Agencies criticized for overclassifying information

The federal commission investigating the Sept. 11 terrorist attacks determined last week what open government advocates have long argued: Federal agencies are overclassifying information.

According to the commission, poor information-sharing among federal agencies was a primary problem that contributed to the attacks. The panel's final report, issued last week, recommends that the overall budget of the intelligence community should be declassified, and information sharing should be stressed over information hoarding. Indeed, Chairman Thomas Kean told reporters after the report was released that half of all the classified documents he reviewed did not need to be classified.

"The culture of agencies feeling they own the information they gathered at taxpayer expense must be replaced by a culture in which the agencies instead feel they have a duty to the information -- to repay the taxpayers' investment by making the information available," the report concluded. "Current security requirements nurture overclassification and excessive compartmentalization of information among agencies."

Federal agencies spent about $6.5 billion in fiscal 2003 classifying information, according to an annual report released last week by the National Archive's Information Security Oversight Office, which is responsible for monitoring and regulating the government's use of classification authorities. Comparatively, the government spent about $5.6 billion in fiscal 2002 on classification activities. Industry spent about $1 billion to classify information in 2003, compared to about $840 million in 2002.

The report analyzes how much money 41 executive branch agencies spent to classify information on personnel security, physical security, information security, professional education and training, and security management and planning. The report does not include how much the CIA spent on classifying information, because that data is classified.

The report shows that the cost and volume of classified materials has steadily increased since 1996, especially after the Sept. 11 attacks. The amount that industry has spent on classifying material has hovered around $1 billion a year since 1998.

"While the overall trend in increasing security costs goes back six years, there appears to be a continuing expansion of information security programs, facilities and personnel as the federal executive branch continues to meet the requirements identified in the aftermath of the Sept. 11, 2001, terrorist attacks," the report states. "Many agencies are reporting increased costs in physical security related to facility improvements, such as operations centers, continuity of operations relocation sites, sensitive compartmented information facilities, along with larger guard forces to keep them secure."

Public interest advocates hope that recommendations from the 9/11 commission buoy efforts to reform how federal agencies use their classification authority, said Steven Aftergood, director of the Project on Government Secrecy at the Federation of American Scientists.

"We routinely find that information is arbitrarily and unnecessarily classified," he told Government Executive on Monday. "I think the commission has a chance to really make a difference. If the commission's recommendations lead nowhere, then classification reform is simply hopeless. It will never happen."

Aftergood has been waging a legal battle against the CIA since 1995, when he filed a Freedom of Information Act request to get the agency's budget records from 1947 to 1970. In the latest volley, Aftergood asked a federal court last week to issue a summary judgment ordering the CIA to release the records.

Aftergood does not believe the CIA has any justification for withholding the records because the agency released the same kinds of records for 1997 and 1998 in response to FOIA requests. He added that keeping 30-year-old information such as budget requests secret is a waste of money.

Other forms of public information have also become more tightly controlled, Aftergood said, such as FOIA requests, the disclosure of documents to Congress, press conferences by government officials, and information held by public affairs offices. For example, the Homeland Security Department announced a new program last February in which information submitted by private companies will be exempted from public disclosure, including FOIA requests, if the department determines that information pertains to critical infrastructure. Public interest advocates fear that private companies might use the program to conceal problems that the public should know about.

Aftergood said a new document designation called "sensitive homeland security information" also is coming.

However, Aftergood said he is encouraged by legislation introduced by Sens. Trent Lott, R-Miss., and Ron Wyden, D-Ore., on July 15 that would revamp how intelligence information becomes classified. The bill calls for the creation of an independent national security classification board to review and make recommendations on altering standards and processes, and also to serve as a standing body to re-examine classification decisions at the request of Congress and certain executive-branch agencies.

"We need clear standards and procedures to ensure a reasonable balance between the need for citizens to have access to information and the need to protect national security," Wyden said. "This unbiased, independent board will apply some common sense to the national security classification system."

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Sponsored by G Suite

    Cross-Agency Teamwork, Anytime and Anywhere

    Dan McCrae, director of IT service delivery division, National Oceanic and Atmospheric Administration (NOAA)

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Sponsored by One Identity

    One Nation Under Guard: Securing User Identities Across State and Local Government

    In 2016, the government can expect even more sophisticated threats on the horizon, making it all the more imperative that agencies enforce proper identity and access management (IAM) practices. In order to better measure the current state of IAM at the state and local level, Government Business Council (GBC) conducted an in-depth research study of state and local employees.

  • Sponsored by Aquilent

    The Next Federal Evolution of Cloud

    This GBC report explains the evolution of cloud computing in federal government, and provides an outlook for the future of the cloud in government IT.

  • Sponsored by LTC Partners, administrators of the Federal Long Term Care Insurance Program

    Approaching the Brink of Federal Retirement

    Approximately 10,000 baby boomers are reaching retirement age per day, and a growing number of federal employees are preparing themselves for the next chapter of their lives. Learn how to tackle the challenges that today's workforce faces in laying the groundwork for a smooth and secure retirement.

  • Sponsored by Hewlett Packard Enterprise

    Cyber Defense 101: Arming the Next Generation of Government Employees

    Read this issue brief to learn about the sector's most potent challenges in the new cyber landscape and how government organizations are building a robust, threat-aware infrastructure

  • Sponsored by Aquilent

    GBC Issue Brief: Cultivating Digital Services in the Federal Landscape

    Read this GBC issue brief to learn more about the current state of digital services in the government, and how key players are pushing enhancements towards a user-centric approach.


When you download a report, your information may be shared with the underwriters of that document.