In September 2017, Aileen Black wrote an email to her colleagues at Google. Black, who led sales to the U.S. government, worried that details of the company’s work to help the military guide lethal drones would become public through the Freedom of Information Act. “We will call tomorrow to reinforce the need to keep Google under the radar,” Black wrote. According to a Pentagon memo signed last year, however, no one at Google needed worry: All 5,000 pages of documents about Google’s work on the drone effort, known as Project Maven, are barred from public disclosure, because they constitute “critical infrastructure security information.” One government transparency advocate said the memo is part of a recent wave of federal decisions that keep sensitive documents secret on that same basis — thus allowing agencies to quickly deny document requests.

“It is the path of least resistance that enables the agency to avoid detailed review of records.”

It’s been a full year since the first reports of Google’s work on Project Maven, and the public still knows precious little beyond the basic gist of the story: that Maven would use artificial intelligence to help pick out drone targets faster and more easily, and that Google backed out of its Maven contract amid staff outcry. (Maven is now linked to defense startup Anduril Industries.) Black’s email was obtained and partially published by The Intercept last year. Was Google’s work for the Pentagon really not intended to be used for lethal purposes, as the company later claimed ? What exactly were Project Maven’s “38 classes of objects that represent the kinds of things the [Pentagon] needs to detect,” as cited by the Defense Department in a news release? And how accurate is Project Maven? In other words, what is its rate of false positives? Neither the Pentagon nor Google is known for its dedication to institutional transparency, and so it’s not surprising that these questions remain open. Luckily, there’s a federal law designed to force the government to divulge information in the public interest, even when a given agency would rather keep its secrets. The Freedom of Information Act is a vital tool for journalism, watchdog groups, academics, and anyone else hoping to bring news to the public about what its government is doing in its name. But the government says Project Maven is immune. In response to a Freedom of Information Act request I filed more than a year ago, seeking documents related to Project Maven’s use of Google technology, the Defense Department said that it had discovered 5,000 pages of relevant material — and that every single page was exempt from disclosure. Some of the pages included trade secrets, sensitive internal deliberations, and private personal information about some individuals, the department said. Such information can be withheld under the act. But it said all of the material could be kept private under “Exemption 3” of the act, which allows the government to withhold records under a grab bag of other federal statutes. The Pentagon specifically cited a law permitting government agencies to block the disclosure of records that pertain to “critical infrastructure security information.” This designation requires an official explanation from the Pentagon, which The Intercept received and is publishing below. The memo, signed by Defense Department Acting Chief Management Officer Lisa Hershman, makes the argument that Project Maven is so sensitive that disclosing essentially any facts about it could cause death and destruction. It is dated December 2018, nine months after I made my request.

“Although there is value in the public release of this information,” wrote Hershman, “because the risk of harm that would reasonably result from its disclosure is extremely significant, I have determined that the public interest does not outweigh its protection. Therefore, it should be exempt from disclosure.” Hershman claimed that releasing “information about Project Maven, individually or in the aggregate, would enable an adversary to identify capabilities and vulnerabilities in the Department’s approach to artificial intelligence development and implementation” and that “this would further provide an adversary with the information necessary to disrupt, destroy, or damage DoD, technology, military operations, facilities, and endanger the lives of personnel.” If this sounds like an extreme set of consequences for releasing details of software research, that perhaps helps explain why “critical infrastructure security information” is largely defined by law as applying not to code but to real-world property, “including information regarding the securing and safeguarding of explosives, hazardous chemicals, or pipelines” and “explosives safety information (including storage and handling), and other site-specific information on or relating to installation security.” The argument that there could be disastrous, unintended consequences from publicizing too much information about the inner workings of a toxic chemical storage facility is plausible. The idea that the same could be caused by documents describing software development, even military software, strains credulity.