What is the Basis for Handling and Storage of Classified Data: A Clear and Neutral Overview

Classified information refers to sensitive government data that requires protection due to security or legal reasons. The federal government classifies documents according to classification levels that indicate the potential damage that could result from unauthorized disclosure.

There are three levels of classification for classified data: Confidential, Secret, and Top Secret. Confidential information, if leaked, could cause damage to national security. Secret information could cause serious damage, while Top Secret information could cause exceptionally grave damage.

Purpose of Classified Data

The main purpose of classified data is to protect sensitive information that is related to national security. This includes information about military operations, intelligence activities, technological developments, foreign relations, and more. Classifying this information helps prevent it from falling into the wrong hands or being openly disseminated where it could damage national security interests.

Government agencies will classify information if its unauthorized release could cause damage to national security. The levels of classification indicate the degree of damage that could result if the information is compromised. For example, top secret information, if disclosed without authorization, could cause exceptionally grave damage to national security, while confidential information could still cause damage, but on a smaller scale. By properly classifying sensitive data, the government aims to limit access only to those with an authorized need-to-know.

Proper classification serves to both protect national security as well as enable information sharing between government entities that need access to perform their duties. The overall goal is to restrict classified data only to the extent required to safeguard national security and prevent unnecessary secrecy.

(Cited from https://www.c-span.org/video/?525469-4/classified-information-media)

Laws and Regulations

The handling and storage of classified data in the United States is governed by various executive orders and federal laws. The primary executive order is E.O. 13526, signed in 2009, which lays out the system for classifying, safeguarding, and declassifying national security information. This order establishes levels of classification, specifies who can classify information, and outlines requirements for marking classified documents.

Key federal laws include the Espionage Act of 1917, which criminalizes the unauthorized transmission of classified information that could harm the United States or aid a foreign nation. The Atomic Energy Act of 1954 provides special procedures for Restricted Data and Formerly Restricted Data related to nuclear weapons and energy. And the Intelligence Identities Protection Act of 1982 criminalizes the unauthorized disclosure of classified information that reveals the identities of covert intelligence agents.

According to legal experts, these classification laws apply to both government employees as well as private citizens who come into possession of classified information without authorization [1]. However, prosecutions related to leaks of classified information have been rare historically [2]. Government authorities are encouraged to exercise discretion and protect whistleblowers who reveal information out of conscience rather than personal gain [3].

Classification Levels

There are three levels of classified information, from highest to lowest: Top Secret, Secret, and Confidential.

Top Secret is the highest level of classified information. According to US law, Top Secret information would cause “exceptionally grave damage to the national security” if disclosed without authorization. This could include sensitive military plans, intelligence activities, scientific and technological developments, and foreign government information.

Secret is the next level down. Secret information would cause “serious damage to the national security” if disclosed without authorization. This could include military operations plans, vulnerability assessments, foreign government information, and weapons development.

Confidential is the lowest level of classified information. Confidential information would cause “damage to the national security” if released without authorization. This could include personnel files, technical characteristics of weapons systems, operational plans, and negotiating positions.

Classification Authority

The President, Vice President, Secretary of a military department, heads of independent agencies, or other officials designated by the President have the authority for original classification of information (CDSE). Original classification means an initial determination that information requires protection in the interest of national security (IF105, IF105 Student Guide). Only original classification authorities can classify data at the TOP SECRET, SECRET, or CONFIDENTIAL level (GAO, Continuing Problems In DOD’s Classification Of National…).

Original classification is the initial decision to mark information as classified based on an original classification authority determining that its unauthorized disclosure could reasonably be expected to cause damage to national security (IF102, Original Classification). Original classification authorities must be able to identify or describe the specific damage that disclosure of the information could cause (IF102).

When originally classifying information, the classification authority must adhere to detailed procedures for determining the appropriate classification level, marking requirements, duration of classification, and related procedures specified in laws, regulations, and standards like Executive Order 13526 (CDSE, IF105).

Marking Classified Data

According to the handbook by the National Archives on Marking Classified National Security Information, classified documents are required to be marked with certain information to identify the classification level.

This includes the overall classification at the top and bottom of the document, such as “SECRET” for secret classified documents, as outlined in point C1.1 of the handbook (https://www.archives.gov/files/isoo/training/marking-booklet-revision.pdf). Classification markings indicate to holders the level of protection required for classified information.

Additionally, the classifying authority, the agency and office of origin, and declassification instructions must also be included according to section C1.2. Declassification instructions provide guidance for when information can be declassified.

Classified documents must be clearly identified by markings to ensure proper handling per standards outlined in regulations and the Marking Classified Information handbook (https://www.archives.gov/files/isoo/training/marking-booklet-revision.pdf).

Access to Classified Data

Access to classified information is limited to those with both an appropriate security clearance and a specific need to know the information in order to perform their duties. According to the Code of Federal Regulations, “Classified information may be made available to a person only when the possessor of the information establishes that access is necessary for the performance of official duties and that the proposed recipient has been determined to be trustworthy to receive such access” (28 CFR § 17.41).

To obtain a security clearance, individuals must undergo a thorough background investigation and be determined suitable under adjudicative guidelines. Investigations look at factors like loyalty, character, honesty, judgment, reliability, and mental/emotional health. Clearances are issued at levels like Confidential, Secret, or Top Secret depending on the sensitivity of information to be accessed. Formal procedures specify how to upgrade or downgrade existing clearances as duties change (5 CFR §1312.23).

Even with an appropriate clearance, individuals must establish they have a specific need to know classified information related to their work. This limits access to only those for whom it is truly required to fulfill duties. Need-to-know is narrowly defined to enforce information security and protect national interests.

Transmitting Classified Data

Proper channels must be used when transmitting classified information to ensure it is protected. The method of transmission depends on the level of classification. According to the Student Guide from CDSE, “specific methods that are authorized for transmitting classified information based on its classification level.”

Unclassified information can be transmitted through regular mail or other common commercial carriers. Confidential and Secret information require protected transmission channels like registered mail or approved commercial delivery services. Top Secret information has the strictest requirements and must be hand-carried by authorized personnel or transmitted through secure communication systems.

According to ISOO Notice 2020-02, “Classified information must be transmitted by means that preclude unauthorized persons from acquiring the information. Appropriate protections include use of secure communications systems, encrypted email, approved couriers and agency approved commercial delivery companies.” Proper receipts are always required to track classified transmissions.

Storing Classified Data

Classified information must be properly secured and stored. There are specific requirements for approved storage containers and facilities based on the classification level. Proper storage is critical to prevent unauthorized access and ensure proper accounting of classified materials.

Approved containers for storing classified information include security filing cabinets, vaults, and safes that meet stringent standards and requirements [1]. The type of container required depends on the classification level – Top Secret information requires the most secure containers. Storage facilities must also meet physical security standards, like intrusion detection systems, access control systems, and perimeter fencing and lighting.

Facilities used for storing classified information are designated as either closed or open storage. Closed storage is authorized access only, while open storage allows access to properly cleared personnel [1]. Proper procedures must be followed, like conducting periodic inventories and maintaining access records.

Declassifying Data

There are several procedures and timelines for declassifying classified information. According to Executive Order 13526, classified information should be declassified as soon as it no longer meets the standards for classification. There are two main ways that information can be declassified:

1. Automatic declassification – Information is automatically declassified after a set period of time, depending on the classification level. Top Secret information is automatically declassified after 25 years. Secret information is automatically declassified after 15 years. Confidential information is automatically declassified after 10 years.

2. Systematic declassification review – Agencies can also conduct a review of classified information to determine if the information still requires classification or if it can be declassified earlier than the automatic timelines. This allows for proactive declassification of information. The National Declassification Center conducts these reviews for federal records.

There are also procedures for challenging classification decisions and requesting declassification reviews under the Freedom of Information Act. However, properly classified information related to national security is exempt from declassification. Overall, the declassification process balances openness and transparency with maintaining necessary secrets.