The President has issued an executive order (EO) to prevent future leaks of classified information that addresses many concerns POGO had with a previous policy memo issued in the wake of several high-profile WikiLeaks disclosures.
In January, the Office of Management and Budget (OMB) sent out initial guidelines for securing classified information that had POGO and other organizations worried because it suggested taking steps that could significantly infringe upon employees’ free speech, civil liberties, whistleblower protections, and privacy. For example, it recommended monitoring things like employee “grumpiness” to identify potential leakers.
POGO and other good government groups sent a letter to OMB Director Jacob Lew urging that the review of classified information security be “carried out in a manner that is targeted to the problem at hand and does not sweep so broadly as to infringe on protected constitutional rights and privacy interests of employees.”
While OMB’s response to our letter was more confusing than helpful, in a subsequent meeting with administration officials, POGO and partners learned that a new policy for information security governance was being formulated. We then made specific recommendations for how to balance information security with other interests, such as freedom of information, constitutional rights, and whistleblower protections.
POGO’s Director of Public Policy Angela Canterbury said, “We had an honest exchange with the administration about concerns that, in fact, they also shared, but that had fallen off their radar in the scramble to respond in some way to WikiLeaks. We stressed the importance of ensuring that any information security policy did not run roughshod over the rights of those who serve our country.”
The new executive order is that new information security policy and acknowledges many of the concerns we raised. We’ll let OpenTheGoverment.org, our ally and co-signer in the letter to OMB, explain:
We are pleased to see that Section 1 of the new EO reflects our advice: it clearly states all "structural reforms to ensure responsible sharing and safeguarding of classified information...shall be consistent with appropriate protections for privacy and civil liberties," and directs agencies to meet these "twin goals." In order to be successful and baked-in to the way we monitor, develop and implement information system security policies, though, this charge must be specifically extended to the Senior Information Sharing and Safeguarding Steering Committee, Insider Threat Task Force, and the Executive Agent for Safeguarding Classified Information on Computer Networks created by the EO.
We also agree with OpenTheGovernment.org’s praise of a clause that reaffirms protections for whistleblowers who disclose information about waste, fraud, or abuse.
However, this EO is simply a framework and there are many details in implementation yet to be determined.
“Holding our vital rights and protections in balance with national security concerns is not a simple proposition,” said Canterbury. “So, we intend to continue to watch how the directive is incorporated into the specific policies of the bodies charged with the new information governance mandate, as well as in the emerging practices of agencies dealing with classified information and whistleblowers.”