentleman.
    I want to just first start out by saying, I have this 
impression that the President's in charge, and then it 
degenerates into 4,000 people who then make the decision. I 
used the word degenerate, but I mean, in other words, it goes 
down to 4,000 people. Is that a right impression or a wrong 
impression?
    Mr. Leonard. The one thing I would modify that with, Mr. 
Chairman, is the critical role that agency heads play. The 
President, in his executive order, directs agency heads to take 
personal involvement to ensure the commitment of senior 
management.
    Mr. Shays. So how many people do we think it would be? In 
other words, if the President wanted to delegate to one person 
and say we need to change this and I want to get everybody 
together, you're not going to get 4,000 people together. How 
many people would the President need to get together with?
    Mr. Leonard. You would need to get together those agency 
heads with original classification authority, as well as 
especially those agencies with other unique statutory or 
regulatory authorities in this related area. You're talking 
dozens. I can't give you an exact count, but it is----
    Mr. Shays. It would be just dozens?
    Mr. Leonard. I'm sorry, sir.
    Mr. Shays. It would just be dozens? It would be under 100?
    Mr. Leonard. Yes, sir. I firmly believe that those 4,000 
original classifiers can respond very effectively to the 
leadership of their individual agencies. That's where the tone 
is set. That's where, that's where----
    Mr. Shays. Let me say, where I think the tone is set is at 
the very top, and I have this general view that most 
Presidents, but particularly this administration, believe that 
the less known, the better. I happen to believe the more known, 
the better. I think they draw on experiences of past 
Presidents, Iran Contra, you go through this list of it, and 
there's this general view that I hold that you don't talk, you 
don't tell, you don't discuss, you don't disclose. That's a 
view I hold as a Republican about, frankly, a Republican 
administration.
    At any rate, the tone is set to the agency heads, and you 
believe that, ultimately, agency heads set the tone for the 
various people, the 4,000 people that work under them.
    Mr. Leonard. Absolutely, sir. Secrecy is an important tool, 
especially in time of war, but it is a tool that comes at a 
price.
    There's a consequence to secrecy, and my frustration is 
that I do not believe that this Government, through its 
agencies, consistently approaches the issue of to classify or 
not as a deliberate process, as an informed process; that 
secrecy in some quarters is almost a fundamental first 
response.
    Secrecy can be a fundamental issue, and it should be. It's 
a fundamental tool, but it should never be an automatic first 
response, because there are consequences to it, and that's what 
we have to instill, from my perspective, a more informed and 
more deliberate process in terms of to classify or to not.
    Mr. Shays. Let me get into that in a second, but Ms. Haave, 
do you disagree with the general view that it's the President 
down to agency heads and then 4,000 people?
    Ms. Haave. Clearly, there's a framework that we work to 
that is executed by the agency heads through the Department. I 
will say that, with respect to a number of the reports that are 
coming out now and because of the interest in them, that the 
timeframe by which we would do these security reviews normally 
has been shortened, and in fact, the Department has had 
actually a good history of declassifying large amounts of 
information. In fact, the Under Secretary of Defense for Policy 
has initiated a tiger team, if you will, to look at documents 
pertaining to pre-Iraq and Afghanistan, as to whether or not 
they can now, in fact, be declassified.
    So I think there is no doubt that, at the top, the tone is 
set, and I think that is executed through the Department. We 
have somewhere on the order of 2 million cleared personnel. 
That's equivalent, roughly, I think, to the population----
    Mr. Shays. What's that mean?
    Ms. Haave. People who have clearances, confidential, 
secret, top secret. That's roughly equivalent, I think, to the 
population of the State of Rhode Island. So it's not an 
inconsequential effort that we go through, the way that the 
Department does it, that it's decentralized.
    Mr. Shays. I don't know what that says to me. You're 
saying, 2 million people can look at classified documents. How 
does that relate to the issue of overclassification?
    Ms. Haave. What it says is that how we conduct our 
training, how we conduct our oversight, we probably are the 
largest organization that has classified information.
    Mr. Shays. I understand, but I don't gain any comfort from 
that or not because, once something is classified, I don't have 
the right to talk about it.
    Ms. Haave. Correct.
    Mr. Shays. I don't have the right to talk about it. I have 
oversight of the Department. I can't talk about it, and I have 
17 years now of experience and some huge disagreements with 
your Department, and, I mean, my own Government's Department of 
Defense.
    I'm grateful for what the Department of Defense does. But I 
can go back to 1991 where I had an Inspector General who said 
they classified a study. Our study was that we had determined 
that 40 percent of the masks were basically leaking. These are 
the chemical masks, and nobody's doing anything about it, and 
it's classified. So they came to me. I went to Senator Riegle 
at the time, who also knew about this, to say, what do we do 
about this? And there was this play on two different parts. One 
is we didn't want to disclose.
    First off, the Army disagreed that they were vulnerable and 
that they leaked. So we debated for 6 years on whether the 
Inspector General's report was accurate, which for the most 
part was, and we had this issue of, well, do we declare that 
we're vulnerable. But then I had this knowledge that the men 
and women who were putting these things on were putting on 
masks that didn't basically work. They didn't know it.
    Now, the Department was saying, well, it's still a debate. 
It didn't seem to me we should have debated for 6 years whether 
this Inspector General's report was valid, and yet we finally 
outed this report when we started to talk about Gulf war 
illnesses because it happened to relate to it, and then it was 
made public by the Department of Defense. They put it on the 
Internet, and then they took it off.
    I mean, that's just one experience that I've had, and 
frankly, I just, for the life of me, don't know how to have 
dealt with it. I couldn't disclose it, and yet I knew about it.
    I'd like to know--Mr. Aftergood first, why don't you just 
start--is this a President to executive heads to potentially 
4,000 people?
    Mr. Aftergood. My perception is that it's the agency head 
level that is the most important, perhaps even more important 
in some ways than the President. If you look back over the past 
decade, what you see is that openness and transparency flourish 
where the agency head cares about the subject and wants it to 
happen. They care about it, it happens. If they are 
indifferent, it doesn't happen.
    In the Clinton administration, we had former Energy 
Secretary Hazel O'Leary who, in fact, got way out in front of 
her own administration with an openness initiative. Some people 
said she declassified to a fault. I don't necessarily agree 
with that, but the point is, she cared about the issue. She 
made it a priority. It happened, even over the resistance of 
her own agency.
    In the first Bush administration, DCI Robert Gates had his 
own modest openness initiative in the intelligence community. 
It's the agency heads who really make stuff happen.
    Mr. Shays. I don't want us to be naive. I don't want us to 
be foolish, but I just really believe when I look at the 
documents that I've seen, my number comes closer to the 90 
percent overclassified than the 10 percent because I would tell 
you, page after page, slide after slide, I would look at the 
Army folks, the Marines, the Air Force, the Navy folks who 
would give these briefings, whether in Iraq or anywhere else, 
and I'm saying, is this classified? And it would have, you 
know, some classification, and I would be dumbfounded as to 
why. Collectively, when I start to think about it, I can hardly 
think of a few things that I felt were classifiable material.
    Let me ask you, Mr. Crowell, your view of the President, 
the agency heads and then the 4,000. Is that the way you view 
it?
    Mr. Crowell. Again, this is a personal answer and not 
reflective----
    Mr. Shays. Yes, it's an answer based on the fact that I 
read your bio.
    Mr. Crowell. I have gotten the experience.
    Mr. Shays. Yes, you have a hell of a lot of experience, and 
that's not secret.
    Mr. Crowell. I would agree, first of all, that the overall 
tone is set in policies that come from the Presidents to 
Departments, but I would also agree with the members of the 
panel that the agency heads really set the tone for what 
happens on the day-to-day basis, on whether or not people are 
properly trained, properly oriented and whether or not there 
are any consequences whatsoever for classifying something 
improperly.
    Mr. Shays. Let me do this. Let me ask this one other 
question, then go to Mr. Tierney.
    You get the quote for the day, Mr. Leonard. You said, for 
example, ``it is no secret that the Government classifies too 
much information.''
    What is a secret to me is whether it's 10 percent or 90 
percent. I'm going to ask each of you to give me your best 
estimate of whether you think we classify, overclassify too 
much to the level of 10 percent or closer to the level of 90 
percent. I'm going to give you an opportunity to answer last. 
You had the quote of the day.
    Mr. Crowell, I want you to give me the answer. What is the 
secret to me is whether it's 10 percent or closer to 90 
percent.
    Mr. Crowell. In all fairness, Mr. Chairman, I have to put 
some context around the question. I realize you framed it 
carefully. I'd like to frame the answer carefully.
    I believe, with regard to advanced technologies and weapons 
systems and so on, it would be more favorable to proper 
classification initially, but it would remain classified for a 
longer period of time than most people might consider 
appropriate when you look at the pace of technology today.
    Mr. Shays. So, on the technology side, you would be closer 
that we overclassify over 10 percent or less, but over time, 
it's still classified, and then you could maybe make the 
argument that it is closer to the 90 percent over time?
    Mr. Crowell. That's correct, sir. With regard to sources 
and methods in the intelligence field, I would have the same 
general, although I'd make it an 80/20 cut.
    Mr. Shays. At the end?
    Mr. Crowell. Yes. It would be 80 percent properly 
classified to protect a source or a method in the beginning, 
and then over time that source and method goes away and it 
doesn't get declassified.
    Mr. Shays. And it should be, in your judgment.
    Mr. Crowell. With regard to information----
    Mr. Shays. It should be--over time be declassified.
    Mr. Crowell. Yes. With regard to information, that is the 
essence of conclusions either of analysis or whatever, I think 
it tends to be overclassified quite heavily because people fear 
that sources or methods will be revealed when, in fact, if they 
did their own careful analysis, they would find that a lot of 
information, just set as information without saying where it 
came from and who produced it, would be unclassified.
    Mr. Shays. You know what, this is a longer answer than what 
I am expecting.
    You want to jump in?
    But they're good answers. It's not a reflection on you, 
these are excellent helpful responses. Mr. Aftergood.
    Mr. Aftergood. My personal access to classified information 
is very limited and entirely unauthorized. I don't feel 
qualified to answer that in any detail. I would say that your 
question is predicated on a correct assumption that 
classification decisions are subjective.
    Mr. Shays. Could I ask you a question? Based on your 
answer, are you saying you're like Woodward, you just basically 
get all this information but----
    Mr. Aftergood. That's not the way I would put it, but I 
would say sometimes I stumble on stuff, sometimes people send 
me stuff. That's just the way it is. Classification is a 
subjective matter. You know, I might have my opinion, others 
will have their opinion. What do you do about it? I think if 
there are 4,000 people in the executive branch who are out 
there classifying information, maybe we need, if not 4,000, 
then at least dozens of individuals or entities distributed 
throughout the executive branch whose job it is to oversee and 
to look for overclassification, many ISOOs planted throughout 
the executive branch that function like antibodies to counter 
inappropriate classification. Just as classification authority 
is widely distributed, maybe we need to find a way to widely 
distribute declassification authority, people whose only job is 
to look for overclassification.
    Mr. Shays. OK. You're getting to me like Alan Greenspan, 
you're talking in tongues a little bit for me. My original 
question was the 10 percent/90 percent.
    Mr. Aftergood. And my original answer was I don't know.
    Mr. Shays. But you used that as a wonderful opportunity. I 
didn't catch on right away.
    Ms. Haave.
    Ms. Haave. I agree with that. I don't know.
    Mr. Shays. No, you do know. You do know more than most.
    Ms. Haave. I do believe that we overclassify information. I 
do believe that it is extensive not for the purpose of wanting 
to hide anything, but I will tell you that with respect to 
military operations, people have a tendency to err on the side 
of caution and so therefore may in fact classify things, and at 
the time they could, in fact, be classified. Military 
operational data tends to be perishable. So after the operation 
much of that can be declassified.
    There are clearly things that will continue to take place 
in an operational environment that we do not want to release. 
And those are--you know, have to do with sources and methods 
and----
    Mr. Shays. So you're basically saying it's greater than 10 
percent, but you're not suggesting how much greater.
    Ms. Haave. How about if I say 50/50?
    Mr. Shays. OK. That's significant. Someone in your 
experience would say we tend to do it 50/50. I think that's 
quite significant. Thank you.
    Mr. Leonard.
    Mr. Leonard. Two approaches. One is information that 
shouldn't be classified in the first place is ineligible to be 
classified. That's a number that, quite frankly, from my 
perspective over the past year, is disturbingly increasing, 
where information is being classified that is clear, blatant 
violation of the order.
    Other than that, as Mr. Aftergood pointed out and as I 
pointed out in my testimony, this is an act of discretion. It 
is an application of judgment by an original classifier. To 
give some empirical basis to my answer, I serve as the 
executive secretary for the appeals panel. And at least in that 
environment, in those instances where the panel still votes to 
uphold the classification, based upon my over 30 years of 
security and counterintelligence background, my personal 
opinion, my personal judgment, is even that is overclassified. 
And so from that point of view, I would put it almost even 
beyond 50/50 in terms of when it comes to applying judgment, 
there's over 50 percent of the information that, while it may 
meet the criteria for classification, really should not be 
classified in terms of what we lose. The price we pay for 
classification outweighs any perception, any advantage we 
perceive we gain.
    Mr. Shays. Mr. Tierney.
    Mr. Tierney. Thank you.
    Ms. Haave, when a document comes from the Department of 
Defense and is marked on it ``For Official Use Only,'' who 
creates that designation and what exactly does it mean?
    Ms. Haave. ``for Official Use Only'' is not a 
classification level. It's an exemption, if you will, from 
public release for certain types of information that may have 
to do with privacy, it may have to do with proprietary 
information, it may have to do with law enforcement 
information. There are categories of information. ``for 
Official Use Only'' does not mean, however, that is releaseable 
to the public.
    Mr. Tierney. So let's take an example of the situation 
where a director of operations, in testing an evaluation, 
issues a report that he is required by statute to make, comes 
before the Government Reform Committee and testifies orally as 
to the content of that report in significant detail without 
objection from the Department of Defense. There are charts, 
there is written testimony, it's on C-SPAN, it's recorded and 
replayed on C-span. That information is put on Web sites, 
remains on Web sites for an extraordinary amount of time. 
Groups like the Union of Concerned Scientists and other outside 
experts review the information and put opinions out with 
respect to it.
    And then months later, in answer to a request of this 
committee that the report be issued out, all those things being 
in the public domain for almost a year, the committee gets a 
document saying ``For Official Use Only.'' How does that fit in 
with the classification or with the description that you just 
gave me? What category does that fall under?
    Ms. Haave. Without knowing the substance of the report, 
sir, it's hard for me to--and I won't look at the substance of 
the report.
    Mr. Tierney. Well, I can tell you the substance of the 
report was public for almost a year, but it was publicly stated 
it is a statutory report.
    Mr. Shays. Will the gentleman suspend? Let me tell you this 
is the challenge that we face as a subcommittee. Part of our 
responsibility is to--in the context of a public hearing--is to 
disclose what we've learned. When we get documents ``For 
Official Use Only'' we don't know if that's classified or not 
classified. Frankly, the way I treat it is you would prefer 
whoever sends it that it not be publicized, but we have every 
right to publicize it. That's kind of the way I interpret it.
    Mr. Tierney. With all due respect, it goes beyond that for 
me, as you know. It's to the point of ludicrous. When you put 
it out there in the public domain for that, the Department does 
not object to its--nobody came in and said this individual 
shouldn't testify. It's a statutory report. Then to try and put 
some sort of designation, which admittedly is not a 
classification, smacks to me of just an attempt to put this on 
and hope they don't put it out, because we'd like to keep it 
secret, and then some years later when that information is used 
for the foundation for a very critical report on something that 
a group of people want to politically do, it's classified 
retroactively. That's the challenge.
    I don't expect you to answer this now. I don't want to be 
unfair to you or anything like that. But that's the challenge I 
want you to take back with you on that. Because that is an 
insult to the American people, to the public, to this 
institution of Congress which continually struggles with the 
way in which it's going to do its oversight. If I have to be 
critical of all the things with this particular Congress, the 
last of this 108th, 107th, it's an absolute abdication of our 
responsibility for oversight. A lot of it is not the fault of 
Congress but the fault of a totally uncooperative 
administration that will not be forthcoming and will not 
cooperate and will not work with Congress to allow it to do its 
job and feels that the executive--the prerogative surpasses any 
responsibility to Congress and doesn't allow or want Congress 
to do its constitutional functions.
    I think we've got to redraw that balance. Congress has to 
have the ability to have oversight. It should be strong 
oversight if we're going to have a successful government here, 
particularly in view of the 9/11 Commission Report.
    If we have, as we do have, the challenge of homeland 
security and protecting these people or whatever, and if we 
want to give more authority to a national intelligence director 
and to a center on counterterrorism, then we had better have an 
equally aggressive congressional oversight, or it's going to 
lead to an executive that is out of control, taking this 
country in a direction we may not want to go. So it has to be 
corresponding--for to us do the job we need to do against 
terror, we have to have that national intelligence director, I 
believe, and a counterterrorism center. But that only works if, 
correspondingly, we have a strong congressional oversight 
authority that goes in line with what our constitutional 
responsibilities are, and that means getting this issue of 
classification under control and not having that kind of a 
situation where you get ``For Official Use Only'' nonsense sent 
up here after it has been in the public domain, and then a 
reclassification just because a report is critical and doesn't 
let you go off in some ideological path here to try to satisfy 
one element of your supporters on that.
    So I thank you. I won't ask you for an answer on that 
because it really was more rhetorical than anything. But please 
do get us your review of that. Let us know. We do need to get 
the bottom of that particular issue.
    Thank you, each and every one of the witnesses, for the 
valuable contributions you have made here today.
    Mr. Shays. I agree with the gentleman. You have been a 
wonderful panel and very helpful.
    I am going to ask another question that I am wrestling 
with. I don't expect necessarily I'm going to get definitive 
answers. But in my capacity of chairman of the National 
Security Subcommittee, we oversee Defense, State Department, 
and the Department of Homeland Security, for programs, waste, 
abuse, fraud, how well are they running the program and how 
well they are not. So we have a keen interest in the 
notification system. The country has been at yellow, which is 
elevated alert. Everybody thinks we've just been at general 
alert, because that's the way we feel. But we're at elevated. 
When we kick into orange, which is high alert, that's quite 
significant.
    We kicked into high alert last December, and we kicked into 
high alert because we were basically told planes might be 
hijacked from Europe to the United States and a concern that at 
a high-profile event a dirty weapon might be used. Now, there 
was more detail to that. The public had a general basis to 
understand it was something like that.
    So when people called and asked should their kids fly to 
Europe during Christmas when they heard we went to orange, I 
said well, I wouldn't have my daughter fly to Europe because 
she'd have to fly back. The flying back was the concern.
    When I had groups say, well, if we went to an event like 
New Year's Eve in New York, would it make sense to bring my 
kids? I said, well, I sure as heck wouldn't bring my child. In 
fact, I would think twice before going because it is at a 
potential target.
    Now, in the process of having Admiral Loy come before us, 
the Deputy of Department of Homeland Security, I asked him what 
was the threat? He said to me, I can't disclose this in an open 
forum, and I am thinking to myself, let me get this straight: 
The terrorists know that they're going to hijack a plane and 
the terrorists know they want to do the following, and the 
government knows, but the public doesn't know that may go to 
those venues.
    I just find that absurd to the point of wondering how could 
he have said no. He did say no. He said no more than once when 
I requested it. Walk me through his best argument as to why he 
would say that. It may be a very good one, and you can wipe the 
smile off my face, but tell me the best argument that you would 
know for not disclosing this information when the terrorists 
knew and the committee knew and certain privileged people knew.
    By the way, I want to say this to you. Every staff person 
and every Member who got that briefing told me they wouldn't 
fly to Europe and they wouldn't go to a venue like New Year's 
Eve in New York. So they knew. The public didn't know, and so 
tell me the best argument here.
    Mr. Leonard. Without knowing the specifics myself, sir, the 
best argument that I could articulate is concern possibly that 
what we knew, how we knew it, the specificity that we knew it, 
and whatever might reveal sensitive sources and methods that 
was used to collect that information.
    At the same time, though, I would like to make one very 
important point. As you know, the President amended Executive 
Order 12958 just last year. One of the things we specifically 
included in that order was that when it comes to homeland 
security, when it comes to imminent threat to life or to 
property with respect to homeland security, and there is 
classified information that individuals need to have, the 
absence of a security clearance shall not serve as an 
impediment to the sharing of that information.
    Mr. Shays. So, for instance, if the chief of police of New 
York needed this information, he could get it.
    Mr. Leonard. Exactly. Just a couple of months ago I had a 
rather senior official come up to me and say--this was post-
Madrid bombing--he said, I was in this environment, I had some 
senior private sector individuals there, I was telling them 
what they needed to do post-Madrid, they wanted specifics; I 
felt compelled that I had to give them specifics, so I 
disclosed classified information to them.
    The reason he was bringing it up to me, he turned to me, he 
said, Leonard, am I going to have problems with my polygraph 
the next time I take one? I was able to assure him absolutely 
not, because that is exactly what that revision of that policy 
was intended to address, those types of situations.
    The challenge now for agencies--and not all agencies are 
there--is to implement this provision within their own 
implementation regulations so as to empower their rank and file 
to be able to have that same confidence. He did it not because 
he knew about the policy, he did it because he had the rank 
that gave him the confidence. But we need to empower people. 
That was the intent behind that policy revision. It was very 
important, and we need to move out on implementing it.
    Mr. Shays. Thank you for sharing that. Is there any 
question we should have asked any of you that you might have 
prepared that for, that you think needs to be part of the 
record? Frankly, sometimes that question elicits some of the 
most important information we get from a hearing. Is there 
anything that we need to put on the record, anything you feel 
guilty about that wasn't.
    Mr. Aftergood. I might add one quick thing. This whole 
subject has been investigated by a congressional commission led 
by Senator Moynihan, the Commission on Protecting and Reducing 
Government Secrecy. They took a year or more, couple of million 
dollars, produced an excellent report, a whole series of 
recommendations. It essentially went nowhere.
    I think one of the lessons of that is that one should not 
be overly ambitious in trying to fix this whole problem at a 
single blow. And that's why I think it is of particular 
importance that the 9/11 Commission recommendation to start 
with intelligence budget declassification is such an astute 
one, because it is a finite, specific, achievable goal that 
will have positive consequences throughout the system.
    Mr. Leonard. If I could reiterate one point, Mr. Chairman--
I alluded to it before--but speaking of Senator Moynihan again, 
there is his legacy, the Public Interest Declassification 
Board. That is legislation that was passed several years ago. 
It's on the books. It's never come to fruition. I personally 
would urge you, to the extent you can, to confer with 
leadership in the legislative branch to see if there's a way to 
move forward with that. It's not a silver bullet, it's not a 
solution, but it is a tool that's out there right now that 
provides for legislative executive branch interaction on this 
issue. And I know from my understanding, I believe the 
executive branch is ready to make some nominations to serve on 
that board.
    Mr. Shays. That's interesting as well. Thank you.
    Ms. Haave. I also would like to say that I think the 
discussion really needs to be about risk and how much risk 
we're willing to take. For example, if another organization has 
information that is relative to the Department of Defense and 
the protection of lives, and we would like to have that 
information released to protect our forces, is it that one 
person could be saved, 10 people could be saved, 100 people, 
1,000, 10,000? At what point does that risk decision come into 
play and how do we make that risk decision in the best interest 
of the Nation?
    Mr. Shays. Yes. OK. Thank you. Mr. Crowell, did you have 
any?
    Mr. Crowell. I would just like to underscore some of the 
things that were said earlier about the contributions of 
Senator Moynihan and his Commission on Secrecy, but also about 
the book he wrote afterward which was called ``Secrets,'' which 
is a remarkable study of the history and the impact of 
decisions that have been made by people throughout history, 
both positively and negatively on the country and our well-
being.
    Mr. Shays. Thank you very much. I also want to thank Mr. 
Leonard, Ms. Haave, as government officials to be able to have 
you sit on the same panel with nongovernment officials, it 
helps us do our job better. I appreciate you not making that an 
issue. This was really a very interesting panel. I learned a 
lot. We got our work cut out for us but I think it's important 
work. I thank you all for the work you all do. Thank you.
    With that, this hearing is now adjourned.
    [Whereupon, at 12:17 p.m., the subcommittee was adjourned.]