Vol. III, No. 3
An Overview of Executive Order 12356
By Gerald A. Schroeder
The new National Security Information Executive Order issued by President Reagan on April 2, E.O. 12356, includes a number of changes to Executive Order 12065, which it replaces, based on litigative and administrative experience under that predecessor order. These changes are designed to enhance the executive branch's ability to protect national security information from unauthorized or premature disclosure without increasing the quantity of classified information. The new order, 47 Fed. Reg. 14874 (April 6, 1982), becomes effective August 1.
ln order for information to be classified under the new order, three requirements must be met. First, the individual classifying the document must be authorized to do so. Second, the information must fall within one or more specified categories of information. Third, the classifying official must determine that unauthorized disclosure of the information could reasonably be expected to cause damage to the national security. While these general requirements were present in the previous order, two changes have been made to improve the Government's ability to protect sensitive information.
First, the threshold standard for classification of information as "confidential" has been modified from "identifiable damage" to "damage." This was the standard used under Executive Order 11652, the predecessor to E.O. 12065. The reason for this change is to eliminate uncertainty regarding the intent of the term "identifiable." This language of the 1978 order was intended to remind classifiers that they should perform a conscious analysis of the damage to the national security that would flow from unauthorized disclosure. However, some litigants have contended that this language requires that the damage be of a particular type or degree in order to justify classification. In one lawsuit, for example, the plaintiff argued that disclosure of information identifying certain intelligence sources would not result in "identifiable" damage because the expected harm to these sources was merely speculative. No such application of the "identifiable damage" concept was intended, and yet each such assertion in court required a full explanation and response, thereby increasing the increasing the Government's litigative burden. This unintended burden will be eliminated by the new order.
The second change to the requirements for classification is the addition of several subject matter categories of information (e.g., "cryptology" and "the vulnerabilities or capabilities of systems, installations, projects or plans relating to the national security") to the list of types of information that may be considered for classification. These additions, however, merely codify and clarify existing practice under the previous order and do not authorize classification of information that does not also meet other requirements.
Another departure from E.O. 12065 is the elimination of the so-called "balancing test." This test required that in deciding whether to declassify and release information otherwise meeting the requirements of the order, special consideration be given to whether the "public interest" in disclosure should be balanced against the damage to national security that could be expected to flow from disclosure. Both the new order and the President's statement that accompanied it recognize that it is essential for American citizens to be informed about their Government's activities. They also recognize, however, the nation's critical need to protect certain sensitive information when disclosure would harm the security of all Americans.
While the "balancing test" may be a laudable principle, including an explicit requirement in the executive order only invited others to substitute their judgment for that of executive branch officials possessed with the expertise and experience to exercise this responsibility. That invitation significantly complicated the task of protecting legitimately classified information in court and added no countervailing benefit to the public because no court has ever ordered information released under the balancing test.
The new order also removes the limits on the duration of classification. E.O. 12065 mandated that each original classification decision include a date or event for automatic declassification no more than six years later. Certain specified individuals could extend the declassification date or event or establish a date for declassification review beyond six years, but generally no more than 20 years after original classification. After 20 years, only an agency head could extend classification and then only in 10-year increments. This system and prior systems linking classification to arbitrary in time frames did not significantly accelerate the declassification process but did increase the risk of premature disclosure of information that merited continued protection.
The new order allows classifiers to continue to establish specific dates or events for declassification where that is appropriate. Generally, however, it ties the duration of classification to the continued national security sensitivity of the information. Of course, declassification reviews will continue to be required whenever information is requested by any citizen under the mandatory review provisions of the order or the Freedom of Information Act and, generally, will also occur through a systematic review after 30 years.
Another change made by the new order is the addition of a requirement that, in cases of doubt as to classifiability or the proper level of classification, the information be considered classified or classified at the higher level pending a final determination within 30 days by an original classification authority.
This requirement is a partial reversal of a provision in E.O. 12065 resolving cases of reasonable doubt against classification or against classification at the higher level, and has been widely reported in the news media to be a presumption of classification, which it is not. E.O. 12356 provides only that in cases of reasonable doubt the information should be protected until that doubt can be resolved. The director of the Information Security Oversight Office (ISOO) has explained its meaning as "when in doubt, find out." Since damage to national security from an erroneous disclosure is irreversible and application of this provision would merely delay for a short time the release of any information later determined not to warrant classification, this approach is a responsible one.
The new order also eliminates the prohibition against the reclassification of information previously declassified and released by providing that such information can be reclassified if it "may reasonably be recovered." This provision permits the Government to attempt to correct erroneous disclosures, but only where the information can be recovered from the person or persons to whom it was disclosed. Obviously, that would be impossible in the case of an erroneous disclosure to the general public. But when, for example, an erroneous release is made to a single FOIA requester, this new provision provides the Government with needed flexibility that it did not have under the previous order. This new authority, however, may only be exercised by the President and agency heads and officials designated by the President as original classification authorities. Such determinations must also be reported to the Information Security Oversight Office, which continues to have Government-wide oversight of the information security program under the new order.
One other major change to E.O. 12065 broadens the scope of the presumption that disclosure of certain types of information will cause damage to the national security. In addition to foreign government information and the identity of a confidential foreign source, unauthorized disclosure of intelligence sources and methods is also now presumed to cause damage to the national security. Expansion of the information covered by the presumption should aid litigators defending Freedom of Information Act suits involving this information.
It is also noteworthy that the term "confidential source" is now defined in the executive order, thus making clear that the identities of human sources who provide national security information to agencies outside the intelligence community should be protected through classification.
Executive Order 12356 also contains a number of less significant changes to the predecessor order. These changes include: (1) modification of the procedure for classifying information that has been requested under the FOIA and should have been classified previously -- a determination by the agency head or deputy agency head is no longer necessary; (2) inclusion of specific authority, already recognized by the courts, to refuse to confirm or deny the existence of records in response to an access request if the fact of existence or non-existence is itself classifiable; (3) specific recognition that disclosure of information may result in damage to the national security either by itself or in the context of other information (the "mosaic" theory of classification); and (4) establishment of a more cost-effective program for systematic review of permanently valuable classified records.
The new order retains existing prohibitions against using classification to conceal violations of law, inefficiency or administrative error, or to prevent embarrassment, or delay the release of' information that does not require protection in the interest of national security. In addition, the prohibition on classification of basic scientific research information not clearly related to the national security continues as under E.O. 12065. Finally, all information to be classified must be owned by, produced by or for, or under the control of the United States Government.
As noted earlier, all of these changes are designed to better enable the Government to protect truly sensitive national security information--in court and otherwise--and to reduce unnecessary administrative burdens without permitting excessive classification. Steven Garfinkel, director of the General Services Administration's Information Security Oversight Office and the person responsible for monitoring compliance with the new order, says that the new order "keeps the lid on" the most important factors influencing the extent of classification:
"In fact, our oversight experience shows that over the past decade the number of decisions to classify information is relatively constant. The most important variable is not the particular information security system in place, but rather the status of world affairs. For example, under the 1978 order that is being replaced, classification activity increased approximately ten percent between FY '79 and FY '80, largely because of the Iranian hostage crisis. Of the systemic variables that do affect the number of classification decisions, the most relevant are the number of persons authorized to classify information and the quality of program oversight. This order keeps the number of classifiers at its present total of approximately 7,000 persons worldwide, down 900 percent from just a decade ago, and retains the requirements for effective internal and external monitorship and training."
In conclusion, nothing in the new order is intended to permit the classification of additional material beyond that which was subject to classification under E.O. 12065.
Written by Gerald A. Schroeder, a senior attorney in the Justice Department's Office of Intelligence Policy and Review, this overview of new E.O. 12356 was prepared in coordination with the Information Security Oversight Office, which holds responsibility for its implementation.
Go to: FOIA Update Home Page