Records Management

Calls to overhaul classification system grow louder

Image of Classified Key

Many in the security community have argued that the government’s current processes for classifying and declassifying information is outdated, but now an advisory committee established by Congress is calling on President Barack Obama to fix the broken system.

Digitized information, outdated practices and an explosion in access to classified information all contribute to the dysfunction of a classification system that has not been overhauled in its 70 years of existence, according to the Public Interest Declassification Board. The PIDB argues that it will take a presidential lead to revamp the system, with IT and new policies playing central roles in modernizing the way the government handles information.

“We believe the current classification and declassification systems are outdated and incapable of dealing adequately with the large volumes of classified information generated in an era of digital communications and information systems,” Nancy Soderberg, the board’s chair, wrote in a recently released letter to Obama dated Nov. 27. “The government’s management of classified information must match the realities and demands in the 21st century.”

The current system hinders government openness and could even pose a threat to the U.S., Soderberg and others have noted.

“The classification system exists to protect national security, but its outdated design and implementation often hinders that mission. The system is compromised by over-classification and, not coincidentally, by increasing instances of unauthorized disclosures. This undermines the credibility of the classification system,” she wrote.

The PIDB report includes 14 recommendations to Obama for transforming the security classification system, which include simplifying it into only two classification categories – currently there are several, including top secret, confidential and secret – as well as automated declassification for certain information. It also recommends improving information management practices and using pilot programs to evaluate, share and scale technological solutions among agencies.

“Available technologies are rarely used to meet current needs; neither are agencies preparing to use these technologies to handle the enormous volume of digital records. As a result the government is currently unable to preserve or provide access to a great many important records,” the report stated.

The report also made note of the overclassification of information, with trillions of pages of digital files being classified every year.

“Classification is a clumsy tool that prevents people from getting information they need,” said Andy Greenberg, senior reporter at Forbes and author of the new book “This Machine Kills Secrets: How Wikileaks, Cypherpunks and Hacktivists Aim to Free the World’s Information.” “[O]verclassification has been a big problem. Obama classified more info than [President George W.] Bush by a whole order of magnitude.”

That volume of classified information has ripple effects as well – more classified data means more people need cleared access in order to carry out national security duties.

The PIDB report noted that access for cleared persons is another challenge to the system, and in a draft version of a presidential executive order on cybersecurity, one measure includes accelerating security clearances in order to adequately access and share cyber threat information.

“Another thing spelled out [in the executive order] is expediting security clearances for people working the critical infrastructure side of this. That’s been needed for a long time, and then it goes even further to expedite bringing in outside consultants on temporary assignments who can help address the issues more quickly and in a more collaborative fashion,” said W. Hord Tipton, executive director of (ISC)2 and former CIO at the Interior Department. Tipton also noted much of the information being classified “probably doesn’t need to be.”

At the Defense Department, officials already have begun tackling the overclassification issue, according to the Federation of American Scientists’ Secrecy News Blog, which last month posted an Oct. 3 DOD IG memo announcing a probe into DOD classification processes.

In July, the FAS blog also noted that nearly 5 million government workers and contractors have clearances to access classified information.

“The number of folks with access to [classified] information has been exploding. This idea of truly secret information as shared between millions of people – that is a kind of paradox that is unsustainable,” Greenberg said.

The PIDB report also characterizes the current classification system as unsustainable, but also references a pervasive denial of the problem within the government – fixable, perhaps, only by leadership at the highest level.

“It became clear to the Board that only by exploiting current and developing new technologies and applying them in an improved policy framework will the national security community be capable of managing the growing volume of electronic information created in the digital age,” Soderberg wrote in her letter to Obama. “There is little recognition among government practitioners that there is a fundamental problem. Clearly, it will require a presidential mandate to energize and direct agencies to work together to reform the classification system.”

The 2014 Federal 100

Get to know the 100 women and men honored this year for going above and beyond in federal IT.

Reader comments

Thu, Dec 13, 2012

Everyone knows 'when in doubt, mark it classified' is SOP. And thus everyone knows most classified items really should not be, and nobody takes it seriously. It is security theater, not much more effective than TSA at the airports.

Wed, Dec 12, 2012 Paul

There is no doubt that overclassification is a problem. Back in the 80's, one military site ordered its toilet paper as a secret message with a high priority. However, leveraging technology and expediting the clearance process is not the answer. The only answer is to provide clear guidance on what type of information should be classified. and a clear definition of what harm could come from releasing classified information. For instance, there is no clear definition of what "sensitive but unclassified" means but the name has been changed from FOUO, to SBU, and the latest one which I won't name.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above