Classified information is material that a government body deems to be sensitive information that must be protected. Access is restricted by law or regulation to particular groups of people with the necessary security clearance with a need to know. Mishandling of the material can incur criminal penalties.
A formal security clearance is required to view or handle classified material. The clearance process requires a satisfactory background investigation. Documents and other information must be properly marked "by the author" with one of several (hierarchical) levels of sensitivity—e.g. restricted, confidential, secret, and top secret. The choice of level is based on an impact assessment; governments have their own criteria, including how to determine the classification of an information asset and rules on how to protect information classified at each level. This process often includes security clearances for personnel handling the information.
Some corporations and non-government organizations also assign levels of protection to their private information, either from a desire to protect trade secrets, or because of laws and regulations governing various matters such as personal privacy, sealed legal proceedings and the timing of financial information releases.
With the passage of time much classified information can become less sensitive, and may be declassified and made public. Since the late twentieth century there has been freedom of information legislation in some countries, whereby the public is deemed to have the right to all information that is not considered to be damaging if released. Sometimes documents are released with information still considered confidential obscured (redacted), as in the adjacent example.
The question exists among some political science and legal experts whether the definition of classified ought to be information that would cause injury to the cause of justice, human rights, etc., rather than information that would cause injury to the national interest; to distinguish when classifying information is in the collective best interest of a just society, or merely the best interest of a society acting unjustly to protect its people, government, or administrative officials from legitimate recourses consistent with a fair and just social contract.
The purpose of classification is to protect information. Higher classifications protect information that might endanger national security. Classification formalises what constitutes a "state secret" and accords different levels of protection based on the expected damage the information might cause in the wrong hands.
However, classified information is frequently "leaked" to reporters by officials for political purposes. Several U.S. presidents have leaked sensitive information to influence public opinion. [2] [3]
Although the classification systems vary from country to country, most have levels corresponding to the following British definitions (from the highest level to lowest).
Top Secret is the highest level of classified information. [4] Information is further compartmented so that specific access using a code word after top secret is a legal way to hide collective and important information. [5] Such material would cause "exceptionally grave damage" to national security if made publicly available. [6] Prior to 1942, the United Kingdom and other members of the British Empire used Most Secret, but this was later changed to match the United States' category name of Top Secret in order to simplify Allied interoperability.
The Washington Post reported in an investigation entitled "Top Secret America" that, as of 2010, "An estimated 854,000 people ... hold top-secret security clearances" in the United States. [7]
It is desired that no document be released which refers to experiments with humans and might have adverse effect on public opinion or result in legal suits. Documents covering such work field should be classified "secret".
April 17, 1947 Atomic Energy Commission memo from Colonel O.G. Haywood, Jr. to Dr. Fidler at the Oak Ridge Laboratory in Tennessee. [8] As of 2010 [update] , Executive Order 13526 bans classification of documents simply to "conceal violations of law, inefficiency, or administrative error" or "prevent embarrassment to a person, organization, or agency". [9]
Secret material would cause "serious damage" to national security if it were publicly available. [10]
In the United States, operational "Secret" information can be marked with an additional "LimDis", to limit distribution.
Confidential material would cause "damage" or be prejudicial to national security if publicly available. [11]
Restricted material would cause "undesirable effects" if publicly available. Some countries do not have such a classification in public sectors, such as commercial industries. Such a level is also known as "Private Information".
Official (equivalent to US DOD classification Controlled Unclassified Information or CUI) material forms the generality of government business, public service delivery and commercial activity. This includes a diverse range of information, of varying sensitivities, and with differing consequences resulting from compromise or loss. Official information must be secured against a threat model that is broadly similar to that faced by a large private company.
The Official Sensitive classification replaced the Restricted classification in April 2014 in the UK; Official indicates the previously used Unclassified marking. [12]
Unclassified is technically not a classification level. Though this is a feature of some classification schemes, used for government documents that do not merit a particular classification or which have been declassified. This is because the information is low-impact, and therefore does not require any special protection, such as vetting of personnel.
A plethora of pseudo-classifications exist under this category.[ citation needed ]
Clearance is a general classification, that comprises a variety of rules controlling the level of permission required to view some classified information, and how it must be stored, transmitted, and destroyed. Additionally, access is restricted on a "need to know" basis. Simply possessing a clearance does not automatically authorize the individual to view all material classified at that level or below that level. The individual must present a legitimate "need to know" in addition to the proper level of clearance.
In addition to the general risk-based classification levels, additional compartmented constraints on access exist, such as (in the U.S.) Special Intelligence (SI), which protects intelligence sources and methods, No Foreign dissemination (NoForn), which restricts dissemination to U.S. nationals, and Originator Controlled dissemination (OrCon), which ensures that the originator can track possessors of the information. Information in these compartments is usually marked with specific keywords in addition to the classification level.
Government information about nuclear weapons often has an additional marking to show it contains such information (CNWDI).
When a government agency or group shares information between an agency or group of other country's government they will generally employ a special classification scheme that both parties have previously agreed to honour.
For example, the marking Atomal, is applied to U.S. Restricted Data or Formerly Restricted Data and United Kingdom Atomic information that has been released to NATO. Atomal information is marked COSMIC Top Secret Atomal (CTSA), NATO Secret Atomal (NSAT), or NATO Confidential Atomal (NCA). BALK and BOHEMIA are also used.
For example, sensitive information shared amongst NATO allies has four levels of security classification; from most to least classified: [13] [14]
A special case exists with regard to NATO Unclassified (NU) information. Documents with this marking are NATO property (copyright) and must not be made public without NATO permission.
COSMIC is an acronym for "Control of Secret Material in an International Command". [16]
Most countries employ some sort of classification system for certain government information. For example, in Canada, information that the U.S. would classify SBU (Sensitive but Unclassified) is called "protected" and further subcategorised into levels A, B, and C.
On 19 July 2011, the National Security (NS) classification marking scheme and the Non-National Security (NNS) classification marking scheme in Australia was unified into one structure.
As of 2018, the policy detailing how Australian government entities handle classified information is defined in the Protective Security Policy Framework (PSPF). The PSPF is published by the Attorney-General's Department and covers security governance, information security, personal security, and physical security. A security classification can be applied to the information itself or an asset that holds information e.g., a USB or laptop. [22]
The Australian Government uses four security classifications: OFFICIAL: Sensitive, PROTECTED, SECRET and TOP SECRET. The relevant security classification is based on the likely damage resulting from compromise of the information’s confidentiality..
All other information from business operations and services requires a routine level of protection and is treated as OFFICIAL. Information that does not form part of official duty is treated as UNOFFICIAL.
OFFICIAL and UNOFFICIAL are not security classifications and are not mandatory markings.
Caveats are a warning that the information has special protections in addition to those indicated by the security classification of PROTECTED or higher (or in the case of the NATIONAL CABINET caveat, OFFICIAL: Sensitive or higher). Australia has four caveats:
Codewords are primarily used within the national security community. Each codeword identifies a special need-to-know compartment.
Foreign government markings are applied to information created by Australian agencies from foreign source information. Foreign government marking caveats require protection at least equivalent to that required by the foreign government providing the source information.
Special handling instructions are used to indicate particular precautions for information handling. They include:
A releasability caveat restricts information based on citizenship. The three in use are:
Additionally, the PSPF outlines Information Management Markers (IMM) as a way for entities to identify information that is subject to non-security related restrictions on access and use. These are:
There are three levels of document classification under Brazilian Law No. 12.527, the Access to Information Act: [23] ultrassecreto (top secret), secreto (secret) and reservado (restricted).
A top secret (ultrassecreto) government-issued document may be classified for a period of 25 years, which may be extended up to another 25 years. [24] Thus, no document remains classified for more than 50 years. This is mandated by the 2011 Information Access Law (Lei de Acesso à Informação), a change from the previous rule, under which documents could have their classification time length renewed indefinitely, effectively shuttering state secrets from the public. The 2011 law applies retroactively to existing documents.
The government of Canada employs two main types of sensitive information designation: Classified and Protected. The access and protection of both types of information is governed by the Security of Information Act , effective 24 December 2001, replacing the Official Secrets Act 1981. [25] To access the information, a person must have the appropriate security clearance and the need to know.
In addition, the caveat "Canadian Eyes Only" is used to restrict access to Classified or Protected information only to Canadian citizens with the appropriate security clearance and need to know. [26]
SOI is not a classification of data per se. It is defined under the Security of Information Act, and unauthorised release of such information constitutes a higher breach of trust, with a penalty of up to life imprisonment if the information is shared with a foreign entity or terrorist group.
SOIs include:
Classified information can be designated Top Secret, Secret or Confidential. These classifications are only used on matters of national interest.
Protected information is not classified. It pertains to any sensitive information that does not relate to national security and cannot be disclosed under the access and privacy legislation because of the potential injury to particular public or private interests. [27] [28]
Federal Cabinet (King's Privy Council for Canada) papers are either protected (e.g., overhead slides prepared to make presentations to Cabinet) or classified (e.g., draft legislation, certain memos). [29]
The Criminal Law of the People's Republic of China (which is not operative in the special administrative regions of Hong Kong and Macau) makes it a crime to release a state secret. Regulation and enforcement is carried out by the National Administration for the Protection of State Secrets.
Under the 1989 "Law on Guarding State Secrets", [30] state secrets are defined as those that concern:
Secrets can be classified into three categories:
In France, classified information is defined by article 413-9 of the Penal Code. [32] The three levels of military classification are
Less sensitive information is "protected". The levels are
A further caveat, spécial France (reserved France) restricts the document to French citizens (in its entirety or by extracts). This is not a classification level.
Declassification of documents can be done by the Commission consultative du secret de la défense nationale (CCSDN), an independent authority. Transfer of classified information is done with double envelopes, the outer layer being plastified and numbered, and the inner in strong paper. Reception of the document involves examination of the physical integrity of the container and registration of the document. In foreign countries, the document must be transferred through specialised military mail or diplomatic bag. Transport is done by an authorised conveyor or habilitated person for mail under 20 kg. The letter must bear a seal mentioning "Par Valise Accompagnee-Sacoche". Once a year, ministers have an inventory of classified information and supports by competent authorities.
Once their usage period is expired, documents are transferred to archives, where they are either destroyed (by incineration, crushing, or overvoltage), or stored.
In case of unauthorized release of classified information, competent authorities are the Ministry of Interior, the 'Haut fonctionnaire de défense et de sécurité ("high civil servant for defence and security") of the relevant ministry, and the General secretary for National Defence. Violation of such secrets is an offence punishable with seven years of imprisonment and a 100,000 euro fine; if the offence is committed by imprudence or negligence, the penalties are three years of imprisonment and a 45,000 euro fine.
The Security Bureau is responsible for developing policies in regards to the protection and handling of confidential government information. In general, the system used in Hong Kong is very similar to the UK system, developed from the Colonial Hong Kong era.
Four classifications exists in Hong Kong, from highest to lowest in sensitivity: [33]
Restricted documents are not classified per se, but only those who have a need to know will have access to such information, in accordance with the Personal Data (Privacy) Ordinance. [34]
New Zealand uses the Restricted classification, which is lower than Confidential. People may be given access to Restricted information on the strength of an authorisation by their Head of department, without being subjected to the background vetting associated with Confidential, Secret and Top Secret clearances. New Zealand's security classifications and the national-harm requirements associated with their use are roughly similar to those of the United States.
In addition to national security classifications there are two additional security classifications, In Confidence and Sensitive, which are used to protect information of a policy and privacy nature. There are also a number of information markings used within ministries and departments of the government, to indicate, for example, that information should not be released outside the originating ministry.
Because of strict privacy requirements around personal information, personnel files are controlled in all parts of the public and private sectors. Information relating to the security vetting of an individual is usually classified at the In Confidence level.
In Romania, classified information is referred to as "state secrets" (secrete de stat) and is defined by the Penal Code as "documents and data that manifestly appear to have this status or have been declared or qualified as such by decision of Government". [35] There are three levels of classification—Secret, Top Secret, and Top Secret of Particular Importance. [36] The levels are set by the Romanian Intelligence Service and must be aligned with NATO regulations—in case of conflicting regulations, the latter are applied with priority. Dissemination of classified information to foreign agents or powers is punishable by up to life imprisonment, if such dissemination threatens Romania's national security. [37]
In the Russian Federation, a state secret (Государственная тайна) is information protected by the state on its military, foreign policy, economic, intelligence, counterintelligence, operational and investigative and other activities, dissemination of which could harm state security.
The Swedish classification has been updated due to increased NATO/PfP cooperation. All classified defence documents will now have both a Swedish classification (Kvalificerat hemlig, Hemlig, Konfidentiell or Begränsat Hemlig), and an English classification (Top Secret, Secret, Confidential, or Restricted).[ citation needed ] The term skyddad identitet, "protected identity", is used in the case of protection of a threatened person, basically implying "secret identity", accessible only to certain members of the police force and explicitly authorised officials.
At the federal level, classified information in Switzerland is assigned one of three levels, which are from lowest to highest: Internal, Confidential, Secret. [38] Respectively, these are, in German, Intern, Vertraulich, Geheim; in French, Interne, Confidentiel, Secret; in Italian, Ad Uso Interno, Confidenziale, Segreto. As in other countries, the choice of classification depends on the potential impact that the unauthorised release of the classified document would have on Switzerland, the federal authorities or the authorities of a foreign government.
According to the Ordinance on the Protection of Federal Information, information is classified as Internal if its "disclosure to unauthorised persons may be disadvantageous to national interests." [38] Information classified as Confidential could, if disclosed, compromise "the free formation of opinions and decision-making of the Federal Assembly or the Federal Council," jeopardise national monetary/economic policy, put the population at risk or adversely affect the operations of the Swiss Armed Forces. Finally, the unauthorised release of Secret information could seriously compromise the ability of either the Federal Assembly or the Federal Council to function or impede the ability of the Federal Government or the Armed Forces to act.
According to the related regulations in Turkey, there are four levels of document classification: [39] çok gizli (top secret), gizli (secret), özel (confidential) and hizmete özel (restricted). The fifth is tasnif dışı, which means unclassified.
Until 2013, the United Kingdom used five levels of classification—from lowest to highest, they were: Protect, Restricted, Confidential, Secret and Top Secret (formerly Most Secret). The Cabinet Office provides guidance on how to protect information, including the security clearances required for personnel. Staff may be required to sign to confirm their understanding and acceptance of the Official Secrets Acts 1911 to 1989, although the Act applies regardless of signature. Protect is not in itself a security protective marking level (such as Restricted or greater), but is used to indicate information which should not be disclosed because, for instance, the document contains tax, national insurance, or other personal information.
Government documents without a classification may be marked as Unclassified or Not Protectively Marked. [40]
This system was replaced by the Government Security Classifications Policy, which has a simpler model: Top Secret, Secret, and Official from April 2014. [12] Official Sensitive is a security marking which may be followed by one of three authorised descriptors: Commercial, LocSen (location sensitive) or Personal. Secret and Top Secret may include a caveat such as UK Eyes Only.
Also useful is that scientific discoveries may be classified via the D-Notice system if they are deemed to have applications relevant to national security. These may later emerge when technology improves so for example the specialised processors and routing engines used in graphics cards are loosely based on top secret military chips designed for code breaking and image processing. They may or may not have safeguards built in to generate errors when specific tasks are attempted and this is invariably independent of the card's operating system.[ citation needed ]
The U.S. classification system is currently established under Executive Order 13526 and has three levels of classification—Confidential, Secret, and Top Secret. The U.S. had a Restricted level during World War II but no longer does. U.S. regulations state that information received from other countries at the Restricted level should be handled as Confidential. A variety of markings are used for material that is not classified, but whose distribution is limited administratively or by other laws, e.g., For Official Use Only (FOUO), or Sensitive but Unclassified (SBU). The Atomic Energy Act of 1954 provides for the protection of information related to the design of nuclear weapons. The term "Restricted Data" is used to denote certain nuclear technology. Information about the storage, use or handling of nuclear material or weapons is marked "Formerly Restricted Data". These designations are used in addition to level markings (Confidential, Secret and Top Secret). Information protected by the Atomic Energy Act is protected by law and information classified under the Executive Order is protected by Executive privilege.
The U.S. government insists it is "not appropriate" for a court to question whether any document is legally classified. [41] In the 1973 trial of Daniel Ellsberg for releasing the Pentagon Papers, the judge did not allow any testimony from Ellsberg, claiming it was "irrelevant", because the assigned classification could not be challenged. The charges against Ellsberg were ultimately dismissed after it was revealed that the government had broken the law in secretly breaking into the office of Ellsberg's psychiatrist and in tapping his telephone without a warrant. Ellsberg insists that the legal situation in the U.S. in 2014 is worse than it was in 1973, and Edward Snowden could not get a fair trial. [42] The State Secrets Protection Act of 2008 might have given judges the authority to review such questions in camera, but the bill was not passed. [41]
When a government agency acquires classified information through covert means, or designates a program as classified, the agency asserts "ownership" of that information and considers any public availability of it to be a violation of their ownership — even if the same information was acquired independently through "parallel reporting" by the press or others. For example, although the CIA drone program has been widely discussed in public since the early 2000s, and reporters personally observed and reported on drone missile strikes, the CIA still considers the very existence of the program to be classified in its entirety, and any public discussion of it technically constitutes exposure of classified information. "Parallel reporting" was an issue in determining what constitutes "classified" information during the Hillary Clinton email controversy when Assistant Secretary of State for Legislative Affairs Julia Frifield noted, "When policy officials obtain information from open sources, 'think tanks,' experts, foreign government officials, or others, the fact that some of the information may also have been available through intelligence channels does not mean that the information is necessarily classified." [43] [44] [45]
(State) | Top Secret | Secret | Confidential | Restricted |
---|---|---|---|---|
Albania | Teper Sekret | Sekret | Konfidencial | I Kufizuar |
Argentina | Estrictamente Secreto y Confidencial Strictly Secret and Confidential | Secreto Secret | Confidencial Confidential | Reservado Reserved |
Armenia | Հատուկ կարևորության Of Special Importance | Հույժ գաղտնի Top Secret | Գաղտնի Secret [46] | Ծառայողական օգտագործման համար For Service Use |
Australia | Top Secret | Secret [22] | Retired 2018. No equivalent level for historical classification US, French, EU, Japan "Confidential" marking to be handled as SECRET. [47] | Protected |
Austria | Streng Geheim | Geheim | Vertraulich | Eingeschränkt |
Belgium | Zeer Geheim / Très Secret | Geheim / Secret | Vertrouwelijk / Confidentiel | Beperkte Verspreiding / Diffusion restreinte |
Bolivia | Supersecreto or Muy Secreto | Secreto | Confidencial | Reservado |
Bosnia and Herzegovina | Vrlo tajno | Tajno | Povjerljivo | Interno |
Brazil | Ultrassecreto | Secreto | no equivalent (formerly Confidencial) | Reservado |
Bulgaria | Strògo sèkretno Строго секретно | Sèkretno Секретно | Poveritèlno Поверително | Za služebno polzvàne За служебно ползване |
Cambodia | Sam Ngat Bamphot | Sam Ngat Roeung | Art Kambang | Ham Kom Psay |
Canada | Top Secret/Très secret | Secret/Secret | Confidential/Confidentiel | Protected A, B or C/Protégé A, B ou C |
Chile | Secreto | Secreto | Reservado | Reservado |
China | Juémì (绝密) Top Secret | Jīmì (机密) Highly Secret | Mìmì (秘密) Secret | Nèibù (内部) Internal |
Colombia | Ultrasecreto | Secreto | Confidencial | Reserva del sumario |
Costa Rica | Alto Secreto | Secreto | Confidencial | |
Croatia | Vrlo tajno | Tajno | Povjerljivo | Ograničeno |
Czech Republic | Přísně tajné | Tajné | Důvěrné | Vyhrazené |
Denmark | Yderst Hemmeligt (YHM) | Hemmeligt (HEM) | Fortroligt (FTR) | Til Tjenestebrug (TTJ) Foreign Service: Fortroligt |
Ecuador | Secretisimo | Secreto | Confidencial | Reservado |
Egypt | Sirriy lil-Ġāyah سري للغاية | Sirriy Ǧiddan سري جداً | Khāṣ خاص | Maḥzūr محظور |
El Salvador | Ultra Secreto | Secreto | Confidencial | Reservado |
Estonia | Täiesti salajane | Salajane | Konfidentsiaalne | Piiratud |
Ethiopia | ብርቱ ምስጢር | ምስጢር | ጥብቅ | ክልክል |
European Union (EU) | Tres Secret UE / EU Top Secret | Secret UE / EU Secret | Confidentiel UE / EU Confidential | Restreint UE / EU Restricted |
European Union (Western) (WEU) | Focal top secret | WEU Secret | WEU Confidential | WEU Restricted |
Euratom | EURA Top Secret | EURA Secret | EURA Confidential | EURA Restricted |
Finland [lower-alpha 1] | Erittäin salainen (TL I) | Salainen (TL II) | Luottamuksellinen (TL III) | Käyttö rajoitettu (TL IV) |
France | Très secret | Secret | Secret | Diffusion restreinte |
Germany | Streng Geheim Top Secret | Geheim Secret | VS-Vertraulich Confidential | VS-Nur Für Den Dienstgebrauch For Official Use Only |
Greece | Άκρως Απόρρητον Top Secret | Απόρρητον Secret | Εμπιστευτικόν Confidential | Περιορισμένης Χρήσης Limited Use |
Guatemala | Alto Secreto | Secreto | Confidencial | Reservado |
Haiti | Top Secret | Secret | Confidential | Reserve |
Honduras | Super Secreto | Secreto | Confidencial | Reservado |
Hong Kong | Top Secret, 高度機密 | Secret, 機密 | Confidential, 保密 | Restricted, 內部文件/限閱文件 |
Hungary | Szigorúan Titkos Top Secret | Titkos Secret | Bizalmas Confidential | Korlátozott Terjesztésű Restricted Distribution |
India (Hindi) | परम गुप्त (Param Gupt) | गुप्त (Gupt) | गोपनीय (Gopniya) | प्रतिबंधित/सीमित (Pratibandhit/seemit) |
India (English) | Top Secret | Secret | Confidential | Restricted |
Indonesia | Sangat Rahasia | Rahasia | Rahasia Dinas | Terbatas |
Iran | Bekoli-Serriبکلی سری | Serriسری | Kheili-Mahramanehخیلی محرمانه | Mahramanehمحرمانه |
Iraq | Sirriy lil-Ġāyah سري للغاية | Sirriy سري | Khāṣ خاص | Maḥdūd محدود |
Iceland | Algert Leyndarmál Absolute Secret | Leyndarmál Secret | Trúnaðarmál Confidential | Þjónustuskjal Service Document |
Ireland (Irish language) | An-sicréideach | Sicréideach | Rúnda | Srianta |
Israel | Sodi Beyoter סודי ביותר | Sodi סודי | Shamur שמור | Mugbal מוגבל |
Italy | Segretissimo | Segreto | Riservatissimo | Riservato |
Japan | Kimitsu (機密) | Gokuhi (極秘) | Hi (秘) | Toriatsukaichuui (取り扱い注意) |
Jordan | Maktūm Ǧiddan مكتوم جداً | Maktūm مكتوم | Sirriy سري | Maḥdūd محدود |
South Korea | 1(Il)-geup Bimil, 1급 비밀, 一級秘密 Class 1 Secret | 2(I)-geup Bimil, 2급 비밀, 二級秘密 Class 2 Secret | 3(Sam)-geup Bimil, 3급 비밀, 三級秘密 Class 3 Secret | Daeoebi, 대외비, 對外秘 Confidential |
Laos | Lup Sood Gnod | Kuam Lup | Kuam Lap | Chum Kut Kon Arn |
Latvia | Sevišķi slepeni | Slepeni | Konfidenciāli | Dienesta vajadzībām |
Lebanon | Tres Secret | Secret | Confidentiel | |
Lithuania | Visiškai Slaptai | Slaptai | Konfidencialiai | Riboto Naudojimo |
Malaysia | Rahsia Besar | Rahsia | Sulit | Terhad |
Mexico | Ultra Secreto | Secreto | Confidencial | Restringido |
Montenegro | Strogo Tajno | Tajno | Povjerljivo | Interno |
Netherlands [48] | STG. Zeer Geheim | STG. Geheim | STG. Confidentieel | Departementaal Vertrouwelijk |
New Zealand | Top Secret | Secret | Confidential | Restricted |
Nicaragua | Alto Secreto | Secreto | Confidencial | Reservado |
Norway | Strengt Hemmelig | Hemmelig | Konfidensielt | Begrenset |
Pakistan (Urdu) | Intahai Khufia انتہائی خفیہ | Khufia خفیہ | Sigh-e-Raz صیخہ راز | Barai Mahdud Taqsim محدود تقسیم |
Pakistan (English) | Top Secret | Secret | Confidential | Restricted |
Paraguay | Secreto | Secreto | Confidencial | Reservado |
Peru | Estrictamente Secreto | Secreto | Confidencial | Reservado |
Philippines (English) | Top Secret Matinding Lihim | Secret Mahigpit na Lihim | Confidential Lihim | Restricted Ipinagbabawal |
Poland | Ściśle tajne | Tajne | Poufne | Zastrzeżone |
Portugal | Muito Secreto | Secreto | Confidencial | Reservado |
Romania | Strict Secret de Importanță Deosebită Strict Secret of Special Importance | Strict Secret | Secret | Secret de serviciu Secret for Service Use |
Russia | Особой важности (вариант: Совершенно Секретно (Sovershenno Sekretno)) Of Special Importance (variant: Completely Secret) | Совершенно секретно (вариант: Секретно (Sekretno)) Completely Secret (variant: Secret) | Секретно (вариант: Не подлежит оглашению (Конфиденциально) (Ne podlezhit oglasheniyu (Konfidentsial'no)) Secret (variant: Not To Be Disclosed (Confidential)) | Для Служебного Пользования (ДСП) (Dlya Sluzhebnogo Pol'zovaniya) For Official Use |
Saudi Arabia | Saudi Top Secret | Saudi Very Secret | Saudi Secret | Saudi Restricted |
Serbia | Cyrillic: Државна тајна Latin: Državna tajna State Secret | Cyrillic: Строго поверљиво Latin: Strogo poverljivo Strictly Confidential | Cyrillic: Поверљиво Latin: Poverljivo Confidential | Cyrillic: Интерно Latin: Interno Internal |
Singapore | Top Secret | Secret | Confidential | Restricted |
Somalia | Sir Muhiim ah | Sir Gooniya | Xog Qarsoon | Qarsoon |
Slovak Republic | Prísne tajné | Tajné | Dôverné | Vyhradené |
Slovenia | Strogo tajno | Tajno | Zaupno | Interno |
Spain | Secreto | Reservado | Confidencial | Difusión Limitada |
Sri Lanka | අති රහස්ය | රහස්ය | රහසිගත | සීමාන්විත |
Sweden | Kvalificerat hemlig (KH); Hemlig/Top Secret (H/TS) | Hemlig (H); Hemlig/Secret (H/S) | Konfidentiell; Hemlig/Confidential (H/C) | Begränsat hemlig; Hemlig/Restricted (H/R) |
Switzerland | Geheim / Secret | Vertraulich / Confidentiel | Intern / Interne | |
Taiwan (Republic of China) [49] | Top Secret (絕對機密) | Secret (極機密) | Confidential (機密) | no direct equivalent |
Tanzania (Swahili) | Siri Kuu | Siri | Stiri | Imezuiliwa |
Thailand | Lap thi sut (ลับที่สุด) Most Secret | Lap mak (ลับมาก) Very Secret | Lap (ลับ) Secret | Pok pit (ปกปิด) Restricted |
Turkey | Çok Gizli Top Secret | Gizli Secret | Özel Confidential | Hizmete Özel Restricted |
South Africa (English) | Top Secret | Secret | Confidential | Restricted |
South Africa (Afrikaans) | Uiters Geheim | Geheim | Vertroulik | Beperk |
Ukraine | Цілком таємно | Таємно | Конфіденційно | Для службового користування |
United Kingdom | Top Secret (until 1942: Most Secret) | Secret | (formerly Confidential) abolished in 2014 [50] | Official-Sensitive (formerly Restricted) |
United States | Top Secret | Secret | Confidential | no direct equivalent |
Uruguay | Ultra Secreto | Secreto | Confidencial | Reservado |
Vietnam | Tuyệt mật | Tối mật | Tài liệu mật | Hạn chế phổ biến |
Table notes:
Table source: US Department of Defense (January 1995). "National Industrial Security Program - Operating Manual (DoD 5220.22-M)" (PDF). pp. B1 - B3 (PDF pages:121–123 ). Archived (PDF) from the original on 27 July 2019. Retrieved 27 July 2019. |
Private corporations often require written confidentiality agreements and conduct background checks on candidates for sensitive positions. [51] In the U.S., the Employee Polygraph Protection Act prohibits private employers from requiring lie detector tests, but there are a few exceptions. Policies dictating methods for marking and safeguarding company-sensitive information (e.g. "IBM Confidential") are common and some companies have more than one level. Such information is protected under trade secret laws. New product development teams are often sequestered and forbidden to share information about their efforts with un-cleared fellow employees, the original Apple Macintosh project being a famous example. Other activities, such as mergers and financial report preparation generally involve similar restrictions. However, corporate security generally lacks the elaborate hierarchical clearance and sensitivity structures and the harsh criminal sanctions that give government classification systems their particular tone.
The Traffic Light Protocol [52] [53] was developed by the Group of Eight countries to enable the sharing of sensitive information between government agencies and corporations. This protocol has now been accepted as a model for trusted information exchange by over 30 other countries. The protocol provides for four "information sharing levels" for the handling of sensitive information.
A security clearance is a status granted to individuals allowing them access to classified information or to restricted areas, after completion of a thorough background check. The term "security clearance" is also sometimes used in private organizations that have a formal process to vet employees for access to sensitive information. A clearance by itself is normally not sufficient to gain access; the organization must also determine that the cleared individual needs to know specific information. No individual is supposed to be granted automatic access to classified information solely because of rank, position, or a security clearance.
The Bell–LaPadula model (BLP) is a state machine model used for enforcing access control in government and military applications. It was developed by David Elliott Bell, and Leonard J. LaPadula, subsequent to strong guidance from Roger R. Schell, to formalize the U.S. Department of Defense (DoD) multilevel security (MLS) policy. The model is a formal state transition model of computer security policy that describes a set of access control rules which use security labels on objects and clearances for subjects. Security labels range from the most sensitive, down to the least sensitive.
Sensitive compartmented information (SCI) is a type of United States classified information concerning or derived from sensitive intelligence sources, methods, or analytical processes. All SCI must be handled within formal access control systems established by the Director of National Intelligence.
In computer security, mandatory access control (MAC) refers to a type of access control by which a secured environment constrains the ability of a subject or initiator to access or modify on an object or target. In the case of operating systems, the subject is a process or thread, while objects are files, directories, TCP/UDP ports, shared memory segments, or IO devices. Subjects and objects each have a set of security attributes. Whenever a subject attempts to access an object, the operating system kernel examines these security attributes, examines the authorization rules in place, and decides whether to grant access. A database management system, in its access control mechanism, can also apply mandatory access control; in this case, the objects are tables, views, procedures, etc.
Multilevel security or multiple levels of security (MLS) is the application of a computer system to process information with incompatible classifications, permit access by users with different security clearances and needs-to-know, and prevent users from obtaining access to information for which they lack authorization. There are two contexts for the use of multilevel security.
Eyes only is jargon used with regard to classified information. Whereas a classified document is normally intended to be available to readers with the appropriate security clearance and a need to know, an "eyes only" designation, whether official or informal, indicates that the document is intended only for a specific set of readers. As such the document should not be read by other individuals even if they otherwise possess the appropriate clearance. Another meaning is that the document is under no circumstances to be copied or photographed, "eyes only" meaning that it is to be physically read by cleared personnel and nothing more, to ensure that no unauthorized copies of the text are made which might be unaccounted for.
NSA Suite B Cryptography was a set of cryptographic algorithms promulgated by the National Security Agency as part of its Cryptographic Modernization Program. It was to serve as an interoperable cryptographic base for both unclassified information and most classified information.
Redaction or sanitization is the process of removing sensitive information from a document so that it may be distributed to a broader audience. It is intended to allow the selective disclosure of information. Typically, the result is a document that is suitable for publication or for dissemination to others rather than the intended audience of the original document.
Sensitive But Unclassified (SBU) is a designation of information in the United States federal government that, though unclassified, often requires strict controls over its distribution. SBU is a broad category of information that includes material covered by such designations as For Official Use Only (FOUO), Law Enforcement Sensitive (LES), Sensitive Homeland Security Information, Sensitive Security Information (SSI), Critical Infrastructure Information (CII), etc. It also includes Internal Revenue Service materials like individual tax records, systems information, and enforcement procedures. Some categories of SBU information have authority in statute or regulation while others, including FOUO, do not.
The United States government classification system is established under Executive Order 13526, the latest in a long series of executive orders on the topic of classified information beginning in 1951. Issued by President Barack Obama in 2009, Executive Order 13526 replaced earlier executive orders on the topic and modified the regulations codified to 32 C.F.R. 2001. It lays out the system of classification, declassification, and handling of national security information generated by the U.S. government and its employees and contractors, as well as information received from other governments.
Special access programs (SAPs) in the U.S. Federal Government are security protocols that provide highly classified information with safeguards and access restrictions that exceed those for regular (collateral) classified information. SAPs can range from black projects to routine but especially-sensitive operations, such as COMSEC maintenance or presidential transportation support. In addition to collateral controls, a SAP may impose more stringent investigative or adjudicative requirements, specialized nondisclosure agreements, special terminology or markings, exclusion from standard contract investigations (carve-outs), and centralized billet systems. Within the Department of Defense, SAP is better known as "SAR" by the mandatory Special Access Required (SAR) markings.
Q clearance or Q access authorization is the U.S. Department of Energy (DOE) security clearance required to access Top Secret Restricted Data, Formerly Restricted Data, and National Security Information, as well as Secret Restricted Data. Restricted Data (RD) is defined in the Atomic Energy Act of 1954 and covers nuclear weapons and related materials. The lower-level L clearance is sufficient for access to Secret Formerly Restricted Data (FRD) and National Security Information, as well as Confidential Restricted Data and Formerly Restricted Data. Access to Restricted Data is only granted on a need-to-know basis to personnel with appropriate clearances.
Classified information in the United Kingdom is a system used to protect information from intentional or inadvertent release to unauthorised readers. The system is organised by the Cabinet Office and is implemented throughout central and local government and critical national infrastructure. The system is also used by private sector bodies that provide services to the public sector.
Information sensitivity is the control of access to information or knowledge that might result in loss of an advantage or level of security if disclosed to others. Loss, misuse, modification, or unauthorized access to sensitive information can adversely affect the privacy or welfare of an individual, trade secrets of a business or even the security and international relations of a nation depending on the level of sensitivity and nature of the information.
The anti-gag statute is a little-known legal boundary in the long struggle in the United States between Executive Branch secrecy and the United States Congress and the public's right to know. Since 1988, the statute has been an annual appropriations restriction drawing the line on Executive branch efforts to limit whistleblowing disclosures to information that is specifically identified in advance as classified. The anti-gag statute requires a mandatory, specifically worded addendum on any nondisclosure policy, form or agreement to legally spend money to implement or enforce the gag order.
Internal media of China enables high-level Chinese Communist Party (CCP) cadres to access information that is subject of censorship in China for the general public.
Sensitive security information (SSI) is a category of United States sensitive but unclassified information obtained or developed in the conduct of security activities, the public disclosure of which would constitute an unwarranted invasion of privacy, reveal trade secrets or privileged or confidential information, or be detrimental to the security of transportation. It is not a form of classification under Executive Order 12958 as amended. SSI is not a security classification for national security information. The safeguarding and sharing of SSI is governed by Title 49 Code of Federal Regulations (CFR) parts 15 and 1520. This designation is assigned to information to limit the exposure of the information to only those individuals that "need to know" in order to participate in or oversee the protection of the nation's transportation system. Those with a need to know can include persons outside of TSA, such as airport operators, aircraft operators, railroad carriers, rail hazardous materials shippers and receivers, vessel and maritime port owners and operators, foreign vessel owners, and other persons.
National intelligence programs, and, by extension, the overall defenses of nations, are vulnerable to attack. It is the role of intelligence cycle security to protect the process embodied in the intelligence cycle, and that which it defends. A number of disciplines go into protecting the intelligence cycle. One of the challenges is there are a wide range of potential threats, so threat assessment, if complete, is a complex task. Governments try to protect three things:
The Government Security Classifications Policy (GSCP) is a system for classifying sensitive government data in the United Kingdom.