Federation of American Scientists
on the Proposed Freedom of Information Act Exemption
for "Operational Files" of the
National Security Agency
May 20, 2003
A provision that would exempt "operational files" of the National Security Agency (NSA) from the search and review requirements of the Freedom of Information Act (FOIA) is pending in both the 2004 Defense Authorization Act (section 1035 of S. 1050) and, in more elaborate form, the 2004 Intelligence Authorization Act (section 501 of S. 1025).
While the intent behind the proposed exemption - to avoid wasted effort searching highly classified files that would not be released in any case - is understandable, the language of the provision is so broad that it could have significant unintended consequences.
Several questionable features of the draft exemption are briefly identified below, together with suggestions for revision.
The fundamental problem posed by the draft exemption has to do with the rather loose definition of "operational files."
Problems and Solutions
More specifically, as detailed below: The draft exemption lacks the specificity of the comparable CIA exemption; it does not distinguish between current and historical operational files; the list of investigative agencies whose investigations would nullify the exemption is incomplete; and so forth. Without a precise definition, the exemption will inevitably be broadly construed, to the detriment of the open government principles of the FOIA.
Problem: Scope of Exemption is Broader than that of CIA's Exemption
The proposed exemption purports to protect NSA operational files "to the same extent as provided for the operational files of the Central Intelligence Agency under section 701 of the National Security Act of 1947" (S.Rep. 108-46 on sec. 1035).
But it is much broader than that. The CIA operational files exemption is explicitly limited to files of the Directorate of Operations, the Directorate of Science and Technology, and the Office of Personnel Security. No such organizational limitation appears in the proposed exemption for NSA.
NSA officials have helpfully explained that what they mean by "operational files" is the "nuts and bolts" technical documentation of signals intelligence collection. They indicated that this means material that "documents the conduct of signals intelligence" such as "SIGINT analyst notes and technical targeting information."
Such records are not distributed evenly or randomly throughout the agency. Rather, they are concentrated almost exclusively in the NSA Signals Intelligence Directorate. Accordingly, that is where any operational files exemption would be applicable.
Solution: Limit the Scope of the Exemption to the SIGINT DirectorateProblem: Indeterminate Status of Historical Files
If the CIA operational files exemption is to serve as a model, then the proposed exemption for NSA should likewise be limited to the relevant directorate where operational records, precisely defined, are found: the NSA Signals Intelligence Directorate.
In addition, it would be helpful for the associated report language to provide representative examples of what is to be exempted, e.g. analyst notes and technical targeting that document the technology of current surveillance operations, and similar technical operational material.
The late Senator Daniel P. Moynihan argued vigorously that the intercepted Soviet communications that were decrypted by U.S. intelligence analysts under what became known as the VENONA program could have favorably altered the course of cold war history if they had been declassified and released decades ago instead of just a few years ago. 
But under a broad reading of the proposed exemption, the VENONA documents might still be inaccessible under the FOIA today because they arguably reveal information about the "operational" capabilities of the United States. That is, they carry specific implications about the conduct of US signals intelligence collection as well as the limits of NSA decryption and linguistic abilities.
NSA officials have stated clearly that it is not their intention to exclude historical materials from the search and review provisions of the FOIA. The problem is, the draft exemption does not state this clearly.
Solution: Exclude Historical FilesProblem: List of Investigative Agencies is Incomplete
The proposed exemption should state that it is not applicable to historical records, archival records, or records concerning completed operations, such as those that are subject to the NSA historical review program.
Under the proposed exemption, NSA operational files would still be subject to search and review if the files concern the subject matter of an investigation by one of several specified oversight bodies in Congress or the executive branch.
These oversight bodies include the House and Senate intelligence committees, the Department of Justice, the Intelligence Oversight Board, the Office of General Counsel of NSA, and the Office of the Director of NSA. 
But this list obviously does not include every oversight body that has jurisdiction over NSA.
To begin with, it does not include the Armed Services Committees of the Congress. It also does not include the Department of Defense Inspector General or the Inspectors General of the military services (which have jurisdiction over service SIGINT activities). Nor does it include the Information Security Oversight Office, which conducts oversight of classification policy under executive order 12958, as amended, or the Defense Security Service, the President's Foreign Intelligence Advisory Board, the CIA General Counsel, and so forth.
Solution: Amend to Include All Official InvestigationsProblem: Conflicting Definitions Concerning Disseminated Intelligence
This defect could be corrected by simply specifying that operational files that are the subject matter of any official investigation shall be subject to the search and review provisions of the FOIA.
Optionally and by way of illustration, the various oversight bodies mentioned that are noted above (but not in the legislation) could be listed.
Section 1035 of S. 1050 states that "Files that contain disseminated intelligence are not operational files."
But the intelligence committee's version of this legislation, section 501 of S. 1025, states that "Files which are the sole repository of disseminated intelligence are not operational files."
Under the latter definition, which seems to be vastly narrower, disseminated intelligence could apparently be handled as "operational" unless it is in files that contain nothing but ("the sole repository of") disseminated intelligence.
Solution: Clarify the DefinitionProblem: Non-impact of Declassification of Records
The intelligence committee bill would permit the exemption of disseminated intelligence from search and review under circumstances that are not uncommon. Even the NSA has not asked for such broad authority. The intelligence committee draft definition should be rejected.
The Senate intelligence committee's version of the proposed new FOIA exemption for NSA operational files includes a new provision that states:
The declassification of some of the information contained in exempted operational files shall not affect the status of the operational file as being exempt from search, review, publication, or disclosure.This provision, which does not appear in other (CIA or NIMA) operational files exemptions, seems at odds with the basic rationale for the exemption. The NSA has said that the records covered by the exemption "invariably will be properly withheld under the FOIA," and that the exemption merely prevents the diversion of resources away from signals intelligence to unproductive FOIA searches. However, if records in operational files may in fact be properly declassified, then it is not true that the FOIA searches would be unproductive.
Solution: Eliminate the ProvisionProblem: Inadequate Oversight
The provision does not exist in the CIA or NIMA exemptions, and has not been justified. It is an inappropriate evasion of the search and review requirements of the FOIA. It should be removed.
The decennial (i.e. once per decade) review provided in the proposed exemption has not proved adequate or even useful in the case of the CIA operational files exemption. It does not provide sufficient reporting to enable effective oversight.
Solution: Enhanced Reporting
If an operational files exemption for NSA is enacted, then NSA should be required to report to Congress each year for three years, and perhaps every five years thereafter, on the implementation of the new exemption. Among other items, NSA should be asked to report on the frequency with which the exemption was invoked, the categories of records affected, legal challenges, etc. This information could easily be provided as part of the Agency's annual report to Congress on implementation of the Freedom of Information Act.
Is NSA More Like NIMA and NRO - Or DIA?
Proponents say that the proposed NSA operational files exemption is a routine updating of FOIA procedures that corresponds to similar exemptions granted to other intelligence agencies, including the National Imagery and Mapping Agency in 1999 and the National Reconnaissance Office in 2002.
They forget that when the Defense Intelligence Agency (DIA) requested an operational files exemption of its own in 2000, the proposal was rejected by Congress. 
Critics argued persuasively that DIA operational files encompassed records of historical and contemporary public interest on military and political developments abroad as well as important information about human rights abuses. As a result, the proposal was abandoned.
On the spectrum of public interest in agency activities, NSA arguably falls somewhere between DIA and NRO/NIMA. That is, I believe there is greater public interest in the activities and products of the NSA than in generally less intrusive agencies such as the NRO and NIMA.
It is therefore fitting that NSA be held to a more demanding FOIA standard than those agencies. And if NSA is to be granted an operational files exemption, it should be narrowly circumscribed along the lines described above.
NOTES1. The consequences of a loosely defined FOIA exemption can be seen, for example, in a current FOIA proceeding against the Central Intelligence Agency. Although the intelligence budget from 1997 has been declassified, the CIA today claims that the aggregate intelligence budget figure from 1947 - fifty years earlier - cannot be disclosed because it would compromise "intelligence sources and methods." I doubt that this is what Congress meant when it mandated protection of sources and methods.
2. Senator Moynihan raised this issue on many occasions. For example: "A compelling question is why the United States Government never let the American people know what it knew. By 1950, at least some in the Government were aware that our VENONA 'secret' had been compromised. The Soviets knew that we knew, or could surmise. It was the American public that did not know." Report of the Commission on Protecting and Reducing Government Secrecy (the "Moynihan Commission"), Appendix A, page A-34.
3. This list is explicit in section 501 of S. 1025, the 2004 intelligence authorization act. I believe that it is implicit in section 1035 of S. 1050, the 2004 defense authorization act, because that section makes reference to the CIA operational files exemption which contains a similar list.
4. See Section 933 of S. 747, the Defense Department's draft of the defense authorization bill, which on this point corresponds to S. 1050, not to the intelligence committee draft.
5. See Section 1045 of S. 2549, FY 2001 Defense Authorization Act, deleted in conference on H.R. 5408.