Scientific Communication and Security
SUMMARY
Among the fundamental tenets of science is openness—minimizing restrictions on communication among scientists is considered essential to progress. The United States has achieved and maintained its pre eminence in science and technology (S&T) in part by embracing the values of scientific openness. And this openness has no natural, and certainly no national, boundaries in an increasingly international scientific enterprise.
Openness may pose risks, however. Adversaries may take advantage of ready access to information to acquire knowledge with which to do harm. Economic competitors may use open communication to pursue their own interests at the expense of the United States.
The United States has sought to limit these potential negative consequences by setting some limits on scientific communication. A system to protect intellectual property seeks to ensure that the applications of discoveries initially benefit those who make the breakthroughs. In the realm of national and homeland security, the US government carries out some research and development in secret and restricts access to certain types of information to keep it away from those who may have hostile intent.
The scientific and technical community recognizes that it has a responsibility to help protect the United States, as it has in the past, by harnessing
the best S&T to help counter terrorism and other national-security threats, even though this may mean accepting some limitations on its work. However, there is concern that some of the policies on scientific communication enacted in the wake of the September 11 terrorist attacks and the anthrax mailings and others under consideration will undermine the strength of science in the United States without genuinely advancing security. Various organizations, including the National Academies, have offered recommendations to address these concerns:
-
Continue to support the principle set forth in National Security Decision Directive 189 that federally funded fundamental research, such as that conducted in universities and laboratories, should “to the maximum extent possible” be unrestricted.
-
Create a clearly defined regulatory “safe harbor” for fundamental research so that universities in particular can have confidence that activities within the safe harbor are in compliance, thus permitting a focus on whatever occurred outside the safe harbor.
-
Regularly review and update the lists of information and technologies subject to controls maintained by federal agencies with the goal of restricting the focus of the controls and removing controls on readily available technologies. Carry out the process across as well as within agencies, and include input from the S&T community.
-
With regard to the specific issue of “deemed exports,” do not change the current system of license requirements for use of export-controlled equipment in university basic research until the following steps have been implemented:
-
Greatly narrow the scope of controlled technologies requiring deemed-export licenses, and ensure that the list remains narrow going forward.
-
Delete all controlled technology from the list whose manuals are available in the public domain, in libraries, on the Internet, or from the manufacturers.
-
Delete all equipment from the list that is available for purchase on the open market overseas from foreign or US companies.
-
Clear international students and postdoctoral fellows for access to controlled equipment when their visas are issued or shortly thereafter so that their admission to a university academic program is coupled with their access to use of export-controlled equipment.
-
-
Undertake a systematic review to determine the number and provisions of all existing types of “sensitive but unclassified” information in the federal government. Using that baseline, require a further review and justification for the maintenance of any category. Tie remaining categories to an explicit statutory or regulatory framework that includes procedures to request access to information and appeal decisions.
-
In implementing federal security policies for S&T personnel:
-
Engage S&T personnel in the development and implementation plans for security measures.
-
Continue to accept non-US citizens as visitors and in some cases staff, expedite security reviews for visitors, and more generally work to avoid prejudice against foreigners.
-
Focus and limit security efforts to address the most important security situations.
-
-
Create new or expand existing mechanisms to engage the S&T community in advisory capacities and to improve communication channels.
-
Encourage communication among the diverse communities involved in security issues—policy, S&T, national and homeland security, law enforcement, and intelligence—so that policies regarding scientific communication are both effective and broadly accepted.
-
Build bridges among these communities, particularly in areas of S&T, such as the life sciences, where there is little history of working with the government on security issues.
-
SECRET RESEARCH AND CLASSIFICATION OF INFORMATION
The US government handles issues of secrecy through a complex mix of statutes, regulations, and procedures that govern the control of classified information, public access to government information, and the maintenance of government records. With two exceptions, the government has no authority to designate information produced outside this legal framework as classified.1 In the wake of September 11, President Bush extended classification authority to several departments and agencies that had not previously been involved in such matters, such as the Department of Agriculture, the Environmental Protection Agency, and the Department of Health and Human Services.
Controversies over whether areas of scientific research should be restricted in the name of national security recurred throughout the Cold War. During the early 1980s, the Reagan administration sought to restrict scientific communication in a number of fields. That controversy eventually led to a presidential directive in 1985, influenced in part by a report from the National Academy of Sciences.2 National Security Decision Directive 189
(NSDD-189) states that federally funded fundamental research, such as that conducted in universities and laboratories, should “to the maximum extent possible” be unrestricted.3 Where restriction is deemed necessary, the control mechanism is formal classification. “No restrictions may be placed upon the conduct or reporting of federally-funded fundamental research that has not received national security classification, except as provided in applicable US statutes.” The policy set out in NSDD-189 is still in force and has been reaffirmed by several senior George W. Bush administration officials.4
Over the years, reports and statements from the National Academies and other organizations have strongly supported the principle set forth in NSDD-189 as essential to maintaining the vitality of fundamental research in the United States.5 Some have suggested that President Bush should reissue the directive as a signal of its continuing importance and his administration’s commitment to scientific openness. Others are concerned that, given current controversies and security concerns, the interagency process necessary for such an action could result in a weaker presidential statement. At a minimum, the federal government could:
-
Continue to support the principle set forth in National Security Decision Directive 189 that federally funded fundamental research, such as that conducted in universities and laboratories, should “to the maximum extent possible” be unrestricted.
“SENSITIVE” RESEARCH AND CONTROLS ON INFORMATION
Serious concerns can arise over whether information is properly classified, whether too much information is classified, and how such decisions are made, but these debates over the classification of scientific research take place within a system of reasonably well-specified and understood rules. Far more problematic is the interest in designating certain areas of research
and certain types of knowledge—wherever they are produced and however they are funded—as “sensitive but unclassified” (SBU).
The problem of “sensitive information” is not new. Classification is only one of the ways in which the US government controls public access to information. Across the federal government, there are dozens of categories that apply narrowly or broadly to specific types of information (see Figure SCS-1).6 Some of the categories are defined in statute, some through regulation, and some only through administrative practices. In addition, different agencies may assign a variety of civil and even criminal penalties for violation of their restrictions.7
Here, the fundamental issue is the scope of restrictions—that is, how much should the government try to control? When the primary US opponent was another technologically sophisticated state, the Soviet Union, the case could be made that one should focus on S&T areas that could truly make a difference in terms of adding to Soviet capabilities or undermining those of the United States. With the fall of the Soviet Union, some argue that the range of less technologically sophisticated opponents, including terrorists, now confronting the United States means that the government should try to deny access to the much wider range of information and technologies that could be useful to them.
While recognizing the legitimate concerns that others may take advantage of open access to information, technologies, and materials for malicious purposes, past examinations of the potential tradeoffs between openness and security have concluded that the United States is best served by focusing its efforts on protecting fewer, very-high-value areas of S&T.8 This is particularly true in fields where knowledge is advancing quickly and diffusing rapidly; otherwise, the United States may expend its efforts in attempts to control knowledge and technology that are readily available elsewhere. In addition, many of the existing and proposed lists of “sensitive”
information and materials tend to consist of broad and general categories, making it potentially difficult for researchers to know whether their activities are in or out of bounds.
These considerations suggest two general principles and a number of specific recommendations:
-
Principle 1: Construct “high fences” around narrow areas—that is, maintain stringent security around sharply defined and narrowly circumscribed areas, but reduce or eliminate controls over less sensitive material.
-
Regularly review and update the lists maintained by federal agencies of information and technologies subject to controls with the goal of restricting their focus and removing controls on readily available technologies.
-
-
-
Carry out the process across as well as within agencies, and include input from the S&T community.
-
-
Principle 2: Avoid the creation of categories of SBU information and consolidate existing ones.
-
Undertake a systematic review to determine the number and provisions of all existing types of SBU in the federal government.
-
Using that baseline, require a further review and justification for the maintenance of any category. Tie remaining categories to an explicit statutory or regulatory framework that includes procedures to request access to information and appeal decisions.
-
“DEEMED EXPORTS”: A SPECIAL CURRENT CASE
The controls governed by the Export Administration Act and its implementing regulations extend to the transfer of “technology.” Technology is considered “specific information necessary for the ‘development,’ ‘production,’ or ‘use’ of a product,” and providing such information to a foreign national within the United States may be considered a “deemed export” whose transfer requires an export license9 [italics added]. The primary responsibility for administering deemed exports lies with the Department of Commerce (DOC), but other agencies may have regulations to address the issue. Deemed exports are currently the subject of significant controversy.
In 2000, Congress mandated annual reports by agency offices of inspector general (IG) on the transfer of militarily sensitive technology to countries and entities of concern; the 2004 reports focused on deemed exports. The individual agency IG reports and a joint interagency report concluded that enforcement of deemed-export regulations had been ineffective; most of the agency reports recommended particular regulatory remedies.10
The DOC sought comments from the public about the recommendations from its IG before proposing any changes. The department earned praise for this effort to reach out to potentially affected groups and is currently reviewing the 300 plus comments it received, including those from the leaders of the National Academies.11
On July 12, 2005, the Department of Defense (DOD) issued a notice in the Federal Register seeking comments on a proposal to amend the Defense Federal Acquisition Regulation Supplement (DFARS) to address requirements for preventing unauthorized disclosure of export-controlled information and technology under DOD contracts that follow the recommendations in its IG report. The proposed regulation includes a requirement for access-control plans covering unique badging requirements for foreign workers and segregated work areas for export-controlled information and technology, and it makes no mention of the fundamental-research exemption.12 Comments are due by September 12, 2005.
Many of the comments in response to the DOC expressed concern that the proposed changes were not based on systematic data or analysis and could have a significant negative impact on the conduct of research in both universities and the private sector, especially in companies with a substantial number of employees who are not US citizens. Similar comments are expected in response to the DOD proposals. Among the recommendations that have been offered to date to address these concerns are the following:
-
Create a clearly defined regulatory “safe harbor” for fundamental research so that universities can have confidence that activities within the safe harbor are in compliance with security restrictions, thus permitting a focus on whatever occurred outside the safe harbor.13
-
Do not change the current system of license requirements for use of export-controlled equipment in university basic research until the following steps have been implemented:
-
Greatly narrow the scope of controlled technologies requiring deemed-export licenses, and ensure that the list remains narrow going forward.
-
Delete all controlled technology from the list whose manuals are available in the public domain, in libraries, on the Internet, or from the manufacturers.
-
Delete all equipment from the list that is available for purchase on the open market overseas from foreign or US companies.
-
11 |
The letter from the presidents of the National Academies may be found at http://www7.nationalacademies.org/rscans/Academy_Presidents_ Comments_to_DOC.PDF. |
12 |
Federal Register 70(132)(July 2005):39976-39978. Available at: http://a257.g.akamaitech.net/7/257/2422/01jan20051800/edocket.access.gpo.gov/2005/05-13305.htm. |
13 |
See footnote 11. |
-
-
Clear international students and postdoctoral fellows for access to controlled equipment when their visas are issued or shortly thereafter so that their admission to a university academic program is coupled with their access to use of export-controlled equipment.14
-
ENGAGING THE S&T COMMUNITY IN THE CHALLENGES OF ACHIEVING SECURITY
In the wake of September 11 and the anthrax mailings, the S&T community, as in past times of crisis and along with other Americans, responded to the new challenges to US security. This response has occurred on many levels, from helping to analyze current and potential threats to working on ways in which advances in S&T can improve national and homeland security.15 This has required active engagement by the S&T community with policy-makers, particularly in national and homeland security, in law enforcement, and in intelligence, where many of the parties at the table are likely to lack experience dealing with one another. It also involves continuing efforts to ensure that highly qualified S&T personnel are attracted to working on problems related to national and homeland security.
Press reports since September 11 have suggested that officials in the DOD and DHS are concerned about attracting eligible workers, especially those with specialties in demand in open parts of the private sector. Since a significant portion of the work may be restricted or classified, this issue is largely a subset of the wider problem addressed in other background papers of ensuring that sufficient qualified US citizens are available to do the work. It also involves ensuring that restrictions on non-US citizens as employees are appropriate.
In addition, attracting personnel requires the creation of a work environment that will enable R&D in particular to be “cutting-edge.” For example, scientists working in a restricted or classified environment, especially at federal laboratories, still need to interact with the wider scientific community, including foreign visitors and collaborators, where much of the innovation most relevant to their work is taking place. In the wake of a series of scandals over alleged security lapses in the DOE nuclear-weapons complex in the late 1990s, the department imposed a number of new and
14 |
These recommendations were made by Dan Mote, president of the University of Maryland, at a May 6, 2005, workshop at the National Academies and cited in the letter from the National Academies’ presidents. |
15 |
For a comprehensive examination of the potential contributions of S&T, see National Research Council. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press, 2002. Guides to additional reports and current projects of the National Academies related to homeland security may be found at: http://www.nationalacademies.org/subjectindex/sec.html. |
expanded security restrictions. This sparked substantial concern about ensuring that the scientific quality of the laboratories could be sustained, and several organizations made proposals they believed would provide an appropriate balance between openness and security, these including16
-
Engage S&T personnel in the development and implementation plans for security measures.
-
Continue to accept non-US citizens as visitors and in some cases staff, expedite security reviews for visitors, and more generally work to avoid prejudice against foreigners.
-
As with recommendations for other situations, focus and limit security efforts to address the most important security situations.
Beyond attracting S&T personnel, it is essential to engage the broader S&T community in efforts to bring the latest S&T to bear on security problems. Much of the relevant research and many of the best ideas seem likely to come from outside the government and its own network of laboratories. Tapping these resources involves meeting several needs. One is ensuring an attractive climate for undertaking security-related R&D in universities and the private sector. Another is engaging the S&T community in a variety of advisory capacities and communication channels. Some observers have recommended a variety of new mechanisms or expanded and revised roles for existing mechanisms, including the following:
-
Encourage communication among the diverse communities involved in security issues—policy, S&T, national and homeland security, law enforcement, and intelligence—so that policies regarding scientific communication are both effective and broadly accepted.
-
Build bridges among these communities, particularly in areas of S&T, such as the life sciences, where there is little history of working with the government on security issues.17