GAO policy reflects security concerns

After U.S.-led military forces discovered a report from the Government Accountability Office in a cave in Afghanistan in November 2001, GAO officials instituted a new policy of not publishing certain reports on the Internet for national security reasons.

The report that was found includes details about federal buildings and facilities that could be useful to terrorists. Since December 2001, GAO officials have designated 15 reports as unsuited for public Web access for security reasons, a policy they say is reasonable, but some researchers question it.

More than 99 percent of the 1,400 reports, testimonies and legal documents that GAO officials publish annually are listed and available to the public on GAO's Web site. For a publication to be designated NI, or non-Internet, agency officials must convince GAO officials that the document contains information too sensitive to post on the Web.

"We work in concert with the agency to determine an NI designation," said Jeff Nelligan, GAO's managing director of public affairs. "The whole point is to make the information not as easily available, given the agencies' concerns."

However, some critics of the policy say the designation appears to be made arbitrarily. "The only criteria they seem to have is that an agency asks them to do it," said Patrice McDermott, deputy director of the Office of Government Relations at the American Library Association. "There are legitimate reasons that information wouldn't be put out on the Internet, but they need to have clear criteria."

Reports not published on the Web are still available to the public by mail or

fax, but only on request.

Steven Aftergood, director of the Project on Government Secrecy at the Federation of American Scientists, said he disagrees with the delisting policy. "As a security policy, it's nothing more than a gesture," he said. "It doesn't represent a qualitative increase in security."

Aftergood said the policy is an imperfect response to the challenges of the Web. "I don't believe that terrorists are spending a lot of time [in] the GAO online archive," he said. "The biggest threat for most GAO reports is that they will put the reader to sleep."

As GAO officials impose access restrictions, their counterparts at the National Institutes of Health have moved toward a completely open publishing policy. In a recent Federal Register notice, NIH officials said all researchers who receive public funding must make the results of their studies, regardless of the content, accessible and free to the public via the agency's Web database, PubMed Central.

The requirement states that officials must post NIH-supported research results on a public Web site no later than six months after the work is published in a professional journal. It applies to all recipients of research grants, cooperative agreements, contracts and National Research Service Award fellowships.

In assessing GAO's policy, some free press advocates said they don't understand its specifics, but they do understand the caution. Pete Weitzel, coordinator of the Coalition of Journalists for Open Government, said he is also concerned about security.

"If you can still get the information, they are not making it that much more

secure," he said. "It doesn't make a lot of sense to me, except for getting people to identify themselves."

With few exceptions, GAO officials make their reports available to the public on the Web — unlike another congressional agency, the Congressional Research Service. Officials there do not publish any reports on a Web site to which the public has direct access, Aftergood said.

McDermott said GAO officials could improve the NI policy by clarifying the criteria they use for designating publications. "They should index the information and perhaps put up an annotation that says why this information isn't available," she said.

Alternatively, they could offer public and nonpublic versions of certain reports, but the existence of a report shouldn't be hidden, McDermott said.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.