[House Hearing, 110 Congress]
[From the U.S. Government Publishing Office]



 
                           CLASSIFICATION OF
                     NATIONAL SECURITY INFORMATION

=======================================================================

                                HEARING

                               before the

                            SUBCOMMITTEE ON
                   INTELLIGENCE COMMUNITY MANAGEMENT

                                 of the

                       PERMANENT SELECT COMMITTEE
                            ON INTELLIGENCE

                       ONE HUNDRED TENTH CONGRESS

                             FIRST SESSION

                               __________

             Hearing held in Washington, DC, July 12, 2007


                  Printed for the use of the Committee




                     U.S. GOVERNMENT PRINTING OFFICE

38-190 PDF                 WASHINGTON DC:  2007
---------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing
Office  Internet: bookstore.gpo.gov Phone: toll free (866)512-1800
DC area (202)512-1800  Fax: (202) 512-2250 Mail Stop SSOP, 
Washington, DC 20402-0001


               PERMANENT SELECT COMMITTEE ON INTELLIGENCE

                    SILVESTRE REYES, Texas, Chairman
ALCEE L. HASTINGS, Florida           PETER HOEKSTRA, Michigan
LEONARD L. BOSWELL, Iowa             TERRY EVERETT, Alabama
ROBERT E. (BUD) CRAMER, Alabama      ELTON GALLEGLY, California
ANNA G. ESHOO, California            HEATHER WILSON, New Mexico
RUSH D. HOLT, New Jersey             MAC THORNBERRY, Texas
C.A. DUTCH RUPPERSBERGER, Maryland   JOHN M. McHUGH, New York
JOHN F. TIERNEY, Massachusetts       TODD TIAHRT, Kansas
MIKE THOMPSON, California            MIKE ROGERS, Michigan
JANICE D. SCHAKOWSKY, Illinois       DARRELL E. ISSA, California
JAMES R. LANGEVIN, Rhode Island
PATRICK J. MURPHY, Pennsylvania

          Nancy Pelosi, California, Speaker, Ex Officio Member
       John A. Boehner, Ohio, Minority Leader, Ex Officio Member
                    Michael Delaney, Staff Director


            CLASSIFICATION OF NATIONAL SECURITY INFORMATION

                              ----------                              


                        THURSDAY, JULY 12, 2007

                  House of Representatives,
        Permanent Select Committee on Intelligence,
         Subcommittee on Intelligence Community Management,
                                                    Washington, DC.
    The subcommittee met, pursuant to call, at 1:03 p.m., in 
room 2216, Rayburn House Office Building, the Hon. Anna G. 
Eshoo (chairwoman of the subcommittee) presiding.
    Present: Representatives Eshoo, Holt, and Issa.
    Chairwoman Eshoo. Good afternoon, everyone. My name is Anna 
Eshoo, and I have the privilege of chairing this small but we 
think important subcommittee on the management of the 
intelligence community. So I want to welcome everyone here 
today; and our distinguished witnesses that are here, they 
bring so much to the table; and we are very grateful to them 
for being willing to come and be instructive to us.
    I would like to begin by noting how rare it is for the 
Intelligence Committee and its subcommittees to hold an open 
hearing. So this is special. I hope that we do more of this. I 
think it is so important for the American people to have a 
sense of a committee that is so important in the life of our 
country and the protection of the citizens.
    So while most of our work absolutely has to be done in 
closed session to protect national security, I know we are 
going to strive to have more open hearings again so that the 
American people can see us working.
    The subject of today's hearing I think is a rather timely 
one, but it is something that the members on both sides of the 
aisle of the subcommittee have an interest in, and that is the 
classification of national security information.
    Actually, when I first came onto the Intelligence 
Committee, the then chairman, our former House colleague, 
Porter Goss, had a real interest in this subject matter; and he 
spoke on it and raised the issue many, many times.
    One of the lessons of the attacks of September 11th was 
that our government did not effectively share information about 
the terrorists who were plotting the attacks against us. We all 
know that now. Information sharing was and in some ways remains 
a major weakness of our Nation's national security apparatus. 
Overclassification, improper classification and the ability to 
share information across agencies, the excessive compartmenting 
of information, these practices all contribute to a culture 
that says, ``I can't share with you. It is my information, not 
yours.'' That hurts our country.
    Our Intelligence Community was established during the Cold 
War when compartmenting of information was deemed necessary to 
stop the Soviet espionage activity. We no longer face the 
Soviet bear. We have a newer, more limber challenge. We face a 
networked adversary that uses information to its strategic 
advantage and exposes the seams in our system to attack us. So 
we need to close those seams by reducing the barriers to 
information sharing; and although we must always protect our 
sources and methods, we have to balance this with the need to 
share.
    The 9/11 Commission, I think that people in this room are 
especially aware or keen on the point of their recommendation 
that the government must develop incentives for sharing to 
restore better balance between security and shared knowledge. 
Even today, information may be so highly compartmented that 
Members and senior policymakers may not have access to it.
    For example, the most recent Iraq National Intelligence 
Estimate, the Iraq NIE, was compartmentalized so that 
policymakers without those clearances were unable to read it, 
including many congressional staff. I have to tell you that 
comes as somewhat of a surprise and certainly worries me.
    Today's hearing is going to focus on several issues: First, 
the consequences of and the proposals to reduce 
overclassification, and I think that we have given you some 
examples of overclassification; examine changes to the 
executive order governing classification over the past decade 
and the government's compliance with it. There is the executive 
order. Then there is also compliance to make sure that it 
works. And, three, the potential changes to the executive 
order.
    The system for safeguarding classified national security 
information is governed by Executive Order 12958. That number 
didn't have too much meaning to me until there was a debate 
that erupted just a handful of weeks ago, and now the number 
really represents something to me.
    Over the years, the executive order has been modified, 
shifting the balance between secrecy and openness. Our 
professional, superb witnesses today have been acute observers 
of these changes over the years; and they are, I think, going 
to be able to enlighten our committee on how the order has 
evolved.
    I think that this is an important hearing, one, because it 
is public, certainly because of the content, and also because 
as part of the Director of National Intelligence 100 Day Plan, 
the White House and the OBM are reviewing the DNI's authorities 
with regard to the declassification process. So this is very 
timely.
    I wish that the DNI--I am disappointed, I should say, that 
the DNI declined to provide a witness today. I think that it 
would have enhanced the hearing, and perhaps in the not-too-
distant future he will agree to and we can work with them as 
well. Because many of the issues that we are going to discuss 
today have important, obviously, implications for the 
Intelligence Community. Otherwise, we wouldn't be here. I hope 
that Mr. Issa will join me in inviting the DNI to respond for 
the record.
    So, with that, I look forward to the testimony, thank each 
one of the witnesses and the people that are here in the 
audience today and would like to recognize Mr. Issa for the 
remarks that he would like to make. I would just like to say 
that we are California colleagues; and I think that he is a 
that we have other opportunity.
    We have had many briefings by the DNI in classified 
settings; and I would note that I can remember one time in 
which the schedule that showed the DNI, the only witness, the 
timetable from eight until something, followed by a coffee 
break, followed by the actual renewal, was classified Top 
Secret. Now I happen to know that in full battle array with an 
entourage coming through the Crypt is how he entered. So I have 
no doubt that the level of secrecy was inappropriate on the 
agenda.
    Therefore, I want to join with you not only in listening to 
the work that we are going to--the presentations we are going 
to see today but in continuing to get to where information is 
most widely available to do the most good while protecting 
national secrets and, of course, people who risk their lives 
for our country.
    I very much enjoy working with you, and I can't think of a 
more appropriate hearing to have in the light of day. We may 
even open the drapes here, because, in fact, declassification 
should not be a classified hearing.
    I yield back.
    Chairwoman Eshoo. Thank you very much, Mr. Issa.
    The witnesses' full written statements are going to be 
entered into the record. Without objection, so ordered.
    I would like to recognize our witnesses now for their 
opening statements, and I am going to ask you to limit your 
opening statement to 5 minutes. I have a clock here. In some of 
the hearing rooms, we have green, yellow and red, but you are 
not going to be able to see that. So when you have like a 
minute left, I will just interrupt briefly and say you have a 
minute left to summarize.
    But the full statement, obviously, is in the record; and 
then, after you speak, we will begin our questioning.
    So why don't we start with Ms. Fuchs. Thank you very much 
for being here.
    I would also like to welcome her daughters that are here 
and sitting in the front row. Zoe and McKenzie are here with 
their dad today to hear their mother testify. I hope this 
experience is going to remain with them for the rest of their 
lives. I never saw my mother testify in front of Congress.
    At any rate, Ms. Fuchs, thank you for being here and we 
look forward to your testimony. So why don't you begin.

STATEMENT OF MEREDITH FUCHS, GENERAL COUNSEL, NATIONAL SECURITY 
                            ARCHIVE

    Ms. Fuchs. Thank you.
    Chairwoman Eshoo, Ranking Member Issa and members of the 
subcommittee, I am pleased to appear before you today. I am 
general counsel to the National Security Archive, a 
nongovernmental, nonprofit research institute. I have submitted 
written testimony, so I will limit my spoken comments today.
    Two weeks ago, the Central Intelligence Agency declassified 
a 702-page file amassed in 1973 about the CIA's illegal 
activities, the so-called ``family jewels''. It was released 
pursuant to a FOIA request that my organization made 15 years 
ago. There was plenty of news coverage about the release, and I 
will not recount what was in the release, but I just wanted to 
touch on why the CIA should have to expose the skeletons in its 
closet.
    For one thing, the law requires it to be released. The 
Freedom of Information Act was passed in 1966, and President 
Lyndon Johnson when he signed it into law declared: A democracy 
works best when the people have all the information that the 
security of the Nation will permit.
    A central tenet of the FOIA is that in a democracy the 
people have the right to know what the government is doing, and 
Congress passed FOIA because the government bureaucracy was 
reluctant to have anyone scrutinize its work and was resistant 
to public requests for information.
    In this case, the CIA delayed the decision to release the 
record for 15 years. They should have released it within 20 
business days. Why did they delay it? I mean, although I give 
them credit for releasing the file, they clearly were trying to 
do what all governments try to do and that is to control the 
information.
    It is possible the CIA made the release at this time to 
give the appearance of openness and accountability to an 
American public that, frankly, is suspicious of their 
activities today, is concerned about renditioning suspects to 
secret prisons and about illegal intelligence surveillance of 
U.S. citizens.
    In fact, no real negative consequence is going to reach the 
Agency as a result of this release of 30-year-old scandals. But 
the release does help the American public in another way. It 
helps us understand that there is a genuine risk in having an 
unrestrained intelligence agency. It shows that abuses have 
occurred in the past and they can occur if we don't have 
accountability.
    Well, the secrecy situation today offers strong indicators 
that oversight is necessary now. Since 2001, there has been an 
explosion of secrecy. I have attached to my written testimony 
some charts illustrating the problem based on data compiled by 
the Information Security Oversight Office. Classification has 
multiplied, reaching an all-time high of 15.6 million 
classification decisions in 2004, nearly double the number that 
was in 2001. Last year, in 2005, the most recent year reported, 
it was at a level of 14.2 million classification actions. I 
understand today we will learn new numbers for 2006.
    The cost of the program also has skyrocketed from an 
estimated $4.7 billion in 2002 to $7.7 billion in 2005.
    Given that we are at war, it is not surprising that there 
are more secrets and more is being spent to protect them. That 
is all reasonable. But officials throughout the government, 
including former Secretary of Defense Donald Rumsfeld, have 
admitted that there is tremendous overclassification. Those 
unnecessary secrets come at a cost to society. In addition to 
the suspicion and skepticism it generates in the general 
public, there is an increased likelihood of leaks when 
everything is secret. As such, overclassification devalues the 
entire security classification system.
    Further, as the chairwoman mentioned, we learned from all 
the inquiries into the September 11th attacks that an excess of 
secrecy and compartmentalization of information led to poor 
intelligence analysis and left us vulnerable to attack.
    It is not just a matter of interagency information sharing. 
Excessive secrecy also locks the doors on the public and 
prevents the public from knowing information that could be used 
to protect their families, their communities and the security 
of the Nation.
    My research suggestion that unnecessary secrecy thrives 
when there is no incentives to limit secrecy. It allows 
politicians and bureaucrats to avoid embarrassment and 
accountability and to enforce unpopular or unthinkable 
measures. Information, quite simply, is power.
    My organization has long advocated efforts to increase the 
incentives on the other side of the secrecy equation in order 
to encourage openness and discourage unnecessary secrecy. I am 
going to quickly mention some of our suggestions, which are 
detailed in my written testimony.
    Today, all power for creating and holding secrets rests 
with a small group of executive branch agencies. One solution 
to the problems that arise as a result of that is to disperse 
the power, particularly with respect to historic materials 
where the passage of time and of events has made the 
information less sensitive.
    I describe some proposals in my written testimony for 
changing the dynamic, including a declassification center, the 
national declassification initiative that has started at the 
National Archives, and statutory independent review boards at 
every agency with classification authority.
    Briefly, I would like to touch on the executive order on 
classification. There are some changes in the executive order 
that could lead to less unnecessary classification. In 
particular, the order should emphasize limited classification, 
limited duration to classification and a presumption against 
classification. It should strictly limit reclassification and 
should employ a cost-benefit analysis to any such effort.
    It should also remove the veto authority provided to the 
DCI and now the DNI over decisions of the Interagency Security 
Classification Appeals Panel. Emphasis should be put on 
periodic independent audits of classification decisions, 
procedures for challenging classification decisions, and 
adequate current classification guides that include an 
explanation of a specific harm or threat that justifies the 
classification.
    Just one more comment.
    It does not help the system when the classification system 
and its oversight entity are disregarded or ignored, as was the 
case in the recent reclassification of records last year at the 
National Archives and also in the case of the Vice President's 
office refusing to report its classification activity. Scandals 
like those merit an immediate response from Congress as a check 
against misconduct and overreaching.
    I am hopeful my testimony has been helpful, and I would be 
happy to respond to any questions. Thank you.
    Chairwoman Eshoo. Thank you very much. We appreciate your 
testimony, and we are going to have questions for you.
    [The statement of Ms. Fuchs follows:]

Statement of Meredith Fuchs, General Counsel, National Security Archive

    Chairwoman Eshoo, Ranking Member Issa and Members of the 
Subcommittee on Intelligence Community Management, I am pleased to 
appear before you to discuss the issue of classification and 
declassification of national security information.
    I am General Counsel to the National Security Archive (the 
``Archive''), a non-governmental, non-profit research institute. The 
Archive is one of the most active and successful non-profit users of 
the Freedom of Information Act (FOIA) and the Mandatory 
Declassification Review (MDR) system. We have published more than half 
a million pages of released government records, and our staff and 
fellows have published more than 40 books on matters of foreign, 
military, and intelligence policy. In 1999, we won the prestigious 
George Polk journalism award for ``piercing self-serving veils of 
government secrecy'' and, in 2005, an Emmy award for outstanding news 
research.
                        skeletons in the closets
    Two weeks ago the Central Intelligence Agency (CIA) declassified a 
702-page file amassed in 1973 at the order of then-CIA director James 
Schlesinger about the CIA's illegal activities--the so-called ``family 
jewels.'' It was released pursuant to a FOIA request filed 15 years ago 
by my organization. There was plenty of news coverage about the 
release. I won't take time today to recount the details of illegal 
wiretapping, domestic surveillance, assassination plots, and human 
experimentation acknowledged in the file. The CIA deserves credit for 
actually reviewing and releasing portions of these records as the FOIA 
obliges it to do; the Agency is not always so diligent in fulfilling 
its FOIA obligations. Instead I want to focus on a broader issue about 
why it is important for records about our government's misdeeds and 
mistakes to be made available to the public.
    For one thing, the law requires the release. When Congress passed 
the FOIA in 1966 and President Lyndon Johnson reluctantly signed it 
into law, the President declared that: ``A democracy works best when 
the people have all the information that the security of the nation 
will permit.'' Under the FOIA, agencies are supposed to respond to a 
request for documents within 20 business days. Yet it took some bad 
publicity about FOIA delays up to 20 years, some pressure from Congress 
in the form of the OPEN Government Act of 2007--which awaits a Senate 
vote--and a presidential executive order (E.O. 13392) directing 
agencies to handle backlogs for this request to finally reach the front 
of the queue. A central tenet of the FOIA is that in a democracy, the 
people have a right to know what their government is doing. Congress 
passed FOIA because the government bureaucracy, reluctant to have 
anyone scrutinizing its work, was resistant to public requests for 
information. The law is tool for individuals to demand records of 
agency activities so that those agencies will be more accountable and 
make better decisions in the future.
    The second reason it is important for agencies to release records 
like the ``family jewels'' is that in a mature democracy such as ours, 
opening up to scrutiny vital parts of our country's recent history 
builds trust in government institutions and reaffirms their legitimacy. 
For an agency like the CIA, subject to attack concerning activities 
such as transporting detainees to secret prisons around the world, the 
release of the ``family jewels'' seems to be an attempt to draw a clear 
line between the past and the present. The acknowledgment of wrongdoing 
is like an act of atonement and suggests the intent to reform bad 
practices. The message to the public is that the Agency is not 
unaccountable.
    A third reason the release is important is it allows people to 
understand what has happened in the past and reminds people that abuses 
can occur if there is no oversight. A functioning democracy needs an 
informed citizenry armed with the tools and knowledge to play their 
role in the political system. Finally, the ``family jewels'' helps us 
better understand the thinking of many current government officials who 
first served in government policy positions in the 1970s, including 
those who were not happy about the congressional reforms enacted in the 
1970s and the weakening of executive branch power.
                        the explosion of secrecy
    I would like to return to President Johnson's statement when he 
signed the FOIA. He did not promise complete openness, but only such 
openness as the security of the nation permits. We all know secrecy is 
necessary to avoid providing our enemies with means to harm us, to 
enable us to forcefully negotiate with foreign governments, and to 
ensure that the sources and methods of intelligence gathering are 
protected. The protection of these sorts of secrets is primarily 
governed by Executive Order 12958, as amended, and a series of 
provisions in statutes governing the intelligence community.
    The available statistics show that there has been a dramatic 
upsurge in this sort of government secrecy since the September 11 
attacks on the United States. Classification has multiplied, reaching 
an all-time high of 15.6 million classification actions in 2004, nearly 
double the number in 2001, and was at a level of 14.2 million 
classification actions in 2005.\1\ Moreover, the cost of the program 
has skyrocketed from an estimated $4.7 billion in 2002 to $7.7 billion 
in 2005.\2\ At the same time, declassification activity shrank from a 
high of 204.1 million pages declassified in 1997, down to 29.5 million 
pages declassified in 2005.
---------------------------------------------------------------------------
    \1\ ISOO, 2004 Report to the President at 3 (2005), http://
www.archives.gov/isoo/reports/2004-annual-report.pdf; ISOO, 2005 Report 
to the President at 2 (2006), http://www.archives.gov/isoo/reports/
2005-annual-report.pdf.
    \2\ ISOO, 2005 Report on Cost Estimates for Security Classification 
Activities for 2005 at 3 (2006), http://www.archives.gov/isoo/reports/
2005-cost-report.pdf; ISOO, 2001 Report to the President at 9 (2002), 
http://www.archives.gov/isoo/reports/2001-annual-report.pdf.
---------------------------------------------------------------------------
    Officials from throughout the military and intelligence sectors 
have admitted that much of this classification is unnecessary. 
Secretary of Defense Donald Rumsfeld acknowledged the problem in a 2005 
Wall Street Journal op-ed: ``I have long believed that too much 
material is classified across the federal government as a general rule 
. . . .'' \3\ The extent of over-classification is significant. Under 
repeated questioning from members of Congress at a hearing concerning 
over-classification, Deputy Secretary of Defense for 
Counterintelligence and Security Carol A. Haave, eventually conceded 
that approximately 50 percent of classification decisions are over-
classifications.\4\ These opinions echoed that of Porter Goss, then 
Chair of the House Permanent Select Committee on Intelligence, and 
later Director of Central Intelligence, who told the 9/11 Commission, 
``we overclassify very badly. There's a lot of gratuitous 
classification going on, and there are a variety of reasons for them.'' 
\5\
---------------------------------------------------------------------------
    \3\ Donald Rumsfeld, War of the Worlds, Wall St. J., July 18, 2005, 
at A12.
    \4\ Subcommittee on National Security, Emerging Threats and 
International Relations of the House Committee on Gov't Reform 
Hearing,108th Cong. (2004) (testimony of Carol A. Haave), http://
www.fas.org/sgp/congress/2004/082404transcript.pdf; See id., (Testimony 
of J. William Leonard, Director of ISOO) (``It is my view that the 
government classifies too much information.'').
    \5\ 9/11 Commission Hearing, (Testimony of then Chair of the House 
Permanent Select Committee on Intelligence Porter Goss) (2003), http://
www.9-11commission.gov/archive/hearing2/9-11Commission_Hearing_2003-05-
22.htm#panel--two.
---------------------------------------------------------------------------
    There are many reasons for the increased numbers of secrets and the 
increase in costs associated with the national security classification 
program. We are at war and are highly conscious of the need to prevent 
terrorist attacks. Yet, what about the unnecessary secrets that clog up 
the security classification system without offering any additional 
security? Those unnecessary secrets come at a greater price than the 
money it costs to protect them.
    The Director of the Information Security Oversight Office (ISOO), 
the governmental agency responsible to the President for policy 
oversight of the government-wide security classification system and the 
National Industrial Security Program, who is testifying today, has 
called secrecy a ``double edged sword.'' \6\ While classification 
serves the purpose of keeping information out of the hands of the 
enemy, it also sometimes keeps it out of the hands of friends or allies 
who could use it to protect us. Too much secrecy conceals our 
vulnerabilities until it is too late to correct them. Indeed, all of 
the inquiries concerning the September 11 attacks on the United States 
found that better information dissemination would have made us safer. 
It is not only government agencies who must share information with each 
other, but agencies must learn to share information with the public. As 
Eleanor Hill, Staff Director of the Joint House-Senate Intelligence 
Committee Investigation into September 11 Attacks, explained in a Staff 
Statement summarizing the testimony and evidence:
---------------------------------------------------------------------------
    \6\ Emerging Threats: Overclassification and Pseudo-classification: 
Hearing Before the Subcomm. on Nat'l Sec., Emerging Threats, and Int'l 
Relations of the H. Comm. on Gov't Reform, 109th Cong. (2005) 
(statement of J. William Leonard, Director, ISOO, Nat'l Archives and 
Records Admin.), http://reform.house.gov/UploadedFiles/ISOO Leonard 
testimony final 3-2-05 hearing.pdf.

        [T]he record suggests that, prior to September 11th, the U.S. 
        intelligence and law enforcement communities were fighting a 
        war against terrorism largely without the benefit of what some 
        would call their most potent weapon in that effort: an alert 
        and committed American public. One needs look no further for 
        proof of the latter point than the heroics of the passengers on 
        Flight 93 or the quick action of the flight attendant who 
        identified shoe bomber Richard Reid.\7\
---------------------------------------------------------------------------
    \7\ Intelligence Community's Response to Past Terrorist Attacks 
Against the United States from February 1993 to September 2001: Hearing 
Before the J. H./S. Intelligence Comm., 107th Cong. (2002) (Joint 
Inquiry Staff Statement, Eleanor Hill, Staff Dir.), http://
intelligence.senate.gov/0210hrg/021008/hill.pdf.

    There are other costs to keeping the public in the dark. 
Dissemination of information has always been critical for advancing 
technological and scientific progress. When considering the option of 
making the genome databases secret, even though the data could be used 
to engineer pathogens for use as biological weapons, the National 
---------------------------------------------------------------------------
Academy of Sciences concluded:

        [A]ny policy stringent enough to reduce the chance that a 
        malefactor would access data would probably also impede 
        legitimate scientists in using the data and would therefore 
        slow discovery . . . . It is possible that the harm done during 
        a process of negotiating such an agreement--through building 
        walls of mistrust between peoples--would be greater than the 
        benefit gained through the sense of security that such a regime 
        might provide. Finally, such a restrictive regime, the 
        committee believes, could seriously damage the vitality of the 
        life sciences . . . There is some concern that restricting 
        access to this information might lead to a situation in which 
        the mainstream scientific community is unaware of dangers that 
        may threaten us.'' \8\
---------------------------------------------------------------------------
    \8\ See, e.g., Nat'l Acad. of Sciences, Seeking Security: 
Pathogens, Open Access, and Genome Databases 54-57 (2004), http://
www.nap.edu/books/0309093058/html/52.html.

    Moreover, overclassification and unneeded secrecy also undermine 
the effort to keep truly sensitive information secret, ``[f]or when 
everything is classified, then nothing is classified, and the system 
becomes one to be disregarded by the cynical or careless, and to be 
manipulated by those intent on self-protection or self-promotion.'' \9\
---------------------------------------------------------------------------
    \9\ New York Times Co., 403 U.S. at 729 (Stewart, J., concurring).
---------------------------------------------------------------------------
    If secrecy comes with so many costs, why is there so much 
unnecessary secrecy? Secrecy can be used as a tool by the government in 
many ways. When claims of national security secrecy are plausible, 
secrecy often allows the government to enforce policies that otherwise 
would be unthinkable. Often, the claim of secrecy ends any public 
inquiry into allegations of misconduct, as well as any governmental 
liability. We see this today in the context of the warrantless 
wiretapping program initiated after September 11, 2001. To date there 
has been minimal success challenging the program despite confirmation 
of the program and signs of official concern about the illegality of 
the program.
    Perhaps an even stronger motivation is that by controlling 
information through classification and selective declassification, the 
government also has the ability to control public opinion and avoid 
embarrassment. As former Solicitor General of the United States Erwin 
Griswold, who led the government's fight for secrecy in the Pentagon 
Papers case, acknowledged:

          It quickly becomes apparent to any person who has 
        considerable experience with classified material that there is 
        massive overclassification and that the principal concern of 
        the classifiers is not with national security, but with 
        governmental embarrassment of one sort or another. There may be 
        some basis for short-term classification while plans are being 
        made, or negotiations are going on, but apart from details of 
        weapons systems, there is very rarely any real risk to current 
        national security from the publication of facts relating to 
        transactions in the past, even the fairly recent past.\10\
---------------------------------------------------------------------------
    \10\ Erwin N. Griswold, Secrets Not Worth Keeping: The courts and 
classified information, Wash. Post, Feb. 15, 1989, at A25.
---------------------------------------------------------------------------
                     controlling excessive secrecy
    Today, all power for creating and holding secrets rests with a 
small group of executive branch agencies. While there is no doubt that 
the individual agency-centered approach allows for agencies to exercise 
independent judgment, the unilateral nature of the decision-making 
allows excessive secrecy to permeate individual agencies unchecked. 
When that happens, all of the worst features of turf consciousness and 
bureaucratic inertia come into play.
    One solution is to disperse the power, particularly with respect to 
historic materials where the passage of time and events has made it 
less necessary for one agency to jealously control all information. The 
Moynihan Commission, for example, recommended setting up a formal 
Declassification Center based at the National Archives and Records 
Administration (NARA) and staffed by an interagency group with 
delegated powers from their agencies.\11\ The National Declassification 
Initiative (NDI) that emerged last year, only after my organization, 
working with historian Matthew Aid, exposed the unilateral 
reclassification by agencies of historical materials that had been 
publicly available for years, goes part of the way to making this idea 
a reality. The NDI is sponsored by NARA. By harnessing the combined 
resources and expertise of many different agencies, the NDI could speed 
access to insightful historical documents for researchers and the 
general public. However, the NDI's underlying innovation--the 
establishment of a comprehensive, interdepartmental declassification 
review capability for the federal government--could prove to be a 
serious flaw. The concentration of declassification activities in one 
location presents the risk that official declassification will fall 
prey to an unhealthy consensus, built upon the worst disclosure fears 
of individual agencies rather than principles of increased transparency 
and public access. As NARA itself has noted, ``the biggest impediments 
to the NDI are culture, attitude, and resistance to change'' on the 
part of participating Executive Branch agencies.\12\
---------------------------------------------------------------------------
    \11\ Report of the Commission on Protecting and Reducing Government 
Secrecy, S. Doc. No. 105-2 (1997), at Ch. 3.
    \12\ See http:/www.archives.gov/declassification/challenges.pdf.
---------------------------------------------------------------------------
    One method of countering this tendency towards group think would be 
to establish a non-partisan, non-governmental board of private citizens 
to represent the interests of professional researchers, historians, and 
the general public in the declassification process of the NDI. Such a 
board could serve as a conduit for public input and oversight. There 
are models for such a board, including those authorized by Congress in 
the President John F. Kennedy Assassination Records Collection Act of 
1992 and the Nazi War Crimes Disclosure Act. Another model would be the 
establishment of a statutory independent review board at every agency 
with classification authority. The State Department's Advisory 
Committee on Historical Diplomatic Documentation offers an example of 
how such a board can be successful in pushing out of the system the 
secrets that do not need keeping.
    The NDI and statutory independent review boards are well suited to 
breaking down the excessive control that agencies have exerted over 
historical records. Yet, historical records will still clog up the 
system because they are subject to the same type of review as current 
records. To illustrate the problem, consider the myth of automatic 
declassification. As of January 1 of this year, over 1 billion pages of 
records had been declassified under the provisions of Executive Order 
12958, as amended. Yet, none of us can stroll into the National 
Archives and get to see those records. All the newly declassified 
records still must be processed by NARA before they will be made 
available to the public at NARA research facilities. Each of those 
records essentially has to go through standard FOIA review before it 
can be released for the public. That is the same review that in some 
cases has held records for up to 20 years after a FOIA request is made. 
A historical records review act that would alter the standard for 
review and withholding of records older than 25 years could end the 
bottleneck. Like the Nazi War Crimes Disclosure Act and the John F. 
Kennedy Assassination Records Review Act, which altered the standards 
for review and withholding of records older than 25 years.

    Chairwoman Eshoo. Next, I would like to welcome Steven 
Aftergood, Director of the Project on Government Secrecy at the 
Federation of American Scientists.
    Welcome. You have 5 minutes for your testimony.

STATEMENT OF STEVEN AFTERGOOD, DIRECTOR, PROJECT ON GOVERNMENT 
           SECRECY, FEDERATION OF AMERICAN SCIENTISTS

    Mr. Aftergood. Thank you, Madam Chairwoman, Ranking Member 
Issa. Thank you for holding this hearing.
    Some people might think that classification is basically a 
matter of housekeeping of no great significance, but actually, 
as you know, it is tremendously significant. It defines the 
boundaries of what the public is permitted to know, what 
government officials are permitted to say in public, and it 
determines how well our deliberative system is able to 
function.
    Judging from your opening remarks, the two of you, it is 
clear that there is a consensus that the system is not working 
as it was intended. It is not working as well as it should. 
What is less clear is what to do about that.
    In my written testimony, I have presented a short menu of 
specific steps that could be taken; and for now I would like to 
mention just two of them. My hope is that one or more of them 
might appeal to you and that you and the subcommittee might 
pursue them further.
    The first is the notion of a declassification database. 
Right now when a document is declassified, it is a lot like a 
tree that falls in the forest with no one around. No one has 
any idea that the document has been declassified, much less 
that it might be available to them.
    So, therefore, it seems sensible to establish an agency-by-
agency database which gives some indication that a document or 
a set of documents has been processed for declassification and 
is available. In fact, such a database was mandated by 
Executive Order 12958 in 1995. Unfortunately, that provision 
was modified in 2003, and the requirement to create a 
government-wide database was eliminated. So was the requirement 
to make such a database publicly available. So we have, 
unfortunately, stepped back from what would have been a very 
useful step to take full advantage of the declassification that 
we are already doing.
    It is interesting to me to note that, of all agencies, it 
seems to be the CIA that has made the most progress in 
developing a declassification database. It has created 
something called CREST, which is the CIA Records Search Tool, 
which is actually a database of many millions of documents that 
have been declassified. Not only that, it is publicly available 
but only in one particular room at the National Archives in 
College Park.
    The CIA has inexplicably, in my mind, refused to make the 
database available online or even to release its contents to 
others who would themselves put it online. So I think that 
might be something worth the subcommittee's attention. If that 
could be turned into a public resource, that would immediately 
multiply the utility of current declassification programs.
    A quick second proposal or notion, and that is the concept 
of the tear-line format in creating classified documents. A 
tear line refers to the idea that when you create a classified 
record, you physically segregate the content of the document by 
classification level so that, in principle, you could tear off 
the unclassified portion and give it to somebody.
    This is not a new idea. It has been around for a while. In 
fact, Congress endorsed the tear-line format proposal in the 
2004 Intelligence Reform Bill; and it instructed the 
administration to prepare guidelines for implementing tear 
lines so that we could improve information sharing.
    Now those guidelines were never issued, and that might be 
something the subcommittee wants to look into. Why was a 
direction that you gave two and a half years ago never acted 
upon? I mean, I can't help but think when you mentioned that 
the DNI refused to send a representative, whether the ODNI is 
somehow showing inadequate respect for Congress and whether 
that is not something else to look into.
    I will leave it there for now. Thank you very much for 
holding the hearing.
    Chairwoman Eshoo. Thank you for your excellent testimony.
    [The statement of Mr. Aftergood follows:]

    Statement of Steven Aftergood, Federation of American Scientists

    Thank you for the opportunity to address the Subcommittee.
    My name is Steven Aftergood and I direct the Project on Government 
Secrecy at the Federation of American Scientists, which seeks to 
enhance public access to government information and to limit national 
security classification to its necessary minimum.
                              introduction
    It has been ten years since the congressionally-mandated Commission 
on Protecting and Reducing Government Secrecy issued its critique of 
national security classification policy and called for ``a new way of 
thinking about government secrecy.''
    The Commission, chaired by Sen. Daniel P. Moynihan and co-chaired 
by former HPSCI chairman Rep. Larry Combest, concluded that:

          The classification system . . . is used too often to deny the 
        public an understanding of the policymaking process, rather 
        than for the necessary protection of intelligence activities 
        and other highly sensitive matters. The classification [system 
        is] no longer trusted by many inside and outside the 
        Government.\1\
---------------------------------------------------------------------------
    \1\ Report of the Commission on Protecting and Reducing Government 
Secrecy, 1997, page xxi, available at http://www.fas.org/sgp/library/
moynihan/index.html.

    The Commission produced a fine report, but its work led to no 
discernable improvement in policy. In 2003, another HPSCI chairman, 
Rep. Porter J. Goss, testified before the 9/11 Commission that ``we 
overclassify very badly. There's a lot of gratuitous classification 
going on . . .'' \2\
---------------------------------------------------------------------------
    \2\ Hearing before the National Commission on Terrorist Attacks, 
May 22, 2003, available at http://www.fas.org/irp/congress/2003_hr/
911Com20030522.html.
---------------------------------------------------------------------------
    The adverse consequences of overclassification are clear enough. 
Unnecessary or inappropriate classification degrades the performance of 
government agencies, impedes oversight, and fosters public suspicion 
and contempt. Yet the classification system has proved to be stubbornly 
resistant to reform or correction.
    In this statement, I would like to propose several specific steps 
that could be taken to improve classification and declassification 
policy. While these steps would not fully resolve all concerns about 
the proper exercise of classification authority, each of them has the 
virtue of being achievable in the near term. And individually or 
collectively, they would make a real difference.
1. Establish a declassification database
    If a database of declassified documents could be established and 
made publicly accessible, then the positive impact of declassification 
would be multiplied many times over.
    Such a database was explicitly required in 1995 by Executive Order 
12958, section 3.8, which stated:

          The Archivist in conjunction with the Director of the 
        Information Security Oversight Office and those agencies that 
        originate classified information, shall establish a Government-
        wide database of information that has been declassified . . . . 
        Except as otherwise authorized and warranted by law, all 
        declassified information contained within the database . . . 
        shall be available to the public.

    Unfortunately, this objective was abandoned in the 2003 amendments 
to Executive Order 12958. The amended order eliminated the requirement 
to establish a Government-wide database and also deleted the 
requirement that declassified information in any existing databases be 
made available to the public.\3\
---------------------------------------------------------------------------
    \3\ See Executive Order 12958, as amended (EO 13292), at section 
3.7. The amended order only says vaguely that agencies ``shall 
coordinate the linkage and effective utilization of existing agency 
databases.'' All of the additions and deletions that were made in the 
2003 amendments to the executive order can be seen in this markup: 
http://www.fas.org/sgp/bush/eo13292inout.html.
---------------------------------------------------------------------------
    Without some form of public database to serve as a universal 
finding aid, it seems unlikely that most declassified documents will 
ever be located by the particular readers who would be most interested 
in them.
    Interestingly, it is the Central Intelligence Agency that has made 
the most progress in this direction. Its CREST database (CREST stands 
for CIA Records Search Tool) provides a searchable index of millions of 
declassified Agency records. And it is publicly available--but only in 
Room 3000 of National Archives II in College Park, MD.
    Inexplicably, CIA has refused to make CREST publicly available 
online or even to release the database to others who would do so at 
their own expense. Outside of Room 3000 at the Archives at College 
Park, the CREST database might as well not exist.
    I suggest that this Committee ask intelligence community agencies 
to establish public databases of their declassified documents. I 
further suggest that the Committee instruct the CIA to permit online 
access to its existing CREST database.
2. Adopt a ``tear line'' format in at least one agency
    One way to combat the effects of overclassification is to require 
that official records be written in such a way that their contents are 
physically segregable by classification level and that unclassified 
information in the document can be readily separated from any 
classified information. This is commonly known as a ``tear line'' 
format, referring to the possibility of ``tearing off'' a portion of 
the document, literally or figuratively, so that it can be widely 
disseminated.
    Congress has already endorsed the tear line approach. In the 
Intelligence Reform and Terrorism Prevention Act of 2004, Congress 
mandated that:

        the President shall . . . issue guidelines . . . to ensure that 
        information is provided in its most shareable form, such as by 
        using tearlines to separate out data from the sources and 
        methods by which the data are obtained; \4\
---------------------------------------------------------------------------
    \4\ Intelligence Reform and Terrorism Prevention Act of 2004, 
section 1016(d)(1).

    Several years later, however, no such guidelines have been issued.
    Under the circumstances, it might be productive to undertake a more 
focused and limited approach. A ``pilot project'' applied to one 
government agency or organization could demonstrate the utility and 
feasibility of tear lines without engendering widespread bureaucratic 
opposition.
    For example, this Committee could ask the National Intelligence 
Council to adopt the tear line format in all of the National 
Intelligence Estimates that it prepares in the next twelve months. 
Since NIEs are intended for distribution outside of the intelligence 
community, these seem like a logical category of intelligence records 
with which to begin applying the tear line approach.
    Even if an entire document must remain classified for a time and 
cannot be publicly disclosed, a tear line approach that isolates 
compartmented information from collateral classified information would 
still facilitate distribution throughout government, including 
Congress. It would also expedite the ultimate declassification of the 
document.
3. Add classification oversight to the functions of agency Inspectors 
        General
    In order to augment existing oversight of classification and 
declassification activities performed by the Information Security 
Oversight Office, agency Inspectors General should be tasked to perform 
their own periodic reviews of classification and declassification.
    Given the general consensus that classification is very expensive, 
both financially and operationally, agency heads may well concur that 
increased oversight of classification practices is appropriate and may 
be expected to endorse increased IG attention to this area.
    Inspectors General with cleared staff are already in place at the 
relevant agencies and could readily undertake such oversight. Indeed, 
some of them, like the DoD Inspector General, already perform some 
classification oversight on an ad hoc basis.
    This Committee should therefore ask each of the intelligence 
community inspectors general to add a periodic review of classification 
and declassification activities to its portfolio of regular auditing 
functions.
4. Declassify the annual intelligence budget
    There is no single declassification action that would signal an end 
to obsolete classification practices as clearly and powerfully as 
declassification of the total annual intelligence budget.
    That was the bipartisan conclusion of the Aspin-Brown-Rudman 
Commission in 1996.\5\ It was also the unanimous recommendation of the 
9/11 Commission in 2004.\6\ But it has elicited fierce opposition from 
those who are attached to the status quo.
---------------------------------------------------------------------------
    \5\ Preparing for the 21st Century: An Appraisal of U.S. 
Intelligence, available online at http://www.fas.org/irp/offdocs/
report.html, Recommendation 14-2, March 1996.
    \6\ Final Report of the National Commission on Terrorist Attacks 
Upon the United States, page 416.
---------------------------------------------------------------------------
    Paradoxically, the persistent opposition to intelligence budget 
disclosure has elevated the issue to one of outstanding significance, 
thereby making its potential declassification even more powerful.
    The notion that that annual disclosure of the total intelligence 
budget could damage national security, a view that the present 
Administration appears to hold, has been decisively refuted. The budget 
total was formally declassified in 1997 and 1998 without adverse 
effect. Nor did release of the budget in those years lead to 
uncontrolled disclosure of more sensitive information. In other words, 
the hypothetical ``slippery slope'' feared by proponents of continued 
budget secrecy did not materialize.
    In fact, intelligence budget classification is a relic of times 
gone by that has nothing to do with protecting current national 
security interests.
    Declassification of the intelligence budget will help to set an 
enlightened new standard for classification policy by demonstrating 
that even the most entrenched secrecy practices are subject to 
reconsideration and will be rejected when they no longer make sense.
    Although this Committee has already completed its markup of the 
2008 Intelligence Authorization Act without addressing intelligence 
budget disclosure, the Senate version of the bill does include a 
provision for requiring such disclosure (section 107 of S. 1538). 
Committee members may therefore encounter this provision in a future 
House-Senate conference.
    If so, I would urge you to seize the opportunity to achieve a final 
resolution of this longstanding controversy, and a new beginning for 
intelligence classification policy by endorsing declassification of the 
intelligence budget.
    Thank you for considering my views on these important issues.

    Chairwoman Eshoo. Last, but not least, Mr. Bill Leonard, 
who is the Director of the Information Security Oversight 
Office. Many members of the committee commonly refer to it as 
the National Archives and Records Administration, NARA.
    Welcome. Thank you for your wonderful service to our 
country. Very distinguished career dating back before you 
arrived at the National Archives and Records Administration. So 
welcome. We look forward to your testimony.

STATEMENT OF J. WILLIAM LEONARD, DIRECTOR, INFORMATION SECURITY 
                        OVERSIGHT OFFICE

    Mr. Leonard. A career of probably more years than I want to 
admit.
    Madam Chair, Mr. Issa, I want to thank you very much for 
holding this hearing on issues relating to the classification 
of national security information within the Intelligence 
Community as well as for inviting me to testify today.
    In the invitation to testify, you requested I address a 
number of issues, to include changes to the executive order 
over the past decade. In March, 2003, the President signed an 
order further amending Executive Order 12958. The principal 
purpose of the amendment was to provide agencies an additional 
3\1/2\ years to address the remaining backlog of unreviewed 25-
year-old classified records of permanent historical value prior 
to the onset of automatic declassification, a concept I explain 
in detail in my formal written statement. I also provide in 
that statement a synopsis of the other changes that time does 
not permit me to go into at this time.
    However, what is most notable about the 2003 amendment is 
what did not change. The revision left the existing 
classification and declassification regime largely intact. It 
had an exceedingly limited impact on the way in which 
government officials classified or declassified information. 
For all practical purposes, it institutionalized automatic 
declassification as an essential element of the classification 
process.
    I also outline in my formal statement the second issue you 
requested me to address, specifically, an assessment of agency 
compliance with the order. In fiscal year 2006, my office 
conducted a total of 15 on-site reviews of executive branch 
agencies. Of the general program reviews we conducted, we found 
that few of the agencies visited had adequately implemented the 
core elements of the classified National Security Information 
Program. Shortcomings were observed at multiple agencies in 
their implementing regulations, self-inspection programs, 
document markings and refresher security education and 
training.
    I should further note, however, that, as a general rule, 
Intelligence Community agencies tend to have the most sound 
information security programs within the executive branch.
    Last year, last fiscal year, we concentrated much of our 
compliance reviews on the appropriateness of classification 
decisions; and, based upon a sample of over 2,000 documents 
reviewed, we identified many to be questionable.
    Which brings me to the third issue you requested me to 
address, the impacts of overclassification. The ability and 
authority to classify national security information is a 
critical tool at the disposal of the government and its leaders 
to protect our Nation and its citizens. In this time of 
constant and unique challenges to our national security, it is 
the duty of all of us engaged in public service to do 
everything possible to enhance the effectiveness of this tool.
    To be effective, the classification process is a tool that 
must be wielded with precision. In an audit of agency 
classification activities conducted by my office over a year 
ago, we discovered that even trained classifiers with ready 
access to the latest classification and declassification guides 
and trained in their use got it clearly right only 64 percent 
of the time in making determinations as to the appropriateness 
of classification.
    This is emblematic of the daily challenges confronting 
agencies when ensuring that the 3 million plus cleared 
individuals with at least a theoretical ability to derivatively 
classify information get it right each and every time. Too much 
classification unnecessarily obstructs effective information 
sharing and impedes an informed citizenry, the hallmark of our 
democratic form of government.
    You also requested I address the effectiveness of current 
declassification efforts. After several deadline extensions, 
automatic declassification finally became effective on December 
31st, 2006, with a few notable authorized delays. While a 
detailed analysis of the final results is still under way, it 
appears that all executive branch agencies have succeeded in 
meeting their initial obligations under the automatic 
declassifications provisions of the order.
    As significant as the initial development of the concept of 
automatic declassification was, its actual implementation after 
so many false starts and delays is even more of an 
accomplishment. It reflects well on the diligence and efforts 
of the public servants who accomplished this milestone through 
hard work and perseverance, as well the agencies that committed 
the requisite resource. However, significant challenges remain; 
and I have outlined them in my formal written statement.
    Finally, you asked that I address the effect of selective 
classification and declassification in my formal statement. I 
provide a synopsis of the policy.
    Again, thank you for inviting me here today, Madam Chair. I 
am happy to answer any and all questions.
    Chairwoman Eshoo. Thank you very much.
    [The statement of Mr. Leonard follows:]

    Statement of J. William Leonard, Director, Information Security 
                            Oversight Office

    Chairwoman Eshoo, Mr. Issa, and members of the subcommittee, I wish 
to thank you for holding this hearing on issues relating to 
classification of national security information within the Intelligence 
Community as well as for inviting me to testify today.
                               background
    By section 5.2 of Executive Order 12958, as amended, ``Classified 
National Security Information'' (the Order), the President established 
the organization I direct, the Information Security Oversight Office, 
often called ``ISOO.'' We are within the National Archives and Records 
Administration and by law and Executive order (44 U.S.C. 2102 and sec. 
5.2(b) of E.O. 12958) are directed by the Archivist of the United 
States, who appoints the Director of ISOO, subject to the approval of 
the President. We also receive policy guidance from the Assistant to 
the President for National Security Affairs. Under the Order and 
applicable Presidential guidance, ISOO has substantial responsibilities 
with respect to the classification, safeguarding, and declassification 
of information by agencies within the executive branch. Included is the 
responsibility to develop and promulgate directives implementing the 
Order. We have done this through ISOO Directive No. 1 (32 CFR Part 
2001) (the Directive).
    The classification system and its ability to restrict the 
dissemination of information the unauthorized disclosure of which could 
result in harm to our nation and its citizens represents a fundamental 
tool at the Government's disposal to provide for the ``common 
defense.'' The ability to surprise and deceive the enemy can spell the 
difference between success and failure on the battlefield. Similarly, 
it is nearly impossible for our intelligence services to recruit human 
sources who often risk their lives aiding our country or to obtain 
assistance from other countries' intelligence services, unless such 
sources can be assured complete and total confidentiality. Likewise, 
certain intelligence methods can work only if the adversary is unaware 
of their existence. Finally, the successful discourse between nations 
often depends upon confidentiality and plausible deniability as the 
only way to balance competing and divergent national interests.
    It is the Order that sets forth the basic framework and legal 
authority by which executive branch agencies may classify national 
security information. Pursuant to his constitutional authority, and 
through the Order, the President has authorized a limited number of 
officials to apply classification to certain national security related 
information. In delegating classification authority the President has 
established clear parameters for its use and certain burdens that must 
be satisfied.
    Specifically, every act of classifying information must be 
traceable back to its origin as an explicit decision by a responsible 
official who has been expressly delegated original classification 
authority. In addition, the original classification authority must be 
able to identify or describe the damage to national security that could 
reasonably be expected if the information was subject to unauthorized 
disclosure. Furthermore, the information must be owned by, produced by 
or for, or under the control of the U. S. Government; and finally, it 
must fall into one or more of the categories of information 
specifically provided for in the Order.\1\
---------------------------------------------------------------------------
    \1\ Pursuant to Sec. 1.4 of the Order, information shall not be 
considered for classification unless it concerns: (a) military plans, 
weapons systems, or operations; (b) foreign government information; (c) 
intelligence activities (including special activities), intelligence 
sources or methods, or cryptology; (d) foreign relations or foreign 
activities of the United States, including confidential sources; (e) 
scientific, technological, or economic matters relating to the national 
security, which includes defense against transnational terrorism; (f) 
United States Government programs for safeguarding nuclear materials or 
facilities; (g) vulnerabilities or capabilities of systems, 
installations, infrastructures, projects, plans, or protection services 
relating to the national security, which includes defense against 
transnational terrorism; or (h) weapons of mass destruction.
---------------------------------------------------------------------------
    The President has also spelled out in the Order some very clear 
prohibitions and limitations with respect to the use of classification. 
Specifically, for example, in no case can information be classified in 
order to conceal violations of law, inefficiency, or administrative 
error, to restrain competition, to prevent embarrassment to a person, 
organization, or agency, or to prevent or delay the release of 
information that does not require protection in the interest of 
national security.
    It is the responsibility of officials delegated original 
classification authority to establish at the time of their original 
decision the level of classification (Top Secret, Secret, and 
Confidential), as well as the duration of classification, which 
normally will not exceed ten years but in all cases cannot exceed 25 
years unless an agency has received specific authorization to extend 
the period of classification.
               changes to the order over the past decade
    The current framework has basically been in effect since 1995. One 
of the most innovative features of the current framework is the concept 
of automatic declassification. Under prior executive orders governing 
classification and declassification, information once classified 
remained so indefinitely and very often did not become available to 
general public, researchers, or historians without persistent and 
continuous effort on the part of these individuals. While all agencies 
had the responsibility to systematically review historical classified 
records for declassification, and some agencies such as the State 
Department did so on a regular basis, there was no specified 
consequence for agencies that did not conduct such reviews. 
Understandably, in times of budget constraints, reviews for 
declassification suffered, resulting in a significant backlog or 
``mountain'' of classified historical records, many of which were much 
older than 25 years of age.
    Under automatic declassification, information in records appraised 
as having permanent historical value is automatically declassified 25 
years after classification, unless an agency head has determined that 
it falls within one of several limited exceptions that permit continued 
classification, a continuation that either the President or the 
Interagency Security Classification Appeals Panel (ISCAP) has approved. 
In effect, automatic declassification reverses the resource burden. 
Unlike previous systems, in which agencies had to expend resources to 
declassify older information, under the current system, agencies must 
expend resources to demonstrate why older historical information needs 
to remain classified.
    In March 2003, the President signed Executive Order 13292 further 
amending Executive Order 12958. The principal purpose of the amendment 
was to provide agencies an additional three and a half years to address 
the remaining backlog of unreviewed 25-year-old classified records of 
permanent historical value prior to the onset of automatic 
declassification. This and other changes were recommended by a broad 
consensus of interagency professionals in classification and 
declassification. They reflect seven years of experience in 
implementing E.O. 12958 as well as new priorities resulting from the 
events of 9/11.
    What is most notable about the 2003 amendment is what did not 
change. The revision left the existing classification/declassification 
regime largely intact. It had an exceedingly limited impact on the way 
in which government officials classified or declassified information. 
For all practical purposes, it institutionalized automatic 
declassification as an essential element of the classification process.
    For classifiers, the most notable change was a simplification of 
the process and a resulting change in marking requirements. For those 
involved in the declassification process, in addition to providing more 
time to complete the review of 25-year old records, the revision gave 
greater clarity to what records are subject to automatic 
declassification and under what conditions.
    A synopsis of the most significant changes included in the 
amendment is set forth below:
--Deadline for Automatic Declassification Extended. The 2003 amendment 
        committed agencies to finish reviewing the backlog of 
        classified records more than 25 years old, by the end of 2006. 
        (Sec. 3.3(a))
--Clarification of Documents Subject to Automatic Declassification. 
        Before the most recent amendment, the language of the Order was 
        unclear as to what 25-year-old documents that had not been 
        explicitly exempted from release were subject to 
        declassification and under what circumstances. Moreover, even 
        in blocks of retired records spanning a period of years, the 
        language suggested that older documents would become 
        automatically declassified before the larger body of records 
        was subject to review.
A number of changes were made that clarified the question of what 
        documents are automatically declassified at 25 years:
          --Records in a file block shall not be automatically 
        declassified until the most recent record is 25 years old (Sec. 
        3.3(e)(1));
          --An additional five years is allowed for difficult to review 
        records such as audio and video tapes (Sec. 3.3(e)(2));
          --An additional three years is allowed for the release of 
        records transferred or referred from another agency (Sec. 
        3.3(e)(3));
          --An additional three years is allowed for newly discovered 
        records (Sec. 3.3(e)(4)).
--Protecting Foreign Government Information. The 2003 amendment to the 
        Order contained the presumption that the unauthorized 
        disclosure of foreign government information exchanged in 
        confidence will cause damage to the national security (Sec. 
        1.1(c)). The practical consequence of this addition was limited 
        since the original Order contained such broad discretion in 
        this area that an original classifier had the authority to 
        classify such information all along. More importantly, the 
        amendment made it explicit that for foreign government 
        information to be exempt from automatic declassification, the 
        same standard as other information concerning foreign and 
        diplomatic relations of the United States and a foreign 
        government is to be applied. Specifically, serious and 
        demonstrable ``impairment'' or ``undermining'' of these 
        relations or activities must be shown in order for the 
        information to be exempted. (Sec. 3.3(b)(6))
--Categories of Classifiable Information Clarified. Additional 
        categories of information, specifically defense against 
        transnational terrorism, infrastructures, and protection 
        services, were explicitly spelled out as included in those that 
        were eligible for classification. ``Weapons of mass 
        destruction'' was added as a separate category. Arguably, all 
        such information was already covered by the existing Order but 
        the amendment made these points clearer. (Sec. 1.4(e), (g) & 
        (h))
--Simplifying the Scheme. E.O. 12958 had been considered unduly 
        complicated to administer because of separate criteria for 
        original classification for up to ten years; for original 
        classification from 10 to 25 years; and for extending 
        classification beyond 25 years. To correct this, the separate 
        set of criteria for withholding information between 10 and 25 
        years from date of origin was eliminated. While the revised 
        language maintains ten years as the norm for most original 
        classification actions, there is now one set of criteria for 
        classification up to 25 years (Sec. 1.4) and another for 
        continuing classification beyond 25 years (Sec. 3.3(b)).
--Reclassification of Properly Released Material. As originally issued, 
        the Order prohibited the reclassification of information after 
        it had been released to the public under proper authority and 
        prohibited it entirely for documents more than 25 years old. 
        The 2003 amendment restored the ability under the predecessor 
        executive order to reclassify such information and dropped the 
        prohibition on 25-year-old information, but only under ``the 
        personal authority of the agency head or deputy agency head'' 
        and only if the material may be ``reasonably recovered.'' (Sec. 
        1.7(c) & (d))
--Continuing Ability to Exempt File Series. When the order was 
        originally issued in 1995, it required that all record file 
        series that were to be exempted from automatic declassification 
        at 25 years be identified to the President before the Order 
        went into effect. This was changed so that an agency may now 
        notify the President at any time of file series of records that 
        qualify under the specific standards for exemption. (Sec. 
        3.3(c))
--Authority of Director of National Intelligence (DNI) Recognized. 
        While intelligence sources and methods information remain 
        subject to the jurisdiction of Interagency Security 
        Classification Appeals Panel (ISCAP), the amendment recognized 
        the special authority and responsibility of the now DNI to 
        protect such information. As such, this revision authorized the 
        DNI to object to final ISCAP declassification conclusions about 
        such information. Furthermore, a decision by the DNI to bar 
        release can still be appealed to the President by any member 
        agency of ISCAP. (Sec. 5.3(f))
--Sharing Classified Information in an Emergency. One of the issues 
        that arose in the wake of 9/11 was awareness of the limitations 
        imposed by the lack of authority under the Order to pass 
        classified information to individuals not otherwise eligible 
        (e.g. local and state authorities without the necessary 
        clearances) in an emergency. As a result, a section was added 
        specifically authorizing an agency head or designated person to 
        share classified information with individuals not otherwise 
        eligible to receive it and specifying procedures to be 
        followed. (Sec 4.2(b))
                    agency compliance with the order
    In fiscal year (FY) 2006, pursuant to sections 5.2(b)(2) and (4) of 
E.O. 12958, as amended, my office conducted a total of 15 onsite 
reviews of Executive branch agencies. Most of these reviews evaluated 
the agencies implementation of the classified national security 
information program to include such core elements as organization and 
management, classification and declassification, security education and 
training, self-inspections, safeguarding practices, classification 
markings, and security violations procedures.
    Of the general program reviews we conducted last fiscal year, we 
found that few of the agencies visited had adequately implemented the 
core elements of the classified national security information program. 
Shortcomings were observed at multiple agencies in their implementing 
regulations, self-inspection programs, document markings, and refresher 
security education and training. It is disappointing to note that these 
same shortcomings were noted in FY 2004 and 2005. I should note that as 
a general rule, intelligence community agencies tend to have the most 
sound information security programs within the Executive branch.
    At several agencies, the ISOO onsite reviews identified inadequate 
support from senior management for the information security program. 
Sections 5.4 (a) and (b) require agency heads and senior management of 
agencies that originate or handle classified information to demonstrate 
commitment and consign necessary resources to the effective 
implementation of the Order.
    An area of significant concern was the failure of agencies to 
update their regulations that implement E.O. 12958, as amended, even 
though the Order was amended in 2003. Implementing regulations are 
essential to the program because they are the foundation for agency 
personnel in terms of obtaining guidance and procedures pertinent to 
their individual responsibilities under the Order and the Directive.
    As found in FYs 2004 and 2005, many agencies have not established 
comprehensive self-inspection programs. The primary reason for the 
shortcomings of these agencies' self-inspection programs were 
inadequate staffing levels necessary to meet their internal oversight 
responsibilities and insufficient senior agency official emphasis. 
Self-inspections are an important element of the information security 
program because they enable the agency to evaluate, as a whole, its 
implementation of the Order's program and make adjustments and 
corrective action, as appropriate.
    Refresher security education and training, although an annual 
requirement of the Order, was not being provided at a few of the 
agencies reviewed. This training is fundamental to the continuous 
reinforcement of the policies, principles, and procedures that 
individuals authorized access to classified information are expected to 
understand and implement.
    In FY 2006, we concentrated much of our compliance reviews on the 
appropriateness of classification decisions. We focused on evaluating 
if agencies were correctly applying the Order's standards for 
originally and derivatively classifying information. Unfortunately, the 
reviews revealed source information often could not be tracked when 
``multiple sources'' was entered on the ``derived from'' line of the 
document classification block. Almost all agencies reviewed were not 
keeping a list of the source documents with the file or record copy as 
required by the Directive. In addition, we found a high percentage of 
documents with an unknown basis for classification, as these documents 
failed to indicate the authority or basis for classification, thereby 
calling into question the propriety of their classification. To make 
clear to the holder the basis for classification and to facilitate 
information sharing and automatic declassification, it is imperative 
that multiple sources are listed and the basis for classification is 
identified when designating national security information as being 
classified.
    Another area of concern was the failure of agencies to review and 
update their security classification guidance at least every five years 
or sooner as circumstances require. In large part due to lack of timely 
revision to classification guides, agencies were still using obsolete 
X1-X8 declassification markings, which were eliminated by the 2003 
amendment to the Order. As a consequence of this erroneous action, the 
accuracy and appropriateness of subsequent derivative classification 
determinations based upon such improperly marked documents is placed in 
jeopardy.
    As part of our onsite reviews, we review a sample of documents to 
ascertain compliance with requirements set forth in the Order and 
Directive. A review by ISOO of over 2000 documents in FY 2006 revealed 
the following:
          --Nearly 39 percent had errors with regard to 
        declassification instructions;
          --Portion markings were inconsistently applied in over 30 
        percent of the documents; and
          --For over 11 percent of the documents, the basis for 
        classification could not be identified.
    An essential requirement of the Order is that only an original 
classification authority (OCA) is authorized to classify information in 
the first instance. Thus original classifications can only be made by 
an OCA, and every derivative classification decision must be able to be 
traced to a source document or classification guide. The consequence of 
having so many documents for which the basis of their classification 
could not be determined is that any future classification decisions 
based upon these same documents will be equally problematic and their 
true classification status uncertain.
    When an agency fails to effectively implement one or more elements 
of the classified national security program, it weakens its entire 
program because each of the elements has an essential purpose that is 
interdependent upon the others. Implementing regulations set the 
foundation for the program and establish the agency framework to 
implement the Order. Deficiencies in regulations lead to gaps in the 
agency's implementation of the program. Classification guides are a 
critical tool that prescribes the classification of specific 
information. They identify the elements of information regarding a 
specific subject that must be classified and establish the level and 
duration of classification for each element. Outdated classification 
guides may reproduce numerous invalid derivative classification 
decisions, thereby undermining the classification system provided by 
the Order. It is imperative that classification guides are updated to 
reflect the changes of the Order and otherwise be kept current.
    Security education and training briefings inform/remind agency 
personnel of their duties and responsibilities and on the proper 
procedures for creating, handling, and destroying classified 
information. Inadequately trained personnel are more prone to mistakes 
while working with classified information. Self-inspections enable an 
agency to evaluate the implementation of its program on a regular 
basis, identify areas of concern, and take corrective action, as 
applicable. The absence of a self-inspection program can leave problems 
unidentified and uncorrected and eventually place national security 
information at risk. For an effective program, the various program 
elements must work together.
                     impacts of overclassification
    As with any tool, the classification system is subject to misuse 
and misapplication. When information is improperly declassified, or is 
not classified in the first place although clearly warranted, our 
citizens, our democratic institutions, our homeland security, and our 
interactions with foreign nations can be subject to potential harm. 
Conversely, too much classification, the failure to declassify 
information as soon as it no longer satisfies the standards for 
continued classification, or inappropriate reclassification, 
unnecessarily obstructs effective information sharing and impedes an 
informed citizenry, the hallmark of our democratic form of government. 
In the final analysis, inappropriate classification activity of any 
nature undermines the integrity of the entire process and diminishes 
the effectiveness of this critical national security tool. 
Consequently, inappropriate classification or declassification puts our 
most sensitive secrets at needless increased risk.
    Classification, of course, can be a double-edged sword. Limitations 
on dissemination of information that are designed to deny information 
to the enemy on the battlefield can increase the risk of a lack of 
awareness on the part of our own forces, contributing to the potential 
for friendly fire incidents or other failures. Similarly, imposing 
strict compartmentalization of information obtained from human agents 
increases the risk that a Government official with access to other 
information that could cast doubt on the reliability of the agent would 
not know of the use of that agent's information elsewhere in the 
Government. Simply put, secrecy comes at a price. I have continuously 
encouraged agencies to become more successful in factoring this reality 
into the overall risk equation when making classification decisions.
    Classification is an important fundamental principle when it comes 
to national security, but it need not and should not be an automatic 
first principle. The decision to originally classify information in the 
first instance or not is ultimately the prerogative of agency original 
classification authorities. The exercise of agency prerogative to 
classify certain information, of course, has ripple effects throughout 
the entire executive branch. For example, it can serve as an impediment 
to sharing information with another agency, with State or local 
officials, or with the public, if they need to know the information.
    The challenge of overclassification is not new. Over 50 years ago, 
Congress established the Commission on Government Security (known as 
the ``Wright Commission''). Among its conclusions, which were put forth 
in 1955, at the height of the Cold War, was the observation that 
overclassification of information in and of itself represented a danger 
to national security. This observation was echoed in just about every 
serious review of the classification systems since to include: the 
Commission to Review DoD Security Policies and Practices (known as the 
``Stillwell Commission'') created in 1985 in the wake of the Walker 
espionage case; the Joint Security Commission established during the 
aftermath of the Ames espionage affair; and the Commission on 
Protecting and Reducing Government Secrecy (often referred to as the 
``Moynihan Commission''), which was similarly established by Congress 
and which issued its report in 1997.
    More recently, the National Commission on Terrorist Attacks on the 
United States (the ``9-11 Commission''), and the Commission on the 
Intelligence Capabilities of the United States Regarding Weapons of 
Mass Destruction (the ``WMD Commission'') likewise identified 
overclassification of information as a serious challenge.
    As I stated earlier, the ability and authority to classify national 
security information is a critical tool at the disposal of the 
Government and its leaders to protect our nation and its citizens. In 
this time of constant and unique challenges to our national security, 
it is the duty of all of us engaged in public service to do everything 
possible to enhance the effectiveness of this tool. To be effective, 
the classification process is a tool that must be wielded with 
precision. In an audit of agency classification activity conducted by 
my office over a year ago, we discovered that even trained classifiers, 
with ready access to the latest classification and declassification 
guides, and trained in their use, got it clearly right only 64 percent 
of the time in making determinations as to the appropriateness of 
classification. This is emblematic of the daily challenges confronting 
agencies when ensuring that the 3 million plus cleared individuals with 
at least theoretical ability to derivatively classify information get 
it right each and every time.
           effectiveness of current declassification efforts
    Setting deadlines for agency action in implementing the automatic 
declassification provisions of the Order is essential in ensuring the 
continued integrity and effectiveness of the classification system, 
which cannot be depended upon to protect today's sensitive national 
security information unless there is an ongoing process to purge it of 
yesterday's secrets that no longer require protection. The automatic 
declassification process increases the potential release of formerly 
classified information to policy-makers and lawmakers as well as the 
general public and researchers, enhancing their knowledge of the United 
States' democratic institutions and history, while at the same time 
ensuring that information which can still cause damage to national 
security continues to be protected. An agency's failure to fully 
implement automatic declassification provisions undermines its ability 
to achieve these complementary objectives.
    After several deadline extensions, automatic declassification 
finally became effective on December 31, 2006, with a few notable 
authorized delays. While a detailed analysis of the final results is 
still underway, it appears that all Executive branch agencies have 
succeeded in meeting their obligations under the automatic 
declassification provisions of the Order. As significant as the initial 
development of the concept of automatic declassification was, its 
actual implementation after so many false starts and delays is even 
more of an accomplishment. It reflects well on the diligence and 
efforts of both the public servants who accomplished this milestone 
through their hard work and perseverance, as well as the agencies that 
committed the requisite resources. I should note to you today the 
significant leadership and support within the interagency 
declassification community displayed by the Central Intelligence Agency 
since 1995.
    Significant challenges remain. For example, the Order allows a 
delay in automatic declassification for up to three additional years 
(December 31, 2009, for classified records currently 25 years old or 
older) that contain information of more than one agency or information 
the disclosure of which would affect the interests or activities of 
other agencies. Similarly, automatic declassification for classified 
information contained in microforms, motion pictures, audio tapes, 
video tapes, or comparable media that make a review for possible 
declassification exemptions more difficult or costly may be delayed 
from automatic declassification for up to five additional years. 
Improved processes, education about other agency equities and enhanced 
agency collaboration are necessary to ensure quality reviews with 
minimal referrals and adequate documentation regarding actual decisions 
made are essential.
    It should be noted that from the perspective of the public, 
researchers and historians, there is no ``vault-full'' of previously 
classified records that became automatically publicly available on 
January 1, 2007. However, in many regards, the public has already seen 
the major benefits of automatic declassification. Automatic 
declassification has served as the impetus during the recent past 
(since 1995) for many agencies to devote necessary resources for the 
establishment of substantial ongoing declassification review programs.
    During FY 2006, the Executive branch declassified 37,647,993 pages 
of permanently valuable historical records, which is a 27 percent 
increase over what was reported for FY 2005. This large increase was 
primarily due to the final push to comply with the December 31, 2006 
automatic declassification deadline. Since 1995, agencies have reported 
the declassification of more than 1.33 billion pages of previously 
classified historical records. Only 257 million pages were declassified 
under the two previous executive orders governing classified 
information, a period encompassing almost twice as many years.
    Furthermore, the infrastructures established by agencies to 
accomplish declassification reviews since 1995 will continue 
indefinitely, thus contributing to the universe of declassified 
information as a new batch of historical records reaches 25 years of 
age each and every year. However, we are concerned that some agencies 
may have regarded the automatic declassification deadline of December 
31, 2006 as a one-time push rather than an ongoing requirement.
    Finally, declassification does not always equate to public access. 
Documents that have been declassified must still be reviewed to 
ascertain whether they contain other information that may not be 
releasable to the public, e.g. personal information. Also, declassified 
records must be accessioned and processed by archivists before they can 
be ``put on the public shelves.'' These activities ensure that the 
National Archives and Records Administration (NARA) has both physical 
and intellectual control of the records. While some 460 million 
declassified pages of federal records have been made publicly 
accessible since 1996, NARA holds another 400 million pages of 
declassified federal records that require additional processing before 
they can be made available. To add to the burden, hundreds of millions 
of pages, both classified and recently declassified, remain within the 
custody of their originating agencies and will also require processing 
upon accession into NARA before they are made available to the public.
        effect of selective classification and declassification
    As I indicated earlier, the decision to originally classify 
information in the first instance or not is ultimately the prerogative 
of agency original classification authorities.
    Similarly, the Order clearly states that information shall be 
declassified as soon as it no longer meets the standards for 
classification under this order, irrespective of the initial duration 
decision of the original classification authority. The Order goes on to 
state (section 3.1 (b)) that it is presumed that information that 
continues to meet the classification requirements under the Order 
requires continued protection. However, the Order does recognize that 
in some exceptional cases the need to protect such information may be 
outweighed by the public interest in disclosure of the information, and 
in these cases the information should be declassified. When such 
questions arise, the Order assigns the responsibility to make such a 
decision to the agency head or the senior agency official designated by 
the agency head under the Order. That official is responsible to 
determine, as an exercise of discretion, whether the public interest in 
disclosure outweighs the damage to the national security that might 
reasonably be expected from disclosure.
    Again, I thank you for inviting me here today, Madame Chairwoman, 
and I would be happy to answer any questions that you or the 
subcommittee might have at this time.

    Chairwoman Eshoo. We have been joined by another 
distinguished member of the full committee of this 
subcommittee, Mr. Rush Holt, Congressman Holt from New Jersey. 
I would invite you to make a statement.
    Mr. Holt. I will wait until we get to the questions. Thank 
you.
    Chairwoman Eshoo. Let me once again thank the witnesses. 
There was a lot of material in your comments.
    Let me start with this question, and that is, has Congress 
ever revised an executive order, I mean, leaned in 
legislatively to either bolster what is an executive order or 
to change it in some way, shape or form?
    Mr. Leonard. I think the most recent efforts in that area 
date back to the mid-1990s where there was the commission on 
reducing government and improving government secrecy, commonly 
known as the Moynihan Commission, where Senator Moynihan took 
the lead.
    The major thrust of that commission and their findings was 
to give a legislative basis, if you will, to much of the 
executive order. That is one of the many recommendations of 
that commission that actually did quite a bit of effective work 
that really has not seen the light of day.
    Chairwoman Eshoo. Maybe all three of you want to lean in on 
this. What in your view are the costs of overclassification? I 
mentioned, obviously, a big one. I mean, what we have learned 
from September 11th 2001. But if you would like to comment on 
that, fill it out.
    I think it is an important thing for us to be made very 
well aware of because the tendency is and the number of pages 
declassified recently are really abysmal when you look at Ms. 
Fuchs' chart. Who would like to take a stab at that?
    Ms. Fuchs. Well, I mean, I think the costs of 
overclassification are myriad and in some respect they may be 
hard to identify because we don't know what the secrets are 
that we haven't heard of. But certainly in a situation where 
things are classified that shouldn't be classified, it leads to 
disrespect of the system, and I think that is one of the 
reasons there have been so many incredible leaks to the press 
in the last couple of years, because so many important things 
including important policy choices are classified, and that 
limits dissent. So I think it leads to more leaks.
    I also think it makes the public suspicious. This is the 
United States of America. This is a democracy. We citizens feel 
proud we live in a country where the Congress and President are 
supposed to be responsive to our concerns.
    That doesn't happen everywhere. In how many other countries 
could you see their intelligence agency releasing the skeletons 
in the closet, the ``family jewels''? That is something that we 
need to preserve because that makes our country special. If we 
allow secrecy to go unchecked, then we are not going to be like 
that any more.
    Chairwoman Eshoo. I think that is one of the most obvious 
ones. It is a very important one.
    Mr. Aftergood or Mr. Leonard, do you want to add anything?
    Mr. Leonard. Clearly, I think most people would recognize 
that the best policy, the best solutions always come about 
after a robust and full exchange of ideas and a full exchange 
of information. Classification in and of itself guarantees that 
you will never achieve that optimal level because you, by 
definition, are restricting your input, restricting the 
deliberation of whatever.
    So there are many times where that is a price we have to 
pay. We have to accept a sub-optimum outcome because we need to 
deny information to those who would use against information 
against us. But when we sign up to a sub-optimal outcome 
needlessly and deny that full and robust change----
    Chairwoman Eshoo. What do you think is the most important 
tool for what you just described?
    Mr. Leonard. To preclude that from happening?
    Chairwoman Eshoo. The misuse of it.
    Mr. Leonard. The most important tool is we literally have 
to change the culture, because right now we have a culture 
where people rightfully are held accountable both 
administratively and criminally when they improperly disclose 
information. But I dare say I have a hard time identifying a 
situation where anybody has ever been held accountable for 
improperly restricting information.
    The system is out of kilter in that regard. We need to get 
it right each and every time from both directions, and until we 
come up with a means by which to hold people accountable for 
inappropriately hoarding information or inappropriately and 
needlessly restricting the dissemination of information, we 
will always have that tilt to, when in doubt, withhold.
    Chairwoman Eshoo. Is it your agency that in some ways--
maybe this is a stretch to describe it this way. Do you act in 
some way, shape or form as kind of an IG looking over the 
shoulder of the executive and making sure that the executive 
order is carried out? Is there any Checkpoint Charlie besides 
the House Intelligence Committee, the Senate Intelligence 
Committee? Really so much of this rests with the executive 
branch.
    Mr. Leonard. Ultimately, the decision to classify is a 
judgment and an act of discretion.
    Chairwoman Eshoo. The oversight and implementation of many 
of the things that you have in your written statement.
    Mr. Leonard. That, from my perspective, is what is lacking. 
Because my office, the role we play is we will look and say, is 
the decision--is it made in accordance with the standards, 
which is different than asking the question was it the right 
decision.
    One of the things that I have long advocated is assigning 
to a rather senior official within agencies that role to be the 
advocate for challenging classification decisions where we 
actually inculcate a culture where people can challenge what 
they perceive to be inappropriate classification decisions and 
serve as an advocate for ensuring that the proper judgment is 
brought to these types of decisions.
    Chairwoman Eshoo. Kind of hard to do when we talk about 
having to change the culture in order to make this happen, 
though. Sometimes the most effective keepers of the culture are 
the people that are at the top, and then we would want them to 
review and make sure that they are essentially being the 
devil's advocate and check on the system. It is difficult, but 
I appreciate what you are saying.
    Mr. Aftergood, did you want to add something?
    Mr. Aftergood. I would endorse both what Ms. Fuchs and Mr. 
Leonard said, and I think it is true that you need to change 
the culture, but I don't think it is particularly helpful to 
put it that way because it is too diffuse of a goal. Instead, I 
think we ought to focus more on nuts and bolts questions of how 
do we actually increase the oversight in a meaningful way.
    The President's executive order delegated the only real 
oversight function to Mr. Leonard's organization, which is an 
office of perhaps 20 or 30 individuals at the National Archives 
responsible for overseeing a system of perhaps 3 million people 
holding clearances and tens of thousands of government 
officials. So, obviously, it is an oversight system that is not 
designed to fulfill its declared function.
    Okay, so what do you do about that? One thing you can do 
about it, without getting too grandiose or thinking about 
something too ambitious, is to expand the number of individuals 
whose job it is to perform oversight.
    How do you do that? Well, most intelligence agencies and 
other government agencies have inspectors general housed in 
their agencies. In the intelligence agencies, they all hold 
clearances. Why not ask them as part of their routine 
functioning once a year, or more often, periodically do an 
audit of classification and declassification activity.
    Now they may find that they are not classifying enough or 
they are classifying too low. It doesn't matter. Have somebody 
whose job it is to think about the proper functioning of the 
classification system. Let them do an independent audit. 
Because the IGs are already housed in the agencies, they are 
less likely to engender the opposition that somebody from way 
outside the agency is automatically going to generate.
    Chairwoman Eshoo. Culture is already accustomed to them.
    Mr. Aftergood. Some are already doing it on an ad hoc 
basis.
    But if this subcommittee were to ask each of the 
intelligence agency IGs, saying, look, we want you to once a 
year do an audit of classification practices, report to us, 
preferably in unclassified format, do it every year, and then 
see what happens.
    Chairwoman Eshoo. Very helpful. Thank you.
    Mr. Issa.
    Mr. Issa. Thank you very much, Madam Chair.
    I am going to try to be tough to get some answers here, 
because I think there is a couple of things I want to get clear 
answers for the record on, and I think Director Leonard will 
probably answer most of these.
    Director, do the North Koreans, the Cubans, the Iranians, 
do they declassify and put on the Web anything?
    Mr. Leonard. Not that I know of.
    Mr. Issa. Did the Soviet Union ever do that during its 
existence?
    Mr. Leonard. Not that I am aware of, no, sir.
    Mr. Issa. Does Russia currently maintain a high level of 
secrecy, again, vis-a-vis Putin's announcement that he had 
secretly done a new level of nuclear weapon while we were 
paying under Nunn-Lugar to clean up his old weapons?
    Mr. Leonard. Probably a fair statement.
    Mr. Issa. So, in fairness to ourselves, from all three of 
you, please, to the extent that we do this both publicly and 
internally, we are, for all practical purposes, the only nation 
doing it, is that correct? We are the only major nation that 
has major secrets that makes anything close to this amount 
public as a matter--I am not trying to pat us on the back. I 
think we have a lot of room for improvement. But I want to have 
us all do a reality check, which is the bad guys do not 
participate in this and we have had no luck at getting them to 
participate. Is that a fair statement?
    Ms. Fuchs. I think it is fair to say that we are doing a 
much better job than all those countries we would never want to 
emulate, that is correct.
    Mr. Issa. Let's go a little further. Has France told us----
    Chairwoman Eshoo. Did your daughters hear that?
    Mr. Issa. They left. I waited to get tough.
    Has France--France is one of the three greatest spies on 
us: France, China and Israel. Common knowledge.
    Mr. Aftergood. The United Kingdom does a lot of 
declassification.
    Mr. Issa. Has France told us what they did to spy on us, 
Israel, or has China told us what they did, the three biggest 
spies against us? I am not an expert on this. Have we found out 
what they did 25 years ago by their putting it on the Web?
    Ms. Fuchs. I think there have been times when other 
countries have declassified important information. For example, 
my organization has sought a lot of information about the Cuban 
missile crisis; and we were involved with organizing a 
conference held in Cuba at which former Soviet officials, U.S. 
officials and Cuban officials attended. And thanks to our 
efforts to unleash information from the U.S. Government, Fidel 
Castro actually came to the conference with a stack of papers 
which showed what Cuba knew was going on at the time of the 
Cuban missile crisis.
    So it happens. I certainly agree that we have made much 
more of an effort than other countries.
    Mr. Issa. That was really setting it up for the major 
question and that is one from this part of this hearing is 
probably our first priority. Ms. Fuchs, from your part, it 
might be not the first.
    Today, the biggest concern I think on the dais--and I am 
asking for input on this--should be the fact that stovepiping 
exists, that overclassification that prevents the 3 million 
people who have security clearances at various levels are 
unable to get the equivalent of CREST in a classified world so 
that they know what they don't know. Is that commonly agreed to 
the extent that you each know about it, particularly Director 
Leonard? I know you would be more aware of just how much 
stovepiping there is.
    Mr. Leonard. The classification system in and of itself is 
an impediment to information sharing, especially third agency 
rules and things along those lines, yes, sir.
    Mr. Issa. So when we deal with Confidential, For Official 
Use Only, Secret and Top Secret, we are dealing with the 
peanuts. Realistically, if this committee is to do its best 
work, wouldn't we first start with Compartmented, where it is 
not available to other security agencies even when they have a 
valid need to know because they don't know that it exists? If 
we are trying to prioritize some of our highest priorities, 
would that be fair to say?
    Mr. Leonard. Writing intelligence for the consumer, either 
taking code word information and writing it to the collateral 
level, to the confidential secret level, or writing it to the 
unclassified level for the uncleared state and locals, yes, 
sir, that is clearly----
    Mr. Aftergood. I would just add there is a cluster of 
problems here that are slightly different, but they are also 
related. Disclosure to the public is a different issue than 
information sharing within the government. Nevertheless, some 
of the solutions overlap.
    For example, the tear-line approach where you segregate 
information by classification level, you separate out the 
compartmented stuff from the collateral secret stuff from 
unclassified stuff. If you do that, you can share both widely 
within the government, you can also perhaps disclose to the 
public, and it also facilitates declassification at the end of 
the document's lifetime.
    Mr. Issa. That is exactly what I was getting to. If we can 
force the community which we have oversight on to adhere to 
existing requirements that they in fact begin creating what we 
all know from doing word processing, sort of the bold lines 
that we see when we do edits so that when you send back a 
document, they know what you edited, et cetera. We implement 
that same basic technology to the basic levels of security. 
Then we should, as an oversight agency, be able to scan a great 
deal of information at a level before we ever start asking for 
the little piece that is essentially redacted but in a digital 
world redacted in a different way.
    Mr. Aftergood. If I could make one practical suggestion. 
Rather than attempting to change the practice throughout the 
entire community, which, again, may be too ambitious and may 
generate automatic opposition, I would suggest it might be 
tactically wise to break the problem up into smaller pieces and 
to begin--you mentioned in your opening statement the National 
Intelligence Estimate that was unable to be shared. Why not 
begin with the National Intelligence Council and tell them, 
look, in the future, we want all of your NIEs to be prepared in 
a tear-line format so that at a minimum, even if they are 
classified, the noncompartmented portions can be shared widely 
with Congress, cleared staff and so forth.
    Mr. Issa. You just scored a home run for something I think 
we can implement as a result of this hearing.
    Mr. Aftergood. I should add that that may be the staff 
director's idea, because we were discussing that prior to the 
hearing.
    Chairwoman Eshoo. You can share it.
    Mr. Issa. We have always found those to be solid. I am 
going to ask you a tough question, and my time is running 
short.
    Chairwoman Eshoo. It is up, but you can have more time.
    Mr. Issa. Thank you. I will be brief, though.
    Because if it goes to a level of declassification, Mr. 
Aftergood, since your bio gives me the in, I will use it. I 
always love using people's bios. One of your claims to fame was 
in fact when you sued the government to find out that the intel 
budget in 1997 was $226.6 billion. Quite an accomplishment to 
get a number for the first time.
    In your estimate, to the public what breakdown of the right 
to know below that number do you think is appropriate? I take 
it from each of you. In other words, I will give you some real 
quick hypotheticals. Should we break it down by overall agency, 
by region, by counties? Should we break it down by how much we 
pay the operative A, B, C? Where do you draw the line?
    I ask you that because you did quite a breakthrough, but we 
also have to know from our standpoint where the community would 
draw the line, where you would draw the line.
    Mr. Aftergood. If your question is, if I were President, 
how much would I declassify, then I think I don't see a problem 
with declassification of individual agency budgets, totals, in 
other words, figures for individual agencies. I am not the 
President.
    Mr. Issa. I am not a Senator, so I am not even going to be 
one.
    Mr. Aftergood. I accept the fact that all--that there is a 
bare consensus represented by the 9/11 Commission and others 
that the total budget for the national intelligence program 
should be disclosed but nothing beyond that. And I would note 
that when the budget was declassified by the Director of 
Central Intelligence in 1997 and 1998, the one number was 
released and it did not lead to a hemorrhaging of further 
detailed secrets. In order words, the system was perfectly 
capable of drawing a line. It would not have been the line that 
I would draw necessarily, but it was a line that was drawn and 
was adhered to.
    Mr. Issa. Thank you.
    Thank you, Madam Chair.
    I might note for the record that every Member of Congress 
has the ability to go up to the Crypt, not just those on the 
committee, and see a considerable level of detail of dollars by 
agencies and so on. That is a right every Member of the House 
and Senate has, and it also hasn't led to hemorrhaging of the 
public hearing how much a particular program goes to.
    Thank you.
    Chairwoman Eshoo. Thank you. Excellent questions.
    Mr. Holt.
    Mr. Holt. Thank you, Madam Chair. Thanks for setting up 
this meeting and thanks for the excellent staff work. It may 
have consisted of coaching the witnesses. I am not sure.
    But I must say, Mr. Aftergood, you have made several very 
specific and useful suggestions so far; and I hope we will come 
out of this hearing with some specific applicable suggestions, 
perhaps legislative controls that should be imposed or 
recommendations to agencies.
    Recognizing that excessive secrecy is actually a danger to 
democracy as well as a danger to good decision-making, we have 
to know where to draw the line. Stovepiping clearly interferes 
with the appropriate sharing of information that is necessary 
for good decision-making. It is fairly easy to know when you 
have erred on the side of failing to classify if someone's 
sources or methods or identity is exposed and harm comes to 
them, comes to our country, comes to a program, comes to those 
who would be assisting our country. But it really is hard in 
the other direction. I mean, is there a rule of thumb to know 
that can be applied when there is excessive--when there is 
overclassification?
    That would be for all of you, because it is a general 
question.
    Mr. Leonard. One of my observations over the years is a 
good indicator of overclassification is the amount of leaks 
that occur. As many leakers as there are in this town, there 
are reasons for doing it. But one of the things that 
contributes to leaks is a lack of respect for the integrity of 
the system where people see information that has markings on it 
that a reasonable person would question. And when you start 
having people start substituting their own judgment for the 
judgment of the process, that is usually an indicator that the 
process is coming up short.
    Ms. Fuchs. I guess I would add that there are audits done 
of how agencies do their classification decisions, and you can 
see from those audits that there are problems. I think that is 
a good recommendation for how to limit overclassification.
    When the reclassification of historical records on the 
public shelves at the National Archives was exposed a couple of 
years ago, the Information Security Oversight Office did 
conduct an audit and the Archivist of the United States who 
held a meeting with officials from all of the agencies who had 
improperly reclassified information and members of the 
historical community, including my organization. And at the 
table I asked the question, so what are the consequences to 
these agencies for having flouted the executive order that was 
issued and for having reclassified without notifying the 
Information Security Oversight Office? The people from the 
agencies looked at me like I was insane.
    Mr. Holt. That was actually my next question. What 
sanctions do exist? And I think there are none for 
overclassification, what sanctions might exist.
    I didn't let everyone answer my first question, but if you 
wanted you could roll the answer of the second question in 
there.
    Ms. Fuchs. I just wanted to finish up. I think that, 
obviously, the vast majority of people who are keeping secrets 
or marking them secret are doing it to protect the United 
States and because that is their job. They are not trying to 
cause harm. But when it is shown that they have done something 
wrong, there should be some consequences. There certainly 
should be retraining. I mean, if they are classifying things 
improperly----
    Mr. Holt. What sanctions or controls exist against an 
employee or an office that overclassifies? Is there anything?
    Mr. Leonard. The order and the directive recognizes the 
need for sanctions but does not prescribe any.
    But to build on what Ms. Fuchs indicated, there are some 
best practices out there that some agencies do. For example, 
the Department of Energy actually requires a demonstration of a 
minimum level of competence before someone is allowed to 
classify. The CIA, for example, requires every classified 
product to have on it the identity of the individual who 
signed.
    Mr. Holt. That is training in advance, but is there 
anything after the fact?
    Mr. Leonard. The nice thing, if agencies require 
certification, if they require a demonstration of competence, 
if some of them do audits and demonstrate an inability to get 
it right, there is an easy way to apply sanctions: Take away 
your certification. You can no longer classify something. You 
will have to go to your supervisor or whatever to get 
classification controls until you get recertified or retrained. 
That is an easy way, not a debilitating sanction, but it gets 
people's attention, and I think it actually would work.
    Mr. Holt. In practice, are there regulations or legislation 
that should be imposed for that to occur?
    Mr. Leonard. Agencies have the leeway right now to do that 
if they choose. NRO, for example, limits who can assign 
classification. Most do not.
    Mr. Holt. Do you know of examples where someone's ability, 
prerogative to classify has been stripped because it was found 
in an IG report or otherwise they were overusing?
    Mr. Leonard. I believe the DOE, for example, when they see 
evidence that someone who is trained either as a classifier or 
declassifier isn't getting it right, at the very least----
    Mr. Holt. Do you think there might be a few examples out 
there?
    Mr. Leonard. Yes, sir. Only a few. But there are some best 
practices out there.
    Mr. Holt. You had suggested that the IG in each agency do 
an audit of classification and the use of it. Does any agency's 
IG, or other, if not the IG, other agency organization do that 
now?
    Mr. Aftergood. I believe so. I think over the years----
    Mr. Holt. As a regular----
    Mr. Aftergood. Not as a regular.
    Mr. Holt. That is what you were suggesting.
    Mr. Aftergood. Part of their portfolio, yes.
    Chairwoman Eshoo. We are getting some important work done 
and excellent questions asked.
    Mr. Holt. Following along this line now, not just the 
training but the process and controls for determining who has 
the ability and trustworthiness to handle classified 
information, are those controls appropriate? In other words, 
how you determine the level of clearance a person has?
    Mr. Leonard. That has been a vexing issue for decades.
    Mr. Holt. That is why we are asking you wise people.
    Mr. Leonard. From a policy perspective, it is identical 
across the board. From a practical perspective, somehow, some 
way it doesn't come into reality.
    One of the challenges is that, whereas everybody will sign 
up to the same set of standards for giving someone a clearance 
at the TS or SCI level, for example, individual agencies will 
say, okay, that is well and good, but, in addition to that, we 
have to determine whether you are suitable for overseas posting 
or suitable for this, and they impose additional suitability 
requirements, which although technically doesn't affect their 
clearance, from a practical point of view is the same: I am not 
going to let you access this information system.
    Mr. Holt. As you answer this, let me throw out a thought 
that I have had for some time which is the difference among the 
agencies may not be a bad thing if we use that difference to 
learn what works and what is appropriate.
    Mr. Holt. If we imposed nationwide or communitywide, you 
know, one particular way, for example, certain kinds of 
polygraphs, whatever it is, we might lock ourselves into a 
decades-long mistake.
    Mr. Leonard. Clearly the standard for someone to be 
assigned in a national clandestine service overseas needs to be 
different than someone who is going to sit, you know, at the 
Department of Education at a computer terminal. The key is to 
minimize those differences to ensure that if there is an extra 
requirement, that it is truly fulfilling a unique need and not 
just another way of coming up with the same answer to the same 
question.
    Chairwoman Eshoo. Okay. I would like to do another round if 
you have additional questions.
    I would like to just jump in here and ask Mr. Leonard. You 
mentioned that the Moynihan Commission recommended providing 
the legislative basis for the Executive Order. Do you have 
views on what elements should be made statutory?
    Mr. Leonard. The ability to restrict dissemination of 
national security information clearly is an absolute 
constitutional prerogative of the President pursuant to Article 
II, and that has been long recognized by the courts.
    So I think the basics in terms of what information is 
identified, how it is identified, to what level; but then over 
and above that the mechanics of how agencies implement the 
President's policies from an overall efficiency point of view, 
from a point of view of how it impacts upon the mission of an 
agency and its ability to do that in an efficient and effective 
way, those nuts-and-bolts-type issues, I think, clearly are 
appropriate.
    Chairwoman Eshoo. Which is really the jurisdiction of this 
committee and why we are having this examination.
    Has Congress ever legislated in this area?
    Mr. Leonard. Congress will on occasion, you know--for 
example, the first thing that occurs to me is something that 
has just been reconsidered by the Senate Select Committee on 
Intelligence. There was a statute passed dealing with 
clearances of individuals within the DOD and prohibiting the 
granting of clearances to anyone who had a felony record and 
spent more than a year in jail. That is something that is over 
and above the President's policy.
    So there is an example of legislation involving classified 
or access to national security information where Congress has 
weighed in.
    Chairwoman Eshoo. It is an example, but not so much what we 
are discussing here today, but it is an example of what is 
legislatively enacted.
    Mr. Aftergood. Maybe a more pertinent example is the fact 
that Congress legislated the classification system for atomic 
energy information, nuclear weapon design information in the 
Atomic Energy Act in the restricted data and formerly 
restricted data, which is essentially a parallel system that 
was enacted into law by Congress. So when the executive branch 
says this is a Commander in Chief function, the answer is no, 
not exclusively, and Congress has demonstrated that.
    Now, for myself, I think I would caution against this line 
of--this pursuit, because I remember 10 years ago testifying 
with Mr. Leonard--he was then at the Department of Defense--
before Senator Fred Thompson's Governmental Affairs Committee 
on something called the Government Secrecy Act of 1997, which 
was a proposed bill to essentially legislate a classification 
system. Now 10 years later, there is no Government Secrecy Act 
of 1997 because it never went anywhere.
    And I think, for me, the lesson is that sometimes when you 
are too ambitious, you end up getting nothing done. And in 
retrospect I think a lot of that work done then was wasted 
effort. And I, for myself, I would rather see incremental 
changes that really are adopted this year and next year and the 
year after that, and then we will be way, way ahead of the game 
rather than, you know, trying to legislate a whole 
classification system.
    Ms. Fuchs. There is one area that Congress has legislated 
that relates to this in the National Security Act. It puts the 
obligation on the Intelligence Community not to disclose 
sources and methods, and that is one area whereas the most 
important area in many ways with respect to classification, and 
we see it throughout all sorts of secrecy and disclosure 
decisions.
    But it is also something that the Moynihan Commission 
touched on, and it is an area--there is frankly not much 
definition in the law about what sources and methods means and 
what it is intended to protect, and it is an area where--from 
the perspective of our advocates--where we say the Intelligence 
Community has been extreme in its protection of entire 
documents based on the fact that they derive----
    Chairwoman Eshoo. How do you know that if it is a secret--
--
    Ms. Fuchs. Frankly, sometimes we see documents that are 
disclosed at different times with redactions, so you know, in 
fact, what was redacted. That is one reason. I mean, in 
addition, you mentioned--Ranking Member Issa mentioned Mr. 
Aftergood's litigation against the government involving the 
intelligence budget in which they said the intelligence budget 
itself is a method.
    I wouldn't draw on that case as an example of extreme 
points of view, but they have also said that the process of 
briefing the President, the fact that the CIA briefs the 
President on intelligence matters is a method. Well, frankly, 
it is the one method that we all know exists. Former DCI Tenet 
talked about it extensively in his recent book. The current 
Secretary of Defense talked about it in his book. President 
Clinton has talked about it extensively. It is no secret, and 
yet it is a protective method from the perspective of the CIA.
    So there is some extremism there and something that I 
think, given that it is in the National Security Act, is 
something that Congress could consider looking at.
    Chairwoman Eshoo. Thank you very much.
    Mr. Issa.
    Mr. Issa. Well, I think the secret is you can sell books if 
you keep it a secret, and it seems like it is a bipartisan 
thing to do.
    A couple of questions, and I don't expect full answers 
today, but I think this is going to go beyond this, and I 
appreciate your responses as you reflect on this.
    You said baby steps and--you didn't say baby steps. I took 
that word out of it. Yours was redacted.
    Mr. Holt. Incremental changes.
    Mr. Issa. Yes. Baby steps is what it changes to. And I 
think you are right.
    I think the history of great bills that didn't happen or 
even medium-sized bills that never got implemented tells us we 
need to find progress in a relatively short period of time, 
less than one Presidential term at a minimum.
    And so would you support, and this is for each of you, a 
significant change in the bias of classification, meaning 
sunsetting of initial classifications, so that any 
classification would, by definition, have to be reclassified, 
or it would drop a level--these are levels above Top Secret--so 
that you would never have a 25-year unless it was looked at 
repeatedly? Basic conceptual change that--and we are not going 
to discuss every level and how many years it would be 
authorized, and who would authorize, and what level it would 
take above this initial classifier to essentially reassess it, 
but the basic concept that just throwing ``Top Secret Codeword 
blank'' does not make it go away for 25 years because nobody 
knows about it.
    And then at a certain level, well below the levels I have 
described, do you believe that we should implement and fund a 
national security database that, by definition, is where 
materials below a certain level within the community would have 
to be made available, including--and I think the current that 
is most important today and what I learned today--those 
portions of communications which, in this tier-sheet-type 
environment, are, in fact, at that level? So, you know, at 
least portions of--at least the fact that we met on a Monday 
morning at 8 o'clock would be there even if it couldn't say 
that we met with the DNI.
    Those are the three questions. I will take briefly any 
answers or thoughts that you have and the rest for the record, 
and I would appreciate it.
    [The information follows:]

                      Response of Steven Aftergood

    Rep. Issa's suggestions for a change in the bias of classification, 
including an automatic sunsetting of initial classifications after a 
set period of time, and for establishing a national security database 
to encourage sharing of classified information merit careful 
consideration.
    But I suspect that these proposals are too abstract and 
incompletely defined to be implemented as described.
    President Nixon's Executive Order 11652 included an automatic 
classification downgrading schedule that resembles Rep. Issa's concept. 
But it did not achieve its intended purpose. (President Clinton's EO 
12958, as amended, has been somewhat more successful with its automatic 
declassification provisions.)
    As for the national security database proposal, various interagency 
databases involving classified information have reportedly failed to 
fulfill their potential, because agencies have declined to fully 
participate in sharing their information.
    So something more or different is required.
    Rep. Issa's suggestions might indeed prove fruitful if they were 
applied within a relatively discrete and homogeneous set of records--
say, certain types of intelligence analyses--rather than being applied 
to the universe of all classified records.
    As I tried to indicate in my testimony, I believe ``experiments'' 
in classification and declassification policy should be encouraged at 
the pilot project level. Proposals like Rep. Issa's and others would be 
worth testing in practice to discover what works.

                         Response of Ms. Fuchs

    Thank you for the opportunity to respond to the open questions. In 
my view the implementation of automatic declassification for 25 year 
old records still has the potential to transform the system by pushing 
aside secrecy fetishes that have been permitted to exist for decades. 
As the community learns that historic material can be released without 
harm, there may be a greater willingness to share current information 
within the intelligence/law enforcement/homeland security communities. 
Having said that, automatic declassification has not resulted in the 
disclosure of much information because all the records still have to be 
reviewed for other sensitivities, such as privacy, and because many 
agencies have been able to obtain file series exemptions from automatic 
declassification.
    Although I think it would be helpful to have a system that involves 
regular review to determine whether classification status should be 
maintained or dropped, as Mr. Issa suggests, it may be impractical. 
Thus, the fall back of having initial classification decisions be 
limited in their duration is important. In addition, having a system of 
downgrading classification levels is useful. It is also critical to 
prevent initial overclassification. Thus, requirements that records be 
created in unclassified format or with unclassified versions would 
alter the mindset that Mr. Issa referred to--the one that looks as 
classification as a locked closet where secrets will disappear forever. 
It would force agencies to explain their policies, practices and 
activities in a way that could be shared and debated. It would also 
make it possible for the agencies to share information with their 
State, local, tribal and private sector colleagues unencumbered by 
concerns about secrecy. If such unclassified records were required and 
created in every instance, then the national security database 
suggested by Mr. Issa could serve a useful purpose. Without a 
requirement that records be created in unclassified form, however, such 
a database could be ineffective and misleading.

                     Response of J. William Leonard

    While the goal of such a recommendation is commendable, on a 
practical basis it would be difficult to implement. In an information 
sharing environment, we want to encourage the appropriate sharing of 
classified information. However, in the current environment, the 
originator of the information will never know all the places where the 
original information eventually ends up. Thus, it would be exceedingly 
difficult and resource intensive to notify holders of the information 
as to the results of these periodic reviews of the appropriateness of 
continued classification. The vast majority of classified information 
can be declassified well before 25 years and this reflects the actions 
of agencies as well. For example, in FY 2006 agencies made 231,996 
original classification decisions of which nearly 61 percent were 
assigned a duration of ten years or less. However, I believe that too 
much information is exempted from declassification after 25 years and 
that a solution is to carve out a more narrow exception than what is 
currently in effect as to what information can be kept classified 
beyond 25 years. I do think we should establish a national security 
database and I believe such a goal is an integral part of the 
President's direction to establish an information sharing environment 
which links people, systems, databases, and information of Federal, 
State, local, and tribal entities and the private sector to facilitate 
terrorism information sharing, access, and collaboration. Once such a 
system is established, it potentially could alleviate the impediments 
to implementing the recommendation for a relatively short sun set date 
for classification decisions.

    Mr. Leonard. I think the thing on duration is that is 
something that is long needed, but it is also the hardest nut 
to crack.
    My personal perspective, I think we have a much more 
simplified scheme. There is the core things we have to protect 
for a long period of time: identity of human sources, 
cryptography, those sorts of things. But I think we could come 
up with a very narrow universe, put those aside, and then come 
up with a greatly simplified scheme than what we have now, 
which, quite frankly, I think ultimately is very--is very 
difficult to administer.
    Mr. Aftergood. It is a pity that the ODNI representative is 
not here, because these are good questions to air with----
    Mr. Issa. They won't go into it either when he is finally 
there.
    Mr. Aftergood. You know, I think there are some rudimentary 
equivalents of the kind of database you are describing whether 
it is Intelink or some other version of it.
    Mr. Issa. The good news of it is we have lots of them; the 
bad news is we don't have one.
    Mr. Aftergood. Well, I think some investigation is required 
to understand the dynamics behind that, why did it unfold the 
way it did, why are people not putting much of their 
information in it and so on.
    So I think the question is a good one to ask. I think it 
needs to be fleshed out with some more research into why the 
system behaves the way that it does. I don't personally know 
the answer.
    Ms. Fuchs. One thing I might suggest in considering those 
types of suggestions is also speaking with Ambassador 
MacNamara, who is the program manager of the information-
sharing environment which is housed at the ODNI, because he 
is--one of the things that he is looking at is how to deal with 
unclassified information that should be shared, but is also 
getting caught up in similar things, similar types of problems. 
So I just wanted to add that as a suggestion because they have 
some very useful ideas.
    And I just wanted to respond on the duration of 
classification. I mean, I think that our perspective is that 
automatic declassification, which was in Executive Order 12958 
and was retained what it was amended, set a very important 
standard and forced agencies to confront the issue of old 
information. And so I think that limiting the duration of 
classification is an important standard.
    My understanding is that it is sometimes confusing when 
there is multiple time periods, and so it may be, I think as 
Mr. Leonard suggested, that some work needs to be done to 
figure out how to do that effectively. But it is a very, very 
effective and useful tool.
    Mr. Issa. My time has expired, but I was speaking to the 
fact that, for example, Presidential classifications don't 
expire even when a President does; that we have, in fact, deep 
dark secrets for very long period of time without needing a new 
signature, a new initial. And I, for one, assume that the--and 
I will just give you a little life briefing from my background. 
I found that if you didn't open up the HR manual in your 
company and you didn't make chief executives initial it once a 
year, they didn't know what was in it, and ultimately they 
didn't make the changes that needed to be made.
    And so that is the reason that I personally will be 
supportive of any effort we can have to get well below 25 
years, and that the higher a classification, the more often 
there needs to be an affirmative act to say this needs to be 
kept as a secret not just from the public, which I realize is 
part of today's hearing, but from the interagency process, 
which is what will protect us from the next 9/11 if we have it 
and will cause another fiasco if we don't.
    Thank you, Madam Chair.
    Chairwoman Eshoo. Thank you for your excellent questions 
and your observations. This is what makes a hearing one of the 
most important tools for Members of Congress.
    I would like to ask Ms. Fuchs a question if I might--and 
then I am going to go to Mr. Holt, and then I think we are 
going to wrap up because we have been at this for almost an 
hour and a half, and it has been a very, very worthwhile 
hearing, and you have made it so. In your written testimony, 
Ms. Fuchs, you talked about the fact that the law requires 
release. And something that jumps out is that under FOIA, the 
agencies are supposed to respond to a request for documents 
within 20 business days, and yet it took FOIA delays of up to 
20 years to actually bring out the information.
    What is it in the system that allows information that 
should move and be available in 20 days take 20 years?
    Ms. Fuchs. Well, there is a lot of excuses that the agency 
has for why it takes time. Certainly some of it is resources, 
and certainly it is not a priority to respond. The agencies----
    Chairwoman Eshoo. Most people in the country think the 
government has adequate resources, don't you think?
    Ms. Fuchs. Well, the agencies that take the longest time do 
tend to be the agencies that have the most sensitive 
information, but that is not always so. Some agencies disregard 
their information and never respond to the requests. They 
destroyed them indeed before responding to them.
    We have had several letters from the Treasury Department 
asking us if we could resend FOIA requests that are a decade 
old because they destroyed them and never responded to them. So 
some of it is disregard for the public.
    But I think that--there is actually a bill pending right 
now in Congress, it has passed in the House and it is pending 
in the Congress, that tries to make an effort to put more 
pressure on agencies to respond, because the only thing that 
the public can do is to go to court and sue.
    Chairwoman Eshoo. Do you think it is an effective piece of 
legislation to effect the outcome that you described in your 
written testimony?
    Ms. Fuchs. I think the legislation is designed to have more 
accountability about the delay, and, in fact, by exposing the 
delay, that is part of the reason the CIA released this. We 
actually got a call from the CIA before it was released and 
they said, you know what? All of the publicity you made about 
our delays and our backlogs has really gotten us to look at 
them, and they told us they reduced their backlog of 120 old 
cases down to 60, this being one of the cases. I think exposure 
of the problem has been very significant.
    Chairwoman Eshoo. I think the exposure on both kind of 
bookends in this.
    And I started out by highlighting that because the key 
agencies in our government did not share information. We know 
what the upshot of that was. And then the other bookend that we 
have just talked about. I think for the average person in the 
country, when they heard the word ``declassified,'' it means 
let us just spill our secrets. It is much broader than that. It 
is much broader than that. And that is really not what this 
hearing is about.
    But I restate it because I think that the naive citizen 
side of me moves to that sensibility when I hear the word 
``declassified.'' And its action, as I said, it is far broader. 
I think it is really important to examine.
    I think you have been outstanding witnesses.
    Let me ask Mr. Holt if he has more questions.
    Mr. Holt. I do.
    Just to follow on Ms. Eshoo's comments about freedom of 
information. The classification for official use only seems to 
be used on occasion to shield things from freedom of 
information release. Do you think, in fact, it has been used 
that way? Is that an appropriate use of that classification?
    Ms. Fuchs. I guess I would say that I do believe that it 
has been used that way, and it is an inappropriate use of that 
classification. I mean, ``for official use only'' is something 
that agencies put on their records as a matter of managing 
their records within the agency. And I think it is perfectly 
acceptable for them to come up with ways to decide how to 
disseminate the records in the agency. But when it comes to a 
FOIA request, they have to look at the contents, not the label, 
and decide whether or not it should be disclosed to the public.
    Mr. Holt. Regardless of whether it is for official use only 
or----
    Ms. Fuchs. Almost every record they are creating is for 
official use. It is for the agency's business. When they create 
things for public use, they put them on their Web site and 
inform the public and help the public. But the fact it is for 
official use only is meaningless when it comes to the FOIA.
    Mr. Holt. Earlier you mentioned the Atomic Energy Act.
    How well do you think that classification system has 
worked? What do you think of the idea of Born Secret as a 
category, and doesn't that lead to some kind of curious 
retroactive classifications that are, it seems to me, sometimes 
nonsensical? And you can explain maybe what you mean by 
retroactive classifications.
    Mr. Aftergood. Well, the answer to the question really 
depends on how broad a framework you want to put it in. The 
purpose of the atomic energy classification system is 
essentially to minimize nuclear weapons proliferation. Arguably 
it has done a fair to middling job of achieving that goal, you 
know, over the past 60-plus years. It has not been perfect. And 
in any event, much of the knowledge which it was designed to 
protect has been independently generated or replicated outside 
of the confines of the restricted data system.
    How well has it worked? You know, there have been different 
eras where it has been horribly abused. A decade ago we had a 
big revelation of human radiation experiments conducted under a 
cloak of atomic energy secrecy. There have been enormous 
backlogs. There still are many hundreds of millions of pages of 
restricted-data documents awaiting processing.
    You know, I would say it suffers from many of the same 
pathologies that the regular classification system does, and it 
requires much of the same oversight that the regular 
classification system does and hasn't really gotten it.
    Mr. Holt. Any comments about the kind of Born Secret or 
retroactive classification?
    Mr. Aftergood. The term ``Born Secret'' does not literally 
appear in the Atomic Energy Act, but it refers to the idea that 
any information generated, wherever it may be, that is within 
the confines of the Atomic Energy Act is controlled by it.
    Mr. Holt. The reason I am asking that is to find out 
whether that concept should apply to sources and methods in the 
Intelligence Community.
    Mr. Aftergood. No. I think it is a dangerous concept that 
can be easily abused, and it is not a good model.
    Mr. Holt. Either of you? Any comments on this?
    Mr. Leonard. I am--I am a long advocate that classification 
should be an act of discretion and represent informed judgment. 
So----
    Mr. Holt. Now, what about declassification? Should that be 
automatic? Is a 25-year period appropriate? I mean, if the 
actual declassification should be discretionary, should there 
be automatic declassification?
    Mr. Leonard. Yes. Again, taking off the table which--again, 
the human source identity, cryptography, those types of things. 
The vast amount of information is time-sensitive, and the 
sensitivity of it is entitled to the passage of time.
    Mr. Holt. And should that time period be discretionary, or 
should we have a flat decade, two decades?
    Mr. Leonard. The current Executive Order isn't 
discretionary because it says information will be declassified 
as soon as it no longer meets the standard of declassification 
irrespective of whether it is 25 years old or 2 years old. So 
the pull there and the challenge is to how to find a way to 
make it effective.
    Mr. Holt. Under Executive Order 12958, it is required that 
the executive branch keep data, make data available about what 
is classified and how it is kept and that sort of thing. There 
have been revisions of this over the years, or at least one 
revision I know of, and I think there is another revision under 
consideration.
    What is the purpose of that, do you think, or what is--what 
should be the purpose of that recordkeeping and disclosure to 
the appropriate agency then to----
    Mr. Leonard. From my perspective, Congressman, it boils 
down to this: The purpose of the framework is to protect the 
substance of the information. And clearly the substance of the 
information is what we need to keep secret.
    The way that system works, though, is that traditionally 
the process that we use to keep it secret has been transparent. 
We openly publish the rules that we follow. We openly publish 
the number of times that that process is invoked. We openly 
publish the number of individuals who are assigned the 
authority to invoke that.
    When you start taking that process and putting that process 
behind a cloak of secrecy, I really believe we are starting 
to--it is very unfortunate, because what makes this system work 
is not the safe, it is not the alarms, it is not the markings 
on documents. What makes it work is the faith and confidence of 
the cleared community that is dependent to make it work day in 
and day out. And what makes it work is the faith and confidence 
of the American people that the government makes the decisions 
and applies this process that is being done uniformly, 
consistent and in accordance with standards.
    And if we evolve to a system where the process becomes 
secret in and of itself, I think that will degrade that 
confidence and degrade both the cleared communities and the 
American people's confidence and the integrity of the process.
    Mr. Holt. Now, the disclosure of the information of the 
processes and about how classified information is kept and so 
forth, the disclosure of the national archives and records, to 
whom should that apply?
    I know there is a dispute right now, you know, to whom the 
Executive Order actually does apply, and the Vice President is 
saying, it does not apply to me. But so we can talk about how 
this is actually written and how it has applied. But in order 
to accomplish what we are trying to accomplish, what you think 
that it should accomplish, to whom should it apply? Everyone?
    Mr. Leonard. I think--I think from the perspective of 
maintaining the integrity and the effectiveness of the system, 
yes, it has to apply to everyone, because quite frankly, when 
it applies to some and not to others, it degrades the overall 
integrity, and people start to wonder, well, you know, why does 
it apply to me but not somewhere else?
    Mr. Aftergood. I think the problem is actually even worse 
than you are suggesting. From my point of view----
    Mr. Holt. I am trying to be diplomatic.
    Mr. Aftergood. I think it is fine if the Executive Order 
says that the Vice President must report his classification 
activity to Mr. Leonard, as Mr. Leonard believes that it does. 
I think it would also be fine if the President were to design 
an order of, I don't want this reporting requirement to apply 
to the Office of the Vice President and amended the order 
accordingly.
    What is not fine, however, is for the Vice President to 
simply set aside the literal, the plain-text reading of the 
Executive Order and to defy it.
    What is also not fine is for the Attorney General, who is 
required by the Executive Order to adjudicate disputes over the 
interpretation of the Executive Order, to abstain and to be 
silent.
    Mr. Holt. So you don't think there is ambiguity that needs 
to be resolved legislatively? You think it is unambiguous?
    Mr. Aftergood. Mr. Leonard thinks it is unambiguous, and he 
is the official who is designated by the President to implement 
and oversee the Executive Order. He could be wrong. The 
Attorney General could say he is wrong. But we have got a 
situation where the Executive Order is, in effect, being 
ignored, and that is dangerous because it undermines the 
integrity of the whole system.
    I think, you know, if the President were to amend the 
Executive Order and say the Vice President is not subject--or 
if the Attorney General were to say, I have determined that the 
Vice President is not subject, then the integrity of the system 
would be preserved. Right now it is in danger of being just 
undermined.
    Mr. Leonard. I think it is important, this point is 
important, at least with respect to any issues my office may 
have raised. I have never raised any issues with the issue of 
the Vice President, the issues that have been raised.
    Chairwoman Eshoo. Isn't that issue the other way around?
    Mr. Leonard. The issue has been with respect to the Office 
of the Vice President, the public servants just like me who----
    Mr. Holt. I was using shorthand.
    Mr. Leonard. But I think it is an important distinction 
because there is--you know, for example, the President has a 
National Security Adviser and a National Security Council staff 
who advises him on national security matters, and that activity 
has routinely been transparent in its reports and what have 
you.
    And the OVP does an analogue to that. There is a National 
Security Adviser and people who work along those lines as well, 
too. So that is one of the challenges of that, in my own mind, 
is trying to square the two in terms of understanding how they 
differ.
    Mr. Holt. And the National Security Adviser apparatus in 
the President's office has been transparent in previous 
administrations also.
    Mr. Leonard. In previous administrations also.
    Mr. Holt. And the Vice President's analogue has been 
transparent in previous administrations.
    Mr. Leonard. And up until 2002 in this administration.
    Ms. Fuchs. I just wanted to add, speaking as a citizen, I 
mean, Mr. Aftergood said he thought it would be fine for the 
President to exclude some offices from these requirements of 
the Executive Order, but, frankly, I have always understood the 
Information Security Oversight Office in part trying to make 
sure that real secrets are properly protected. And so to me, as 
a policy matter, it seems like it makes a lot more sense to 
make everyone report and require everyone to be subject to 
inquiry as to whether they are, in fact, protecting secrets 
properly.
    I am of an advocacy group that wants to know what the 
government is doing, but we don't want the real secrets to get 
out either. We want proper protection for things that should be 
secure and open with respect to things that are not sensitive.
    Mr. Holt. That is a good note for me to end my questioning.
    I want to thank you all for some good insights, some things 
I think we can work with, and I thank the Chair for organizing 
this.
    Chairwoman Eshoo. Thank you, Mr. Holt, who is always 
thoughtful in his questions and drills down, and then the 
experts respond in kind.
    So I want to thank each one of you. I think this has been a 
highly worthwhile hearing. I have learned a great deal myself, 
and I think that, as Mr. Aftergood said, there are clustered--
there is a cluster of problems, but there is an overlap in 
terms of the solutions. And I quote that because I think that 
is--that you have given us excellent proposals for us to 
address the different concerns that have been raised during the 
hearing.
    The issue of beginning with an NIE at the NIE Council, the 
role of the IGs inside the respective agencies. I am a bit more 
confused now about the Executive Order relative to the 
executive branch and how the Office of the Vice President has 
somehow separated themselves from this Executive Order. I am 
not quite sure who is--how that is reviewed or addressed, but 
maybe we can leave that to another day.
    Mr. Holt. And, Madam Chair, let me just say, on that 
subject, I certainly don't agree with the Vice President, 
Director Leonard. that your agency should be abolished.
    Chairwoman Eshoo. Ditto. Very good.
    Mr. Holt. Thank you, Madam Chair. That is for the record.
    Chairwoman Eshoo. So you have been most helpful to us. I 
hope that we can come back and extract more ideas and 
information from you either in the hearing setting or our staff 
working with you, and as I use the word ``staff,'' I would like 
to acknowledge the important role, key roles, that they play 
really. Without them we could not do the kind of work, quality 
of work that we hope to produce for the American people both 
for the Minority side and the Majority side. We are all in this 
together.
    So with that, this hearing is adjourned.
    [Whereupon, at 2:40 p.m., the subcommittee was adjourned.]

                                  
