Cybersecurity Bill Tacked onto NDAA Without Debate, ISCAP Continues to Largely Overrule Agency Classification Decisions, and Much More: FRINFORMSUM 6/11/2015

Sen. Mitch McConnell tacks CISA onto NDAA without debate. Photo credit: The Hill

Citing the recent hack of the Office of Personnel Management, Senate Majority Leader Mitch McConnell (R-Ky.) announced he will attach “the Senate Intelligence Committee’s information-sharing CISA bill to the National Defense Authorization Act.” OpentheGovernment.org notes CISA – the Cybersecurity Information Sharing Act of 2015 – “does far more to increase surveillance and undermine transparency than to protect against cyber threats.” Politico’s Tal Kopan notes that the bill has not been changed since it passed committee, despite privacy concerns, and that “The filing tactic means it will be very difficult for critics to amend CISA when the bill-as-amendment gets to the floor.” Senator Leahy (D-Vt.) has criticized the procedural maneuver and called for public debate on a bill that would, if passed, add a tenth exemption to the FOIA covering all “information shared with or provided to the Federal Government.” As Josh Gerstein reports, “That information could intentionally or unintentionally include information about private individuals, creating a new, opaque repository of government-held data on Americans and foreigners.”

The latest report from the Information Security Oversight Office (ISOO), housed at the National Archives and responsible to the President for policy and oversight of the government-wide security classification system, reveals that the Interagency Security Classification Appeals Panel (ISCAP) continues to overrule agency classification decisions in Mandatory Declassification Review appeals nearly 75 percent of the time. Specifically, in FY2014 ISCAP received 109 MDR appeals and ruled on 48, concerning a total of 451 documents. Out of the 451 documents reviewed for the 48 appeals, ISCAP “affirmed the prior agency classification decisions in 113 documents (25 percent), declassified 181 documents (40 percent) in their entirety, and declassified 157 documents (35 percent) in part.” Government-wide, “Agencies received 9,026 initial mandatory declassification review (MDR) requests and closed 7,798 requests.” The report goes on to note that, “Agencies reviewed 597,498 pages, and declassified 372,134 pages in their entirety, declassified 190,654 pages in part, and retained classification of 34,710 pages in their entirety. Agencies received 409 MDR appeals and closed 286 appeals.”

Images from ISOO’s 2014 Report to the President.

The ISOO report also shows that the number of both original and derivative classification decisions has fallen, while the cost to protect them has increased. Original declassification decisions, for example, dropped by 20 percent in FY2014 to 46,800 – a record low. The cost of protecting the decreasing number of secrets, however, rose to nearly $15 billion in FY2014, an increase of $3.25 billion from FY2013. The increase is due in large part to Defense Department “expenditures [of $3.2 billion] on information systems security.” The ISOO report also notes an increase in successful formal classification challenges.

The New York Times recently reported that in mid-June 2012 Department of Justice (DOJ) lawyers “wrote two secret memos permitting the spy agency to begin hunting on Internet cables, without a warrant and on American soil, for data linked to computer intrusions originating abroad — including traffic that flows to suspicious Internet addresses or contains malware.” The documents further show that while the DOJ allowed the National Security Agency (NSA) to monitor “cybersignatures” that it could tie to foreign governments, the spy agency “sought permission to target hackers even when it could not establish any links to foreign powers.” The memos were part of disclosures made by former NSA contractor Edward Snowden and do not specify what criteria are used for selecting targets.

Four hours after President Obama promised to sign a law banning bulk surveillance of American phone records, his Justice Department’s national security chief John Carlin petitioned the Foreign Intelligence Surveillance Court (FISA) to permit the NSA to continue the collection for another six months. Carlin petitioned the FISA to grant the continued collection in light of the passage of the USA Freedom Act, which calls for an end to bulk collection of the phone records in six months, and despite the Second Circuit Court of Appeals May 7 ruling “that the government had erroneously interpreted the Patriot Act’s authorization of data collection as ‘relevant’ to an ongoing investigation to permit bulk collection.” The Second Circuit stopped short of issuing an injunction halting the collection, instead deferring to the then-ongoing USA Freedom Act debate.

SEAL Team 6 – most famous for killing Osama bin Laden – faces little oversight.

Harold Koh, the State Department’s former top legal adviser, told the Times that the Navy’s famed SEAL Team 6 – best known for killing Osama bin Laden – “is an area where Congress notoriously doesn’t want to know too much” in spite of “recurring concerns about excessive killing and civilian deaths.” The Times further reported that Team 6 has, as part of its expanding mission, cooperated with the CIA on the Omega Program, which was modeled after the Vietnam-era Phoenix Program and “offered greater latitude in hunting adversaries” in Pakistan. Compounding worries of limited outside oversight of the rapidly growing unit is the fact that it is investigated by the Joint Special Operations Command, which oversees the SEAL Team 6 missions, and rarely refers them to Navy investigators.

Guantanamo detainee Majid Khan has accused the CIA of engaging in a wider range of torture and sexual abuse than was reported in the Senate report on the CIA’s torture program. The accusations – which include assertions that CIA interrogators “poured ice water on his genitals, twice videotaped him naked and repeatedly touched his -private parts’” – were compiled by Khan’s lawyers and made public last month. Khan’s account squares with those of lower-level detainees and “match[es] those of other detainees who have alleged that they were subjected to unauthorized interrogation techniques using water.”

A group of families whose relatives died in a 2012 CIA drone strike in Yemen “have filed suit in federal court in Washington on Sunday night, asking the court to declare that the strike was unlawful.” The complainants seek no monetary damages, and instead argue they are trying to shed light on, and bring a measure of accountability to, the lethal targeting program. Legal scholars say the suit, which “challenges the legality of the strike under the Torture Victim Protection Act and the Alien Tort Statute,” is unlikely to succeed, as the torture law does not allow claims against American officials.

One of these leaks is not like the other? Photo: International Security Assistance Force.

The federal judge in the General David Petraeus case has unsealed nearly three dozen letters of support filed on the general’s behalf from members of Congress, former British Prime Minister Tony Blair, and others. Petraeus “was sentenced to two years of probation and fined $100,000 for unauthorized removal and retention of classified information.”

While attempting to beef up security at the White House after numerous breaches, the Secret Service posted dozens of officers to sensitive assignments without security clearances. Secret Service director Joseph Clancy promised to fix the problem as soon as possible, noting that “the agency is struggling to work through an ‘administrative backlog’ in issuing security clearances with the higher-than-normal volume of new hires.”

A FOIA request filed by The Washington Post showed that the Special Operations commander in Central and South America, Army Brig. Gen. Sean P. Mulholland, was removed for repeated incidents of public intoxication. Mulholland “also got into altercations with civilians on two occasions last year after drinking at a golf club bar near his Florida headquarters, according to military records.” He is the fourth general to lose his job or be reprimanded for alcohol-related reasons in two years.

In response to an Archive FOIA request, the Department of Justice Office of Information Policy recently provided our office with a breakdown of how many times FOIA’s exemption b(5) was applied across the government in FY2014. The Archive filed a FOIA request for this figure because in its FY2014 summary report, OIP only provided the percentage of times b(5) was applied across all citations — without providing the total number citations the percentage was calculated from. In previous years, OIP provided a total number of times an exemption was applied across the government. OIP‘s response to our FOIA shows that in FY2014 b(5) was used 71,005 times government-wide. At the very least, OIP’s reporting should indicate the total number of citations the percentages it cites are calculated from. Even better, it should revert to reporting hard numbers.

Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation.

This week’s #tbt document pick is chosen with the recent hacking of the Office of Personnel Management by Chinese state-sponsored hackers in mind. This week’s #tbt pick is an October 9, 2009, report prepared for the US-China Economic and Security Review Commission entitled, “Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation.” The report “focuses largely on Chinese computer network exploitation (CNE) as a strategic intelligence collection tool. It examines Chinese CNE operations strategy and operations during conflict, key entities in Chinese computer network operations, cyber-espionage, an operational profile of an advanced cyber intrusion, and a chronology of alleged Chinese computer network exploitation events.”

Happy FOIA-ing!