Information Security Oversight Office (ISOO)

1997 Annual Report

Information Security Oversight Office
National Archives and Records Administration
700 Pennsylvania Avenue, NW
Washington, DC 20408

August 31, 1998

The President
The White House
Washington, DC 20500

Dear Mr. President:

We are pleased to submit the Information Security Oversight Office's 1997 Report to the President.

In this, the second year of implementation of Executive Order 12958, the executive branch continues to report further achievements. Specifically, the program enjoyed a second straight year of unprecedented achievements in declassification and noted decreases in the number of original classifiers and the estimated costs of the system. In the declassification program, agencies of the executive branch reported declassifying over 204 million pages of records having permanent historical value. Combined with the figures reported for fiscal year 1996, the Order's first year of implementation, the executive branch has declassified over 400 million pages of records under this Order. This achievement is extraordinary. In two years under your Executive order, the agencies have declassified 56 percent more pages than in the prior 16 years combined.

When E.O. 12958 took effect in FY 1996, you called upon agency heads who have original classification authority to review carefully the number of officials within their agencies to whom they delegate this authority. In FY 1997 they again responded by reducing the number by over 400 individuals. We believe that some further reductions may be possible. However, it appears that some executive branch agencies are approaching the minimum necessary for effective operations.

We again report a decrease in the costs of implementing the security classification system. While Government agencies reported cost estimates 28 percent higher than in fiscal year 1996, industry achieved a dramatic 73 percent decrease in its cost estimates, thus creating an overall decrease in the program. We believe the increase for Government stems largely from the agencies' ability to estimate these costs more accurately. Moreover, a significant portion of the increase is reflected in the costs of information systems security. For industry, the dramatic decrease represents the affect that appears to be resulting from the consolidation of defense contractors.

Because of expressed interest in the declassification programs established under the Executive order, agencies also identified that portion of the cost estimates attributable to declassification programs. For FY 1997, the agencies reported declassification cost estimates of $150,244,561, or slightly less than five percent of their total cost estimates.

Despite these very positive trends, we are concerned about the increase in classification activity for the second year in a row. While the reasons appear to be related to changes in the statistical collection methods rather than to increasing classified programs, we believe that the emphasis on declassification, combined with decreasing staff size, may be adversely limiting attention to classification standards and activity. Increased oversight and commitment by ISOO and the agencies are needed to curb this trend and to help ensure that the goals of the Order are met.

Respectfully,

Steven Garfinkel
Director

Summary of FY 1997 Program Activity

The following FY 1997 Report to the President is the second report under E.O. 12958. The following data highlight ISOO's findings.

Classification

  • The number of original classification authorities decreased by 410, to 4,010.
  • Reported original classification decisions increased by more than 53,625, to 158,733.
  • Reported derivative classification decisions increased by 676,904, to 6,361,366.
  • The total of all classification actions reported for fiscal year 1997 increased by 13 percent, to 6,520,154.
  • DOD accounted for 65 percent of all classification decisions; CIA, 31 percent; State, 1 percent; Justice, 1 percent; and all others, 1 percent.

Declassification

  • Under Automatic and Systematic Review Declassification programs, agencies declassified 204,050,369 pages of historically valuable records.
  • Agencies received 3,193 new mandatory review requests.
  • Under mandatory review, agencies declassified in full 50,181 pages; declassified in part 41,961 pages; and retained classification in full on 19,753 pages.
  • Agencies received 95 new mandatory review appeals.
  • On appeal, agencies declassified in whole or in part 944 additional pages.

YEAR TWO Implementation of the Automatic

Declassification Provision of
Executive Order 12958 -- "Classified National Security Information"

I. BACKGROUND

Executive Order 12958, "Classified National Security Information," signed by President Clinton on April 17, 1995, and effective on October 14, 1995, is a radical departure from the secrecy policies of the past. The first order to revise the security classification system since the end of the Cold War, E.O. 12958 includes major changes which should result in fewer new secrets and significantly more information being declassified. At the same time, the Order includes all of the necessary safeguards to protect appropriately classified information. Fiscal Year 1997 is the second full year of the Order's policies.

The declassification provisions of Section 3.4 contain the most far-reaching reforms in the new security classification system. This section, entitled "Automatic Declassification," requires the automatic declassification of most historically valuable information that is 25 years old. In the past, these older classified records remained classified indefinitely. Under E.O. 12958, these same records, including what may be billions of pages created over the past 50 years, will become automatically declassified five years from the issuance date of the Order, or April 17, 2000. In order to keep information classified beyond 25 years, agency heads must be able to demonstrate that particular information falls within a narrow exception to automatic declassification. That determination is then subject to outside review by an interagency panel of senior officials.

In effect, E.O. 12958 reverses the resource burden. Unlike the prior systems, in which agencies had to expend resources in order to declassify older information, under E.O. 12958, agencies must expend the resources necessary to demonstrate why older, historical information needs to remain classified.

II. PAGES DECLASSIFIED

Data collected and analyzed by ISOO, and reported in greater detail in the "Declassification" section of this report starting on page 27, show that the agencies of the executive branch continue to declassify historically valuable documents in numbers unprecedented before the issuance of Executive Order 12958, "Classified National Security Information." E.O. 12958 went into effect early in fiscal year 1996. In FY 1997, executive branch agencies declassified over 204 million pages of historically valuable records. This represents more than a 4 percent increase from the 196 million pages that the agencies declassified in Fiscal Year 1996.

In other words, during the first two years that E.O. 12958 has been in effect, executive branch agencies have declassified more than 400 million pages of historically valuable documents. Added to the approximately 69 million pages declassified in FY 19951, in just the past three years, the executive branch has declassified more than 70 percent of the pages of historically valuable documents that have been declassified since 1980.

1In FY 1995, the agencies of the executive branch declassified 24 million pages, and the President, through an Executive order, declassified an additional 45 million pages of documents within the National Archives of the United States.

Interim Targets

To meet the President's declassification targets detailed in Executive Order 12958, executive branch agencies were to declassify during FY 1996 at least 15 percent of their total records subject to the Order's automatic declassification provisions, "and similar commitments for subsequent years until the effective date for automatic declassification," i.e., April 17, 2000. Existing records subject to automatic declassification have been appraised as historically valuable and will be at least 25 years old in April 2000.

The data provided to date continue to indicate uneven accomplishment among the agencies of the requirement to declassify significant portions of the subject records each year. Some of the larger classifying agencies are only now beginning to declassify records in significant numbers. However, the National Archives and Records Administration (NARA) has done an extraordinary job in declassifying various agencies' records within the National Archives of the United States. From the data currently available, lSOO believes that the 400 million pages declassified by the executive branch in fiscal years 1996 and 1997 combined approach one-quarter of the total universe of classified pages subject to automatic declassification by April2000.

File Series Exemptions from Automatic Declassification

E.O. 12958 authorized the heads of agencies that originate classified information to designate particular file series of classified information to be exempt from the Order's 25-year-old automatic declassification provision. These series were to be limited to records replete with information that "almost invariably" fell within one of the categorical exemptions to automatic declassification. These exempt file series are subject to presidential approval. Agency heads direct them to the President through the Assistant to the President for National Security Affairs (National Security Adviser).

In June 1997, the National Security Adviser requested that ISOO review the agencies' proposed exempt file series, and advise him of ISOO's recommendations regarding their acceptance by the President. Assisted by staff members from NARA and the National Security Council, the ISOO team has nearly completed its review and is preparing to send its recommendations to the National Security Adviser as this report is being prepared.

As a result of the ISOO review, six agencies withdrew entirely their requests for file series exemptions. The remaining 10 agencies that requested such exemptions have significantly narrowed the scope of their requests. Perhaps most important, for each of the remaining file series proposed for exemption, the agencies have established fixed dates to review them for declassification.

Other Positive Trends

  • An unprecedented effort to declassify older historically valuable information is in place.
  • Agencies that have had only minimal declassification programs in the past are now engaged in significant declassification efforts.
  • Communication and coordination between agencies' security and records management staffs have improved tremendously from what was generally a very poor situation.
  • A declassification infrastructure has been established in every agency that originates classified information.
  • Communication among the agencies has increased significantly as they attempt to coordinate their declassification efforts.

Lingering Problems or Pitfalls

  • In practice, automatic declassification at 25 years (rather than at a later date) means that more information requires review, more information is proposed for exemption, less bulk declassification occurs, and the cost of compliance increases.
  • Start-up and compliance among the major classifying agencies has been uneven. Several agencies were very slow in getting started, and they find themselves in a difficult catch-up situation. In addition, many agencies spent a year or more attempting to gain sufficient knowledge about the scope of their classified holdings.
  • The rate of declassification at several agencies is lagging because of an apparent unwillingness to alter an extremely cautious approach to declassification. Several agencies will not declassify any information that has not undergone a line-by-line review by several reviewers, notwithstanding the age of the documents or their subject matter. This method of review is obviously the most time consuming and costly. As a result, a few agencies that to date have spent the most on their declassification programs have yet to declassify significant numbers of records, although substantial increases are anticipated.
  • Resource limitations are having a clear impact on agency compliance and oversight.
  • Agencies, on the whole, have been slow in providing NARA with the timely and complete declassification guidance that would permit NARA to declassify more information. Resource and records management limitations increase this tardiness.
  • In many cases, documents contain the classified information of several agencies (agencies with equities in the document). Dealing with multiple equities greatly complicates and delays the declassification review process.
  • In some instances, declassification activity has been so prolific that it exceeds the ability of agency systems and resources to process the records for public access, or even the ability to advise other agencies and the public about what information has been declassified.

PAGES DECLASSIFIED FISCAL YEARS 1980 - 1997

Pages in Millions

1980 - 24.6
1981 - 28.7
1982 - 16.8
1983 - 8
1984 - 11.5
1985 - 8.5
1986 - 14.5
1987 - 9.2
1988 - 5.1
1989 - 7.2
1990 - 12.3
1991 - 14.1
1992 - 9.5
1993 - 6.8
1994 - 11.5
1995 - 69
1996 - 196
1997 - 204

Interagency Security Classification Appeals Panel

The following is the verbatim text of "Highlights of Activities of the Interagency Security Classification Appeals Panel: May 1997-April 1998" issued by the ISCAP in the summer of 1998. Partial facsimiles of some of the documents declassified by the ISCAP follow. [not included here]


The National Industrial Security Program:

"Still In Transition and In Need of Renewed Commitment"

In 1991, the President formally established the National Industrial Security Program (NISP) through Executive Order 12829. Its ultimate goal then, to make the executive branch's industrial security program more efficient and cost effective, remains obtainable only if there is a resurgence of commitment and support from senior officials within the agencies with large numbers of classified contracts.

The initial success of the NISP was a direct result of the shared commitment and interest exhibited by top management within the critical agencies and the outpouring of cooperation by key representatives from industry. Recently, however, there is a growing sentiment within Government and industry that the transition to a fully functional NISP is in dire need of renewed attention by senior management. Symptomatic of these concerns is mounting frustration over the inability, despite repeated efforts, to replace the current Chapter 8 of the National Industrial Security Program Operating Manual (NISPOM), which provides guidance on information systems security. Despite a general consensus that the current Chapter 8 is deficient and out-of-date, the agencies have been struggling to reach agreement among themselves, much less with industry, over the form and substance of the prospective replacement. This chapter is crucial to the safeguarding and dissemination of almost all classified information, and these automated information systems constitute by far the most costly component of the information security program.

Consistent with ISOO's responsibilities under Section 102(b) of the Order, ISOO began a series of surveys in the early summer of 1997. The initial survey began with contractors located in the Boston, Massachusetts area, and was expanded to include contractors in the Albuquerque, San Francisco, and Washington Metropolitan areas. The purpose of the survey was to assess the level of implementation achieved by contracting agencies and contractors with respect to the overall objectives of Executive Order 12829, including:

  • Achieving uniformity in security procedures.
  • Implementing the reciprocity principle in security procedures, particularly with regard to facility and personnel clearances.
  • Eliminating duplicative or unnecessary requirements, particularly agency inspections of contractors' programs.
  • Achieving reductions in security costs.

Preliminary results indicate that some of the issues that were identified in the first NISP survey in the Boston area also exist for some contractors in the western regions, and in the Washington Metropolitan area. Some of these contractors expressed concerns about inconsistent application of reciprocity requirements for security clearances, the lack of specificity in some provisions of the NISPOM, and the reluctance by some user agencies or specific components to comply fully with the NISP. Despite these prevailing concerns, there is evidence of progress and program accomplishment, particularly in the area of cost savings, i.e., uniform physical security requirements; co-utilization of facilities; and better utilization of personnel resources formerly tied up with multiple agency inspections. ISOO expects to complete its analysis and issue its second survey report in FY 1998. Despite a general acknowledgment that the initial momentum of the NISP has tapered off, there remains a genuine feeling, particularly at the grass roots level, that a revitalized NISP is essential to continuing the dialogue between Government and industry begun by Executive Order 12829.


Security Classification-- What Does it Cost?

The security classification program is now in its third year of reporting costs for both Government and industry. Congress first requested security classification cost estimates from the executive branch in 1994. The Office of Management and Budget reported those cost estimates to Congress while working with agencies to develop better sampling methodology for future years. Congress has continued to seek updated estimates. In addition, ISOO is tasked through Executive Order 12958 to report these costs to the President. Executive Order 12928, "National Industrial Security Program," also requires that industry or contractor costs be collected and reported by ISOO to the President.

Until the last few years, the costs for the security classification program were deemed non-quantifiable, intertwined with other somewhat amorphous overhead expenses. While many of its costs remain ambiguous, ISOO continues to ask questions about their makeup and is looking for ways to refine the methodology. ISOO can resolve some of the questions, but requiring exact responses to these cost collection efforts would be cost prohibitive. Consequently, ISOO relies on sampling and therefore the measurements of costs of the security classification system will be estimates. Nevertheless, by maintaining stability in methodology, ISOO should gain over time a good indication of the total cost burden and its upward and downward trends. GOVERNMENT

The data presented below were collected by categories based on common definitions developed by an executive branch working group. The categories are defined below.

Personnel Security: A series of interlocking and mutually supporting program elements that initially establish a government or contractor employee's eligibility, and ensure suitability for the continued access to classified information.

Physical Security: That portion of security concerned with physical measures designed to safeguard and protect classified facilities and information, domestic or foreign.

Information Security: Includes two sub-categories: Classification Management: The system of administrative policies and procedures for identifying, controlling and protecting from unauthorized disclosure classified information, the protection of which is authorized by executive order or statute. Classification management encompasses those resources used to identify, control, transfer, transmit, retrieve, inventory, archive, declassify or destroy classified information. Information Systems Security: Measures and controls that ensure confidentiality, integrity arid availability of the classified information processed and stored by a computer or information technology system. It can include the provision of all security features needed to provide an accredited system of protection for computer hardware and software, and classified information material, or processes in automated systems.

Professional Education, Training and Awareness: The establishment, maintenance, direction, support and assessment of a security training and awareness program; the certification and approval of the training program; the development, management, and maintenance of training records; the training of personnel to perform tasks associated with their duties; and qualification and/or certification of personnel before assignment of security responsibilities related to classified information.

Security Management and Planning: Development and implementation of plans, procedures and actions to accomplish policy requirements, develop budget and resource requirements, oversee organizational activities and respond to management requests related to classified information.

Unique Items: Those department or agency-specific activities that are not reported in any of the primary categories but are nonetheless significant and need to be included.

Because of expressed interest in the declassification programs established under Executive Order 12958, ISOO also requested agencies to identify that portion of their cost estimates in the category of information security/classification management that was attributable to their declassification programs. For FY 1997, the agencies reported declassification cost estimates of $150,244,561, or slightly less than five percent of their total cost estimates. This added sub-element will be included in future collections of security cost estimate data.

The total security classification costs estimate within Government for FY 1997 is $3,380,631,170. This figure represents estimates provided by 30 executive branch agencies including the Department of Defense, whose estimate incorporates the National Foreign Intelligence Program. It does not include, however, the cost estimates of the CIA, which that agency has classified.

Government Security Classification Costs Estimate Fiscal Year 1997

Total $3.4 billion

Personnel Security - $390 million
Physical Security - $345 million
Information Security - $2.2 billion
Information Technology - $1.7 billion
Classification Management - $429 million
Professional Education Training & Awareness - $78 million
Security Management & Planning - $399 million
Unique Items - $4.2 million

INDUSTRY

A joint Department of Defense and industry group developed a cost collection methodology for those costs associated with the use and protection of classified information within industry. Because industry accounts for its costs differently than Government, cost estimate data are not provided by category. Rather a sampling method was applied that included volunteer companies from four different categories of facilities. The category of facility is based on the complexity of security requirements that a particular company must meet in order to hold a classified contract with a Government agency.

The 1997 cost-estimate totals for industry pertain to the twelve month accounting period for the most recently completed fiscal year of each company that was part of the industry sample. For most of the companies included in the sample December 31, 1997, was the end of their fiscal year. The estimate of total security costs for 1997 within industry was $692,823,000.

Comparing Total Costs for Government and Industry
Fiscal Years 1995 - 1997

FY 1997 - Total $4.1 billion
FY 1996 - Total $5.2 billion
FY 1995 - Total $5.6 billion

FY 1997 Government - $3.4 billion
FY 1996 Government - $2.6 billion
FY 1995 Government - $2.7 billion

FY 1997 Industry - $692,823,000
FY 1996 Industry - $2.6 billion
FY 1995 Industry - $2.9 billion

The Government cost estimate shows a significant 28 percent increase above the cost estimate reported for FY 1996. Industry, on the other hand, reported a dramatic 73 percent reduction in its cost estimate. The total cost estimate for Government and industry for 1997 is $4.1 billion, 21 percent below the total cost estimate for 1996 of $5.2 billion.

The increased cost estimates do not appear to result from new classified programs. Rather, several agencies reported that they have improved their ability to estimate security costs more accurately. Also, a very significant proportion of the increase is reflected in the cost of information systems security, which is $600 million more than reported for FY 1996.To be sure, information systems security already accounts for one-half of the cost estimates attributed to the security classification system, and are projected to be an ever increasing fraction in future years. Within DOD, initiatives related to such terms as "Information Warfare," "Information Superiority," or "Information Assurance," apply to information systems that process both classified information and other sensitive information. DOD has advised us that it is impossible for it to separate the costs of maintaining these systems based on classified vs. unclassified. Therefore, DOD has suggested that one-half or even more of its costs in the information systems security subcategory actually is expended on protecting sensitive but unclassified information. Of those agencies reporting, DOD represents 96 percent of the total in the Information Security category.

Contributing to the costs incurred and to be incurred in this area are recent concerns and initiatives in the areas of critical infrastructure, including automatic data processing and handling systems. Therefore, ISOO anticipates that Government costs associated with information systems security will continue to rise, while the costs of other programs associated with the security classification system will gradually decline.

Two reasons seem to explain why industry costs have decreased so markedly. First, the current estimate was based on data provided by a larger number of companies than has been included in past sampling, which suggests greater accuracy. Second, there has been significant consolidation within defense industry, especially among the largest contractors that account for the preponderance of the cost estimates. The reduction in their numbers has had a very significant impact on the total estimate. ISOO believes that the reported reductions represent both savings that result from consolidation of companies, as well as the impact that results from multiplying the average cost by a smaller number of large contractors.

It appears that both Government and industry efforts to refine their collection methods have paid off with more accurate data. The refining process seems to be a continuous one, as well it should be given the many variables in the security classification program. A better understanding of costs should help considerably in the management of the security classification program.


Classification

Original Classifiers

Original classification authorities, also called original classifiers, are those individuals designated in writing, either by the President or by selected agency heads, to classify information in the first instance. Under Executive Order 12958, only original classifiers determine what information, if disclosed without authority, could reasonably be expected to cause damage to the national security. Original classifiers must also be able to identify or describe the damage.

For fiscal year 1997, the number of original classifiers throughout the executive branch was 4,010, which represents a reduction of 410 classifiers from the previous year. This figure, for the seventh consecutive year, represents the lowest number of original classifiers ever reported by ISOO. Government downsizing and its attendant restructuring, along with the end of the Cold War continue to be factors contributing to this decrease. However, ISOO believes that Executive Order 12958's requirement that agency heads carefully scrutinize and re-issue delegations of original classification authority is the largest contributing factor to this further decrease. In ISOO's view, some agencies have reached a level in the number of original classification authorities that seems reasonable for the conduct of their missions. Last year ISOO noted some agencies that had comparable classification activity, but many more original classification authorities. Some of these agencies reported reductions in FY 1997.

In fiscal year 1997, agencies reported decreases in the number of original classifiers for the Top Secret and Confidential classification levels and an increase of original classifiers for the Secret classification level. At the Top Secret level, agencies reported a decrease of 23 percent, and a 73 percent decrease was reported by agencies at the Confidential level. The number of Secret original classifiers increased by 23 percent or 528 additional classifiers. The Department of State is responsible for 97 percent of the total decrease in Confidential original classifiers. However, at the same time that State decreased its Confidential original classifiers, it increased the number of Secret original classifiers by 60 percent, which more than accounts for the total increase in Secret original classifiers. Including its decrease in Top Secret original classifiers, overall, State still realized a 5 percent decrease in total original classifiers. In addition to the Department of State, ISOO wishes to recognize six other agencies for their efforts to reduce the number of original classifiers. Most impressive were the efforts of CIA and Justice, which reported decreases of 80 percent and 51 percent, respectively. Although the reductions in the number of original classifiers are not as significant as the CIA and Justice, ISOO wishes to recognize Commerce, AID, DOE, and ACDA for their efforts to reduce their number of original classifiers.

Original Classifiers Fiscal Year 1997

Total - 4,010

Top Secret - 898
Secret - 2,865
Confidential - 247

Original Classification

Original Classification is an initial determination by an authorized classifier that information requires extraordinary protection, because unauthorized disclosure of the information could reasonably be expected to cause damage to the national security. The process of original classification ordinarily includes both the determination of the need to protect the information and the placement of markings to identify the information as classified. By definition, original classification precedes all other aspects of the security classification system, e.g., derivative classification, safeguarding and declassification. Therefore, ISOO often refers to the number of original classification actions as the most important figure that it reports.

For FY 1997, agencies reported a total of 158,788 original classification decisions. This figure represents an increase of 51 percent over the number of original classification decisions reported in FY 1996. By classification level, Top Secret decreased by 2 percent, while Secret increased by 81 percent and Confidential by 20 percent. Increased activity in military operations, the revision of classification guides, and improved counting systems for the data collection help to explain this increase. Although original classification increased significantly in FY 1997, the number of decisions made by original classifiers is lower than reported in previous fiscal years under prior executive orders. Executive branch classifiers are in the second year of implementation of this Order.

Original Activity Fiscal Year 1997

Total - 158,788

Top Secret - 7,246
Secret - 101,204
Confidential - 50,338

Original Classification Levels Fiscal Year 1997

Top Secret - 4%
Secret - 64%
Confidential - 32%

Three agencies-- DOD, Justice, and State-- now account for 94 percent of all original classification decisions. DOD reported a total of 89,414 original classification decisions, which represents a 79 percent increase from the previous year. This increase can be attributed in part to the review and issuance of new security classification guides as part of the continuing implementation of the requirements of Executive Order 12958. Probably the most significant factor contributing to the increase is the number of military operations and exercises conducted by the services and components during fiscal year 1997. Justice also reported a large increase from fiscal year 1996 of 57 percent. State continued its downward trend in original classification activity by 4 percent.

Original Activity by Agency Fiscal Year 1997

DOD - 89,414
Justice - 39,953
State - 20,687
All Others - 8,734

Several agencies with smaller security classification programs reported marked decreases in the number of original classification decisions. In particular, ISOO commends DOT, OSTP, and USTR, which reported decreases of 97 percent, 75 percent, and 76 percent, respectively, in the number of original classification decisions.

As part of the original classification process, the classifiers must determine a time frame for the protection of the information. This is commonly called the "duration" of classification. Executive Order 12958 creates three possible outcomes at the time of original classification. First, if applicable to the duration of the information's national security sensitivity, information should be marked for declassification upon a specific date or event. For example, a classifier could determine that the information's sensitivity will lapse upon the completion of a particular project. The event would be noted on the face of the document, and when the project had been completed, the information would automatically be declassified. Second, if the original classification authority could not determine an earlier specific date or event for declassification, information should ordinarily be marked for declassification 10 years from the date of the original decision. Third, if the specific information falls within one or more of eight categories, the classifier may exempt it from declassification at 10 years. In almost all instances, this will result in the information being subject to automatic declassification at 25 years. The indefinite duration marking used under Executive Order 12356, "Originating Agency's Determination Required" or "OADR," was eliminated with the issuance of E.O. 12958.

Duration of Classification Fiscal Year 1997

10 Years or Less - 46%
Exempt from 10 Year - 54%

During fiscal year 1997, classifiers chose declassification upon a specific date or event less than 10 years, or upon the 10-year date for 73,250 original classification decisions. On the remaining 85,538 original classification decisions, original classifiers chose the exempted from 10-year declassification instruction. In both years under this new Order, approximately half of all original classification actions were marked for automatic declassification in 10 years or less. This represents a dramatic change from the figures reported under prior systems, when more than 90 percent of original decisions were marked for indefinite classification. ISOO will look closely at this aspect of the classification process as it monitors the security classification system in the coming years. The long-term effect of assigning a specific date, event or 10-year date bodes well for the classification system in that more information will be declassified earlier, without the need for costlier reviews in the future.

Derivative Classification

Derivative classification is the act of incorporating, paraphrasing, restating, or generating in new form classified source information. Information may be classified in two ways: (a) through the use of a source document, usually correspondence or publications generated by an original classification authority; or (b) through the use of a classification guide. A classification guide is a set of instructions issued by an original classification authority. It pertains to a particular subject and describes the elements of information about that subject that must be classified, and the level and duration of classification. Only executive branch or Government contractor employees with the appropriate security clearance, who are required by their work to restate classified source information, may classify derivatively.

Derivative Activity Fiscal Year 1997

Total - 6,361,366

Top Secret - 894,485
Secret - 4,455,028
Confidential - 1,011,853

For fiscal year 1997, agencies reported 6,361,366 derivative classification actions. This figure represents an increase of 12 percent from that reported in fiscal year 1996. The significant increase comes from two major classifying agencies, DOD and Justice.

Derivative Classification Levels Fiscal Year 1997

Top Secret - 14%
Secret - 70%
Confidential - 16%

DOD's derivative classification activity increased by 67 percent for fiscal year 1997. However, the number of classification decisions, all derivative, reported by the National Reconnaissance Office (NRO) for fiscal year 1997 but unreported in prior years, account for the entirety of the increase. Without NRO's decisions, DOD would have reported a 27 percent decrease in derivative classification decisions. NRO provides support for the missions of both the DOD and Intelligence Communities and generates significant amounts of generally short-lived classified information in support of those missions. The continuing military operations in Bosnia, the Gulf and elsewhere also contributed significantly to this total. In addition to NRO, the military services are responsible for most of the remaining DOD derivative classification activity. Army leads the way for the second straight year after previously classifying less information than either Air Force or Navy. Understandably, international conflicts or incidents affect classification activity more than any other stimulus. In ISOO's experience, this is especially true when a deployment is planned over a period of time, since that time frame will generate a large quantity of initial planning and intelligence information, much of which will be classified.

Derivative Activity by Agency Fiscal Year 1997

DOD - 4,119,431
CIA - 2,032,576
State - 105,204
Justice - 62,550
All Others - 41,605

During fiscal year 1997, the four major classifying agencies reported very different results for derivative classification activity. This year DOD has the distinction of derivatively classifying the most information of the four agencies. CIA managed a significant 33 percent decrease in its derivative activity for FY 1997. State reported a modest four percent decrease, while Justice reported a 58 percent increase. All other agencies reported 41,605 derivative classification actions, a 31 percent increase from the year before.

As noted last year, Justice, more specifically, the FBI, has instituted an automated system which collects its data on classification activity. This system, according to the FBI, provides more accurate automated sampling. Given the dramatic decrease (84% decrease from FY 1995) in derivative activity for Justice/FBI in fiscal year 1996, the dramatic increase for FY 1997 is puzzling. It is not clear that FBl's data from the first year of the automated sampling system provides the benchmark for the future. Rather, it seems the third year of data collection with this automated system may help to determine what is the true benchmark.

ISOO commends both CIA and State for their efforts to decrease their derivative classification activity. These decreases in derivative classification have translated into an overall decrease in classification activity for both agencies as noted below in the discussion on combined classification activity. Other agencies ISOO recognizes for decreasing their derivative activity include USTR (-96 percent), USDA (-85 percent), GSA (-59 percent), NSC (-35 percent) and NASA (-12 percent).

Combined Classification

Together, original and derivative classification decisions make up what is called combined classification activity. In fiscal year 1997, combined classification activity increased by 730,529 (13%), to a total of 6,520,154 actions. Since derivative actions outnumbered original actions by a ratio of more than 40:1, they had a much greater impact on combined classification activity.

Combined Activity for Fiscal Year 1997

Total 6,520,154

Top Secret - 901,731
Secret - 4,556,232
Confidential - 1,062,191

Combined Classification Levels Fiscal Year 1997

Top Secret - 14%
Secret - 70%
Confidential - 16%

DOD accounted for 65 percent of all combined classification activity reported for fiscal year 1997, CIA, 31 percent, State, one percent and Justice, one percent. As in the past, the remaining agencies accounted for only one percent of the combined classification activity. CIA and State reported decreases in combined classification by 33 and 4 percent, respectively.

Combined Classification Activity by Agency Fiscal Year 1997

DOD - 4,208,845
CIA - 2,032,576
State - 125,891
Justice - 102,503
All Others - 50,339

A closer look at the figures reported for combined classification by the executive branch shows that agencies increased overall classification by a smaller percentage in FY 1997 than in FY 1996 (67 percent increase in FY 1996 and 13 percent increase in FY 1997). Even though it is a smaller increase, it still constitutes the beginning of an upward trend in classification after a dramatic downward trend. ISOO is concerned that this upward trend not continue. While there may be valid reasons for increases in classification activity, ISOO believes the agencies may be putting the majority of their down-sized resources to their declassification programs, to the detriment of classification programs, including security education and training activities. ISOO understands the agencies' concerns and efforts to meet the declassification time frames set forth in E.O. 12958. However, giving little or no attention to the classification process itself will create problems for the future of declassification. In order to address this concern, ISOO plans to redirect its oversight activities to classification in FY 1999. In particular, ISOO will look at agencies' classified products through document reviews and look more closely at agency security education and training programs.


Declassification

During fiscal year 1997, declassification activity continued its dramatic upward trend. This upward trend can again be directly attributed to two declassification programs: (1) "Automatic Declassification," Section 3.4 of E.O. 12958; and (2) "Systematic Declassification Review," Section 3.5 of the Order, which has very clearly been driven by the onset of an automatic declassification program. The "Automatic Declassification" program began in mid-October 1995 with the effective date of Executive Order 12958. Under the "Automatic Declassification" program, information appraised as having permanent historical value is automatically declassified once it reaches 25 years of age unless an agency head has determined that it falls within a narrow exemption that permits continued classification. Fiscal year 1996 was the first full year of implementation for this program. Started in 1972, "Systematic Review for Declassification" is the program under which classified permanently valuable records are reviewed for the purpose of declassification after the records reach a specific age. Under E.O. 12356, NARA was the only agency required to conduct a systematic review of its classified holdings. Now E.O. 12958 requires all agencies that originate classified information to establish and conduct a systematic declassification review program.

In effect, systematic review has become an appendage of the automatic declassification program. ISOO has collected data on declassification that does not distinguish between the two programs because they are now so interrelated. The continuing impact of the automatic declassification program is reflected in the amount of information declassified within the executive branch during FY 1997. In one year, the executive branch declassified over 204 million pages. In the two years that Executive Order 12958 has been in effect, over 400 million pages have been declassified. Compared to the total for the previous 16 years, 1980 to 1995, the executive branch declassified 56 percent more pages during FY 1996 and FY 1997. For the 18 years during which ISOO has been collecting data, declassification activity within the executive branch saw over 657 million pages declassified.

657 Million Pages Declassified
Fiscal Years 1980-1997

Fiscal Years 1996-1997 - 400 million pages (61%)
Fiscal Years 1980-1995 - 257 million pages (39%)

Fiscal Year 1997 - 204 million pages (31%)
Fiscal Year 1996 - 196 million pages (30%)
Fiscal Year 1995 - 69 million pages (10%)
Fiscal Years 1980-1994 - 188 million pages (29%)

NARA is responsible for 57 percent and DOD 28 percent of the total declassified pages in FY 1997. State, USIA, and AID have also contributed substantially to the declassification results of FY 1997, by almost doubling the number of pages they declassified in FY 1996. In addition to the extraordinary contributions of these agencies, ISOO commends the efforts of DOE, FEAR, Treasury, ACDA, NASA, NSC, DOT and Eximbank.

1997 TOTAL 204,050,369

NARA - 116,000,000
DOD - 57,297,374
Navy - 41,178,223
Air Force - 9,079,221
NSA - 2,952,165
Army - 2,687,789
All Others - 1,399,976
STATE - 16,163,000
USIA - 5,798,442
AID - 4,034,850
DOE - 1,870,527
ACDA - 1,585,450
TREASURY - 600,286
NASA - 350,801
CIA - 179,511
JUSTICE - 99,515
NSC - 62,700
FEMA - 7,257
EXIMBANK - 508
DOT - 142


Mandatory Review Under Executive Order 12958,

the mandatory review process permits individuals or agencies to require an agency to review specified national security information for purposes of seeking its declassification. Requests must be in writing and describe the information with sufficient detail to permit the agency to retrieve it with a reasonable amount of effort. Mandatory review remains popular with some researchers as a less contentious alternative to Freedom of Information Act (FOIA) requests. It is also used to seek the declassification of presidential papers or records, which are not subject to the FOIA.

Mandatory Review Pages Processed Fiscal Years 1996-1997

FY 1997 Total - 111,895
FY 1996 Total - 270,961

FY 1997 Granted in Full - 50,181
FY 1996 Granted in Full - 135,349

FY 1997 Granted in Part - 41,961
FY 1996 Granted in Part - 108,335

FY 1997 Denied in Full - 19,753
FY 1996 Denied in Full - 27,277

During FY 1997 agencies processed 2,828 cases totaling 111,895 pages. The number of pages processed decreased by 59 percent from the previous year. The percentage of pages declassified in whole or in part (82 percent) also decreased from last year's rate (90 percent). Although the rate dropped by eight percent, the number of pages declassified is still enough to indicate that mandatory review remains a very successful means for declassifying information. With the establishment of the Interagency Security Classification Appeals Panel (ISCAP), created under Executive Order 12958 and discussed earlier in this report, mandatory review requests are likely to increase.

Mandatory Review Appeals Disposition Fiscal Year 1997

Granted in Full - 10%
Granted in Part - 18%
Denied in Full - 72%

During FY 1997, agencies processed 87 appeals that comprised 3,333 pages. Of these, 28 percent of the pages were granted in whole or in part.

The rate is 32 percent lower than last year. The lower rate of declassification suggests that more recent records are being requested and agencies are retaining the classification because the sensitivity of the information continues to meet the criteria under the Order. It further suggests that the ISCAP may expect to see an increase in appeals from denied requesters.

Top