In December 2009, President Obama signed into effect Executive Order 13,526, “Classified National Security Information,” which amended the manner in which intelligence agencies classify and declassify sensitive information. The Order carried over virtually all provisions laid
out in its predecessor orders from the George W. Bush and Clinton administrations; however, it did make significant changes to the process by which classified material may be automatically declassified (see generally Executive Order 13,526, s.3.3) and in how classification authorities are trained and identified on the products they produce (see generally Executive Order 13,526, s.1.3(d) & 2.1(d)). Of course, this Order and its predecessors only provides a general framework for the processes of classification and declassification and relies on agency leaders to develop and maintain their own, specific guidelines for how those processes will be handled in their agencies. In order to ensure those agency-specific guidelines met the requirements of his new Order, President Obama accompanied the Order with a separate memorandum in which he directed agency leaders to review their classification guidelines and develop a plan to implement the new provisions of Executive Order 13,526 into their daily procedures. The President ordered agency leaders to send a copy of their implementation plan to the director of the Information Security Oversight Office (“ISOO”), the executive oversight body for the classification and declassification processes, within 180 days. Agency leaders were then given until June 2012 to update their agency-specific guidelines.
In early 2011, Secrecy News reported that some agencies had not only sent their implementation plan to ISOO but had already completed updating their classification guidelines, yet others had not only failed to send the ISOO their plans but, in some cases, had failed to address the President’s directives at all. In January 2011, the ISOO director sent out another memorandum to agency leadership, reminding them of the President’s directive to submit a plan on how they would accomplish the required classification guidance review. The director stressed that the review needed to be more than a simple, cursory exam of current procedures but instead be “systematic, comprehensive, and conducted with thoughtful scrutiny involving detailed data analysis.” A month after sending out the memorandum, and over a year after the President issued Executive Order 13,526, some executive agencies still had neither conducted the review nor addressed how or when they would do so. One such agency, U.S. Transportation Command, claimed it was unaware of the need to conduct such review since its classification regulation, DoD 5200-1.r, did not mandate one. That guide, specific to the Department of Defense (“DoD”), describes the information security program for all components within the DoD and has not been updated since 1997!
While the guidance review is not required to be completed until June 2012, the situation illustrates a fatal flaw in the classification and declassification regime of the executive branch. The Executive Order commands the ISOO to provide oversight of executive agencies without giving it any direct authority to compel any action. If transparency in government is truly a goal of the administration, then the ISOO’s oversight responsibilities must be matched with the power to sanction agencies that violate the provisions of the Order. Without such an enforcement capability, agency leaders are able to control classification and declassification within their agencies with relative autonomy, and all the ISOO can do when infractions occur is report them in its annual report to the President and rely on the Chief Executive and public opinion to drive change.