Back in August 2013, I sent a FOIA request to the Office of the Director of National Intelligence, requesting the latest version of the Intelligence Community Authorized Classification and Control Markings Manual (also referred to as the CAPCO manual, for the office that maintains it) and some other documents. The following is an analysis of the documents that were furnished in response to my request.

CAPCO Manual v6

This manual declares the rules for marking all classified information produced by the US Government. It also lists various top secret control systems and compartments that are used to manage exceptionally classified information.

The version prior to this CAPCO manual was version 5.1. Since that was last updated in March 2012, there have been some changes to the control markings used to classify and compartment classified information, outlined below.

New Registered SCI Control System: ENDSEAL

One major change is the introduction of a new SCI control system: ENDSEAL. This control system is related to the SI control system (it is required to have TOP SECRET//EL/SI//REL), however its definition is redacted so we do not know what information is placed in it. The ENDSEAL control system also has two compartments: ECRU and NONBOOK. The “Further Guidance” for ENDSEAL also indiciates that this control system is likely used by NSA, which makes sense given that it also requires the SI control system. Beyond the markings, not much is known publicly about this control system or its compartments, and I was not able to find any public documents under the ENDSEAL control system.

On the Internet, I found a document from Naval Intelligence. It states that the Requirements, Plans, Policy, and Programs division of Naval Intelligence (N20) “manages the ENDSEAL Program.” This means that ENDSEAL is likely related to the Central Security Service division of NSA, which provides cryptologic support to the military. One other document mentions ENDSEAL, but only as a classification level of SI.

A point of pure speculation: My best guess is that this compartment is designed for ELINT, which is often related to SIGINT (and could explain why ENDSEAL requires SI). The published SCI control systems generally have abbreviations that relate to the information they contain. For example, HCS is directly named after HUMINT, SI contains SIGINT (though technically stands for Special Intelligence), TK refers to the Keyhole/Corona satellite, etc. However, it could also be a formalization of a RAGTIME or STELLARWIND-like control system.

Compartments of HCS

In the copy of the manual that was released, the compartments of HCS may have been accidentally revealed via mistakes made during redaction. On the Internet, I’ve been able to find CAPCO manual versions 1.2, 2.1, 4.2, and 5.1. Since version 4.2, the HCS control system has had four classified compartments. We now know what they are.

The two compartments are HCS-OPERATIONS and HCS-PRODUCT. Both of these compartments also have sub-compartments, which are unregistered and can contain up to six alphanumeric characters. The names of these compartments were revealed in the page titles for the markings, even though the banner line, abbreviations, and other marks were all properly redacted.

This document was returned to me in physical form, and I noticed that these HCS compartment pages are in color (note the yellow text in the page title), while many of the other pages are clearly black-and-white photocopies. The same is true for the page on ECRU. I do not know if this is related to why these parts were left un-redacted.

And due to a further redaction mistake in the CAPCO Register, we can see that one of the classified HCS compartments has an abbreviation of P. This obviously correlates with HCS-PRODUCT. In the register, it’s apparent that the OPERATIONS compartment also has a one-letter abbreviation, which I’d guess is O.

With this information, we can now connect the missing dots. TS//HCS-O//ORCON/NOFORN information likely relates to ongoing clandestine human intelligence operations, which is why the ORCON and NOFORN dissemination flags are required. TS//HCS-P//NOFORN information likely is the sanitized intelligence that was gleaned from HCS-OPERATIONS, with the sensitive sources and methods removed from the intelligence product.

New KLONDIKE Compartments

The KLONDIKE control system is an SCI used for sensitive GEOINT produced by the National Reconnaissance Office. Previous versions of the manual listed no compartments for it, and now there are three: BLUEFISH, IDITAROD, and KANDIK. Each one of those compartments can also have a sub-compartment of up to six alphanumeric characters. We don’t know anything else about these sub-compartments of KLONDIKE.

Dissemination: ORCON-USGOV

Also new in this edition of the manual is the dissemination control marking ORCON-USGOV. This marking is the same as ORIGINATOR CONTROLLED, except that the information is pre-approved to be released to select Executive Branch Departments and in finished intelligence reports for Congressional oversight committees. For all others, it inherits the requirements of ORCON. The marking information page for ORCON was also updated to contain more guidance than in previous versions.

DCID 304: Human Intelligence

This is an Intelligence Community Directive that outlines the roles, by element, on the collection and processing of human intelligence (HUMINT). Unfortunately, the bulk of this information has been redacted.

The FAS have an older, un-redacted copy of this document from 2008. It would be interesting to know what portions have changed, but that has mostly been redacted.

DNI Memo E/S 00045

I saw references to this DNI memo when examining previous versions of the CAPCO manual. The purpose of this memo is to give guidance on when to mark a document as ORIGINATOR CONTROLLED (ORCON), and on the information sharing between the Intelligence Community and other parts of the Executive branch.

The memo lists two attachments, where were not included. When requesting this memorandum, I did not expect there to be attachments nor did I ask for them, which I suppose is reason for them to not be included. I have followed up with the ODNI about the attachments. In future FOIA requests, I will be sure to request “any and all attachments.”

The ORCON marking is used when the person or group that authors a piece of intelligence wants to be in control of who has access to it. The classifier maintains a list of authorized individuals or groups who have access, and they are not allowed to redistribute it further without permission. Attachment A would reveal the rules that govern the use of this marking.

More interesting in my opinion would be Attachment B. That document would list the rules by which an Intelligence Community element could share information with other government entities. I’m curious about this, because I imagine it is the policy framework by which the NSA and CIA give information to the DOJ, particularly the FBI, DEA, and parallel construction.

The memo itself that was released is not all that interesting, other than providing the descriptions of the attachments.