Search This Blog

Sunday, February 17, 2019

Classified information in the United States

From Wikipedia, the free encyclopedia

The United States government classification system is established under Executive Order 13526, the latest in a long series of executive orders on the topic. Issued by President Barack Obama in 2009, Executive Order 13526 replaced earlier executive orders on the topic and modified the regulations codified to 32 C.F.R. 2001. It lays out the system of classification, declassification, and handling of national security information generated by the U.S. government and its employees and contractors, as well as information received from other governments.

The desired degree of secrecy about such information is known as its sensitivity. Sensitivity is based upon a calculation of the damage to national security that the release of the information would cause. The United States has three levels of classification: Confidential, Secret, and Top Secret. Each level of classification indicates an increasing degree of sensitivity. Thus, if one holds a Top Secret security clearance, one is allowed to handle information up to the level of Top Secret, including Secret and Confidential information. If one holds a Secret clearance, one may not then handle Top Secret information, but may handle Secret and Confidential classified information.

The United States does not have a British-style Official Secrets Act; instead, several laws protect classified information, including the Espionage Act of 1917, the Atomic Energy Act of 1954 and the Intelligence Identities Protection Act of 1982. A 2013 report to Congress noted that the relevant laws have been mostly used to prosecute foreign agents, or those passing classified information to them, and that leaks to the press have rarely been prosecuted. The legislative and executive branches of government, including US presidents, have frequently leaked classified information to journalists. Congress has repeatedly resisted or failed to pass a law that generally outlaws disclosing classified information. Most espionage law only criminalizes national defense information; only a jury can decide if a given document meets that criterion, and judges have repeatedly said that being "classified" does not necessarily make information become related to the "national defense". Furthermore, by law, information may not be classified merely because it would be embarrassing or to cover illegal activity; information may only be classified to protect national security objectives.
The United States over the past decades under the Obama and Clinton administrations has released classified information to foreign governments for diplomatic goodwill, known as declassification diplomacy. Examples include information on Augusto Pinochet to the government of Chile. In October 2015, US Secretary of State John Kerry provided Michelle Bachelet, Chile's president, a pen drive containing hundreds of newly declassified documents.

Terminology

Derivative classification activity 1996–2011
 
In the U.S., information is called "classified" if it has been assigned one of the three levels: Confidential, Secret, or Top Secret. Information that is not so labeled is called "Unclassified information". The term declassified is used for information that has had its classification removed, and downgraded refers to information that has been assigned a lower classification level but is still classified. Many documents are automatically downgraded and then declassified after some number of years. The U.S. government uses the terms Sensitive But Unclassified (SBU), Sensitive Security Information (SSI), Critical Program Information (CPI), For Official Use Only (FOUO), or Law Enforcement Sensitive (LES) to refer to information that is not Confidential, Secret, or Top Secret, but whose dissemination is still restricted. Reasons for such restrictions can include export controls, privacy regulations, court orders, and ongoing criminal investigations, as well as national security. Information that was never classified is sometimes referred to as "open source" by those who work in classified activities. Public Safety Sensitive (PSS) refers to information that is similar to Law Enforcement Sensitive but could be shared between the various public safety disciplines (Law Enforcement, Fire, and Emergency Medical Services). Peter Louis Galison, a historian and Director in the History of Science Dept. at Harvard University, claims that the U.S. Government produces more classified information than unclassified information.

Levels of classification used by the U.S. government

The United States government classifies information according to the degree which the unauthorized disclosure would damage national security. Having Top Secret clearance does not allow one to view all Top Secret documents. The user of the information must possess the clearance necessary for the sensitivity of the information, as well as a legitimate need to obtain the information. For example, all US military pilots are required to obtain at least a Secret clearance, but they may only access documents directly related to their orders. Secret information might have additional access controls that could prevent someone with a Top Secret clearance from seeing it.

Since all federal departments are part of the Executive Branch, the classification system is governed by Executive Order rather than by law. Typically each president will issue a new executive order, either tightening classification or loosening it. The Clinton administration made a major change in the classification system by issuing an executive order that for the first time required all classified documents to be declassified after 25 years unless they were reviewed by the agency that created the information and determined to require continuing classification.

Restricted Data/Formerly Restricted Data

Restricted Data and Formerly Restricted Data are classification markings that concern nuclear information. These are the only two classifications that are established by federal law, being defined by the Atomic Energy Act of 1954. Nuclear information is not automatically declassified after 25 years. Documents with nuclear information covered under the Atomic Energy Act will be marked with a classification level (confidential, secret or top secret) and a restricted data or formerly restricted data marking. Nuclear information as specified in the act may inadvertently appear in unclassified documents and must be reclassified when discovered. Even documents created by private individuals have been seized for containing nuclear information and classified. Only the Department of Energy may declassify nuclear information.

Code Word classifications

Top Secret is the highest level of classification. However some information is compartmentalized by adding a code word so that only those who have been cleared for each code word can see it. This information is also known as "Sensitive Compartmented Information" (SCI). A document marked SECRET (CODE WORD) could only be viewed by a person with a secret or top secret clearance and that specific code word clearance. Each code word deals with a different kind of information. The CIA administers code word clearances.

Top Secret

An example of a U.S. classified document; page 13 of a United States National Security Agency report[17] on the USS Liberty incident, partially declassified and released to the public in July 2003. The original overall classification of the page, "Top Secret" code word UMBRA, is shown at top and bottom. The classification of individual paragraphs and reference titles is shown in parentheses—there are six different levels on this page alone. Notations with leader lines at top and bottom cite statutory authority for not declassifying certain sections.
 
The highest security classification. "Top Secret shall be applied to information, the unauthorized disclosure of which reasonably could be expected to cause exceptionally grave damage to the national security that the original classification authority is able to identify or describe." It is believed that 1.4 million Americans have top secret clearances.

Secret

This is the second-highest classification. Information is classified Secret when its unauthorized disclosure would cause "serious damage" to national security. Most information that is classified is held at the secret sensitivity.

Confidential

This is the lowest classification level of information obtained by the government. It is defined as information that would "damage" national security if publicly disclosed, again, without the proper authorization.

Public Trust

Despite common misconception, a public trust position is not a security clearance, and is not the same as the confidential clearance. Certain positions which require access to sensitive information, but not information which is classified, must obtain this designation through a background check. Public Trust Positions can either be moderate-risk or high-risk.

Unclassified

Unclassified is not technically a classification; this is the default and refers to information that can be released to individuals without a clearance. Information that is unclassified is sometimes restricted in its dissemination as Sensitive But Unclassified (SBU) or For Official Use Only (FOUO). For example, the law enforcement bulletins reported by the U.S. media when the United States Department of Homeland Security raised the U.S. terror threat level were usually classified as "U//LES", or "Unclassified – Law Enforcement Sensitive". This information is supposed to be released only to law enforcement agencies (sheriff, police, etc.), but, because the information is unclassified, it is sometimes released to the public as well. Information that is unclassified but which the government does not believe should be subject to Freedom of Information Act requests is often classified as U//FOUO—"Unclassified—For Official Use Only". In addition to FOUO information, information can be categorized according to its availability to be distributed (e.g., Distribution D may only be released to approved Department of Defense and U.S. Department of Defense contractor personnel). Also, the statement of NOFORN (meaning "no foreign nationals") is applied to any information that may not be released to any non-U.S. citizen. NOFORN and distribution statements are often used in conjunction with classified information or alone on SBU information. Documents subject to export controls have a specific warning to that effect. Information which is "personally identifiable" is governed by the Privacy Act of 1974 and is also subject to strict controls regardless of its level of classification.

Finally, information at one level of classification may be "upgraded by aggregation" to a higher level. For example, a specific technical capability of a weapons system might be classified Secret, but the aggregation of all technical capabilities of the system into a single document could be deemed Top Secret. 

Use of information restrictions outside the classification system is growing in the U.S. government. In September 2005 J. William Leonard, director of the U.S. National Archives Information Security Oversight Office, was quoted in the press as saying, "No one individual in government can identify all the controlled, unclassified [categories], let alone describe their rules."

Controlled Unclassified Information (CUI)

One of the 9/11 Commission findings was that "the government keeps too many secrets". To address this problem, the Commission recommended that '[t]he culture of agencies feeling they own the information they gathered at taxpayer expense must be replaced by a culture in which the agencies instead feel they have a duty ... to repay the taxpayers' investment by making that information available.'"

Due to over 100 designations in use by the U.S. government for unclassified information at the time, President George W. Bush issued a Presidential memorandum on May 9, 2008, in an attempt to consolidate the various designations in use into a new category known as Controlled Unclassified Information (CUI). The CUI categories and subcategories were hoped to serve as the exclusive designations for identifying unclassified information throughout the executive branch not covered by Executive Order 12958 or the Atomic Energy Act of 1954 (as amended) but still required safeguarding or dissemination controls, pursuant to and consistent with any applicable laws, regulations, and government-wide policies in place at the time. CUI would replace categories such as For Official Use Only (FOUO), Sensitive But Unclassified (SBU) and Law Enforcement Sensitive (LES).

The Presidential memorandum also designated the National Archives as responsible for overseeing and managing the implementation of the new CUI framework.

This memorandum has since been rescinded by Executive Order 13556 of November 4, 2010 and the guidelines previously outlined within the memo were expanded upon in a further attempt to improve the management of information across all federal agencies as well as establish a more standard, government-wide program regarding the controlled unclassification designation process itself.

The U.S. Congress has attempted to take steps to resolve this, but did not succeed. The U.S. House of Representatives passed the Reducing Information Control Designations Act H.R. 1323 on March 17, 2009. The bill was referred to the Senate Committee on Homeland Security and Governmental Affairs. Because no action was taken in committee and bills expire at the end of every Congress, there is currently no bill to solve unclassified designations.

Restricted

During and before World War II, the U.S. had a category of classified information called Restricted, which was below confidential. The U.S. no longer has a Restricted classification, but many other nations and NATO do. The U.S. treats Restricted information it receives from other governments as Confidential. The U.S. does use the term restricted data in a completely different way to refer to nuclear secrets, as described above.

Classified classifications

Executive Order 13526, which forms the legal basis for the U.S. classification system, states that "information may be classified at one of the following three levels", with Top Secret as the highest level (Sec. 1.2). However, this executive order provides for special access programs that further restricted access to a small number of individuals and permit additional security measures (Sec. 4.3). These practices can be compared with (and may have inspired) the concepts multilevel security and role-based access control. U.S. law also has special provisions protecting information related to cryptography (18 USC 798), nuclear weapons and atomic energy (see Controls on atomic-energy information) and the identity of covert intelligence agents (see Intelligence Identities Protection Act).

Proper procedure for classifying U.S. government documents

To be properly classified, a classification authority (an individual charged by the U.S. government with the right and responsibility to properly determine the level of classification and the reason for classification) must determine the appropriate classification level, as well as the reason information is to be classified. A determination must be made as to how and when the document will be declassified, and the document marked accordingly. Executive Order 13526 describes the reasons and requirements for information to be classified and declassified (Part 1). Individual agencies within the government develop guidelines for what information is classified and at what level. 

The former decision is original classification. A great majority of classified documents are created by derivative classification. For example, if one piece of information, taken from a secret document, is put into a document along with 100 pages of unclassified information, the document, as a whole, will be secret. Proper rules stipulate that every paragraph will bear a classification marking of (U) for Unclassified, (C) for Confidential, (S) for Secret, and (TS) for Top Secret. Therefore, in this example, only one paragraph will have the (S) marking. If the page containing that paragraph is double-sided, the page should be marked SECRET on top and bottom of both sides.

A review of classification policies by the Office of the Director of National Intelligence aimed at developing a uniform classification policy and a single classification guide that could be used by the entire U.S. intelligence community found significant interagency differences that impaired cooperation and performance. The initial ODNI review, completed in January 2008, said in part, "The definitions of 'national security' and what constitutes 'intelligence'—and thus what must be classified—are unclear. ... Many interpretations exist concerning what constitutes harm or the degree of harm that might result from improper disclosure of the information, often leading to inconsistent or contradictory guidelines from different agencies. ... There appears to be no common understanding of classification levels among the classification guides reviewed by the team, nor any consistent guidance as to what constitutes 'damage,' 'serious damage,' or 'exceptionally grave damage' to national security. ... There is wide variance in application of classification levels."

The review recommended that original classification authorities should specify clearly the basis for classifying information, for example, whether the sensitivity derives from the actual content of the information, the source, the method by which it was analyzed, or the date or location of its acquisition. Current policy requires that the classifier be "able" to describe the basis for classification but not that he or she in fact do so.

Classification categories

Step 3 in the classification process is to assign a reason for the classification. Classification categories are marked by the number "1.4" followed by one or more letters (a) to (h):
  • 1.4(a) military plans, weapons systems, or operations;
  • 1.4(b) foreign government information;
  • 1.4(c) intelligence activities, sources, or methods, or cryptology;
  • 1.4(d) foreign relations or foreign activities of the United States, including confidential sources;
  • 1.4(e) scientific, technological or economic matters relating to national security; which includes defense against transnational terrorism;
  • 1.4(f) United States Government programs for safeguarding nuclear materials or facilities;
  • 1.4(g) vulnerabilities or capabilities of systems, installations, infrastructures, projects or plans, or protection services relating to the national security, which includes defense against transnational terrorism; and/or
  • 1.4(h) the development, production, or use of weapons of mass destruction.

Classifying non-government-generated information

The Invention Secrecy Act of 1951 allows the suppression of patents (for a limited time) for inventions that threaten national security. 

Whether information related to nuclear weapons can constitutionally be "born secret" as provided for by the Atomic Energy Act of 1954 has not been tested in the courts. 

Guantanamo Bay detention camp has used a "presumptive classification" system to describe the statements of Guantanamo Bay detainees as classified. When challenged by Ammar al-Baluchi in the Guantanamo military commission hearing the 9/11 case, the prosecution abandoned the practice. Presumptive classification continues in the cases involving the habeas corpus petitions of Guantanamo Bay detainees.

Protecting classified information

GSA-approved security container

Facilities and handling

One of the reasons for classifying state secrets into sensitivity levels is to tailor the risk to the level of protection. The U.S. government specifies in some detail the procedures for protecting classified information. The rooms or buildings for holding and handling classified material must have a facility clearance at the same level as the most sensitive material to be handled. Good quality commercial physical security standards generally suffice for lower levels of classification; at the highest levels, people sometimes must work in rooms designed like bank vaults (see Sensitive Compartmented Information Facility – SCIF). The U.S. Congress has such facilities inside the Capitol Building, among other Congressional handling procedures for protecting confidentiality. The U.S. General Services Administration sets standards for locks and containers used to store classified material. The most commonly-approved security containers resemble heavy-duty file cabinets with a combination lock in the middle of one drawer. In response to advances in methods to defeat mechanical combination locks, the U.S. government switched to electromechanical locks that limit the rate of attempts to unlock them. After a specific number of failed attempts, they will permanently lock, requiring a locksmith to reset them. 

Classified U.S. government documents typically must be stamped with their classification on the cover and at the top and bottom of each page. Authors must mark each paragraph, title and caption in a document with the highest level of information it contains, usually by placing appropriate initials in parentheses at the beginning of the paragraph, title, or caption. Commonly, one must affix a brightly colored cover sheet to the cover of each classified document to prevent unauthorized observation of classified material (shoulder surfing) and to remind users to lock up unattended documents. The most sensitive material requires two-person integrity, where two cleared individuals are responsible for the material at all times. Approved containers for such material have two separate combination locks, both of which must be opened to access the contents.

Restrictions dictate shipment methods for classified documents. Top Secret material must go by special courier; Secret material within the U.S. via registered mail; and, Confidential material by certified mail. Electronic transmission of classified information largely requires the use of National Security Agency approved/certified "Type 1" cryptosystems using NSA's unpublished and classified Suite A algorithms. The classification of the Suite A algorithms categorizes the hardware that store them as a Controlled Cryptographic Item (CCI) under the International Traffic in Arms Regulations, or ITAR. CCI equipment and keying material must be controlled and stored with heightened physical security, even when the device is not processing classified information or contains no cryptographic key. NSA is currently implementing what it's calling Suite B which is a group of commercial algorithms such as Advanced Encryption Standard (AES), Secure Hash Algorithm (SHA), Elliptic Curve Digital Signature Algorithm (ECDSA) and Elliptic curve Diffie–Hellman (ECDH). Suite B provides protection for data up to Top Secret on non-CCI devices, which is especially useful in high risk environments or operations needed to prevent Suite A compromise. These less stringent hardware requirements stem from the device not having to "protect" classified Suite A algorithms.

Specialized computer operating systems known as trusted operating systems are available for processing classified information. These systems enforce the classification and labeling rules described above in software. Since 2005, however, they are not considered secure enough to allow uncleared users to share computers with classified activities. Thus, if one creates an unclassified document on a secret device, the resultant data is classified secret until it can be manually reviewed. Computer networks for sharing classified information are segregated by the highest sensitivity level they are allowed to transmit, for example, SIPRNet (Secret) and JWICS (Top Secret-SCI).

The destruction of certain types of classified documents requires burning, shredding, pulping or pulverizing using approved procedures and must be witnessed and logged. Classified computer data presents special problems.

Lifetime commitment

When a cleared individual leaves the job or employer for which they were granted access to classified information, they are formally debriefed from the program. Debriefing is an administrative process that accomplishes two main goals: it creates a formal record that the individual no longer has access to the classified information for that program; and it reminds the individual of their lifetime commitment to protect that information. Typically, the individual is asked to sign another non-disclosure agreement (NDA), similar to that which they signed when initially briefed, and this document serves as the formal record. The debriefed individual does not lose their security clearance; they have only surrendered the need to know for information related to that particular job.

Classifications and clearances between U.S. government agencies

Senator Barry Goldwater reprimanding CIA director William J. Casey for Secret info showing up in The New York Times, but then saying it was over-classified to begin with. 1983
 
In the past, clearances did not necessarily transfer between various U.S. government agencies. For example, an individual cleared for Department of Defense Top Secret had to undergo another investigation before being granted a Department of Energy Q clearance. Agencies are now supposed to honor background investigations by other agencies if they are still current. Because most security clearances only apply inside the agency where the holder works, if one needs to meet with another agency to discuss classified matters, it is possible and necessary to pass one's clearance to the other agency. For example, officials visiting at the White House from other government agencies would pass their clearances to the Executive Office of the President (EOP). 

The Department of Energy security clearance required to access Top Secret Restricted Data, Formerly Restricted Data, and National Security Information, as well as Secret Restricted Data, is a Q clearance. The lower-level L clearance is sufficient for access to Secret Formerly Restricted Data and National Security Information, as well as Confidential Restricted Data and Formerly Restricted Data. In practice, access to Restricted Data is granted, on a need-to-know basis, to personnel with appropriate clearances. At one time, a person might hold both a TS and a Q clearance, but that duplication and cost is no longer required. For all practical purposes, Q is equivalent to Top Secret, and L is equivalent to Secret.

Contrary to popular lore, the Yankee White clearance given to personnel who work directly with the President is not a classification. Individuals having Yankee White clearances undergo extensive background investigations. The criteria include U.S. citizenship, unquestionable loyalty, and an absolute absence of any foreign influence over the individual, his family, or "persons to whom the individual is closely linked". Also, they must not have traveled (save while in government employ and at the instructions of the United States) to countries that are considered to be unfriendly to the United States. Yankee White cleared personnel are granted access to any information for which they have a need to know, regardless of which organization classified it or at what level.

See also the Single Scope Background Investigation below, along with explicit compartmented access indoctrination. Some compartments, especially intelligence-related, may require a polygraph examination, although the reliability of the polygraph is controversial. The NSA uses the polygraph early in the clearance process while the CIA uses it at the end, which may suggest divergent opinions on the proper use of the polygraph.

Categories that are not classifications

Compartments also exist, that employ code words pertaining to specific projects and are used to more easily manage individual access requirements. Code words are not levels of classification themselves, but a person working on a project may have the code word for that project added to his file, and then will be given access to the relevant documents. Code words may also label the sources of various documents; for example, code words are used to indicate that a document may break the cover of intelligence operatives if its content becomes known. The WWII code word Ultra identified information found by decrypting German ciphers, such as the Enigma machine, and which—regardless of its own significance—might inform the Germans that Enigma was broken if they became aware that it was known.

Sensitive Compartmented Information (SCI) and Special Access Programs (SAP)

The terms "Sensitive Compartmented Information" (SCI) and "Special Access Program" (SAP) are widely misunderstood as classification levels or specific clearances. 

In fact, the terms refer to methods of handling certain types of classified information that relate to specific national-security topics or programs (whose existence may not be publicly acknowledged) or the sensitive nature of which requires special handling, and thereby those accessing it require special approval to access it. 

The paradigms for these two categories, SCI originating in the intelligence community and SAP in the Department of Defense, formalize 'Need to Know' and addresses two key logistical issues encountered in the day-to-day control of classified information:
  • Individuals with a legitimate need to know may not be able to function effectively without knowing certain facts about their work. However, granting all such individuals a blanket DoD clearance (often known as a "collateral" clearance) at the Top Secret level would be undesirable, not to mention prohibitively expensive.
  • The government may wish to limit certain types of sensitive information only to those who work directly on related programs, regardless of the collateral clearance they hold. Thus, even someone with a Top Secret clearance cannot gain access to its Confidential information unless it is specifically granted.
To be clear, "collateral" simply means one lacks special access (e.g. SCI, SAP, COMSEC, NATO, etc.). Confidential, Secret, and Top Secret are all, by themselves, collateral clearances.

SAP and SCI are usually found at the Top Secret classification, but there is no prohibition of applying such segregation to Confidential and Secret information.

SAP and SCI implementation are roughly equivalent, and it is reasonable to discuss their implementation as one topic. For example, SAP material needs to be stored and used in a facility much like the SCIF described below.

Department of Energy information, especially the more sensitive SIGMA categories, may be treated as SAP or SCI.

Access to compartmented information

Personnel who require knowledge of SCI or SAP information fall into two general categories:
  • Persons with a need to know
  • Persons with actual access
Access to classified information is not authorized based on clearance status. Access is only permitted to individuals after determining they have a need to know. Need-to-know is a determination that an individual requires access to specific classified information in the performance of (or assist in the performance of) lawful and authorized government functions and duties.

To achieve selective separation of program information while still allowing full access to those working on the program, a separate compartment, identified by a unique codeword, is created for the information. This entails establishing communication channels, data storage, and work locations (SCIF—Sensitive Compartmented Information Facility), which are physically and logically separated not only from the unclassified world, but from general Department of Defense classified channels as well. 

Thus established, all information generated within the compartment is classified according to the general rules above. However, to emphasize that the information is compartmented, all documents are marked with both the classification level and the codeword (and the caveat "Handle via Channels Only", or "Handle via Jointly" if the document contains material from multiple programs). 

Cover sheet for information protected by the BYEMAN control system
 
Examples of such SCI control systems are:
  • COMINT or Special Intelligence (SI)
  • ENDSEAL (EL)
  • TALENT KEYHOLE (TK)
  • HUMINT Control System (HCS)
  • KLONDIKE (KDK)
  • RESERVE (RSV)
  • BYEMAN (BYE or B)
The COMINT control system is for sensitive signals intelligence information and contains several compartments, like:
  • Very Restricted Knowledge (VRK)
  • Exceptionally Controlled Information (ECI), which is used by NSA and restricted to very few people.
  • GAMMA
A person is granted access to a specific compartment after the individual has: (a) had a Single Scope Background Investigation similar to that required for a collateral Top Secret clearance; (b) been "read into" or briefed on the nature and sensitivity of the compartment; and (c) signed a non-disclosure agreement (NDA). 

The individual then has access to all information in the compartment, regardless of its classification (and assuming a need to know). However, access does not extend to any other compartment; i.e., there is no single "SCI clearance" analogous to DoD collateral Top Secret. The requirements for DCID 6/4 eligibility (a determination that an individual is eligible for access to SCI), subsumes the requirements for a TS collateral clearance. Being granted DCID 6/4 eligibility includes the simultaneous granting of a TS collateral clearance, as adjudicators are required to adjudicate to the highest level that the investigation (SSBI) supports.

Groups of compartmented information

SAPs in the Department of Defense are subdivided into three further groups, as defined in 10 U.S.C. § 119.

There is no public reference to whether SCI is divided in the same manner, but news reports reflecting that only the Gang of Eight members of Congress are briefed on certain intelligence activities, it may be assumed that similar rules apply for SCI or for programs with overlapping SAP and SCI content.

The groups for Department of Defense SAPs are:
  • Acknowledged: appears as a line item as "classified project" or the equivalent in the federal budget, although details of its content are not revealed. The budget element will associate the SAP with a Department of Defense component organization, such as a Military Department (e.g. Department of the Navy), a Combatant Command (e.g. U.S. Special Operations Command) or a Defense Agency (e.g. Defense Information Systems Agency.)
  • Unacknowledged: no reference to such SAPs is found in the publicly published federal budget; its funding is hidden in a classified annex, often called the "black budget". The Congressional defense committees, however, are briefed on the specifics of such SAPs.
  • Waived: At the sole discretion of the Secretary of Defense, on a case-by-case basis in the interest of national security, there is no mention in the budget at all, and only the "Big 6" members of Congress; the Chairman and Ranking Minority Members of the armed services committees, the appropriations committees and the defense appropriations subcommittees; receive notification of such SAPs.
Examples of SCI topics are human intelligence, communications intelligence, and intelligence collected by satellites. One or more compartments may be created for each area, and each of these compartments may contain multiple subcompartments (e.g., a specific HUMINT operation), themselves with their own code names. 

Specific compartmented programs will have their own specific rules. For example, it is standard that no person is allowed unaccompanied access to a nuclear weapon or to command-and-control systems for nuclear weapons. Personnel with nuclear-weapons access are under the Personnel Reliability Program

Some highly sensitive SAP or SCI programs may also use the "no lone zone" method (that is, a physical location into which no one is allowed to enter unaccompanied) described for nuclear weapons.

Handling caveats

The United States also has a system of restrictive caveats that can be added to a document: these are constantly changing, but can include (in abbreviated form) a requirement that the document not be shared with a civilian contractor or not leave a specific room. These restrictions are not classifications in and of themselves; rather, they restrict the dissemination of information within those who have the appropriate clearance level and possibly the need to know the information. Remarks such as "Eyes Only" also limit the restriction. One violating these directives might be guilty of violating a lawful order or mishandling classified information. 

For ease of use, caveats and abbreviations have been adopted that can be included in the summary classification marking (header/footer) to enable the restrictions to be identified at a glance. They are sometimes known as Dissemination Control Abbreviations. Some of these caveats are (or were):
  • FOUO: For Official Use Only. Used for documents or products which contain material which is exempt from release under the Freedom of Information Act.
  • NFIBONLY: National Foreign Intelligence Board Departments Only
  • NOFORN: Distribution to non-US citizens is prohibited, regardless of their clearance or access permissions (NO FOReign National access allowed).
  • NOCONTRACTOR: Distribution to contractor personnel (non-US-government employees) is prohibited, regardless of their clearance or access permissions.
  • ORCON: Originator controls dissemination and/or release of the document.
  • PROPIN: Caution—Proprietary Information Involved
  • REL: Distribution to citizens of the countries listed is permitted, providing they have appropriate accesses and need to know. Example: "REL TO USA, AUS, GBR, CAN, NZL" indicates that the information may be shared with appropriate personnel from Australia, the United Kingdom, Canada, and New Zealand.
  • FVEY is the country code used as shorthand for the Five Eyes.
  • X: Information is exempt from automatic declassification (after the statutory default of 25 years) for exemption reason , and declassification review shall not be permitted for years (as determined by law or the Interagency Security Classification Appeals Panel). For the most part, the exemption reasoning and caveats are outlined in paragraphs (b)–(d) and (g)–(i) of Sec. 3.3 of Executive Order 13526, but paragraph (b) is typically the one being referenced as the exemption reason value .
Example: "50X1" indicates the information must remain classified for 50 years, since it pertains to intelligence activities, sources, or methods (reason (1) of Section 3.3, paragraph (b)).
  • RESTRICTED: Distribution to non-US citizens or those holding an interim clearance is prohibited; certain other special handling procedures apply.
Classification level and caveats are typically separated by "//" in the summary classification marking. For example, the final summary marking of a document might be:
SECRET////ORCON/NOFORN

Controls on atomic-energy information

The Atomic Energy Act of 1954 sets requirements for protection of information about nuclear weapons and special nuclear materials. Such information is "classified from birth", unlike all other sensitive information, which must be classified by some authorized individual. However, authorized classifiers still must determine whether documents or material are classified or restricted. 

The U.S. Department of Energy recognizes two types of Restricted Data:
  • Restricted Data. Data concerning the design, manufacture, or utilization of atomic weapons; production of special nuclear material; or use of special nuclear material in the production of energy.
  • Formerly Restricted Data. Classified information jointly determined by the DOE and the Department of Defense to be related primarily to the military utilization of atomic weapons and removed from the Restricted Data category.
Documents containing such information must be marked "RESTRICTED DATA" (RD) or "FORMERLY RESTRICTED DATA" (FRD) in addition to any other classification marking. Restricted Data and Formerly Restricted Data are further categorized as Top Secret, Secret, or Confidential.

SIGMA categories and Critical Nuclear Weapon Design Information

RESTRICTED DATA contains further compartments. The Department of Energy establishes a list of SIGMA Categories for more fine-grained control than RESTRICTED DATA. Critical Nuclear Weapon Design Information (CNWDI, colloquially pronounced "Sin-Widdy") reveals the theory of operation or design of the components of a nuclear weapon. As such, it would be SIGMA 1 or SIGMA 2 (sigmas) material, assuming laser fusion is not involved in the information.

Access to CNWDI is supposed to be kept to the minimum number of individuals needed. In written documents, paragraphs containing the material, assuming it is Top Secret, would be marked (TS//RD-CNWDI). SIGMA information of special sensitivity may be handled much like SAP or SCI material (q.v.)

Naval Nuclear Propulsion Information

While most Naval Nuclear Propulsion Information is sensitive, it may or may not be classified. The desired power densities of naval reactors make their design peculiar to military use, specifically high-displacement, high-speed vessels. The proliferation of quieter- or higher-performance marine propulsion systems presents a national-security threat to the United States. Due to this fact, all but the most basic information concerning NNPI is classified. The United States Navy recognizes that the public has an interest in environmental, safety, and health information, and that the basic research the Navy carries out can be useful to industry.

Sharing of classified information with other countries

In cases where the United States wishes to share classified information bilaterally (or multilaterally) with a country that has a sharing agreement, the information is marked with "REL TO USA", (release) and the three-letter country code. For example, if the U.S. wanted to release classified information to the government of Canada, it would mark the document "REL TO USA, CAN". There are also group releases, such as NATO, FVEY or UKUSA. Those countries would have to maintain the classification of the document at the level originally classified (Top Secret, Secret, etc.).

Claims of U.S. government misuse of the classification system

It is desired that no document be released which refers to experiments with humans and might have adverse effect on public opinion or result in legal suits. Documents covering such work field should be classified 'secret'. —April 17, 1947 Atomic Energy Commission memo from Colonel O. G. Haywood, Jr. to Dr. Fidler at the Oak Ridge Laboratory in Tennessee
Every bureaucracy strives to increase the superiority of its position by keeping its knowledge and intentions secret. Bureaucratic administration always seeks to evade the light of the public as best it can, because in so doing it shields its knowledge and conduct from criticism ...
While the classification of information by the government is not supposed to be used to prevent information from being made public that would be simply embarrassing or reveal criminal acts, it has been alleged that the government routinely misuses the classification system to cover up criminal activity and the potentially embarrassing. 

Steven Aftergood, director of the Project on Government Secrecy at the Federation of American Scientists notes that
... inquiring into classified government information and disclosing it is something that many national security reporters and policy analysts do, or try to do, every day. And with a few narrow exceptions—for particularly sensitive types of information—courts have determined that this is not a crime." Aftergood notes, "The universe of classified information includes not only genuine national security secrets, such as confidential intelligence sources or advanced military technologies, but an endless supply of mundane bureaucratic trivia, such as 50-year-old intelligence budget figures, as well as the occasional crime or cover-up.
In The Pentagon Papers case, a classified study was published revealing that four administrations had misled the American public about their intentions in the Vietnam War, increasing the credibility gap. Russo and Ellsberg were prosecuted under Espionage Law. The case prompted Harold Edgar & Benno C. Schmidt, Jr. to write a review of Espionage law in the 1973 Columbia Law Review. Their article was entitled "The Espionage Statutes and Publication of Defense Information". In it, they point out that Espionage law does not criminalize classified information, only national defense information. They point out that Congress has repeatedly resisted or failed to make the disclosing of classified information illegal, in and of itself. Instead, Congress has strictly limited which sort of classified information is illegal, and under which specific circumstances it is illegal. i.e. in 18 U.S.C. § 798 Congress specifically criminalized leaking cryptographic information that is classified, but when it passed the law it specifically stated the law didn't criminalize disclosing other types of classified information. Another article that discusses the issue is by Jennifer Elsea of the Congressional Research Service.

Various UFO conspiracies mention a level "Above Top Secret" used for UFO design information and related data. They suggest such a classification is intended to apply to information relating to things whose possible existence is to be denied, such as aliens, as opposed to things whose potential existence may be recognized, but for which access to information regarding specific programs would be denied as classified. The British government, for example, denied for several decades that they were either involved or interested in UFO sightings. However, in 2008, the government revealed they have monitored UFO activity for at least the past 30 years. The existence of an "Above Top Secret" classification is considered by some as unnecessary to keep the existence of aliens a secret, as they say information at the Top Secret level, or any level for that matter, can be restricted on the basis of need to know. Thus, the U.S. government could conceal an alien project without having to resort to another level of clearance, as need to know would limit the ability to have access to the information. Some suggest that claims of the existence of such a classification level may be based on the unsubstantiated belief that the levels of classification are themselves classified. As such, they feel that books claiming to contain "Above Top Secret" information on UFOs or remote viewing should arguably be taken with a grain of salt.

Without making a judgment on if such classifications have been used for space aliens, it is a reality that even the names of some compartments were classified, and certainly the meaning of the code names. In the cited document, an (S) means the material it precedes is Secret and (TS) means Top Secret. According to the Department of Defense directive, "the fact of" the existence of NRO was at the secret level for many years, as well as the fact of and the actual phrase "National Reconnaissance Program" (see Paragraph II). Paragraph V(a) is largely redacted, but the introduction to the documents clarifies (see Document 19) that it refers to the now-cancelled BYEMAN code word and control channel for NRO activities. BYEMAN, the main NRO compartment, was classified as a full word, although the special security offices could refer, in an unclassified way, to "B policy".

Responsible agencies

Any agency designated by the President can originate classified information if it meets the content criteria; each agency is responsible for safeguarding and declassifying its own documents. The National Archives and Records Administration (NARA) has custody of classified documents from defunct agencies, and also houses the National Declassification Center (since 2010) and Information Security Oversight Office. The Interagency Security Classification Appeals Panel has representatives from the Departments of State, Defense, and Justice; the National Archives, the Office of the Director of National Intelligence; the National Security Advisor; the Central Intelligence Agency; and Information Security Oversight Office.

Declassification

Declassification is the process of removing the classification of a document and opening it for public inspection.

Automatic declassification

In accordance with Executive Order 13526, published January 5, 2010 (which superseded Executive Order 12958, as amended), an executive agency must declassify its documents after 25 years unless they fall under one of the nine narrow exemptions outlined by section 3.3 of the order. Classified documents 25 years or older must be reviewed by any and all agencies that possess an interest in the sensitive information found in the document. Documents classified for longer than 50 years must concern human intelligence sources or weapons of mass destruction, or get special permission. All documents older than 75 years must have special permission.

Systematic declassification

The Order also requires that agencies establish and conduct a program for systematic declassification review, based on the new and narrower criteria. This only applies to records that are of permanent historical value and less than 25 years old. Section 3.4 of Order 13526, directs agencies to prioritize the systematic review of records based upon the degree of researcher interest and the likelihood of declassification upon review.

Mandatory Declassification Review

A Mandatory Declassification Review, or MDR, is requested by an individual in an attempt to declassify a document for release to the public. These challenges are presented to the agency whose equity, or "ownership", is invested in the document. Once an MDR request has been submitted to an agency for the review of a particular document, the agency must respond either with an approval, a denial, or the inability to confirm or deny the existence or nonexistence of the requested document. After the initial request, an appeal can be filed with the agency by the requester. If the agency refuses to declassify that document, then a decision from a higher authority can be provided by the appellate panel, the Interagency Security Classification Appeals Panel (ISCAP).

Freedom of Information Act

The U.S. Freedom of Information Act (FOIA) was signed into law by President Lyndon B. Johnson on July 4, 1966, took effect the following year, and was amended in 1974, 1976, 1986, 1996 and 2002 (in 1974 over President Ford's veto). This act allows for the full or partial disclosure of previously unreleased information and documents controlled by the U.S. government. Any member of the public may ask for a classified document to be declassified and made available for any reason. The requestor is required to specify with reasonable certainty the documents of interest. If the agency refuses to declassify, the decision can be taken to the courts for a review. The FOIA does not guarantee that requested documents will be released; refusals usually fall under one of the nine of the declassification exemptions that protect highly sensitive information.

History of National Archives and Records Administration role

After declassification, the documents from many agencies are accessioned at the National Archives and Records Administration and put on the open shelves for the public. NARA also reviews documents for declassification. 

NARA first established a formal declassification program for records in 1972, and between 1973 and 1996 reviewed nearly 650 million pages of historically valuable federal records related to World War II, the Korean War, and American foreign policy in the 1950s as part of its systematic declassification review program. From 1996 to 2006, NARA had processed and released close to 460 million pages of federal records, working in partnership with the agencies that originated the records. Over the years, NARA has processed more than 1.1 billion pages of national security classified federal records, resulting in the declassification and release of ninety-one percent of the records.

NARA has also provided significant support to several special projects to review and release federal records on topics of extraordinary public interest such as POW/MIAs or Nazi war crimes. Additionally, NARA works closely with reference archivists to ensure that the federal records most in demand by researchers receive priority for declassification review and performs review on demand for individuals who need records that do not fall into a priority category. NARA has improved or developed electronic systems to support declassification, automating some processes and thus ensuring a more complete record of declassification actions. With assistance from the Air Force, NARA established the Interagency Referral Center (IRC) in order to support agencies as they seek access to their equities in federal records at the National Archives at College Park and to ensure that high-demand records are processed first. 

Presidential libraries

Presidential libraries hold in excess of 30 million classified pages, including approximately 8 million pages from the administrations of Presidents Hoover through Carter, that were subject to automatic declassification on December 31, 2006. The foreign policy materials in Presidential collections are among the highest-level foreign policy documents in the Federal government and are of significant historical value. 

From 1995 to 2006, the national Presidential Library system reviewed, declassified, and released 1,603,429 pages of presidential materials using systematic guidelines delegated to the Archivist of the United States. NARA has also hosted on-site agency review teams at the Eisenhower, Kennedy, and Ford Presidential Libraries to manage classified equities and all presidential libraries have robust mandatory declassification review programs to support requests of individual researchers.

Cyberethics

From Wikipedia, the free encyclopedia

Cyberethics is the philosophic study of ethics pertaining to computers, encompassing user behavior and what computers are programmed to do, and how this affects individuals and society. For years, various governments have enacted regulations while organizations have defined policies about cyberethics.

Privacy history

In the late 19th century, the invention of cameras spurred similar ethical debates as the internet does today. During a seminar of Harvard Law Review in 1890, Warren and Brandeis defined privacy from an ethical and moral point of view to be:
central to dignity and individuality and personhood. Privacy is also indispensable to a sense of autonomy — to 'a feeling that there is an area of an individual's life that is totally under his or her control, an area that is free from outside intrusion.' The deprivation of privacy can even endanger a person's health.
Over 100 years later, the internet and proliferation of private data through governments and ecommerce is an area which requires a new round of ethical debate involving a person's privacy.

Privacy can be decomposed to the limitation of others' access to an individual with "three elements of secrecy, anonymity, and solitude." Anonymity refers to the individual's right to protection from undesired attention. Solitude refers to the lack of physical proximity of an individual to others. Secrecy refers to the protection of personalized information from being freely distributed.

Individuals surrender private information when conducting transactions and registering for services. Ethical business practice protects the privacy of their customers by securing information which may contribute to the loss of secrecy, anonymity, and solitude. Credit card information, social security numbers, phone numbers, mothers' maiden names, addresses and phone numbers freely collected and shared over the internet may lead to a loss of Privacy.

Fraud and impersonation are some of the malicious activities that occur due to the direct or indirect abuse of private information. Identity theft is rising rapidly due to the availability of private information in the internet. For instance, seven million Americans fell victim to identity theft in 2002,and nearly 12 million Americans were victims of identity theft in 2011 making it the fastest growing crime in the United States. Public records search engines and databases are the main culprits contributing to the rise of cybercrime. Listed below are a few recommendations to restrict online databases from proliferating sensitive personnel information.
  1. Exclude sensitive unique identifiers from database records such as social security numbers, birth dates, hometown and mothers' maiden names.
  2. Exclude phone numbers that are normally unlisted.
  3. Clear provision of a method which allows people to have their names removed from a database.
  4. Banning the reverse social security number lookup services.

Private data collection

Data warehouses are used today to collect and store huge amounts of personal data and consumer transactions. These facilities can preserve large volumes of consumer information for an indefinite amount of time. Some of the key architectures contributing to the erosion of privacy include databases, cookies and spyware.

Some may argue that data warehouses are supposed to stand alone and be protected. However, the fact is enough personal information can be gathered from corporate websites and social networking sites to initiate a reverse lookup. Therefore, is it not important to address some of the ethical issues regarding how protected data ends up in the public domain? 

As a result, identity theft protection businesses are on the rise. Companies such as LifeLock and JPMorgan Chase have begun to capitalize on selling identity theft protection insurance.

Governments also have been criticized for collaborating with Google Earth to spy on us. "Google’s Earth: how the tech giant is helping the state spy on us" is the title of a The Guardian article by Yasha Levin who goes on to state 'We knew that being connected had a price – our data. But we didn’t care. Then it turned out that Google’s main clients included the military and intelligence agencies`.

Property

Ethical debate has long included the concept of property. This concept has created many clashes in the world of cyberethics. One philosophy of the internet is centered around the freedom of information. The controversy over ownership occurs when the property of information is infringed upon or uncertain.

Intellectual property rights

The ever-increasing speed of the internet and the emergence of compression technology, such as mp3 opened the doors to Peer-to-peer file sharing, a technology that allowed users to anonymously transfer files to each other, previously seen on programs such as Napster or now seen through communications protocol such as BitTorrent. Much of this, however, was copyrighted music and illegal to transfer to other users. Whether it is ethical to transfer copyrighted media is another question.

Proponents of unrestricted file sharing point out how file sharing has given people broader and faster access to media, has increased exposure to new artists, and has reduced the costs of transferring media (including less environmental damage). Supporters of restrictions on file sharing argue that we must protect the income of our artists and other people who work to create our media. This argument is partially answered by pointing to the small proportion of money artists receive from the legitimate sale of media. 

We also see a similar debate over intellectual property rights in respect to software ownership. The two opposing views are for closed source software distributed under restrictive licenses or for free and open source software. The argument can be made that restrictions are required because companies would not invest weeks and months in development if there were no incentive for revenue generated from sales and licensing fees. A counter argument to this is that standing on shoulders of giants is far cheaper when the giants do not hold IP rights. Some proponents for open source believe that all programs should be available to anyone who wants to study them.

Digital rights management (DRM)

With the introduction of digital rights management software, new issues are raised over whether the subverting of DRM is ethical. Some champion the hackers of DRM as defenders of users' rights, allowing the blind to make audio books of PDFs they receive, allowing people to burn music they have legitimately bought to CD or to transfer it to a new computer. Others see this as nothing but simply a violation of the rights of the intellectual property holders, opening the door to uncompensated use of copyrighted media.

Accessibility, censorship and filtering

Accessibility, censorship and filtering bring up many ethical issues that have several branches in cyberethics. Many questions have arisen which continue to challenge our understanding of privacy, security and our participation in society. Throughout the centuries mechanisms have been constructed in the name of protection and security. Today the applications are in the form of software that filters domains and content so that they may not be easily accessed or obtained without elaborate circumvention or on a personal and business level through free or content-control software. Internet censorship and filtering are used to control or suppress the publishing or accessing of information. The legal issues are similar to offline censorship and filtering. The same arguments that apply to offline censorship and filtering apply to online censorship and filtering; whether people are better off with free access to information or should be protected from what is considered by a governing body as harmful, indecent or illicit. The fear of access by minors drives much of the concern and many online advocate groups have sprung up to raise awareness and of controlling the accessibility of minors to the internet. 

Censorship and filtering occurs on small to large scales, whether it be a company restricting their employees' access to cyberspace by blocking certain websites which are deemed as relevant only to personal usage and therefore damaging to productivity or on a larger scale where a government creates large firewalls which censor and filter access to certain information available online frequently from outside their country to their citizens and anyone within their borders. One of the most famous examples of a country controlling access is the Golden Shield Project, also referred to as the Great Firewall of China, a censorship and surveillance project set up and operated by the People's Republic of China. Another instance is the 2000 case of the League Against Racism and Antisemitism (LICRA), French Union of Jewish Students, vs. Yahoo! Inc (USA) and Yahoo! France, where the French Court declared that "access by French Internet users to the auction website containing Nazi objects constituted a contravention of French law and an offence to the 'collective memory' of the country and that the simple act of displaying such objects (e.g. exhibition of uniforms, insignia or emblems resembling those worn or displayed by the Nazis) in France constitutes a violation of the Article R645-1 of the Penal Code and is therefore considered as a threat to internal public order." Since the French judicial ruling many websites must abide by the rules of the countries in which they are accessible.

Freedom of information

Freedom of information, that is the freedom of speech as well as the freedom to seek, obtain and impart information brings up the question of who or what, has the jurisdiction in cyberspace. The right of freedom of information is commonly subject to limitations dependent upon the country, society and culture concerned. 

Generally there are three standpoints on the issue as it relates to the internet. First is the argument that the internet is a form of media, put out and accessed by citizens of governments and therefore should be regulated by each individual government within the borders of their respective jurisdictions. Second, is that, "Governments of the Industrial World... have no sovereignty [over the Internet] ... We have no elected government, nor are we likely to have one,... You have no moral right to rule us nor do you possess any methods of enforcement we have true reason to fear." A third party believes that the internet supersedes all tangible borders such as the borders of countries, authority should be given to an international body since what is legal in one country may be against the law in another.

Digital divide

An issue specific to the ethical issues of the freedom of information is what is known as the digital divide. This refers to the unequal socio-economic divide between those who have had access to digital and information technology, such as cyberspace, and those who have had limited or no access at all. This gap of access between countries or regions of the world is called the global digital divide.

Sexuality and pornography

Sexuality in terms of sexual orientation, infidelity, sex with or between minors, public display and pornography have always stirred ethical controversy. These issues are reflected online to varying degrees. In terms of its resonance, the historical development of the online pornography industry and user-generated content have been the studied by media academics. One of the largest cyberethical debates is over the regulation, distribution and accessibility of pornography online. Hardcore pornographic material is generally controlled by governments with laws regarding how old one has to be to obtain it and what forms are acceptable or not. The availability of pornography online calls into question jurisdiction as well as brings up the problem of regulation in particular over child pornography, which is illegal in most countries, as well as pornography involving violence or animals, which is restricted within most countries.

Gambling

Gambling is often a topic in ethical debate as some view it as inherently wrong and support prohibition or controls while others advocate no legal . "Between these extremes lies a multitude of opinions on what types of gambling the government should permit and where it should be allowed to take place. Discussion of gambling forces public policy makers to deal with issues as diverse as addiction, tribal rights, taxation, senior living, professional and college sports, organized crime, neurobiology, suicide, divorce, and religion." Due to its controversy, gambling is either banned or heavily controlled on local or national levels. The accessibility of the internet and its ability to cross geographic-borders have led to illegal online gambling, often offshore operations. Over the years online gambling, both legal and illegal, has grown exponentially which has led to difficulties in regulation. This enormous growth has even called into question by some the ethical place of gambling online.

Related organizations

The following organizations are of notable interest in cyberethics debates:

Codes of ethics in computing

Four notable examples of ethics codes for IT professionals are listed below:

RFC 1087

In January 1989, the Internet Architecture Board (IAB) in RFC 1087 defines an activity as unethical and unacceptable if it:
  • Seeks to gain unauthorized access to the resources of the Internet.
  • Disrupts the intended use of the Internet.
  • Wastes resources (people, capacity, computer) through such actions.
  • Destroys the integrity of computer-based information, or
  • Compromises the privacy of users.

The Code of Fair Information Practices

The Code of Fair Information Practices is based on five principles outlining the requirements for records keeping systems. This requirement was implemented in 1973 by the U.S. Department of Health, Education and Welfare.
  • There must be no personal data record-keeping systems whose very existence is secret.
  • There must be a way for a person to find out what information about the person is in a record and how it is used.
  • There must be a way for a person to prevent information about the person that was obtained for one purpose from being used or made available for other purposes without the person's consent.
  • There must be a way for a person to correct or amend a record of identifiable information about the person.
  • Any organization creating, maintaining, using, or disseminating records of identifiable personal data must assure the reliability of the data for their intended use and must take precautions to prevent misuses of the data.

Ten Commandments of Computer Ethics

The ethical values as defined in 1992 by the Computer Ethics Institute; a nonprofit organization whose mission is to advance technology by ethical means, lists these ten rules as a guide to computer ethics:
  1. Thou shalt not use a computer to harm other people.
  2. Thou shalt not interfere with other people's computer work.
  3. Thou shalt not snoop around in other people's computer files.
  4. Thou shalt not use a computer to steal.
  5. Thou shalt not use a computer to bear false witness.
  6. Thou shalt not copy or use proprietary software for which you have not paid.
  7. Thou shalt not use other people's computer resources without authorization or proper compensation.
  8. Thou shalt not appropriate other people's intellectual output.
  9. Thou shalt think about the social consequences of the program you are writing or the system you are designing.
  10. Thou shalt always use a computer in ways that ensure consideration and respect for your fellow humans.

(ISC)² Code of Ethics

(ISC)², a professional association which seeks to inspire a safe and secure cyber world, has further defined its own code of ethics. The code is based on four canons, under a general preamble. 

Code of Ethics Preamble:

The safety and welfare of society and the common good, duty to our principles, and to each other, requires that we adhere, and be seen to adhere, to the highest ethical standards of behavior. Therefore, strict adherence to this Code is a condition of certification.

Code of Ethics Canons:

Canon One: Protect society, the common good, necessary public trust and confidence, and the infrastructure.

Canon Two: Act honorably, honestly, justly, responsibly, and legally.

Canon Three: Provide diligent and competent service to principles.

Canon Four: Advance and protect the profession.

Probabilistic programming

From Wikipedia, the free encyclopedia https://en.wikipedia.org/wiki/Probabilistic_programming   ...