From Secrecy News...
December 12, 2011
Secrecy News Blog: http://www.fas.org/blog/secrecy/
** CHARTER OF OPEN SOURCE ORG IS CLASSIFIED, CIA SAYS
** A SURVEY OF FEDERAL LAWS RELATED TO CYBERSECURITY
CHARTER OF OPEN SOURCE ORG IS CLASSIFIED, CIA SAYS
Open Source Works, which is the CIA's in-house open source analysis component, is devoted to intelligence analysis of unclassified, open source information. Oddly, however, the directive that established Open Source Works is classified, as is the charter of the organization. In fact, CIA says the very existence of any such records is a classified fact.
"The CIA can neither confirm nor deny the existence or nonexistence of records responsive to your request," wrote Susan Viscuso, CIA Information and Privacy Coordinator, in a November 29 response to a Freedom of Information Act request from Jeffrey Richelson of the National Security Archive for the Open Source Works directive and charter.
"The fact of the existence or nonexistence of requested records is currently and properly classified and is intelligence sources and methods information that is protected from disclosure," Dr. Viscuso wrote.
This is a surprising development since Open Source Works -- by definition -- does not engage in clandestine collection of intelligence. Rather, it performs analysis based on unclassified, open source materials.
Thus, according to a November 2010 CIA report, Open Source Works "was charged by the [CIA] Director for Intelligence with drawing on language-trained analysts to mine open-source information for new or alternative insights on intelligence issues. Open Source Works' products, based only on open source information, do not represent the coordinated views of the Central Intelligence Agency."
As such, there is no basis for treating Open Source Works as a covert, unacknowledged intelligence organization. It isn't one.
(Even if Open Source Works were engaged in classified intelligence analysis, the idea that its charter must necessarily be classified is a non-sequitur. Illustrating the contrary proposition, the Department of Defense last week issued a new Instruction on "Geospatial Intelligence (GEOINT)," setting forth the policies governing that largely classified intelligence domain.)
Beyond that, it is an interesting question "why the CIA felt the need to establish such a unit given the existence of the DNI Open Source Center," said Dr. Richelson. The Open Source Center, the successor to the Foreign Broadcast Information Service, is the U.S. Government's principal open source agency. It is, naturally, a publicly acknowledged organization.
"An even more interesting question," he added, is "why would the CIA, whose DI [Directorate of Intelligence] organization structure is published on its website, feel it necessary to refuse to confirm or deny the existence of this new open source component?"
The CIA's extreme approach to classification policy is timely in one sense: It provides a convenient benchmark for evaluating current progress in combating overclassification.
If the charter of CIA's Open Source Works remains classified six months from now, when the Obama Administration's Fundamental Classification Guidance Review will have completed its first cycle, that will be a decisive indication that the Review failed to eliminate even the most blatant examples of overclassification.
A SURVEY OF FEDERAL LAWS RELATED TO CYBERSECURITY
There are more than 50 federal statutes that pertain to some aspect of cybersecurity, according to the Congressional Research Service. Those statutes, and the potential impact on them of several pending legislative proposals, are described in a new CRS report. See "Federal Laws Relating to Cybersecurity: Discussion of Proposed Revisions," December 7, 2011.
Secrecy News is written by Steven Aftergood and published by the Federation of American Scientists.