GAO criticizes DOD classification program

The Defense Department is mishandling the job of classifying secret documents, the Government Accountability Office stated in a report today. Poor training and a lack of coordination are contributing to a high rate of errors and a backlog of classification work, according to GAO.

GAO surveyed information security programs in nine DOD components, which were responsible for 83 percent of the department’s classification decisions from 2002-2004.

“A lack of oversight and inconsistent implementation of DOD’s information security program are increasing the risk of miscalculation,” GAO said.

The Office of the Undersecretary of Defense for Intelligence is ultimately responsible for DOD’s information security program. But the office has little involvement or oversight of how components are implementing the program, GAO said. So, different commands manage their information security program with varying levels of effectiveness, the report stated.

Among its findings, GAO reported that nine of 19 DOD components and commands reviewed failed to train their staff in basic classification management principles. Other shortfalls included a lack of self-inspections regarding classifications and failures to track and revise classification guides every five years as required.

“Because of the lack of oversight and weaknesses in training, self-inspection, and security classification guide management, the Secretary of Defense cannot be assured that the information security program is effectively limiting the risk of miscalculation across the department,” the GAO report stated.

GAO reviewed 111 classified documents from five separate offices in the Office of the Secretary of Defense. GAO determined that 92 of the documents, 83 percent, had marking errors, with more than 50 percent having multiple marking errors. GAO also questioned the classification decision DOD made for 26 percent of the documents.

Federal agencies reported creating more than 110 million new classified records from fiscal 2000 through fiscal 2004, according to the Information Security Oversight Office, a component of the National Archives and Records Administration. A total of 66.8 million of these came from DOD. The total number of classified documents DOD held is unknown.

GAO offered six recommendations to lower the risk of misclassification and create more accountability in the department. The Office of the Undersecretary of Defense for Intelligence should:

• Establish a centralized oversight process for monitoring information security programs in various DOD components and commands.

• Issue a revised information security program regulation that mandates proper training for employees who conduct classification activities.

• Improve self-inspections and ensure their frequency and applicability are based on explicit criteria.

• Update classification security guides and make them easily accessible to authorized individuals.

• Increase accuracy of classification decision number estimates by introducing quality assurance measures based on existing guidance.

• Streamline the activity of automatic declassification by consolidation eligible records now found in 14 different geographical sites.

GAO also expressed concern that DOD will not be able to meet its deadlines for automatic declassification, as dictated by Executive Order 12958. That order states that on Dec. 31, 2006, classified records more than 25 years old and of permanent historical value shall generally be automatically declassified, whether or not they have been reviewed.