INFORMATION SECURITY OVERSIGHT OFFICE (ISOO) ANNUAL REPORT TO THE PRESIDENT

-tr~~v?teet~,a~- 25X1 25X1 25X1 25X1 25X1 25X1 ROUTING AND RECORD SHEET SUBJECT: (Optional) INFORMATION SEC URITY OVERSIGHT OFFICE (IS00) ANNUAL REPOR T TO THE PRESIDENT FROM: EXTENSION NO. DD A Re ist A enc Sec urit lassif i cation Officer g y y - Office of Informio at DATE Jli" 1$ ~ ly," TO: (ORlcer designation, building) room er, and numb OFFICER'S COMMENTS (Number each comment to show from whom 1 9 REOEIVED FORWARDED INITIALS to whom. Draw a line across column after each comment.( 1 Executive - If Assistant t h e /q Deputy Director for A minis ratio Attached is the Information 7018 Hq Security Oversight Office's 2. (IS00) FY 86 Annual Report to the President. IS00's Annual Report is based on 3. classification statistics 14 !j 7 provided by the Agency and other Executive branch 4. CMS _ I ~ n2 agencies. y/ ~ , 0 Also attached is a brief 5. summary of ISOO's oversight role and the Agency's FY 86 statistical report to IS00. 6' 0/DDA/IMO Twice annually each Agency office is obliged to count 7. the number of classified documents it produces. This is a laborious and time 8. consuming task for all concerned and I would like to take this opportunity v to express my appreciation for the cooperation and support of your office 10 articularly that of~ F ODDA Information Management Officer (IMO). 11. 12. 13. 14. 15. FORM 610 USE aIIONS P 4 U.s. Government Mating Office: 1uer14eae/eelee i_,e l\ I Sanitized Copy Approved for Release 2011/10/14 CIA-RDP89GO0643RO01100020015-7  INFORMATION SECURITY OVERSIGHT OFFICE (IS00) ANNUAL REPORT TO THE PRESIDENT 1. The I500 Annual Report reports on Executive branch compliance with Executive Order (EO) 12356 - National Security Information. The EO defines the types of information that must be protected by national security classification, the procedures to ensure its protection and, finally, authorizes ISOO to oversee Executive branch compliance. The IS00 Report is based on statistics collected from the Executive branch agencies and IS00's on-site inspections. 2. The Agency provides IS00 with information on classification related matters, on Mandatory Review requests and on Agency inspections or surveys done in relation to the information security program. The Classification Management Branch (CMB) is responsible for collecting the information and for providing it to I500 using Standard Form (SF) 311. A brief summary of Agency reporting follows: a. Sections 5, 6 and 7 of SF 311 concerns the number of persons authorized to make original classification decisions and the number of classified documents created during FY 86. Agency data concerning the number of classified documents created is compiled by taking an actual count of all classified documents produced by the Agency during two one-week periods. Agency Information Management Officers (IMO) are responsible for insuring that all classified documents originated during the two one-week periods are counted. The first count is taken in March and the second count taken in September. The totals from the two counts are combined and projected for the entire year. Using this process, we reported a total of 2,497,456 classified documents originated in the Agency during FY 86. The classification count is the most labor intensive part of the ISOO reporting requirement. b. Section 8 of SF 311 concerns Mandatory Review (MR) requests. ISOO requires reporting on the number and status of the MR requests received. Most Agency MR requests are from Presidential libraries or from the National Archives and Records Administration (NARA). The Information and Privacy Division is responsible for processing Agency MR requests and for providing CMB with information for inclusion in the Agency's annual report to ISOO. c. Sections 10, 11 and 12 of SF 311 refer to the number of self-inspections and surveys carried out on various aspects of our information security program such as improper storage of classified information or unauthorized access, or improper classifications or classification markings. Agency information provided to IS00 on self-inspections and surveys relates to Office of Security investigations of security violations and overseas security surveys. Information relating to document classification activities is provided by CMB.  STAT AGENCY INFORMATION A. FROM B. TO SECURITY PROGRAM DATA 1 Oct. 85 30 Sen. Rf Central Intelligence Agency Office o n ormation Services irect f Administration A. TOP SECRET B. SECRET C. CONFIDENTIAL D. TOTAL 0 0 0 0 ORIGINAL 7. CLASSIFICATION DECISIONS DATE OR EVENT DETCRIGINATING AGENCY'S ERMINATION REQUIRED DE'IVATIVE (O.A. D. R.1 a l IbI Ib1 A. TOP SECRET 104 11,596 64,428 B. SECRET 1,S86 101 400 ' 029 638 C. CONFIDENTIAL 832 20,150 403.390 8. MANDA- CASES FOR WHICH AGENCY IS RESPONSIBLE FOR FINAL DECISION TORY CASES DECLASSIFICATION DECISIONS CASES REVIEW CARRIED NEW (Report in cases, documents, and pages) CARRIED OVER FROM CA ES REQUESTS PREVIOUS S RECEIVED GRANTED IN FULL GRANTED IN PART DENIED OVER TO NEXT AND PERIOD (cI (d) (el PERIOD APPEALS (a) (b) CASES ROCS. PAGES CASES , ROCS. , PAGES CASES I DOGS. PAGES (fl AREQUESTS 123 363 5J 121 530 191 3165 I 11936 8 ] 201 I 2159 151 B.APPEALS 11 19 31 J 4J 203 12 *This figure reflects two completed cases not accounted for under "declassification decisions"; both were cancelled. 11, NUMEER OF INFRACTIONS INVOLVING. B. UNOERCLASSIFICATION IC. CLASSIFICATIONNITHOUT AUTI-*OR [TV 311102 STANDARD FORM 311 (REV. 4-93) Sanitized Copy Approved for Release 2011/10/14 : CIA-RDP89GO0643RO01100020015-7 rescrlbea by GSA/ISOO -.O. 12356  Sanitized Copy Approved for Release 2011/10/14: CIA-RDP89G00643R001100020015-7 Information Security Oversight Office Annual Report to the President FY 1986 Sanitized Copy Approved for Release 2011/10/14: CIA-RDP89G00643R001100020015-7  Thank you for your latest report on the Government- wide information security program established in Executive Order 12356. On many occasions I have stressed the need for vigilance in protecting infor- mation essential to our national security, while ensuring that only the information that requires such protection is classified. I am pleased to note the progress we are making in both areas. I take particular interest in the findings of your special document reviews, especially in the evidence that the problem of overclassification is not as wide- spread as has been suggested in some quarters. Despite this positive development, I again urge those officials who are authorized classifiers to make every effort not to classify information unless the national security demands it. The integrity of the entire information security program depends upon these efforts. Once again, I want to express my appreciation to you, your staff, and all the others throughout Government and industry involved in the protection of national security information. With perseverance, the system we have established will continue to meet successfully America's need in this vital area. Mr. Steven Garfinkel Director Information Security Oversight office 18th and F Streets, N.W. Washington, D.C. 20405  Sanitized Copy Approved for Release 2011/10/14 : CIA-RDP89GO0643RO01100020015-7 inrormauon oecunry uversigni urnce Washington, DC 20405 I am pleased to submit the Information Security Oversight Office's (IS00) 1986 Report to the President. This is IS00's fourth Report on the system that you established in Executive Order 12356, "National Security Information." By necessity a system that is primarily concerned with protecting our vital secrets, it operates under your firm instruction to limit classification to its necessary minimum. This Report notes many achievements in support of this mandate. Among the reported data are a substantial decrease in the total number of classification actions and a substantial increase in the declassification of historically valuable records. In addition to the data that ISOO collects from the agencies, for the first time this Report also includes the results of special reviews of classified documents conducted by IS00's analysts in FY 1986. These reviews provide further evidence of a system that is generally working very well. Just as important, however, they reveal that a little extra effort can eliminate almost all the technical errors that comprise most of the problems that we uncovered. Throughout the executive branch people are working to meet your goal of enhanced protection for national security information without excessive classification. Your commitment to an effective oversight program offers us the opportunity to have a positive impact upon their efforts. Respectfully, Steven Garfinkel Director The President The White House Washington, DC 20500  Table of Contents Letter to the President ............................... 1 Agency Acronyms or Abbreviations ..................... 5 Summary of FY 1986 Program Activity ................... 7 The Information Security Program FY 1986 ................ 9 Program Reviews and Inspections ..................... 9 Statistical Reporting ............................... 10 Use of Sampling Systems ........................... 10 Original Classification Authorities ..................... 12 Original Classification .............................. 13 Derivative Classification ............................ 16 Combined Classification Activity ...................... 19 Mandatory Review for Declassification .................. 22 Systematic Review for Declassification ................. 25 Agency Self-Inspections and Infractions ................ 27 Appendix A: ISOO Special Document Reviews .............. 28 B: Classified Information Nondisclosure Agreement .. 35 C: ISOO Standard Forms Program ............... 36 D: ISOO Information Security Briefing Series ....... 39 1. Original Classifiers ............................... 12 2. Original Classifiers by Level FY1986 ....................................... 12 3. Original Classification Activity FY 1985-1986 .................................. 13 4. Original Classification Level Assignments .............. 14 5. Original Classification Activity by Agency FY 1985-1986 ..................................14 6. Original Classification Activity Major Agencies FY1986 ....................................... 15 7. Original Classification/Declassification Assignments FY 1986 .......................................15 8. Derivative Classification Activity FY1985-1986 ..................................16 9. Derivative Classification Level Assignments ............. 17 10. Derivative Classification Activity by Agency FY1985-1986 ..................................18 11. Derivative Classification Activity Major Agencies FY1986 .......................................18 12. Combined Classification Activity FY1985-1986 .................................. 19 13. Combined Classification Level Assignments ............ 20 14. Combined Classification Activity by Agency FY 1985-1986 ..................................20 15. Combined Classification Activity Major Agencies FY 1986 .......................................21  Exhibits (Cont.) 16. Mandatory Review Requests Received FY 1979-1986 ................................... 22 17. Mandatory Review Pages Processed FY 1983-1986 ..................................22 18. Mandatory Review Action Taken FY 1986 .......................................23 19. Mandatory Review Actions by Agency FY 1986 .......................................23 20. Mandatory Review Appeals Pages Processed FY1983-1986 ..................................24 21. Mandatory Review Appeals Workload in Pages FY 1986 .......................................24 22. Systematic Review for Declassification Pages Reviewed FY 1973-1986 ...................................25 23. Systematic Review for Declassification Percentage of Pages Declassified FY 1973-1986 ...................................25 24. Systematic Review for Declassification Actions by Agency FY1986 .......................................26 25. Agency Self-Inspections ........................... 27 26. Infractions FY 1983-1986 ..................................27 27. ISOO Special Document Reviews The Sample By Document Type/Classification Level ................ 28 28. ISOO Special Document Reviews Classification Levels .............................. 30 29. ISOO Special Document Reviews Basis for Classification ............................ 31 30. ISOO Special Document Reviews Original/Derivative Classification ..................... 31 31. ISOO Special Document Reviews Duration of Classification .......................... 32 32. ISOO Special Document Reviews Discrepancies .................................. 33  Agency Acronyms or Abbreviations Used in This Report ACDA Arms Control and Disarmament Labor Department of Labor Agency MMC Marine Mammal Commission AID Agency for International NARA National Archives and Records Development Administration Air Force Department of the Air Force NASA National Aeronautics and Space Army Department of the Army Administration BIB Board for International Navy Department of the Navy Broadcasting NLRB National Labor Relations Board CEA Council of Economic Advisers NRC Nuclear Regulatory Commission CIA Central Intelligence Agency NSA National Security Agency Commerce Department of Commerce NSC National Security Council DARPA Defense Advanced Research NSF National Science Foundation Projects Agency OA, EOP Office of Administration, Executive DCA Defense Communications Agency Office of the President DCAA Defense Contract Audit Agency OJCS Organization of the Joint Chiefs of DIA Defense Intelligence Agency Staff DIS Defense Investigative Service OMB Office of Management and Budget DLA Defense Logistics Agency OMSN Office for Micronesian Status DMA Defense Mapping Agency Negotiations DNA Defense Nuclear Agency Overseas Private Investment DOD Department of Defense Corporation DOE Department of Energy OPM Office of Personnel Management DOT Department of Transportation OSD Office of the Secretary of Defense ED Department of Education OSTP Office of Science and Technology EPA Environmental Protection Agency Policy EXIMBANK Export-Import Bank OVP Office of the Vice President FBI Federal Bureau of Investigation PC Peace Corps FCA Farm Credit Administration PFIAB President's Foreign Intelligence FCC Federal Communications Advisory Board Commission President's Intelligence Oversight FEMA Federal Emergency Management Board Agency SBA Small Business Administration FHLBB Federal Home Loan Bank Board SDIO Strategic Defense Initiative FMC Federal Maritime Commission Organization FRS Federal Reserve System Securities and Exchange GSA General Services Administration Commission HHS Department of Health and Human SSS Selective Service System Services State Department of State HUD Department of Housing and Urban Treasury Department of the Treasury Development TVA Tennessee Valley Authority ICC Interstate Commerce Commission USDA Department of Agriculture ISOO Information Security Oversight USIA United States Information Agency Office USPS United States Postal Service Interior Department of the Interior USTR Office of the United States Trade ITC International Trade Commission Representative Justice Department of Justice Veterans Administration  Summary of FY 1986 Program Activity The FY 1986 Report to the President is the fourth to examine the infor- mation security program under E.O. 12356. The statistics concerning classification decisions include DOD figures that reflect its use of a revised sampling system introduced in FY 1985. The following data highlight ISOO's findings: Classification Activities ? The number of original classification authorities decreased significantly to 6,756. ? Original classification decisions increased 6%, to 1,221,110. ? By classification level, 2% of original classification decisions were Top Secret, 53% were Secret, and 45% were Confidential. ? Derivative classification decisions decreased 32%, to 9,548,538. ? The total of all classification actions, 10,769,648, marked a surprising 29% decrease from the prior year. ? Among executive branch agencies, DOD accounted for 68% of all classification decisions; CIA 24%; Justice 5%; State 2%; and all others less than 1 %. Declassification Activities ? Agencies received 4,081 new mandatory review requests. ? Agencies processed 3,991 cases, 10% more than in FY 1985; declassified in full 119,504 pages; and declassified in part 39,911 additional pages. ? Agencies received 497 new mandatory review appeals, 76% more than in FY 1985. ? Agencies acted on 575 appeals, 10% more than in FY 1985, and declassified in whole or in part 46,529 pages in addition to those released in the initial mandatory review process. ? Under the systematic review program, agencies reviewed 16,373,035 pages of historically valuable records, an increase of 57% over FY 1985; and declassified 14,272,268 pages, 76% more than in FY 1985. ? Agencies conducted 27,361 self-inspections, a slight decrease from FY 1985. ? Agencies reported 13,812 infractions, 9% fewer than in FY 1985.  Information Security Oversight Office The Information Security Program FY 1986 Under Executive Order 12356, the Information Security Oversight Office (ISOO) is responsible for monitoring the information security programs of those exec- utive branch activities that create or handle national security infor- mation. Originally established by Executive Order 12065, ISOO continues to be the primary over- sight organization in the system prescribed by President Reagan's Order of April 2, 1982. In this role, ISOO oversees the information security programs of approxi- mately 65 departments, inde- pendent agencies and offices of the executive branch. E.O. 12356 also requires the Director of ISOO to report annually to the President about the ongoing implementa- tion of the Order's provisions. This Report summarizes Govern- ment-wide performance during FY 1986, the system's fourth year. ISOO is an administrative com- ponent of the General Services Administration but receives its policy direction from the National Security Council. The Administra- tor of General Services appoints the ISOO Director, whose appointment must be approved by the President. The ISOO Director appoints the staff, which numbers between 13-15 persons. For FY 1986, ISOO's budget was $686,000. ISOO accomplishes its mission through a number of different oversight activities. First, it develops and issues implement- ing directives and instructions regarding the Order. Second, ISOO conducts on-site inspec- tions or program reviews of agen- cies that create or handle national security information. During FY 1986, ISOO analysts also continued to monitor the agencies' implementation of the Classified Information Nondisclosure Agree- ment, Standard Form 189, pre- scribed by National Security Decision Directive 84 (NSDD 84), which all cleared personnel must sign as a condition of access to classified information. Appendix B, p. 35, reports on the status of implementation of this require- ment by each agency. Third, ISOO gathers, analyzes, and reports statistical data on agencies' pro- grams. Fourth, it evaluates, devel- ops, or disseminates security education materials and pro- grams. Having begun in FY 1986, ISOO is now completing revision of its Information Security Briefing series. Appendix D, p. 39, briefly describes this program. Fifth, ISOO receives and takes action on suggestions, complaints, dis- putes, and appeals from persons inside or outside the Government on any aspect of the administra- tion of the Order. In this area, ISOO serves as the final appellate authority for the mandatory declassification review of presi- dential materials. Sixth, it con- ducts special studies on identified or potential problem areas and on programs to improve the system. During FY 1986, ISOO conducted special document reviews of the major classifying agencies in addition to its regular inspections. Appendix A, p. 28, reports the cumulative results of these reviews. Also in FY 1986, ISOO continued its program to develop and issue standard forms to pro- mote uniform implementation of the Order, and to reduce Govern- ment costs by eliminating unnec- essary duplication. Appendix C, p. 36, describes the standardized forms that ISOO has issued to date. Seventh, ISOO maintains continuous liaison with monitored agencies on all matters relating to the information security system. This Report is based upon pro- gram reviews and inspections conducted by the ISOO staff and the compilation and analysis of statistical data regarding each agency's program activity. Program Reviews and Inspections ISOO's program analysts serve as liaison to specific agencies to facilitate coordination and to pro- vide for continuity of oversight operations. The analysts must stay abreast of relevant activities within each agency's information security program; coordinate with assigned agency counterparts on a continuing basis; and conduct formal inspections of the agency's program in accordance with a planned annual inspection schedule. These inspections may include visits to selected field activities as well as offices in the Washington metropolitan area. These on-site surveys encom- pass all aspects of the informa- tion security program, including classification, declassification,  safeguarding, security education, and administration. The inspec- tions include detailed interviews with agency security personnel, classifiers, and handlers of national security information. To the extent possible, ISOO ana- lysts review a sampling of classi- fied information in the agency's inventory to examine the propriety of classification, the existence of necessary security markings and declassification instructions, and compliance with safeguarding procedures. ISOO analysts also monitor security training pro- grams to determine if the agen- cies adequately educate person- nel about classifying, declassify- ing, marking, and safeguarding national security information. When weaknesses in an agency's program are identified, ISOO ana- lysts recommend corrections, either on-the-spot or as part of a formal inspection report. Critical reports require immediate reme- dial attention by the agency prior to a follow-up inspection by ISOO. These inspections provide spe- cific indicators of agency com- pliance or noncompliance with E.O. 12356 that are not apparent simply from the analysis of statis- tical data. Statistical Reporting To gather relevant statistical data regarding each agency's informa- tion security program, ISOO developed the Standard Form 311, which requires each agency to report annually the following information: 1. The number of original classi- fication authorities; 2. the number of declassification authorities; 3. the number of original classi- fication decisions, including the classification level of those decisions and the duration of classification; 4. the number of derivative classi- fication decisions by classifica- tion level; 5. the number of requests received for mandatory review for declassification and agency actions in response to these requests in terms of cases, documents, and pages; 6. the number of pages of national security information reviewed during the year under systematic declassification pro- cedures and the number declassified; 7. the number of formal self- inspections conducted by the agency; and 8. the number of security infrac- tions detected by the agency within its own program. The statistics reflected in this Report cover the period October 1, 1985, through September 30, 1986. For most of the agencies that ISOO monitors, the statistics reported each year are based on an actual count in each category. Because of the enormous volume of classification activity in some of the larger agencies, they must calculate their classification actions on the basis of approved sampling systems. All other data, including classification author- ities, declassification actions, self-inspections, and infractions, are based on actual counts for all agencies. The sampling system originally developed by DOD, and in use since ISOO began collecting pro- gram activity statistics, was based entirely on electronically transmitted message traffic. DOD then extrapolated the data regarding electronically transmit- ted messages in an effort to esti- mate classification data for other types of documentation. At the time, it was believed to be the only feasible means for DOD to sample its classification activity. Although ISOO approved the message traffic system, ISOO and DOD were never satisfied that it was producing the most accurate data, except to the extent that a year by year analysis permitted the observation of trends. To improve the accuracy of its classification statistics, DOD agreed to develop a revised sam- pling system that would produce more reliable data. The revised method varies considerably from the prior one. First, the sample is no longer based exclusively on message traffic data. It includes all other documentary types, such as letters, memoranda, and reports. Second, the totals are based on data supplied from a greater number of DOD compo- nents, including all of the major activities of the military depart- ments, the DIA, and NSA. The revised method requires the DOD activities to count classification actions over a one week period. The numbers obtained are then multiplied by 52. Appendix A to last year's ISOO Report to the President described the revised sampling system in greater detail. FY 1985 was the year of transi- tion for DOD. It utilized both sam- pling systems in reporting its statistics to ISOO. In the body of its FY 1985 Report, ISOO utilized the figures provided by the old message traffic sampling system. This was done to allow for more meaningful comparisons with DOD's classification data from prior years. However, at that time, ISOO indicated its intention to use the data provided by the revised system in future reports, because they provide more accurate num-  bers. For this reason, the classi- fication data in this Report include those provided by DOD's new sampling method. As a result, the accompanying exhibits on Gov- ernment-wide classification activ- ity contain comparisons for FY 1985 and FY 1986 only, since they are the only years for which comparable data are available. The remainder of the exhibits, relating to classification author- ities, declassification activities, self-inspections, and infractions, usually include data from earlier years as well. To refine further the reporting system for FY 1986, ISOO recom- mended that DOD and CIA con- duct their sampling of classifi- cation activity on more than one occasion during the year. Both agencies agreed to do so in FY 1986, and sampled their clas- sification activity for two separate weeks at different times of the year. In the past, ISOO had expressed concern that relying exclusively on a one week period may have resulted in skewed numbers. For example, during one year, the week selected might be unusually slow in terms of the volume of classified information generated. Thus, the numbers reported would be too low. On the other hand, the week selected another year might occur during a crisis, and result in unrealistically high figures.  Original Classification Authorities Decrease Significantly (Exhibits 1 and 2) Original classifiers are those indi- viduals designated in writing, either by the President or by selected agency heads, to clas- sify information in the first instance. During FY 1986, partly in response to ISOO's continuing entreaties to keep them to a mini- mum, the agencies decreased the number of individuals with original classification authority. Limiting the number of original classifiers may have a significant impact on controlling the volume of overall classification activity. ISOO will continue to impress upon agen- cies the importance of regular surveys of their original classifiers. The number of executive branch employees authorized to classify originally has decreased dramatically since FY 1971, when the figure was 59,316. In FY 1986, there were 6,756 individuals with original classification authority. This is also considerably less than the total of 7,014 reported in FY 1985; in fact, it represents the FY 1971 - 1986 E.O. 10501 E.O. 11652 21,277 it 13,976 0 7,056 I fewest number of original classi- fiers since ISOO began collecting such data. ISOO commends the four agencies which primarily account for the reduction. They are CIA, DOD, DOE, and NRC. Their decreases more than offset increases at several other agencies. FY 1986 Ig~1 Igo "Top Secret" Authorities: I ^ "Secret" Authorities: MM I I! 1 I~1 "Confidential" Authorities: I A ISOO's FY 1985 Report expressed concern about the increased number of original clas- sification authorities over FY 1984, especially at the Top Secret level. In FY 1986, improve- ments were achieved at all levels, with Top Secret, Secret and Confidential authorities decreas- ing by 4%, 3%, and 5%, respec- tively. Although some of the major classifying agencies have signifi- cantly reduced their authorities, ISOO will continue to encourage each to make a concerted effort to reduce further the number of (1,502) original classifiers. This is espe- cially true for those agencies reporting increases in FY 1986. In (4,147) its program reviews, ISOO will t = 500 Authorities ask those agencies to justify these increases or to reverse them. ISOO continues to believe that some designations are based solely on the purported prestige of being an original classification authority. This will always be an unacceptable basis.  Original Classification Decisions Increase Modestly (Exhibits 3 through 7) Original classification is an initial determination by an authorized classifier that information requires protection against unauthorized disclosure in the interest of national security. This process includes both the determination of the need to protect the infor- mation and the placement of markings to identify the informa- tion as classified. The act of clas- sifying information originally is the prelude to all other aspects of the information security system. Therefore, the number of original classification decisions is proba- bly the most important statistic reported by ISOO. Because ISOO now includes the data derived from DOD's revised sampling sys- tem, it can compare only the clas- sification data for FY 1985 and FY1986. Comparable numbers are not available for prior years. In FY 1986, the number of orig- inal classification decisions rose by 73,757 (+6%), to 1,221,110. A comparison of classification activity at each level between FY 1985 and FY 1986 shows that the number of Top Secret actions decreased by 17,118 (-41 %), to 24,207; Secret actions rose by 72,918 (+13%), to 652,290; and Confidential actions increased by 17,957 (+3%), to 544,613. Although the agencies demon- strated a concerted effort to reduce the number of original Top Secret actions, the continuing increase in Secret actions is one indicator of a trend that has devel- oped to protect more classified information at this level. Last year ISOO stated that it would watch carefully to ensure that any such movement was justified. Accord- ingly, during FY 1986, ISOO initi- Sec 85 Sec 86 Conf Conf 85 86 ated a special document review program to examine, among other areas, how agencies are comply- ing with proper classification prin- ciples. Appendix A, p. 28, contains more detailed informa- tion on these document reviews. Although these reviews provide evidence that the classification process is generally working well, they confirm that classifiers are assigning the Secret level more frequently each year. In part, this appears to result from a lack of confidence by classifiers in the Confidential level. The Secret level also appears to offer the comfortable "middle ground" in making a classification assign- ment. ISOO will continue to monitor this area closely. Total 85 Total 86  ORIGINAL CLASSIFICATION LEVEL ASSIGNMENTS A comparison of original clas- sification level assignments between FY 1985 and FY 1986 shows that the relative percent- ages remained nearly constant. In FY 1985, 4% of the agencies' original classification actions were Top Secret; 50% were Secret; and 46% were Con- fidential. During FY 1986, the percentage of Top Secret actions decreased to 2%; Secret increased to 53%; and Con- fidential decreased to 45%. The significant decrease in original Top Secret decisions is made more important by the sur- prisingly high number of Top Secret derivative actions reported below. If both original and derivative Top Secret actions had increased significantly, it would strongly indicate a trend in that direction. However, the reported decrease in original Top Secret decisions is one indicator that suggests that this year's derivative Top Secret numbers are in all likelihood a statistical aberration. This would be con- sistent with all other evidence available to ISOO regarding the distribution of classification level assignments. A comparison of the data of each of the major original classify- ing agencies indicates that DOD and State registered increases in FY 1986, while CIA and Justice reported decreased activity. DOD reported 812,058 original deci- sions (+16%) in FY 1986. State's actions increased by 14,124 (+8%), to 199,844. The CIA reported a large decrease in the number of original classification decisions during FY 1986, from 181,688, to 135,668 (-25%). Jus- tice also reported decreased orig- inal classification activity for FY 1986. The 65,022 actions are 9% fewer than for FY 1985. Among the agencies with more modest levels of classification activity, ISOO commends the fol- lowing for achieving substantial reductions in original classifica- tion: AID (-67%); NRC (-80%); and Treasury (-6%). ORIGINAL CLASSIFICATION ACTIVITY BY AGENCY FY 1985 - 1986 In Thousands 702 FY 198FY 1986 10 0 136 loom 65 9 CIA Justice All Others CIA Justice All Others  Consistent with prior years, the same four agencies account for approximately 99% of the original classification decisions within the executive branch. In FY 1986, DOD accounted for 67%; State 16%; CIA 11 %; and Justice 5%. As part of the original classi- fication process, the classifier must determine a time frame for the protection of the information. This is commonly referred to as the "duration" of classification. E.O. 12356 provides classifiers with two means of designating declassification instructions for national security information. First, the information may be marked for declassification upon a specific date or event. For example, a classifier may deter- mine that the information's sen- sitivity will cease upon the completion of a particular project. That event would be noted on the face of the document. Only if a specific date or event cannot be determined at the time of classi- fication does the classifier mark the document with the notation "Originating Agency's Determina- tion Required" ("OADR"). "OADR" indicates that the infor- mation must be reviewed by the originating agency before any declassification action is taken. For FY 1986, using the new sampling method, DOD reported that 18% of the documents it orig- inally classified contained a date or event for declassification, down from 22% in FY 1985. As a result, the overall rate within the executive branch decreased from 15% in FY 1985, to 13% in FY 1986. Despite the lower figure reported by DOD, it continues to lead the major agencies in the proportion of items assigned a date or event for declassification. Agencies improving their rate dur- ing the year include the CIA (1 % in FY 1985, to 2% in FY 1986); Jus- tice (0A% in FY 1985, to 1 % in ORIGINAL CLASSIFICATION ACTIVITY MAJOR AGENCIES FY 1986); and Treasury (9% in FY 1985, to 15% in FY 1986). State's rate decreased from 8% in FY 1985, to 6% in FY 1986. During the course of their on- site inspections and the special document reviews, ISOO analysts have observed a number of docu- ments marked "OADR" that could have specified a date or event for declassification. For example, they have seen a number of visit itineraries, sensitive only for the duration of the visit, marked "OADR:" ISOO remains con- ORIGINAL CLASSIFICATION/ DECLASSIFICATION ASSIGNMENTS vinced that this is an area in which improvements are achieva- ble. It will continue to press agen- cies to use a date or event whenever possible, since auto- matic declassification instructions can result in substantial savings to the Government in terms of the resources needed to maintain sufficient declassification pro- grams, and in terms of the costs associated with the safeguarding of classified information for unnecessarily long periods of time. FY 1986 Agency % Assigned Date or Event for Declassification % OADR (Must be Reviewed Before Declassification) 0/b "TS" 0/0 "S" % "C DOD 18 82 1 55 44 CIA 2 98 9 76 15 State 6 94 0 22 78 Justice 1 99 6 84 10 Treasury 15 85 1 6 93 All Others 5 95 2 23 75  Derivative Classification Decreases Substantially (Exhibits 8 through 11) Derivative classification is the act of incorporating, paraphrasing, restating or generating in new form classified source informa- tion. Information may be deriva- tively classified in two ways: (a) through the use of a source docu- ment, usually correspondence or publications generated by an orig- inal classification authority; or (b) through the use of a classification guide. Only executive branch or Government contractor employ- ees with the appropriate security clearance who are required by their work to restate classified source information may classify derivatively. For FY 1986, executive branch agencies reported making 9,548,538 derivative classification decisions. This figure represents a tremendous decrease of 4,424,407 fewer (-32%) deriva- tive classification decisions than in FY 1985. It also represents the first time since ISOO has been collecting, analyzing, and report- ing classification data that the number of derivative decisions has decreased from one year to the next. While ISOO is not sur- prised that the number of classi- fication decisions did not increase from FY 1985 to FY 1986, the amount of the decrease is very Sec 85 Sec 86 Conf Conf 85 86 surprising. Equally surprising is the reported number of Top Secret derivative decisions. While reported Secret derivative deci- sions decreased by 895,444 actions (-13%), and reported Confidential derivative decisions decreased by an enormous 4,467,974 actions (-65%), the number of reported Top Secret derivative actions rose by 939,011 actions (+259%). As a result, Top Secret actions comprised an unprecedented 14% of all deriva- tive actions reported for FY 1986. Total 85 Total 86  ISOO strongly suspects that both the huge decrease in deriva- tive actions and the increased percentage of Top Secret deriva- tive actions are statistical aberra- tions. Both are primarily the result of the large variation in the num- bers reported by DOD from FY 1985 to FY 1986. DOD is unable to cite any specific reason related to its classified programs that accounts for these changes. However, these are the first two years of the revised DOD sam- pling system. Given the magni- tude of DOD's world-wide operations, the successful imple- mentation of this system is a mammoth task. ISOO believes that variations of this dimension are very likely to disappear as the improved sampling system is bet- ter established over time. While ISOO cannot recalculate through alternative means the amount of classification activity that takes place in a given year, it does have alternative means to estimate the breakdown in classi- fication activity among classifica- tion levels. No other indicator in this or any other year has ever suggested a percentage of Top Secret actions that comes even close to that reported for deriva- tive actions in FY 1986. For exam- ple, ISOO's special document reviews in FY 1986 (see Appendix A, p.28) revealed a Top Secret rate of less than 7%, even though the reviews concentrated on activities that would be expected to produce a higher than average proportion of Top Secret actions. Therefore, ISOO assumes that the number of Top Secret deriva- tive actions reported for FY 1986 largely overstates their actual number. It also assumes that in future years this percentage will return to a figure between 2% and 5%. Despite the enormous drop in the number of derivative Confidential decisions, which also is a result of the figure reported by DOD, ISOO does not assume that this is as obvious a statistical aberration. All other indicators now available to ISOO suggest that Confidential decisions account for between 30% and 40% of the total. While the reported figure of 25% Confi- dential derivative actions seems quite low, it is not as abnormal as the reported number of Top Secret derivative actions. Because ISOO has no means available to recalculate the number of classification actions, it cannot state with certainty the comparative accuracy of the disparate figures in derivative classification reported by DOD in FY 1985 and FY 1986, respec- tively. It suspects, however, that the actual number may be some- where in between the two. Alter- natively, the figure reported for FY 1985 was skewed by an unusually high level of derivative classification activity during the week sampled, or the figure reported for FY 1986 was skewed by an usually low level of deriva- tive classification activity during the two weeks sampled. DERIVATIVE CLASSIFICATION LEVEL ASSIGNMENTS  For FY 1986, DOD reported 6,516,146 derivative decisions, over 4 million fewer (-38%), than the number reported in FY 1985. CIA also reported a significant drop in derivative classification activity, from 3.25 million to 2.5 million (-23%). While applauding both agencies for their sincere efforts to control classification activity, ISOO also believes that these decreases resulted in part from improved sampling systems. DOD's situation is discussed above. In CIA's case, the agency conducted its sampling over two separate time periods rather than one, as it had done in the past. This lessened the possibility that the numbers would be skewed by unusual classification activity in one sampling period. DOD's and CIA's reported decreases more than offset a large increase in derivative classi- fication activity reported by Justice, from 108,930 actions in FY 1985, to 487,879 actions in FY 1986 (+348%). Again, how- ever, this large variation appears to result from a change in the sampling system used to collect DERIVATIVE CLASSIFICATION ACTIVITY BY AGENCY FY 1985 - 1986 In Millions 1.1.5 the data to be reported to ISOO. Here the change took place at the FBI, which accounts for most of the classification activity within Justice. In prior years, the FBI took an actual count of its Head- quarters classification activity over a one week period and multiplied that figure by 52. Head- quarters then estimated the DERIVATIVE CLASSIFICATION ACTIVITY MAJOR AGENCIES amount of additional classification that took place in FBI Field Offices, and added that to the Headquarters total. In FY 1986, both Headquarters and the Field Offices conducted an actual count over a one week period and multiplied this amount by 52. It turned out that the FBI Field Offices account for a far greater number of derivative actions than was previously estimated. Among the agencies with more modest levels of classification activity, ISOO commends the fol- lowing for achieving significant reductions in derivative classifica- tion: ACDA (-70%); NSC (-12%); Treasury (-35%); USDA (-26%); and USPS (-44%). Once again, DOD and CIA account for the overwhelming number of derivative actions within the executive branch, 68% and 26%, respectively. With its reported increase in derivative activity, Justice now accounts for 5% of the total. All other agencies reported 47,057 derivative actions, less than 1 % of the total.  Combined Classification Activity Decreases Significantly (Exhibits 12 through 15) For FY 1986, the number of original and derivative classifi- cation decisions combined was 10,769,648. This represents a decrease of 4,350,650 actions (-29%) from FY 1985. The decrease is based, of course, on the tremendous decrease in derivative actions discussed above. By classification level, the number of combined Top Secret actions increased from 404,330, to 1,326,223 (+228%); the num- ber of Secret actions decreased from 7,289,093, to 6466,567 (-13%); and the number of Confidential actions decreased from 7,426,875, to 2,976,858 (-60%). Again, the significant changes in the Top Secret and Confidential levels are the result of those for derivative classifica- tion, also discussed above. 7,289,093 6,466,567 Sec 85 Sec 86 Conf 85 Conf 86 Total 85 Total 86  For FY 1986, the breakdown of combined classification by classi- fication level is Top Secret, 12%; Secret, 60%; and Confidential, 28%. As discussed in the section on derivative classification, above, ISOO believes that these proportions probably differ from what would be revealed if an item by item breakdown were possible. All other indicators suggest that the actual percentage of Top Secret actions is between 2% and 5%, and the number of Con- fidential actions is between 30% and 40%. COMBINED CLASSIFICATION LEVEL ASSIGNMENTS COMBINED CLASSIFICATION ACTIVITY BY AGENCY FY 1985 - 1986 In Millions The overall decrease in combined classification activity reported for FY 1986 reflects the significant decreases reported by the classification arena's two largest players, DOD and CIA. The CIA reported decreases in both original and derivative actions. DOD's large decrease in derivative actions dwarfed its reported increase in original actions. The significant decreases in classification activity at DOD and CIA more than offset the large increase in reported actions by Justice, and the modest increase reported by State.  As has been true in all other ISOO reporting periods, four agencies account for over 99% of COMBINED CLASSIFICATION ACTIVITY the combined classification MAJOR AGENCIES activity in FY 1986: DOD, 68%; CIA, 24%; Justice, 5%; and State, FY 1986 2%. Of the 10,769,648 reported all other classification decisions , agencies reported that they made DOD 68% All Others 1 % S 1 i I MADE A MISTAKE cLA5;IFy = IT WAS A ON 1HIS OEPbRTit , FpETTy go SIR , 'SEzEf CZt 2F THEN CLASSIFY IT 1ToP SFC125T CROCK by Bill Rechin and Don Wilder Copyright by and permission of North America Syndicate, 1987  Mandatory Review Remains Strong (Exhibits 16 through 21) Under E.O. 12356, the mandatory review process allows agencies or citizens to require an agency to review specified national security information for purposes of seeking its declassification. These requests must be in writing and must describe the informa- tion with sufficient detail to permit the agency to retrieve it with a reasonable amount of effort. Mandatory review remains popular with some researchers as a less contentious alternative to Freedom of Information Act requests. It is also used to seek the declassification of presidential papers or records, which are not subject to the Freedom of Infor- mation Act. The number of mandatory review requests received in FY 1986 increased by 44, to 4,081. Agencies experiencing large increases include ACDA, CIA, and NSC. When the 1,946 cases MANDATORY REVIEW REQUESTS RECEIVED 4,192 3,945 4,037 4,081 2,246 carried forward from the prior of 5,560, during FY 1985. In year are added to the new cases FY 1986, agencies acted on 3,991 received, agencies had a total cases, 10% more than in FY 1985. caseload of 6,027, during FY 1986. This compares to a caseload Since FY 1983, ISOO has collected data on agency actions in response to mandatory review Exhibit 17 requests in terms of cases, documents, and pages. The FY 1983 - 1986 In Thousands Granted in Full PAGES PROCESSED Granted in Part Denied in Full 3,991 cases processed durng FY 1986 comprised 57,674 documents totaling 176,563 pages. The number of pages processed under mandatory review was 153,382 fewer than in FY 1985.  Of the 3,991 cases completed in FY 1986, 1,952 were granted in full, 1,582 were granted in part, and 457 were denied in full. These totals are consistent with the favorable results in prior MANDATORY REVIEW ACTION TAKEN Exhibit 18 years. Of the 57,674 documents acted FY 1986 on in FY 1986, 49,056 were granted in full, 6,188 were granted in part, and 2,430 were denied in full. As a percentage of the total, agencies granted in full 85% of 40% the documents, granted in part 11% --( 4% 11%, and denied in full 4%. Although the percentage of docu- ments declassified in whole or in part (96%) is down slightly from FY 1985, its magnitude empha- sizes the continued vitality of the Of the 176,563 pages processed, 119,504 (67%) were granted in full, 39,911 (23%) were granted in part, and 17,148 (10%) were denied in full. Again, FY 1985, mandatory review although the percentage of pages remains a highly successful declassified in whole or in part mechanism for the declassifica- (90%) is down slightly from tion of information. MANDATORY REVIEW ACTIONS BY AGENCY Total Cases We Granted % Granted Agency Acted On in Full in Part The sharp decline in the number of pages reviewed in FY 1986 is attributable to a reduced Exhibit 19 workload at DOD. During the year, it received 114 fewer cases (-15%), and acted on 214,645 fewer pages than in FY 1985. We Denied Additionally, several requests in in Full FY 1985 involved a large quantity State 1152 45 45 10 NSC 747 37 58 5 DOD 628 59 22 18 NARA 527 50 35 15 Justice 409 90 7 3 CIA 333 17 58 25 All Others 195 52 43 5 of cables, which are generally easier to review and declassify than the more substantive classi- fied reports and memoranda. ISOO commends the several agencies that processed consid- erably more pages in FY 1986, than in FY 1985. These include NARA (+43,406), NSC (+5,966), and State (+9,173).  Requesters may also appeal mandatory review denials to officials of the denying agencies, or, with respect to classified presidential materials, to the ISOO Director. During FY 1986, agencies received 497 new appeals, 215 (+76%) more than in FY 1985. When these are added to the 539 carried over from the previous year, agencies had an appeals' caseload of 1,036. Of these, agencies completed 575 in FY 1986. This represents a 10% improvement over FY 1985, and a 30% improvement over FY 1984. As in FY 1985, Justice was the agency primarily responsible for the improved figure in FY 1986. MANDATORY REVIEW APPEALS PAGES PROCESSED FY 1983 - 1986 In Thousands MANDATORY REVIEW APPEALS WORKLOAD IN PAGES FY 1986 ? Granted in Full 3% Of the 575 appeals completed, 177 (31 %) were granted in full, 334 (58%) were granted in part, Exhibit 21 and 64 (11 %) were denied in full. These appeals totaled 11,166 documents and 47,995 pages. Of the documents reviewed on appeal, 3,294 (29%) were released in full, 7,663 (69%) were released in part, and only 209 (2%) were denied in full. Of the 47,995 pages reviewed, 11,429 (24%) were declassified in full, 35,100 (73%) were declassified in part, and only 1,466 (3%) remained fully classified. These impressive numbers suggest that researchers can anticipate even greater returns in declassified information if they pursue the mandatory review appeal process.  Systematic Review Results Encouraging (Exhibits 22 through 24) "Systematic review for declassification" is the program, first introduced in 1972, in which classified, permanently valuable (archival) records are reviewed for purposes of declassification after the records reach a specific age. Under E.O. 12356, NARA is required to conduct a systematic review of its classified holdings as they become 30 years old, except for certain intelligence or cryptologic file series, which are to be reviewed as they become 50 years old. While other agencies are not required to conduct a systematic review program, ISOO encourages them to do so if resources are available. SYSTEMATIC REVIEW FOR DECLASSIFICATION PAGES REVIEWED FY 1973 - 1986 In Millions SYSTEMATIC REVIEW FOR DECLASSIFICATION PERCENTAGE OF PAGES DECLASSIFIED ISOO is pleased to report that during FY 1986, the product of the systematic review program showed its first significant Exhibit 23 increase in recent years. During FY 1986, agencies reviewed 164 million pages, up almost 6 million pages (+57%), from FY 1985. Of the pages reviewed, 87% were declassified, a significant increase from the 78% rate reported for FY 1985. As a result of the greater number of pages reviewed and the improved declassification percentage rate, 14.3 million pages were declassi- fied under the systematic review program in FY 1986, over 6 million more than in FY 1985, a 76% increase.  SYSTEMATIC REVIEW FOR DECLASSIFICATION ACTIONS BY AGENCY Agency Pages Reviewed NARA 7,461,550 7,123,364 95 DOD 6,875,907 5,708,603 83 AID 1,859,167 1,347,327 72 State 39,955 34,586 87 DOT 36,100 6,130 17 Justice 6,576 1,266 19 All Others 93,780 50,992 54 Almost all of the increase in systematic review is due to the figures reported by NARA. In FY 1986, it reviewed 7.5 million pages, an increase of 4.3 million (+137%), from FY 1985. The dramatic change is the result of several projects undertaken by NARA during FY 1986. These included efforts at the regional archives in Los Angeles, San Francisco, Fort Worth, and Atlanta; coordination of the review of the Office of Strategic Services (OSS) operational files; and continuation of the review by NARA, on an interagency agree- ment basis, of particular State and AID records. Both the regional records and the OSS operational files are of World War II vintage and generally are much easier to review than post- war records. This is due primarily to the age of the documents, and the availability of specific declas- sification guidelines provided by the major agencies. In addition, in the case of the OSS operational files, the records were first reviewed by the CIA over the course of the preceding years, with NARA's responsibilities limited to examining the docu- ments for the interests of foreign governments and other agencies. While ISOO is encouraged by the figures reported by NARA for FY 1986, they are, unfortunately, unlikely to signal a trend. Over 2 million pages of the records reviewed in FY 1986 were suscep- tible to bulk declassification methods that are not viable for most postwar records in NARA's custody. In order to maintain the increases achieved during FY 1986, NARA will have to commit additional resources to its systematic review program. Other agencies showing increased systematic review activity during FY 1986 include DOD (+1 %), AID (+427%), NASA (+294%), NSC (+100%), and DOT (+81 %). ISOO applauds the efforts of these agencies since they are not required to conduct systematic review programs. It urges their continuation.  Agency Self-Inspections Decline Marginally (Exhibits 25 and 26) Executive Order 12356 mandates that agency heads establish and maintain "an active oversight and security education program." In this regard, the agencies report to ISOO the number of self- inspections and the number and type of infractions found during the year. Infractions are minor violations of the order, the imple- menting ISOO Directive, or agency regulations. These statis- tics do not include the more serious security violations that agencies must report to ISOO as they occur. For FY 1986, agencies reported that they had conducted 27,361 self-inspections. This is a 3% decrease from FY 1985, and approximates the total registered for FY 1984. Despite the overall decrease, some agencies reported significantly higher numbers of self-inspections and merit special commendation. These include CIA (+62%), Infraction Total FY 83 Total FY 85 Total FY 86 Unauthorized Access 620 440 560 Mismarking 10,849 6,642 5,177 Unauthorized Transmission 1,294 1,688 1,969 Improper Storage 3,844 5,089 4,850 Unauthorized Reproduction 249 143 107 Overclassification 220 164 157 Underclassification 317 265 250 Classification w/o Authority 238 109 185 Improper Destruction 581 322 346 Other 132 292 211 DOE (+32%), and DOT (+86%). ISOO continues to be concerned not only with the quantity of self-inspections that the agencies undertake, but also with their quality. This concern results from the fact that during the self-inspections conducted in FY 1986, agencies found 1,342 fewer infractions than in FY 1985. The total of 13,812 infractions is FY 1985 FY 1986 9% less than the figure reported for the previous year. The average number of infractions discovered per inspection also fell, from .54 in FY 1985, to.50 in FY 1986. The figures reported for FY 1986 again call into question the thoroughness of agency self- inspections. From ISOO's experi- ence, thorough inspections, even in organizations with outstanding information security programs, disclose a far greater number of infractions than those routinely reported by the agencies. See, for example, the results of ISOO's special document reviews con- ducted during FY 1986, Appendix A, p. 28. ISOO strongly suspects that a major reason for the absence of reported infractions is the failure by most agencies to examine periodically a sampling of its classified product. ISOO urges a heightened effort by the agencies to increase both the number and quality of the self- inspections they are conducting. Only in this manner will the agencies themselves be able to evaluate employee compliance with the Order's provisions, and provide the basis for revising their security training programs.  Appendix A Findings of Special ISOO Reviews of Classified Documents Background One of ISOO's major functions is to consider and respond to complaints and suggestions from within and outside the executive branch concerning the adminis- tration of the information security system. Understandably, many complaints, whether directed to ISOO or not, concern the quality of the classified product. Not infrequently, executive branch officials, members of Congress, journalists, researchers or others express their dissent concerning the classification or marking of national security information. Most often, this dissent involves the allegation that information that is classified should not be classified, the circumstance that is popularly referred to as "over- classification." Examining the classified product, therefore, is an essential element of an effective oversight program. In addition to its ad hoc consideration of specific com- plaints, ISOO routinely examines a small sample of an agency's classified product during its program reviews or inspections. Further, the agencies themselves, which are responsible for the predominant oversight of their information security programs, should include reviews of their classified product within their internal monitorship. However, because ISOO's small size limits the scope of its document reviews during its routine inspections, and because ISOO has found that agency self- inspections too often do not include an examination of the classified product, ISOO has sought alternative means to answer the question, "How good or how bad is the classified product that is being created?" During FY 1986, ISOO conducted the first group of what it hopes will be a series of special document reviews. The underly- ing purpose of these reviews is to provide an additional means to determine the extent of compli- ance with the classification princi- ples and marking procedures out- lined in Executive Order 12356, implementing ISOO directives and agency regulations. In this first group of special document reviews, IS00 analysts examined a sample of 3,025 documents generated by selected units of twelve of the most signifi- cant players in the classification arena: Air Force, Army, CIA, DIA, DOE, OJCS, Justice, NSA, Navy, OSD, State and Treasury. ISOO does not purport that these documents comprise a fully representative sample of the universal classified product; indeed, ISOO is uncertain whether it is even possible to construct a sample that is fully representative. To be sure, ISOO is aware of several features of its sample that may skew its findings somewhat: (a) most of the documents were created within headquarters units, rather than within field units; (b) intelligence and policy- making units were more than proportionally represented, while operational units were less than proportionally represented; and ISOO SPECIAL DOCUMENT REVIEWS THE SAMPLE: BY DOCUMENT TYPE/ CLASSIFICATION LEVEL  (c) almost all of the documents examined were created recently, and were maintained in active files. Despite or even because of these features, ISOO is convinced that the results provide valid indicators of the state of the classified product that has been created in recent years and will be created in the next few years. Because the sample contained large numbers of recent, relatively high level headquarters docu- ments, it can be reasonably assumed that they and docu- ments like them will influence significantly the contemporary classified product, especially the derivative product. Also, the results, when broken down by agency, parallel the findings of ISOO's program reviews. Two other factors merit consid- eration. First, the ISOO reviewers, who have all served as ISOO analysts for at least three years, were placed in three teams. Each team reviewed the documents of four of the twelve agencies. All the reviewers met before, during, and after the reviews to seek as much consistency as possible in their methodology and analysis. Nevertheless, as would be true in any situation that involves individ- ual judgment, it was clear that each team took a slightly different approach toward its reviews and analyses. Second, ISOO has cumulated its findings for this report in order to present a clearer picture of the classified product as a whole. When broken down by agency, however, the variation in results was often quite extensive. For example, a few agencies accounted for a significantly dis- proportionate share of the dis- crepancies described below, while the classified product of a few others revealed remarkably few discrepancies. Again, these findings very much parallel those of ISOO's program reviews. The data collected from the sample fall into two broad cate- gories: (1) information about the classification of each document, and (2) discrepancies in classifi- cation or marking noted by the analysts. The first category included information about the generic type of document; the classification level; the basis for or source of the classification; and the assigned duration of clas- sification. In identifying the discrepancies, the analysts worked with the following definitions: "Overclassification" -(a) Clear- cut: The information in the docu- ment does not meet the standards necessary for classifi- cation; (b) Questionable: While the question of meeting classifi- cation standards is arguable, classification does not appear to be necessary to protect our national security; (c) Partial: A portion(s) of the document appears to be unnecessarily clas- sified, although the overall clas- sification of the document is correct. "Overgraded" - All or some of the information in the document appears to be classified at a higher level than justified. "Undergraded" - All or some of the information in the document appears to be classified at a lower level than necessary. "Declassification" -The docu- ment appears to have improper declassification instructions or no declassification instructions at all. "Duration" - The duration of classification is marked "OADR;' when a specific date or event for declassification appears feasible. "Original/Derivative" -The document is marked and treated as an original classification action although the classified informa- tion appears to be derived from a guide or other source(s). "Marking" -The document appears to have improper classifi- cation markings or lacks required markings, including instances in which the document fails to cite or cites improperly the classifica- tion source. This does not include marking errors more specifically included under another discrep- ancy category. "Portion Marking" -The docu- ment appears to lack required portion markings. "Multiple Sources" -The official file copy of the document cites "multiple sources" as the basis for classification, but does not list these sources. Findings Types of Documents Reviewed: Of the 3,025 documents reviewed by ISOO, 1,328 (43.9%) were memoranda or letters; 748 (24.7%) were cables or messages; and 949 (31.4%) were some other type of document, predominantly reports. There is no statistical significance to the breakdown other than ISOO's efforts to examine sufficient numbers of each type of document that might be classified. In terms of the levels of classification within each type, however, there were several significant variations. A document in the "other" category, i.e., a report, was 1.6 times as likely to be classified Top Secret than a document generally, while a cable or message was 1.6 times as likely to be classified Confi- dential. This disproportionate representation of cables or mes-  sages is quite significant to ISOO's reports in prior years con- cerning the proportions of Top Secret, Secret and Confidential actions. In those years the DOD's sampling system was based on message or cable traffic exclu- sively, the totals for which were then extrapolated to include other types of documents. Because cable or message traffic appears to be classified at the Confi- dential level disproportionately to the classification level of other types of documents, and because DOD accounts for such a signifi- cant portion of classification actions, it now appears that ISOO, based on the data avail- able, reported overstated per- centages of Confidential actions, understated percentages of Secret actions, and slightly understated percentages of Top Secret actions for the years 1979-1984. Only when DOD altered its sampling system in FY 1985, did ISOO receive data that are not skewed by the dispro- portion in classification levels represented by cable or message traffic. Classification Levels: Of the 3,025 documents reviewed, 208 (6.9%) were classified Top Secret; 1,912 (63.2%) were classified Secret; and 905 (29.9%) were classified Confi- dential. These proportions resemble the distribution (TS: 12.3%; S: 60.0%; C: 27.6%) of all the classification actions reported to ISOO by the agencies for FY 1986 (see p. 20, supra). Based on all the data available to ISOO, it would appear that three out of five contemporary classification actions are at the Secret level, and that this ratio is gradually increasing. The increasing rate of Secret classification assignments suggests that some classifiers feel more secure in choosing the "middle ground" for assigning a classification level, because they lack confidence in the Confi- dential level. ISOO SPECIAL DOCUMENT REVIEWS CLASSIFICATION LEVELS  Classification Basis or Source: Of the 3,025 documents, the review- ers determined that 575 (19%) were original classification actions; 996 (32.9%) were deriva- tively classified based on a classi- fication guide; 673 (22.3%) were derivatively classified based on multiple sources; and 133 (4.4%) were derivatively classified based on a single source. The reviewers could not determine the basis for or source of the classification for 648 (214%) of the documents. Most of these were cables or messages, and electronically transmitted information is not required to include the classifi- cation source. Therefore, ISOO cites the absence of a classifica- tion source as a marking discrep- ancy, below, only when it pertains to a document other than an elec- tronically transmitted cable or message. ISOO SPECIAL DOCUMENT REVIEWS BASIS FOR CLASSIFICATION DECISIONS Exhibit 29 Of the 2,377 documents for which the reviewers could deter- /SOO SPECIAL DOCUMENT REVIEWS mine the classification basis or ORIGINAL/DERIVATIVE CLASSIFICATION Exhibit 30 source, ce, 575 (24.2%) were 75.8%i- were classified derivatively. There is a significantly higher percent- Original Derivative age of original decisions in this sample compared to the distribu- tion (original: 11.3%; derivative: 88.7%) reported to ISOO by the agencies for all classification actions in FY 1986. ISOO attributes this difference to the fact that its reviewers concentrated on head- quarters, policy-making units, which are more likely to originate classified information than field or Sanitized Copy Approved for Release 2011/10/14 : CIA-RDP89GO0643RO01100020015-7  ISOO SPECIAL DOCUMENT REVIEWS DURATION OF CLASSIFICATION Exhibit 31 Duration of Classification: Of the 3,025 documents, 2,769 (91.5%) were marked with the indefinite instruction for the duration of classification, "Originating Agency's Determination Required" ("OADR"). Only 82 (2.7%) were marked with an assigned date or event for declassification. Additionally, 174 (5.8%) contained no declassifica- tion instruction at all, and are included in the "declassification" discrepancy, below. As is the case with documents marked "OADR:' when no declassification instruc- tion appears on a document, the originating agency must review it before it may be declassified. Of the 2,769 documents marked "OADR:' the ISOO reviewers identified 54 (1.8%) that they believed should have been marked for declassification at a specific date or event, and these are shown in the "duration" dis- crepancy below. The percentage of documents in ISOO's sample with an indefinite duration of clas- sification exceeds the percentage reported to ISOO by the agencies in FY 1986 (see p. 15, supra). ISOO accounts for this difference by the overrepresentation of intel- ligence documents in its sample. Classified information that per- tains to intelligence activities, sources or methods is seldom marked for declassification on a specific date or event.  Discrepancies: In reviewing the 3,025 documents, ISOO's ana- lysts noted a total of 1,090 discre- pancies. As described below, most of these discrepancies were relatively minor technical deficien- cies. A number of documents had more than one discrepancy, some as many as three or four, so that the actual number of documents that contained no discrepancies whatsoever was 2,145 (71 %). Given the detail of ISOO's scru- tiny, the number of documents with no discrepancies is note- worthy, especially for the several agencies in which the vast major- ity of documents achieved this status. Of the 3,025 documents, ISOO's analysts identified 52 (1.7%) that they believed clearly should not have been classified; 75 (2.5%) that they believed were unnecessarily classified although there was an arguable basis for classification; and 15 (.5%) that contained classified portions that the analysts believed should not have been classified, although the overall classification of the docu- improper declassification instruc- ments was correct. The total of tions or no declassification only 142 documents (4.7%) that instructions at all ("declassifica- ISOO's analysts identified as over- tion"); 54 documents (1.8%) that classified is quite commendable, were marked "OADR;' but which and reflects well on the validity of should have expressed a specific the classification system gener- date or event for declassification ally. No doubt the fact that most ("duration"); 158 documents of the documents were of recent (5.2%) that indicated that they vintage impacted favorably on were original classification these results. The national secu- actions although the classified rity sensitivity of information ordi- information had clearly been narily decreases over time. From derived from another source ISOO's experience, most ("original/derivative"); 195 docu- instances of overclassification ments (6.5%) that contained occur in that large body of classi- some type of marking error not fied information that is maintained included in one of the other dis- over the years without being sub- crepancy categories, including jected to prior public access the failure to cite a required demands or some other means of source of classification ("mark- initiating a declassification review. ing"); 175 documents (5.8%) that With respect to the other dis- lacked required portion markings crepancies, ISOO's analysts iden- ("portion marking"); and 182 doc- tified eight documents (.3%) that uments (6%) that were deriva- they believed were classified at tively classified on the basis of too high a level ("overgraded"); multiple sources, but which failed two documents (.1 %) that they to list these sources with the file believed were classified at too low or record copy of the document a level(" undergraded"); 174 docu- ("multiple sources"). ments (5.8%) that contained ISOO SPECIAL DOCUMENT REVIEWS DISCREPANCIES Clear-cut Questionable Partial Over- Overclas Clas Overclas graded  nA Sanitized Copy Approved for Release 2011/10/14 : CIA-RDP89G00643R001100020015-7 (a) The results of this exercise suggest that the overclassifica- tion of information is not as serious a problem as some popu- lar media report. Nevertheless, because each publicized instance of overclassification damages the credibility of the information security system far beyond its quantitative significance, over- classification will always be a problem that merits concern and diligent oversight. (b) The variation in perform- ance among the agencies very closely parallels ISOO's experi- ence in its ongoing monitorship program. Further, it confirms one of ISOO's constant themes: An agency's commitment to a strong information security program, pri- marily in terms of its security edu- cation and internal monitorship programs, results in a classified product that clearly reflects this commitment. The absence of a strong commitment results in a considerably poorer classified product. (c) Too many classified docu- ments contain relatively minor dis- crepancies in marking procedures or classification principles. With a modest investment in improved security education and internal monitorship, agencies could elimi- nate almost all these technical deficiencies. (d) Agencies would clearly ben- efit from an internal monitorship program that includes regular examination by appropriate offi- cials of a sample of the classified product. (e) ISOO's first group of special document reviews provides evi- dence of a classification system that is generally performing well. It answers the question, "How good or how bad is the classified product that is being created?", with a "Pretty good, but with a lit- tle bit of extra effort, it could be very good!"  Appendix B - Classified Information Nondisclosure Agreement FY 1986 Full Implementation Full In Some Agency Implementation Components Paragraph 1(a) of National Security Decision Directive 84, "Safeguard- ing National Security Information," of March 11, 1983, directed ISOO to issue a standardized nondisclosure agreement to be executed as a condition of access to classified information. In September 1983, ISOO issued the Standard Form 189, "Classified Information Nondisclosure Agreement," and directed agencies to work toward complete implemen- tation as quickly as possible. The chart below provides an agency by agency breakdown of progress to date. implementation for New Agency-wide Employees anchor No Implementation Reinvestigations Planning Apparent In Progress Only implementation implementation VA Received waiver from NSC to use a substitute form that fully complies with NSDD 84 Sanitized Copy Approved for Release 2011/10/14 : CIA-RDP89G00643R001100020015-7  Appendix C ISOO Standard Forms Program Executive Order 12356 broad- ened ISOO's authority to include the issuance of standardized forms relating to the protection of national security information. ISOO has since issued fourteen standard forms for use by execu- tive branch agencies that gener- ate or handle national security information. Each has been designed, in conjunction with the affected agencies, to enhance safeguarding procedures while seeking to reduce the costs asso- ciated with competitive or dupli- cative forms. Use of these standard forms is mandatory, unless an agency has received a waiver to use an alter- native form based upon special security or cost requirements. Supplies of these standard forms are available through regular pro- curement channels. Below are a facsimile and brief description of each of the forms ISOO has issued to date. SECURITY CONTAINER CHECK SHEET ER CHECK SHEET TO FIU ?n FRON -- na .....o .,row..,, r--- -1- 7 -~ j SF 702, Security Container Check Sheet The SF 702 records openings, closings, and end-of-the-day checks of containers that store national security information. SF 701, Activity Security Check List The SF 701 is a check sheet used in the conduct of end-of-the-day security inspections of work areas in which classified informa- tion is handled or stored.  SF 189, Classified Information Nondisclosure Agreement SF 189-A, Classified Information Nondisclosure Agreement, (Industrial/Commercial /Non- Government) The SF 189 and SF 189-A are nondisclosure agreements between the United States and an individual. An individual must ex- ecute either the SF 189 or the SF 189-A, as appropriate, before the Government may authorize that individual access to classified information. SF 700, Security Container Information The SF 700 contains (1) informa- tion on agency employees who are to be contacted if the security container to which the form per- tains is found open and unat- tended, and (2) a current record of the security container's com- bination, classified at the level of the most sensitive information stored in the container. CLPSIFIEO INFORMATION NONDISCLOSURE AGREEMENT sTRIRLICOMMERCIPLMOXdOVFRNMEHTI m1 m;ro11-tt aptae~q?~ iw,ror, small o, I.~e~~. m.'f,-G- moa W ITNESS AND ACCEPTANCE  SF 703, Top Secret Cover Sheet SF 704, Secret Cover Sheet SF 705, Confidential Cover Sheet These cover sheets serve as shields to protect Top Secret, Secret, or Confidential informa- tion, respectively, from inadver- tent disclosure and to alert observers that such information is attached. SF 711, Data Descriptor Label This label is used to record addi- tional safeguarding controls that pertain to classified information that is stored on ADP storage media or other non-paper media. SF 706, Top Secret Label SF 707, Secret Label SF 708, Confidential Label These labels serve the same purposes as the cover sheets, except that they are placed on automatic data processing media, other non-paper media, and equipment for which cover sheets are inappropriate. SF 709, Classified Label This label is used to identify and protect ADP storage media and other media that contain classi- fied information pending a deter- mination by the original classifier of the specific classification level of the information. QASSIRED SF 710, Unclassified Label In a mixed environment in which both classified and unclassified information are being processed or stored, this label is used to identify ADP storage media and other media that contain un- classified information.  Sanitized Copy Approved for Release 2011/10/14: CIA-RDP89GO0643RO01100020015-7 Appendix D Information Security Briefing In its continuing efforts to assist agencies in the presentation of effective security training, ISOO has just completed production of an updated and improved version AWd of its very successful information 4 Security Briefing series on Execu- tive Order 12356. This colorful and informative audiovisual briefing is divided into three modules: (1) An overview of the information security system established under the Order; (2) a detailed treatment of proper marking practices and pro- cedures; and (3) highlights of the basic safeguarding requirements. The presentation is designed so that each module can be shown separately or as one unit. The briefing is unclassified, and is available at very reasonable cost in both slide/tape and video cas- sette formats. The briefing is non- agency specific, and has been designed for effective use by both military and civilian agencies and their contractors. For further information, contact ISOO at (202) 535-7255. Sanitized Copy Approved for Release 2011/10/14: CIA-RDP89GO0643RO01100020015-7  Sanitized Copy Approved for Release 2011/10/14: CIA-RDP89GO0643RO01100020015-7 Information Security Oversight Office Washington, D.C. 20405 Sanitized Copy Approved for Release 2011/10/14: CIA-RDP89GO0643RO01100020015-7