On May 5, President Obama sent a draft list of nuclear sites that the United States intended to declare to the International Atomic Energy Agency to Congress, noting in his transmittal letter that the document was "Sensitive" and that the document was exempt from disclosure. A little more than two weeks later, that very document appeared online.
The 267-page document, a draft of "The List of Sites, Locations, Facilities, and Activities Declared to the International Atomic Energy Agency," contains addresses and descriptions of civilian nuclear sites around the country, such as a Westinghouse site in Pittsburgh used for the enrichment of nuclear material and details on some programs at places like Oak Ridge National Laboratory. It also contains maps of some of the more sprawling nuclear locations, and the square footage of many.
Though it is unclassified and doesn't detail weapons programs, the document contains information the IAEA labels "Highly Confidential Safeguards Sensitive," words that show up on every page -- except maps -- of the disclosure document itself. In a speech about cybersecurity last week, President Obama noted that the United States was "renewing American leadership to confront unconventional challenges" that include "nuclear proliferation."
The disclosure, first noted by the Federation of American Scientists' Secrecy News newsletter, appears to have been put into motion on May 6, but it's unclear just how. A House of Representatives transmittal letter said that the president's letter and the attached documents were "referred to the Committee on Foreign Affairs and ordered to be printed." The communications director for the House Committee on Foreign Affairs wasn't immediately available for comment but told The New York Times that the committee hadn't published or controlled the publication of the document.
A GPO spokesman noted that the GPO publishes about 160 House documents each session, adding that this document had been received "in the normal process and produced under routine operating procedures." The document has since been permanently removed from the Government Printing Office Web site, where it had been published, upon consultation with the White House and Congress.
"Somebody screwed up," Federation of American Scientists' Steven Aftergood, an advocate of open government who described the document's disclosure as a "net plus" from a public policy standpoint, said in an e-mail. "When the president declares a document to be sensitive on May 5, it is not supposed to show up on a government Web site on May 22. But that's what happened."
This isn't anywhere near the first time the government has incautiously published sensitive documents and represents a classic example of why insider threats are just as dangerous as those from outsiders. Several Web sites, including Cryptome, FAS Secrecy News, and Wikileaks, are dedicated to finding and publishing such documents.
InformationWeek Analytics has published an independent analysis on what executives really think about security. Download the report here (registration required).