[House Hearing, 114 Congress] [From the U.S. Government Publishing Office] EXAMINING THE COSTS OF OVERCLASSIFICATION ON TRANSPARENCY AND SECURITY ======================================================================= HEARING BEFORE THE COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM HOUSE OF REPRESENTATIVES ONE HUNDRED FOURTEENTH CONGRESS SECOND SESSION __________ DECEMBER 7, 2016 __________ Serial No. 114-174 __________ Printed for the use of the Committee on Oversight and Government Reform [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Available via the World Wide Web: http://www.fdsys.gov http://www.house.gov/reform ______ U.S. GOVERNMENT PUBLISHING OFFICE 26-177 PDF WASHINGTON : 2017 ----------------------------------------------------------------------- For sale by the Superintendent of Documents, U.S. Government Publishing Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC, Washington, DC 20402-0001 COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM JASON CHAFFETZ, Utah, Chairman JOHN L. MICA, Florida ELIJAH E. CUMMINGS, Maryland, MICHAEL R. TURNER, Ohio Ranking Minority Member JOHN J. DUNCAN, Jr., Tennessee CAROLYN B. MALONEY, New York JIM JORDAN, Ohio ELEANOR HOLMES NORTON, District of TIM WALBERG, Michigan Columbia JUSTIN AMASH, Michigan WM. LACY CLAY, Missouri PAUL A. GOSAR, Arizona STEPHEN F. LYNCH, Massachusetts SCOTT DesJARLAIS, Tennessee JIM COOPER, Tennessee TREY GOWDY, South Carolina GERALD E. CONNOLLY, Virginia BLAKE FARENTHOLD, Texas TAMMY DUCKWORTH, Illinois CYNTHIA M. LUMMIS, Wyoming ROBIN L. KELLY, Illinois THOMAS MASSIE, Kentucky BRENDA L. LAWRENCE, Michigan MARK MEADOWS, North Carolina TED LIEU, California RON DeSANTIS, Florida BONNIE WATSON COLEMAN, New Jersey MICK MULVANEY, South Carolina STACEY E. PLASKETT, Virgin Islands KEN BUCK, Colorado MARK DeSAULNIER, California MARK WALKER, North Carolina BRENDAN F. BOYLE, Pennsylvania ROD BLUM, Iowa PETER WELCH, Vermont JODY B. HICE, Georgia MICHELLE LUJAN GRISHAM, New Mexico STEVE RUSSELL, Oklahoma EARL L. ``BUDDY'' CARTER, Georgia GLENN GROTHMAN, Wisconsin WILL HURD, Texas GARY J. PALMER, Alabama Jennifer Hemingway, Staff Director Andrew Dockham, General Counsel Kathy Rother, Senior Counsel Sharon Casey, Deputy Chief Clerk David Rapallo, Minority Staff Director C O N T E N T S ---------- Page Hearing held on December 7, 2016................................. 1 WITNESSES Mr. J. William Leonard, Former Director, Information Security Oversight Office Oral Statement............................................... 5 Written Statement............................................ 8 Mr. Steven Aftergood, Director, Project on Government Secrecy, Federation of American Scientists Oral Statement............................................... 47 Written Statement............................................ 49 Mr. Tom Blanton, Director, National Security Archive, The George Washington University Oral Statement............................................... 57 Written Statement............................................ 59 Mr. Scott Amey, General Counsel, Project on Government Oversight Oral Statement............................................... 69 Written Statement............................................ 71 APPENDIX 2015 Report to the President ISOO-National Archives submitted by Mr. Chaffetz can be found here: https://www.archives.gov/files/ isoo/reports/2015-annual-report.pdf EXAMINING THE COSTS OF OVERCLASSIFICATION ON TRANSPARENCY AND SECURITY ---------- Wednesday, December 7, 2016 House of Representatives, Committee on Oversight and Government Reform, Washington, D.C. The committee met, pursuant to call, at 9:00 a.m., in Room 2154, Rayburn House Office Building, Hon. Jason Chaffetz [chairman of the committee] presiding. Present: Representatives Chaffetz, Mica, Duncan, Jordan, Walberg, Amash, Farenthold, Massie, Meadows, DeSantis, Mulvaney, Buck, Walker, Hice, Russell, Carter, Grothman, Hurd, Palmer, Cummings, Maloney, Clay, Lynch, Connolly, Kelly, Lawrence, Watson Coleman, Plaskett, DeSaulnier, Welch, and Lujan Grisham. Chairman Chaffetz. Good morning. The Committee on Oversight and Government Reform will come to order. And, without objection, the chair is authorized to declare a recess at any time. We have an important hearing this morning: ``Examining the Costs of Overclassification on Transparency and Security.'' Sunlight is said to be the best disinfectant, and without knowing what our government is doing, we can't ensure it is operating efficiently and effectively. It is also important to remember that the American people pay for the Federal Government. The Federal Government works for the American people. It is not the other way around, and so it is, you would think, logical to make sure that we are as open and transparent and accessible as possible, but this is always a running battle. We always have to find the proper balance between safety and security and openness and transparency, but we can't give up all of our liberties in the name of security. And so we have this hearing today with four experts, people who have poured their time, effort, talent, their careers really, into this topic. There is a wealth of information that they are going to share with us, and that is what we are excited to hear about today. Without knowing what our government is doing, we can't ensure it is operating efficiently and effectively, as I said. Transparency is the basis ultimately for accountability. At the same time, transparency into certain government activities can create an opportunity for those who wish to do us harm, and so Congress gives some agencies the authority to withhold certain information from public disclosure. This authority to classify information and create secrets is needed to protect our national security. I don't think anybody doubts that there should be a degree of this. The question is what degree of this. But when you give the authority to classify certain information, Congress has a role to play in making sure that authority is being properly excercised. Overclassification of information has become a concern. Estimates range from 50 to 90 percent of classified material is not properly labeled. In the 1990s, Congress established the Commission on Protecting and Reducing Government Secrecy to study those issues and develop recommendations. In 1997, the Commission issued a final report, including 16 recommendations. Three of those recommendations were implemented. Seven were partially implemented, and six remain open today. The Chairman of the Commission, the late Senator Patrick Moynihan, wrote, and I quote: ``If the present report is to serve any large purpose, it is to introduce the public to the thought that secrecy is a mode of regulation. In truth, it is the ultimate mode for the citizen does not even know that he or she is being regulated,'' end quote. Patrick Moynihan, hats off to him and his leadership in understanding and really helping to champion this effort to move forward and really examine the degree of which secrecy is needed in our Nation. Here we don't even know what can hurt us. As the tendency to overclassify information goes, so does the lack of accountability to both Congress and the American taxpayer. The Commission also warned about the dangers of restricting information from those who actually do need it. Looking back, that point seems almost prophetic in light of the events that would unfold on September 11, 2001. After conducting an exhaustive study of the attacks, the 9/ 11 Commission issued its own report that found we need to move forward from a system of need-to-know to a culture of need-to- share. What we have learned is that overclassification can also be damaging to national security, or at a minimum, it can lead to second guessing what might have been if we were only able to get the information in the right hands at the right time. According to a report by the Information Security Oversight Office at the National Archives, in the last 10 years, the Federal Government has spent more than $100 billion on security classification activities. In fact, I would ask unanimous consent to enter that report into the record. Without objection, so ordered. Chairman Chaffetz. Last year alone, classification is estimated to have cost $16 billion. It is unclear what exactly the taxpayers got in return for this expense. There was presumably some level of greater security as a result of restricting access to certain information. Again, no doubt that there needs to be classification that needs to be implicated, but at what level? This leads us to a number of basic questions. Does the billions of dollars spent to classify make us safer? How much money did we spend on security clearances for folks who probably didn't need them in the first place? Earlier this week, the Washington Post reported the Department of Defense found $125 billion in savings over 5 years by simply streamlining bureaucracy--$125 billion. To give you an idea, the entire State of Utah, everything we do in Utah--it is a smaller State, granted--but everything we do, from education to the National Guard to roads and paying teachers, is about $14 billion. And here at the Department of Defense, 5 years' savings, $125 billion, by simply streamlining bureaucracy. The Department of Defense was sufficiently embarrassed by this, as they should be, and decided to bury the study, but trust me: we are going to look into this. According to the article, quote, ``The Pentagon imposed secrecy restrictions on the data, which ensured that no one could replicate the findings,'' end quote. Not what we should be doing as a Nation. It is a prime example of why we are holding this hearing today. And when agencies have a tool to keep information from the public, Congress must ensure those tools aren't used for nefarious reasons. I look forward to discussing those issues with the witnesses today. I thank the panel of experts for coming before the committee to help us better understand some of the complexities of the government secrecy. I think you will find that Congress, in particular this committee, has a keen interest on this. The committee has been has been a leader and a champion of the Freedom of Information Act, one of the tools that is important for the American public to understand what their government--their government is supposed to be working for them--is actually doing. So I look forward to this discussion. Somebody I know who holds an equal passion for this is my colleague, Elijah Cummings, the ranking member, from Maryland, and I would like to recognize him for his opening statement. Mr. Cummings. Thank you very much, Mr. Chairman. Thank you very much for holding this hearing. Government transparency is a bipartisan issue. Over multiple sessions of Congress, our committee has made significant progress in making the Federal Government more open and accountable. We do this best when we work together. During this Congress, we worked together to strengthen the Freedom of Information Act, and those amendments were signed into law by President Obama in June. Just this past Monday, we sent another bill to the White House to strengthen protections for employees working for contractors and grantees who blow the whistle on waste, fraud, and abuse. We now have the opportunity to work together to address the flaws in our classification system. Over the past several years, our committee has conducted multiple investigations, including our review of Secretary Clinton's emails, that exposed serious flaws in our classification system. We have seen agencies disagree with each other on whether an email was classified. We have seen information that began unclassified later being retroactively classified. We have seen documents that were not properly marked as classified. And we have seen documents that were classified after they had already been publicly released. And, first and foremost, I believe that we in Congress should exercise our authority to improve the classification system and make government information more transparent. We can conduct oversight, such as these hearings, and we can investigate specific allegations of security breaches and unwarranted government secrecy. Congress can also legislate them. We can pass reforms that actually address the problems we will hear about today. Twenty years ago, the Moynihan Commission provided a roadmap to improving the classification system. But too little has been done since that report was issued. For example, the Commission recommended that Congress enact a statute establishing the principles of classification, but Congress still has not taken that step. The fundamental purpose underlying all of our efforts today is to provide the American people with more information, especially when it impacts our national security. Our operating premise is that a better informed electorate leads to a better-functioning government on behalf of all of the American people. Mr. Chairman, I thank you for calling today's critical hearing, but there is another national security area that I believe the American people should have much more information about from their government. On November 17, 2016, I wrote a letter to the chairman requesting that our committee conduct a bipartisan investigation into Russia's role into interfering with and influencing the 2016 Presidential election. I specifically requested that we receive a classified briefing from the intelligence community. Today, nearly 3 weeks have now gone by. I have received no response, and the committee has taken no action. Now, Mr. Chairman, I know you have said that you do not want to do any oversight relating to President-elect Donald Trump until he is sworn into office, and I can understand that. But these attacks on our country have already happened. It already happened. This is not something of a future threat. This has already been done. And unless we act, it may very well happen again. For these reasons, yesterday, I joined Democratic whip, Steny Hoyer, and ranking members of the Committees on Armed Services, Homeland Security, Intelligence, Judiciary, and Foreign Affairs, and we did ourselves what this committee did not. We sent a letter to the President requesting that all Members, that all of us, all Members of Congress, Democrats and Republicans, be provided the opportunity to receive a classified briefing by the intelligence community with the most up-to-date information on this issue. This is not a partisan issue, and it should not be. Republican Senator Lindsey Graham has called for this type of investigation in the Senate, essentially saying that Republicans should not sit on the sidelines and let allegations about foreign governments interfering in our election go unanswered just because it may have been beneficial to them in this instance. Republican Senator Marco Rubio put it even more bluntly saying, quote: ``Today, it is the Democrats. Tomorrow, it could be us,'' end of quote. The bottom line is that this is not a Democratic issue, and it is not a Republican issue. This is an American issue. Elections are a core American value and are central to our democracy, and any foreign interference with our elections should be of the greatest concern to every single Member of this Congress. The American people deserve as much information as possible about these threats and the actions their government is taking to address them. As I say to my constituents over and over again in the last election and during these times, this is bigger than Hillary Clinton. This is bigger than Donald Trump. This is about a struggle for the soul of our democracy, and so it is our job to ensure that we get this kind of information since it is our duty to make sure that our democracy stands strong and that our children's children can have a democracy just as strong as the one that we have experienced. And, with that, I yield back. Chairman Chaffetz. I thank the gentleman. We will hold the record open for 5 legislative days for any members who would like to submit a written statement. I will now recognize our panel of witnesses. I am pleased to welcome Mr. J. William Leonard, former Director of the Information Security Oversight Office; Mr. Steven Aftergood, director of the Project on Government Secrecy at the Federation of American Scientists; Mr. Tom Blanton, director of the National Security Archive at the George Washington University; and Mr. Scott--is it Amey? Mr. Amey. Yes, sir. Chairman Chaffetz. I just want to make sure I pronounce that properly. Mr. Scott Amey, general counsel for the Project on Government Oversight. We welcome you and thank you for being here. Pursuant to committee rules, all witnesses are to be sworn in before they testify. If you will please rise and raise your right hand. Do you solemnly swear or affirm that the testimony you are about to give will be the truth, the whole truth, and nothing but the truth? Thank you. You may be seated. Let the record reflect that all witnesses answered in the affirmative. In order to allow time for discussion, we would appreciate your limiting your verbal comments to no greater than 5 minutes so members can have ample time to ask questions. Your entire written statement and extraneous materials will be entered into the record. Mr. Leonard, you are now recognized for 5 minutes. And the microphones in this committee, you have got to straighten them up and put them right up uncomfortably close. Thank you. WITNESS STATEMENTS STATEMENT OF J. WILLIAM LEONARD Mr. Leonard. Thank you, Mr. Chairman, Mr. Cummings, members of the committee. I appreciate the opportunity to attend this meeting this morning. The ability and authority to classify national security information is a critical tool of the Federal Government and its leaders to protect our Nation and its citizens. However, when negligently or recklessly applied, overclassification of information can undermine the very integrity of the classification system and also create needless impediments to transparency that can undermine our form of government and its constitutional system of checks and balances. I have come to the conclusion that, on its own, the executive branch is both incapable and unwilling to achieve true reform in this area. Incapable in that, absent external pressure from either the legislative or judiciary branches of our government, true reform within the executive branch when the matter involves the equities of multiple agencies can only be achieved with the direct leadership emanating from the White House. Over the past 40 years, we have seen only one White House- led attempt at classification reform, and that was in the 1990s. Bureaucracy's response to those attempts at reform were typical--delay and foot drag--because agency officials know that, sooner or later, every administration eventually goes away, providing opportunities for rollback. With respect to the executive branch's unwillingness to implement real classification reform, I believe it is unreasonable to expect it to do so primarily since the unconstrained ability to classify information is such an attractive tool for any administration to facilitate implementation of its national security agenda. In this regard, especially in the years since 9/11, we have seen successive administrations lay claim to new and novel authorities and to often wrap these claims in classification. This can amount to unchecked executive power. While the President must have the ability to interpret and define the constitutional authority of the office and at times to act unilaterally, the limits of the President's authority to act unilaterally are defined by the willingness and the ability of Congress and the courts to constrain them. Of course, before the Congress or the courts can constrain Presidential claims to inherent unilateral powers, they must first be aware of those claims. Yet a long recognized power of the President is to classify and thus restrict the dissemination of information in the interest of national security, to include access by Congress or the courts. The combination of these two powers, that is when the President lays claim to inherent powers to act unilaterally but does so in secret, can equate to the very open-ended noncircumscribed executive authority that the Constitution's Framers sought to avoid in constructing a system of checks and balances. Thus, absent ongoing congressional oversight or judicial review of executive assertions of classification, no one should ever be surprised that the authority to class information is routinely abused in matters both big and small. I have attached to my formal statement specific examples of classification abuse relating to three criminal cases in which the prosecution ultimately did not prevail in large part due to government overreach in its claims that certain information was classified. In each of these cases, the government abused the classification system and used it for other than its intended purpose. I believe that there are steps that Congress can take in order to address this matter. The first deals with enforcing accountability. Over the past several decades, a significant number of individuals have rightly been held accountable for improperly handling classified information. To my knowledge, during the same period, no one has ever been held accountable and subjected to sanctions for abusing the system and for improperly classifying information, despite the fact that the President's executive order governing this authority treats unauthorized disclosures of classified information and inappropriate classification of information as equal violations of the order, subjecting perpetrators to comparable sanctions. Absent real accountability, it is no surprise that overclassification occurs with impunity. A second area worthy of possible legislative attention is that of providing a mechanism for routine, independent expert review of agency classification decisions, especially as a tool to be made available to the executive's two coequal branches of government when exercising congressional oversight or judicial action and to which they could come to their own independent judgment as to the appropriateness of executive assertions of classification. Traditionally, both Congress and the courts are understandably deferential to such assertions. Nonetheless, when applying the controls of classification, government officials are obligated to follow the standards set forth by the President and not exceed the governing orders, prohibitions, and limitations. Thus, it is not only possible but entirely appropriate to conduct a standards-based review of classification decisions. I have attached to my formal statement one potential methodology for such reviews. I applaud this committee for focusing on this critical topic to our Nation's well-being, and I thank you for inviting me here today, Mr. Chairman. I will be happy to answer any questions you or other committee members might have. [Prepared statement of Mr. Leonard follows:] [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Chairman Chaffetz. Thank you. Now there is a model for ending right at the 5-minute mark. Mr. Aftergood, I challenge you to come within 1 second of that mark as well, but you are now recognized for 5 minutes. STATEMENT OF STEVEN AFTERGOOD Mr. Aftergood. Thank you, Mr. Chairman and Ranking Member Cummings. As you know and as you really expressed very well, overclassification presents many kinds of problems. It makes your oversight job more difficult. It incurs substantial financial and operational costs, and it often leaves the public in the dark about national security matters of urgent importance that they should be aware of. Why do we even have overclassification? I think there are many reasons. For one thing, it is easier for officials to restrict access to information without carefully weighing the pros and cons of what should be disclosed. Overclassification many times is simply the path of least resistance. Unchecked classification can also serve the political interests of the classifiers. It is a way to manage public perceptions, to advance an agenda, to limit oversight, or simply to gain a form of political advantage. So what is the solution to overclassification? I don't think there is a single solution. I discuss several partial solutions in my written statement. Many of those solutions depend on Congress to assert itself and to affirm its own institutional interests. Congress is not a spectator, and it should not be a victim when it comes to overclassification. It is a coequal branch of government. In the executive branch, there are lots of fine and conscientious people who are involved in classification policy, fortunately, but we should not have to rely on their integrity. We rely instead on Congress to exercise checks and balances in performing its routine oversight duties. Finally, I would like to say that we are in a peculiar moment in our history that makes this issue particularly urgent. Everything I have just said about overclassification could have been said 10 years ago or 20 years ago. This is a stubborn and persistent problem, but there is something different today. We are living in a period of unusual political instability that I believe requires even greater transparency. Almost every day, we see increased expressions of hostility against religious and ethnic minorities. So-called fake news has lately resulted in actual acts of violence here in Washington, D.C., in the past week. And it seems that our political institutions are under a subtle form of attack by foreign actors, as the ranking member discussed. This is not a normal situation, and it is not the way that things have always been. What complicates things further is that the incoming administration, at least during the election cycle, has indicated policy preferences that depart significantly from existing law and policy in areas such as foreign policy, questions of whether or not to engage in torture, questions involving freedom of religion. In some cases, these raise basic constitutional issues. So the bottom line is that we are entering a turbulent time. Reducing overclassification and increasing transparency will not solve our problems. But if we fail to reduce overclassification, we are going to make those problems worse and harder to solve. Thank you again for holding this hearing and for the essential work of oversight that you do. I would be glad to answer any questions you may have. [Prepared statement of Mr. Aftergood follows:] [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Chairman Chaffetz. Thank you. Mr. Blanton, you are now recognized for 5 minutes. STATEMENT OF TOM BLANTON Mr. Blanton. I am certainly not going to match those timings. He did 5 minutes. He did 4 minutes. It was outstanding. Thank you, Mr. Chairman, and thank you, Ranking Member Cummings, and thank you other distinguished members of this committee for having me here today. I am here to make three points: One of them is a thank you for the Freedom of Information Act amendments that you all mentioned, because it is a model for what you can do here on classification. Second is to reinforce the message of that Moynihan Commission report. It was actually Moynihan, Combest, Jesse Helms, John Podesta commission. So you can tell when it is a unanimous bipartisan, it is something to pay attention to. And the number one recommendation was to pass a law to govern and fix this system. The third thing I am here to tell you is that, when a security official--officials--tell you something is classified, don't believe them. Most of the time they are wrong. Fifty to 90 percent of the time, as the chairman commented, they are wrong. So don't believe them. I am going to back that up with a few examples. But, first, the Freedom of Information Act amendments and why that is a model. You have already had an impact. You all, this committee was the leaders in this House of Representatives to get those amendments passed, and already the Central Intelligence Agency has released its Bay of Pigs draft history that they locked up for 30 years. On what grounds? Well, when you read it, you find out the grounds. The historian who wrote it and drafted it said: ``After more than 20 years, it appears that fear of exposing the Agency's dirty linen, rather than any significant security information, is what prompts continued denial of request for release of these records.'' That is the norm in the bureaucracy. Your amendments broke this loose. The CIA historian wrote on the back: Well, shucks, recent 2016 changes in the Freedom of Information Act require us to release some drafts that are responsive to FOIA requests. You did it by statute. That is the Congress' role. You can do it to the classification system. And I recommend the detailed list of recommendations in the back of this extraordinary report, the Moynihan-Combest report, for how you can do that. You can build in cost-benefit into the originating classification decision. You can build in assessments of, what is the real risk? What is the real vulnerability? What is the stream of cost to the public and to efficient government operations from classifying? You can do that on the front end. You can build in a declassification board with power to release so you get a rational declassification on the back end so the system doesn't get completely gummed up with unnecessary secrets. You can move those 50 to 90 percent of what shouldn't be secret out to the public. You can do that, but you have got to do it by statute. As Bill Leonard says, the government is not going to fix itself. You have got to do it. My third point is just don't believe them on classification. Last month, we got a nice, you know, letter from the Joint Chiefs of Staff in answer to a Freedom of Information request. That is the document they gave us. It is all blacked out because releasing it would damage our national security, seriously damage it. This is at the secret level, right? It was fascinating because our staff person took a look and said: Oh, that is the Joint Chief's advice on a Presidential policy directive back in July of 1986. That looks kind of familiar. And he flipped back in the files. Turns out we got it in 2010 in full. That made us go look at the cover letter. You know what the cover letter says? It says: We have coordinated your Freedom of Information review in consultation with the Joint Staff and the National Security Council. This is from the Office of the Secretary of Defense. It says OSD and NSC have no objection to declassification in full. However, Mr. Mark Patrick of the Joint Staff thinks it ought to be classified, and thus you got the black blotches. Classic case. One office doesn't agree with another office. One says it has been released for 6 years. Another says it is going to damage our national security. Attached to my testimony, I got a half dozen other examples where it is not even one office and another office. It's the same reviewer one week apart had diametrically opposed views of what would damage our national security from release. So, bottom line, Mr. Chairman, Ranking Member: Don't believe them. Thank you very much for your time. I welcome your questions. [Prepared statement of Mr. Blanton follows:] [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Chairman Chaffetz. Well, thank you. We love your passion for it. It is good. Mr. Amey, you are now recognized for 5 minute. STATEMENT OF SCOTT AMEY Mr. Amey. That is a tough act to follow. Good morning, Chairman Chaffetz, Ranking Member Cummings, and members of the committee. POGO has always recognized the tension between openness and protecting legitimate government secrets, but the executive branch frequently overclassifies more information than is necessary and has developed new ways to conceal government information. Such obstructions create barriers to public deliberations on policy and government spending, impede sharing, and harm efforts to identify and remedy waste, fraud, and abuse. The 9/11 Commission said it simply: ``Secrecy, while necessary, can also harm oversight.'' Sometimes the result of classification is not for the legitimate need of secrecy but the concealment of embarrassing information, which creates public distrust. There are five main points that I want to briefly discuss today: overclassification, retroactive classification, controlled unclassified information, treatment in handling cases, and, finally, executive branch use of secret laws. In overclassification, overclassification might be a form of either excessive redactions or improper markings. Reports by the National Security Archive and ISOO show that the classification process is mostly heading in the right direction, and we have seen some improvement over the last few years, especially considering the amount of electronic documents that have to be reviewed. But one number is a concern. In 2015, classification decisions were overturned in whole or in part in over 50 percent of the challenges. That was 411 cases overturned out of 814 decisions that were made. Additionally, we have heard stories about the lack of clarity and authority in standards leading different agencies to come to different conclusions, as Mr. Blanton just discussed. POGO is also concerned about the lack of clarity about what constitutes intelligence sources and methods, which also can lead to overclassification. And, finally, classifications aren't free. As the chairman mentioned, total security classification costs exceeded $16 billion back in 2015. The Moynihan Commission had an excellent recommendation to improve the system: classification decisions, including the establishment of special access programs, no longer be based on damage to national security. Additional factors, such as cost of protection, vulnerability, threat, risk, value of the information, and public benefit from release, could also be considered when making classification decisions. POGO is in agreement that such factors should be considered to reduce executive branch secrecy. On the issue of retroactive classification, for years, POGO has expressed concerns about questionable activities to retroactively classify government information. POGO has firsthand experience because we were involved in instances involving Area 51 and unclassified briefings to Members of Congress in a whistleblower retaliation case. POGO believes that any reviews of the classification process should include a comprehensive look at issues affecting retroactive classification, including failures in the system to classify the information appropriately, how frequently it occurs, what considerations were given to the information, if it is publicly available, and what constitutes constitutional issues related to prior restraints. On the issue of controlled unclassified information, there has been a proliferation of CUI, and by 2010, there were over 100 different CUI markings within government agencies. We have even witnessed examples of misuse, and POGO hopes that the committee will consider providing oversight of the implementation of the recently released CUI regulations. We have also even recently heard an example--and it was something that we had complained about during the process--that employees at DHS, when they were given FOIA training, were also instructed that, if they have a FOIA that comes in and the information is marked ``CUI,'' it should not be released. And so that is opposite to the executive order that the President issued as well as the language that is in the final regulation from there and ISOO. Unequal treatment in handling cases. In the past few years, we have witnessed numerous instances of mishandling of classified or protected information. I go into more detail in my written testimony, but POGO thinks that, if an intent is considered in high-profile cases involving senior officials, it should also be considered, as well as other factors, in whistleblower cases. Secret law. POGO has voiced many concerns about the executive branch use of secret law. How we come to conclusions and striking the right balance between our security and our rights is imperative, and the legal interpretations cannot be cloaked in secrecy. Secret law poses a serious harm to our democracy. POGO's written recommendations are in our written testimony, but I think there is one issue and point that the 9/ 11 Commission made that is important about nurturing--that the current system nurtures overclassification. There are no punishments for not sharing information. Agencies uphold a need-to-know culture of information, protecting rather than promoting a need-to-share culture of integration. Thank you for inviting me to testify. I look forward to working with the committee and further exploring how to legitimately protect classified information and reducing government secrecy and cost. Thank you. [Prepared statement of Mr. Amey follows:] [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Chairman Chaffetz. Thank you. I appreciate all of the opening statements. We will now recognize the gentleman from Michigan, Mr. Walberg, for 5 minutes. Mr. Walberg. Thank you, Mr. Chairman, and thank you for holding this hearing. It is something that probably many of us have surmised was going on. It certainly goes to a frustrating level, and I appreciate the fact that, in this report that you pointed out, Mr. Chairman, ``Pentagon buries evidence of $125 billion in bureaucratic waste,'' done by two reporters, one of which certainly has established credentials for doing investigative reporting, and we ought to take this seriously. But I think when I read this, the frustrating thing was the number of assertions that lawmakers don't want to do anything about this because of the impact in their districts. And certainly there is evidence to show that, but I think this committee has lawmakers better than that. I hope this is a real start. Mr. Amey, according to that article in the Washington Post, the Department of Defense first commissioned and then hid-- hid--the unflattering results, and did it aggressively, hid that, with retribution, offered threats, you name it, of the waste and efficiencies. Are you familiar with the report? Mr. Amey. Yes. Mr. Walberg. I would expect so. In your view, what reasons could the DOD have had to keep the results of the report from the public? Mr. Amey. Oh, boy, you are putting me on the spot. I'm trying to predict what the Department of Defense was thinking. I don't know. It is very difficult because the report is actually on the Internet. We found it yesterday when the story came out. It has been on the Internet since that time. The Defense Business commission actually had a slide presentation, a summary of the report, on its Web site, and so we are trying to actually figure out, and we actually reached out to the reporters to try to figure out where the secrecy was coming in and what was taking place. But I would imagine it is public embarrassment. I mean, at the end of the day, we are talking about the Department of Defense trying to protect $125 billion and the fact that they can't pass an audit and there is other scrutiny on top of them, that I think this was just an issue of ``we didn't want this to get out and so let's try to keep it under wraps.'' Mr. Walberg. And I am sure $125 billion doesn't sound unreasonable to you? Mr. Amey. Oh, no, sir. I mean, we have been saying it for years that, between when you look at goods and services--most of my work is on contract oversight, and when you look at Department of Defense goods and services, we factored that, yeah, we are probably in the tens to hundreds of billions of dollars' worth of waste. Mr. Walberg. As I read that, it just goes back to simple truth that a bureaucracy will protect itself. And a bureaucracy does not want to be downsized in any way, shape, or form. But in a time of sequestration, at a time when our warfighters and their families, et cetera, are suffering reductions, for this type of dollar amount to be held over and attempted at least to be hid from us is unconscionable. To think that this could, as I have read, cover the cost, the operational costs, of 50 Army brigades--that is pretty significant--or 3,000 F-35 strike forces or 10 strike forces of carriers, that is just unconscionable that this would have been disregarded and hidden. What can Congress do to ensure that agencies engage in this type of self-analysis but then also use results to improve existing operations? Mr. Amey. It is a wonderful question because that is exactly what the point is, is, at the end of the-day, we have asked for inventories of contracts, of inventories of what we are buying, how many services are being provided. Unfortunately, there was actually a chart out a few years ago that said that the government doesn't often know how much the government is spending and what it is being used for, and so that is where we need to get to the audits, but specific audits--just not check the box, did people do X, Y, and Z?-- we need specific audits of specific spending. GAO does a fairly good job. DCAA is involved in the process. But that is where I think we need to go a lot deeper into these specific programs and then get to the heart of why we see so many overruns on some of these programs. I mean, there is a lot of waste out there, and we just have to identify and then come to the solution on how to remedy it from the beginning. I mean, let's stop trying to put the milk back in the bottle after the fact. Let's do it at the start of the process before billions is wasted. Mr. Walberg. Well, I trust that, because of this hearing and others, I would assume that we can do that, plus starting new, afresh on January 20 as well, that this lesson will not be lost because, frankly, this is the number one responsibility of our Federal Government, to make sure that we have the resources available to do what is necessary to protect and defend our positions and not just protect a bureaucracy. And I yield back. Mr. Hice. [presiding.] I thank the gentleman. The chair now recognizes the ranking member, Mr. Cummings, for 5 minutes. Mr. Cummings. Thank you, Mr. Chair. Mr. Aftergood, I and many other Americans have serious concerns with reports of hacking and other actions by the Russian Government to interfere with the 2016 Presidential election. The intelligence community has confirmed that the Russian Government or its associated entities hacked the email accounts of individuals and political organizations before the Presidential election. The Director of the National Security Agency, Admiral Michael Rogers, said, and I quote: ``There shouldn't be any doubt in anybody's minds. This was not something that was done casually. This was not something that was done by chance. This was not a target that was selected purely arbitrarily. This was a conscious effort by a nation- state to attempt to achieve a specific effect,'' end of quote. Do you believe this is an important issue for our country? And I notice that, in your testimony, you talked about classification, and you talked about the state that we find ourselves in overall today, and I am just curious. Mr. Aftergood. Yeah. It is a crucial issue. The integrity of the electoral process is absolutely fundamental. If we don't have credible, authoritative elections, the foundation of our political system is washed away. So, yes, it is an extremely serious question. I think the blanket of classification that has been spread over it needs to be reevaluated. Even before that happens, Congress needs to understand exactly what did happen. There are actually several questions here. What kind of attack occurred? What are our vulnerabilities? And what steps can be taken to prevent future attacks of this kind? And I think all of those questions are wide open. I would also say, though, that it is important that this not be construed as a sort of left-handed attack or attempt to undermine the incoming administration because that would only aggravate whatever damage has already been done, at least in my opinion. So I would hope that this be undertaken, as you said, on a bipartisan basis to say: Look, we have got a problem. We need to deal with it. Mr. Cummings. I agree with you. I think it is definitely a bipartisan issue. The FBI has refused to disclose any information about its investigation of these hacks. This is the opposite approach from the one the FBI took in the Clinton email investigation. I wrote to our chairman on November 17, 2016, to request that our committee conduct a bipartisan investigation into Russia's role in interfering with and influencing the Presidential election, again, not to take anything away from President-elect Trump, but just the idea of it, just should bother every single American. Even Republican Lindsey Graham, Senator Graham, called for an investigation into it. Outside experts have also called for Congress to act. A group of 158 scholars from colleges and universities around the country sent Congress a letter calling for a congressional investigation. A group of experts on cybersecurity defense and fair elections wrote, and I quote: ``This evidence made available in an investigation might show that foreign powers have played an important role. It might show that such a role was negligible. At this juncture, we can only say that existing reports are plausible enough and publicly expressed enough to warrant Congress' full attention and swift action,'' end of quote. Mr. Blanton, do you believe there is a role for Congress in investigating these allegations? Mr. Blanton. Yes, sir. To me, one of the great headlines of the whole election season appeared in the Washington Post on November 1 when the FBI was trying to explain why it didn't sign on to that statement from the Director of National Intelligence and the Homeland Security. And the headline read: ``Comey was concerned publicly blaming Russia for hacks of Democrats could appear too political in runup to elections.'' That is the Washington Post headline. It is an interesting reticence as you point out. Congress should get your classified briefing, Congress should understand the hacking. There is a huge problem. We are constructing at the National Security Archive Web site at George Washington University a whole cyber vault, trying to get declassified much of the cybersecurity policy documents because, as former National Security Agency Director Michael Hayden said, one of the problems of cybersecurity is it was born classified. It grew up in this hothouse where it was all shielded by compartments, but what we really need in our society is a robust debate that involves academics, civil libertarians, the tech companies, and this committee and this Congress. We have got to open it up. That cyber vault is beginning to get populated, but it needs more. It needs this Congress to get into this. It needs to press the intelligence community and Homeland Security to release the basis of their attributions. How do they figure that? That is the hardest part, as you well know, Mr. Cummings. Mr. Cummings. One last thing, Mr. Chairman. I have said it, and I guess, at 65, I look back and I am not so much worried about my life. I am worried about future generations. The idea, I mean, I just see, I am very concerned about our democracy. Mr. Aftergood, I appreciate your comments because it seems as if you can just chop away and chip away, and the next thing you know, you won't have a democracy. Do you all have similar concerns, any of you? Mr. Leonard? Mr. Leonard. Yes, Mr. Cummings. You know, I think, obviously, my insights are only based upon what I have seen in open-source material and whatever, but I do know from being, based on my past experiences, this is something straight out of the Russian playbook. We have seen it repeatedly happen in Europe, especially in Eastern Europe and things along those lines. In fact, it is straight out of the KGB playbook during the cold war. It was known as special measures back then and the use of disinformation and things along those lines. So, clearly, it does go at the very fabric. And, again, this is an example of what I made reference to in my opening comment in terms of the impact that denying information to the Congress can have in terms of the Congress' own ability then to carry out its Article I constitutional authorities, which essentially is oversight. Mr. Blanton. If I could just make one more comment on that issue, I think we have got to look at this question of hacking and attribution and roles with an eye to, what is the long-term fix? If you look at what the Obama administration achieved with China, the price of a state visit for the head of state of China was that China had to stop its hacking. And that whole arm of the People's Liberation Army kind of went on hold. And the question--one of the first documents we published in the cyber vault was the directive that authorized our National Security Agency to do offensive cyber operations, and that was in 1997. That was in 1997. I think one of the things that Congress has got to look at when it is trying to figure out who is hacking us and why and what is the damage is, what is the fix? I think we are going to have to end up with new international norms governing cyber war because our country is the most vulnerable in the cybersphere. It is in our national security interest to impose rules on other folks and to cut the deals, like President Obama did with President Xi, to restrain us. To restrain them, it will also restrain us, but that is in our interest. Mr. Cummings. Thank you. Mr. Hice. I thank the ranking member, and I would ask our panelists to help us keep within our 5 minutes. We have got a number of people who want to ask questions, so if we can work both ways. The chair now recognizes Mr. Farenthold for 5 minutes. Mr. Farenthold. Thank you, Mr. Chairman. Mr. Amey, you mentioned that there is no penalty for overclassification. What would you suggest that we do? Obviously, you would want some penalty for self-serving classification. What other areas, what would you suggest as a potential punishment, or do you just make it illegal with no punishment? Mr. Amey. Oh, I think there has to be some punishment. We can debate what the punishment will be, but there has to be some kind of civil, criminal, or administrative punishment that happens. I mean, currently, you know, things are marked, and at least with classification, there is at least a better process. A lot of what we have also been concerned with is this--in the old days, it was the FOUO--with the Controlled Unclassified Information, the CUI out there, is that anybody that thinks something can stamped ``CUI,'' they put a stamp on it. And then, all of a sudden, that has a dissemination control on it. It can't be shared, and then there's questions on, well, wait a second, if people can't learn about it, how can we FOIA it? But I think you are absolutely right. We have to figure out what the punishment will be, and it may be something purely administrative. And I am sure the other panelists have some ideas on it as well, but I think there has to be something. Mr. Farenthold. All right. So let's talk a little bit. This committee has had pretty good success with the IG community where, within each agency, there is an independent inspector general that does investigations. We have had success with the chief information and chief technology officers under FITARA. Is there a model in which we create within all agencies a classification office? Or are we better off setting up something outside the agency, certainly on longer term, you know, move something within in the National Archives, where there is a method for declassification? We will start with you, Mr. Blanton, and let anybody else weigh in. Mr. Blanton. Excellent question. All I can do is point back to some of the lessons of history, which are the times when we have had real success in forcing unneeded secrets out of the system was when Congress took action with the Nazi War Crimes records bill, with the JFK Assassination Records bill. It set up blue-ribbon panels outside and inside---- Mr. Farenthold. Well, part of our problem here in Congress is we can do a lot of things. We need your suggestions on what specifically to do. I understand that that is probably more indepth we can get into in the 2-1/2 minutes that I have left. Let me let anybody else. Mr. Leonard, do you want to weigh in? Mr. Leonard. Yes, sir. I am a big advocate of the IG's involvement in these types of issues. Having been external to agencies when I was at ISOO--I was part of the Federal Government but yet an outsider--I was very much limited to what I could do when dealing with CIA or even the Department of Defense or what have you. IGs don't experience those limitations to the same extent. Plus they also have the dual reporting responsibilities in both the executive and legislative branch. Mr. Farenthold. So your suggestion might be expand the responsibility of the IGs? Mr. Leonard. Absolutely. There was the 2010 Reducing Overclassification Act, which assigned specific responsibilities to the IG. I believe those types of things can be greatly expanded, and given the proper training, IGs can very effective in this area. Mr. Farenthold. Yes, Mr. Aftergood. Mr. Aftergood. One hopeful sign in current classification policy is the growth in classification challenges from within the system. The current executive order allows people who have access to classified information to challenge its classification status and to say: Wait a minute; this shouldn't be classified. In the most recent year, the number of internal classification challenges reached a record high of more than 900. And of those challenges, more than 40 percent were granted. That is a trend that I think could be built on. If the system can be made more and more self-correcting where people inside the system themselves are finding errors and helping to adjust them---- Mr. Farenthold. One final question before I am completely out of time. This committee and other committees often get classified information in response to our requests for information as part of our oversight responsibilities. Do you think it would be appropriate to create a mechanism for Congress once we have read that and said, ``This is crazy, this doesn't need to be classified,'' do you think Congress should have the ability to declassify material? Does anybody think we shouldn't? Mr. Leonard. I believe Congress should. In fact, some committees by virtue of rules have empowered themselves with that option yet, to my knowledge, have never been acknowledged. It is a dicey issue, but two coequal branches of government and each have the---- Mr. Farenthold. Mr. Amey, you look like you wanted to weigh in. Mr. Amey. Well, in the final CUI rule that is one of the things that we fought for. Originally, there was only allowed to be a challenge internally, and we fought that it could beinternally or externally. So, yeah, I would think that the same process should be applied to classified information as well. Mr. Farenthold. Thank you. I see my time is expired. Mr. Hice. I thank the gentleman. The chair now recognizes Mrs. Watson Coleman for 5 minutes. Mrs. Watson Coleman. Thank you very much, Mr. Chairman. And thank you to each of you for raising what I think is a very important, complex list of issues, actually. And I recognize that we need to be talking about security first. We need balance. We need accountability. And we need fairness. And so this is a huge area with so many people interacting. In many cases, there is a disagreement among agencies and within agencies. And a lot has to be done here. I wanted to ask a series of questions, and so I hope that you will answer them as sort of succinctly as possible, recognizing that you are only going to give me sort of the top lines. I want to start with you, Mr. Blanton, because you testified about the recommendations of the Moynihan Commission more than 20 years ago, and I just want to have a reaction from you as to why you think Congress has not moved to fix this classification system. Mr. Blanton. I am no expert on Congress, and I assume that you could give a far more sophisticated answer to that than I could. I think Steve Aftergood, I think, testified at one of the congressional hearings back in 1998, and that was when Senator Moynihan was alive and Senator Helms was alive. They were in powerful positions, and even they didn't push through their recommendations. My own sense is there wasn't enough of a notion of crisis, and we have got a crisis today I think in the classification system. Mrs. Watson Coleman. I think that you are quite accurate on that, that we may be in a situation right now where we are in an unprecedented environment. Mr. Aftergood, would you like to comment to that? Mr. Aftergood. You know, the Moynihan Commission report itself included an appendix of previous studies from previous decades that had also not solved the problem, and here we are 20 years later looking back at the Moynihan Commission. I think it may be that the recommendation didn't quite capture the issue properly, and it seems to me that a law on secrecy is a means to an end. It is not the end. I would think about what is the end that you really want and then go for that. And the end that you really want is greater congressional control over what is or is not classified. Focus on that. Go for that. If there are particular areas, particular topical areas that need classification, declassification, mandate their declassification. Mrs. Watson Coleman. So probably the end result should be the kinds of things that I sort of mentioned when I opened up, the issue of security and balance and fairness and accountability, and how we get there. Mr. Blanton, again, you talked about a possible reform that could be made by statute. One of those would be to implement a life cycle of secrets. Would you talk to me a little bit about what that is? Mr. Blanton. In the most straightforward version, it was in the Freedom of Information amendment, like a 25-year sunset for deliberative process. The reality of our classification system, one of the reasons it is entering crisis is we have got a tsunami of electronic records. The volume is--we are talking petabytes of information. We are not going to be able to do page-by-page review, which is what our declass system currently consists of. We are going to have to build in automatic releases for entire categories of records without review. Mr. Blanton. And that, I think, is going to be the only way to deal with those electronic records. So life cycle is just a kind of summary term to say you've got to put sunsets on the secrets, you've got to have better decisions on the front end that build in the sunsets, and then automatic release. Otherwise we're sunk. Mrs. Watson Coleman. I believe it was your testimony that I read where you said within this age of technology we can take care of those things that are sensitive in nature, personal information that could be deleted automatically if it's programmed to do so. Mr. Blanton. Yes, ma'am. That's the big holdup right now in releasing the State Department cables. They say they've got to look at every single cable to make sure there's no Social Security number or personal phone number in there. Well, I can't think of something that is more easily automated than searching and removing a Social Security number. Mrs. Watson Coleman. So help me to understand this, because I am a relatively new member. And I want to ask two questions here. Number one is, is it currently a situation where each agency is responsible for classifying its information even though that information might be shared with other agencies and involve other agencies? And, lastly, and anybody can respond to this, is there a proposal where this sort of classification consideration would go into a sort of multidisciplined entity where those things could be vetted under standards and circumstances and then sort of move in a way that agencies can sort of agree on the ground levels and would reduce the amount of classification? Mr. Blanton. That entity exists. It was recommended by Moynihan. The Congress and the Presidents put it--it's called the National Declassification Center. But the reality is it doesn't have the power, maybe the will, to override those agencies. So you get a constant equity referral where the agencies all get a bite at the apple. And one of the recommendations in my testimony is empower that center. Make the decisions. Do a sunset. If something's older than 25 years, that center should be able to review it. Mrs. Watson Coleman. So does that empowerment require our legislative--my last--I'm sorry--does that require our legislative action to reconfigure this and empower in a different way? Mr. Blanton. Yes, ma'am. Mr. Leonard. Absolutely. Mrs. Watson Coleman. Thank you. Thank you, Mr. Chairman. Mr. Hice. I thank the gentlelady. The chair now recognizes Mr. DeSantis for 5 minutes. Mr. DeSantis. Thank you, Mr. Chairman. I appreciate the testimony and the invitation for Congress to be involved in this. But I want to just start at the beginning and just ask everybody, does everyone agree that at some level the executive does have inherent authority under Article II as part of the executive power to maintain secrecy of information related to the national security? Mr. Leonard. Mr. Leonard. Absolutely. Mr. Aftergood. Yes. Mr. Blanton. Yes, but. Because there's an Article I that says Congress makes the rules to govern the military, Armed Forces, and national security. So it's both. Mr. DeSantis. Well, it's both, but I think Hamilton when he talked--because there was a debate whether you should even have a single executive. They had revolted against George III. Some proposed a council. And one of Hamilton's main arguments for why you needed a single executive was for secrecy, particularly with regards to national security. So there's got to be--I mean, is there anyplace, I guess, that Congress can't go into that? Or could Congress basically legislate as far as it wants, in your judgment? Mr. Blanton. It can legislate as far as it wants. Congress has the power of the purse. That is the key. And I think the Founders said separate the power of the purse from the power of the sword. That's key. Takes money to run a---- Mr. DeSantis. Well, I think that's--I think--absolutely. So the Congress could abolish the CIA if they wanted to. There's no requirement you have that. But we do have intelligence agencies. We do that. Could Congress just pass a statue saying declassify as much sensitive stuff as we want? Would there be any constitutional concern with doing that? Mr. Blanton. None. And Congress has already done so with the Nazi war crimes, which exposed the files of Nazis that the CIA recruited and brought to the United States. So Congress has already done that. Mr. DeSantis. But when did they do that, though? Mr. Blanton. In 1998 and 1999. Mr. DeSantis. Yeah, well, but I guess my point is, if Congress wanted to start declassifying things that were germane and ripe right now with how our government's conducting sensitive operations, you say that would still be okay even though it could jeopardize lives? Mr. Blanton. It would still be okay because my bet is that this Congress and this committee would act pretty judiciously on that. You're not going to willy-nilly, you're not Julian Assange. Mr. DeSantis. No, I get it. But what I'm trying to figure out is if there's a---- Mr. Blanton. I have a lot of confidence in your judgment. Mr. DeSantis. Well, but there's certain constitutional prerogatives. We obviously have the power to legislate, of course the purse. The executive has certain--or, I mean, the executive power means something. I mean, there's certain things. And so what I'm trying to figure out is are there certain places--because I think we all agree some of this stuff is ridiculous. And there's an incentive to just simply take on more--some of this stuff isn't even classified that's being protected. But at the same time I just think it's important to recognize that there is a legitimate reason to do it, because I think when you overclassify, I think that actually undermines the core reason of why you want to do it. But let me just get you, Mr. Amey, down on the end. Mr. Amey. I totally agree. I do believe that there's a constitutional protection for secrecy. But at the same time, as Tom said in his statement, I think you have to get to his point number three, and that is don't trust it. I mean, eventually we're going to have to get down to a point where, whether it's through the challenge process or through briefings that Congress gets, on questioning what the executive branch is doing. Mr. DeSantis. So you look at some of these things, some of these agencies, the Antitrust Division at the Department of Justice, the Bureau of Prisons has somebody who's an original classification authority. Mr. Leonard, how did it get to be that point? Is that really necessary in those instances? Mr. Leonard. It's an example, perhaps, of--when I was in my position at ISOO one of the things I had to do was to deal with requests for agencies to get original classification authority. And, quite frankly, one of the issues that I had to contend with is it was one of convenience more than anything else. And there were a number of instances where there were agencies or even small activities looking for original classification authority that had to push back because they were looking to really accomplish something that probably could have and should have been accomplished through legislation if there was really a legitimate reason to withhold information from public disclosure. Mr. DeSantis. How do you analyze? Because some of this stuff, it's just the agencies are embarrassed, they don't want to do it, and it's clearly just--it's not credible. But sometimes when you're trying to get information from FOIA or Congress, I mean, you are diverting the executive from kind of their core mission, actually do good. I mean, we're the first ones to criticize the government when they screw up or when they're not competent. And so how do you do this in a way that's not going to impose too many costs? I mean, for example, if we're going to always review every 10 years some of this stuff, that is going to create some costs. So how would you recommend we strike that balance? Is that a valid concern? Mr. Leonard. It very much so is. And one way would be to, as Mr. Blanton referred to, was to consolidate authority and responsibility and not spread it so far and wide within the government. I'll give you a perfect example. When I was in the Department of Defense, I could write a memo and use CIA information. The CIA trusted me to properly classify the information. They didn't want to look at it and whatever. If I came back 20 years later and wanted to work at the National Declassification Center and looked at my same memo, they wouldn't allow me to declassify it because I didn't get a paycheck from CIA. That type of redundancy can be beaten out of the system and it would result in significant cost savings. Mr. DeSantis. Great. I yield back. Mr. Hice. I thank the gentleman. The chair now recognizes Ms. Kelly for 5 minutes. Ms. Kelly. Thank you, Mr. Chair. And thank you for holding today's hearing on this important topic. I believe that secrecy is a serious problem that is widespread in the Federal Government and that it goes beyond classified information. For instance, there's a category of pseudoclassification that has exploded over the last 15 years called controlled unclassified information. I understand there may be as many as 100 different designations in use, but the label ``sensitive but unclassified'' is one of the worst of offenders. First, I want to get a sense of the extent of this problem. The Information Security Oversight Office annually reports how many classification decisions agencies make. However, there is not a corresponding section on how many decisions were made to designate materials as controlled unclassified information. Mr. Leonard, you previously served as the director of ISOO. Are agencies required to track how many materials they designate as controlled unclassified information? Mr. Leonard. Quite frankly, I'll defer to one of my copanelists because I've been away from ISOO since they assumed that responsibility and have not followed it that closely. Mr. Aftergood. I would say that there has been significant progress compared to where we were 10 years ago. It used to be that anybody could mark any document anything. You could say this is for official use only and that would restrict its access. Now, under the executive order on controlled unclassified information, there is what's called a CUI registry, and only those markings that have been approved and validated can be used. And there are many things, of course, we want to protect. We want to protect tax returns. We want to protect privacy information. All those kinds of things have been validated, and only those markings that are on the CUI registry are supposed to be used. Now, is that system working perfectly? Are people bending the rules? I don't know the answer to that question. It just went into force very recently, and we're still waiting to see how it's working. But I think the policy has improved substantially over the past decade. Ms. Kelly. Would you estimate that more information is designated as CUI than is classified? Mr. Aftergood. I don't know the answer to that. Mr. Amey. I don't think we know the answer to it. Agencies are going to be required to report how much information is marked. They did boil the over 100 categories down to 20. However, there are 80 subcategories. And so at that point you still end up with a real patchwork of designations and markings that can be placed on documentation. The big thing with it also is there's going to be better training. ISOO is doing a very good job, and I have to applaud them, because they actually reached out to our community and worked with us on the rules. As it went through the process, they really did work with the agencies to try to get it. But they didn't--I don't think they realized how big that this had expanded within agencies. And there was a lot of foot dragging by Federal agencies as well. So as Mr. Aftergood said, it was only in effect, I think, as of mid-November, something like that. And so at that point we're going to have to wait and see. And full implementation of the CUI regulation isn't expected to be completed until 2017, '18, '19. So at that point it's going to take a very long time to probably get some answers on it. But it needs the proper oversight from this committee. Ms. Kelly. I know you called it a gray area, because I was going to ask you what do you think the potential for abuse is. Mr. Amey. We've already seen some abuses. In my written testimony I provide two examples, and one was even an IG report in which there were examples involving the TSA. Also, the bizarre case of Robert MacLean in which something was marked SBU. It was actually the original CUI. And so at that point something was marked SBU I think 4 years after he released it, even though it didn't have any marking or designation, but they retroactively marked that information as SBU. So there are problems in the system and it is prone to abuse and so we do have to watch it. Now, the nice thing with the CUI rule is that there is a misuse provision, and so that may be something that can be borrowed upon for the classification system that we should look at since it's already in regulation. And also the challenge procedure. But, again, challenges go back to the agency, and then I think you have a right to dispute resolution. So it's a little murky due to the fact that you're, in essence, going back to the fox guarding the henhouse that may have originally marked it. So there are some concerns with that. Ms. Kelly. Mr. Blanton, you keep shaking your head. So I want to give you opportunity for comment. Mr. Blanton. I agree. Ms. Kelly. Okay. I yield back the balance of my time. Mr. Hice. I thank the gentlelady. The chair is now going to recognize himself for 5 minutes. I want to go back to something that came up a little while ago, and that is the number of classifications. Over the last 5 years some 400 million, and yet only a little over 2,300 in the same 5-year period have been challenged. And those numbers can be debated a little bit here and there. But whatever it is, 2,300 out of 400 million is virtually no challenges whatsoever. Just real quickly, just a sentence or two, why so few challenges? Mr. Leonard, I'll start with you. Mr. Leonard. Mostly one of culture. When I was in the Pentagon, when I had reports in my inbox, if I had an unclassified report and a top secret report, which one would I read first? The top secret one, even though the unclassified one may be more substantive. So sometimes it's just as simple as just sheer culture, People get inured to it and just expect nothing else. Mr. Hice. Mr. Aftergood. Mr. Aftergood. In many cases, employees are not aware of the challenge provision that enables them to make this challenge. And that's one simple step that can be taken to say, look, as soon as you sign your nondisclosure agreement, you also sign, ``I'm aware that I can challenge a classification marking that I believe is improper.'' I would also mention that I think your hundreds of millions figure is including original and derivative classifications. The number of original classifications or entirely new secrets has been on a steady downward trajectory. Mr. Hice. I don't want to get into a number right now. Mr. Blanton, why so few challenges? Mr. Blanton. It's easier just to classify. And much classification just occurs reflexively. And most of those derivative classifications it's just keep it going. Because there's not a thought process on the front end of the first decision. What's the cost benefit? What's the real risk? What's the vulnerability? What's that? And you've got to educate them at the nondisclosure agreement point, but I would argue you've got to put it in a statute. Mr. Hice. All right. Mr. Amey. Mr. Amey. And just quickly, it could be career suicide. I mean, at this point we have insider threat investigations that could take place, and also whistleblower retaliation. So a lot of the times, as Mr. Blanton just said, it's a lot easier just to go along with the process than to question it. Mr. Hice. Okay. So it's not a matter of red tape. Perhaps poor advertisement, people don't know, perhaps a culture, or whatever. But red tape is not the problem, is that correct, all of you would agree with that? Mr. Leonard. Oh, absolutely. And, again, a lack of accountability is key too. Mr. Hice. Okay. Now, when it comes to--obviously we know there's been a lot of threats to our country, and I'm concerned about the lack of information sharing within our Federal Government. A scale of 1 to 10, how serious of a problem is this, to each of you? Mr. Aftergood. I think it was 10 around the time of 9/11. It's 5 now. In other words, there has been significant progress. Mr. Hice. Okay. The rest of you? Mr. Leonard. Mr. Leonard. I would tend to agree, but my sense is that there's also been a rollback with respect to some of the recent rather significant wholesale compromises that have occurred as well too. Mr. Hice. All right. Mr. Aftergood, how serious of a problem? Mr. Aftergood. It's a serious challenge. When you classify, you restrict dissemination. And so they're the flip side of each other. It's an ongoing problem. Mr. Hice. Mr. Amey. Mr. Amey. Agreed. Mr. Hice. All right. So across the board we still have a serious problem. There may be some improvements. But we still have a serious problem with sharing information, even when potential threats are hanging in the balance of our country. And in the mix of all of that, also came up earlier is the ability of Congress to do our job. How serious is the issue or is it at all an issue where agencies are overclassifying to either complicate or obstruct congressional oversight? I'd like to hear from each of you quickly. Mr. Aftergood. Honestly, you're probably in a better position to answer that. I think it's the exception, not the rule. Mr. Blanton. I think it varies by agency. And I think the intelligence community has the, in a sense, the worst cultural problem. You've got to go into that SCIF. You can't bring out notes. You can't have staff. How are you going to have a serious consideration of real oversight over some of the most important and sensitive and deadly operations of our entire government? Mr. Hice. All right. Real quickly. Mr. Leonard. It inevitably occurs, whether intention or not. And, again, the lack of accountability makes it ripe for abuse. Mr. Amey. And it's why in any oversight or any new commission that is going to be paneled here to take a look at classification and the status and secrecy issues, is why you have to get out of just the check-the-box kind of audit on are people following procedures, but take a look at some specifics where challenges have been raised and why those things were allowed to be overclassified. Mr. Hice. And when we do get stuff, it's so redacted it's virtually worthless much of the time. So a serious problem. I again want to thank the panelists. My time has expired. The chair will now recognize Mrs. Maloney for 5 minutes. Mrs. Maloney. Thank you, Mr. Chairman and Ranking Member. Mr. Blanton, earlier you mentioned the Nazi War Crimes Disclosure Act. That happened to have been a bill that I authored. It took about 4 years to pass it because the CIA was objecting. It opened up the files of Nazi Germany and Japan 50 years after the war. Now, every other country had opened their files, but we were refusing to, and it took Congress to pass a bill to open up these files. It's been turned into books. It's been turned into all kinds of helpful information that's helped our defense strategies and how to operate in an environment as they did. But I want to ask you about another way of classifying, which is retroactively classifying. And I join you in saying there was no reason why we shouldn't have declassified that information. But on September 8 of this year, State Department Under Secretary for Management Patrick Kennedy, testified before this committee about a unique process in the State Department used to retroactively classify 2,000 of Secretary Clinton's emails that she turned over to the State Department. In other words, they were not classified at the time they were sent or received by her, but then they were reclassified after the fact by staff in the Department of the FOIA office. And Patrick Kennedy testified that 1,400 of these documents, or 70 percent, were retroactively classified because they contained what is known as foreign government information. So my question is, it seems to me that this is a confusing process. Foreign government information is not treated like classified information until it's reviewed for public release, and then all of a sudden it's classified. It seems to me we should have one standard. Why have one retroactively? It makes no sense. And how are State Department employees supposed to know when to treat information as classified and when not to if the designation might change without warning? Mr. Blanton. I read Mr. Kennedy's testimony with great interest because he asked this committee to create an exemption under the Freedom of Information Act for foreign government information, which I think is a terrible idea, for three reasons. One, it puts Tajikistan standards into our freedom of information law. No, thank you. The lowest secrecy abroad. I think second reason is if there's harm from release of that foreign government information, it's protected already under our executive order. You can classify it. And I think the third reason is that's the easy way out. Instead of our diplomats actually thinking about how you protect stuff that actually would get us into trouble, they don't want to think about it. And I'd just remind you of the Weatherhead case went all the way to the Supreme Court over foreign government information. Finally it got booted out. It turned out the document at issue had already been handed over to the plaintiff and the government had no idea. And it wasn't going to damage our relationship with Great Britain, which is where the document came from. So skepticism is in order. Mrs. Maloney. Well, I agree with you, and I truly understand the need to protect truly sensitive diplomatic discussions from public release. But using the classification label to do that makes the classification system even more confusing and, I would argue, less effective. And we need to find a better solution. So with that statement, I'd just like to ask all of the panelists in my remaining time, do you have any recommendations of how to improve this process? And we could start with you, Mr. Leonard, and just go right down the line. Mr. Leonard. The consistent theme this morning, and I agree with it wholeheartedly, is providing legislative backing to the very system in order to ensure uniformity, consistency, and most of all accountability. And also to facilitate the Congress to be able to fulfill their Article I constitutional authorities as well. Mr. Aftergood. The government requires a degree of flexibility, and so I would be cautious about strict provisions that remove such flexibility. Information that is provided in confidence needs to be protected somehow if one wants to maintain that working relationship. Classification seems like a heavy-handed way to do it, but if the alternative is a blanket FOIA exemption, then that might not be better. So I don't have a good solution for you offhand. Mr. Amey. When it comes to retroactive classification, I think we need a study. I'm not aware of anything in depth or comprehensive in taking a look at the issue on the whos, whys, wheres, whens. And so I think that would be in order. Mr. Blanton. The fundamental phenomenon on retroactive is being driven by agencies like what Mr. Leonard said, CIA asserting control and no longer allowing the Defense Department or State to declassify their own information. Mrs. Maloney. Okay. Thank you very much. Mr. Hice. I thank the gentlelady. The chair now recognizes Mr. Massie for 5 minutes. Mr. Massie. Thank you, Mr. Chairman. I'm so glad we're having this hearing today. I've been looking for the opportunity to talk about something that's very important to me, and I'll be very careful not to disclose anything that's classified. About a month ago I went back down to one of those SCIFs that Mr. Blanton was talking about. You can't take notes out. And what I did is a reread the 28 pages, but I brought the redacted version with me so that I could see in what manner it was redacted. By the way, I want to ask you guys a question later so you can get ready with an answer. But one of things that I would think would help is to know the reason for the redaction. There's certain reasons that might be legitimate, and maybe a law that says when you redact large swaths or even small portions, that you have to give the reason. If the reason is to avoid embarrassment or to protect a source or to protect somebody who may not be guilty, their public reputation, just disclose it, and then the crime or the infraction could be that you lied about the reason. Because that's what I want to get to with these 28 pages and the reason for those redactions. And I think I can disclose my perceived reason for some of these redactions without disclosing anything classified. Twenty percent of the redactions, I would say, were to protect specific and confidential sources. I would say another 20 percent were to withhold the names of individuals whose reputations would be irrevocably ruined, whether they were guilty or not. But 60 percent of those redactions fall into a very troubling category for me. They changed the very nature of the document and the way it's perceived by the public and the impact that it should have had. Some of those are probably to prevent embarrassment. Mr. Massie. But I feel like--after reading that--10, 20, 40 years from now, when it's all released, this is going to be a textbook case of how the government overclassified something in an effort to control the narrative. In fact, before these pages came out, there was an op-ed in the USA Today by two of the chairmen on the commission that said these are raw, unvetted sources. Right? So the redactions, in my opinion, were made to support that presumption that these were raw, unvetted sources, because if you removed the redactions, you would say: No. Those might be credible sources, in fact. And they might, in fact, be vetted. So that's my concern is that, you know, 20 years from now, we'll look back at this, and you'll see that key words and acronyms and sentences were removed and with the effect--with the effect--of diminishing the impression that you get from reading the unredacted pages, which is that Saudi Arabia--and I can say that name now because it's in the redacted pages--has some kind of civil liability or criminal culpability either-- and not because of their citizens but because of their government acted either in, I would say, acts of omission or commission. Either one makes them somewhat culpable. And I'm afraid that has been diminished by those redactions and it's been overclassified, and this is a prime example. So one of the questions I want to ask is, do you think it's a good idea if we required them to give the reason for the redaction? Mr. Leonard. Absolutely, sir. The order does require original classifiers to be able to identify and describe the damage to national security. But to my formal statement I attached an actual email that had been used as count one for a felony indictment of Mr. Drake, who was eventually not prosecuted. But the government claimed it was classified. And in preparing for the trial, the NSA was required to say--state specifically why they considered that email to be classified. Their explanation looked entirely rational when you read it, but if you compared what they said to the actual document, it was factually incorrect. Mr. Massie. Right. So that supports the notion that they should be required to disclose it, and there should be some punitive ramification for misleading about the reason. Mr. Aftergood? Mr. Aftergood. I would like it to--to make the point that the classification system is permissive. It says that information may be classified if it meets certain conditions. And what that means is the decision to classify is actually a subjective one. Somebody thinks that classification is the right move. And because it's subjective, you or I may disagree and say: You know, that's a mistake. You're wrong. And so providing the reason, I think, would be helpful. But it wouldn't necessarily resolve the disagreement. I just disagree with that reason. Instead, I would suggest that, in cases of significant interest, like the 28 pages, like many other cases, there needs to be a procedure where you take the decision away from the original classifier. Don't try to make the original classifier admit he was wrong. Take the decision away. Take it to a third party. There's a public interest declassification board. There may need to be a new body and say: Does this make sense? I want you to evaluate it as a third party and come back to us with a recommendation. Mr. Massie. Mr. Chairman, I appeal to let the other two answer the question. Mr. Hice. You can answer. Mr. Blanton. Just very briefly, exactly this mechanism exists for mandatory review requests, this interagency security classification appeals panel. And it's ruled in favor of openness over 70 percent of the time. Just a third party. The simple maneuver of taking the document away from the original agency and putting it in a panel that includes the original agency, you get a completely different result. Mr. Massie. Mr. Amey. Mr. Amey. And this is also a process with the Freedom of Information Act. There is a process there where just only a few years ago did they add where they had to list the reasons. In the old days, we used to just get a letter back with tons of blackened-out markings. And then, in the intro, they would say: We redacted things for, you know, B3, 4, 5, 6, 7. And you had to kind of guess what applied to one specific redaction. Now they're required to go through documents subject to the Freedom of Information Act and list right next to each redaction what the redaction--what exemption was being cited to justify the reason for that. And also then you also have an administrative appeal that we hope--we always hope--that it goes to a different entity inside of the department rather than the person that made that marking. And then now there's also a process through ISOO to challenge those determinations and go to an, in essence, an arbitration. And so it's funny that we have a better procedure just for that Freedom of Information Act process than we do for the classification process. Mr. Massie. And I've seen those documents with those markings. And they're somewhat helpful because they classify the stuff they even send to us, they try to not even disclose. So but I haven't seen that on the 28 pages. I've just seen op- eds that say: Oh, there's nothing to see here. And by the way, it was released the day before Trump named his Vice President, which is another thing. But at least it was released in part. Thank you. Mr. Hice. Thank the gentleman. The chair now recognizes Mr. Connolly for 5 minutes. Mr. Connolly. Thank you, Mr. Chairman. And thank you all for participating. I guess I'd like to explore a little bit what happens when two agencies disagree about something being classified at all. And this is not a hypothetical? In a recent investigation of emails, we had multiple examples where the State Department said one thing and the intelligence community said another. Specific example, really quite, I think, quite striking: A 2011 email sent by a State Department employee about the late Ambassador Chris Stevens of Libya was marked clearly ``sensitive but unclassified.'' The Under Secretary for Management, Mr. Patrick Kennedy, confirmed in testimony before the committee that the State Department considered the email unclassified and that anyone reading the email would assume it was not classified. But after the email was sent, the intelligence community nonetheless claimed it was classified. And so, in September of last year, the State Department sent a letter to Senator Corker, the chairman of the Senate Foreign Relations Committee, explaining that the intelligence community was wrong. The letter from the State Department stated that the suggestion that the email should have been treated as classified was, and I quote, ``Surprising, and in the Department's view, incorrect,'' unquote. So what's a poor boy to do? Is it classified, or isn't it? Mr. Leonard. As has been mentioned, sir, there are appeals processes in the system, but they're admittedly rather cumbersome and time-consuming. But Tom Blanton referred to the Interagency Security Classification Appeals Panel. I used to serve as the executive director of that. Interestingly enough, last year for the year that the full last numbers are available, for appeals that came to that panel, which consists of executive branch representatives from various agencies, 95 percent of the time the determination made by the agency that owned the information was overridden at least in part or in whole--95 percent of the time, since 1995---- Mr. Connolly. Yes, but in this case, Mr. Leonard, the originating agency didn't want it to be classified. Mr. Aftergood. I think the short answer to your question is that each agency has classification authority over its own information. And in the dispute you're referring to, I think the intelligence community considered that the information at issue was its information, even though it was in the State Department document---- Mr. Connolly. And the State Department---- Mr. Aftergood. The State Department said: No, it isn't. Mr. Connolly. That's right. The State Department took direct issue with that saying: We understand that's what you think, but that's not how we got the information. Mr. Aftergood. Yeah. Mr. Connolly. And then we could even add another layer. So let's hypothetically say we invite the FBI, a nonpolitical organization, to come and look to see if there were violations of our secrecy laws. Well, how is it supposed to determine whether a violation occurred when the two major agencies or entities looking at classification have unalterably different views about the nature of the document, the sourcing of document, and what it should be classified as? Mr. Blanton. Part of the problem for the Federal Bureau of Investigation is it's part of the intelligence community, so it leans one way on that question. And the real answer to your question, is it classified or is it unclassified, the answer is both. And that's the reality of our classification system. I showed you documents here that are both classified and unclassified simultaneously because different people or different agencies or sometimes the same reviewer came to a different conclusion. Mr. Connolly. I know. But there's a certain, Mr. Blanton, Kafkaesque quality to this. I mean, I was a staffer on the Senate Foreign Relations Committee a long time ago. Right? And we were very careful about classified material and how it was stored and make sure it was never on your desk, and as are executive branch employees. Well, if I got one agency saying that's--you know, ``Give it to your grandmother; I mean, it's unclassified,'' and the other one saying, ``Don't you dare; it's classified,'' what's my liability as an employee? I'm trying to be diligent. What is it? And am I exposing myself by leaving it on my desk, for example? Mr. Aftergood. The executive order on classification includes provisions for resolving disputes about implementation of the order. Ultimately, those disputes can be directed to the Attorney General and, you know---- Mr. Connolly. Yeah, but, Mr. Aftergood, that's not how it works practically. Mr. Aftergood. It's not. No. Mr. Connolly. Somebody goes around--listen, I was in the private sector and I was the OODEP. I was the head of all of this for a private sector entity. We went around checking to make sure nobody was sloppy. And that's not going to go to the Attorney General. You've got a ding on your mark, Mr. Blanton, because I saw that document on your desk. Well, in good faith, you were counting on the State Department judgment it was not classified. There was no issue. And I'm deciding as, you know, the security chief that I don't care; the intelligence community is what I listen to, and they said it is. I mean, it puts people at risk. And, frankly, I'm glad it could be arbitrated at some point, and I'm certainly glad the Attorney General can ultimately adjudicate. But if we're talking about, you know, thousands of documents, thousands of judgment calls, I think you mentioned it was subjective, but disputes between agencies are a real dilemma for people trying in good faith to comply with the law. Mr. Aftergood. You are absolutely correct. And the arbitration is really a technicality. The reality is that these kinds of disputes drive the issue to the lowest common denominator. They result--when there's doubt, they end up adopting the view that it's classified. Mr. Connolly. Thank you. Mr. Blanton. And the executive order says, when there's doubt, it should not be classified. And exactly the opposite happens. So my answer to your question: Send it to your grandmother. Send it to your grandmother. I have an opinion from Mr. Leonard when he was the head of the Information Security Oversight Office, he said: If the National Security Archive got a version of this document under legal authority, declassified with somebody with the power to do that, you can take it to the bank. You can keep it on your Web site. Even if somebody else at the Energy Department or Defense says, ``Sorry, Mr. Blanton, that's classified,'' no, wrong. Send it to your grandmother. Mr. Hice. Thank the gentleman. Now recognize Mr. Grothman for 5 minutes. Mr. Grothman. Sure. First question I have, and this is really for anybody that wants to answer it. In the stuff that we have here, we're told the government spends $16 billion on classification activities and $100 billion over 10 years, which is a stunning amount of money. And if it's $100 billion over 10 years, it must be going up like a rocket. And I assume that means like $5 million 10 years ago and $16 million today. Does anyone care to comment on, is that a good investment of funds? And how do you wind up spending that amount of money? I mean, it just seems like a phenomenal amount of money. Do you think it's accurate? Mr. Leonard. That's a difficult thing to evaluate. Let's put it this way. I spent many a year in the Defense Department. And I had to deal with the consequences of major failures, major compromises in espionage cases and things along those lines. And what the challenge is, is that, whether rightfully or not, the mentality is, is zero tolerance for those types of things. How many espionage cases are you willing to endure? How many major leaks or releases of--unauthorized releases are you ready to endure? The mindset is zero tolerance. And as a result, there tends to be a lack of risk management. And when you have a lack of risk management, you end up paying premium dollars then. Mr. Grothman. Even though those numbers are accurate though: $16 billion bucks---- Mr. Leonard. Those numbers are at least accurate from the point of view that they show, I think, consistent trends from year to year. Mr. Grothman. Okay. We have a new ISOO director, Mark Bradley. Does anyone want to give us their opinion? Do you think that's a good pick? And what goes into making a good pick? Mr. Aftergood. You know, it was never going to be an openness advocate who led the ISOO. But I think Mr. Bradley is a good pick because he has a broad understanding of the problems of secrecy. He was an aide to the late Senator Moynihan and is well attuned to an understanding of the problems that the secrecy system suffers from. He also, as a former intelligence officer and a DOJ national security lawyer, has a degree of credibility with the national security agencies that others might have trouble matching. Mr. Grothman. Okay. Go ahead. Mr. Blanton. Just the proof's in the pudding. We look forward to meeting with Mr. Bradley as soon as he's on the job. You can look at the Information Security Oversight Office's previous Directors like Steve Garfinkel and Bill Leonard and Jay Bosanko, and you can see those folks made some real differences in the security system in a more rational direction. I can hope for that trend to continue. Mr. Amey. Certainly, we hope that they reach back out to our community. I mean, that's one of the nice things with all the gentlemen that Mr. Blanton just mentioned is they have been very open. There's been a dialogue back and forth, and they know that there is a burden on secrecy but then on openness and have, you know, provided the proper weight test to that. And that has been, I think, beneficial to the system. Mr. Grothman. Okay. There was an inspector general report in 2013 that said that 33 percent of DIA employees didn't understand their role. And even more outrageous in that report, they said 80 percent of the documents reviewed were misclassified. I guess, first of all, I should ask you how many different classifications there are, because it seems like you could almost throw darts at a dart board and do better than that. But could you comment on that and as to why that happens? Comment on it. Do you think things are better today than it was 3 years ago? That seems--or maybe it was a flawed report. Can you--are you familiar with the report? Mr. Leonard. I would suspect it's not a flawed report. I think, based on my experience for over 40 years, that's rather typical. It's a reflection of, as much as we spend tax dollars to investigate people, to establish secure IT systems and things along those lines, we do not spend a comparable amount of money in terms of trying to train people in the basics. One of my concerns is, is that, you know, we make a distinction between original classification and derivative classifications. My experience has been is that when people ostensibly are derivating classifying information, they're actually just classifying information based on gut instinct, more than anything else. Mr. Grothman. Any other comments? By the way, unless I'm doing the arithmetic wrong--and I did it twice--on the cost of this thing, for that, you could hire 200,000 people at 80 grand compensation a year. That's how much we're spending on classification--200,000 people. Now, I realize some of it's for things, not people, and maybe some people are making more than 80 grand a year, but my goodness. My time is---- Mr. Hice. Thank the gentleman. The chair recognizes Mr. Lynch for 5 minutes. Mr. Lynch. Thank you, Mr. Chairman. First of all, I want to thank the panel for helping us think about this and how we might approach the problem. I had the pleasure of working with Mr. Massie and also Walter Jones on the 28 pages. It took us 15 years to get that information out there, which is far too long. It was interesting because, as we were asking for disclosure and declassification, the administration was pushing back and saying: No. This is too sensitive. We had some of the agencies saying: No. It's methods and sources. And then, finally, when it was eventually declassified, they flipped. They flipped and said: Well, there's nothing here. And it's--the information is not valid. And they took a totally different tack. We're now struggling with the DEA and the FBI in regard to classified--excuse me, confidential informants. So we've learned from the Office of the Inspector General for the DEA that we've got 18,000--they've got 18,000 confidential informants out there that are under contract being paid by the DEA, and last year, we spent $237 million paying confidential informants. And Congress knows zero about that. They don't know about the crimes they've been committing. They don't know the way they're operating. The DEA headquarters isn't intimately involved. This is all being operated at the field level. So that's--and that's just the DEA. From our conversations with the FBI, I believe that the numbers are double, probably about $500 million that the FBI is paying the confidential informants. Probably double the number. Probably in the area of 30,000 or 40,000 informants, confidential informants. That is totally out of our purview. So I'm wondering--you know, you've all hit on this, you know, with the interagency panel reviewing classifications--is there some way to supercharge that process? Because it is painstakingly slow, and it doesn't work in the timeframe in which the information would be useful to us. Mr. Leonard, I know that you said that the last time somebody took a good swing at this was during the Clinton administration in your remarks, your earlier comment. Is there some way we can get this interagency declassification review panel resourced and equipped to give Congress, and I've seen-- I've seen my colleagues across the aisle tear their hair out when they couldn't get information, and I've been in the same position. Is there some way that we can formalize this process to get the information in a timely manner that should be public? Mr. Leonard. One way I would suggest would be to make provisions to allow appeals directly to that panel under certain circumstances. Right now, requesters have to go to the individual agency. If they get turned down in whole or part, they have to appeal to that same agency. And it's only after that process then that they can go to this interagency panel. And even that interagency panel, then, has its own coordination things which can be problematic, but which is a lot easier to address. But the individual agency time delays is--can be problematic. Also, for purpose of Congress, Congress does have the public interest declassification board that they can refer to. And that is another avenue that, quite frankly, I never believed is utilized enough. But that's another avenue. Mr. Lynch. Yeah. To expedite it, you know, maybe we've just got to figure this out legislatively to introduce an expedited process where the information we believe is so critical. And I guess, you know, I'm just thinking, is there a way to get the judiciary involved here so they would review--I don't want to create a political question that the courts can't rule on, but we're being stonewalled in wide areas of public interest. And I feel like it's hampering Congress' ability to do its job. Mr. Leonard. Well, one of the things is the interagency panel is actually exercising on behalf of the President. It's exercising his article II authority. And the Public Interest Declassification Board. Ultimately, they just make recommendations to the President, who makes the final decision. So from that point of view. Mr. Lynch. Mr. Amey, you got something you want to add? Or Mr. Blanton? Mr. Blanton. Yes, sir. You mentioned sources and methods is a blame. And then I think this goes right to you informants problem, and it goes right to one of the big drivers of classification, which is, under the current statutory system, anything that's a source or a method can be claimed to be withheld, whether or not it's release would actually harm a security value or get a source killed. And I think Congress can take very simple action, both in the intelligence field and the law enforcement field, to say sources and methods is not a burka. It should over-cover the things that would do damage, get somebody killed, ruin an investigation. Right now that identifiable harm standard, which is now in the Freedom of Information statute, it doesn't apply in this informants and sources method. It needs to apply. Congress has to take that action. Mr. Lynch. Yeah. Mr. Amey. Mr. Amey. And that recommendation was actually in the Moynihan Commission report. And it hasn't been acted on now in almost 20 years since. And so it may be time for Congress to enter that world. Mr. Lynch. Yeah. I know that Attorney General Reno issued some guidelines, but they're not being followed right now. I actually have legislation. I don't even want to know who the confidential informants are. I just want to know how many are out there, what they're being paid, and what crimes, if any, they have committed while they've been part of this government program. And we have had a difficult time getting that through. But thank you. That's all I have, Mr. Chairman. Thank you for your indulgence. I yield back the balance of my time. Mr. Hice. Thank the gentleman. The chair now recognizes Mr. Duncan for 5 minutes. Mr. Duncan. Thank you very much, Mr. Chairman, and, first of all, I want to say that--I want to go on record as saying I agree with Mr. Grothman in saying that I'm astounded by the amount of spending that's being done on this, this $16 billion estimate and over $100 billion over the last 10 years. I think we lose sight up here of how much a billion dollars actually is. But having said that, I had two other meetings, and so I didn't--unfortunately, I didn't get to hear your testimony. And I apologize if you've gone into some of this earlier. But, Mr. Blanton, in skimming over some of this testimony, I was fascinated by your report about the Moynihan Commission and that we went through all this 20 years ago, basically. And also I think the thing that impressed me the most was, I mean, there seems to be general agreement here today that there is a real problem of overclassification. But I saw where Mr. McDaniel-- who was President Reagan's national security adviser said that only 10 percent of what's being classified probably really needed to be classified. Is that correct? And why do you think--you mention there that this was a tremendously bipartisan commission. It had Jesse Helms and Daniel Patrick Moynihan and various others. And obviously you're disappointed that not--or very little was done with that--those recommendations. Why do you think that was? And do you think we should take another look at that? What do you--just go into that a little bit for me. Mr. Blanton. Yeah. I think in the testimony I quoted Mr. McDaniel, who the Moynihan Commission quoted, and said that based on my experience with few million pages of declassified documents, he's right, especially about the historical materials. I think an estimate that's closer to reality for current material, the material related, say, on terrorists and ISIS, that the best estimate really came from the Republican head of the 9/11 Commission, Tom Kean. He said 75 percent of what I read about Al Qaeda and Osama bin Laden that was classified shouldn't have been, and we'd have been safer as a country. So I think the ranges in there, the 75 to 90, it's a bureaucratic problem. Bill Leonard knows it better than anybody from both the inside and the outside. Steve Aftergood's been studying it for, lo, these many years. POGO. Every incentive is to classify. There's almost no disincentive. There are no penalties. There has to be--I think this is the main reason why Congress needs to take action. Because you all can change the minds of the bureaucracy and how it actually works. You can, you know, change the law and their hearts and minds will follow. Mr. Leonard. I actually believe that the executive branch and general agencies in particular actually want the ambiguity because the ambiguity gives them almost unlimited discretion in dealing with issues. And, yes, it results in dumb things. But it's the ultimate trump card to pull out, whether you're dealing with the courts, whether you're dealing congressional oversight or whatever. Nobody wants to be the one who compromises truly sensitive information. And so there tends to be this overdifferentiation to any sort of assertion. And more often than not, that's what it is; it's a simple assertion. It cannot be demonstrated that it truly should be classified. Mr. Duncan.Well, there's so many other things I would like to add or comment on, but Mr. Amey, I'm assuming that you--you know, this committee has requested through the years a great deal of classified material. And do you think that agencies are classifying some material or a lot of material that really doesn't need to be classified just to avoid or get around congressional--effective congressional oversight? Mr. Amey. Yes. But it's hard to know at what level. You know, I don't know what I don't know. And that's-- unfortunately, when something shows up and it's a blackened out page and it's marked ``classified'' or, you know, and then some FOIA exemption attached to it, at that point, it's hard to know. Sometimes we do get documents released to us. And at that point, then you can do the comparison. And so, you know, that can add and that can allow you to ask some questions. But, you know, unfortunately, with the amount of classification that we have, it's very difficult to put your finger on a--you know, the experts that have taken a look at it, the 75 to 90 percent. But the culture, I mean, I think that's it, is, even after 9/11 with the 9/11 Commission, you have a culture to--the default setting is err on the side of caution. Mr. Duncan. Well, I've run out of time. But I will say this. We're going to have to, it seems to me, to go to much more of a carrot-and-stick approach on all of this and incentivize good behavior and penalize bad behavior in this area. And at any rate, Mr. Chairman, thank you very much. Mr. Hice. Thank the gentleman. The chair now recognizes Ms. Lujan Grisham for 5 minutes. Ms. Lujan Grisham. Thank you, Mr. Chairman. And hearing some of the comments at the tail end, add you may have to repeat some of that. Because representing my district--and, of course, New Mexico, we're home to world-class national security, defense, operating labs and related defense, both private and public sector, institutions and businesses. And I understand unequivocally the need for being very clear that sensitive, classified security aspects related to information, that we have to be very clear about protecting the integrity of the those systems and that information. Having this committee work on furthering our effort at transparency and recognizing that, across agencies, that we don't have an effective handle about who's determining and what parameters apply and what circumstances before, during, and after information is being shared in a variety of what I would call sort of post- and pre-security issues, I also worry about unintended consequences. And being a longstanding bureaucrat, I could argue either way that having ambiguity can be a protective mechanism to not change anything because you fear those unintended consequences and your own accountability, particularly here where national security is at stake, right? There's no incentive, you know, to be a little bit--to talk about being less risk-averse when we need better transparency in order to inform ourselves in a way that's productive so that you can do policymaking and you can increase the way in which we address national security issues, both in the Congress, both in the bureaucracy, and defend and secure the Nation. But I also know that it's very frustrating not to have clear direction so that you can make recommendations and include reforms. It's both. And so, to provide those leaders with better guidance, help me with some very specific ideas about balancing our efforts, the need for transparency and the clear issue that we have, which is also protecting classified secure information and the national security interests of this country, because my constituents are going to say--and they're right--be very careful about unintended consequences here. Because once it's out of the box, it's out. Anyone? Mr. Aftergood. I think one way to understand the issue is that classification is treated as a security function, understandably. The people who are making the classification decisions are asking about the security consequences of disclosure. That's fine. That makes perfect sense. The problem is that security is not the only consideration because classifying has implications for oversight. It has implications for public understanding, for diplomacy, for technological development. It can have all kinds of other implications. And to ask the security officer to, you know, weigh the public interest or weigh the diplomatic effects is totally unrealistic, I think. So where that takes me is that in areas of significant interest by Congress or the public, there needs to be an additional venue where this original security classification decision can be reconsidered in the light of broader issues. What is the public interest? What is the need for oversight? What are the undesirable unintended consequences of continuing to classify? Don't ask the poor security officer to make this complicated assessment. Take it somewhere else and reevaluate it in light of the big picture. Ms. Lujan Grisham. Anyone else? That is in and of itself sort of a balance and a chance for a re-review, as a lawyer and what I would fashion as sort of an appellate aspect. But, again, making those decisions and then creating the parameters for asking for that guidance is also a set of reforms that can also have unintended consequences. Are there specifics in that regard? And the concept, I think, is one that I think I'm very interested in, but getting to the concept, are there ways to include the agencies in terms of their recommendations about what those parameters would look like, without having them sort of protect their own interests, because that's the other problem, in a way that doesn't get you then to that appellate level, which gets us right back where we started? Mr. Aftergood. Right. You know, we really need more experimentation in this area than what we have had. I think one model is this ISCAP model, this interagency panel that has been discussed. There may be others. You would want the voice of security represented, of course, but it would not be the only voice, so you would want diversity, diversity of opinion and perspective brought to bear. You would also want to define who could elevate the issue, a congressional committee, maybe just a Member of Congress. You know, who else could ask for this kind of review and under what circumstances? These are all questions that could be hashed out. I don't think the answers are obvious. They might not become obvious until they are tried in practice. Ms. Lujan Grisham. Mr. Chairman, thank you very much for giving me this extra time, and thank you very much for weighing in on what I think is a really critical issue for us to deal with. So thank you. Mr. Hice. I thank the gentlelady. The chair now recognizes Mr. Amash for 5 minutes. Mr. Amash. Thank you. I yield my time to the gentleman from Kentucky, Mr. Massie. Mr. Massie. I would like to thank the gentleman from Michigan. I have got tons of stuff I want to discuss. I am going to try and get three things in the last 5 minutes. The first two fall under the category of ``there is good news, but.'' Okay. There is good news in terms of the intelligence budget, right, because the 9/11 Commission recommended that at least the aggregate number be disclosed. And so it is disclosed. And the executive branch actually in this case does a better job than the legislative branch. They disclose their request for the budget. But the situation we had last week is you had 435 Members of Congress, probably less than 80 knew what was in the budget, but they all voted for it. And they can find what is in it 2 years from now. The 2015 number I can tell you. It is on the Web site. We still don't disclose the top-line number, aggregate number, for intelligence appropriations until a year after it has been voted on. So that is the good news, is it is disclosed. The bad news is most of Congress is voting on it to see what is in it. Now, they could gown to the SCIF, like my colleague from Michigan and I did, and see what is in it, so that is the good news. But some of this is just lack of attention on our part. Another ``good news, but'': Mr. DeSantis capably but appropriately pointed out the executive branch has to have secrets to conduct diplomacy, et cetera, et cetera. And then, Mr. Blanton, you talked about how you could use the power of the purse. Well, there is one department that does effectively use the power of the purse for oversight, and that's the Intelligence Committee. They don't give the intelligence community a tranche of money and say: Okay, you have no strings attached, and we don't want to know anything until next year. They're continuously--that money is contingent upon certain things. And also when certain things happen, they have to be reported back to that committee. The Judiciary Committee would do well to follow that example. The Judiciary could fence money and say: Look, we're going to give you part of it, but you are not getting the rest of it until we get this answer. So, to the theoretical point of can you get this information from the executive branch or can you not, based on the Constitution, and Article I versus Article II, well, the answer is what you provided, Mr. Blanton: The key is in the power of the purse, and you can always get that information. So that's the good news, is that you can get the information, and the Intel Committee does it. The bad news is DOJ doesn't do it. And the other bad news is the Intel Committee controls this information very tightly, and it is hard for a rank-and-file Member to access that. It is basically 20 questions in a SCIF without staff and no notes walking out. So that is the bad news. And if I have time, I will let you all comment on that. But here is the third thing I want to talk about, and I think it falls within this committee hearing today, and this question is for Mr. Aftergood. The Federation of American Scientists keeps a bootleg copy of all the Congressional Research Service reports. Is that correct? Mr. Aftergood. Not all, but many. Mr. Massie. Well, the ones that you can obtain? Mr. Aftergood. Yes. Mr. Massie. The Congressional Research Service, for those that don't know about it, is this enormous, wonderful resource available to Congressmen. And they have got all the historical context for the reasons of things, and they prepare these wonderful reports, but they're confidential to Congress. And the irony here is I could disclose them to a constituent, but the CRS has no clearinghouse for this. The greater irony is, on a weekend, I go to your Web site to find out what the Congressional Research Service has prepared. How ridiculous is that? I would like your comment on that, Mr. Aftergood. Mr. Aftergood. There has been a lot of talk lately about fake news and how it is corrupting our public discourse and so forth. To me, I think of CRS reports as kind of the antidote and the opposite of fake news. Mr. Massie. We get a lot of fake information here in Congress from various sources. Mr. Aftergood. We all need to be critical consumers, but I think the CRS products on the whole are extremely informative. They are balanced. They aim to educate. If you read them, you are going to get smarter than you are. Mr. Massie. That is not hard to do for a Congressman. Mr. Aftergood. Well, or for a citizens. I don't have too big a chip on my shoulder about doing this. I would just as soon Congress do it the right way. I think you have a product that you can be proud of, and you should be making it available to the public. Until that happens, I hope to be able to continue doing it through the Federation. Mr. Massie. I hope you do too because I need access to that on weekends. Thank you very much. Mr. Leonard. And I would only suggest: It is the end of the year; you might want to contribute to Steve's Web page. Mr. Hice. I thank the gentleman, and I also want to extend a sincere thanks to each of our witnesses for appearing before us today. If there is no further business, without objection, the committee stands adjourned. [Whereupon, at 11:08 a.m., the committee was adjourned.] [all]