[House Hearing, 114 Congress]
[From the U.S. Government Publishing Office]
EXAMINING THE COSTS OF OVERCLASSIFICATION ON TRANSPARENCY AND SECURITY
=======================================================================
HEARING
BEFORE THE
COMMITTEE ON OVERSIGHT
AND GOVERNMENT REFORM
HOUSE OF REPRESENTATIVES
ONE HUNDRED FOURTEENTH CONGRESS
SECOND SESSION
__________
DECEMBER 7, 2016
__________
Serial No. 114-174
__________
Printed for the use of the Committee on Oversight and Government Reform
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Available via the World Wide Web: http://www.fdsys.gov
http://www.house.gov/reform
______
U.S. GOVERNMENT PUBLISHING OFFICE
26-177 PDF WASHINGTON : 2017
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Publishing
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800;
DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC,
Washington, DC 20402-0001
COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM
JASON CHAFFETZ, Utah, Chairman
JOHN L. MICA, Florida ELIJAH E. CUMMINGS, Maryland,
MICHAEL R. TURNER, Ohio Ranking Minority Member
JOHN J. DUNCAN, Jr., Tennessee CAROLYN B. MALONEY, New York
JIM JORDAN, Ohio ELEANOR HOLMES NORTON, District of
TIM WALBERG, Michigan Columbia
JUSTIN AMASH, Michigan WM. LACY CLAY, Missouri
PAUL A. GOSAR, Arizona STEPHEN F. LYNCH, Massachusetts
SCOTT DesJARLAIS, Tennessee JIM COOPER, Tennessee
TREY GOWDY, South Carolina GERALD E. CONNOLLY, Virginia
BLAKE FARENTHOLD, Texas TAMMY DUCKWORTH, Illinois
CYNTHIA M. LUMMIS, Wyoming ROBIN L. KELLY, Illinois
THOMAS MASSIE, Kentucky BRENDA L. LAWRENCE, Michigan
MARK MEADOWS, North Carolina TED LIEU, California
RON DeSANTIS, Florida BONNIE WATSON COLEMAN, New Jersey
MICK MULVANEY, South Carolina STACEY E. PLASKETT, Virgin Islands
KEN BUCK, Colorado MARK DeSAULNIER, California
MARK WALKER, North Carolina BRENDAN F. BOYLE, Pennsylvania
ROD BLUM, Iowa PETER WELCH, Vermont
JODY B. HICE, Georgia MICHELLE LUJAN GRISHAM, New Mexico
STEVE RUSSELL, Oklahoma
EARL L. ``BUDDY'' CARTER, Georgia
GLENN GROTHMAN, Wisconsin
WILL HURD, Texas
GARY J. PALMER, Alabama
Jennifer Hemingway, Staff Director
Andrew Dockham, General Counsel
Kathy Rother, Senior Counsel
Sharon Casey, Deputy Chief Clerk
David Rapallo, Minority Staff Director
C O N T E N T S
----------
Page
Hearing held on December 7, 2016................................. 1
WITNESSES
Mr. J. William Leonard, Former Director, Information Security
Oversight Office
Oral Statement............................................... 5
Written Statement............................................ 8
Mr. Steven Aftergood, Director, Project on Government Secrecy,
Federation of American Scientists
Oral Statement............................................... 47
Written Statement............................................ 49
Mr. Tom Blanton, Director, National Security Archive, The George
Washington University
Oral Statement............................................... 57
Written Statement............................................ 59
Mr. Scott Amey, General Counsel, Project on Government Oversight
Oral Statement............................................... 69
Written Statement............................................ 71
APPENDIX
2015 Report to the President ISOO-National Archives submitted by
Mr. Chaffetz can be found here: https://www.archives.gov/files/
isoo/reports/2015-annual-report.pdf
EXAMINING THE COSTS OF OVERCLASSIFICATION ON TRANSPARENCY AND SECURITY
----------
Wednesday, December 7, 2016
House of Representatives,
Committee on Oversight and Government Reform,
Washington, D.C.
The committee met, pursuant to call, at 9:00 a.m., in Room
2154, Rayburn House Office Building, Hon. Jason Chaffetz
[chairman of the committee] presiding.
Present: Representatives Chaffetz, Mica, Duncan, Jordan,
Walberg, Amash, Farenthold, Massie, Meadows, DeSantis,
Mulvaney, Buck, Walker, Hice, Russell, Carter, Grothman, Hurd,
Palmer, Cummings, Maloney, Clay, Lynch, Connolly, Kelly,
Lawrence, Watson Coleman, Plaskett, DeSaulnier, Welch, and
Lujan Grisham.
Chairman Chaffetz. Good morning. The Committee on Oversight
and Government Reform will come to order.
And, without objection, the chair is authorized to declare
a recess at any time.
We have an important hearing this morning: ``Examining the
Costs of Overclassification on Transparency and Security.''
Sunlight is said to be the best disinfectant, and without
knowing what our government is doing, we can't ensure it is
operating efficiently and effectively. It is also important to
remember that the American people pay for the Federal
Government. The Federal Government works for the American
people. It is not the other way around, and so it is, you would
think, logical to make sure that we are as open and transparent
and accessible as possible, but this is always a running
battle. We always have to find the proper balance between
safety and security and openness and transparency, but we can't
give up all of our liberties in the name of security. And so we
have this hearing today with four experts, people who have
poured their time, effort, talent, their careers really, into
this topic. There is a wealth of information that they are
going to share with us, and that is what we are excited to hear
about today.
Without knowing what our government is doing, we can't
ensure it is operating efficiently and effectively, as I said.
Transparency is the basis ultimately for accountability. At the
same time, transparency into certain government activities can
create an opportunity for those who wish to do us harm, and so
Congress gives some agencies the authority to withhold certain
information from public disclosure. This authority to classify
information and create secrets is needed to protect our
national security. I don't think anybody doubts that there
should be a degree of this. The question is what degree of
this. But when you give the authority to classify certain
information, Congress has a role to play in making sure that
authority is being properly excercised.
Overclassification of information has become a concern.
Estimates range from 50 to 90 percent of classified material is
not properly labeled. In the 1990s, Congress established the
Commission on Protecting and Reducing Government Secrecy to
study those issues and develop recommendations. In 1997, the
Commission issued a final report, including 16 recommendations.
Three of those recommendations were implemented. Seven were
partially implemented, and six remain open today. The Chairman
of the Commission, the late Senator Patrick Moynihan, wrote,
and I quote: ``If the present report is to serve any large
purpose, it is to introduce the public to the thought that
secrecy is a mode of regulation. In truth, it is the ultimate
mode for the citizen does not even know that he or she is being
regulated,'' end quote.
Patrick Moynihan, hats off to him and his leadership in
understanding and really helping to champion this effort to
move forward and really examine the degree of which secrecy is
needed in our Nation.
Here we don't even know what can hurt us. As the tendency
to overclassify information goes, so does the lack of
accountability to both Congress and the American taxpayer. The
Commission also warned about the dangers of restricting
information from those who actually do need it. Looking back,
that point seems almost prophetic in light of the events that
would unfold on September 11, 2001.
After conducting an exhaustive study of the attacks, the 9/
11 Commission issued its own report that found we need to move
forward from a system of need-to-know to a culture of need-to-
share. What we have learned is that overclassification can also
be damaging to national security, or at a minimum, it can lead
to second guessing what might have been if we were only able to
get the information in the right hands at the right time.
According to a report by the Information Security Oversight
Office at the National Archives, in the last 10 years, the
Federal Government has spent more than $100 billion on security
classification activities. In fact, I would ask unanimous
consent to enter that report into the record.
Without objection, so ordered.
Chairman Chaffetz. Last year alone, classification is
estimated to have cost $16 billion. It is unclear what exactly
the taxpayers got in return for this expense. There was
presumably some level of greater security as a result of
restricting access to certain information. Again, no doubt that
there needs to be classification that needs to be implicated,
but at what level? This leads us to a number of basic
questions. Does the billions of dollars spent to classify make
us safer? How much money did we spend on security clearances
for folks who probably didn't need them in the first place?
Earlier this week, the Washington Post reported the
Department of Defense found $125 billion in savings over 5
years by simply streamlining bureaucracy--$125 billion. To give
you an idea, the entire State of Utah, everything we do in
Utah--it is a smaller State, granted--but everything we do,
from education to the National Guard to roads and paying
teachers, is about $14 billion. And here at the Department of
Defense, 5 years' savings, $125 billion, by simply streamlining
bureaucracy.
The Department of Defense was sufficiently embarrassed by
this, as they should be, and decided to bury the study, but
trust me: we are going to look into this. According to the
article, quote, ``The Pentagon imposed secrecy restrictions on
the data, which ensured that no one could replicate the
findings,'' end quote. Not what we should be doing as a Nation.
It is a prime example of why we are holding this hearing today.
And when agencies have a tool to keep information from the
public, Congress must ensure those tools aren't used for
nefarious reasons.
I look forward to discussing those issues with the
witnesses today. I thank the panel of experts for coming before
the committee to help us better understand some of the
complexities of the government secrecy. I think you will find
that Congress, in particular this committee, has a keen
interest on this. The committee has been has been a leader and
a champion of the Freedom of Information Act, one of the tools
that is important for the American public to understand what
their government--their government is supposed to be working
for them--is actually doing. So I look forward to this
discussion.
Somebody I know who holds an equal passion for this is my
colleague, Elijah Cummings, the ranking member, from Maryland,
and I would like to recognize him for his opening statement.
Mr. Cummings. Thank you very much, Mr. Chairman.
Thank you very much for holding this hearing. Government
transparency is a bipartisan issue. Over multiple sessions of
Congress, our committee has made significant progress in making
the Federal Government more open and accountable. We do this
best when we work together.
During this Congress, we worked together to strengthen the
Freedom of Information Act, and those amendments were signed
into law by President Obama in June. Just this past Monday, we
sent another bill to the White House to strengthen protections
for employees working for contractors and grantees who blow the
whistle on waste, fraud, and abuse.
We now have the opportunity to work together to address the
flaws in our classification system. Over the past several
years, our committee has conducted multiple investigations,
including our review of Secretary Clinton's emails, that
exposed serious flaws in our classification system. We have
seen agencies disagree with each other on whether an email was
classified. We have seen information that began unclassified
later being retroactively classified. We have seen documents
that were not properly marked as classified. And we have seen
documents that were classified after they had already been
publicly released. And, first and foremost, I believe that we
in Congress should exercise our authority to improve the
classification system and make government information more
transparent. We can conduct oversight, such as these hearings,
and we can investigate specific allegations of security
breaches and unwarranted government secrecy. Congress can also
legislate them. We can pass reforms that actually address the
problems we will hear about today.
Twenty years ago, the Moynihan Commission provided a
roadmap to improving the classification system. But too little
has been done since that report was issued. For example, the
Commission recommended that Congress enact a statute
establishing the principles of classification, but Congress
still has not taken that step. The fundamental purpose
underlying all of our efforts today is to provide the American
people with more information, especially when it impacts our
national security. Our operating premise is that a better
informed electorate leads to a better-functioning government on
behalf of all of the American people.
Mr. Chairman, I thank you for calling today's critical
hearing, but there is another national security area that I
believe the American people should have much more information
about from their government.
On November 17, 2016, I wrote a letter to the chairman
requesting that our committee conduct a bipartisan
investigation into Russia's role into interfering with and
influencing the 2016 Presidential election. I specifically
requested that we receive a classified briefing from the
intelligence community. Today, nearly 3 weeks have now gone by.
I have received no response, and the committee has taken no
action.
Now, Mr. Chairman, I know you have said that you do not
want to do any oversight relating to President-elect Donald
Trump until he is sworn into office, and I can understand that.
But these attacks on our country have already happened. It
already happened. This is not something of a future threat.
This has already been done. And unless we act, it may very well
happen again. For these reasons, yesterday, I joined Democratic
whip, Steny Hoyer, and ranking members of the Committees on
Armed Services, Homeland Security, Intelligence, Judiciary, and
Foreign Affairs, and we did ourselves what this committee did
not. We sent a letter to the President requesting that all
Members, that all of us, all Members of Congress, Democrats and
Republicans, be provided the opportunity to receive a
classified briefing by the intelligence community with the most
up-to-date information on this issue.
This is not a partisan issue, and it should not be.
Republican Senator Lindsey Graham has called for this type of
investigation in the Senate, essentially saying that
Republicans should not sit on the sidelines and let allegations
about foreign governments interfering in our election go
unanswered just because it may have been beneficial to them in
this instance. Republican Senator Marco Rubio put it even more
bluntly saying, quote: ``Today, it is the Democrats. Tomorrow,
it could be us,'' end of quote.
The bottom line is that this is not a Democratic issue, and
it is not a Republican issue. This is an American issue.
Elections are a core American value and are central to our
democracy, and any foreign interference with our elections
should be of the greatest concern to every single Member of
this Congress. The American people deserve as much information
as possible about these threats and the actions their
government is taking to address them. As I say to my
constituents over and over again in the last election and
during these times, this is bigger than Hillary Clinton. This
is bigger than Donald Trump. This is about a struggle for the
soul of our democracy, and so it is our job to ensure that we
get this kind of information since it is our duty to make sure
that our democracy stands strong and that our children's
children can have a democracy just as strong as the one that we
have experienced.
And, with that, I yield back.
Chairman Chaffetz. I thank the gentleman.
We will hold the record open for 5 legislative days for any
members who would like to submit a written statement.
I will now recognize our panel of witnesses. I am pleased
to welcome Mr. J. William Leonard, former Director of the
Information Security Oversight Office; Mr. Steven Aftergood,
director of the Project on Government Secrecy at the Federation
of American Scientists; Mr. Tom Blanton, director of the
National Security Archive at the George Washington University;
and Mr. Scott--is it Amey?
Mr. Amey. Yes, sir.
Chairman Chaffetz. I just want to make sure I pronounce
that properly. Mr. Scott Amey, general counsel for the Project
on Government Oversight.
We welcome you and thank you for being here.
Pursuant to committee rules, all witnesses are to be sworn
in before they testify. If you will please rise and raise your
right hand.
Do you solemnly swear or affirm that the testimony you are
about to give will be the truth, the whole truth, and nothing
but the truth?
Thank you. You may be seated.
Let the record reflect that all witnesses answered in the
affirmative. In order to allow time for discussion, we would
appreciate your limiting your verbal comments to no greater
than 5 minutes so members can have ample time to ask questions.
Your entire written statement and extraneous materials will be
entered into the record.
Mr. Leonard, you are now recognized for 5 minutes. And the
microphones in this committee, you have got to straighten them
up and put them right up uncomfortably close. Thank you.
WITNESS STATEMENTS
STATEMENT OF J. WILLIAM LEONARD
Mr. Leonard. Thank you, Mr. Chairman, Mr. Cummings, members
of the committee. I appreciate the opportunity to attend this
meeting this morning. The ability and authority to classify
national security information is a critical tool of the Federal
Government and its leaders to protect our Nation and its
citizens. However, when negligently or recklessly applied,
overclassification of information can undermine the very
integrity of the classification system and also create needless
impediments to transparency that can undermine our form of
government and its constitutional system of checks and
balances.
I have come to the conclusion that, on its own, the
executive branch is both incapable and unwilling to achieve
true reform in this area. Incapable in that, absent external
pressure from either the legislative or judiciary branches of
our government, true reform within the executive branch when
the matter involves the equities of multiple agencies can only
be achieved with the direct leadership emanating from the White
House.
Over the past 40 years, we have seen only one White House-
led attempt at classification reform, and that was in the
1990s. Bureaucracy's response to those attempts at reform were
typical--delay and foot drag--because agency officials know
that, sooner or later, every administration eventually goes
away, providing opportunities for rollback.
With respect to the executive branch's unwillingness to
implement real classification reform, I believe it is
unreasonable to expect it to do so primarily since the
unconstrained ability to classify information is such an
attractive tool for any administration to facilitate
implementation of its national security agenda. In this regard,
especially in the years since 9/11, we have seen successive
administrations lay claim to new and novel authorities and to
often wrap these claims in classification. This can amount to
unchecked executive power. While the President must have the
ability to interpret and define the constitutional authority of
the office and at times to act unilaterally, the limits of the
President's authority to act unilaterally are defined by the
willingness and the ability of Congress and the courts to
constrain them.
Of course, before the Congress or the courts can constrain
Presidential claims to inherent unilateral powers, they must
first be aware of those claims. Yet a long recognized power of
the President is to classify and thus restrict the
dissemination of information in the interest of national
security, to include access by Congress or the courts. The
combination of these two powers, that is when the President
lays claim to inherent powers to act unilaterally but does so
in secret, can equate to the very open-ended noncircumscribed
executive authority that the Constitution's Framers sought to
avoid in constructing a system of checks and balances.
Thus, absent ongoing congressional oversight or judicial
review of executive assertions of classification, no one should
ever be surprised that the authority to class information is
routinely abused in matters both big and small.
I have attached to my formal statement specific examples of
classification abuse relating to three criminal cases in which
the prosecution ultimately did not prevail in large part due to
government overreach in its claims that certain information was
classified. In each of these cases, the government abused the
classification system and used it for other than its intended
purpose.
I believe that there are steps that Congress can take in
order to address this matter. The first deals with enforcing
accountability. Over the past several decades, a significant
number of individuals have rightly been held accountable for
improperly handling classified information. To my knowledge,
during the same period, no one has ever been held accountable
and subjected to sanctions for abusing the system and for
improperly classifying information, despite the fact that the
President's executive order governing this authority treats
unauthorized disclosures of classified information and
inappropriate classification of information as equal violations
of the order, subjecting perpetrators to comparable sanctions.
Absent real accountability, it is no surprise that
overclassification occurs with impunity.
A second area worthy of possible legislative attention is
that of providing a mechanism for routine, independent expert
review of agency classification decisions, especially as a tool
to be made available to the executive's two coequal branches of
government when exercising congressional oversight or judicial
action and to which they could come to their own independent
judgment as to the appropriateness of executive assertions of
classification. Traditionally, both Congress and the courts are
understandably deferential to such assertions. Nonetheless,
when applying the controls of classification, government
officials are obligated to follow the standards set forth by
the President and not exceed the governing orders,
prohibitions, and limitations.
Thus, it is not only possible but entirely appropriate to
conduct a standards-based review of classification decisions. I
have attached to my formal statement one potential methodology
for such reviews.
I applaud this committee for focusing on this critical
topic to our Nation's well-being, and I thank you for inviting
me here today, Mr. Chairman. I will be happy to answer any
questions you or other committee members might have.
[Prepared statement of Mr. Leonard follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Chairman Chaffetz. Thank you.
Now there is a model for ending right at the 5-minute mark.
Mr. Aftergood, I challenge you to come within 1 second of
that mark as well, but you are now recognized for 5 minutes.
STATEMENT OF STEVEN AFTERGOOD
Mr. Aftergood. Thank you, Mr. Chairman and Ranking Member
Cummings.
As you know and as you really expressed very well,
overclassification presents many kinds of problems. It makes
your oversight job more difficult. It incurs substantial
financial and operational costs, and it often leaves the public
in the dark about national security matters of urgent
importance that they should be aware of.
Why do we even have overclassification? I think there are
many reasons. For one thing, it is easier for officials to
restrict access to information without carefully weighing the
pros and cons of what should be disclosed. Overclassification
many times is simply the path of least resistance. Unchecked
classification can also serve the political interests of the
classifiers. It is a way to manage public perceptions, to
advance an agenda, to limit oversight, or simply to gain a form
of political advantage.
So what is the solution to overclassification? I don't
think there is a single solution. I discuss several partial
solutions in my written statement. Many of those solutions
depend on Congress to assert itself and to affirm its own
institutional interests. Congress is not a spectator, and it
should not be a victim when it comes to overclassification. It
is a coequal branch of government.
In the executive branch, there are lots of fine and
conscientious people who are involved in classification policy,
fortunately, but we should not have to rely on their integrity.
We rely instead on Congress to exercise checks and balances in
performing its routine oversight duties.
Finally, I would like to say that we are in a peculiar
moment in our history that makes this issue particularly
urgent. Everything I have just said about overclassification
could have been said 10 years ago or 20 years ago. This is a
stubborn and persistent problem, but there is something
different today. We are living in a period of unusual political
instability that I believe requires even greater transparency.
Almost every day, we see increased expressions of hostility
against religious and ethnic minorities. So-called fake news
has lately resulted in actual acts of violence here in
Washington, D.C., in the past week. And it seems that our
political institutions are under a subtle form of attack by
foreign actors, as the ranking member discussed. This is not a
normal situation, and it is not the way that things have always
been.
What complicates things further is that the incoming
administration, at least during the election cycle, has
indicated policy preferences that depart significantly from
existing law and policy in areas such as foreign policy,
questions of whether or not to engage in torture, questions
involving freedom of religion. In some cases, these raise basic
constitutional issues. So the bottom line is that we are
entering a turbulent time. Reducing overclassification and
increasing transparency will not solve our problems. But if we
fail to reduce overclassification, we are going to make those
problems worse and harder to solve. Thank you again for holding
this hearing and for the essential work of oversight that you
do. I would be glad to answer any questions you may have.
[Prepared statement of Mr. Aftergood follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Chairman Chaffetz. Thank you.
Mr. Blanton, you are now recognized for 5 minutes.
STATEMENT OF TOM BLANTON
Mr. Blanton. I am certainly not going to match those
timings. He did 5 minutes. He did 4 minutes. It was
outstanding.
Thank you, Mr. Chairman, and thank you, Ranking Member
Cummings, and thank you other distinguished members of this
committee for having me here today.
I am here to make three points: One of them is a thank you
for the Freedom of Information Act amendments that you all
mentioned, because it is a model for what you can do here on
classification.
Second is to reinforce the message of that Moynihan
Commission report. It was actually Moynihan, Combest, Jesse
Helms, John Podesta commission. So you can tell when it is a
unanimous bipartisan, it is something to pay attention to. And
the number one recommendation was to pass a law to govern and
fix this system.
The third thing I am here to tell you is that, when a
security official--officials--tell you something is classified,
don't believe them. Most of the time they are wrong. Fifty to
90 percent of the time, as the chairman commented, they are
wrong. So don't believe them. I am going to back that up with a
few examples.
But, first, the Freedom of Information Act amendments and
why that is a model. You have already had an impact. You all,
this committee was the leaders in this House of Representatives
to get those amendments passed, and already the Central
Intelligence Agency has released its Bay of Pigs draft history
that they locked up for 30 years. On what grounds? Well, when
you read it, you find out the grounds. The historian who wrote
it and drafted it said: ``After more than 20 years, it appears
that fear of exposing the Agency's dirty linen, rather than any
significant security information, is what prompts continued
denial of request for release of these records.'' That is the
norm in the bureaucracy. Your amendments broke this loose. The
CIA historian wrote on the back: Well, shucks, recent 2016
changes in the Freedom of Information Act require us to release
some drafts that are responsive to FOIA requests.
You did it by statute. That is the Congress' role. You can
do it to the classification system. And I recommend the
detailed list of recommendations in the back of this
extraordinary report, the Moynihan-Combest report, for how you
can do that. You can build in cost-benefit into the originating
classification decision. You can build in assessments of, what
is the real risk? What is the real vulnerability? What is the
stream of cost to the public and to efficient government
operations from classifying? You can do that on the front end.
You can build in a declassification board with power to release
so you get a rational declassification on the back end so the
system doesn't get completely gummed up with unnecessary
secrets. You can move those 50 to 90 percent of what shouldn't
be secret out to the public. You can do that, but you have got
to do it by statute. As Bill Leonard says, the government is
not going to fix itself. You have got to do it.
My third point is just don't believe them on
classification. Last month, we got a nice, you know, letter
from the Joint Chiefs of Staff in answer to a Freedom of
Information request. That is the document they gave us. It is
all blacked out because releasing it would damage our national
security, seriously damage it. This is at the secret level,
right? It was fascinating because our staff person took a look
and said: Oh, that is the Joint Chief's advice on a
Presidential policy directive back in July of 1986. That looks
kind of familiar.
And he flipped back in the files. Turns out we got it in
2010 in full. That made us go look at the cover letter. You
know what the cover letter says? It says: We have coordinated
your Freedom of Information review in consultation with the
Joint Staff and the National Security Council. This is from the
Office of the Secretary of Defense. It says OSD and NSC have no
objection to declassification in full. However, Mr. Mark
Patrick of the Joint Staff thinks it ought to be classified,
and thus you got the black blotches. Classic case. One office
doesn't agree with another office. One says it has been
released for 6 years. Another says it is going to damage our
national security.
Attached to my testimony, I got a half dozen other examples
where it is not even one office and another office. It's the
same reviewer one week apart had diametrically opposed views of
what would damage our national security from release. So,
bottom line, Mr. Chairman, Ranking Member: Don't believe them.
Thank you very much for your time. I welcome your questions.
[Prepared statement of Mr. Blanton follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Chairman Chaffetz. Well, thank you. We love your passion
for it. It is good.
Mr. Amey, you are now recognized for 5 minute.
STATEMENT OF SCOTT AMEY
Mr. Amey. That is a tough act to follow. Good morning,
Chairman Chaffetz, Ranking Member Cummings, and members of the
committee. POGO has always recognized the tension between
openness and protecting legitimate government secrets, but the
executive branch frequently overclassifies more information
than is necessary and has developed new ways to conceal
government information. Such obstructions create barriers to
public deliberations on policy and government spending, impede
sharing, and harm efforts to identify and remedy waste, fraud,
and abuse. The 9/11 Commission said it simply: ``Secrecy, while
necessary, can also harm oversight.'' Sometimes the result of
classification is not for the legitimate need of secrecy but
the concealment of embarrassing information, which creates
public distrust.
There are five main points that I want to briefly discuss
today: overclassification, retroactive classification,
controlled unclassified information, treatment in handling
cases, and, finally, executive branch use of secret laws.
In overclassification, overclassification might be a form
of either excessive redactions or improper markings. Reports by
the National Security Archive and ISOO show that the
classification process is mostly heading in the right
direction, and we have seen some improvement over the last few
years, especially considering the amount of electronic
documents that have to be reviewed. But one number is a
concern. In 2015, classification decisions were overturned in
whole or in part in over 50 percent of the challenges. That was
411 cases overturned out of 814 decisions that were made.
Additionally, we have heard stories about the lack of clarity
and authority in standards leading different agencies to come
to different conclusions, as Mr. Blanton just discussed.
POGO is also concerned about the lack of clarity about what
constitutes intelligence sources and methods, which also can
lead to overclassification.
And, finally, classifications aren't free. As the chairman
mentioned, total security classification costs exceeded $16
billion back in 2015.
The Moynihan Commission had an excellent recommendation to
improve the system: classification decisions, including the
establishment of special access programs, no longer be based on
damage to national security. Additional factors, such as cost
of protection, vulnerability, threat, risk, value of the
information, and public benefit from release, could also be
considered when making classification decisions. POGO is in
agreement that such factors should be considered to reduce
executive branch secrecy.
On the issue of retroactive classification, for years, POGO
has expressed concerns about questionable activities to
retroactively classify government information. POGO has
firsthand experience because we were involved in instances
involving Area 51 and unclassified briefings to Members of
Congress in a whistleblower retaliation case. POGO believes
that any reviews of the classification process should include a
comprehensive look at issues affecting retroactive
classification, including failures in the system to classify
the information appropriately, how frequently it occurs, what
considerations were given to the information, if it is publicly
available, and what constitutes constitutional issues related
to prior restraints.
On the issue of controlled unclassified information, there
has been a proliferation of CUI, and by 2010, there were over
100 different CUI markings within government agencies. We have
even witnessed examples of misuse, and POGO hopes that the
committee will consider providing oversight of the
implementation of the recently released CUI regulations. We
have also even recently heard an example--and it was something
that we had complained about during the process--that employees
at DHS, when they were given FOIA training, were also
instructed that, if they have a FOIA that comes in and the
information is marked ``CUI,'' it should not be released. And
so that is opposite to the executive order that the President
issued as well as the language that is in the final regulation
from there and ISOO.
Unequal treatment in handling cases. In the past few years,
we have witnessed numerous instances of mishandling of
classified or protected information. I go into more detail in
my written testimony, but POGO thinks that, if an intent is
considered in high-profile cases involving senior officials, it
should also be considered, as well as other factors, in
whistleblower cases.
Secret law. POGO has voiced many concerns about the
executive branch use of secret law. How we come to conclusions
and striking the right balance between our security and our
rights is imperative, and the legal interpretations cannot be
cloaked in secrecy. Secret law poses a serious harm to our
democracy.
POGO's written recommendations are in our written
testimony, but I think there is one issue and point that the 9/
11 Commission made that is important about nurturing--that the
current system nurtures overclassification. There are no
punishments for not sharing information. Agencies uphold a
need-to-know culture of information, protecting rather than
promoting a need-to-share culture of integration.
Thank you for inviting me to testify. I look forward to
working with the committee and further exploring how to
legitimately protect classified information and reducing
government secrecy and cost. Thank you.
[Prepared statement of Mr. Amey follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Chairman Chaffetz. Thank you. I appreciate all of the
opening statements.
We will now recognize the gentleman from Michigan, Mr.
Walberg, for 5 minutes.
Mr. Walberg. Thank you, Mr. Chairman, and thank you for
holding this hearing. It is something that probably many of us
have surmised was going on. It certainly goes to a frustrating
level, and I appreciate the fact that, in this report that you
pointed out, Mr. Chairman, ``Pentagon buries evidence of $125
billion in bureaucratic waste,'' done by two reporters, one of
which certainly has established credentials for doing
investigative reporting, and we ought to take this seriously.
But I think when I read this, the frustrating thing was the
number of assertions that lawmakers don't want to do anything
about this because of the impact in their districts. And
certainly there is evidence to show that, but I think this
committee has lawmakers better than that. I hope this is a real
start.
Mr. Amey, according to that article in the Washington Post,
the Department of Defense first commissioned and then hid--
hid--the unflattering results, and did it aggressively, hid
that, with retribution, offered threats, you name it, of the
waste and efficiencies. Are you familiar with the report?
Mr. Amey. Yes.
Mr. Walberg. I would expect so. In your view, what reasons
could the DOD have had to keep the results of the report from
the public?
Mr. Amey. Oh, boy, you are putting me on the spot. I'm
trying to predict what the Department of Defense was thinking.
I don't know. It is very difficult because the report is
actually on the Internet. We found it yesterday when the story
came out. It has been on the Internet since that time. The
Defense Business commission actually had a slide presentation,
a summary of the report, on its Web site, and so we are trying
to actually figure out, and we actually reached out to the
reporters to try to figure out where the secrecy was coming in
and what was taking place. But I would imagine it is public
embarrassment. I mean, at the end of the day, we are talking
about the Department of Defense trying to protect $125 billion
and the fact that they can't pass an audit and there is other
scrutiny on top of them, that I think this was just an issue of
``we didn't want this to get out and so let's try to keep it
under wraps.''
Mr. Walberg. And I am sure $125 billion doesn't sound
unreasonable to you?
Mr. Amey. Oh, no, sir. I mean, we have been saying it for
years that, between when you look at goods and services--most
of my work is on contract oversight, and when you look at
Department of Defense goods and services, we factored that,
yeah, we are probably in the tens to hundreds of billions of
dollars' worth of waste.
Mr. Walberg. As I read that, it just goes back to simple
truth that a bureaucracy will protect itself. And a bureaucracy
does not want to be downsized in any way, shape, or form. But
in a time of sequestration, at a time when our warfighters and
their families, et cetera, are suffering reductions, for this
type of dollar amount to be held over and attempted at least to
be hid from us is unconscionable. To think that this could, as
I have read, cover the cost, the operational costs, of 50 Army
brigades--that is pretty significant--or 3,000 F-35 strike
forces or 10 strike forces of carriers, that is just
unconscionable that this would have been disregarded and
hidden.
What can Congress do to ensure that agencies engage in this
type of self-analysis but then also use results to improve
existing operations?
Mr. Amey. It is a wonderful question because that is
exactly what the point is, is, at the end of the-day, we have
asked for inventories of contracts, of inventories of what we
are buying, how many services are being provided.
Unfortunately, there was actually a chart out a few years ago
that said that the government doesn't often know how much the
government is spending and what it is being used for, and so
that is where we need to get to the audits, but specific
audits--just not check the box, did people do X, Y, and Z?-- we
need specific audits of specific spending. GAO does a fairly
good job. DCAA is involved in the process. But that is where I
think we need to go a lot deeper into these specific programs
and then get to the heart of why we see so many overruns on
some of these programs. I mean, there is a lot of waste out
there, and we just have to identify and then come to the
solution on how to remedy it from the beginning. I mean, let's
stop trying to put the milk back in the bottle after the fact.
Let's do it at the start of the process before billions is
wasted.
Mr. Walberg. Well, I trust that, because of this hearing
and others, I would assume that we can do that, plus starting
new, afresh on January 20 as well, that this lesson will not be
lost because, frankly, this is the number one responsibility of
our Federal Government, to make sure that we have the resources
available to do what is necessary to protect and defend our
positions and not just protect a bureaucracy.
And I yield back.
Mr. Hice. [presiding.] I thank the gentleman.
The chair now recognizes the ranking member, Mr. Cummings,
for 5 minutes.
Mr. Cummings. Thank you, Mr. Chair.
Mr. Aftergood, I and many other Americans have serious
concerns with reports of hacking and other actions by the
Russian Government to interfere with the 2016 Presidential
election. The intelligence community has confirmed that the
Russian Government or its associated entities hacked the email
accounts of individuals and political organizations before the
Presidential election. The Director of the National Security
Agency, Admiral Michael Rogers, said, and I quote: ``There
shouldn't be any doubt in anybody's minds. This was not
something that was done casually. This was not something that
was done by chance. This was not a target that was selected
purely arbitrarily. This was a conscious effort by a nation-
state to attempt to achieve a specific effect,'' end of quote.
Do you believe this is an important issue for our country?
And I notice that, in your testimony, you talked about
classification, and you talked about the state that we find
ourselves in overall today, and I am just curious.
Mr. Aftergood. Yeah. It is a crucial issue. The integrity
of the electoral process is absolutely fundamental. If we don't
have credible, authoritative elections, the foundation of our
political system is washed away. So, yes, it is an extremely
serious question. I think the blanket of classification that
has been spread over it needs to be reevaluated. Even before
that happens, Congress needs to understand exactly what did
happen. There are actually several questions here. What kind of
attack occurred? What are our vulnerabilities? And what steps
can be taken to prevent future attacks of this kind? And I
think all of those questions are wide open.
I would also say, though, that it is important that this
not be construed as a sort of left-handed attack or attempt to
undermine the incoming administration because that would only
aggravate whatever damage has already been done, at least in my
opinion. So I would hope that this be undertaken, as you said,
on a bipartisan basis to say: Look, we have got a problem. We
need to deal with it.
Mr. Cummings. I agree with you. I think it is definitely a
bipartisan issue. The FBI has refused to disclose any
information about its investigation of these hacks. This is the
opposite approach from the one the FBI took in the Clinton
email investigation. I wrote to our chairman on November 17,
2016, to request that our committee conduct a bipartisan
investigation into Russia's role in interfering with and
influencing the Presidential election, again, not to take
anything away from President-elect Trump, but just the idea of
it, just should bother every single American. Even Republican
Lindsey Graham, Senator Graham, called for an investigation
into it. Outside experts have also called for Congress to act.
A group of 158 scholars from colleges and universities around
the country sent Congress a letter calling for a congressional
investigation. A group of experts on cybersecurity defense and
fair elections wrote, and I quote: ``This evidence made
available in an investigation might show that foreign powers
have played an important role. It might show that such a role
was negligible. At this juncture, we can only say that existing
reports are plausible enough and publicly expressed enough to
warrant Congress' full attention and swift action,'' end of
quote.
Mr. Blanton, do you believe there is a role for Congress in
investigating these allegations?
Mr. Blanton. Yes, sir. To me, one of the great headlines of
the whole election season appeared in the Washington Post on
November 1 when the FBI was trying to explain why it didn't
sign on to that statement from the Director of National
Intelligence and the Homeland Security. And the headline read:
``Comey was concerned publicly blaming Russia for hacks of
Democrats could appear too political in runup to elections.''
That is the Washington Post headline. It is an interesting
reticence as you point out. Congress should get your classified
briefing, Congress should understand the hacking. There is a
huge problem. We are constructing at the National Security
Archive Web site at George Washington University a whole cyber
vault, trying to get declassified much of the cybersecurity
policy documents because, as former National Security Agency
Director Michael Hayden said, one of the problems of
cybersecurity is it was born classified. It grew up in this
hothouse where it was all shielded by compartments, but what we
really need in our society is a robust debate that involves
academics, civil libertarians, the tech companies, and this
committee and this Congress. We have got to open it up. That
cyber vault is beginning to get populated, but it needs more.
It needs this Congress to get into this. It needs to press the
intelligence community and Homeland Security to release the
basis of their attributions. How do they figure that? That is
the hardest part, as you well know, Mr. Cummings.
Mr. Cummings. One last thing, Mr. Chairman. I have said it,
and I guess, at 65, I look back and I am not so much worried
about my life. I am worried about future generations. The idea,
I mean, I just see, I am very concerned about our democracy.
Mr. Aftergood, I appreciate your comments because it seems as
if you can just chop away and chip away, and the next thing you
know, you won't have a democracy. Do you all have similar
concerns, any of you?
Mr. Leonard?
Mr. Leonard. Yes, Mr. Cummings. You know, I think,
obviously, my insights are only based upon what I have seen in
open-source material and whatever, but I do know from being,
based on my past experiences, this is something straight out of
the Russian playbook. We have seen it repeatedly happen in
Europe, especially in Eastern Europe and things along those
lines. In fact, it is straight out of the KGB playbook during
the cold war. It was known as special measures back then and
the use of disinformation and things along those lines. So,
clearly, it does go at the very fabric. And, again, this is an
example of what I made reference to in my opening comment in
terms of the impact that denying information to the Congress
can have in terms of the Congress' own ability then to carry
out its Article I constitutional authorities, which essentially
is oversight.
Mr. Blanton. If I could just make one more comment on that
issue, I think we have got to look at this question of hacking
and attribution and roles with an eye to, what is the long-term
fix? If you look at what the Obama administration achieved with
China, the price of a state visit for the head of state of
China was that China had to stop its hacking. And that whole
arm of the People's Liberation Army kind of went on hold. And
the question--one of the first documents we published in the
cyber vault was the directive that authorized our National
Security Agency to do offensive cyber operations, and that was
in 1997. That was in 1997. I think one of the things that
Congress has got to look at when it is trying to figure out who
is hacking us and why and what is the damage is, what is the
fix? I think we are going to have to end up with new
international norms governing cyber war because our country is
the most vulnerable in the cybersphere. It is in our national
security interest to impose rules on other folks and to cut the
deals, like President Obama did with President Xi, to restrain
us. To restrain them, it will also restrain us, but that is in
our interest.
Mr. Cummings. Thank you.
Mr. Hice. I thank the ranking member, and I would ask our
panelists to help us keep within our 5 minutes. We have got a
number of people who want to ask questions, so if we can work
both ways.
The chair now recognizes Mr. Farenthold for 5 minutes.
Mr. Farenthold. Thank you, Mr. Chairman.
Mr. Amey, you mentioned that there is no penalty for
overclassification. What would you suggest that we do?
Obviously, you would want some penalty for self-serving
classification. What other areas, what would you suggest as a
potential punishment, or do you just make it illegal with no
punishment?
Mr. Amey. Oh, I think there has to be some punishment. We
can debate what the punishment will be, but there has to be
some kind of civil, criminal, or administrative punishment that
happens. I mean, currently, you know, things are marked, and at
least with classification, there is at least a better process.
A lot of what we have also been concerned with is this--in the
old days, it was the FOUO--with the Controlled Unclassified
Information, the CUI out there, is that anybody that thinks
something can stamped ``CUI,'' they put a stamp on it. And
then, all of a sudden, that has a dissemination control on it.
It can't be shared, and then there's questions on, well, wait a
second, if people can't learn about it, how can we FOIA it? But
I think you are absolutely right. We have to figure out what
the punishment will be, and it may be something purely
administrative. And I am sure the other panelists have some
ideas on it as well, but I think there has to be something.
Mr. Farenthold. All right. So let's talk a little bit. This
committee has had pretty good success with the IG community
where, within each agency, there is an independent inspector
general that does investigations. We have had success with the
chief information and chief technology officers under FITARA.
Is there a model in which we create within all agencies a
classification office? Or are we better off setting up
something outside the agency, certainly on longer term, you
know, move something within in the National Archives, where
there is a method for declassification?
We will start with you, Mr. Blanton, and let anybody else
weigh in.
Mr. Blanton. Excellent question. All I can do is point back
to some of the lessons of history, which are the times when we
have had real success in forcing unneeded secrets out of the
system was when Congress took action with the Nazi War Crimes
records bill, with the JFK Assassination Records bill. It set
up blue-ribbon panels outside and inside----
Mr. Farenthold. Well, part of our problem here in Congress
is we can do a lot of things. We need your suggestions on what
specifically to do. I understand that that is probably more
indepth we can get into in the 2-1/2 minutes that I have left.
Let me let anybody else.
Mr. Leonard, do you want to weigh in?
Mr. Leonard. Yes, sir. I am a big advocate of the IG's
involvement in these types of issues. Having been external to
agencies when I was at ISOO--I was part of the Federal
Government but yet an outsider--I was very much limited to what
I could do when dealing with CIA or even the Department of
Defense or what have you. IGs don't experience those
limitations to the same extent. Plus they also have the dual
reporting responsibilities in both the executive and
legislative branch.
Mr. Farenthold. So your suggestion might be expand the
responsibility of the IGs?
Mr. Leonard. Absolutely. There was the 2010 Reducing
Overclassification Act, which assigned specific
responsibilities to the IG. I believe those types of things can
be greatly expanded, and given the proper training, IGs can
very effective in this area.
Mr. Farenthold. Yes, Mr. Aftergood.
Mr. Aftergood. One hopeful sign in current classification
policy is the growth in classification challenges from within
the system. The current executive order allows people who have
access to classified information to challenge its
classification status and to say: Wait a minute; this shouldn't
be classified.
In the most recent year, the number of internal
classification challenges reached a record high of more than
900. And of those challenges, more than 40 percent were
granted. That is a trend that I think could be built on. If the
system can be made more and more self-correcting where people
inside the system themselves are finding errors and helping to
adjust them----
Mr. Farenthold. One final question before I am completely
out of time. This committee and other committees often get
classified information in response to our requests for
information as part of our oversight responsibilities. Do you
think it would be appropriate to create a mechanism for
Congress once we have read that and said, ``This is crazy, this
doesn't need to be classified,'' do you think Congress should
have the ability to declassify material? Does anybody think we
shouldn't?
Mr. Leonard. I believe Congress should. In fact, some
committees by virtue of rules have empowered themselves with
that option yet, to my knowledge, have never been acknowledged.
It is a dicey issue, but two coequal branches of government and
each have the----
Mr. Farenthold. Mr. Amey, you look like you wanted to weigh
in.
Mr. Amey. Well, in the final CUI rule that is one of the
things that we fought for. Originally, there was only allowed
to be a challenge internally, and we fought that it could
beinternally or externally. So, yeah, I would think that the
same process should be applied to classified information as
well.
Mr. Farenthold. Thank you. I see my time is expired.
Mr. Hice. I thank the gentleman.
The chair now recognizes Mrs. Watson Coleman for 5 minutes.
Mrs. Watson Coleman. Thank you very much, Mr. Chairman.
And thank you to each of you for raising what I think is a
very important, complex list of issues, actually. And I
recognize that we need to be talking about security first. We
need balance. We need accountability. And we need fairness. And
so this is a huge area with so many people interacting. In many
cases, there is a disagreement among agencies and within
agencies. And a lot has to be done here.
I wanted to ask a series of questions, and so I hope that
you will answer them as sort of succinctly as possible,
recognizing that you are only going to give me sort of the top
lines.
I want to start with you, Mr. Blanton, because you
testified about the recommendations of the Moynihan Commission
more than 20 years ago, and I just want to have a reaction from
you as to why you think Congress has not moved to fix this
classification system.
Mr. Blanton. I am no expert on Congress, and I assume that
you could give a far more sophisticated answer to that than I
could. I think Steve Aftergood, I think, testified at one of
the congressional hearings back in 1998, and that was when
Senator Moynihan was alive and Senator Helms was alive. They
were in powerful positions, and even they didn't push through
their recommendations. My own sense is there wasn't enough of a
notion of crisis, and we have got a crisis today I think in the
classification system.
Mrs. Watson Coleman. I think that you are quite accurate on
that, that we may be in a situation right now where we are in
an unprecedented environment.
Mr. Aftergood, would you like to comment to that?
Mr. Aftergood. You know, the Moynihan Commission report
itself included an appendix of previous studies from previous
decades that had also not solved the problem, and here we are
20 years later looking back at the Moynihan Commission. I think
it may be that the recommendation didn't quite capture the
issue properly, and it seems to me that a law on secrecy is a
means to an end. It is not the end. I would think about what is
the end that you really want and then go for that. And the end
that you really want is greater congressional control over what
is or is not classified. Focus on that. Go for that. If there
are particular areas, particular topical areas that need
classification, declassification, mandate their
declassification.
Mrs. Watson Coleman. So probably the end result should be
the kinds of things that I sort of mentioned when I opened up,
the issue of security and balance and fairness and
accountability, and how we get there.
Mr. Blanton, again, you talked about a possible reform that
could be made by statute. One of those would be to implement a
life cycle of secrets. Would you talk to me a little bit about
what that is?
Mr. Blanton. In the most straightforward version, it was in
the Freedom of Information amendment, like a 25-year sunset for
deliberative process. The reality of our classification system,
one of the reasons it is entering crisis is we have got a
tsunami of electronic records. The volume is--we are talking
petabytes of information. We are not going to be able to do
page-by-page review, which is what our declass system currently
consists of. We are going to have to build in automatic
releases for entire categories of records without review.
Mr. Blanton. And that, I think, is going to be the only way
to deal with those electronic records. So life cycle is just a
kind of summary term to say you've got to put sunsets on the
secrets, you've got to have better decisions on the front end
that build in the sunsets, and then automatic release.
Otherwise we're sunk.
Mrs. Watson Coleman. I believe it was your testimony that I
read where you said within this age of technology we can take
care of those things that are sensitive in nature, personal
information that could be deleted automatically if it's
programmed to do so.
Mr. Blanton. Yes, ma'am. That's the big holdup right now in
releasing the State Department cables. They say they've got to
look at every single cable to make sure there's no Social
Security number or personal phone number in there. Well, I
can't think of something that is more easily automated than
searching and removing a Social Security number.
Mrs. Watson Coleman. So help me to understand this, because
I am a relatively new member. And I want to ask two questions
here.
Number one is, is it currently a situation where each
agency is responsible for classifying its information even
though that information might be shared with other agencies and
involve other agencies?
And, lastly, and anybody can respond to this, is there a
proposal where this sort of classification consideration would
go into a sort of multidisciplined entity where those things
could be vetted under standards and circumstances and then sort
of move in a way that agencies can sort of agree on the ground
levels and would reduce the amount of classification?
Mr. Blanton. That entity exists. It was recommended by
Moynihan. The Congress and the Presidents put it--it's called
the National Declassification Center. But the reality is it
doesn't have the power, maybe the will, to override those
agencies. So you get a constant equity referral where the
agencies all get a bite at the apple. And one of the
recommendations in my testimony is empower that center. Make
the decisions. Do a sunset. If something's older than 25 years,
that center should be able to review it.
Mrs. Watson Coleman. So does that empowerment require our
legislative--my last--I'm sorry--does that require our
legislative action to reconfigure this and empower in a
different way?
Mr. Blanton. Yes, ma'am.
Mr. Leonard. Absolutely.
Mrs. Watson Coleman. Thank you.
Thank you, Mr. Chairman.
Mr. Hice. I thank the gentlelady.
The chair now recognizes Mr. DeSantis for 5 minutes.
Mr. DeSantis. Thank you, Mr. Chairman.
I appreciate the testimony and the invitation for Congress
to be involved in this. But I want to just start at the
beginning and just ask everybody, does everyone agree that at
some level the executive does have inherent authority under
Article II as part of the executive power to maintain secrecy
of information related to the national security?
Mr. Leonard.
Mr. Leonard. Absolutely.
Mr. Aftergood. Yes.
Mr. Blanton. Yes, but. Because there's an Article I that
says Congress makes the rules to govern the military, Armed
Forces, and national security. So it's both.
Mr. DeSantis. Well, it's both, but I think Hamilton when he
talked--because there was a debate whether you should even have
a single executive. They had revolted against George III. Some
proposed a council. And one of Hamilton's main arguments for
why you needed a single executive was for secrecy, particularly
with regards to national security.
So there's got to be--I mean, is there anyplace, I guess,
that Congress can't go into that? Or could Congress basically
legislate as far as it wants, in your judgment?
Mr. Blanton. It can legislate as far as it wants. Congress
has the power of the purse. That is the key. And I think the
Founders said separate the power of the purse from the power of
the sword. That's key. Takes money to run a----
Mr. DeSantis. Well, I think that's--I think--absolutely. So
the Congress could abolish the CIA if they wanted to. There's
no requirement you have that. But we do have intelligence
agencies. We do that. Could Congress just pass a statue saying
declassify as much sensitive stuff as we want? Would there be
any constitutional concern with doing that?
Mr. Blanton. None. And Congress has already done so with
the Nazi war crimes, which exposed the files of Nazis that the
CIA recruited and brought to the United States. So Congress has
already done that.
Mr. DeSantis. But when did they do that, though?
Mr. Blanton. In 1998 and 1999.
Mr. DeSantis. Yeah, well, but I guess my point is, if
Congress wanted to start declassifying things that were germane
and ripe right now with how our government's conducting
sensitive operations, you say that would still be okay even
though it could jeopardize lives?
Mr. Blanton. It would still be okay because my bet is that
this Congress and this committee would act pretty judiciously
on that. You're not going to willy-nilly, you're not Julian
Assange.
Mr. DeSantis. No, I get it. But what I'm trying to figure
out is if there's a----
Mr. Blanton. I have a lot of confidence in your judgment.
Mr. DeSantis. Well, but there's certain constitutional
prerogatives. We obviously have the power to legislate, of
course the purse. The executive has certain--or, I mean, the
executive power means something. I mean, there's certain
things.
And so what I'm trying to figure out is are there certain
places--because I think we all agree some of this stuff is
ridiculous. And there's an incentive to just simply take on
more--some of this stuff isn't even classified that's being
protected.
But at the same time I just think it's important to
recognize that there is a legitimate reason to do it, because I
think when you overclassify, I think that actually undermines
the core reason of why you want to do it.
But let me just get you, Mr. Amey, down on the end.
Mr. Amey. I totally agree. I do believe that there's a
constitutional protection for secrecy. But at the same time, as
Tom said in his statement, I think you have to get to his point
number three, and that is don't trust it. I mean, eventually
we're going to have to get down to a point where, whether it's
through the challenge process or through briefings that
Congress gets, on questioning what the executive branch is
doing.
Mr. DeSantis. So you look at some of these things, some of
these agencies, the Antitrust Division at the Department of
Justice, the Bureau of Prisons has somebody who's an original
classification authority.
Mr. Leonard, how did it get to be that point? Is that
really necessary in those instances?
Mr. Leonard. It's an example, perhaps, of--when I was in my
position at ISOO one of the things I had to do was to deal with
requests for agencies to get original classification authority.
And, quite frankly, one of the issues that I had to contend
with is it was one of convenience more than anything else.
And there were a number of instances where there were
agencies or even small activities looking for original
classification authority that had to push back because they
were looking to really accomplish something that probably could
have and should have been accomplished through legislation if
there was really a legitimate reason to withhold information
from public disclosure.
Mr. DeSantis. How do you analyze? Because some of this
stuff, it's just the agencies are embarrassed, they don't want
to do it, and it's clearly just--it's not credible. But
sometimes when you're trying to get information from FOIA or
Congress, I mean, you are diverting the executive from kind of
their core mission, actually do good. I mean, we're the first
ones to criticize the government when they screw up or when
they're not competent.
And so how do you do this in a way that's not going to
impose too many costs? I mean, for example, if we're going to
always review every 10 years some of this stuff, that is going
to create some costs. So how would you recommend we strike that
balance? Is that a valid concern?
Mr. Leonard. It very much so is. And one way would be to,
as Mr. Blanton referred to, was to consolidate authority and
responsibility and not spread it so far and wide within the
government.
I'll give you a perfect example. When I was in the
Department of Defense, I could write a memo and use CIA
information. The CIA trusted me to properly classify the
information. They didn't want to look at it and whatever.
If I came back 20 years later and wanted to work at the
National Declassification Center and looked at my same memo,
they wouldn't allow me to declassify it because I didn't get a
paycheck from CIA.
That type of redundancy can be beaten out of the system and
it would result in significant cost savings.
Mr. DeSantis. Great. I yield back.
Mr. Hice. I thank the gentleman.
The chair now recognizes Ms. Kelly for 5 minutes.
Ms. Kelly. Thank you, Mr. Chair. And thank you for holding
today's hearing on this important topic.
I believe that secrecy is a serious problem that is
widespread in the Federal Government and that it goes beyond
classified information. For instance, there's a category of
pseudoclassification that has exploded over the last 15 years
called controlled unclassified information. I understand there
may be as many as 100 different designations in use, but the
label ``sensitive but unclassified'' is one of the worst of
offenders.
First, I want to get a sense of the extent of this problem.
The Information Security Oversight Office annually reports how
many classification decisions agencies make. However, there is
not a corresponding section on how many decisions were made to
designate materials as controlled unclassified information.
Mr. Leonard, you previously served as the director of ISOO.
Are agencies required to track how many materials they
designate as controlled unclassified information?
Mr. Leonard. Quite frankly, I'll defer to one of my
copanelists because I've been away from ISOO since they assumed
that responsibility and have not followed it that closely.
Mr. Aftergood. I would say that there has been significant
progress compared to where we were 10 years ago. It used to be
that anybody could mark any document anything. You could say
this is for official use only and that would restrict its
access.
Now, under the executive order on controlled unclassified
information, there is what's called a CUI registry, and only
those markings that have been approved and validated can be
used. And there are many things, of course, we want to protect.
We want to protect tax returns. We want to protect privacy
information. All those kinds of things have been validated, and
only those markings that are on the CUI registry are supposed
to be used.
Now, is that system working perfectly? Are people bending
the rules? I don't know the answer to that question. It just
went into force very recently, and we're still waiting to see
how it's working. But I think the policy has improved
substantially over the past decade.
Ms. Kelly. Would you estimate that more information is
designated as CUI than is classified?
Mr. Aftergood. I don't know the answer to that.
Mr. Amey. I don't think we know the answer to it. Agencies
are going to be required to report how much information is
marked. They did boil the over 100 categories down to 20.
However, there are 80 subcategories. And so at that point you
still end up with a real patchwork of designations and markings
that can be placed on documentation.
The big thing with it also is there's going to be better
training. ISOO is doing a very good job, and I have to applaud
them, because they actually reached out to our community and
worked with us on the rules. As it went through the process,
they really did work with the agencies to try to get it. But
they didn't--I don't think they realized how big that this had
expanded within agencies. And there was a lot of foot dragging
by Federal agencies as well.
So as Mr. Aftergood said, it was only in effect, I think,
as of mid-November, something like that. And so at that point
we're going to have to wait and see. And full implementation of
the CUI regulation isn't expected to be completed until 2017,
'18, '19. So at that point it's going to take a very long time
to probably get some answers on it. But it needs the proper
oversight from this committee.
Ms. Kelly. I know you called it a gray area, because I was
going to ask you what do you think the potential for abuse is.
Mr. Amey. We've already seen some abuses. In my written
testimony I provide two examples, and one was even an IG report
in which there were examples involving the TSA. Also, the
bizarre case of Robert MacLean in which something was marked
SBU. It was actually the original CUI. And so at that point
something was marked SBU I think 4 years after he released it,
even though it didn't have any marking or designation, but they
retroactively marked that information as SBU. So there are
problems in the system and it is prone to abuse and so we do
have to watch it.
Now, the nice thing with the CUI rule is that there is a
misuse provision, and so that may be something that can be
borrowed upon for the classification system that we should look
at since it's already in regulation. And also the challenge
procedure. But, again, challenges go back to the agency, and
then I think you have a right to dispute resolution. So it's a
little murky due to the fact that you're, in essence, going
back to the fox guarding the henhouse that may have originally
marked it. So there are some concerns with that.
Ms. Kelly. Mr. Blanton, you keep shaking your head. So I
want to give you opportunity for comment.
Mr. Blanton. I agree.
Ms. Kelly. Okay. I yield back the balance of my time.
Mr. Hice. I thank the gentlelady.
The chair is now going to recognize himself for 5 minutes.
I want to go back to something that came up a little while
ago, and that is the number of classifications. Over the last 5
years some 400 million, and yet only a little over 2,300 in the
same 5-year period have been challenged. And those numbers can
be debated a little bit here and there. But whatever it is,
2,300 out of 400 million is virtually no challenges whatsoever.
Just real quickly, just a sentence or two, why so few
challenges? Mr. Leonard, I'll start with you.
Mr. Leonard. Mostly one of culture. When I was in the
Pentagon, when I had reports in my inbox, if I had an
unclassified report and a top secret report, which one would I
read first? The top secret one, even though the unclassified
one may be more substantive. So sometimes it's just as simple
as just sheer culture, People get inured to it and just expect
nothing else.
Mr. Hice. Mr. Aftergood.
Mr. Aftergood. In many cases, employees are not aware of
the challenge provision that enables them to make this
challenge. And that's one simple step that can be taken to say,
look, as soon as you sign your nondisclosure agreement, you
also sign, ``I'm aware that I can challenge a classification
marking that I believe is improper.''
I would also mention that I think your hundreds of millions
figure is including original and derivative classifications.
The number of original classifications or entirely new secrets
has been on a steady downward trajectory.
Mr. Hice. I don't want to get into a number right now.
Mr. Blanton, why so few challenges?
Mr. Blanton. It's easier just to classify. And much
classification just occurs reflexively. And most of those
derivative classifications it's just keep it going. Because
there's not a thought process on the front end of the first
decision. What's the cost benefit? What's the real risk? What's
the vulnerability? What's that? And you've got to educate them
at the nondisclosure agreement point, but I would argue you've
got to put it in a statute.
Mr. Hice. All right.
Mr. Amey.
Mr. Amey. And just quickly, it could be career suicide. I
mean, at this point we have insider threat investigations that
could take place, and also whistleblower retaliation. So a lot
of the times, as Mr. Blanton just said, it's a lot easier just
to go along with the process than to question it.
Mr. Hice. Okay. So it's not a matter of red tape. Perhaps
poor advertisement, people don't know, perhaps a culture, or
whatever. But red tape is not the problem, is that correct, all
of you would agree with that?
Mr. Leonard. Oh, absolutely. And, again, a lack of
accountability is key too.
Mr. Hice. Okay.
Now, when it comes to--obviously we know there's been a lot
of threats to our country, and I'm concerned about the lack of
information sharing within our Federal Government.
A scale of 1 to 10, how serious of a problem is this, to
each of you?
Mr. Aftergood. I think it was 10 around the time of 9/11.
It's 5 now. In other words, there has been significant
progress.
Mr. Hice. Okay. The rest of you?
Mr. Leonard.
Mr. Leonard. I would tend to agree, but my sense is that
there's also been a rollback with respect to some of the recent
rather significant wholesale compromises that have occurred as
well too.
Mr. Hice. All right. Mr. Aftergood, how serious of a
problem?
Mr. Aftergood. It's a serious challenge. When you classify,
you restrict dissemination. And so they're the flip side of
each other. It's an ongoing problem.
Mr. Hice. Mr. Amey.
Mr. Amey. Agreed.
Mr. Hice. All right. So across the board we still have a
serious problem. There may be some improvements. But we still
have a serious problem with sharing information, even when
potential threats are hanging in the balance of our country.
And in the mix of all of that, also came up earlier is the
ability of Congress to do our job.
How serious is the issue or is it at all an issue where
agencies are overclassifying to either complicate or obstruct
congressional oversight? I'd like to hear from each of you
quickly.
Mr. Aftergood. Honestly, you're probably in a better
position to answer that. I think it's the exception, not the
rule.
Mr. Blanton. I think it varies by agency. And I think the
intelligence community has the, in a sense, the worst cultural
problem. You've got to go into that SCIF. You can't bring out
notes. You can't have staff. How are you going to have a
serious consideration of real oversight over some of the most
important and sensitive and deadly operations of our entire
government?
Mr. Hice. All right. Real quickly.
Mr. Leonard. It inevitably occurs, whether intention or
not. And, again, the lack of accountability makes it ripe for
abuse.
Mr. Amey. And it's why in any oversight or any new
commission that is going to be paneled here to take a look at
classification and the status and secrecy issues, is why you
have to get out of just the check-the-box kind of audit on are
people following procedures, but take a look at some specifics
where challenges have been raised and why those things were
allowed to be overclassified.
Mr. Hice. And when we do get stuff, it's so redacted it's
virtually worthless much of the time. So a serious problem.
I again want to thank the panelists. My time has expired.
The chair will now recognize Mrs. Maloney for 5 minutes.
Mrs. Maloney. Thank you, Mr. Chairman and Ranking Member.
Mr. Blanton, earlier you mentioned the Nazi War Crimes
Disclosure Act. That happened to have been a bill that I
authored. It took about 4 years to pass it because the CIA was
objecting. It opened up the files of Nazi Germany and Japan 50
years after the war.
Now, every other country had opened their files, but we
were refusing to, and it took Congress to pass a bill to open
up these files. It's been turned into books. It's been turned
into all kinds of helpful information that's helped our defense
strategies and how to operate in an environment as they did.
But I want to ask you about another way of classifying,
which is retroactively classifying. And I join you in saying
there was no reason why we shouldn't have declassified that
information. But on September 8 of this year, State Department
Under Secretary for Management Patrick Kennedy, testified
before this committee about a unique process in the State
Department used to retroactively classify 2,000 of Secretary
Clinton's emails that she turned over to the State Department.
In other words, they were not classified at the time they
were sent or received by her, but then they were reclassified
after the fact by staff in the Department of the FOIA office.
And Patrick Kennedy testified that 1,400 of these documents, or
70 percent, were retroactively classified because they
contained what is known as foreign government information.
So my question is, it seems to me that this is a confusing
process. Foreign government information is not treated like
classified information until it's reviewed for public release,
and then all of a sudden it's classified. It seems to me we
should have one standard. Why have one retroactively? It makes
no sense. And how are State Department employees supposed to
know when to treat information as classified and when not to if
the designation might change without warning?
Mr. Blanton. I read Mr. Kennedy's testimony with great
interest because he asked this committee to create an exemption
under the Freedom of Information Act for foreign government
information, which I think is a terrible idea, for three
reasons. One, it puts Tajikistan standards into our freedom of
information law. No, thank you. The lowest secrecy abroad.
I think second reason is if there's harm from release of
that foreign government information, it's protected already
under our executive order. You can classify it.
And I think the third reason is that's the easy way out.
Instead of our diplomats actually thinking about how you
protect stuff that actually would get us into trouble, they
don't want to think about it.
And I'd just remind you of the Weatherhead case went all
the way to the Supreme Court over foreign government
information. Finally it got booted out. It turned out the
document at issue had already been handed over to the plaintiff
and the government had no idea. And it wasn't going to damage
our relationship with Great Britain, which is where the
document came from. So skepticism is in order.
Mrs. Maloney. Well, I agree with you, and I truly
understand the need to protect truly sensitive diplomatic
discussions from public release. But using the classification
label to do that makes the classification system even more
confusing and, I would argue, less effective. And we need to
find a better solution.
So with that statement, I'd just like to ask all of the
panelists in my remaining time, do you have any recommendations
of how to improve this process? And we could start with you,
Mr. Leonard, and just go right down the line.
Mr. Leonard. The consistent theme this morning, and I agree
with it wholeheartedly, is providing legislative backing to the
very system in order to ensure uniformity, consistency, and
most of all accountability. And also to facilitate the Congress
to be able to fulfill their Article I constitutional
authorities as well.
Mr. Aftergood. The government requires a degree of
flexibility, and so I would be cautious about strict provisions
that remove such flexibility. Information that is provided in
confidence needs to be protected somehow if one wants to
maintain that working relationship. Classification seems like a
heavy-handed way to do it, but if the alternative is a blanket
FOIA exemption, then that might not be better. So I don't have
a good solution for you offhand.
Mr. Amey. When it comes to retroactive classification, I
think we need a study. I'm not aware of anything in depth or
comprehensive in taking a look at the issue on the whos, whys,
wheres, whens. And so I think that would be in order.
Mr. Blanton. The fundamental phenomenon on retroactive is
being driven by agencies like what Mr. Leonard said, CIA
asserting control and no longer allowing the Defense Department
or State to declassify their own information.
Mrs. Maloney. Okay. Thank you very much.
Mr. Hice. I thank the gentlelady.
The chair now recognizes Mr. Massie for 5 minutes.
Mr. Massie. Thank you, Mr. Chairman. I'm so glad we're
having this hearing today. I've been looking for the
opportunity to talk about something that's very important to
me, and I'll be very careful not to disclose anything that's
classified.
About a month ago I went back down to one of those SCIFs
that Mr. Blanton was talking about. You can't take notes out.
And what I did is a reread the 28 pages, but I brought the
redacted version with me so that I could see in what manner it
was redacted. By the way, I want to ask you guys a question
later so you can get ready with an answer.
But one of things that I would think would help is to know
the reason for the redaction. There's certain reasons that
might be legitimate, and maybe a law that says when you redact
large swaths or even small portions, that you have to give the
reason. If the reason is to avoid embarrassment or to protect a
source or to protect somebody who may not be guilty, their
public reputation, just disclose it, and then the crime or the
infraction could be that you lied about the reason.
Because that's what I want to get to with these 28 pages
and the reason for those redactions. And I think I can disclose
my perceived reason for some of these redactions without
disclosing anything classified.
Twenty percent of the redactions, I would say, were to
protect specific and confidential sources. I would say another
20 percent were to withhold the names of individuals whose
reputations would be irrevocably ruined, whether they were
guilty or not.
But 60 percent of those redactions fall into a very
troubling category for me. They changed the very nature of the
document and the way it's perceived by the public and the
impact that it should have had.
Some of those are probably to prevent embarrassment.
Mr. Massie. But I feel like--after reading that--10, 20, 40
years from now, when it's all released, this is going to be a
textbook case of how the government overclassified something in
an effort to control the narrative. In fact, before these pages
came out, there was an op-ed in the USA Today by two of the
chairmen on the commission that said these are raw, unvetted
sources. Right? So the redactions, in my opinion, were made to
support that presumption that these were raw, unvetted sources,
because if you removed the redactions, you would say: No. Those
might be credible sources, in fact. And they might, in fact, be
vetted.
So that's my concern is that, you know, 20 years from now,
we'll look back at this, and you'll see that key words and
acronyms and sentences were removed and with the effect--with
the effect--of diminishing the impression that you get from
reading the unredacted pages, which is that Saudi Arabia--and I
can say that name now because it's in the redacted pages--has
some kind of civil liability or criminal culpability either--
and not because of their citizens but because of their
government acted either in, I would say, acts of omission or
commission. Either one makes them somewhat culpable. And I'm
afraid that has been diminished by those redactions and it's
been overclassified, and this is a prime example.
So one of the questions I want to ask is, do you think it's
a good idea if we required them to give the reason for the
redaction?
Mr. Leonard. Absolutely, sir. The order does require
original classifiers to be able to identify and describe the
damage to national security. But to my formal statement I
attached an actual email that had been used as count one for a
felony indictment of Mr. Drake, who was eventually not
prosecuted. But the government claimed it was classified. And
in preparing for the trial, the NSA was required to say--state
specifically why they considered that email to be classified.
Their explanation looked entirely rational when you read it,
but if you compared what they said to the actual document, it
was factually incorrect.
Mr. Massie. Right. So that supports the notion that they
should be required to disclose it, and there should be some
punitive ramification for misleading about the reason.
Mr. Aftergood?
Mr. Aftergood. I would like it to--to make the point that
the classification system is permissive. It says that
information may be classified if it meets certain conditions.
And what that means is the decision to classify is actually a
subjective one. Somebody thinks that classification is the
right move. And because it's subjective, you or I may disagree
and say: You know, that's a mistake. You're wrong.
And so providing the reason, I think, would be helpful. But
it wouldn't necessarily resolve the disagreement. I just
disagree with that reason. Instead, I would suggest that, in
cases of significant interest, like the 28 pages, like many
other cases, there needs to be a procedure where you take the
decision away from the original classifier. Don't try to make
the original classifier admit he was wrong. Take the decision
away. Take it to a third party. There's a public interest
declassification board. There may need to be a new body and
say: Does this make sense? I want you to evaluate it as a third
party and come back to us with a recommendation.
Mr. Massie. Mr. Chairman, I appeal to let the other two
answer the question.
Mr. Hice. You can answer.
Mr. Blanton. Just very briefly, exactly this mechanism
exists for mandatory review requests, this interagency security
classification appeals panel. And it's ruled in favor of
openness over 70 percent of the time. Just a third party. The
simple maneuver of taking the document away from the original
agency and putting it in a panel that includes the original
agency, you get a completely different result.
Mr. Massie. Mr. Amey.
Mr. Amey. And this is also a process with the Freedom of
Information Act. There is a process there where just only a few
years ago did they add where they had to list the reasons. In
the old days, we used to just get a letter back with tons of
blackened-out markings. And then, in the intro, they would say:
We redacted things for, you know, B3, 4, 5, 6, 7. And you had
to kind of guess what applied to one specific redaction. Now
they're required to go through documents subject to the Freedom
of Information Act and list right next to each redaction what
the redaction--what exemption was being cited to justify the
reason for that. And also then you also have an administrative
appeal that we hope--we always hope--that it goes to a
different entity inside of the department rather than the
person that made that marking. And then now there's also a
process through ISOO to challenge those determinations and go
to an, in essence, an arbitration. And so it's funny that we
have a better procedure just for that Freedom of Information
Act process than we do for the classification process.
Mr. Massie. And I've seen those documents with those
markings. And they're somewhat helpful because they classify
the stuff they even send to us, they try to not even disclose.
So but I haven't seen that on the 28 pages. I've just seen op-
eds that say: Oh, there's nothing to see here.
And by the way, it was released the day before Trump named
his Vice President, which is another thing. But at least it was
released in part.
Thank you.
Mr. Hice. Thank the gentleman.
The chair now recognizes Mr. Connolly for 5 minutes.
Mr. Connolly. Thank you, Mr. Chairman.
And thank you all for participating. I guess I'd like to
explore a little bit what happens when two agencies disagree
about something being classified at all. And this is not a
hypothetical? In a recent investigation of emails, we had
multiple examples where the State Department said one thing and
the intelligence community said another. Specific example,
really quite, I think, quite striking: A 2011 email sent by a
State Department employee about the late Ambassador Chris
Stevens of Libya was marked clearly ``sensitive but
unclassified.'' The Under Secretary for Management, Mr. Patrick
Kennedy, confirmed in testimony before the committee that the
State Department considered the email unclassified and that
anyone reading the email would assume it was not classified.
But after the email was sent, the intelligence community
nonetheless claimed it was classified.
And so, in September of last year, the State Department
sent a letter to Senator Corker, the chairman of the Senate
Foreign Relations Committee, explaining that the intelligence
community was wrong. The letter from the State Department
stated that the suggestion that the email should have been
treated as classified was, and I quote, ``Surprising, and in
the Department's view, incorrect,'' unquote. So what's a poor
boy to do? Is it classified, or isn't it?
Mr. Leonard. As has been mentioned, sir, there are appeals
processes in the system, but they're admittedly rather
cumbersome and time-consuming. But Tom Blanton referred to the
Interagency Security Classification Appeals Panel. I used to
serve as the executive director of that. Interestingly enough,
last year for the year that the full last numbers are
available, for appeals that came to that panel, which consists
of executive branch representatives from various agencies, 95
percent of the time the determination made by the agency that
owned the information was overridden at least in part or in
whole--95 percent of the time, since 1995----
Mr. Connolly. Yes, but in this case, Mr. Leonard, the
originating agency didn't want it to be classified.
Mr. Aftergood. I think the short answer to your question is
that each agency has classification authority over its own
information. And in the dispute you're referring to, I think
the intelligence community considered that the information at
issue was its information, even though it was in the State
Department document----
Mr. Connolly. And the State Department----
Mr. Aftergood. The State Department said: No, it isn't.
Mr. Connolly. That's right. The State Department took
direct issue with that saying: We understand that's what you
think, but that's not how we got the information.
Mr. Aftergood. Yeah.
Mr. Connolly. And then we could even add another layer. So
let's hypothetically say we invite the FBI, a nonpolitical
organization, to come and look to see if there were violations
of our secrecy laws. Well, how is it supposed to determine
whether a violation occurred when the two major agencies or
entities looking at classification have unalterably different
views about the nature of the document, the sourcing of
document, and what it should be classified as?
Mr. Blanton. Part of the problem for the Federal Bureau of
Investigation is it's part of the intelligence community, so it
leans one way on that question. And the real answer to your
question, is it classified or is it unclassified, the answer is
both. And that's the reality of our classification system. I
showed you documents here that are both classified and
unclassified simultaneously because different people or
different agencies or sometimes the same reviewer came to a
different conclusion.
Mr. Connolly. I know. But there's a certain, Mr. Blanton,
Kafkaesque quality to this. I mean, I was a staffer on the
Senate Foreign Relations Committee a long time ago. Right? And
we were very careful about classified material and how it was
stored and make sure it was never on your desk, and as are
executive branch employees. Well, if I got one agency saying
that's--you know, ``Give it to your grandmother; I mean, it's
unclassified,'' and the other one saying, ``Don't you dare;
it's classified,'' what's my liability as an employee? I'm
trying to be diligent. What is it? And am I exposing myself by
leaving it on my desk, for example?
Mr. Aftergood. The executive order on classification
includes provisions for resolving disputes about implementation
of the order. Ultimately, those disputes can be directed to the
Attorney General and, you know----
Mr. Connolly. Yeah, but, Mr. Aftergood, that's not how it
works practically.
Mr. Aftergood. It's not. No.
Mr. Connolly. Somebody goes around--listen, I was in the
private sector and I was the OODEP. I was the head of all of
this for a private sector entity. We went around checking to
make sure nobody was sloppy. And that's not going to go to the
Attorney General. You've got a ding on your mark, Mr. Blanton,
because I saw that document on your desk. Well, in good faith,
you were counting on the State Department judgment it was not
classified. There was no issue. And I'm deciding as, you know,
the security chief that I don't care; the intelligence
community is what I listen to, and they said it is. I mean, it
puts people at risk. And, frankly, I'm glad it could be
arbitrated at some point, and I'm certainly glad the Attorney
General can ultimately adjudicate. But if we're talking about,
you know, thousands of documents, thousands of judgment calls,
I think you mentioned it was subjective, but disputes between
agencies are a real dilemma for people trying in good faith to
comply with the law.
Mr. Aftergood. You are absolutely correct. And the
arbitration is really a technicality. The reality is that these
kinds of disputes drive the issue to the lowest common
denominator. They result--when there's doubt, they end up
adopting the view that it's classified.
Mr. Connolly. Thank you.
Mr. Blanton. And the executive order says, when there's
doubt, it should not be classified. And exactly the opposite
happens. So my answer to your question: Send it to your
grandmother. Send it to your grandmother.
I have an opinion from Mr. Leonard when he was the head of
the Information Security Oversight Office, he said: If the
National Security Archive got a version of this document under
legal authority, declassified with somebody with the power to
do that, you can take it to the bank. You can keep it on your
Web site. Even if somebody else at the Energy Department or
Defense says, ``Sorry, Mr. Blanton, that's classified,'' no,
wrong. Send it to your grandmother.
Mr. Hice. Thank the gentleman.
Now recognize Mr. Grothman for 5 minutes.
Mr. Grothman. Sure. First question I have, and this is
really for anybody that wants to answer it. In the stuff that
we have here, we're told the government spends $16 billion on
classification activities and $100 billion over 10 years, which
is a stunning amount of money. And if it's $100 billion over 10
years, it must be going up like a rocket. And I assume that
means like $5 million 10 years ago and $16 million today. Does
anyone care to comment on, is that a good investment of funds?
And how do you wind up spending that amount of money? I mean,
it just seems like a phenomenal amount of money. Do you think
it's accurate?
Mr. Leonard. That's a difficult thing to evaluate. Let's
put it this way. I spent many a year in the Defense Department.
And I had to deal with the consequences of major failures,
major compromises in espionage cases and things along those
lines. And what the challenge is, is that, whether rightfully
or not, the mentality is, is zero tolerance for those types of
things. How many espionage cases are you willing to endure? How
many major leaks or releases of--unauthorized releases are you
ready to endure? The mindset is zero tolerance. And as a
result, there tends to be a lack of risk management. And when
you have a lack of risk management, you end up paying premium
dollars then.
Mr. Grothman. Even though those numbers are accurate
though: $16 billion bucks----
Mr. Leonard. Those numbers are at least accurate from the
point of view that they show, I think, consistent trends from
year to year.
Mr. Grothman. Okay. We have a new ISOO director, Mark
Bradley. Does anyone want to give us their opinion? Do you
think that's a good pick? And what goes into making a good
pick?
Mr. Aftergood. You know, it was never going to be an
openness advocate who led the ISOO. But I think Mr. Bradley is
a good pick because he has a broad understanding of the
problems of secrecy. He was an aide to the late Senator
Moynihan and is well attuned to an understanding of the
problems that the secrecy system suffers from. He also, as a
former intelligence officer and a DOJ national security lawyer,
has a degree of credibility with the national security agencies
that others might have trouble matching.
Mr. Grothman. Okay. Go ahead.
Mr. Blanton. Just the proof's in the pudding. We look
forward to meeting with Mr. Bradley as soon as he's on the job.
You can look at the Information Security Oversight Office's
previous Directors like Steve Garfinkel and Bill Leonard and
Jay Bosanko, and you can see those folks made some real
differences in the security system in a more rational
direction. I can hope for that trend to continue.
Mr. Amey. Certainly, we hope that they reach back out to
our community. I mean, that's one of the nice things with all
the gentlemen that Mr. Blanton just mentioned is they have been
very open. There's been a dialogue back and forth, and they
know that there is a burden on secrecy but then on openness and
have, you know, provided the proper weight test to that. And
that has been, I think, beneficial to the system.
Mr. Grothman. Okay. There was an inspector general report
in 2013 that said that 33 percent of DIA employees didn't
understand their role. And even more outrageous in that report,
they said 80 percent of the documents reviewed were
misclassified. I guess, first of all, I should ask you how many
different classifications there are, because it seems like you
could almost throw darts at a dart board and do better than
that. But could you comment on that and as to why that happens?
Comment on it. Do you think things are better today than it was
3 years ago? That seems--or maybe it was a flawed report. Can
you--are you familiar with the report?
Mr. Leonard. I would suspect it's not a flawed report. I
think, based on my experience for over 40 years, that's rather
typical. It's a reflection of, as much as we spend tax dollars
to investigate people, to establish secure IT systems and
things along those lines, we do not spend a comparable amount
of money in terms of trying to train people in the basics. One
of my concerns is, is that, you know, we make a distinction
between original classification and derivative classifications.
My experience has been is that when people ostensibly are
derivating classifying information, they're actually just
classifying information based on gut instinct, more than
anything else.
Mr. Grothman. Any other comments? By the way, unless I'm
doing the arithmetic wrong--and I did it twice--on the cost of
this thing, for that, you could hire 200,000 people at 80 grand
compensation a year. That's how much we're spending on
classification--200,000 people. Now, I realize some of it's for
things, not people, and maybe some people are making more than
80 grand a year, but my goodness. My time is----
Mr. Hice. Thank the gentleman.
The chair recognizes Mr. Lynch for 5 minutes.
Mr. Lynch. Thank you, Mr. Chairman.
First of all, I want to thank the panel for helping us
think about this and how we might approach the problem. I had
the pleasure of working with Mr. Massie and also Walter Jones
on the 28 pages. It took us 15 years to get that information
out there, which is far too long. It was interesting because,
as we were asking for disclosure and declassification, the
administration was pushing back and saying: No. This is too
sensitive. We had some of the agencies saying: No. It's methods
and sources. And then, finally, when it was eventually
declassified, they flipped. They flipped and said: Well,
there's nothing here. And it's--the information is not valid.
And they took a totally different tack.
We're now struggling with the DEA and the FBI in regard to
classified--excuse me, confidential informants. So we've
learned from the Office of the Inspector General for the DEA
that we've got 18,000--they've got 18,000 confidential
informants out there that are under contract being paid by the
DEA, and last year, we spent $237 million paying confidential
informants. And Congress knows zero about that. They don't know
about the crimes they've been committing. They don't know the
way they're operating. The DEA headquarters isn't intimately
involved. This is all being operated at the field level. So
that's--and that's just the DEA. From our conversations with
the FBI, I believe that the numbers are double, probably about
$500 million that the FBI is paying the confidential
informants. Probably double the number. Probably in the area of
30,000 or 40,000 informants, confidential informants. That is
totally out of our purview.
So I'm wondering--you know, you've all hit on this, you
know, with the interagency panel reviewing classifications--is
there some way to supercharge that process? Because it is
painstakingly slow, and it doesn't work in the timeframe in
which the information would be useful to us.
Mr. Leonard, I know that you said that the last time
somebody took a good swing at this was during the Clinton
administration in your remarks, your earlier comment. Is there
some way we can get this interagency declassification review
panel resourced and equipped to give Congress, and I've seen--
I've seen my colleagues across the aisle tear their hair out
when they couldn't get information, and I've been in the same
position. Is there some way that we can formalize this process
to get the information in a timely manner that should be
public?
Mr. Leonard. One way I would suggest would be to make
provisions to allow appeals directly to that panel under
certain circumstances. Right now, requesters have to go to the
individual agency. If they get turned down in whole or part,
they have to appeal to that same agency. And it's only after
that process then that they can go to this interagency panel.
And even that interagency panel, then, has its own coordination
things which can be problematic, but which is a lot easier to
address. But the individual agency time delays is--can be
problematic. Also, for purpose of Congress, Congress does have
the public interest declassification board that they can refer
to. And that is another avenue that, quite frankly, I never
believed is utilized enough. But that's another avenue.
Mr. Lynch. Yeah. To expedite it, you know, maybe we've just
got to figure this out legislatively to introduce an expedited
process where the information we believe is so critical. And I
guess, you know, I'm just thinking, is there a way to get the
judiciary involved here so they would review--I don't want to
create a political question that the courts can't rule on, but
we're being stonewalled in wide areas of public interest. And I
feel like it's hampering Congress' ability to do its job.
Mr. Leonard. Well, one of the things is the interagency
panel is actually exercising on behalf of the President. It's
exercising his article II authority. And the Public Interest
Declassification Board. Ultimately, they just make
recommendations to the President, who makes the final decision.
So from that point of view.
Mr. Lynch. Mr. Amey, you got something you want to add? Or
Mr. Blanton?
Mr. Blanton. Yes, sir. You mentioned sources and methods is
a blame. And then I think this goes right to you informants
problem, and it goes right to one of the big drivers of
classification, which is, under the current statutory system,
anything that's a source or a method can be claimed to be
withheld, whether or not it's release would actually harm a
security value or get a source killed. And I think Congress can
take very simple action, both in the intelligence field and the
law enforcement field, to say sources and methods is not a
burka. It should over-cover the things that would do damage,
get somebody killed, ruin an investigation. Right now that
identifiable harm standard, which is now in the Freedom of
Information statute, it doesn't apply in this informants and
sources method. It needs to apply. Congress has to take that
action.
Mr. Lynch. Yeah. Mr. Amey.
Mr. Amey. And that recommendation was actually in the
Moynihan Commission report. And it hasn't been acted on now in
almost 20 years since. And so it may be time for Congress to
enter that world.
Mr. Lynch. Yeah. I know that Attorney General Reno issued
some guidelines, but they're not being followed right now. I
actually have legislation. I don't even want to know who the
confidential informants are. I just want to know how many are
out there, what they're being paid, and what crimes, if any,
they have committed while they've been part of this government
program. And we have had a difficult time getting that through.
But thank you.
That's all I have, Mr. Chairman. Thank you for your
indulgence. I yield back the balance of my time.
Mr. Hice. Thank the gentleman.
The chair now recognizes Mr. Duncan for 5 minutes.
Mr. Duncan. Thank you very much, Mr. Chairman, and, first
of all, I want to say that--I want to go on record as saying I
agree with Mr. Grothman in saying that I'm astounded by the
amount of spending that's being done on this, this $16 billion
estimate and over $100 billion over the last 10 years. I think
we lose sight up here of how much a billion dollars actually
is.
But having said that, I had two other meetings, and so I
didn't--unfortunately, I didn't get to hear your testimony. And
I apologize if you've gone into some of this earlier. But, Mr.
Blanton, in skimming over some of this testimony, I was
fascinated by your report about the Moynihan Commission and
that we went through all this 20 years ago, basically. And also
I think the thing that impressed me the most was, I mean, there
seems to be general agreement here today that there is a real
problem of overclassification. But I saw where Mr. McDaniel--
who was President Reagan's national security adviser said that
only 10 percent of what's being classified probably really
needed to be classified. Is that correct? And why do you
think--you mention there that this was a tremendously
bipartisan commission. It had Jesse Helms and Daniel Patrick
Moynihan and various others. And obviously you're disappointed
that not--or very little was done with that--those
recommendations. Why do you think that was? And do you think we
should take another look at that? What do you--just go into
that a little bit for me.
Mr. Blanton. Yeah. I think in the testimony I quoted Mr.
McDaniel, who the Moynihan Commission quoted, and said that
based on my experience with few million pages of declassified
documents, he's right, especially about the historical
materials. I think an estimate that's closer to reality for
current material, the material related, say, on terrorists and
ISIS, that the best estimate really came from the Republican
head of the 9/11 Commission, Tom Kean. He said 75 percent of
what I read about Al Qaeda and Osama bin Laden that was
classified shouldn't have been, and we'd have been safer as a
country. So I think the ranges in there, the 75 to 90, it's a
bureaucratic problem. Bill Leonard knows it better than anybody
from both the inside and the outside. Steve Aftergood's been
studying it for, lo, these many years. POGO. Every incentive is
to classify. There's almost no disincentive. There are no
penalties. There has to be--I think this is the main reason why
Congress needs to take action. Because you all can change the
minds of the bureaucracy and how it actually works. You can,
you know, change the law and their hearts and minds will
follow.
Mr. Leonard. I actually believe that the executive branch
and general agencies in particular actually want the ambiguity
because the ambiguity gives them almost unlimited discretion in
dealing with issues. And, yes, it results in dumb things. But
it's the ultimate trump card to pull out, whether you're
dealing with the courts, whether you're dealing congressional
oversight or whatever. Nobody wants to be the one who
compromises truly sensitive information. And so there tends to
be this overdifferentiation to any sort of assertion. And more
often than not, that's what it is; it's a simple assertion. It
cannot be demonstrated that it truly should be classified.
Mr. Duncan.Well, there's so many other things I would like
to add or comment on, but Mr. Amey, I'm assuming that you--you
know, this committee has requested through the years a great
deal of classified material. And do you think that agencies are
classifying some material or a lot of material that really
doesn't need to be classified just to avoid or get around
congressional--effective congressional oversight?
Mr. Amey. Yes. But it's hard to know at what level. You
know, I don't know what I don't know. And that's--
unfortunately, when something shows up and it's a blackened out
page and it's marked ``classified'' or, you know, and then some
FOIA exemption attached to it, at that point, it's hard to
know. Sometimes we do get documents released to us. And at that
point, then you can do the comparison. And so, you know, that
can add and that can allow you to ask some questions. But, you
know, unfortunately, with the amount of classification that we
have, it's very difficult to put your finger on a--you know,
the experts that have taken a look at it, the 75 to 90 percent.
But the culture, I mean, I think that's it, is, even after 9/11
with the 9/11 Commission, you have a culture to--the default
setting is err on the side of caution.
Mr. Duncan. Well, I've run out of time. But I will say
this. We're going to have to, it seems to me, to go to much
more of a carrot-and-stick approach on all of this and
incentivize good behavior and penalize bad behavior in this
area.
And at any rate, Mr. Chairman, thank you very much.
Mr. Hice. Thank the gentleman.
The chair now recognizes Ms. Lujan Grisham for 5 minutes.
Ms. Lujan Grisham. Thank you, Mr. Chairman.
And hearing some of the comments at the tail end, add you
may have to repeat some of that. Because representing my
district--and, of course, New Mexico, we're home to world-class
national security, defense, operating labs and related defense,
both private and public sector, institutions and businesses.
And I understand unequivocally the need for being very clear
that sensitive, classified security aspects related to
information, that we have to be very clear about protecting the
integrity of the those systems and that information. Having
this committee work on furthering our effort at transparency
and recognizing that, across agencies, that we don't have an
effective handle about who's determining and what parameters
apply and what circumstances before, during, and after
information is being shared in a variety of what I would call
sort of post- and pre-security issues, I also worry about
unintended consequences. And being a longstanding bureaucrat, I
could argue either way that having ambiguity can be a
protective mechanism to not change anything because you fear
those unintended consequences and your own accountability,
particularly here where national security is at stake, right?
There's no incentive, you know, to be a little bit--to talk
about being less risk-averse when we need better transparency
in order to inform ourselves in a way that's productive so that
you can do policymaking and you can increase the way in which
we address national security issues, both in the Congress, both
in the bureaucracy, and defend and secure the Nation.
But I also know that it's very frustrating not to have
clear direction so that you can make recommendations and
include reforms. It's both.
And so, to provide those leaders with better guidance, help
me with some very specific ideas about balancing our efforts,
the need for transparency and the clear issue that we have,
which is also protecting classified secure information and the
national security interests of this country, because my
constituents are going to say--and they're right--be very
careful about unintended consequences here. Because once it's
out of the box, it's out.
Anyone?
Mr. Aftergood. I think one way to understand the issue is
that classification is treated as a security function,
understandably. The people who are making the classification
decisions are asking about the security consequences of
disclosure. That's fine. That makes perfect sense. The problem
is that security is not the only consideration because
classifying has implications for oversight. It has implications
for public understanding, for diplomacy, for technological
development. It can have all kinds of other implications. And
to ask the security officer to, you know, weigh the public
interest or weigh the diplomatic effects is totally
unrealistic, I think. So where that takes me is that in areas
of significant interest by Congress or the public, there needs
to be an additional venue where this original security
classification decision can be reconsidered in the light of
broader issues. What is the public interest? What is the need
for oversight? What are the undesirable unintended consequences
of continuing to classify? Don't ask the poor security officer
to make this complicated assessment. Take it somewhere else and
reevaluate it in light of the big picture.
Ms. Lujan Grisham. Anyone else? That is in and of itself
sort of a balance and a chance for a re-review, as a lawyer and
what I would fashion as sort of an appellate aspect. But,
again, making those decisions and then creating the parameters
for asking for that guidance is also a set of reforms that can
also have unintended consequences. Are there specifics in that
regard? And the concept, I think, is one that I think I'm very
interested in, but getting to the concept, are there ways to
include the agencies in terms of their recommendations about
what those parameters would look like, without having them sort
of protect their own interests, because that's the other
problem, in a way that doesn't get you then to that appellate
level, which gets us right back where we started?
Mr. Aftergood. Right. You know, we really need more
experimentation in this area than what we have had. I think one
model is this ISCAP model, this interagency panel that has been
discussed. There may be others. You would want the voice of
security represented, of course, but it would not be the only
voice, so you would want diversity, diversity of opinion and
perspective brought to bear. You would also want to define who
could elevate the issue, a congressional committee, maybe just
a Member of Congress. You know, who else could ask for this
kind of review and under what circumstances? These are all
questions that could be hashed out. I don't think the answers
are obvious. They might not become obvious until they are tried
in practice.
Ms. Lujan Grisham. Mr. Chairman, thank you very much for
giving me this extra time, and thank you very much for weighing
in on what I think is a really critical issue for us to deal
with. So thank you.
Mr. Hice. I thank the gentlelady. The chair now recognizes
Mr. Amash for 5 minutes.
Mr. Amash. Thank you. I yield my time to the gentleman from
Kentucky, Mr. Massie.
Mr. Massie. I would like to thank the gentleman from
Michigan. I have got tons of stuff I want to discuss. I am
going to try and get three things in the last 5 minutes. The
first two fall under the category of ``there is good news,
but.'' Okay. There is good news in terms of the intelligence
budget, right, because the 9/11 Commission recommended that at
least the aggregate number be disclosed. And so it is
disclosed. And the executive branch actually in this case does
a better job than the legislative branch. They disclose their
request for the budget.
But the situation we had last week is you had 435 Members
of Congress, probably less than 80 knew what was in the budget,
but they all voted for it. And they can find what is in it 2
years from now. The 2015 number I can tell you. It is on the
Web site. We still don't disclose the top-line number,
aggregate number, for intelligence appropriations until a year
after it has been voted on. So that is the good news, is it is
disclosed. The bad news is most of Congress is voting on it to
see what is in it.
Now, they could gown to the SCIF, like my colleague from
Michigan and I did, and see what is in it, so that is the good
news. But some of this is just lack of attention on our part.
Another ``good news, but'': Mr. DeSantis capably but
appropriately pointed out the executive branch has to have
secrets to conduct diplomacy, et cetera, et cetera. And then,
Mr. Blanton, you talked about how you could use the power of
the purse. Well, there is one department that does effectively
use the power of the purse for oversight, and that's the
Intelligence Committee. They don't give the intelligence
community a tranche of money and say: Okay, you have no strings
attached, and we don't want to know anything until next year.
They're continuously--that money is contingent upon certain
things. And also when certain things happen, they have to be
reported back to that committee.
The Judiciary Committee would do well to follow that
example. The Judiciary could fence money and say: Look, we're
going to give you part of it, but you are not getting the rest
of it until we get this answer. So, to the theoretical point of
can you get this information from the executive branch or can
you not, based on the Constitution, and Article I versus
Article II, well, the answer is what you provided, Mr. Blanton:
The key is in the power of the purse, and you can always get
that information. So that's the good news, is that you can get
the information, and the Intel Committee does it. The bad news
is DOJ doesn't do it. And the other bad news is the Intel
Committee controls this information very tightly, and it is
hard for a rank-and-file Member to access that. It is basically
20 questions in a SCIF without staff and no notes walking out.
So that is the bad news.
And if I have time, I will let you all comment on that. But
here is the third thing I want to talk about, and I think it
falls within this committee hearing today, and this question is
for Mr. Aftergood. The Federation of American Scientists keeps
a bootleg copy of all the Congressional Research Service
reports. Is that correct?
Mr. Aftergood. Not all, but many.
Mr. Massie. Well, the ones that you can obtain?
Mr. Aftergood. Yes.
Mr. Massie. The Congressional Research Service, for those
that don't know about it, is this enormous, wonderful resource
available to Congressmen. And they have got all the historical
context for the reasons of things, and they prepare these
wonderful reports, but they're confidential to Congress. And
the irony here is I could disclose them to a constituent, but
the CRS has no clearinghouse for this. The greater irony is, on
a weekend, I go to your Web site to find out what the
Congressional Research Service has prepared. How ridiculous is
that? I would like your comment on that, Mr. Aftergood.
Mr. Aftergood. There has been a lot of talk lately about
fake news and how it is corrupting our public discourse and so
forth. To me, I think of CRS reports as kind of the antidote
and the opposite of fake news.
Mr. Massie. We get a lot of fake information here in
Congress from various sources.
Mr. Aftergood. We all need to be critical consumers, but I
think the CRS products on the whole are extremely informative.
They are balanced. They aim to educate. If you read them, you
are going to get smarter than you are.
Mr. Massie. That is not hard to do for a Congressman.
Mr. Aftergood. Well, or for a citizens. I don't have too
big a chip on my shoulder about doing this. I would just as
soon Congress do it the right way. I think you have a product
that you can be proud of, and you should be making it available
to the public. Until that happens, I hope to be able to
continue doing it through the Federation.
Mr. Massie. I hope you do too because I need access to that
on weekends. Thank you very much.
Mr. Leonard. And I would only suggest: It is the end of the
year; you might want to contribute to Steve's Web page.
Mr. Hice. I thank the gentleman, and I also want to extend
a sincere thanks to each of our witnesses for appearing before
us today.
If there is no further business, without objection, the
committee stands adjourned.
[Whereupon, at 11:08 a.m., the committee was adjourned.]
[all]