This seems nonsensical -- why are the sum of the parts more classified than the individual?

If I put together a long list of facts about the XF-42, it's classified, but if I separate each item onto a different page and tell someone else how to recompile the information (eg page numbers), it's fine?

I can't imagine a scenario where this model makes sense -- ignoring absurdities like classifying basic facts (sky is blue) and words (help) due to cascading classification.

It seems to me the rule should be that of poisoning -- any information in a document with classification X poisons the rest of the document to the same classification; or rather, a document classification is the maximum of its children

My example probably wasn't the best as too much is already given away. It's more like this:

- We have a manned aircraft

- We have an aircraft that can travel above 60k feet

- We have an aircraft that can sustain or exceed Mach 8 (EDIT: strike this part as it connects two facts already: "at that altitude")

- We have an aircraft called the XF-42

- We have an aircraft based in Middle-Of-Nowhere, AZ

- We have 10 operational aircraft of some specific type

Any one (EDIT: or all) of those details may be unclassified, but as you start pairing them up classified information can be derived from it. Note that in this, somewhat better, example only one item identifies the aircraft (rather than my initial example in which both items identified it).

Publicly it may be known that an XF-42 exists, even where it's based, and that there are only 10. Publicly it may be known that an aircraft exists which is manned, travels above 60k feet and over Mach 8. But the two sets of data may not be joined in public because that would give more information than desired (in particular, that there are only 10 indicates a limit on the capability of the mystery superfast and high altitude aircraft).

EDIT: Regarding some of your other comments.

If I spread the information out and tell you how to reconstitute it so you can make a cohesive whole, I've just obfuscated the classified information which is the same as leaking it straight up.

Regarding "poisoning", this is how it's done. If you have a document with TS data, the document is TS even if it's a single line item surrounded by unclassified data.

Fact A and Fact B are unclassified for the XF-42. But combining Fact A and Fact B implies Fact C, which is classified. Separating each item on a different page wouldn't make the whole thing unclassified. It'd make the entire report classified. One of the facts, if not both of them, would likely be controlled information, even if unclassified, in order to reduce the likelyhood of Fact C leaking.

Example: the XF-42 has a jammer builtin. The output of the jammer is classified. But the amount of power available from the generator is unclassified, as is the percentage of power used by the jammer. Individually, either of those facts doesn't help, but together they tell you how much power the jammer has, which can help our adversaries figure out how much power they need to burn through the jamming.

That said, if any fact is classified, that by itself will make the document it's in at least that classification.

EDIT: to use your poisoning example. If it's a poison, it makes the entire thing poisoned. But there are binary poisons. Two things together make a poison, even if neither alone is (very) poisonous.

I’ve never seen exactly what they are talking about but what they may be getting at is actually information compartmentalization - group A can know fact A and group B can know fact B but neither group can know AB. Some higher up official can know AB but must keep those facts separated in documentation because they may share portions with the groups. Having said that - both A and B are classified. You can’t have unclassified compartmentalized info.