A LOOK AT...Keeping Secrets
Op-Ed, Washington Post, page B03
June 25, 2000
Author: Jennifer Weeks, Former Executive Director and Research Associate, Project on Managing the Atom/Science, Technology, and Public Policy Program, 1997-2001
A LOOK AT . . . Keeping Secrets
Several years ago, U.S. policy debates about nuclear security centered on what to protect. Now, the theme is how soon we can protect everything. This approach is all but guaranteed to fail— and may have been a factor in the case of the lost-and-found hard drives at the Los Alamos National Laboratory.
Just as the Environmental Protection Agency cannot hope to catch every polluter in the nation, or the U.S. Customs Service to detect every smuggler who breaches U.S. borders, it is unrealistic to expect the Department of Energy to protect every piece of information that may be even tangentially relevant to producing nuclear weapons. Our aims should be to drastically narrow the terrain that needs protecting, and then to control the truly sensitive information effectively.
The scope of the Energy Department's mission is undeniably daunting. In its role as custodian of America's nuclear arsenal, the department holds roughly 280 million pages of documents classified "Secret" or "Top Secret." It also manages a lesser, hard-to-quantify category, Unclassified Controlled Nuclear Information, which may be distributed only to U.S. citizens with a need to know— for example, security guards who need floor plans of buildings that hold nuclear materials. It co-manages still another relevant category, Export Controlled Information, which may be distributed freely to U.S. citizens but not to foreigners without an export license. Many widely available goods are in this category— for example, the popular Lotus Notes software, which has encryption capabilities, was export-controlled until just six months ago.
Not only is the inventory of classified nuclear data too large, but some classification guidelines are outdated and don't correspond to current security threats. As a 1995 National Academy of Sciences study noted, in the Cold War era it was not critical to protect simple nuclear weapons designs from the Soviet Union— which had its own advanced arsenal. But today, such information could be very useful to a would-be nuclear power or terrorist group. Conversely, it used to be important to keep the Soviet government from learning how much fissile material we had. But today we willingly share some of that information as part of our effort to keep tabs on Russia's holdings of uranium and plutonium.
To cite another example, the total number of warheads in the U.S. stockpile is still classified, although retired Gen. Colin Powell stated the figure publicly several times while he headed the Joint Chiefs of Staff. Nor will the government disclose the average amount of plutonium in a nuclear warhead, although the total amount of plutonium in U.S. warheads is now public information, so anyone who cared to know could divide that figure by Powell's warhead number and figure it out.
To make the system more effective, therefore, the academy urged the Energy Department to reduce or eliminate classification of less-critical information and increase protection for information that was truly relevant to post-Cold War threats. In 1997, a high-level review of nuclear classification policy, chaired by former Sandia National Laboratory director Al Narath, repeated and sharpened this point.
The Narath review called for getting rid of the "born secret" presumption, which dictates that any information related to nuclear weapon design, production or use is automatically classified. On the other hand, it identified certain information that potentially deserved even stronger protection— such as techniques for overcoming the electronic "locks" that would deter terrorists from exploding a stolen U.S. nuclear weapon. (Energy officials have indicated that the Los Alamos hard drives— which were lost, then found behind a copying machine— contained that type of information.)
Implemented fully, these authoritative studies would have made the job of protecting critical nuclear weapons information a lot more feasible. Even before the Narath review, Hazel O'Leary, President Clinton's first-term Energy secretary, tried to begin the declassification process. Under her sweeping Openness Initiative, the department released such information as data on previously secret U.S. nuclear tests, how much plutonium the United States produced and the amount of mercury used in U.S. weapons production (important for environmental cleanup efforts).
But politics intervened. What that effort won for O'Leary was a relentless attack by conservative members of Congress. They called her a security threat. Some went so far as to charge— without evidence— that she had leaked an advanced nuclear warhead design to the press. (This demonstrably false allegation was repeated last week during the Los Alamos hearings in Congress.)
O'Leary's successor, Bill Richardson, has said many times that better nuclear security is his top priority. That made last year's allegations of Chinese spying at nuclear weapons laboratories all the more embarrassing, and put even more pressure on Richardson and the department to protect any and all nuclear-related data. Richardson frequently cites a list of reforms his administration has instituted, including upgraded computer security systems, restrictions on foreign visits and improved counterintelligence programs. Congress has imposed additional requirements, such as polygraphs for thousands of employees.
But more security is not always better security. Sometimes it's just the opposite.
To wit: Last summer, the Energy Department issued its first "Sensitive Subjects List"— more than 50 categories of technical information that could conceivably be relevant to producing nuclear, chemical or biological weapons, or otherwise be a target for spies. Many of the topics are not classified and some are downright common— such as advanced high-performance computers (like those in some businesses) or Global Positioning System receivers (like the ones you can buy at Radio Shack).
Any foreign visitor to an Energy Department lab whose discussions might include any item on the Sensitive Subjects List must undergo an FBI background check, and the department must review whether the interaction requires an export license (information, even from a conversation, can be a "deemed export"). Visits from nationals of the several dozen countries on the related "Sensitive Country List" (China, the former Soviet republics, various "states of concern") trigger background checks regardless of their subject.
Remember, all of this is done on behalf of information that has a low security priority. In effect, the Energy Department has expanded its already massive management burden. Furthermore, these controls inhibit American scientists from publishing and giving presentations at conferences for fear that some fact, some reference, will be "sensitive." That the process is burdensome is certain. Whether it makes our nuclear secrets safer is highly doubtful.
And the price of wasting time and energy on this kind of politically inspired effort is failure to do things that need to be done. Here's where the wayward hard drives of Los Alamos come in: Because they were classified "Secret," rather than "Top Secret," the lab did not track their location or require users to sign them out.
But if the Energy Department had followed all the recommendations of the 1997 Narath review, it would have upgraded security controls for 137 types of nuclear information— including the data on the Los Alamos hard drives. The Defense Department, which shares control over nuclear weapons information with the Energy Department, blocked that change. (Among other reasons, the Pentagon did not want its employees to have to undergo the rigorous background checks required by the Energy Department.) Energy could have fought Defense on this one, but in the plethora of security upgrades it was trying to accomplish, Energy let it slide— and paid the price in hostile congressional hearings.
The current focus on controlling access by foreign visitors and employees is also questionable. Although Richardson has spoken out against "racial profiling," the department clearly targets foreign nationals as security threats, through measures such as requiring foreign-born lab employees who have access to classified information to wear colored badges marked with their countries of origin. And Congress has tightly restricted foreign visits to the nuclear weapons labs. These curbs have greatly reduced our interactions with foreign scientists, even on unclassified subjects— which is a real threat to creative, smart research. In fact, these controls make us less secure by interfering with cooperative programs on post-Cold War threats such as controlling Russia's nuclear weapons materials.
Bringing common sense to our nuclear security policy will require more political restraint than we have seen in the past several years. Energy officials and members of Congress need to stop blaming each other and agree on what security threats are most critical. Redundant and confusing tools such as the Sensitive Subjects List should be dropped.
Congress should stop requiring reports on irrelevant bean-counting measures, such as how many security training courses the Energy Department conducts— and stop confusing such measures with results. It also should provide more support for declassification. Similarly, revising the Atomic Energy Act to eliminate outdated information categories would free up resources to manage today's key secrets.
Protecting nuclear secrets in the Information Age is a daunting task, and events at Los Alamos should serve as a wake-up call to reassess our current approach. But "more" is not an adequate security strategy. Rather than broad but thin nuclear security programs, the goal should be narrow but deep controls. As the Commission on Protecting and Reducing Government Secrecy, chaired by Sen. Daniel Patrick Moynihan, observed in 1997, "The best way to ensure that secrecy is respected, and that the most important secrets remain secret, is for secrecy to be returned to its limited but necessary role."
For more information about this publication please contact the STPP Web Manager at 617-496-1981.
Full text of this publication is available at:
For Academic Citation: