Classified information in the United Kingdom

Last updated

Classified information in the United Kingdom is a system used to protect information from intentional or inadvertent release to unauthorised readers. The system is organised by the Cabinet Office and is implemented throughout central and local government and critical national infrastructure. The system is also used by private sector bodies that provide services to the public sector.

Contents

The current classification system, the Government Security Classifications Policy, replaced the old Government Protective Marking Scheme in 2014. Since classifications can last for 100 years many documents are still covered by the old scheme.

Policy

Policy is set by the Cabinet Office. The Security Policy Framework (SPF) superseded the Manual of Protective Security [1] and contains the primary internal protective security policy and guidance on security and risk management for His Majesty's Government (HMG) Departments and associated bodies. It is the source on which all localised security policies are based.

The classification system was formerly included in the Manual of Protective Security (MPS) which specified the impact of release and protection level required for each classification. Departments issued localised versions of the content of the MPS as appropriate to their operational needs.

Government Security Classifications Policy

The Cabinet Office issued the Government Security Classifications Policy (GSCP) in 2013; it came into effect in 2014. It replaced the old Government Protective Marking Scheme (GPMS). Classifications must be capitalised and centrally noted at top and bottom of each document page, save at OFFICIAL where the document marking is optional. All material produced by a public body in the UK must be presumed to be OFFICIAL unless it is otherwise marked. Like the GPMS, which it superseded, the GSCP classifications are applied only to the confidentiality of the data under classification.

TOP SECRET
Information marked as TOP SECRET is that whose release is liable to cause considerable loss of life, international diplomatic incidents, or severely impact ongoing intelligence operations. Disclosure of such information is assumed to be above the threshold for prosecution under the Official Secrets Act 1989.
SECRET
This marking is used for information which needs protection against serious threats, and which could cause serious harm if compromised—such as threats to life, compromising major crime investigations, or harming international relations.
OFFICIAL
All routine public sector business, operations and services is treated as OFFICIAL. Many departments and agencies operate exclusively at this level.

It is often incorrectly assumed that the OFFICIAL classification replaces the GPMS markings of PROTECT, RESTRICTED and CONFIDENTIAL, however this is not the case, since the criteria on which GPMS markings were applied bear no relationship to the criteria used for GSCP classifications.

It is quite possible, and not uncommon, for data within an OFFICIAL classification to have serious impacts including serious injury in the event of unauthorised disclosure. This is one of the characteristics of the GSCP which differs significantly from the Protective Marking Scheme which it replaced.

At the OFFICIAL classification there is a general presumption that data may be shared across Government, however where a need to know principle is identified data may be marked as "OFFICIAL-SENSITIVE"; "OFFICIAL-SENSITIVE COMMERCIAL"; "OFFICIAL-SENSITIVE LOCSEN" or "OFFICIAL-SENSITIVE PERSONAL".

All OFFICIAL-SENSITIVE data must be marked and contain handling instructions identifying why the data is deemed sensitive, how it must be held, processed and transferred. [2] [3]

Government Protective Marking Scheme

The older system used five levels of classification, supplemented with caveat keywords. [4] :Annex One The keyword was placed in all capital letters in the centre of the top and bottom of each page of a classified document and described the foreseeable consequence of an unauthorised release of the data (a ‘breach of confidentiality’). In descending order of secrecy, these are:

TOP SECRET
Information marked as TOP SECRET is that whose release is liable to cause considerable loss of life, international diplomatic incidents, or severely impact ongoing intelligence operations. Prior to the Second World War, the highest level was "Most Secret"; it was renamed so that both the UK and U.S. operated to a consistent system.
SECRET
This marking is used for information whose side-effects may be life-threatening, disruptive to public order or detrimental to diplomatic relations with friendly nations.
CONFIDENTIAL
The effects of releasing information marked as CONFIDENTIAL include considerable infringement on personal liberties, material damage to diplomatic relations, or to seriously disrupt day-to-day life in the country.
RESTRICTED
Information marked as RESTRICTED is at a level where the release of the material will have effects such as significant distress to individuals, adversely affecting the effectiveness of military operations, or to compromise law enforcement.
PROTECT
Such information will cause distress to individuals; cause financial loss or improper gain; prejudice the investigation of, or facilitate the commission of, a crime; or disadvantage government in commercial or policy negotiations with others. PROTECT should always be used with a descript such as “Commercial”, “Management”, “Personal”, or a similar term.
UNCLASSIFIED [4] :p. 22
The term "UNCLASSIFIED" or "NOT PROTECTIVELY MARKED" may be used in UK Government documents to indicate positively that a protective marking is not needed.

Documents classified under the Protective Marking Scheme still exist and need correct handling. After 100 years all the classifications will have run out but the procedures may still be of interest to historians.

Handling

Access to protectively marked material is defined according to a vetting level which the individual has achieved.

Vetting is intended to assure the department that the individual has not been involved in espionage, terrorism, sabotage or actions intended to overthrow or undermine Parliamentary democracy by political, industrial or violent means. It also assures the department that the individual has not been a member of, or associated with, any organisation which has advocated such activities or has demonstrated a lack of reliability through dishonesty, lack of integrity or behaviour. Finally, the process assures the department that the individual will not be subject to pressure or improper influence through past behaviour or personal circumstances. [5]

Protectively marked material must be accounted for in a manner appropriate to its classification level and disposal must be in accordance with the SPF. The act of destruction or disposal is included in the accounting process.

Descriptors

Protectively marked material may also be marked with a descriptor, or privacy marking, which identifies sensitivities around distribution and handling.

Examples of descriptors include, but are not restricted to:

Nationality caveat

Protectively marked material may bear a nationality caveat , a descriptor defining to which nationality groups it may be released. By default, material in the UK is not caveated by nationality, the classification being sufficient protection.

Examples of nationality caveats include, but are not limited to:

Codewords

Dissemination of already protectively marked material may be further limited only to those with a legitimate need to know using compartmentalisation by use of codewords. Examples of compartmented material would include information about nuclear warheads, fusion, and naval nuclear propulsion. In some cases, the existence of a compartment identified by a codeword is itself classified.

Examples of codewords include, but are not limited to:

See also

Related Research Articles

<span class="mw-page-title-main">Classified information</span> Material that government claims requires confidentiality

Classified information is material that a government body deems to be sensitive information that must be protected. Access is restricted by law or regulation to particular groups of people with the necessary security clearance and need to know. Mishandling of the material can incur criminal penalties.

A security clearance is a status granted to individuals allowing them access to classified information or to restricted areas, after completion of a thorough background check. The term "security clearance" is also sometimes used in private organizations that have a formal process to vet employees for access to sensitive information. A clearance by itself is normally not sufficient to gain access; the organization must also determine that the cleared individual needs to know specific information. No individual is supposed to be granted automatic access to classified information solely because of rank, position, or a security clearance.

<span class="mw-page-title-main">Declassification</span> Publication of formerly secret information

Declassification is the process of ceasing a protective classification, often under the principle of freedom of information. Procedures for declassification vary by country. Papers may be withheld without being classified as secret, and eventually made available.

<span class="mw-page-title-main">Sensitive compartmented information</span> Information relative to U.S. National Security

Sensitive compartmented information (SCI) is a type of United States classified information concerning or derived from sensitive intelligence sources, methods, or analytical processes. All SCI must be handled within formal access control systems established by the Director of National Intelligence.

Eyes only is jargon used with regard to classified information. Whereas a classified document is normally intended to be available to readers with the appropriate security clearance and a need to know, an "eyes only" designation, whether official or informal, indicates that the document is intended only for a specific set of readers. As such the document should not be read by other individuals even if they otherwise possess the appropriate clearance. Another meaning is that the document is under no circumstances to be copied or photographed, "eyes only" meaning that it is to be physically read by cleared personnel and nothing more, to ensure that no unauthorized copies of the text are made which might be unaccounted for.

Redaction or sanitization is the process of removing sensitive information from a document so that it may be distributed to a broader audience. It is intended to allow the selective disclosure of information. Typically, the result is a document that is suitable for publication or for dissemination to others rather than the intended audience of the original document.

<span class="mw-page-title-main">Sensitive but unclassified</span> American federal information sensitivity designation

Sensitive But Unclassified (SBU) is a designation of information in the United States federal government that, though unclassified, often requires strict controls over its distribution. SBU is a broad category of information that includes material covered by such designations as For Official Use Only (FOUO), Law Enforcement Sensitive (LES), Sensitive Homeland Security Information, Sensitive Security Information (SSI), Critical Infrastructure Information (CII), etc. It also includes Internal Revenue Service materials like individual tax records, systems information, and enforcement procedures. Some categories of SBU information have authority in statute or regulation while others, including FOUO, do not.

The United States government classification system is established under Executive Order 13526, the latest in a long series of executive orders on the topic of classified information beginning in 1951. Issued by President Barack Obama in 2009, Executive Order 13526 replaced earlier executive orders on the topic and modified the regulations codified to 32 C.F.R. 2001. It lays out the system of classification, declassification, and handling of national security information generated by the U.S. government and its employees and contractors, as well as information received from other governments.

Special access programs (SAPs) in the U.S. Federal Government are security protocols that provide highly classified information with safeguards and access restrictions that exceed those for regular (collateral) classified information. SAPs can range from black projects to routine but especially-sensitive operations, such as COMSEC maintenance or presidential transportation support. In addition to collateral controls, a SAP may impose more stringent investigative or adjudicative requirements, specialized nondisclosure agreements, special terminology or markings, exclusion from standard contract investigations (carve-outs), and centralized billet systems. Within the Department of Defense, SAP is better known as "SAR" by the mandatory Special Access Required (SAR) markings.

A List X site is a commercial site on UK soil that is approved to hold UK government protectively marked information marked as 'Secret' or above, or international partners information classified ‘Confidential’ or above. This changed from 'Confidential and above' with the introduction of the Government Security Classification Scheme. It is applied to a company's specific site and not a company as a whole. The term has been used since the 1930s and is equivalent to facility security clearance (FSC) used in other countries.

<span class="mw-page-title-main">Q clearance</span> U.S. Department of Energy security clearance level

Q clearance or Q access authorization is the U.S. Department of Energy (DOE) security clearance required to access Top Secret Restricted Data, Formerly Restricted Data, and National Security Information, as well as Secret Restricted Data. Restricted Data (RD) is defined in the Atomic Energy Act of 1954 and covers nuclear weapons and related materials. The lower-level L clearance is sufficient for access to Secret Formerly Restricted Data (FRD) and National Security Information, as well as Confidential Restricted Data and Formerly Restricted Data. Access to Restricted Data is only granted on a need-to-know basis to personnel with appropriate clearances.

Information sensitivity is the control of access to information or knowledge that might result in loss of an advantage or level of security if disclosed to others.

Compartmentalization, in information security, whether public or private, is the limiting of access to information to persons or other entities on a need-to-know basis to perform certain tasks.

<span class="mw-page-title-main">Restricted Data</span> Legal category of US nuclear secrets

Restricted Data (RD) is a category of proscribed information, per National Industrial Security Program Operating Manual (NISPOM). Specifically, it is defined by the Atomic Energy Act of 1954 as:

<span class="mw-page-title-main">Sensitive security information</span>

Sensitive security information (SSI) is a category of United States sensitive but unclassified information obtained or developed in the conduct of security activities, the public disclosure of which would constitute an unwarranted invasion of privacy, reveal trade secrets or privileged or confidential information, or be detrimental to the security of transportation. It is not a form of classification under Executive Order 12958 as amended. SSI is not a security classification for national security information. The safeguarding and sharing of SSI is governed by Title 49 Code of Federal Regulations (CFR) parts 15 and 1520. This designation is assigned to information to limit the exposure of the information to only those individuals that "need to know" in order to participate in or oversee the protection of the nation's transportation system. Those with a need to know can include persons outside of TSA, such as airport operators, aircraft operators, railroad carriers, rail hazardous materials shippers and receivers, vessel and maritime port owners and operators, foreign vessel owners, and other persons.

In information security, the process of being read into a compartmented program generally entails being approved for access to particularly sensitive and restricted information about a classified program, receiving a briefing about the program, and formally acknowledging the briefing, usually by signing a non-disclosure agreement describing restrictions on the handling and use of information concerning the program. Officials with the required security clearance and a need to know may be read into a covert operation or clandestine operation they will be working on. For codeword–classified programs, an official would not be aware a program existed with that codeword until being read in, because the codewords themselves are classified.

HMG Information Assurance Standard No.1, usually abbreviated to IS1, was a security standard applied to government computer systems in the UK.

The Government Security Classifications Policy (GSCP) is a system for classifying sensitive government data in the United Kingdom.

In the United Kingdom, government policy requires that staff undergo security vetting in order to gain access to government information.

References

  1. "Security policy framework: Protecting government assets".
  2. Government Security Classifications April 2014, Version 1.0 - October 2013. HMG Cabinet Office. October 2013.
  3. Government Security Classifications FAQ Sheet 1: Working with OFFICIAL Information April 2013, Version 1.2 (PDF). HMG Cabinet Office. April 2013.
  4. 1 2 "HMG Security Policy Framework". V8. Cabinet Office. April 2012. Retrieved April 29, 2013.
  5. Hansard, Written answers 15 Dec 1994 Hansard online
  6. Disdero, Michel. "Quadripartite Meeting" via www.academia.edu.{{cite journal}}: Cite journal requires |journal= (help)
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.