5 Secrecy versus Open Innovation

The central mission of secure U.S. government R&D is national security. Indeed, as discussed in chapter 4, the national security objective is enshrined in the mission statements of the agencies that oversee secure government R&D. At the same time, laws and policies designed to support national security objectives that comprise the regulatory regimes governing such R&D sometimes create tensions with the competing interest of innovation—despite that national security and innovation are not inherently contradictory objectives.

Many policymakers and enforcers of policies mistakenly conflate national security and secrecy because of an underlying assumption that they go hand in hand—an assumption even the U.S. government has made: “Our Nation’s progress depends on the free flow of information both within the Government and to the American people. Nevertheless, throughout our history, the national defense has required that certain information be maintained in confidence . . . to protect our citizens, our democratic institutions, our homeland security, and our interactions with foreign nations.”1

Even the definition of “top secret” comes with the assumption that national security requires utmost secrecy: “‘Top Secret’ shall be applied to information, the unauthorized disclosure of which reasonably could be expected to cause exceptionally grave damage to the national security that the original classification authority is able to identify or describe.”2 Further, in its “Security Provisions” section, the NSF Act of 1950 asserts that national security requires the utmost secrecy: “Matters relating to the national defense . . . shall establish such security requirements and safeguards, including restrictions with respect to access to information and property, as [the relevant official] deems necessary.”3

In reality national security and secrecy—though related—are different. Secrecy often furthers the interest of national security, but other times it does not. In some instances secrecy may be a detriment to national security. For example, solving a technical problem is difficult when the specific details of the problem are obscured from potential innovators for national security reasons. Conflating secrecy and national security erects walls to innovation that ultimately hurt national security—creating the “secrecy challenge” referred to in this book.

To understand the secrecy challenge, it is useful to explore briefly why secrecy is often used as a mechanism to support national security. Where does secrecy serve a national security interest? One area is where secrecy surrounds the development of a new capability that would create strategic surprise for the United States. For example, the government kept secret the Manhattan Project in an attempt to enable the United States to develop atomic weapons capabilities faster than its adversaries. The world knew that there was competition between the United States and Germany to reach the capability first, but details of how to build an atomic bomb (such as refining uranium or arranging the fissile material into a critical mass) were kept secret to give the United States a time advantage over Germany.

Secrecy can also further national security when it is used to protect information about specific vulnerabilities, such as weaknesses in a material, code flaws, or bandwidth limitations of a radar system. For example, after bombing Hiroshima and Nagasaki, the United States required lead time before it could deploy a third bomb and significant lead time before it could build more bombs—facts kept secret at the time so that adversaries did not know the United States was not prepared to immediately strike again. In the case of FANG, discussed in chapter 3, some requirements are classified, such as those regarding how rugged the vehicle’s armor must be for survivability, because their disclosure could be exploited by an adversary.

While secrecy limits the ability of adversaries to exploit system vulnerabilities, there is an argument that revealing selected information about desired capabilities or vulnerabilities enables innovation to solve and address these issues. For example, potential innovators cannot work to address material weaknesses in an aircraft’s structure unless they know what the material is and that there is a weakness in the first place.

A rigid commitment to secrecy often precludes full and open competition, as well as information sharing, two factors important to the very innovation desired to serve national security interests by advancing American technological superiority. The commitment to secrecy without a rigorous consideration about whether that secrecy truly serves the underlying national security interest can, therefore, be in tension with innovation because secrecy limits participation and creates silos within secure government R&D. The FANG story, as well as stories from contractors and businesses in the field, reinforces the reality and persistence of this tension.

By definition secrecy regulations prevent the free flow of information and open participation, in turn inhibiting innovation—as many researchers have explained. The free flow of information and open information provide “access to a wide array of ideas and knowledge,” which leads to “discovering radical new solutions to solving problems.”4 A potential innovator “can benefit from a larger solver population because he obtains a more diverse set of solutions.”5 Accessing a “larger pool of skilled contributors” has benefits.6

DARPA Program Tenure

The “silo” effect and its impact on accessing ideas from a broad range of likely innovators is a persistent systemic challenge. This is seen even in DARPA, a government agency recognized for its cross-cutting innovation. An analysis of the innovation process across several DARPA programs illustrates the challenge, which is caused by a combination of the program manager (PM) tenure structure and the pervasive emphasis on secrecy.

DARPA imposes four- to five-year limits on the tenure of its PMs to create a sense of urgency and help with recruiting top talent.7 While this policy has had success in jump-starting certain innovation, in other ways it can hinder innovation when implemented alongside strict secrecy measures. First, the short tenure requires an aggressive and deliberate approach to establishing new secure programs. Within the first year or two a new project manager at DARPA must juggle the demanding time requirements of continuing and wrapping up the prior PM’s programs and identifying an end user or customer need area aligned with the PM’s own background and knowledge. The PM then has to establish the new program, “selling” it internally to gain approval. By the time approval is granted, PMs may be concerned about whether their few remaining years at DARPA are enough to successfully conduct the R&D required to innovate and achieve the promised technological advancement and meet the national security need.

Second, secrecy issues begin to affect the innovation process once approval for a new program is granted by limiting the potential innovators included in the proposal and ideation process. This limitation arises because many DARPA programs are for “special access” secure R&D, meaning they are classified, and only those individuals (not companies) with a “need to know” and an appropriate security clearance are informed of the problem and need for a solution. Secrecy restrictions prevent openly posting the specific need to a public forum, so a PM must identify potential innovators in some other way. The PM may invite companies to a classified “Industry Day” but then PMs must rely on their own personal network to strategically select those with a “need to know” and the ability to contribute an innovation to the specific need area.

Third, DARPA project managers often provide a very short period after an Industry Day for initial ideas to be proposed before the evaluation and contracting stage. They expect ideas to improve over the course of the R&D contract. This process occurs with the limited set of innovators that have been afforded the need-to-know—and who may have been selected based on a personal connection rather than a more open, merit-based process that would be possible without the secrecy limitations.

On the surface it may seem that a quick solution to this participation challenge for innovation would be to increase the tenure of PMs working on secure programs to relieve them of the time pressure of establishing their programs, thereby enabling them to be more thoughtful about using strategies like open innovation. However, it is not so simple. Such an approach would also deprive secure programs of the other benefits of short tenure (such as a sense of urgency and access to top talent). More beneficial, then, would be to adopt technology innovation strategies and support regulatory regimes that maintain these benefits while also opening up the innovation process without compromising security.

It is important to note that the tension with innovation described here derives from secrecy, not national security itself. Thus were it possible to reduce or work around secrecy requirements and thereby enhance innovation that contributes to technological superiority, it would actually advance national security interests rather than hurt them. Some government agencies are already trying to address this issue, but their authority to implement change is limited, and more concerted action from the executive or legislative branches will be required for meaningful change to occur.

Current Regulatory Regime Approaches

Current regulatory regimes employ several approaches as they attempt to address the tension between innovation and secrecy. The first is a recognition that classifying information limits innovation. So the approach is to avoid classifying information that does not need to be classified (i.e., avoid overclassifying) and, where possible, selectively declassify information.

The Bush administration executive order on “Classified National Security Information” was modified by the Obama administration in 2009 to emphasize this approach. As President Obama specified, “If there is significant doubt about the appropriate level of classification, it shall be classified at the lower level,” and “No information may remain classified indefinitely.”8

Chapter 1 showed that open technology innovation strategies can accelerate the innovation process; enabling a broader innovator community to participate results in the rapid generation of a diversity of ideas. If aspects of a classified problem can be selectively declassified to leverage open technology innovation, it may allow a greater number of innovators to address an urgent national security need more quickly than when classification closes it off to a more limited group of innovators. Even though this approach could have significant effects on enabling technology innovation, it remains impossible in many cases because current regulatory frameworks do not empower program managers to make such tradeoffs.

It is a catch-22. The U.S. government wants to focus technology innovation on specific vulnerabilities of U.S. systems and assets or in areas where U.S. technological superiority is threatened. These vulnerabilities, though, are classified; disclosing them could enable an adversary to exploit them to attack the United States. Thus it is difficult or impossible to leverage open technology innovation strategies in some situations. As Chesbrough has described, it is difficult to solicit ideas if a problem cannot be fully defined.9 The question the government must answer, then, is what can it reveal? If a government agency believes open technology innovation can advance the state of the art and provide a technology solution that helps address a critical vulnerability, it would need to declassify at least selected aspects of the vulnerability—that is, obscure the full vulnerability but reveal some of the technology requirements. That tradeoff calculation would need to be made based on whether potential innovation is more valuable to national security than keeping every aspect of the vulnerability classified.

The authority that government agencies have to make this tradeoff is, in many cases, limited. Only original classification authorities (OCAs) are able to classify or declassify information (see chapter 2), but even OCAs lack the power to make such tradeoffs because they must follow policy guidance. Current policy guidance specifies that any information that could cause serious damage to national security must be protected at the “secret” level, even if it is possible that greater damage would be caused by keeping information classified and restricted to closed innovation strategies.

One way to deal with this problem would be to empower government agencies with decision-making authority to make the tradeoff between the national security value of keeping information classified and the national security value of potentially accelerating the time to addressing a vulnerability by leveraging open innovation. Based on a systems architecture approach, decision makers could use specially developed tools to identify and isolate a subset of the system architecture to declassify for the purposes of leveraging open technology innovation while minimizing the exposure of vulnerabilities that an adversary might exploit.

The second approach is simply to have a classified version of open innovation platforms that is available to innovators with security clearances, thus ensuring that at least this innovator community can access collective knowledge and share ideas to collaborate. This approach is broader than traditional DOD R&D because secure programs tend to lead to silos, as discussed above.

There are at least two ways regulatory regimes have explored this approach. One is through the launch of the DoDTechipedia website and later the NeedipeDIA website. DoDTechipedia, first launched in 2008, allows two-way exchange of needs and innovations. Part of the Obama administration’s Open Government Initiative, it is structured as a wiki that helps “in finding internal and external technology innovations that address the Department’s capability needs.”10 Whereas a member of the public using NeedipeDIA who has an idea to address a posted need must propose a solution by following the traditional government R&D contracting and acquisition process, DoDTechipedia users can post information about a solution directly to the website (with no specific monetary incentive to do so).

The Open Government Initiative describes the benefits this way: “DoDTechipedia levels the playing field to ensure that everyone with good ideas, even if they have never worked with the Department of Defense, can share them with decision makers. In addition, DoDTechipedia ensures that Combatant Commands have access to the information they need from the science and technology community to make the best investment decisions.”11 There is also a classified version of DoDTechipedia.

While there has been no independent study of its effectiveness, DoDTechipedia does make its own claim of success, indicating in 2014 that it “has over 6400 registrants who have logged over 150,000 page views while creating 30 separate blogs and more than 900 technology area, interest area and organization pages. DefenseSolutions.gov has received 37 innovative ideas on its initial theme area, six of which are now being considered for funding.”12 There is no readily available information regarding the classified version specifically.

The DIA launched its NeedipeDIA website in December 2013. Before that the traditional method of soliciting ideas to meet needs was to collect and approve needs for release in a process so lengthy that when the lists were finally released, many needs could potentially be outdated. Now on NeedipeDIA, DIA end users can directly post their needs publicly. Government R&D requests for proposals (RFPs) can reference NeedipeDIA directly, so the latest needs are always listed. DIA itself notes that NeedipeDIA is different from other processes, calling it a “rapid and agile process that is responsive to evolving mission needs.”13 Of course publicly listed needs are unclassified. In 2014 DIA launched a classified version of NeedipeDIA to address classified needs and enable the community of people with security clearances to participate better in the innovation process. At this writing, it is too early to determine the effectiveness of the classified version of NeedipeDIA. Yet even the classified version of NeedipeDIA does not address the growing number of SAPs. In a 2010 article in the Washington Post Dana Priest and William Arkin described just how widespread SAPs are in the secure U.S. government R&D environments:

Beyond redundancy, secrecy within the intelligence world hampers effectiveness in other ways, say defense and intelligence officers. For the Defense Department, the root of this problem goes back to an ultra-secret group of programs for which access is extremely limited and monitored by specially trained security officers.

These are called Special Access Programs—or SAPs—and the Pentagon’s list of code names for them runs 300 pages. The intelligence community has hundreds more of its own, and those hundreds have thousands of sub-programs with their own limits on the number of people authorized to know anything about them. All this means that very few people have a complete sense of what’s going on.

“There’s only one entity in the entire universe that has visibility on all SAPs—that’s God,” said James R. Clapper, Undersecretary of Defense for Intelligence.14

SAPs would be unable to use the approach of NeedipeDIA or DoDTechipedia unless selective declassification, or at least selective reduction of classification from the SAP restriction, was enabled.

A third approach to addressing the tensions with national security from a secrecy perspective is to not reduce competition unless necessary. The regulatory regimes have supported full and open competition by requiring completion of a justification form if competition is reduced. Subpart 6.3 of the Federal Acquisition Regulation spells out seven reasons or “exceptions” an agency can use to justify not having full and open competition on a defense contract; one of them is “national security.”

The notes on the legislative history for this law are long and confusing to a layperson. In general it is understood that competition should not be reduced unless necessary. As one researcher noted, “Whether or not an exception is fully justified, exercising these exceptions always presents a risk because without competition there is not a direct market mechanism for setting a contract price and there is no assurance that the most innovative technology available was identified.”15 Further, the exception justification forms are not always completed properly. As the GAO reported, “Justifications provided limited insight into the reasons for the noncompetitive award or did not fully describe actions that the agency could take to increase future competition.”16 There is evidence that justification form may not effectively deter reduced competition. In a March 2017 report the GAO called for action to increase competition, noting that only 55.4 percent of defense contracts were competitive in 2015, down from 58.4 percent in 2011.17 Most often agencies requested the exception because only one responsible contractor can satisfy the requirements—the first in the list of seven justifications allowed. (However, as discussed in chapter 6, there may be an underlying lack of incentive to innovate in the government R&D context that is driving the limited contractor pool.)

The regulatory regime has tried to increase competition. A 2009 Office of Management and Budget memorandum set a goal to reduce by 10 percent the dollars obligated to high-risk contracts (including sole-source and non-competitive contracts) by 2010.18 The GAO estimates that a reduction of less than 1 percent was achieved.19

The National Security “Exception” to Increasing Competition

Most of the above relates to the most common of the permissible exceptions to increasing competition: only one responsible contractor can satisfy the requirements. But what of the national security exception? A 2012 GAO report addresses this directly, again characterizing national security as going hand in hand with secrecy: “DOD’s use of the national security exception is necessary in certain situations when disclosing the government’s needs in a full and open competition would reveal information that would harm national security.”20

The GAO explains that it cannot even analyze the exception fully. “Gaps in federal procurement data limit GAO’s ability to determine the full extent of DOD’s use. . . . However, DOD intelligence agencies and special access programs frequently use the exception, but are generally excluded from reporting procurement data. . . . DOD policy on reporting sensitive procurements for other military department programs is not clear.”21

As for data to which the GAO did have access, it found that justification forms were filled out improperly or lacked detail: “For most national security exception contract actions GAO reviewed, DOD used a single justification and approval document that applies to multiple contracts—known as a class justification. Among those reviewed, $3.3 billion of $3.4 billion was obligated under contracts that used class justifications, which reduce the steps required to proceed with individual contract actions that do not use full and open competition.”22 In other words, class justifications were employed that made it easier to use the national security exception. Further, 84 percent of the time the national security exception was used, it was not that competition was reduced to a smaller group, but rather that there was no competition at all.23

Even though it may reduce competition and inhibit innovation, not everything about class justification is viewed as negative. “According to contracting officials,” notes the GAO, “the increased flexibility of national security exception class justifications helps meet mission needs.”24 Agencies sometimes see the justification form as a step that slows the government down rather than as a positive tool for finding opportunities to enable competition and innovation. Indeed this mind-set was articulated again and again in the many interviews I conducted with government acquisition organizations and defense contractors. Whatever value there is in speedy contracting, the national security exception should not be used when it isn’t necessary just to speed things up. A balance is important because while class justifications may serve a near-term mission need more quickly, bringing in more innovation through greater competition is critical to long-term security.

Clearly the tension between national security and secrecy inhibits innovation that is important to advancing U.S. national security. It must be addressed. While current approaches have not yet fully addressed this tension, there does appear to be a growing awareness of the potential consequences for innovation that advances national security interests. Those aspects of the regulatory regime that create this particular tension may therefore be ripe for change.

All too often secrecy is protected without any mechanism for rigorous debate regarding whether it is required for national security. That is precisely why the ultimate regulatory policy goal should be to work around or lessen secrecy if it can be done in a manner that furthers both innovation and national security. That has been the aim of the approaches discussed above. These approaches are in the early stages. We do not yet know whether they can achieve their goals within the constraints of secure government R&D environments. That makes it important to identify and understand the people and organizations with the authority to determine what level of secrecy is required for national security.

Who Decides?

Today U.S. government security classification is largely addressed by the executive branch. The president issues executive orders that define levels of classification, identify those with the authority to classify information, and set how long information should remain classified.

Prior to World War II classifying information or restricting access was unique to the military, which defined security classification authority and decisions. In 1940, during the lead-up to U.S. involvement in the war, President Franklin D. Roosevelt issued Executive Order 8381, stipulating the president’s right to classify information. This order pertained specifically to information regarding military and naval installations, and it cited statutory authority, meaning the president’s authority to provide himself this right derived from statute.25

After the war tensions with the Soviet Union began to rise almost immediately. Many historians mark the start of the Cold War as 1947, during the presidency of Harry S. Truman. In 1951 President Truman went beyond reference to statutory authority alone, citing constitutional authority for the first time in his Executive Order 10290: “by virtue of the authority vested in [the president] by the Constitution and statutes.”26 President Truman’s order defined the categories of classified information (“top secret,” “secret,” etc.) and those with the authority to classify information and set limits on dissemination. Whereas prior executive orders had applied only to the military, President Truman’s order “marks the first time that classification system was applied to non-military federal departments and agencies.”27 The order also prohibited classified information from being disseminated outside of the executive branch.

Of course, context is relevant. Executive orders, as with other policy-making mechanisms, have specific near-term objectives that are necessitated by the geopolitical climate at the time they are issued. President Truman’s stated objective in Executive Order 10290 was to avoid “unnecessary delay in the handling and transmission of documents,” so he introduced the policy of classifying information at the lowest level possible.28 The geopolitical environment at the beginning of the Cold War contributed to the perceived need to limit access as well as to facilitate military operations by providing access to classified documents without delay.

Since then some presidents have maintained the policy of classifying information at the lowest level possible. For instance, President Obama issued Executive Order 13526 in 2009; it is still in effect at this writing. Its stated objective is transparency and the support of the “free flow of information both within the Government and to the American people.”29 President Obama’s executive order was issued in the geopolitical climate of the protracted Iraq war and controversy over the lack of government transparency, fueled in part by WikiLeaks, an organization that began publishing leaked classified information in 2006.30

Presidents since President Truman have issued their own executive orders relating to classification, generally citing both constitutional and statutory authority but without any specific reference; this includes President Obama’s 2009 order. One could reasonably infer that presidents are citing their so-called “commander-in-chief powers,” granted by the Constitution’s general statement that the president is the head of the armed forces. The Constitution grants no specific powers regarding security classification of information, nor does it grant the executive branch exclusive authority to determine whether secrecy is required for national security. So while from a legal perspective the breadth of a president’s authority over classifying information is an open question, it is certainly clear that the president (and, by extension, the executive branch) is likely to be at least one of the parties with authority to determine how decisions are made regarding the necessity of secrecy for national security. While the executive branch has taken the lead, the legislature has also been involved.

Congress has enacted or debated legislation related to the dissemination of classified information. For instance, Congress passed the Atomic Energy Act in 2011 and “established a separate regime . . . for the protection of nuclear-related ‘Restricted Data.’”31 The Government Secrecy Reform Act of 1999 had the Senate considering legislation to “provide for a system to classify information in the interests of national security and a system to declassify such information.”32 Therefore, given that there is no provision of exclusive authority by the president over classified information, it is possible for Congress to weigh in on the issue of secrecy and support the initiatives to reduce secrecy to the extent possible while backing open technology innovation in areas of importance to national security.33 Of course it stands to reason that joint action by the executive and legislative branches would likely create the most sustainable change.

A Pattern of Reversal

One of the main challenges to introducing more open innovation in the national security context is the inconsistency of executive orders; such inconsistency makes it difficult to try out new approaches and gauge their success over time. Presidential priorities and values change from one administration to the next when a new president comes from a different political party than his predecessor, as is revealed by the pattern of reversal of executive orders shown in table 4. Each time the president’s party changes, a new executive order on security classification is issued.

Table 4. Demonstrated pattern of reversal of security classification policy

President	Party	EO on Security Classification	Year
Harry S. Truman	D	EO 10290	1951
Dwight D. Eisenhower	R	EO 10501	1953
John F. Kennedy	D	EO 10964	1961
Lyndon B. Johnson	D	—N/A—
Richard Nixon	R	EO 11652	1972
Gerald Ford	R	—N/A—
Jimmy Carter	D	EO 12065	1978
Ronald Reagan	R	EO 12356	1982
George H. W. Bush	R	—N/A*—
Bill Clinton	D	EO 12958	1995
George W. Bush	R	EO 13292	2003
Barack Obama	D	EO 13526	2009

* Modified EO 12356 but did not issue a new EO.

As an illustration of the reversal problem, consider the executive orders on security classification from three successive presidents: Bill Clinton, George W. Bush, and Barack Obama. President Clinton’s Executive Order 12958 in 1995 sought to reduce secrecy where possible. It set ten-year limits on newly classified information in most cases; classifiers were instructed to keep information unclassified when in doubt or at the lowest level possible; and declassification was mandated for information twenty-five years old (with limited exceptions). In addition, the order established an Interagency Security Classification Appeals Panel (ISCAP) to handle appeals to the mandated declassifications, with appeals to ISCAP rulings made directly to the president.

President Bush’s Executive Order 13292, issued in the wake of the September 11 attacks, in general lessened the amount of disclosure required by President Clinton’s order. President Bush’s order removed the directive to disclose information when in doubt, extended the starting date for automatic declassification, and increased the scope of types of documents that could be classified.34 An analysis by the group Public Citizen concludes that President Bush’s order tends toward greater secrecy than President Clinton’s order: “Although Executive Order 13,292 retains most of the structure of the 1995 Order, it modifies many of the critical provisions in ways that encourage greater secrecy and allow agencies to postpone or avoid declassification that would have been required under the 1995 Order.”35

President Obama’s Executive Order 13526 replaced the previous two orders and generally represented a return to the intent of President Clinton’s order, including the reestablishment of President Clinton’s directive to disclose information when in doubt. President Obama’s order reduced the number of people authorized to originate classification and established the National Declassification Center to address the ISCAP backlog and help shorten the time required to declassify documents. Further, Order 13526 mandates that agencies report annually to the Information Security Oversight Office (ISOO). Still President Obama’s Order 13526 did not fully restore President Clinton’s Order 12958.

The pattern of reversal affects the reclassification of declassified documents as well. President Clinton’s order specifically disallowed reclassification; President Bush reversed that ruling to allow reclassification by agency heads or deputy agency heads;36 and President Obama’s order, while swinging the pendulum back toward President Clinton, still allowed reclassification in certain cases. A 1997 congressional committee report drew attention to this problem of inconsistency: “Repeated changes both disrupt the efficient administration of the classification system and can be very costly,” wrote its authors, Daniel Moynihan and Larry Combest. “Each new order has required that agencies devote significant time and resources attempting to make personnel aware of how policy changes affect their work.”37

Even just the threat of policy reversal can play a role. Such a threat may explain the slow enactment of President Obama’s Executive Order 13526. For example, it took the Department of Homeland Security five years to issue a statement that it was beginning to update regulations to incorporate new and revised procedures pursuant to the order.38

The ability to block rulings by ISCAP reveals another aspect of how this inconsistency plays out in the context of secrecy versus open innovation. President Clinton’s order established ISCAP to handle appeals to the mandated declassifications, with appeals to ISCAP decisions going directly to the president. President Bush’s order provided unique authority to the director of central intelligence (DCI; now known as the director of national intelligence, or DNI) to block declassification rulings by ISCAP without consulting the president.39 The DCI was given authority to reject ISCAP rulings if he or she determined that disclosure would cause damage to national security; further, “the [DCI’s] decision to override ISCAP can be reversed only by the President”40—meaning the DCI does not need to provide justification to another person or organization to set aside ISCAP’s decision to declassify a document and keep it classified. President Obama’s order swung the pendulum back toward the spirit of President Clinton’s order, affording the DCI/DNI no special privileges to block ISCAP rulings. President Obama reinstated the policy that any agency head wishing to appeal an ISCAP decision must present the appeal to the president, but it added that the appeal would be made through the national security adviser.

The ISOO submits an annual public report to the president that provides aggregate data on the number of documents that are declassified, the number of appeals made to ISCAP, and the costs of declassifying information (among other information). One ISOO report reveals that President Clinton’s order was “so successful in promoting declassification that, during the first six years after this Order was issued, the average number of records declassified each year increased more than tenfold.”41 But another ISOO report revealed that “during the first full fiscal year of the Bush Administration (2001), the total number of classification actions increased by 44 percent to 33,020,887.”42

Figure 20 shows that of the slightly over fifteen hundred documents whose declassification was appealed, ISCAP proceeded with at least partial declassification of the majority of them. As figure 21 shows, most appeals to ISCAP come from the intelligence community, including the CIA, National Security Agency, National Security Council, and Defense Intelligence Agency.

An array of factors related to the ISCAP process contributes to the problem that secrecy continues to thwart open innovation. For instance, as of this writing, the CIA director has the unilateral authority to reverse an ISCAP decision to declassify documents, as per President Bush’s order. Allowing the head of the same agency that submitted a classification request to ISCAP to reverse any ISCAP decision with which it disagrees would seem to defeat the very purpose of ISCAP and circumvent the policy goal of decreasing secrecy.

Further, a large number of the documents that are marked as unclassified based on declassification by ISCAP remain unavailable to the public. The CIA often cites the Central Intelligence Agency Act of 1949 (50 USC § 403g) to justify its authority to withhold many of its own unclassified documents.43 The extensive redactions in figures 22 and 23 are strong illustrations of how declassification could be numerically counted as “successful” but where the spirit and intent of reducing secrecy are not achieved. One of the documents is four pages long, and yet only three sentences are left unredacted.

Increasing Secrecy

The trend toward increasing secrecy is also found in patent secrecy orders. As discussed in chapter 2, the number of secrecy orders is increasing over time. A 1993 government report by the DOD Acquisition Law Advisory Panel found that the number of secrecy orders was “excessive” and cautioned that increased secrecy has detrimental effects on innovation: “The process being used at the present time places many patents under secrecy order, thereby impeding the owner of the invention from using it in worldwide commerce.”44

The ramifications of a patent secrecy order must be understood. Not only does such an order prevent the inventor from obtaining a patent, it also forbids the inventor from publishing or disclosing any material related to the invention. Further, export control laws include “information covered by an invention secrecy order” in the definition of technical data that are restricted from export.45 A secrecy order classifies not only the patent, but also all of the data contained in it. Therefore care must be taken to determine the process for classifying patent applications.

Chapter 2 described a detailed process involving security classification guides to specify what pieces of information should be classified and at what level. However, patent secrecy orders do not follow such a process, and no such guidance exists. The government has previously recognized this challenge. The DOD Acquisition Law Advisory Panel noted that “neither the PTO nor individual service branches and intelligence services have issued clear or consistent guidance concerning procedures for determining which technologies deserve scrutiny.”46 The panel looked at the process through which various agencies submit recommendations on secrecy orders to the PTO. It found that “agencies often rely on the Military Critical Technologies List (MCTL) to determine whether to recommend the imposition of a secrecy order to the PTO,” even though “[this] list was never intended for such use.”47 The panel was concerned that using the MCTL “as a justification for the imposition of a secrecy order could cause severe constraints on the availability of critical technologies to U.S. defense industries by denying patent protection to U.S. technology innovators.”48

Even where Congress has enacted statutes governing secrecy related to U.S. patents, the guidance is not clear and leaves open risks for misunderstanding, inconsistency, and potential conflicts of interest. The Invention Secrecy Act states that a secrecy order should be imposed when the disclosure of a patent “might, in the opinion of the head of the interested Government agency, be detrimental to the national security.”49 No clear guidance is given as to what would be “detrimental to the national security.” Without such guidance, there is a risk that agency heads may apply their own, potentially varying, standards for what is “detrimental.” In addition to the risk of inconsistency, there is a potential for conflicts of interest to arise when the same agency that may benefit from the use of or access to an invention is also the one in charge of ordering that it be kept secret. Since there are limited data published and such determinations are not made in a public manner, it is difficult to study these risks empirically or evaluate whether they are real or theoretical. But the uncertainty alone may be enough to deter some innovators from participating in secure government R&D.

Notwithstanding these concerns, the broader point remains the same: untangling secrecy and national security to achieve innovation can enhance national security in the long run. For example, if the determination of what is “detrimental to the national security” is not consistently understood or applied, it is difficult to argue that whatever national security interest might exist is truly being served by the law’s protections. A more critical evaluation of what the national security interest is in a given situation, and whether such interest is best served by secrecy or openness, would likely better serve the national security interest. The DOD panel urged that the competing national security interests of innovation and secrecy need to be balanced: “The statute should operate in a manner that will promote the U.S. technological base while at the same time impede the flow of technologies to potential adversaries.”50

In its 1993 report the panel recommended amending the Invention Secrecy Act and establishing an oversight committee to ensure that secrecy orders are applied more consistently and that both national security interests of secrecy and innovation be weighed. To date no amendment has been made.

Overcoming the Challenge

Untangling secrecy and national security to achieve innovation that enhances national security in the long run is a complex challenge. It requires enduring policies that can be carried out fully without their implementation being repeatedly examined and “corrected” through the interference of a wide array of government agencies. Yet such a procedure is simply not possible when policy is made through a series of executive orders that are reversed, one after the other, every time a new president enters the Oval Office.

The legislative and judicial branches can help break the logjam and provide guidance and oversight to ensure consistency. While the willingness of these branches to do so may be unclear when it comes to security classification specifically, they have shown a willingness to act in a related area of the law: disclosure of information. The passage and ongoing refinement of the Freedom of Information Act (FOIA),51 enacted by Congress in 1966, is an instructive story.

The intent of FOIA was to allow the disclosure of information whenever possible. FOIA initially required disclosure unless it was specifically disallowed by another statute.52 The Supreme Court later imposed restrictions on this broad disclosure, interpreting the law as having “a congressional intent to allow statutes which permitted the withholding of confidential information, and which were enacted prior to the FOIA, to remain unaffected by the disclosure mandate of the FOIA.”53 The court allowed the Federal Aviation Administration (FAA) to delegate “almost unlimited discretion to agency officials to withhold specific documents in the ‘interest of the public.’”54

Congress responded by clarifying FOIA’s intent. As the U.S. Department of Justice explains, “Fearing that [the Supreme Court’s] interpretation could allow agencies to evade the FOIA’s disclosure intent, Congress in effect overruled the Supreme Court’s decision by amending Exemption 3 in 1976.”55

What of the executive branch? The current pattern of executive orders is inconsistent and has serious limitations for addressing a complex issue that requires consistent, sustained, and directed action. The objectives behind executive orders on classification appear to be primarily concerned with transparency. They lack any explicit consideration of enhancing innovation in areas of importance to national security. Such specific consideration could help support other initiatives to reduce secrecy to the extent possible to enable that innovation. In the end all three branches of government need to work together if we are to realize the objective of less unnecessary secrecy in the interest of open innovation and national security.