Snapshot

Share this post

Snapshot
Snapshot
National Security Classified Information discovered outside of government control
Copy link
Facebook
Email
Notes
More

National Security Classified Information discovered outside of government control

Evan Coren
Jan 11, 2023

Share this post

Snapshot
Snapshot
National Security Classified Information discovered outside of government control
Copy link
Facebook
Email
Notes
More
Share

Screenshot of part of a declassified document from the Senator James Eastland Papers at the University of Mississippi on the Interagency Security Classification Appeal Panel website

It happens much more frequently than one might expect that classified documents end up in a senior official’s papers at an academic institution.

Any person need only think about their own personal files to realize that even the most diligent person misfiles documents from time to time.

Anyone who has ever worked in government records management has dealt with this challenge at a large scale. It is a constant, daily struggle that starts with the document’s creation and continues through the whole record’s life cycle.

When I served on the National Security Council (NSC) staff in the Office of Access Management that handles declassification issues for the NSC, myself and a few colleagues spent the final couple weeks of the George W. Bush Administration going document-by-document through boxes of the outgoing administration’s records to pull out any Special Access Program (SAP) documents that might have gotten mixed in with other records.

The Bush Administration took this step as part of the Presidential Transition, where the outgoing administration’s NSC records are transferred to the National Archives and Records Administration (National Archives).

They did this because any records manager knows documents can get misfiled. To protect these SAP documents it was determined it was worth staff resources to make sure these records were filed separately in a more protected environment.

  • As federal budgets are squeezed records management is often one of the items short staffed and under resourced, so it is rare that an organization has the resources to conduct such a comprehensive document segregation.

  • It is the same personnel that do this that also do document searches regarding subpoenas, so if Congress floods an administration with subpoenas without increasing funding for records management it overloads the capacity of available staff.

Classified information is handled in a lot of different environments throughout the US government. A few examples are:

  • Sensitive Compartmented Information (SCI), which is a subset of classified information “concerning or derived from intelligence sources, methods or analytical processes that is required to be protected within formal access control systems established by the DNI,” must be stored and worked on within a Sensitive Compartmented Information Facility (SCIF).

  • Other classified information, depending on agency rules and the security procedures they have set up, are sometimes worked on in employees’ offices as long as the protections have been set up to protect information from unauthorized disclosure.

  • In some cases, a whole office suite can be certified as a SCIF, so that an employee conducts all their work in a SCIFed environment.

Though those with security clearances are trained not to co-mingle classified documents with unclassified documents, these documents sometimes do get co-mingled and classified documents do end up accidentally being located where they should not be.

Every organization that has classified documents will have security incidents like this.

When I was conducting oversight of executive branch agencies classification programs on the Information Security Oversight Office (ISOO) staff, when we saw an agency that didn’t report having security incidents we viewed it not as a good sign, but rather a sign that the security culture was broken at that agency.

An agency with a healthy security culture knows that security incidents will happen and even high performing staff will commit them. The key is creating an environment where employees feel comfortable self-reporting as soon as they are aware classified information was processed, handled, or stored in a way that it should not have been.

History has shown that senior level officials or their staffs are just like all other humans, including that they also end up co-mingling documents from time-to-time. The difference here is that senior officials often donate their records to an academic institution after they leave office.

To address this problem and create the security culture where these incidents are reported, the Information Security Oversight Office over a decade ago created a Classified Records Outside of Government Control team and a process for outside of government entities to report discoveries of classified records.

This process is authorized in 32 Code of Federal Regulations (CFR) 2001.36:

  • Classified information in the custody of private organizations or
    individuals.
    (a) Authorized holders. Agencies may allow for the holding of classified information by a private organization or individual provided that all access and safeguarding requirements of the Order have been met. Agencies must provide
    declassification assistance to such organizations or individuals.
    (b) Others. Anyone who becomes aware of organizations or individuals who possess potentially classified national security information outside of government control must contact the Director of ISOO for guidance and assistance. The Director of ISOO, in consultation with other agencies, as appropriate, will ensure that the safeguarding and declassification requirements of the Order are met.

The purpose of how this is set up is to avoid having those that discover classified information outside of government control fear that they or someone they care about will get in trouble and have to deal with law enforcement knocking on their door.

The idea is that 1) encouraging a culture of self-reporting without negative consequence is going to best protect the information, which is the ultimate goal of classifying information and 2) if someone self-reports that they discovered classified information outside of government control as soon as they discover it their intent is to do the right thing, similar to someone with a clearance who self-reports that they committed a security violation.

Academic institutions also have an interest in promoting research and learning. Academics and administrators at these institutions sometimes fear that reporting discoveries of classified records will result in the government seizing these records that these institutions desire to at some point make available to researchers.

To address this 32 CFR 2001.36 establishes a process:

  • to allow entities that set up storage sufficient to safeguard these records the ability to keep these records and

  • to get all records that are discovered outside government control reviewed for declassification, so that as much of these records can be made available to researchers as possible.

This protects the classified information and avoids law enforcement from getting involved. Instead of a visit from law enforcement, the National Archives staff work with those that discovered the records, get the classified material protected, and work to declassify as much as possible.

The discovery of roughly ten classified documents by attorneys for President Biden in a box in a locked closet at the Penn Biden Center, which is part of the University of Pennsylvania, fits this situation that the Information Security Oversight Office (ISOO) has for over a decade had a team to deal with.

Those who discovered the documents reported them to the National Archives the day they found them and the National Archives retrieved those documents the next day.

This is in sharp contrast with former President Donald Trump’s repeated refusal to turn over approximately 11,000 documents covered by the Presidential Records Act that included about 300 national security classified documents, some of which were found in his desk drawer and others found in a storage space in a high traffic public venue. The US government had notified the former President they were concerned about the security of that storage area.

If the documents seized at Mar-a-Lago had ended up there by accident and former President Trump or anyone on his staff had called the National Archives or a national security or law enforcement component of the federal government to report these documents when they found them, then the the documents would have been retrieved or secured in place without the need for the FBI to execute a search warrant.

The image at the top of this article is a screenshot of one of the classified documents in a collection that were discovered by university staff among the papers Senator James Eastland donated to the University of Mississippi after his service as President pro tempore of the Senate where he was third in the line of presidential succession. The university staff reported the discovery to the Information Security Oversight Office (ISOO). ISOO then processed these documents for declassification. This is one of the documents that were declassified in part. You can review this redacted document here.

Share

Snapshot is a reader-supported publication. To receive new posts and support our work, consider becoming a free or paid subscriber.

Share this post

Snapshot
Snapshot
National Security Classified Information discovered outside of government control
Copy link
Facebook
Email
Notes
More
Share

Discussion about this post

No posts

Ready for more?

© 2024 Evan and Julie Coren
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More