Overclassifying OSINT poses security risks that can be countered by reforming policies, embracing transparency, and leveraging technology.
Editor’s Note: This paper was originally commissioned by and presented before the National Security Over-classification Workshop sponsored by the Nonproliferation Policy Education Center and is part of a final report that will be released this winter.
Open-source intelligence (OSINT) has become an integral component of national security, providing valuable insights from publicly available sources. As a career OSINT practitioner, I have seen firsthand how OSINT can be a game changer in real-time decision-making and operational planning, particularly in the field of nuclear non-proliferation. However, its potential is often undermined by pervasive overclassification within the U.S. Intelligence Community (IC), which results from the tendency to consider information valuable as a matter of national security only when it has been classified—a phenomenon known informally in OSINT practitioner circles as “James Bond syndrome.”
OSINT generation involves the collection, exploitation, analysis, and dissemination of information derived from publicly available sources such as media reports, social media, and public records. In the field, we rely on OSINT to provide timely and relevant information supporting everything from tactical operations, to strategic planning, to monitoring nuclear activities. Despite its importance, OSINT is frequently overclassified, restricting its accessibility and utility. This overclassification stems from a risk-averse culture that prioritizes the safeguarding of information over its practical use, often leading to frustration among policymakers and intelligence members who need quick access.
Indeed, there is some question as to whether OSINT even needs to be classified at all. There are certain methodologies used to gather and collect publicly available sources in and from locations not readily or easily accessible by U.S. government agencies operating in an official capacity. While these methodologies do need to be protected to sustain future, unhindered access, the information contained in such materials is, by definition, publicly available. Pursuant to public law and policy, national authorities classify information because its unauthorized disclosure would result in damage to U.S. national security. Therefore, while classifying the methodology used to acquire such information may be appropriate in some cases, classifying the content itself fails the common sense yardstick.
The Reasoning Behind Classifying OSINT
Over the course of my 45-plus-year career, I have heard various justifications for the classification of OSINT reporting by IC agencies. None are particularly convincing.
The first is that reporting would reveal the methods used to arrive at its analytical conclusions. This is an invalid justification as the analytical methodology used in OSINT—indeed, all intelligence—reporting is the same methodology used by any student of academia. It is unclassified, has been in use by millions of people around the world for centuries, and is taught extensively.
Second, some observers claim that the information would reveal U.S. intelligence requirements. This is an unjustified fear. An OSINT report may specifically state that the information contained therein responds to an intelligence requirement on a specific topic that is classified—and some reports do—and that administrative statement may, in fact, make the overall report classified. However, the publicly available information itself and any analysis of that information—not tied to any classified intelligence requirement—would not be classified, and that information can certainly be shared with international partners without attaching such administrative notes as intelligence requirements. Furthermore, any inference that the information might reveal an intelligence requirement is speculative. For example, an OSINT report may reveal U.S. interest in Chinese nuclear program research and development at a particular facility. Why would that be classified? Of course, the U.S. is interested in such a topic. Why wouldn’t it be? I would be more concerned if the U.S. is not interested because it would beg the question of why it’s not interested.
Third, policymakers and decision-makers believe that only classified information is relevant to national security considerations. Unfortunately, this aforementioned James Bond syndrome has been, and continues to be, a major obstacle in overcoming the problem of overclassifying OSINT. While some progress has been made in lower-echelon organizations over the past two decades, senior leaders and policy officials at the national level have demonstrated a higher degree of adversity to risk, a cautious behavior that mirrors a desire to stay safe and avoid trouble. This propensity to remain within one’s comfort zone is driven by the fear of potential negative consequences that might arise from the dissemination of unclassified information. There is a concern that releasing this information, even if unclassified, could lead to misinterpretations, diplomatic tensions, or unintended security implications. Thus, the IC tends to prioritize safety and control over the proactive sharing of intelligence.
Finally, actual classified information has been leaked into publicly available information channels. In the case of WikiLeaks, U.S. classified information had been published on the open internet and made publicly available. If this had been foreign, not U.S., government information, U.S. OSINT practitioners could make a case for producing unclassified reporting derived from this information. However, since this was U.S. information and the U.S. government still deemed its disclosure to be harmful to the national security, regardless that it had already been disclosed surreptitiously, the information was still classified according to U.S. security classification guides and, therefore, could not be considered as unclassified open-source information.
Challenges of Overclassification
Overclassification of open-source information and OSINT presents numerous challenges. Primarily, it results in a lack of transparency. Transparency in information sharing builds trust among international partners and strengthens collective peacebuilding efforts. For example, the International Atomic Energy Agency (IAEA), as part of its mandate under the Nuclear Non-Proliferation Treaty (NPT), monitors the use of nuclear technology to ensure it is used only for peaceful purposes. Transparency is foundational to the agency’s work because of the high stakes and mutual distrust often present among member states. Furthermore as exemplified by the IAEA, transparency can be applied to other peacebuilding efforts such as sharing intelligence on terrorism threats among coalition partners, conducting joint disaster response exercises to build confidence in cooperative capabilities, and using transparent election monitoring to ensure legitimacy and prevent conflict in postcrisis regions. By creating predictable, open, and verifiable mechanisms for information sharing, international partners can foster trust and build a stronger foundation for collective peacebuilding.
Second, overclassification can result in delayed responses. During one joint operation with allied forces in 2016, critical OSINT reports on local insurgent activities were classified at a level that prevented timely sharing with our partners. This delay caused operational setbacks and could have jeopardized the mission. Bureaucratic inertia and a lack of clear guidelines on classification further exacerbate the problem, leading to inconsistency and inefficiency that practitioners in the field grapple with constantly. The timely sharing of open-source data could enable quicker and more effective international responses to threats such as nuclear proliferation. In another instance, during a natural disaster response, valuable OSINT about affected areas and population movements was overclassified, hindering our ability to coordinate effectively with humanitarian agencies. Such examples highlight the real-world implications of overclassification, where the need for rapid and effective response is critical.
Third, overclassification leads to missed opportunities for partnership and cooperation. Sharing unclassified open-source information can support verification and monitoring activities by international organizations like the IAEA, enhancing their ability to ensure compliance with non-proliferation agreements.
The repercussions of overclassification and over-restriction extend beyond domestic boundaries. Allies and friendly nations, crucial partners in global security efforts, are frequently denied access to critical OSINT because of stringent classification protocols. This lack of sharing can lead to intelligence gaps, duplicative efforts, and strained international relationships, ultimately compromising collective security. In the field, the inability to share OSINT seamlessly with international partners can lead to operational blind spots and missed opportunities to preempt threats.
Additional Challenges Posed by FOUO and CUI
The introduction of unclassified “For Official Use Only” (FOUO) and “Controlled Unclassified Information” restrictions further complicates the dissemination and sharing of OSINT. The FOUO and CUI designations differ in terms of their intended use and control measures. FOUO is a designation originally intended to protect sensitive U.S. information that did not meet the criteria for classification but still required limited distribution due to its sensitivity. It was not meant to protect foreign intelligence information. Conversely, CUI is a more recent designation that aims to standardize the protection of unclassified information across federal agencies, encompassing a broader range of data, including information that might be shared with or derived from foreign partners. However, the implementation of CUI has introduced challenges in the sharing of OSINT with allies. The increased control measures associated with CUI can hinder the timely dissemination of important intelligence, causing delays that might impact operational efficiency and international collaboration.
For instance, during joint operations in Syria against the Islamic State, the U.S. military encountered delays in sharing FOUO-designated intelligence with coalition partners. These delays were due primarily to internal procedures that required multiple levels of approval before the information could be shared, which sometimes resulted in critical intelligence arriving too late to be actionable in fast-moving operational contexts. Similarly, CUI-related issues arose during the 2018 Russian election interference investigations, where U.S. agencies faced challenges in sharing cyber threat intelligence with NATO allies. The CUI designation of this information required additional security protocols and approvals, leading to delays in communication that hindered a coordinated response across the alliance.
Implications for Nuclear Proliferation
The IC, along with international partners such as South Korea, Japan, and the IAEA, closely monitor North Korea’s nuclear activities. Organizations such as the CIA and the National Geospatial-Intelligence Agency have gathered extensive unclassified information through open-source satellite imagery and analysis. Despite the unclassified nature of this information, significant delays in sharing these insights with international partners occurred throughout the 2000s and 2010s due to bureaucratic inertia and restrictive internal protocols. These delays hindered timely diplomatic responses and the enforcement of sanctions. The reluctance to share unclassified information in a timely manner impaired global efforts to monitor and curb North Korea’s nuclear ambitions, allowing the regime to make advancements with less immediate external pressure. Delayed information sharing affected the coordination of international sanctions, reducing their effectiveness and providing North Korea more time to develop its nuclear capabilities.
During the negotiations of the Joint Comprehensive Plan of Action (JCPOA) from 2013 to 2015, the U.S. had substantial OSINT about Iran’s nuclear program, including satellite imagery showing the construction of nuclear facilities, public statements from Iranian officials about their nuclear capabilities, and scientific publications discussing nuclear technology advancements. International partners involved in the JCPOA negotiations included the P5+1 countries (China, France, Russia, the United Kingdom, and the United States, plus Germany) and the European Union. Despite the unclassified nature of this information, there was hesitation in sharing these insights with international partners, driven by internal policy constraints and a cautious approach to diplomatic engagements. This slowed the process of building international consensus and maintaining transparency, affecting the negotiation dynamics. Without full access to all available intelligence, partners had to rely on incomplete information, which led to prolonged discussions and delays in reaching agreements on critical issues, ultimately impacting the effectiveness of the non-proliferation agreement.
Finally, in the 2000s and 2010s, concerns about nuclear proliferation in South Asia grew, and the IC conducted detailed open-source analyses of Pakistan’s nuclear arsenal and delivery systems. This analysis was derived from scientific publications, satellite imagery, and public domain reports. The U.S. limited the sharing of this unclassified information with regional allies such as India and Afghanistan, as well as international partners such as NATO. These restrictive sharing practices, driven by policy decisions aimed at controlling sensitive information, led to inadequate regional collaboration. Regional allies were left with incomplete intelligence, which affected their ability to participate effectively in non-proliferation and security measures.
Pakistan’s strategic development of its nuclear triad—including land, sea, and air-based delivery systems—was of particular concern. The expansion of Pakistan’s missile capabilities, such as the development of the Shaheen-III missile, which has a range sufficient to strike targets across India and the Middle East, exemplified the growing complexity of the security environment. Despite these developments being observable through satellite imagery and open-source reporting, the IC’s tendency to overclassify restricted the flow of this critical information to key stakeholders. This hindered India’s efforts to formulate a comprehensive response, as it struggled to acquire an accurate assessment of Pakistan’s evolving capabilities.
Additionally, Pakistan’s advancements in miniaturizing nuclear warheads for tactical use, combined with its increasing plutonium production capacity at the Khushab nuclear complex further exacerbated regional tensions. The reluctance to share detailed OSINT with NATO partners and other international bodies resulted in a fragmented approach to policy formulation, where decisions were made based on incomplete or outdated information. This not only strained diplomatic relations but also complicated efforts to prevent an arms race in the region. Moreover, the secrecy surrounding Pakistan’s clandestine networks for acquiring nuclear materials and technology—networks that have historically been linked to proliferation activities in countries such as North Korea and Iran—remained a critical yet under-addressed issue due to the limitations imposed by overclassification. This approach created significant intelligence gaps and impeded the international community’s ability to develop cohesive strategies for addressing the multifaceted challenges posed by Pakistan’s nuclear ambitions.
Recommendations for Reform
The classification of unclassified, publicly available information, while enacted ostensibly for national security concerns, has repeatedly undermined national and international security efforts by unnecessarily delaying and constraining critical international efforts to stem the proliferation of hostile nuclear threats. To address these challenges, senior OSINT advocates must spearhead efforts to reform classification policies. Five key recommendations include the following:
Policy Overhaul: Advocate for a comprehensive review and update of classification guidelines to ensure alignment with the current intelligence landscape and technological advancements. This includes establishing clear criteria for what constitutes sensitive information and promoting a default stance of openness where feasible.
Cultural Shift: Promote a cultural shift within the IC to value information sharing and transparency. This can be achieved through targeted training and awareness programs emphasizing the importance of appropriate classification. Field operatives should be trained to recognize the distinction between genuinely sensitive information and data that can be safely shared.
Enhanced Collaboration: Foster greater collaboration between agencies and allied nations by establishing standardized protocols for OSINT sharing, including creating accessible platforms for disseminating OSINT. Enhanced collaboration tools can facilitate real-time information sharing, crucial for joint operations and multinational efforts.
Technological Integration: Leverage technology to automate classification processes, reducing human error and inconsistency. Advanced algorithms can assist in evaluating the sensitivity of information, streamlining the declassification of non-sensitive OSINT. Integrating machine learning and artificial intelligence can help in real-time assessment and reclassification, ensuring that OSINT is promptly available to those who need it.
Operational Feedback Loops: Implement feedback mechanisms where field operatives can report back on the practical challenges posed by overclassification. This on-the-ground feedback is invaluable for continuously refining classification policies and ensuring they meet operational needs.
***
The overclassification of OSINT is a significant barrier to its effective use and poses a threat to national and international security. By implementing strategic reforms and fostering a culture of transparency, senior OSINT advocates can enhance the utility of OSINT, ensuring that it fulfills its potential as a critical component of the intelligence ecosystem. The time for action is now, and it is incumbent upon members of the intelligence community to lead the charge in advocating for these necessary changes. The experiences and insights of practitioners in the field should drive these reforms so that OSINT can be leveraged effectively to support the United States’s national security objectives.
– David Reese is a career intelligence professional who served as Director of the U.S. Army Asian Studies Detachment, the oldest and largest OSINT activity in the Department of Defense, and as senior policy officer for technical collection for the Office of the Under Secretary of Defense for Intelligence and Security. He currently chairs the Practitioner Committee of The OSINT Foundation, a non-profit organization dedicated to promoting OSINT tradecraft and elevating the discipline. Published courtesy of Lawfare,