Spy Stories-Lalas:Something Wasn’t Right
February 26, 2008
Steven J. Lalas, an American of Greek descent, was a State Department communications officer stationed with the U.S. Embassy in Athens, Greece. He also served at posts in Belgrade, Istanbul, and Taiwan. Charged with passing sensitive military information to Greek officials, he was arrested in Northern Virginia on May 3, 1993.
The U.S. Government received the first tip that led to identification of Lalas as a spy as a result of an accidental slip in a conversation between an official of the Greek Embassy in Washington and a State Department official. The Greek official knew of information that could only have come from a secret communication between the U.S. Embassy in Athens and the State Department. The State Department official recognized something wasn’t right and reported it. This led to an investigation, and Lalas was later observed through a video monitoring system stealing documents intended for destruction.
Lalas originally claimed he had been recruited by Greek military officials in 1991, and that he feared for the welfare of relatives then living in Greece if he had not cooperated. Authorities later discovered that he began spying for the Greek government in 1977 while with the U.S. Army.
He passed an estimated 700 highly classified documents, including papers dealing with plans and readiness for U.S. military strategy in the Balkans and a U. S. assessment of Greece’s intentions toward the former Yugoslavia. Athens was Lalas’ fourth communications posting with the State Department. During his espionage career he earned a steady income stealing, then selling, DIA reports about troop strength, political analyses, and military discussions contained in cables between the U.S. Embassy in Athens and the White House. He also obtained information from FBI communications about counter-terrorism efforts, and the names and job descriptions of CIA personnel stationed overseas.
Greek handlers allegedly paid him $20,000 for about 240 documents over a three- year period ending with his arrest.
In June 1993, Lalas pleaded guilty to one count of conspiracy to commit espionage and on September 16 was sentenced to 14 years in federal prison without possibility of parole. Prosecutors had recommended the 14-year sentence in return for Lalas’ promise to reveal what documents he turned over and to whom.
The full extent of his espionage activity was confirmed prior to his sentencing only after he failed two FBI polygraph examinations. Lalas is presently serving his sentence in federal prison.
Reference
“Profile of a Spy,” in Security Matters, the FBI Security Education Bulletin. Summer 1996.
Spy Stories-Lipka: No Statute of Limitations
February 26, 2008
Former National Security Agency employee Robert Stephan Lipka was arrested and charged with espionage in 1996. This was 30 years after Lipka stopped working for NSA and 22 years after his last contact with the KGB. The arrest was possible because the statute of limitations does not apply to espionage. No matter how long ago an offense occurred, a traitor can still be prosecuted. Lipka was sentenced in 1997 to 18 years in prison.While in the United States Army, Lipka was assigned to the National Security Agency (NSA) at Ft. Meade, Maryland from 1965 to 1967. His principal assignment was to remove classified NSA documents from teleprinters and distribute them to the appropriate departments. He photographed these documents with a camera provided by the Soviets and dropped off the film in a park for payments of up to $1,000 per drop. He allegedly received a total of $27,000 from the KGB.
Lipka left the military and moved to Lancaster, Pennsylvania, in August 1967, where he attended college at a local university. The FBI affidavit states that Lipka took NSA documents with him when he left his Army position, and that he met with Soviet representatives as late as 1974.
Lipka’s betrayal came to the attention of U.S. investigators in 1993 after Lipka’s ex-wife went to authorities and told them he had sold NSA material to the Soviets.
Reference
National Counterintelligence Center, Counterintelligence News and Developments, Vol. 4, Dec. 1997.
Spy Stories-John Pollard-Grandiose Imagination
February 26, 2008
This is a description of Pollard as a person, not a full account of the case. It illustrates character weaknesses that have been found in many American spies.
Jonathan Jay Pollard was a Naval Intelligence analyst arrested for espionage on behalf of Israel. He used his access to classified libraries and computer systems to collect a huge amount of information, especially on Soviet weapons systems and the military capabilities of Arab countries. Over a period of 18 months until he was arrested in November 1986, he passed over 1,000 highly classified documents, many of them quite thick. He was sentenced to life in prison. 1
This account focuses only on Pollard’s motivation, the personal characteristics that made him susceptible to betrayal, and how he was caught.
Pollard’s father was a prominent professor of microbiology who often took his family with him to scientific conferences. At least a dozen Nobel Prize winners attended young Pollard’s fourth birthday party, which was celebrated in Sweden where his father was attending a scientific conference. Formative experiences during his youth were his avid reading, especially about Israel and military history, and his repeated exposure to and suffering from anti-Semitism. His family lost over 70 European relatives during the Holocaust.
Grandiosity
Grandiosity is what psychologists call a character trait often found in individuals who commit espionage. Typical behaviors include immature fantasies of success, power or love, exaggerated expectations of recognition for ordinary job performance, hypersensitivity to imagined slights or poor performance evaluation, and excessive need for praise and admiration.
Extreme grandiosity can be a security concern, as disappointment and bitterness are inevitable when others fail to recognize one’s self-perceived special talents. This can lead to resentment, retaliation, and misguided efforts to justify an inflated feeling of importance or power. A compelling emotional need for recognition, to feel important, or to have an influence on world events may lead to deliberate unauthorized disclosure of classified information.Â
Grandiosity was a dominant element of Pollard’s personality. From a very early age, he led a rich fantasy life that centered on his becoming a superhero for the country he idolized. He became obsessed with the threats facing Israel and a desire to serve that country. He resolved early to move to Israeli when he got older. After he came to appreciate the material comforts of life in the United States, he suffered for several years an agonizing conflict between his desire to remain in America and stay close to his family, and his longstanding goal/fantasy of serving Israel. His decision to volunteer as a spy for Israel resolved that conflict. His espionage was a means of living his fantasy.
At Stanford University Pollard was known as a teller of tall tales, but he was so well informed and articulate that he “made what might otherwise have been an outlandish series of claims quite convincing.” Pollard boasted that he had dual citizenship and was a colonel in the Israeli Army. He and a few friends spent a great deal of time playing war and strategy games, and this became a vehicle for acting out his fantasies.
Pollard’s Stanford senior yearbook photo listed him as “Colonel” Pollard, and he reportedly convinced almost everyone that Israeli intelligence was paying his tuition. After his arrest, Pollard said this was all “fun and games,” and “no one took it seriously.” But most of his fellow students did not see it as a game.
While working for Naval Intelligence, Pollard again gained a reputation as a teller of tall tales. Although he kept his pro-Israeli views to himself during this period, he did once claim to have worked for Israeli intelligence. This was never reported, as no one took it seriously. Pollard’s tall tales about himself were more or less a joke in the office. He was unpopular among his colleagues, as they resented his bragging, his arrogance, and his know-it-all attitude.
At one point, Pollard received permission to establish a back-channel contact with South African intelligence through a South African friend he had known in graduate school. Through a combination of circumstances, Pollard’s story about his relationship with the South Africans began to unravel. After telling Navy investigators fantastic tales about having lived in South Africa and his father having been CIA Station Chief there, Pollard’s security clearance was pulled and he was told to obtain psychiatric help. After the doctor concluded that Pollard was not mentally ill, Pollard filed a formal grievance and got his clearance and his job back.
Pollard’s need to feel important, and to have others validate that importance, led him to pass several classified political and economic analyses to three different friends whom he felt could use the information in their business. This was before he volunteered his services to Israel. Although he hoped to eventually get something in return, his principal motive was simply to impress his friends with his knowledge and the importance of his work.
Other Characteristics
In addition to grandiosity, there were minor indicators of antisocial tendencies and problems in interpersonal relationships. In college, Pollard had a penchant for playing dirty jokes on people. For example, he would wire room lights with fireworks so they would explode when turned on, and hide in people’s closets and jump out at them when they walked into their rooms. Practical jokes are a socially accepted form of aggressive, antisocial behavior.
Although an ardent Zionist, Pollard never joined any Jewish organization in college. He was always a loner and never felt comfortable joining organizations.
Compromise
It was Pollard’s grandiosity that first attracted adverse attention from his supervisor, leading to his eventual compromise. The supervisor caught him lying about his dealings with another government agency. The only purpose of the lie was apparently to make Pollard appear to be a more important person than he was. The supervisor began to wonder why Pollard would make up stories like this.
About this same time, Pollard failed to complete several work assignments in a timely manner (because he was devoting so much time to searching out information to meet Israeli intelligence requirements.) The supervisor noticed that Pollard was requesting so many Top Secret documents concerning Soviet equipment being supplied to the Arab world that it was becoming a burden on the clerk who had to log them in. Pollard did not have any apparent need for this information, but when questioned he had a logical explanation. The risk Pollard ran by requesting so many documents may also be explained by his grandiosity, as such persons often feel invulnerable, or too smart to be caught.
The administration office advised the supervisor that, despite two reminders, Pollard was four months late in submitting a personal history statement required for updating his security clearance investigation.
The supervisor perceived Pollard as an undesirable employee and resolved to get rid of him, but did not suspect a security problem until a coworker reported seeing Pollard take a package of Top Secret material out of the building about 4:15 p.m. on a Friday afternoon. The package was appropriately wrapped and Pollard had a courier pass to carry such material to a neighboring building, which was not unusual. However, it did seem suspicious to do this late Friday afternoon, especially since Pollard got into a car with his wife. Investigation rapidly confirmed that Pollard was regularly removing large quantities of highly classified documents.
Reference
1. All information about Pollard is from Wolf Blitzer, Territory of Lies: The Rise, Fall, and Betrayal of Jonathan Jay Pollard. New York: Harper & Row, 1989.
Spy Stories-John Walker Was “Intrinsically Evil”
February 26, 2008
This is a description of John Walker as a person, not a full account of the case. It illustrates character weaknesses that have been found in many American spies.
John Walker was a Chief Petty Officer and cryptographic technician in the Navy when he volunteered his services to the KGB in 1967. After retiring from the Navy, he maintained his access by recruiting his brother, son, and friend. He was not caught until 1985, when his estranged wife and daughter informed the FBI. During his lengthy career as an aggressive Soviet agent, Walker was responsible for massive compromise of codes, code machines, and classified documents. He was sentenced to two life terms in prison, to be served concurrently.1
This write-up tries to explain the kind of person who could do what Walker did — and get away with it — for 18 years.
Walker grew up in a highly dysfunctional family. His father was a drunkard who beat his mother so badly that, at age 10, young John spent a week plotting to murder his father. Walker was not a good student, nor was he good at sports, but he had a driving need to succeed. He had to do better than his brothers.
Walker was arrested for attempted burglary at age 17. During questioning, he admitted to six other burglaries but was sentenced only to probation. His older brother, who was already in the Navy, persuaded the judge to lift the probation so that John could qualify for enlistment in the Navy in 1956. It was felt that getting away from home plus Navy discipline would help John get his life together.
Walker liked Navy life and studied and worked hard to better himself. He easily passed the high school GED test and two-year college equivalency test. The Navy taught him radio, electronics, and cryptography. His commanding officers called him “bright, energetic, and enthusiastic.” He made every rank in the absolute minimum time. It appeared that he had, indeed, grown up and gotten his act together. Four years after joining the Navy, he was happily married, had three children, had received five promotions, and had embarked on a long-term program of financial savings.
Each time after he was promoted, Walker put the increased income into the savings account. That meant the family was living on the same income as when they were first married, even though they now had three children. Walker was saving for the purpose of eventually buying a small business, as he wanted to have something to show after 20 years of Navy service. Saving money was an obsession with both John and his wife. She bought powdered milk for the children even though they could afford fresh milk. He wore his shoes until they could no longer be resoled. They refused to tip waitresses. They were very careful about buying on credit. John even refrained from going ashore in foreign ports so that he could save money to buy furniture.
Walker advanced rapidly to Chief Petty Officer. In 1965, after nine years of service, he invested his savings and borrowed funds to purchase a house outside Charleston, S.C. and turn it into a bar. Shortly thereafter, Walker’s marriage went sour and the bar failed to make money. His grandiose ego could not take the setback. Walker stole his first document for the Soviets in December 1967 after becoming depressed about financial and marital problems.
Antisocial Behavior
For nine years, Walker had been a model sailor and very successful in the Navy. Then he became as despicable a human being as one can imagine. An author who spent about 160 hours interviewing Walker after his conviction wrote: “He is totally without principle. There was no right or wrong, no morality or immorality, in his eyes. There were only his own wants, his own needs, whatever those might be at the moment.” He betrayed his country, crippled his wife emotionally, corrupted his children, and manipulated his friends. Yet all the while, he didn’t see himself as different from others, only a little smarter. In his view, “Everyone is corrupt…everyone has a scam.”
The radical change in Walker’s adult behavior may have been foreshadowed by a similar split personality in his behavior as a youth. He had few close friends, and the two good friends he did have as a youth he kept apart. His behavior depended upon which one he was with.
With one friend he was always polite, respectful and honest. With the other, he rolled used tires down hills at cars passing below, threw rocks through school windows, stole money from purses and coats left unattended at school functions, stole coins from church donation boxes for the poor, set fires, and shot at the headlights of cars. This childhood friend, who says he knew John Walker like a brother, described him many years later as “cunning, intelligent, clever, personable, and intrinsically evil.”
Walker resented authority, developed an ability to mask his emotions, and established a life-long pattern of avoiding direct confrontation. At a very strict Catholic high school he developed an intense distaste for organized religion but concealed his feelings from the nuns. Instead, he resisted by doing as little homework as possible and showing no interest in any school function. He even refused to have his picture taken for the school yearbook.
Walker was a noted practical joker, but his jokes often had an element of cruelty. His profanity was so foul that even sailors were embarrassed. He was extraordinarily demeaning of women, constantly referring to them by the most demeaning possible terms. He called his estranged wife, daughter, and girl friends these terms to their face. He was totally promiscuous, including flaunting his girl friends in front of his children; he procured girls for his son. On several occasions when no regular girl friend was available, he depended on prostitutes not just for sex but for friendship and companionship. He boasted so often about his sexual conquests that many of the sailors began to doubt his sexual prowess. They “wondered why this strutting, garrulous little man tried so hard to project the image of a masculine womanizer.”
Walker was expert at perceiving the weaknesses of other people and manipulating them. He didn’t believe in confrontation. He retreated from fights and from stronger personalities who disapproved of his hedonistic behavior.
Grandiosity
Walker is said to have lived in a movie dream world of heroic and daring accomplishments. He flaunted the money received from the Soviets. He bought a house and gave his wife carte blanche to furnish and decorate it as she pleased. He bought a boat where he spent much time partying with other women, and eventually he purchased an airplane. He claimed the income came from the bar and other astute investments. He had a flair for the theatrical. At parties, Walker usually wore a beret and ascot and liked being the center of attention. He devoted a lot of time thinking up ways to impress his fellow crewmen.
After his arrest and conviction, Walker had no remorse. He enjoyed the publicity. He told the author of one of the books about him, “I have lived every fantasy that I have ever had. I’ve done everything I wanted to do.” He rationalized involving his brother, son and friend in espionage, and trying to recruit his daughter. In his mind, he was helping them be successful in life (i.e., earn lots of money), and he later criticized them for using him. He felt his only real mistake in life was allowing himself to be surrounded by weaker people who eventually brought him down. He concluded, “I am the real victim in this entire unpleasant episode.”
Although he took pride in being described as the most damaging spy in the history of the United States, Walker claimed to be a patriotic American. He viewed the Cold War as an unimportant game. He “knew” there would be no hot war with the Soviet Union, and he “knew” the Soviets would not risk passing his information to the North Vietnamese during the Vietnam war, so he rationalized the compromise of military information was really doing little damage.
Other Characteristics
Walker was vindictive. He once told a friend: “You never confront a person face to face. You get even. Maybe three years from now.” He had books on revenge and on dirty tricks, such as putting epoxy glue into locks of cars and homes.
He liked taking risks and had a legendary reputation as a daredevil. For example, one night when returning to his submarine after some heavy drinking, he spotted a blimp tethered nearby. He led his colleagues in an effort to cut the blimp loose, but was scared off when a policeman shouted a warning and then fired a warning shot.
Although Walker was pleasant and well-liked throughout his life, he had few close friends. He drank often and used drugs but was not much different in this respect from many other sailors during that time period. As far as is known, it did not impair his work performance. He provided marijuana to his son but taught him to use it in moderation. He didn’t smoke cigarettes, as he thought they were bad for his health. He was almost excessively neat and clean. He was not impulsive; on the contrary, he was very calculating.
Reference
1. Sources are J. Kneece, J., Family Treason: The Walker Spy Case. Briarcliff Manor, NY: Stein and Day Publishers, 1986. And P. Earley, Family of Spies: Inside the John Walker Spy Ring. New York: Bantam Books, 1988.
Voice Mail is Vulnerable
February 26, 2008
Voice Mail Is Vulnerable
A disgruntled former employee, John Hebel, regularly broke into the voice mail system of his former employer, Standard Duplicating Machines Corporation (Standard) of Andover, MA, as part of a scheme to make unauthorized use of the company’s sales leads and confidential marketing information.
Hebel was employed as a field sales manager for Standard between October 1990 and September 1992. Standard was engaged in the sale and distribution of reprographic and print finishing equipment throughout North America. Hebel worked out of an office he maintained in his home in Ballwin, MO.
Standard had an electronic voice mail system. Each Standard employee had his or her own voice mail box, which could be accessed from remote locations. Messages containing sales leads and other confidential marketing information would often be left in voice mail boxes.
After Standard terminated Hebel on in September 1992, Hebel went to work for Duplo U.S.A. Corporation, a subsidiary of Duplo Manufacturing Corp. of Tokyo, Japan. Duplo hired Hebel as its Midwest Regional Manager. Duplo and Standard were direct competitors in the market for commercial collating equipment.
Hebel developed a scheme to defraud Standard by gaining unauthorized access to its voice mail system. By virtue of his prior employment at Standard, Hebel knew the telephone number for accessing Standard’s voice mail system from remote locations. He knew that the “default” password for a particular voice mailbox would be the employee’s telephone extension plus the pound sign, and that virtually no Standard employees had utilized unique passwords to protect their voice mail boxes. Hebel also knew which Standard executives and employees were likely to receive sales leads and other confidential marketing information in their individual voice mail boxes.
Between November 1992 and September 1993, Hebel accessed Standard’s voice mail system from remote locations on several hundred occasions. He did it, without authorization, by using the passwords of various Standard executives and employees. His purpose was to obtain sales leads and confidential marketing information which he could use for the benefit of Duplo and for his own personal benefit.
Standard learned of Hebel’s activity through an unsolicited phone call from a customer who had been solicited by Hebel after leaving a message on Standard’s voice mail system. The FBI arrested Hebel for wire fraud on November 5, 1996, and he was sentenced in March 1997 to two years probation.
References:
1. FBI Director Louis Freeh, Statement before the Senate Select Committee on Intelligence, January 28, 1998. Also PR Newswire, Former Sales Manager Charged in Voice Mail Scam, November 5, 1996.
Spy Stories-Roderick Ramsay
February 26, 2008
Anyone in the Army who was willing to take drugs on a regular basis has to be willing to take some kind of risk and has to be willing to break the Army’s regulations. That’s the starting point.”
The German judge who sentenced Conrad to life in prison commented as follows on the importance of the information compromised by the Conrad spy ring, much of which was supplied by Ramsey. This spy ring “endangered the entire defense capability of the West.” If war had broken out, this information “could have led to a breakdown in the defenses of the Western Alliance” and to “capitulation and the need to use nuclear weapons on German territory.”
Reference
Lynn Fischer, “A Wasted Life: The Case of Roderick Ramsay.” Security Awareness Bulletin, March 1997. Richmond, VA: Department of Defense Security Institute.
Marking Classified Information
February 23, 2008
Physically marking classified information with appropriate classification and control markings serves to warn and inform holders of the degree of protection required. Other notations aid in derivative classification actions and facilitate downgrading or declassification. It is important that all classified information and material be marked to clearly convey the level of classification assigned, the portions that contain or reveal classified information, the period of time protection is required, and any other notations required for protection of the information or material.
The following is a summary of the most commonly used document control markings. More detailed information is available via the Internet from a variety of sources.1
Overall Classification Markings
The overall (i.e., highest) classification of a document is marked at the top and bottom of the outside cover (if there is one), the title page (if there is one), the first page, and the outside of the back cover (if there is one) or back side of the last page.
Each interior page containing classified information is marked top and bottom with the overall (i.e., highest) classification of the page. Each unclassified interior page is marked ‘Unclassified” at the top and bottom. Interior pages that are For Official Use Only need to be marked only at the bottom. Blank pages require no markings.
Attachments and annexes may become separated from the basic document. They should be marked as if they were separate documents.
Additionally, every classified document must show, on the face of the document, the agency and office that created it and date of creation. This information must be clear enough to allow someone receiving the document to contact the preparing office if questions or problems about classification arise.
U.S. documents that contain foreign government information shall be marked on the front, “THIS DOCUMENT CONTAINS FOREIGN GOVERNMENT (indicate level) INFORMATION.”
Computer files must be marked with appropriate headers and footers to ensure that anything that is transmitted or printed will have the applicable classification and associated markings.
All removable storage media and devices such as diskettes, CD-ROMs, cassettes, magnet tape reels, etc. must have an outer label with the appropriate markings.
Each slide must be marked on the slide itself or slide cover, as well as on the image that is projected.
Automated Information Processing Requirements
Use of automated information systems to route and control access to information is forcing changes in how documents are marked. Within the Intelligence Community, classification and control markings must now follow a specified format that enables automated systems to recognize the markings.
The following formats apply only within the Intelligence Community.2 However, similar rules are under consideration in the Defense Department and other government organizations.Â
Any classified document, either in hard copy or automated, must contain a header and footer with the classification, any control markings, and declassification date or designation. These three elements — classification, control marking(s), and declassification date — must be separated by two forward slashes and no spaces. If multiple dissemination control markings are used, they are separated by a comma and no spaces, except that multiple SCI controls are separated by a single forward slash and no spaces. Declassification date must be marked by an eight-digit number (year, month, day), exemption category (such as X1), or as Manual Review (MR). This is illustrated by the following examples:
SECRET//SI/TK//NOFORN//X1
SECRET//ORCON,PROPIN//20091231
A control marking such as FOR OFFICIAL USE ONLY cannot stand alone. It must be preceded by a classification as in:
UNCLASSIFIED//FOR OFFICIAL USE ONLY
When marking foreign government classified information, the classification is preceded by two forward slashes and countries are identified by an approved three-letter designator, as in //NATO SECRET or //DEU SECRET for Germany. Â
Portion Marking
The title or subject of a classified document is marked with the appropriate classification abbreviation in parentheses — (TS), (S), (C), or (U) immediately following and to the right of the title or subject.
Each section, part, paragraph, or similar portion of a classified document is to be marked with the appropriate classification abbreviation in parentheses immediately before the beginning of the portion. If the portion is numbered or lettered, place the abbreviation in parentheses between the letter or number and the start of the text.
Portions of U.S. documents containing foreign government information are marked to reflect the foreign country of origin as well as the appropriate classification, for example, (U.K.-C). Portions of U.S. documents containing extracts from NATO documents are marked to reflect “NATO” or “COSMIC” as well as the appropriate classification, for example, (NATO-S) or (COSMIC-TS). Further information is available at Foreign Government Classified Information.
Release to Foreign Countries/Organizations
In support of homeland security and coalition warfare, the U.S. Government has an increased need to share data with foreign countries, international organizations, and multinational forces. This has led to recent changes in the use of the “Released to…” (REL TO) control marking. This marking was previously only for use on intelligence information, but it is now authorized for use on all classified defense information.
Following the REL TO marking is a list of countries to which the information may be released through proper disclosure channels to specified foreign governments or international organizations. This list starts with USA and is followed by other countries listed alphabetically by the approved country code(s), international organization, or coalition force.
Example: TOP SECRET//REL TO USA, EGY and ISR
This format with // after the classification, a comma and space between each country, and with a lower case “and” with no comma before the last country code must be followed exactly to facilitate machine reading and sorting of the document. The approved three-letter country codes are available on the Internet at ftp.ripe.net/iso3166-countrycodes.txt. This marking shall appear at the top and bottom of the front cover (if there is one), the title page (if there is one), the first page and the outside of the back cover (if there is one). Each interior page containing classified information is marked top and bottom with the overall (i.e., highest) classification of the page.
When portion marking individual titles or paragraphs, the countries do not need to be listed unless they are different from the countries listed in the REL TO at the top and bottom of the page. For example: (TS:REL). If information is releasable to different countries than those listed in the overall REL TO marking, all the countries and organizations should be listed in the portion marking. For example: (S//REL TO USA, AUS, NZL and NATO).
The marking “Not Releasable to Foreign Nationals” (NOFORN) is still only authorized for use on intelligence that requires originator approval before being disclosed (see below).
Other Distribution Controls
In addition to its classification, intelligence information and certain scientific or technical information may also be subject to other controls on its distribution and handling. It is your responsibility to understand and comply with the control markings on classified information. If you are not sure, contact your security office. These control markings include:
- Dissemination and Extraction of Information Controlled by Originator (ORCON) or (OC) means that any additional distribution or inclusion in another document must be approved by the originator of the document. It is used on intelligence information that could permit identification of a sensitive intelligence source or method.
- Not Releasable to Contractors/Consultants (NOCONTRACT) has been discontinued but is still seen on older documents. Check with the originator of the document regarding any ongoing controls on the use of such a document. This caveat was used on intelligence information that is provided by a source on the express or implied condition that it not be made available to contractors; or that, if disclosed to a contractor, would actually or potentially give him/her a competitive advantage or cause a conflict of interest with his/her obligation to protect the information.
- Caution - Proprietary Information Involved (PROPIN) or (PR) is used with or without a security classification to identify information provided by a commercial firm or private source under an express or implied understanding that the information will be protected as a trade secret or proprietary data with actual value.
- NOFORN is for intelligence information that may not be passed to foreign nationals.
- Authorized for Release to ____ (REL TO) signifies intelligence information that is releasable to or has been released through proper disclosure channels to the named foreign government or international organization. See more specific guidance in previous section.
- Sensitive Compartmented Information (SCI) applies to certain intelligence sources, methods, or analytical processes that are subject to a formal access control system established by the Director of Central Intelligence. Special approval is required for access to SCI.
- Communications Security (COMSEC) is the protection of all elements of telecommunications — encryption, transmission, emissions, and the physical security of equipment and materials.
- Cryptographic Material (CRYPTO) identifies information or materials that must be handled through special cryptographic channels.
- Warning Notice - Intelligence Sources or Methods Involved (WNINTEL) has been discontinued but is still seen on older documents. It was used on intelligence information that identifies or would reasonably permit identification of an intelligence source or method that is susceptible to countermeasures that could nullify or reduce its effectiveness.
- Critical Nuclear Weapons Design Information (CNWDI) or (N) applies to information that reveals the theory of operation or design of the components of a thermonuclear or fission bomb, warhead, demolition munition, or test device. Special handling procedures are required.
Department of Defense also uses the marking Alternative or Compensatory Control Measures (ACCM) for classified information that requires special security measures to safeguard classified intelligence or operations and support information when normal measures are insufficient to achieve strict need-to-know controls and where special access program (SAP) controls are not required. ACCM measures are defined as the maintenance of lists of personnel to whom the specific classified information has been or may be provided together with the use of an unclassified project nickname. The ACCM designation is used in conjunction with the security classification to identify the portion, page, or document containing ACCM information.
References
1. Policy guidelines for the classification, marking, and declassification of national security information are found in the President’s Executive Order 12958, Classified National Security Information, April 17, 1995. The full text of this order is available at the DSS web site, www.dss.mil/seclib/index.htm, as is the DoD Guide to Marking Classified Documents, DoD 5200.1-PH. Classification and marking guidelines for defense industry are in Chapter 4 of the National Industrial Security Program Operating Manual. The full text of the NISPOM is also available at the Defense Security Service Internet site, www.dss.mil/seclib/index.htm. For non-DoD agencies, the Information Security Oversight Office publishes a free booklet entitled Marking with instructions and illustrations for marking classified documents.
2. Classification and control markings and country designators authorized for use by the Intelligence Community are compiled in the Authorized Classification and Control Markings Register maintained by the Community Management Staff.
Classification Procedures
February 23, 2008
Original and Derivative Classification
Executive Order 12958, as amended March 25, 2003, sets U.S. Government policy for classifying national security information that must be protected from unauthorized disclosure. Information is classified in one of two ways — originally or derivatively.
Original classification is the initial determination that information requires protection. Only U.S. Government officials to whom this authority has been delegated in writing and who have been trained in classification requirements have the authority for original classification. Original classification authorities issue security classification guides that others use in making derivative classification decisions. Most government employees and contractors make derivative classification decisions.
Derivative classification is the act of classifying a specific item of information or material on the basis of an original classification decision already made by an authorized original classification authority. The source of authority for derivative classification ordinarily consists of a previously classified document or a classification guide issued by an original classification authority.
For example, Defense contractors make derivative classification decisions based on the Contract Security Classification Specification that is issued with each classified contract. If a contractor develops an unsolicited proposal or originates information not in the performance of a classified contract, the following rules apply. If the information was previously identified as classified, it should be classified derivatively. If the information was not previously classified, but the contractor believes the information may be or should be classified, the contractor should protect the information as though classified at the appropriate level and submit it to the agency that has an interest in the subject matter for a classification determination. In such a case, the material should be marked CLASSIFICATION DETERMINATION PENDING. Protect as though classified (TOP SECRET, SECRET, or CONFIDENTIAL).
The full text of Executive Order 12958 is available at DSS website at www.dss.mil/seclib/index.htm. Classification guidelines for defense contractors are in Chapter 4 of the National Industrial Security Program Operating Manual. Full text of the NISPOM is also available on the Defense Security Service Internet site at, www.dss.mil/seclib/index.htm.Â
Classification Levels
Information that must be controlled to protect the national security is assigned one of three levels of classification, as follows:
- TOP SECRET information is information which, if disclosed without authorization, could reasonably be expected to cause exceptionally grave damage to the national security.
- SECRET information is information which, if disclosed without authorization, could reasonably be expected to cause serious damage to the national security.
- CONFIDENTIAL information is information which, if disclosed without authorization, could reasonably be expected to cause damage to the national security.
Atomic energy information is classified under the Atomic Energy Act of 1954, and the procedures differ from those prescribed for national security information. Atomic energy information is automatically classified and remains classified until a positive action is taken to declassify it. It may be declassified only by the Department of Energy. Consult your security officer for information on marking and handling atomic energy information. There are two types:
- RESTRICTED DATA covers “all data concerning (1) design, manufacture, or utilization of atomic weapons; (2) the production of special nuclear material; or (3) the use of special nuclear material in the production of energy,” except for data that has been declassified or removed from the Restricted Data category.
- FORMERLY RESTRICTED DATA is information which has been removed from the Restricted Data category after Department of Energy and Department of Defense have jointly determined that the information relates primarily to the military utilization of atomic weapons and can be adequately safeguarded as National Security Information. The word “formerly” only means that such information is no longer subject to controls under the Atomic Energy Act. Formerly Restricted Data remains classified and subject to controls on national security information. Such data may not be given to any other nation except under specially approved agreements. It is identified and handled as RESTRICTED DATA when sent outside the United States.
RESTRICTED DATA and FORMERLY RESTRICTED DATA should also be marked with one of the three classification levels — TOP SECRET, SECRET, or CONFIDENTIAL.
Markings for the “Classified by,” “Derived from,” and “Declassify on” Lines
All classified information shall be marked to reflect the source of the classification, reason for the classification, and instructions for declassification or downgrading. The markings used to show this information must appear toward the bottom on the cover, first page, title page, or in another prominent position. Nondocumentary material should show the required information on the material itself or, if not practical, in related or accompanying documentation.
“Classified by” Line: The “Classified by” line is used only on originally classified documents. It identifies the original classification authority by name or personal identifier and position and cites justification for the classification. This is followed by a “Reasons” line that cites by name or number one of the seven approved classification categories specified in Executive Order 12958.
“Derived from” Line: Any appropriately cleared employee has the authority to derivatively classify a document. The “Derived from” line cites the source document or classification guide which allowed you to determine that the information in your document is classified. The date of the source document or classification guide is to be included. If more than one source document, classification guide, or combination of these provided the derivative classification guidance, write “Multiple Sources” on the “Derived from” line. A record of these multiple sources must be maintained on or with the file copy of the document.
“Declassify on” Line: The classified by or derived from lines should be followed by a line that identifies when the classified information is to be declassified. This information is obtained from the “Declassify on _____” line of the source document or from a classification guide. If your document classification is derived from “Multiple Sources” and different declassification instructions apply, you must use the most restrictive declassification instruction that applies.
Declassification
The Original Classification Authority has the following options for declassification instructions for documents that were originally classified under Executive Order 12958.
- Whenever possible, the declassification date should be specified as a date or event that corresponds to the lapse of the information’s national security sensitivity. However, the date or event must not exceed 25 years from the date of the original classification.
- If information should remain classified beyond 25 years, there are a number of exemptions that may apply. This may be appropriate, for example, if the information would reveal the identity of a confidential human source, or a human intelligence source, or reveal information about the application of an intelligence source or method.
Many older documents classified prior to Executive Order 12958 still carry the declassification designation OADR — Originating Agency’s Determination Required. When one of these documents is the source document for derivative classification, the Declassify on line should read: Source document marked “OADR” Date of source (insert date).
No U.S. document shall be downgraded below the highest level of foreign government information contained in the document, nor shall it be declassified without the written approval of the foreign government that originated the information.
Classified Information Appearing in Public Media: The fact that classified information has been made public does not mean it is automatically declassified. Information remains classified unless and until it is formally declassified. If you become aware of classified or other sensitive information appearing in the public media, bring it to the attention of your security office.
Downgrading or Declassifying Classified Information: Information is downgraded or declassified based on the loss of sensitivity of the information due to the passage of time or on occurrence of a specific event. Declassification is not automatically an approval for public disclosure.
Marking Downgraded or Declassified Material: Classified information that is downgraded or declassified should be promptly and conspicuously marked to indicate the change.
Classification Pending: Material that you generate, and that you believe may be classified and for which no classification guidance is available, must be protected and handled as though classified at the appropriate level until a classification determination is obtained from the appropriate government organization. This material should be marked as follows:Â
CLASSIFICATION DETERMINATION PENDING
PROTECT AS (APPROPRIATE CLASSIFICATION LEVEL)
The derivative and warning notice markings need not be applied in this situation. Reproduction should be held to an absolute minimum until a classification determination is received.
Challenging a Classification
Any approved holder of classified information who believes the information is classified improperly or unnecessarily, or that current security considerations justify downgrading to a lower classification or upgrading to a higher classification, or that security classification guidance is improper or inadequate, is encouraged and expected to challenge the classification status.
Government employees should pursue such actions through established agency procedures that protect individuals from retribution for bringing such actions, provide an opportunity for review by an impartial official or panel, and provide a right of appeal to the Interagency Security Classification Appeals Panel. Contractors should appeal such issues through their pertinent government contracting authority.
Security Clearance Review Material
Protecting Classifed Information-Overview
February 23, 2008
A security clearance is a privilege, not a right. When you accept the privilege of access to classified information, you are also accepting the responsibilities that accompany this privilege. This guide informs you of your responsibilities and provides information to help you fulfill them.
Your responsibility to protect the classified information that you learn about is a LIFELONG obligation. It continues even after you no longer have an active security clearance.
The Nondisclosure Agreement you signed when accepting your clearance is a legally binding agreement between you and the U.S. Government in which you agreed to comply with procedures for safeguarding classified information and acknowledged that there are legal sanctions for violating this agreement. Deliberate violation for profit may be prosecuted. This agreement assigned to the U.S. Government the legal right to any payments, royalties or other benefits you might receive as a result of unauthorized disclosure of classified information. Your signed Nondisclosure Agreement is the only form held on file long after you retire (50 years!).
The various topics in this module of the Security Guide discuss procedures for handling, marking, safeguarding, and communicating classified information. The regulatory basis for these procedures is Executive Order 12985, Classified National Security Information, dated October 13, 1995, as amended March 28, 2003. National guidance for implementing this order is in the Information Security Oversight Office (ISOO) Classified National Security Information Directive No. 1, September 22, 2003. Many individual departments, agencies, and offices also have their own implementing regulations, for example, Department of Defense Regulation 5200.1, Information Security Program.
Failure to comply with these procedures may result in adverse administration action including revocation of your security clearance. When we study the history of foreign intelligence activities against the United States, one thing becomes very clear. When our adversaries or competitors are successful in obtaining classified or other sensitive information, it is usually due to negligence, willful disregard for security, or betrayal of trust by our own personnel.
The Bottom Line
Pogo, a popular cartoon character from the 1960s, coined an oft-quoted phrase: “We have met the enemy, and he is us.” That sums it up. We - not our foreign adversaries or competitors - are the principal source of the problem, but we can also become the solution. You and I and all others who hold a security clearance are the first line of defense against espionage and other loss of sensitive information. Together, if we fulfill our responsibilities, we have the power to protect our national security and economic interests.
Security Clearance Review Material
Need-to-Know
February 23, 2008
Your security clearance does not give you approved access to all classified information. It gives you access only to:
- Information at the same or lower level of classification as the level of the clearance granted; AND that you have a “need-to-know” in order to perform your work.Â
Need-to-know is one of the most fundamental security principles. The practice of need-to-know limits the damage that can be done by a trusted insider who goes bad. Failures in implementing the need-to-know principle have contributed greatly to the damage caused by a number of recent espionage cases.
Need-to-know imposes a dual responsibility on you and all other authorized holders of classified information:
- When doing your job, you are expected to limit your requests for information to that which you have a genuine need-to-know. Under some circumstances, you may be expected to explain and justify your need-to-know when asking others for information.
- Conversely, you are expected to ensure that anyone to whom you give classified information has a legitimate need to know that information. You are obliged to ask the other person for sufficient information to enable you to make an informed decision about their need-to-know, and the other person is obliged to justify their need-to-know.
- You are expected to refrain from discussing classified information in hallways, cafeterias, elevators, rest rooms or smoking areas where the discussion may be overheard by persons who do not have a need-to-know the subject of conversation.
You are also obliged to report to your security office any co-worker who repeatedly violates the need-to-know principle.
Need-to-know is difficult to implement as it conflicts with our natural desire to be friendly and helpful. It also requires a level of personal responsibility that many of us find difficult to accept. The importance of limiting sensitive information to those who have a need to know is underscored, however, every time a trusted insider is found to have betrayed that trust.
Here are some specific circumstances when you need to be particularly careful:
- An individual from another organization may contact you and ask for information about your classified project. Even though you have reason to believe this person has the appropriate clearance, you are also obliged to confirm the individual’s need-to-know before providing information. If you have any doubt, consult your supervisor or security officer.
- Difficult situations sometimes arise when talking with friends who used to be assigned to the same classified program where you are now working. The fact that a colleague formerly had a need-to-know about this program does not mean he or she may have access to the information. There is no “need” to keep up to date on sensitive developments after being transferred to a different assignment.
The need-to-know principle also applies to placing classified information on computer networks. Before doing so, make sure it is appropriate for this information to be seen by all persons with access to the system. Although every individual gaining access to a particular computer network is cleared for the clearance level of that system, they may not have a need to know all of the information posted on the system.