The person who assigns the classification of information, as well as the level of classification, is the Original Classification Authority, or the OCA as it is commonly referred to. This power is not widely bestowed in the United States. It is delegated by executive order to a small group of officials, starting with the President and then down the line through a well-structured chain of delegated authority. The system under which this is done is stipulated under the Executive Order 13526 which was signed by President Barack Obama in 2009 to replace earlier executive orders dating back to 1951.
Key Takeaways
- The person who assigns the status of information being classified or not, and the level of classification is the Original Classification Authority (OCA).
- The original classification authority can be exercised by the President, the Vice President, heads of agencies appointed by the President and by officials to whom that authority has been formally delegated.
- The United States has three levels of classification: Confidential, Secret and Top Secret.
- The authority of the Top Secret can be delegated only by the President, the Vice President or a special head of an agency.
- When there is a great uncertainty whether information should be classified or not, it should not be classified. Where there is uncertainty as to the proper level, it should be described at the lower level.
- Any information contained within the system is automatically declassified after 25 years unless there are any exemptions.
What Is an Original Classification Authority
A Original Classification Authority is a person authorized in writing, either by the President, the Vice President, or by the heads and officials of agencies designated by the President, to classify information first time. Under the Electronic Code of Federal Regulations (eCFR), original classification refers to an initial determination that information needs to be held in confidence against unauthorized disclosure in the interest of national security.
The difference between original and derivative classification is significant. An OCA is the individual who makes a new determination that hitherto unclassified information needs to be protected. Derivative classification, in contrast, entails incorporating, paraphrasing, restating or creating in new form information that has already been classified by an OCA. According to the U.S. Department of Commerce, derivatives classifiers need not possess original classification authority, but must be trained and assigned that role.
Who Has Original Classification Authority under the Executive Order 13526
The National Archives codified in detail Executive Order 13526, which specifies who is allowed to exercise original classification authority. The power is vested in three groups of officials:
- The performance of their executive functions.
- The heads of the agencies and the officials appointed by the President in the Federal Register.
- Government officials of the United States in which the authority to classify information has been formally delegated under the conditions of the executive order.
The National Archives text of the Executive Order 13526 states that the officials who are permitted to classify information at a particular level are also permitted to classify information at any lower level. This implies that an official who has the power to classify information as Top Secret can also classify information as Secret or Confidential.
Top Secret Authority Authorities
Delegation of Top Secret classification authority is not as broad as delegation to lower levels. Under the publication of the Executive Order 13526 on the Federal Register, the Top Secret original classification authority may only be delegated by the President, the Vice President or an agency head or official who is already designated under the executive order. This classification is indicative of the seriousness of Top Secret designation and the dire harm to national security that unauthorized release of such information would cause.
Agency Heads who have the Special Access Program Authority
In the case of special access programs (defined as programs with access controls beyond standard classification requirements) the relevant agency heads include specifically the Secretaries of State, Defense, Energy, and Homeland Security, the Attorney General, and the Director of National Intelligence, or the principal deputy of each, according to the Federal Register.
The Three Levels of Classification
The government of the United States uses three formal levels of classification, which have been established under the Executive Order 13526, and which are described consistently across the Department of Commerce, the Department of Homeland Security, and the eCFR. The only other terms that can be used to identify classified information are those that are specifically given by statute.
| Classification Level | Standard for Application |
| Top Secret | Unauthorized disclosure could reasonably be expected to cause exceptionally grave damage to national security |
| Secret | Unauthorized disclosure could reasonably be expected to cause serious damage to national security |
| Confidential | Unauthorized disclosure could reasonably be expected to cause damage to national security |
USC Dornsife, the lowest level, Confidential, designates information the disclosure of which might harm the U.S. national security. Secret is information that might result in severe harm, such as intelligence reports, cryptographic algorithms, and designs of sophisticated weapons systems. Top Secret is used to hold information the disclosure of which would lead to extremely serious losses.
Beneath these formal levels, there are a number of designations to sensitive but unclassified information. The State Department applies sensitive, but unclassified, whereas the Department of Defense and Department of Homeland Security use for official use only. These are not levels of classification under the Executive Order 13526 but administrative instructions of handling.
What an OCA should decide prior to classifying information
The Original Classification Authority has to decide on certain matters before assigning a classification level. According to the eCFR’s Title 6, Chapter I, Part 7, all four of the following conditions must be met for information to be classified:
- The OCA should be empowered to categorize information to that extent.
- The information should be possessed by, created by or to, or controlled by the United States Government.
- The information should be within one or more of the categories of information listed in Section 1.4 of the Executive Order 13526.
- The OCA should find that unauthorized disclosure of the information would reasonably be anticipated to cause identifiable and describable harm to national security.
The categories listed in Section 1.4 of the executive order are: military plans, weapons systems or operations; foreign government information; intelligence activities, sources, methods or cryptology; foreign relations or foreign activities of the United States; scientific, technological or economic matters relating to national security; government programs to protect nuclear materials or facilities; vulnerabilities or capabilities of national security systems; and the development, production or use of weapons of mass destruction.
Rule of Doubt in Classification Decisions
In executive order 13526, two significant rules are provided to address those cases when an OCA is not sure whether a certain situation should be classified.
First rule: In case there is substantial uncertainty as to whether information needs to be classified at all, it shall not be classified. This rule is due to the fact that overclassification is a well-known and proven issue in the U.S. government. According to Wikipedia, a Pentagon official by the name of William G. Florence, testified to Congress in 1971 that at most, 5 percent of information labeled classified actually deserved such designation at the time, and only a small fraction of that would still deserved classification a few years later.
Second rule: In case classification is clearly justified, but there is a substantial uncertainty about the appropriate level, the information shall be classified at the lower level. This guarantees that the most serious classification designations are left to be applied to information that really needs them.
Such rules are expressions of a principle of design imbued into the classification system: the assumption, when there is a doubt, is that there should not be a classification, and that classification should not be at a higher level.
The Delegation of Classification Authority in Practice
The delegation of original classification authority is a structured process, documented. The executive order issued by the President under the classification management program of the Department of Commerce appoints the heads and officials of the various agencies who have the authority to classify information. Such agency heads may then devolve powers to lower-level officials in their agencies, with the limitations of the order.
Any delegation must be in writing. Officials to whom delegated authority is granted, must have a proven and ongoing need to exercise such authority. The eCFR states that delegations of initial classification authority will be restricted to the minimum necessary to administer the executive order. The heads of the agencies must make sure that the subordinate officials who have been delegated such powers, actually require such powers.
The Chief Security Officer of each agency must maintain an up-to-date list of all the officials authorized to make original classification or declassification decisions, and to provide a system of appointment, tracking, and training of officials who make classification actions.
Derivative Classification: Who is Left to Classify Information
Outside of OCAs, a larger group of government employees and contractors are involved with the classification system through derivative classification. The incorporating, paraphrasing, restating, or generating in new form of information that has already been classified is known as derivative classification according to the Department of Commerce. The classification of derivatives can solely be done by trained derivative classifiers with the help of existing and properly marked classified source documentation.
This implies that an analyst writing a new report who includes content of a Top Secret source document must mark his new document at least as high as the highest classified content that he has included, even though he himself may not have original classification authority at that level. The categorization is based on the information, rather than the author.
There is one subtlety that must be mentioned: the copying or duplication of an already existing classified document is not regarded as derivative classification. Derivative classification is specifically to the production of new material that relies on classified material.
Declassification: When and How Classification Ends
Classification is not final. Executive Order 13526 creates a system of automatic and scheduled declassification.
The Department of Commerce states that classified records of national security information more than 25 years old that have been determined to have permanent historical value shall be automatically declassified, whether or not they have been reviewed. All classified records will be automatically declassified on December 31 of the year that is 25 years after the date of original classification.
The only major exceptions are information that would clearly and demonstrably identify the identity of a confidential human source or a human intelligence source, or important design concepts of weapons of mass destruction. These categories can be excluded of automatic declassification.
The original classification authority also has the capability to establish previous declassification dates. Should the OCA be able to establish that the sensitivity of the information in question will decline once a certain event or date has been reached, the document can be marked to be declassified at that earlier date. The default, unless a later date is given, is ten years after the date of original classification, which may be extended to 25 years.
Difficulties in Classification and Monitoring
The classification can be challenged by authorized holders of classified information who believe that information has been classified incorrectly, or at the wrong level. Under the Department of Commerce, a formal challenge has to be written to an OCA that has jurisdiction over the information. The challenge need not be more specific than questioning why the information is classified at a particular level. The classification markings should be respected until a decision is made.
The classification system is partially overseen by the Information Security Oversight Office (ISOO), which is under the National Archives and Records Administration. In cases where it is not evident which agency bears the primary subject matter interest in a particular piece of information, the matter is referred to the ISOO Director who determines which agency bears the primary subject matter interest in a particular piece of information and forwards the information with recommendations.
The organization and control of information classification relates to larger issues regarding how institutions deal with knowledge, access, and authority. Although this is done in a very different context, these themes are examined in the profile of Shani Levni and Michael Aloni, where the relationship between the public knowledge and personal identity in creative life raises parallel issues about who controls information and who decides what is disclosed.
Classification in Other Countries
The United States system is also one of the most formally structured systems, although most countries have some form of classified information system. The Wikipedia article on classified information states that there are two main types of sensitive information in Canada, Classified and Protected, governed by the Security of Information Act. In 2011, Australia harmonized its national security and non-national security classification schemes under the Protective Security Policy Framework. The Five Eyes intelligence alliance includes the United Kingdom, Australia, Canada and New Zealand, as well as the United States, with classified information possibly shared under bilateral or multilateral agreements, marked with the notation “REL TO USA” and the corresponding country codes.
The need-to-know principle is used in the majority of national classification systems. The fact that one has a security clearance at a particular level does not necessarily mean that he or she will be able to access all information that is classified at that level. The person should also possess a certain, valid requirement to obtain the specific information at hand.
Conclusion
The power to designate information as classified, and to designate the level of classification, is vested in the Original Classification Authority, a position that is defined and limited by the Executive Order 13526. This is a natural power of the President and Vice President. It can be given to agency heads Presidentially designated. It can be passed on to subordinate officials by formal, written delegation, which is subject to the principle of minimum-necessary which governs the whole system.
The three levels of classification, which are Confidential, Secret and Top Secret, are associated with increasing the level of potential harm to the national security. The rules that guide doubt in classification decisions are skewed in favor of restraint and the system has in-built mechanisms of declassification, oversight and challenge.
To anyone researching government information systems, national security law or the organization of institutional authority, the OCA and its place in the classification system is the required starting point. Who controls information, and who has the power to limit access to information are some of the most basic questions of governance.
To find more guides to government systems, policy and other related issues, discover the complete repertoire of content at Shani Levni.
Frequently Asked Questions
Who determines that information is classified and what level of classification it has?
The Original Classification Authority (OCA) assigns the status of information as classified or not classified and the level of its classification. Under the Executive Order 13526, OCA status can be exercised only by the President, the Vice President, the agency heads appointed by the President in the Federal Register and by the officials to whom the classification authority has been formally delegated in writing.
What are the three grades of classified information in the United States?
These three levels are Confidential, Secret and Top Secret. Confidential is applicable to any information whose unauthorized disclosure may result in any harm to national security. The concept of secret is applicable to the information the disclosure of which may result in the severe damage. Top Secret is used in cases of information whose release may result in exceptionally serious harm. Under the Executive Order 13526, no other classification terms can be used.
Is the classification of information by an agency employee who is not an OCA possible?
No. An agency employee who has no original classification authority but who generates information which is believed to require classification must protect such information and promptly transmit it to the agency with appropriate subject matter interest and classification authority. That agency will have 30 days to determine whether to categorize the information.
What will be the case when there is uncertainty on whether information ought to be classified?
In case there exists a strong doubt on whether information needs to be classified or not, then it shall not be classified. When classification is justified but there is uncertainty as to the appropriate level, it will be classified at the lower level. These are contained in Executive Order 13526 to prevent overclassification.
What is the duration of classified information being classified?
The vast majority of classified information is automatically declassified 25 years after the information was originally classified. OCAs can establish earlier dates of declassification. The default period, when no particular date or event can be determined, is ten years. Disclosure of the identity of confidential human sources or key design concepts of weapons of mass destruction may be exempted automatically declassified.
What is derivative classification?
Derivative classification is the procedure of incorporating, paraphrasing, restating or generating in new form information that has already been classified by an OCA. Derivative classifiers do not have original classification authority, but must be trained and assigned to the role. The new material should be identified at the level of classification of the topmost classified source utilized.
Who manages the U.S. system of information classification?
The Information Security Oversight Office (ISOO), which is a branch of the National Archives and Records Administration, provides an oversight of the classification system. Agency Chief Security Officers have the responsibility of maintaining lists of authorized classifiers, training, and compliance within their respective agencies.