Classified information in the United Kingdom

Classified information in the United Kingdom is a system used to protect information from intentional or inadvertent release to unauthorised readers. The system is organised by the Cabinet Office and is implemented throughout central and local government and critical national infrastructure. The system is also used by private sector bodies that provide services to the public sector.

The current classification system, the Government Security Classifications Policy, replaced the old Government Protective Marking Scheme in 2014. Since classifications can last for 100 years many documents written using the old scheme still exist and need protection.

Policy

Policy is set by the Cabinet Office. The Security Policy Framework (SPF) superseded the Manual of Protective Security[1] and contains the primary internal protective security policy and guidance on security and risk management for Her Majesty's (HM) Government Departments and associated bodies. It is the source on which all localised security policies are based.

The classification system was formerly included in the Manual of Protective Security (MPS) which specified the impact of release and protection level required for each classification. Departments issued localised versions of the content of the MPS as appropriate to their operational needs.

Government Security Classifications Policy

The Cabinet Office issued the Government Security Classifications Policy in 2013; it came into effect in 2014. It replaced the old Government Protective Marking Scheme. Classifications must be capitalised and centrally noted at top and bottom of each document page, save at OFFICIAL where the document marking is optional. All material produced by a public body in the UK must be presumed to be OFFICIAL unless it is otherwise marked. Like the Protective Marking Scheme which it superseded, the GSCP classifications are applied only to the confidentiality of the data under classification.

TOP SECRET
Information marked as TOP SECRET is that whose release is liable to cause considerable loss of life, international diplomatic incidents, or severely impact ongoing intelligence operations. Disclosure of such information is assumed to be above the threshold for Official Secrets Act prosecution.
SECRET
This marking is used for information which needs protection against serious threats, and which could cause serious harm if compromised—such as threats to life, compromising major crime investigations, or harming international relations.
OFFICIAL
All routine public sector business, operations and services is treated as OFFICIAL. Many departments and agencies operate exclusively at this level.

It is often incorrectly assumed that the OFFICIAL classification replaces the GPMS markings of PROTECT, RESTRICTED and CONFIDENTIAL, however this is not the case, since the criteria on which GPMS markings were applied bear no relationship to the criteria used for GSCP classifications.

It is quite possible, and not uncommon, for data within an OFFICIAL classification to have serious impacts including serious injury in the event of unauthorised disclosure. This is one of the characteristics of the GSCP which differs significantly from the Protective Marking Scheme which it replaced.

At the OFFICIAL classification there is a general presumption that data may be shared across Government, however where a need to know principle is identified data may be marked as "OFFICIAL-SENSITIVE"; "OFFICIAL-SENSITIVE COMMERCIAL"; "OFFICIAL-SENSITIVE LOCSEN" or "OFFICIAL-SENSITIVE PERSONAL".

All OFFICIAL-SENSITIVE data must be marked and contain handling instructions identifying why the data is deemed sensitive, how it must be held, processed and transferred.[2][3]

Government Protective Marking Scheme

The older system used five levels of classification, supplemented with caveat keywords.[4]:Annex One The keyword was placed in all capital letters in the centre of the top and bottom of each page of a classified document and described the foreseeable consequence of an unauthorised release of the data ( a ‘breach of confidentiality’). In descending order of secrecy, these are:

TOP SECRET
Information marked as TOP SECRET is that whose release is liable to cause considerable loss of life, international diplomatic incidents, or severely impact ongoing intelligence operations. Prior to the Second World War, the highest level was "Most Secret"; it was renamed so that both the UK and U.S. operated to a consistent system.
SECRET
This marking is used for information whose side-effects may be life-threatening, disruptive to public order or detrimental to diplomatic relations with friendly nations.
CONFIDENTIAL
The effects of releasing information marked as CONFIDENTIAL include considerable infringement on personal liberties, material damage to diplomatic relations, or to seriously disrupt day-to-day life in the country.
RESTRICTED
Information marked as RESTRICTED is at a level where the release of the material will have effects such as significant distress to individuals, adversely affecting the effectiveness of military operations, or to compromise law enforcement.
PROTECT
Such information will cause distress to individuals; cause financial loss or improper gain; prejudice the investigation of, or facilitate the commission of, a crime; or disadvantage government in commercial or policy negotiations with others. PROTECT should always be used with a descript such as “Commercial”, “Management”, “Personal”, or a similar term.
UNCLASSIFIED[4]:p. 22
The term "UNCLASSIFIED" or "NOT PROTECTIVELY MARKED" may be used in UK Government documents to indicate positively that a protective marking is not needed.

Documents classified under the Protective Marking Scheme still exist and need correct handling. After 100 years all the classifications will have run out but the procedures may still be of interest to historians.

Handling

Access to protectively marked material is defined according to a vetting level which the individual has achieved.

Vetting is intended to assure the department that the individual has not been involved in espionage, terrorism, sabotage or actions intended to overthrow or undermine Parliamentary democracy by political, industrial or violent means. It also assures the department that the individual has not been a member of, or associated with, any organisation which has advocated such activities or has demonstrated a lack of reliability through dishonesty, lack of integrity or behaviour. Finally, the process assures the department that the individual will not be subject to pressure or improper influence through past behaviour or personal circumstances.[5]

Protectively marked material must be accounted for in a manner appropriate to its classification level and disposal must be in accordance with the SPF. The act of destruction or disposal is included in the accounting process.

Descriptors

Protectively marked material may also be marked with a descriptor, or privacy marking, which identifies sensitivities around distribution and handling.

Examples of descriptors include, but are not restricted to:

  • Budget
  • Commercial
  • Honours
  • Management
  • Medical
  • Personal
  • Policy
  • Staff
  • Visits (domestic or foreign royalty and ministers)

Nationality caveat

Protectively marked material may bear a nationality caveat, a descriptor defining which nationality groups it may be released to. By default material in the UK is not caveated by nationality, the classification being sufficient protection.

Examples of nationality caveats include, but are not limited to:

  • UK EYES ONLY
  • CANUKUS EYES ONLY: Canadian, UK or US citizens.
  • AUSCANNZUKUS: Australia, New Zealand, Canada, UK and USA (the UKUSA Community, also known as the "Five-Eyes").

Codewords

Dissemination of already protectively marked material may be further limited only to those with a legitimate need to know using compartmentalisation by use of codewords. Examples of compartmented material would include information about nuclear warheads, fusion, and naval nuclear propulsion. In some cases, the existence of a codeworded compartment is itself classified.

Examples of codewords include, but are not limited to:

  • LOCSEN: has local sensitivity, and may not be shown to local officials.
  • NATSEN: has national sensitivity.
  • DEDIP, DESDEN: may not be shown to certain named officials.
gollark: Much more flexible than just having hardcoded user-annoying programs.
gollark: Just make your remote access thing have a programmable backend so you can automatically do stuff on remote computers.
gollark: OR WOULD YOU?
gollark: Well, you could use remote access to mess with the user more conveniently, no?
gollark: I'm thinking you could... probably work basic socket I/O into that, and have it just execute programs someone sends over UDP or whatever.

See also

References

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.