The Department of Justice (DOJ) Office of the Inspector General (OIG) announced today the release a report examining the Department’s efforts to ensure the proper classification of information. Today’s report follows up on a September 2013 report by the DOJ OIG assessing DOJ’s classification policies, procedures, rules, and regulations.
In today’s report, we conclude that since 2013, the DOJ Justice Management Division’s Security and Emergency Planning Staff (SEPS) has improved its administration of the DOJ’s classification policies and procedures, and enhanced its classification management program. These improvements are evident in the DOJ’s reduction in number of individuals with classification authority, more appropriate classification decisions, updated classification guidance, more precise classification reports, and improved classification training for DOJ components.
Both the 2013 audit and today’s follow-up audit were initiated in response to the Reducing Over-Classification Act. While the 2013 report did not find evidence of widespread misclassification, it did identify deficiencies relating to the implementation of DOJ’s classification program, including a persistent misunderstanding and lack of knowledge of certain classification processes by DOJ officials. As a result, that report made 14 recommendations to improve the DOJ’s classification management program, 11 of which have been closed as a result of the improvements described in the report released today.
In addition to finding the improvements described above, today’s follow-up report also found areas in which the Department still needs to improve its classification procedures and practices. Specifically:
- SEPS has not thoroughly evaluated the Drug Enforcement Administration’s (DEA) use of the “ORCON” dissemination control marking, which limits access to information, to ensure that its use is appropriate, as we recommended in our previous audit report. In fact, between the issuance of our last audit report in FY 2013 and initiation of this follow-up audit, the DEA had not changed its use of the ORCON marking.
- The DEA may be implementing classification practices that result in the under- or over- classification of information. For example, we found that the DEA’s practices could result in it classifying the same piece of information as unclassified law enforcement sensitive information in a DEA investigative case file, but as classified information in a DEA intelligence report.
- Some of SEPS’s newly-developed oversight and review processes and guidance had not yet been successfully implemented. These include the DOJ’s enhanced process for reviewing component self-inspections reports and the incorporation of classification management into performance plans and evaluations.
- The DOJ did not publish updated procedures for the Mandatory Declassification Review process, as required by Executive Order 13526, Classified National Security Information.
Finally, we found that SEPS continues to report, as it did in 2013, that resource constraints hinder its classification management program, and it attributed its inability to proactively manage and oversee DOJ’s classification program to these resource limitations. We note in our report that the topic of SEPS’s resources is also relevant to future requirements related to the DOJ’s impending efforts to implement the new government-wide program for controlled unclassified information (CUI) – unclassified information that requires controls for safeguarding or dissemination – which falls under SEPS’s areas of responsibility.
The report released today makes three new recommendations to SEPS to help further improve DOJ’s classification management program and implementation of classification procedures. SEPS agreed with all three recommendations.
Today’s report is available on the OIG’s website at the following link: https://oig.justice.gov/reports/2016/a1626.pdf.