Secrecy & Leaks
A Personal Tale of Prepublication Review
Intelligence community (IC) personnel agree to a great many restrictions that would be shocking in any other profession. They must obtain permission to travel internationally, submit detailed annual financial disclosures, and report any contact with foreign nationals or the press, among other things. In addition to restrictions while employed, those who work for the National Security Agency (NSA) acquire three lifetime obligations: Safeguarding protected information, reporting unauthorized disclosures of protected information, and prepublication review.
All three obligations are necessary for the protection of national security secrets. But prepublication review is the most frequent subject of complaints among former IC officials. Here on Lawfare, Jack Goldsmith and Oona Hathaway have discussed their own experiences and concerns with the publications review process at length. Former CIA analysts Nada Bakos and John Nixon recently authored a Washington Post op-ed lamenting their former agency’s Publications Review Board and the delay of their respective books.
Having recently gone through a similar ordeal at NSA, I’d like to offer my own thoughts on the process—which I’d give a mixed review—along with suggestions for evaluation criteria that should be helpful in assessing any overdue reform initiatives.
At the outset, it is important to note that I am not an “IC lifer.” I am an academic and co-founder of a software company. I spent academic year 2007-2008 on sabbatical leave at NSA, got hooked on the mission, and returned for another summer as a “blue badge” (an employee of the IC). I then become a “green badge” contractor and was moved from NSA to the Center for Computing Sciences (CCS). CCS is a classified research subsidiary of the not-for-profit Institute for Defense Analyses (IDA). I spent the next several summers working in the SCAMP teams (a kind of three-month tiger team) at CCS.
The precise details of my employee history may seem mundane. But their relevance is significant because of one of the foundational problems with prepublication review: people have different experiences based on the specific agency or even specific components within an agency in which they worked.
I wrote a memoir of my time in the IC. I was motivated, in part, by a hope that I could help counter the intensely negative views of the NSA in the media and popular fiction. I even hoped my book might encourage more academics to become sabbatical visitors. In contrast to the CIA, whose former employees have produced a large number of memoirs (as catalogued in Christopher Moran’s book, Company Confessions), there are virtually no memoirs from the NSA. A notable exception is former NSA Director (DIRNSA) Michael Hayden’s memoir, Playing to the Edge, which covered his time at both NSA and CIA. Mine is the rare exception bubbling up from the “grunt” level. Eventually my memoir made it through prepublication review, albeit with many redactions.
But my relationship with—and perception of—the IC suffered as a result. My contentious prepublication review experience led to at least two significant consequences. One, I was not invited back to participate in the 2016 SCAMP. I believe this is because I had become an irritant to CCS through the review process; I can’t be certain this was the cause, but I know my previous technical work was well-received. Two, and more significantly, there was some confusion over whether I was designated as a member of the press. Because my former colleagues are obligated to self-report a press contact, this lead to confusion over whether they were required to report any time we discussed matters which could be interpreted to relate to NSA business. This placed both me and my former colleagues in an uncomfortable position—unsurprisingly most NSA employees tend to avoid having “press contact” wherever possible.
Having had a few months to ponder this rather fraught process, I offer a few guidelines for those conducting prepublication reviews. I believe these will provide a useful framework for any future evaluation of a reformed prepublication review process.
1. Security First
Keeping classified information safe is, of course, the entire purpose of the process.
I am grateful to NSA on this element. The prepublication review process helped me ensure I fulfilled my commitment to protect information entrusted to me. There were subtleties I missed in my writing, partly because my perspective is one of someone who moves in and out of the IC. For example, while I recognize the important of protecting IC employees’ affiliation, I viewed certain details (like someone having twin children) as innocuous. In context, the Agency deemed that information overly identifying, and I deferred to their security judgment in removing that detail. That is precisely what the prepublication review process is designed for—eliminating information which well-meaning former employees have missed as significant.
2. Strategic Perspective
In service of safeguarding information, reviewers have wide discretion to redact sentences. Inevitably, the balance occasionally tilts too far in favor of redaction, sometimes bordering on the ridiculous.
The mere fact of prior publication does not equate to declassification. Current and former IC employees are expected to treat as classified even information which is widely available online. But the line with facts that are so obvious and apparent becomes blurred. Yes, confirming a program described in a leaked document is problematic. But the fact that U.S. intelligence works particularly closely with five particular countries is not a secret that needs to be redacted; in fact, it isn’t a secret at all. And in at least one instance, I was able to demonstrate that something the reviewers wanted to redact had previously been declassified by NSA itself in a court document. This suggests to me that reviewers are working off a set of general principles and do not have the resources to stay current on recent declassifications and disclosures.
To its credit, NSA never once attempted to redact criticisms of the agency itself—for example, when I criticized the growing “air gap” between its research and operational components. But while it certainly isn’t trying to stifle dissent, NSA’s fails to recognize the strategic communications value in allowing freer public discussion among former employees. Allowing more robust debate, and being less risk-adverse on marginally sensitive information, would achieve two goals. First, it would allow more pro-NSA views, like my own, into the public. Unsurprisingly, many of the people who have the most positive (and detailed and credible) things to say about NSA’s commitment to its mission and the rule of law worked there at some point. Second, the public would benefit from seeing the diversity of opinions that exist within the government, as additional reassurance that there is no groupthink or ideological capture.
While NSA was generally reasonable in what it wanted redacted, CCS was not. I think this is partly because it had little precedent for handling a case like mine. CCS does not do its own review but has input into the NSA process.
CCS repeatedly and emphatically demanded that I delete material that was, in fact, available on its own website and that of its parent organization, IDA. CCS objected to matters which were plainly outside the scope of a security review. For instance, my inclusion of humorous anecdotes chosen to humanize the technical experts working at CCS was interpreted as projecting an undignified image. I believe one story—of a hundred PhDs deliberately shouting wrong answers to a very silly computer security test—illustrated team spirit and a healthy distaste for having one’s time wasted. Prepublication review is intended to protect sensitive information, not reputation. The prepublication review process is not a request for input on one’s manuscript or experiences, but a duty in service of national security.
The lack of consistency across agencies and organizations—and indeed inconsistency reflected across different reviewers—reflects the need to standardize the process. (See the DoD IG’s recent report.) Points of inconsistency are also indications that the prepublication process has deviated from its intended purposes of screening for classified or sensitive information.
NSA/CSS Policy 1-30 states: “The appropriate Prepublication Review Authority will issue, as practicable, a final determination to the affiliate within 25 business days of receipt of all required information and supporting documentation.” “As practicable” is a large loophole. Not for lack of trying, but NSA’s performance on this metric was not good.
NSA first received my draft manuscript on 31 March 2016. My review included a phone call 37 business days later (24 May 2016), which was largely intended to pressure me to withdraw the manuscript. On 29 June 2016, I was summoned to NSA headquarters at Fort Meade, MD for what turned out to be an in-person grilling. I subsequently submitted a revised manuscript, which was formally banned from publication in a letter I received on 14 September 2016, nearly six months after my original submission. But this response included another round of suggested redactions, with assurance that if I accepted the additional changes publication would be allowed.
Although I had the right to appeal this determination, I accepted the final round of redactions. The entire process thus took about five and a half months. This is a lengthy delay for an author in search of a literary agent or publisher, but given the review team’s size and resources I think it was reasonably efficient. What frustrated me were the many unnecessary delays, particularly when various parts of CCS and IDA weighed in. Sometime, such as when I requested copies of the relevant policy documents, the response was reasonable. But other times, as when I tried to reach the security director at CCS, there was never any response at all. A large component of delays seemed to result from my not knowing how to proceed and CCS and IDA not knowing either.
The worst part of the prepublication review process is the overall ambiguity.
First, it is too difficult—both for those submitting and for the reviewers themselves—to know what is rightfully deemed classified information. In several instances, reviewers either agreed with my objections to a redaction or spontaneously withdrew a redaction before I had a chance to object. While NSA deserves credit for not being overly rigid, this reflects the reality that in some cases neither of us knew whether something was classified or not. I myself experienced the inherent ambiguity of classification in trying to assign classification portion marks to the reports I prepared at NSA and CCS.
Second, there is a lack of clarity as to what happens after publication. In an effort to conform to whatever the rules are, I asked for guidelines on marketing activities, such as radio interviews or bookstore readings. The answers I received included “I’m not sure”, “Get the interviewer to submit his questions to us beforehand”, and “You can’t control the press, just don’t say anything classified.”
Finally, the additional rules involving CCS are unclear. In order to save time, I was anxious to run the NSA and CCS gauntlets simultaneously. After contacting CCS, I received no response and instead tried the IDA security office. IDA, apparently unaware that NSA handled the CCS portion of the manuscript, erroneously told me to send five hardcopies for submission to an office in the Pentagon. My employment contract and related policy document were confusing, not only to me but to my attorney (who described them as “somewhat vague and over-reaching”). After a lengthy wait for the IDA General Counsel to highlight the portions that applied to my case, it turned out that none actually did.
A pernicious consequence of this ambiguity is that it encourages authors to self-censor. No one wants to risk getting it wrong and violating the law, and so they refrain from writing things they are entitled to write or they submit things for review for which there is no such obligation.
NSA’s prepublication reviewers told me that sometimes authors have become belligerent in face-to-face meetings. Unfortunately, I now understand the authors’ sentiment.
M.E. Harrigan, a former NSA employee who wrote a 2009 murder mystery, 9800 Savage Road, has complained in interviews about lies and harassment during prepublication review. Harrigan had a long and successful career at NSA, but she reported that her book was only finally released following two interventions by DIRNSA, whom she knew personally.
As with the ambiguity discussed above, it seems that part of the prepublication review process is designed to discourage authors from writing in the first place.
I was warned by a former colleague participating in the review of my book that nothing would be left of the book after redactions (this was false—about 15% was redacted) and that my CCS contract precluded me from benefitting financially from my association (in reality, that section of my contract was related to insider trading, not books). Plenty of the exchanges were outright petty. I was asked, “Why do you people insist on writing?” When redactions did not arrive by mail by the promised date, I was told bluntly, “we changed our minds; you have to come down here.”
I had to travel to Ft. Meade to resolve the matter. The trip was expensive and required ignoring a health problem that counseled against travel. I’m fortunate I did not live across the country or have other circumstances that made it a more significant burden. It was never clear to me whether they was any alternative had I been unable to travel. The meeting itself pitted me against six grim-faced interlocutors, three from the prepublication office and three technical experts, two of whom were former colleagues. When I began by saying that I considered my memoir a positive good for NSA, the terse response was “Who appointed you the PR person for the Agency?”
CCS made its displeasure clear in phone calls and emails and generic warning letters from lawyers. I was accused of abusing my colleagues by ridiculing them, though my intention in writing about amusing incidents was to humanize the folks behind the fence.
In short, the process made me feel like both an annoyance and a pariah. Prepublication review is supposed to be about safeguarding sensitive information, not bullying authors out of telling their stories.
Nearly everything about NSA, even the air it seems, is “protected information.” It is difficult to find any documents or interactions not designated at least “For Official Use Only (FOUO).” Though FOUO is not formally classified, it has the effect of restricting essentially every piece of writing by insiders about NSA and CCS (two taxpayer-supported entities).
At one point the head of the review asserted that a (still unspecified) law permitted any person mentioned in the book to remove themselves from it. I had assigned cover names and otherwise obscured their identities, but the memoir largely focused on about forty individuals. If they were permitted to decide they didn’t want to be referenced (even without a compromise to their identities) that would have gutted the book. Part of the offered rationale was that everything I knew about those people “must” have come from workplace interactions—instead of after-hours interactions—and thus was subject to review. It was never clear to me how reviewers could separate what I learned on the job from what I learned in private interactions. Ultimately only one person—a former colleague involved in the overall review—insisted on having two paragraphs about herself removed. Out of friendship, I decided not to use the NSA appeal process to restore those two paragraphs.
But this issue remains a real threat to anyone who might want to write about their time at NSA or CCS. It is reasonable to require that authors sufficiently mask identities and affiliations with the IC, but that is not the same as suppressing all depictions of and opinions about people in the IC. And there is simply no security rationale for allowing those people themselves to make the determination. It invites censorship of any depiction an individual finds unflattering.
CCS continued to pressure me to drop or soften my words. In the end, its own legal counsel had to declare that I was entitled to write what I did, even if CCS was unhappy about it.
The necessity of the prepublication review process is clear. In my case, the NSA identified multiple instances where changes and redactions were appropriate. Intellectually, the review was also largely reasonable, in that some proposed redactions were rescinded, either at my suggestion or spontaneously. And my substantive criticisms of Agency management practices were not redacted. On the other hand, there were multiple instances of silly and unnecessary redactions, some of which were inevitable false positives and some perhaps just part of the background level of harassment. In that regard, the NSA/CCS review process seemed designed to feel nasty, brutish and not-short-enough. It is not clear that this inherent hostility really serves the national interest, especially in cases like mine in which the document being reviewed is intended to be supportive of the agency in question. I speculate that the prepublication review process would be more discriminating if it included input on the implications for strategic marketing.
Now that I am an emeritus professor, I have reverted to being a full-time businessperson. Since my company is small, we live and die by our technological edge. Like the IC, we constantly guard against leaks. But we also know that telling our story, including carefully lifting the veil on our technology, is vital to our success, both in attracting new staff and attracting customers. Anybody reforming the review process might take on board that little bit of commercial wisdom and expand their thinking to include the perspective of strategic marketing. And anybody evaluating the review process might use the seven guidelines outlined above to assess the results of the reforms.