Summer 1997 Update
Government still too good at keeping secrets
In “The Perils of Government Secrecy” (Issues, Summer 1992), I argued that the growth of the national security classification system had exceeded all reasonable boundaries and proposed some legislative and executive branch measures to limit government secrecy to a necessary minimum.
Since then, classification policy has evolved into a full-blown dysfunction that is wreaking havoc with the conduct of government and shaking public confidence in the U.S. national security establishment. Recently, to cite only a few important examples, undue secrecy contributed to the CIA’s failure to properly assess its own records concerning the presence of chemical weapons in the Gulf War; it blocked the investigation and prosecution of environmental crimes at an unacknowledged U.S. military facility in Nevada; and it impeded the search for plundered Holocaust-era assets in Swiss banks.
Meanwhile, however, there has been growing recognition of the problem and even some measurable progress in coping with it. In 1994, President Clinton ordered the bulk declassification of 44 million pages of classified documents, the largest such release ever achieved. A 1995 executive order established an ambitious new declassification program requiring the release of most classified documents that are more than 25 years old, of which there are more than 1.5 billion pages. And although many agencies are openly defying the new requirements, the pace of declassification is now faster than it has ever been, and the number of new classification actions has dropped to an all-time “low” of around 3 million per year.
In 1994, a Commission on Protecting and Reducing Government Secrecy was created by Congress to examine secrecy policy and propose changes that would reduce the volume of classified material and improve the protection of the remainder. In March 1997, the commission, chaired by Sen. Daniel P. Moynihan, issued an impressive and often eloquent report on its two-year investigation, calling for limits on the scope of classification and for an invigorated declassification program (a copy of the report may be found at . In one of its principal recommendations, the commission called for legislation to provide a uniform government-wide basis for secrecy policy, which has traditionally been based on a series of transient executive orders. Toward this end, the commission members introduced the Government Secrecy Act of 1997. If it survives the deliberative process and if some ambiguous provisions can be clarified, the bill could provide the foundation for significant reform of secrecy policy.
Perhaps the commission’s most penetrating observation is that genuine secrecy reform will require committed leadership at the top. “Key to ensuring that real change occurs will be the realization by senior government officials . . . that it is in their own self-interest, as well as in the country’s interest, to gain control over the secrecy system.” Unfortunately, this kind of realization is rare and difficult to mandate. Hazel O’Leary, who made openness the watchword of her tenure as secretary of energy, is the exception who proves the rule.
The commission devoted the most sustained, high-level official attention ever given to secrecy policy, and the political stature of its bipartisan membership promises to add new momentum to the secrecy reform process. But whether Congress and the White House are prepared to meet the commission’s challenge is an open question. Curiously, the current Congress has gone out of its way to oppose changes in secrecy policy, criticizing and resisting Clinton administration initiatives in this area.
In any event, it can be asserted with confidence that the status quo is unstable and cannot be maintained; the classification system will either be fixed or it will be overtaken by events. Already, leaks of classified information are more common than ever. Public tolerance of government secrecy is diminishing. Although new information technologies are significantly enhancing public access to government information, they are also raising expectations of even greater openness. And emerging technologies such as commercial high-resolution satellite imagery will move us all a giant step closer to global transparency. For better and for worse, secrets are going to become much harder to keep.
Deciphering cryptography policy
In “National Cryptography Policy for the Information Age” (Issues, Summer 1996), we argued that then-current federal efforts to control encryption technologies were damaging to information security. Based on the National Research Council (NRC) report Cryptography’s Role in Securing the Information Society (NAP, 1996), we said that the U.S. government should relax–not eliminate–export controls on encryption and that it should experiment with key-recovery encryption rather than promoting it aggressively to the private sector at this time. We also emphasized the need to rely more on market forces in any new policy.
Since then, U.S. national cryptography policy has changed in a number of ways. The administration shifted export jurisdiction over cryptography from the State Department to the Commerce Department. It also temporarily relaxed controls over encryption products involving the Data Encryption Standard (DES), a 56-bit encryption algorithm, but it has clearly not abandoned its push for key-recovery encryption. Vendors can export DES products only if they submit a business plan promising to develop and market key-recovery encryption products by January 1, 1999, after which date only key-recovery products will be approved for export. The administration has also floated a bill that includes other measures to promote the use of key recovery.
At the same time, several members of Congress have introduced bills that would further relax export controls on encryption and make the relaxation permanent. One of these bills, the Security and Freedom Through Encryption (SAFE) Act (H.R.695), has cleared the House Judiciary Committee and awaits action by the House International Relations Committee.
Although we applaud the administration’s relaxation of export controls, the conditions for approval and the time limit are too restrictive. We still maintain that the administration should experiment with key recovery in its own systems to test its usefulness and allow the private sector to decide if key encryption meets its needs. The nation still lacks the experience to make sensible legislation that would govern or promote key recovery.