I heard it said on cable news the other day, during a discussion of the latest developments in the Hillary Clinton email scandal, that trying to figure out how to explain the U.S. government’s classification system is like trying to explain how the Earth was created. In other words, it was too complicated for this particular journalist to adequately explain during the course of his two-minute segment on the Clinton private email server scandal.
Well, he is partially right. It is somewhat complicated, in that classifying information from a particular agency differs from how it might be classified at a separate agency. The classifying authority (he or she who sets the level of classification) might be a senior government employee at one organization (a GS-15, say), or they might be a more junior-level employee at another. For example, when this author started at the CIA, he was classifying intelligence reports as a lowly GS-11, albeit, under the supervision of a more seasoned GS-13 or GS-14, most of the time.
Really, though, it is not that complicated.
Start with the big picture. You have the U.S. government (USG). Within the constitutionally created three branches of government, there is the executive branch. It is run by the president of the United States and his cabinet. The executive branch includes a number of agencies, each of which carries out any number of various policies and legally mandated tasks. The Department of Energy, for example, has a certain role. The Department of Veterans Affairs has a separate role. The Department of Agriculture has yet another role. All three differ in their missions and tasks.
Of those three, probably only the Department of Energy has a need to classify any of its information above the “For Official Use Only” (FOUO) level, the lowest level of classification above UNCLASSIFIED. The Department of Energy, for example, was deeply involved in the recent Iran nuclear negotiations, and would thus have dealt with large volumes of sensitive information.
So far, so good. Next, there is of course the USG’s national security establishment, also under the executive branch, which includes the military, Central Intelligence Agency, Federal Bureau of Investigation, the National Security Agency, etc. In contrast to those agencies not focused on national security, these agencies classify almost all of their information, at some level, mostly above the FOUO threshold.
So, let us examine the term “information.” What are we talking about here? What does it mean to be “CIA information,” or “NSA-derived intelligence,” or “military reporting,” or “CIA-derived intelligence?” This gets to the root of classification. The aforementioned terms refer to the “owners” of the information that is being presented. In other words, “CIA reporting” refers to information collected by the CIA, either through its human sources or through other techniques. “NSA-derived information” refers to information collected by the NSA through its own particular methods.
This is important to note: this ownership, obvious as it may seem. The agencies that collect the information, or intelligence, also classify it. That is to say, if I were a Department of Defense human intelligence collection officer, gathering information from my human sources, then my own agency is going to classify any acquired intelligence appropriately, to be handled within channels designated for human collection.
It follows then that if I am from the NSA, acquiring information as it does, then that intelligence information is going to be classified by the NSA, and along those lines appropriate for the handling of the information in separate channels, required for NSA-specific information.
Still with me? It is pretty simple: Different agencies classify their information according to how it is collected, and the sensitivity of it, and that information must be handled in the channels designated as appropriate for that information.
So, what do we mean by “channels?” To put it simply, imagine that you have three separate pieces of intelligence information, or three separate intelligence reports. One is classified “SECRET/A,” meaning it was acquired by a certain agency, through a specific means of collection, designated by “A,” and it is classified at the SECRET level. A second report is classified “TOP SECRET/B,” meaning it was acquired by a different means of collection (“B”), and is TOP SECRET. The third is classified “TOP SECRET/C/PAPER ONLY,” which will be explained below. These are all notional classification markings—not real ones.
What the classification markings tell you is that these three reports must all be handled in a certain way, and in certain channels. The first, classified as “SECRET/A,” must be handled within channels (i.e., computer terminals) designated as SECRET/A-level terminals. Only those with the appropriate clearance can get access to those channels (terminals), and only reports up to the “SECRET/A” level can be transmitted on them.
The second report, “TOP SECRET/B,” is more highly classified, and can only be transmitted in channels (terminals)—much more restricted in number—that can handle reports up to that level. To gain access to those terminals (and thus, those particular intelligence reports) requires more stringent vetting and background checks, and far fewer personnel in the USG carry a TOP SECRET clearance than do those with a SECRET clearance. Think 5,000 versus 200,000, for example. The actual numbers might differ, but you get the idea.
The third report, in this scenario, is even more highly classified, as it is designated for “PAPER ONLY” (again, a notional classification), meaning it will not be transmitted over computer terminals at all, and will only be hand-delivered to certain designated principals for their read and return with a signature showing that they have seen the report. The report will then reside with the originating agency (i.e., that which collected it).
Obviously, the third report is highly classified, and has been deemed sensitive enough to merit an extremely limited readership, possibly as low as 5-10 persons in the USG. That is a highly restricted channel, one controlled outside of computer terminals, via hand-delivery only.
So, we now arrive at the Hillary Clinton private email server issue. Can you now see why it is a problem? At what level do you think the Clinton server was deemed secure to handle classified information, as she reportedly did on the server? You guessed it: UNCLASSIFIED. Let that soak in for a second. Clinton’s server should never have handled one piece of classified information, as it was never established to be a secure server for handling classified information.
Therein lies the truly egregious aspect of this whole story. Clinton’s private email server was never meant to, cleared to, or thought to be handling classified information. No safeguards were in place to protect classified information. No routine security protocols were installed. No measures were taken to protect sensitive reporting. The use of the server flew in the face of basic, rudimentary, day-one security procedures that every single USG employee with a security clearance understands to be necessary.
Well, almost every single U.S. government employee, it seems.