COMMENTS ON ISOO DRAFT REVISION OF EXECUTIVE ORDER 12065

Approved For Release 2007/07/06: CIA-RDP85B00552RO01000070047-4 COQ ENTS ON ISOO DRAFT REVISION OF EXECUTIVE ORDER 12065 A. Page 7, Section.1~-302 Change to read "Information that is determined to concern one or more of the categories in Section 1-301 shall be classified when an original classification authority also determines that its unauthorized disclosure, either by itself or in the context of other information, reasonably.could be expected to cause damage to the national security." This restores the emphasis on potential disclosure damage when considering the "aggregate" classification of isolated information. / B. Page 8, Section 1-303 Change to read "Unauthorized disclosure of foreign government information, cryptologic information, or information relating to intelligence activities (including special activities), or intelligence sources or methods, is presumed to cause damage to the national security." The addition of "intelligence activities (including special activities)" is consistent with similar constructions throughout the draft. C. Page 9, Section 1-501 Move the parenthetical expression in 1-501(a) and. 1-501(b) to the main paragraph of 1-501, where it appeared in a previous draft. This marking exclusion must appear in the main paragraph in- order to cover all markings. There are circumstances in which any U.S. marking at all would reveal a confidential relationship. D. Page 10, Section 1-502 Delete entire section. This partial restoration. of the portion-marking requirement could lead to the release of Agency information marked as unclassified by other agencies without Agency review to determine if it warrants classification in the aggregate. It also could lead to confusion between internal and external. agency procedures. If there must be a portion-marking requirement in the Order, the following substitute wording for Section 1-502 would cause fewer problems: "Agency heads may require that each copy of a classified document that is intended to be used as a source for producing acld.it anal ocuments mha1 L b marking or J J-_ otheriiicans,-indicate which portions are c_i as _ f ed, with the applicable classification level, and which portions are not classified." Approved For Release 2007/07/06: CIA-RDP85B00552RO01000070047-4  Approved For Release 2007/07/06: CIA-RDP85B00552RO01000070047-4 E. Page 16, Section 3-301 Move the last sentence into a new Section 3-303. Delete the last five words of this sentence. This provision for establishing special Secretary of Defense and DCI review procedures should be separate to make clear that the procedures may apply to all agencies, not just the National Archives. Establishing. these procedures should riot require mandatory consultation with affected agencies (even though such consultation normally occurs). F. Page 18, Section 3-402 Restructure the first two sentences to read: "Information originated by a President, the White House Staff, by committees, commissions, or boards appointed by the President, or others- specifically providing advice and counsel to a President or acting on behalf of a President is exempted from the provisions of section 3-401. The Archivist of the United States shall have authority to review and declassify such information in the possession and control of the Administrator of General Services pursuant to sections 21.07, 2107 note, or 2203 of title 44 U.S.C." This is consistent with the coverage of Archivist authority elsewhere in the draft. These authorities relate only to information in GSA custody. G. Page 19, Section 3-404 Move the fourth sentence into a new Section 3-405. Renumber the present 3-405 as 3-406. As with Section 3-301 (comment E above), the provision covering special Secretary of Defense and DCI review procedures should be separate to indicate that these procedures have general effect. The addition of the new authority for Archivist review in Section 3-402 (comment F above) also requires this provision be separate to make clear it is not tied solely to the "mandatory review" of Section 3-404. H. Page 20, Section 4-101 Add "Agency heads shall issue and maintain minimum investigative standards that must be satisfied before access to classified information is permitted." Disparities and misunderstandings between agencies on what their standards are would be minimized if this Executive order required them to be stated. Although this is covered in Executive Order 10450, that order is outdated, subject to interpretation by individual agencies, and in some cases virtually ignored. Approved For Release 2007/07/06: CIA-RDP85B00552RO01000070047-4  Approved For Release 2007/07/06: CIA-RDP85B00552RO01000070047-4 I. Page 22, Section 4-201 Add after Director of Central Intelligence, "who shall ensure the establishment of common security, access, dissemination, and control standards for such programs." This addition states the current reality established in existing DCID's. DoD objection to this provision is based on the worst-case interpretation of the possibility of imposition of such controversial security programs as the polygraph. J. Page 22, Section 4-202 Delete entire section. This requirement is unclear, unnecessary, and burdensome. It has not worked in the present Executive Order 12065. K. Page 29, Section 5-404 Change the last sentence to read "Either shall ensure that the Director of the Information Security Oversight Office is informed periodically of violations under Section 5-402(a) or (b)." Notifying D/ISOO on every occasion when there is an improper disclosure of classified information could adversely impact the polygraph program. L. Page 31, add Section 6-108 6-108. "cryptology," for the purposes of this Order, means cryptography and communications security. This definition reflects the current Intelligence Community understanding that the Director of Central Intelligence is responsible for the portion of intelligence sources and methods lmown as signals intelligence (SIGINT) and the Secretary of Defense is responsible for communications security (COMSEC) matters. Without this definition, Section 4-201 of the IS00 draft is in direct contravention to the statutory authority of the DCI. Furthermore, NSCID 6 specifically makes the DCI responsible for SIGINI' security policy. According to the official, current, Intelligence Community Glossary of Intelligence terms, "cryptology" includes both SIGINT and CONISEC. As an alternative to the addition of a definition for "cryptology," the word "cryptography" or "cryptographic" might be substituted for. "cryptology" or "cryptologic" throughout the ISOO draft. M. Page 31, add.Section 6-109 and 6-110 6-109. "Unauthorized disclosure" includes either a comiflunication or physical transfer of classified information to an unauthorized person. Approved For Release 2007/07/06: CIA-RDP85B00552RO01000070047-4  Approved For Release 2007/07/06: CIA-RDP85B00552RO01000070047-4 6-110. "Unauthorized persons" are those who do not have both a current security clearance for access to the level. of classified information involved and a specific, identifiable need for access to the information involved in order to accomplish an official and authorized government purpose. These definitions clarify what is required to protect information and what will subject officers and employees of the United States Government to sanctions. N. In addition to the above comments, we support the ISOO wording changes in Sections 1-101(a), 1-103, 1-204(e), 1-205, 1-303, 1-501, 2-102(b), 3-401(b), 3-404, 5-202(d), 5-202(8); 5-301(b), 5-402(a), and 6-106. Further, we do not object to the changes in Sections 1-301(j), 1-401, 1-402, 1-501(c), 3-203, 3-401(a), 3-403, 3-405(b), 4-101, 5-102, 5-301(c), and 6-107. Also, there are two typographical errors in the last sentence of Section. 3-301. There is an extra comma preceding the parenthesis and "sources and methods" should be "sources or methods." And the "could reasonably" in Section 6-106 should be "reasonably could." Approved For Release 2007/07/06: CIA-RDP85B00552RO01000070047-4