Classification Law and Clinton Emails

The info below was written by a friend of a friend , David Vail, who recently retired from the DoD.  My friend pointed out, before he retired this retired DoD employee also wrote to the Under Secretary of Intelligence pointing out that procedures governing the exchange of information had not been updated since 1987 and did not recognize the Internet.  According  to Mr. Vail, the media seems uninterested in anything but fanning the flames of controversy.
David Vail  was previously employed by the United States Transportation Command, Operations Directorate, in the Dept of Defense, command manager for the Joint Operation Planning and Execution System (JOPES) which is a classified system, engaged in classification policy issues with the Pentagon, challenged risk assessments, and challenged classifications made by other DoD organizations. The following was written by Mr. Vail:

As an expert in the DoD on classification, I felt compelled to write about the Clinton email fiasco. I sent this to several reporters in Washington DC only to get “Interesting points” as a response.

Classification Law and the Clinton Emails

The kangaroo courts being held on Facebook, in Congress, and the various internet and print media over the Clinton emails have all deliberately avoided any discussion about the law regarding classification. FBI Director, James Comey, got it right based solely on the law. For those who protect their beliefs with cognitive dissonance, you’ll probably skip reading this. For everyone else, this is an apolitical revelation of some facts pertaining to classification law.

The federal rules defining what can be classified, who can classify it, constraints and prohibitions, levels of classification and required markings are codified in 32 CFR 2001 pursuant to Executive Order 13526. Each successive President signs an E.O. shortly after assuming the office continuing the classification policies. The CFR specifies that the heads of federal agencies are appointed as having Original Classification Authority (OCA). This authority is limited to specific positions in the Federal government and can only be delegated in writing to very senior positions within each Federal agency. Staff members are not authorized by the law to make original classification determinations. These OCAs are required to subjectively assess risk (possible outcome plus probability of outcome) of documents, images, objects, etc. in their purview for their potential damage to US national security if exposed publicly and be able to articulate that specific risk if challenged. The law also specifies if there is doubt, the default determination is Unclassified. Unclassified only means the information does not meet the criteria for labeling it as Confidential, Secret, or Top Secret based on the risk assessment. The State Department names this category Sensitive But Unclassified while the Defense Department labels this category Unclassified/For Official Use Only. It’s important to note here that Unclassified does not mean publicly releasable which requires a separate determination. Clinton, as Secretary of State, had the authority conveyed by law to make her own determination about the classification of her emails.

The CFR is not a criminal statute. Therefore, prosecution for unauthorized disclosure of classified information falls under the Espionage Act of 1917 (18 USC 792+). This is where intent to damage the US national security is required to be proven to get a conviction. FBI Director Comey specifically stated that while Clinton’s email server did not meet security requirements to prevent infiltration or hacking, there was no evidence that hacking occurred.

Opinion: Clinton was certainly careless – no doubt about it, and deserves rebuke for that. However, based on the authorities conveyed by 32 CFR 2001 and the required elements for prosecution under 18 USC 792, the FBI had no choice other than to recommend no charges be filed. Neither CFR nor department policies address access controls in the modern information computing environment. As federal departments modernize IT systems to support information sharing between authorized users, they are continually hampered by antiquated security policies that barely recognize the existence of the internet. While the CFR is clear about who can make an original classification determination, staff members below each OCA in lower elements of the federal agencies continue to illegally label items classified without specifically delegated authority from their OCA or performing the legally required risk assessment.

I thing this explanation  by a classification expert not only helps to explain why Hilary Clinton was not charged, but also explains why the classification of data is not as cut and dry as the press and the GOP would like you to believe.  When only designated officials within certain government departments have the power to classify information, and the Secretary of Defense is not one of them, it is not necessarily apparent that specific information with a email is classified or not.
Cajun   7/10/2016

Leave a Reply