Security and Classification

By John Pike (johnpike@clark.net)


The classification system is designed primarily to protect the confidentiality of certain military, foreign policy, and intelligence information. It deals with only a small slice of the government information that requires protection although it drives the government's security apparatus and most of its costs. Despite the best of intentions, the classification system, largely unchanged since the Eisenhower administration, has grown out of control. More information is being classified and for extended periods of time. Security rules proliferate, becoming more complex yet remaining unrelated to the threat. Security costs increase as inconsistent requirements are imposed by different agencies or by different program managers within the same agency. This accretion of security rules and requirements to protect classified information does not make the system work better. Indeed, the classification system is not trusted on the inside any more than it is trusted on the outside. Insiders do not trust it to protect information that needs protection. Outsiders do not trust it to release information that does not need protection. The classification system is more complex than necessary. Classification is inherently subjective and the current system inappropriately links levels of classification with levels of protection.

The current classification system starts with three levels of classification (Confidential, Secret, and Top Secret), often referred to collectively as Collateral National Security Information. Layered on top of these three levels are at least nine additional protection categories. These include Department of Defense Special Access Programs (DoD SAPS), Department of Energy Special Access Programs, Director of Central Intelligence Sensitive Compartmented Information Programs (DCI SCI), and other material controlled by special access or bigot lists such as the war plans of the Joint Chiefs of Staff and the operational files and source information of the CIA Operations Directorate. Further complicating the system are restrictive markings and dissemination controls such as ORCON (originator controlled dissemination and extraction of information), WNINTEL (Warning Notice, Intelligence Sources and Methods), NOFORN (not releasable to foreign nationals), and NOCONTRACT (not releasable to contractors).


LEVELS OF CLASSIFICATION

The policies of the Department of Defense (DOD) Information Security Program are in compliance with and in implementation of Executive Order 12356, "National Security Information," Information Security Oversight Directive No. 1. National Security Information" (32 CFR Part 2001). A Security Clearance is a determination that a person is eligible for access to classified information. Need-to-know is a determination made by a possessor of classified information that a prospective recipient, in the interest of national security, has a requirement for access to, or knowledge, or possession of the classified information in order to accomplish lawful and authorized Government purposes.

Unclassified - Limited is the distribution category applied to the a wide range of unclassified types of official information, which although not requiring protection as National Security Information, is limited to official use and not publicly releasable. Other similar markings, such as For Official Use Only (FOUO) and Limited Official Use are not used to identify classified information, and along with other term such as Sensitive, Conference or Agency, are used as distribution markings and are not authorized classification designations to identify classified information. Under an 18 October 1983 memorandum, six Distribution Statements, designated A through F, were approved establishing categories of Unclassified/Limited Data:

A - Approved for Public Release documents are available to the public, foreign nationals, companies, foreign governments, and may be exported without a license.

B - Limited to Government Agencies information covers weapons test and evaluation data, contractor performance evaluation records, foreign government data and proprietary information.

C - Limited to Government Agencies and Their Contractors includes documents involving critical technologies which advance the state of the art in an area of significant or potentially significant military application.

D - Limited to DoD and Dod Contractors Only is designed to protect information on system or hardware in the development of concept stage, which must be protected to prevent premature dissemination.

E - Distribution to DoD Components Only

F - Further Dissemination Only As Directed is normally imposed only on classified documents, but may be used on unclassified documents where specific authority exists.

Information or material that requires additional protection against unauthorized disclosure in the interest of national security is classified in one of three designations namely: Top Secret, Secret or Confidential.

Confidential (C) is applied to information or material the unauthorized disclosure of which reasonably could be expected to cause damage to the national security. Examples of damage include the compromise of information that indicates strength of ground, air, and naval forces in the United States and overseas areas; disclosure of technical information used for training, maintenance, and inspection of classified munitions of war; revelation of performance characteristics, test data, design. and production data on munitions of war.

Secret (S) is applied to information or material the unauthorized disclosure of which reasonably could be expected to cause serious damage to the national security. Examples of serious damage include disruption of foreign relations significantly affecting the national security; significant impairment of a program or policy directly related to the national security; revelation of significant military plans or intelligence operations: compromise of significant military plans or intelligence operations; and compromise of significant scientific or technological developments relating to national security.

Top Secret (TS) is applied to information or material the unauthorized disclosure of which reasonably could be expected to cause exceptionally grave damage to the national security. Examples of exceptionally grave damage include armed hostilities against the United States or its allies; disruption of foreign relations vitally affecting the national securely; the compromise of vital national defense plans or complex cryptology and communications intelligence systems; the revelation of sensitive intelligence operations, and the disclosure of scientific or technological developments vital to national security.

Further access control is provided by additional protection categories:

Limited Dissemination (LIMDIS) establishes measures for the protection of information beyond those involving access to classified information per se, but not so stringent as to require the establishment of a Special Access Program. It prohibits use of terminology indicating enhancements to need-to-know, such as Special Need-to-Know (SNTK), MUST KNOW, Controlled Need-to-Know (CNTK), Close Hold, or other similar security upgrade designations and associated unique security requirements such as specialized nondisclosure statements. Limited dissemination controls are the only security enhancement short of a Special Access Program which may be employed for control over specific information for specified periods of time. In this context, these procedures may be initiated and continued on a showing that additional access controls are required in order to assure the security of the designated information. The decision to apply these procedures shall be made at the original classification authority level of command or supervision in accordance with the implementing information security instructions promulgated by the DoD Component. Except by agreement, such requirements shall not be imposed outside of the approving DoD Component.

Special Access Program (SAP) is any program which imposes need-to-know or access controls beyond those normally required for access to Confidential, Secret, or Top Secret information. It is the policy of the Department of Defense to use security classification categories to limit access to classified information on a need-to-know basis to personnel who have been determined to be trustworthy, and to apply the need-to-know principle in the regular system so that there will be no need to resort to formal Special Access Programs. Also, need-to-know control principles shall be applied within Special Access Programs. In this context Special Access Programs may be created or continued only an specific showing than normal management and safeguarding procedures are not sufficient to limit need-to-know or access, and the number of persons who need access will be reasonably small and commensurate with the objective of providing extra protection for the information involved. Each Special Access Program is assigned a classified code word, or an unclassified nickname, or both.

Extremely Sensitive Information is information and material related to the Single Integrated Operational Plan for the conduct of nuclear warfighting operations.

Sensitive Compartmented Information (SCI) is information and material that requires special controls for restricted handling within compartmented intelligence systems and for which Code Word compartmentation is established. Special Activity is an activity, or functions in support of such activity, conducted in support of national foreign policy objectives abroad that is planned and executed so that the role of the US Government is neither apparent nor acknowledged publicly; but that is not intended to influence US political processes, public opinion, polices, or media. and does not include diplomatic activities or the collection and production of intelligence or related support functions.

A Code Word is a single word (such as UMBRA, which is (was) the code word for communications intelligence, RUFF applies(d) to imagery intelligence, etc.) assigned a classified meaning to insure proper security concerning intentions, and to safeguard information pertaining to actual military plans or operations classified as Confidential or higher. A code word is not assigned to test, drill, or exercise activities (which are instead allocated unclassified Exercise Terms). Code words are activated to designate a classified military plan or operation, or to designate classified geographical locations in conjunction with plans or operations. Code words are assigned a specific Confidential, Secret or Top Secret meaning, which need no be classified as high as the overall classification assigned to the plan or operation. Code wards are selected in such a manner that the word used does not suggest the nature of its meaning.

A Nickname is a two word combination of two separate unclassified words assigned an unclassified meaning employed only for unclassified administrative, morale or public information purposes. Nicknames may be assigned to actual events, projects, movement of forces, or other non-exercise activities involving elements of information of any classification category, but the nickname, the description of the meaning it represents, and the relationship of the nickname and its meaning must be unclassified. A nickname is not designed to achieve a security objective.

No person may have access to classified information unless that person has been determined to be trustworthy and unless access is essential to the accomplishment of lawful and authorized Government purposes, that is, the person has the appropriate security clearance and a need-to-know. Further, cleared personnel may not have access until they have been given an initial security briefing. Procedures are established by the head of each DoD Component to prevent unnecessary access to classified information.

There must be a demonstrable need for access to classified information before a request for a personnel security clearance can be initiated. The number of people cleared and granted access to classified information is maintained at the minimum number that is consistent with operational requirements and needs. No one has a right to have access to classified information solely by virtue of rank or position. The final responsibility for determining whether an individual's official duties require possession of or access to any element or item of classified information, and whether the individual has been granted the appropriate security clearance by proper authority, rests upon the individual who has authorized possession, knowledge, or control of the information and not upon the prospective recipient.

Because of the extreme importance to the national security of Top Secret information and information controlled within approved Special Access Programs, employees are not permitted to work alone in areas where such information is in use or stored and accessible by those employees. This general policy is an extra safeguarding measure for the nation's most vital classified information and it is not intended to cast doubt on the integrity of DoD employees. The policy does not apply in those situations where one employee with access is left alone for brief periods during normal duty hours. When compelling operational requirements indicate the need, DoD Component heads may waive this requirement in specific, limited cases.

LIMDIS protective measures are restricted to one or more of the following: decentralized maintenance of disclosure listings, briefings concerning access limitations, and physical security restrictions limited to requirements such as placing the material in sealed envelopes within approved storage containers to avoid inadvertent disclosure and the commingling with other files; using unclassified nicknames (no code words may be assigned to LIMDIS information); marking the material as LIMDIS along with the assigned nickname; marking inner envelopes containing designated LIMDIS information with the notation: "To be Opened Only By Personnel Authorized Access"; requiring electronically transmitted messages containing designated information to be marked with the uniform caveat LIMDIS; and prescribing unique oversight procedures to be accomplished by Component professional security personnel (industrial security inspections will be conducted in the normal manner by the Defense Investigative Service).

Carve-Out is a classified contract issued in connection with a Special Access Program in which the Defense Investigative Service has been relieved of inspection, responsibility in whole or in part under the Defense Industrial Security Program. The Secretaries of the Military Departments and the DUSD(P), or their designees, ensure that, in those Special Access Programs involving contractors, special access controls are made applicable by legally binding instruments. To the extent necessary for DIS to execute its security responsibilities for Special Access Programs under its security cognizance, DIS personnel have access to all information relating to the administration of these Programs. The use of carve-out contracts that relieve the DIS from inspection responsibility under the Defense Industrial Security Program is prohibited unless: such contract supports an approved Special Access Program; mere knowledge of the existence of a contract or of its affiliation with the Special Access Program is classified information; and Carve-out status is approved for each contract by the Secretary of a Military Department, the Director, NSA, the DUSD(P), or their designees.


Adapted from:

"Pentagon Devises New Classification Scheme for Defense Documents," Defense Week, 29 October 1983, page 12.

Joint Security Commission, Redefining Security, 1994, pages 7-8.

Department of Defense, Office of the Secretary, "Information Security Program Regulation," 32 CFR Part 159a, DoD 5200.1-R, Federal Register, Vol. 54, No. 122, 27 June 1989, page 225958 et seq.

Advanced TSCM Signals Detection and Analysis
TSCM - Sweeping the Spectrum for Eavesdropping Devices



| Home | What is TSCM | Types of Bugs | Warning Signs You're Bugged |
| How To Behave if Bugged | TSCM Threat Levels | How To Engage a TSCM Firm |
| Qualifications | TSCM Protocol | Bug Frequencies | Phone Taps and Bugging |
| Signal Analysis | TDR Analysis | TDR Tutorial | Wiretapping | Training | Tools |
| Equipment | OSC-5000 | Kaiser | Riser Bond | Avcom | Search Rcvrs |
| Outside Links | Recommended TSCM Books | TSCM Reference Library |
| Recommended U.S. TSCM Firms | TSCM-L Mailing List |


-----------------------

Copyright ©2002, Granite Island Group