This posting may be a little strange: what could a CIA Publications Review Board possibly have to do with COPA? If anything, this argument folds on itself, showing how everything connects to everything else, and how difficult it is to make rules to protect public interests narrowly enough.
Remember that in 2004, the Supreme Court, in its most recent ruling on COPA (before the 2006 trial in Philadelphia) had written (Cornell law link here):
“When plaintiffs challenge a content-based speech restriction, the Government has the burden to prove that the proposed alternatives will not be as effective as the challenged statute.”
Judge Reed echoed that in paragraph 46 of his COPA ruling (see March 22, 2007 on this blog).
What seems less clear is whether government would run into constitutional issues if it restricted a class of people (for example employees of a particular agency) from using some specific form of self-publication at all, across the board, as an additional layer of security or protection of confidentiality or of classified materials. The “free entry” model for Internet self-publishing and blogging could be the most vulnerable, not for the content it publishes, but for the unsupervised and unbounded nature of the risk of the method of distribution. On its face, this does not sound like a “content-based” restriction because no particular content would be removed; instead no content at all could be self-published without supervision on the web. Perhaps a rule like this would have specific fine points: material could be published if it had pre-approval, if it was limited to a private friends’ list and not available to robots (as if government could count on Facebook or social media companies to help make confidentiality policy indirectly), or if the writer had been able to procure media perils insurance, or some combination of these.
There is something like this in existence now, the CIA Publications Review Board. The CIA discusses how it works at this link. The piece is called “Reviewing the Work of CIA Authors: Secrets, Free Speech, and Fig Leaves”, by John Hollister Hedley. He opens in a naïve tone, “Business is brisk, as a growing number of former CIA employees seek to become published authors”.
The focus of the article is on books and articles published in a conventional manner through major publishers, not self-publishing. However, at first, the implication would be that a CIA employee or even former employee could not publish anything at all, not even on a personal blog, without preapproval of every posting, an impractical burden. However, in the middle of the article, Hedley writes:
“CIA regulations explain that the review requirement applies to "all writings and scripts or outlines of oral presentations intended for nonofficial publication, including works of fiction, which contain any mention of the CIA, intelligence data or intelligence activities, or material on any subject about which the author has had access to classified information in the course of his or her employment.”
The implication is that a blog posting that is totally unrelated to the CIA employee’s work would not require review. As a matter of epistemology, however, it would be hard for an employee to know for sure that there is no possible connection to his work, given the possibility of steganography, and the pervasive meaning of “connect the dots”. Presumably other security and defense related agencies (NSA, military service branches, etc) would have similar rules, and they could apply in civilian non-defense agencies where confidentiality is an unusually sensitive matter (as with Census).
If an agency told “individual contributor” employees that they could not post at all, that could cripple their speech opportunities during employment and later in life. Courts might find that this amounted to an eventual implicit content-based restriction on free speech, even though it starts out as a restriction on distribution (use of free entry). Agencies could try other means, such as debriefing employees or interviewing them to make sure they understand confidentiality requirements and oaths and possible penalties in depth.
When COPA was tried, social media were relatively new, and there has been little said as to whether it could have been applied to Myspace or Facebook. But social media place some emphasis on meeting people for networking purposes, and “publishing” within a somewhat private list, with privacy standards in flux and determined by the companies, not government. It’s possible to disclose confidential information within this environment, and it’s possible to pass on HTM material also, even though that environment was not a primary concern of COPA. Government employees haven’t, as far as I know, been asked to submit their personal emails or chats for review (what about tweets?), so there seems to be some level of common sense in prospective review of anything an employee in a sensitive position could “publish”.

