The global war on terrorism has never lacked a face of evil to embody the threat; Osama bin Laden, of course, as well as Ayman Zawahiri, Khalid Sheikh Mohammed, Abu Musab al-Zarqawi, and others. But authorities are now pursuing Asiri with an especially high level of urgency and concern. The reason: not only is he a bomb-maker for the terror network’s most dangerous affiliate, al Qaeda in the Arabian Peninsula (AQAP), he’s apparently a very capable and creative one who has trained other al Qaeda operatives.

�
Asiri also seems to know exactly how to exploit what is arguably the biggest hole in the vast counter-terrorism safety net that has been constructed since the 9/11 attacks—airline security. US authorities in recent weeks disclosed that Asiri has probably designed a sophisticated and powerful explosive device that can avoid detection by trained dogs and bomb detection machines at airport security checkpoints. And there are now concerns that AQAP—presumably at Asiri’s direction—is developing an ingenious new generation of liquid explosive that is also undetectable, and possibly being used in planned (and imminent) attacks. Operatives reportedly can dip ordinary clothing into a liquid explosive and turn the clothes themselves into bombs once dry.

“He is a man of great experience and his experience is specifically in explosives, so that makes him more dangerous than others,” a senior Yemeni official told Quartz today. “We have been looking for him for quite some time now. Anything he does is problematic.”

Asiri is believed to be a savant of sorts, a trained chemist and the son of a retired Saudi soldier, who is about 31 years old. He has attacked numerous Western, Middle Eastern and North African targets, devising various high-tech devices including shoe bombs, underwear bombs, printers fitted with high-grade explosives, and metal-free bombs.

Counter-terrorism authorities have been playing a cat-and-mouse game with Asiri and other al Qaeda explosives experts for many years, changing their security posture—especially for commercial aviation—with each new bomb-making development. Those include the use of explosives like Triacetone Triperoxide(TATP) and Pentaerythritol Tetranitrate (PETN), which required new methods of detection. Asiri has been a particularly frustrating quarry. The CIA thought it had killed him at least once, in a drone strike in Yemen. Then an al Qaeda operative tasked with carrying out an attack with a new version of Asiri’s underpants bomb defected to the CIA and Arab intelligence agencies—with the bomb—but Asiri was able to slip away again.

Last week, Hayden, also a director of Motorola Solutions and a distinguished visiting professor at the George Mason University School of Public Policy, said in a rare extended interview that Chinese telecommunications giant Huawei Technologies shared sensitive US information with the Beijing government. In a brief aside, he added that he’s undecided as to whether corporations should be allowed to go on the cyber-offensive, even in the absence of government intervention and protection.
Quartz talked to Hayden about the threats private companies face and whether they’re well-positioned to address those threats for themselves, and for humanity.

What cyber threats do you find most concerning?

You’ve got three levels of threats; the shorthand is steal, disrupt and destroy. You’ve also got three levels of actors. You’ve got nation states, you’ve got criminal elements and then you’ve got that mass out there; activists, nihilists, anarchists, Anonymous, Lulzsec and so on. And blessedly the order I gave them to you—states, criminals the rest – is pretty much a ranking of their capability. And what we’re seeing is that all the boats in the harbor are going up, and so capabilities we now associate with criminal gangs or mid-range nation states will over time become available to this third group.

As tough as attribution is, nation states still have to believe that they are responsible for their actions. There can be sanctions and retaliations. Criminal groups, they’re after the money, and they’re in kind of a symbiotic relationship with their targets and even in nature, the parasite would be unwise to kill the host. But the third group, they have sometimes unreasonable, unmeetable, undefinable demands. In one, three or five years, you’ve got a group out there that’s opposed to capitalism, let’s say. And if they start to get some of these advanced capabilities, the very destructive attack for ideological purposes is going to be more possible and more likely. So my line to folks is, this is going to get worse before it gets better.

What’s the most pressing issue right now in cyber security?

Governments will do a little bit more [to help]. But I actually think this is one case, among many, where government is not the answer. The private sector is stepping up to do things in the cyber domain that we generally have allowed governments to have monopolies of in the physical domain. The most recent development is the creation of private sector cyber threat intelligence organizations. And I don’t mean ‘intelligence like,’ I mean ‘intelligence,’ with port scanning, web crawling, having foreign national employees  assume personae in foreign chat rooms and now selling their product not just to the private sector but to governments. I think that’s a very good thing.

Once you do threat intelligence in these other domains, governments then work to reduce the threat.  Rather than you being back there as an international entity, trying to defend yourself from all abstract threats using all abstract tools, going after all abstract targets in your network, [these firms] can actually provide you with intelligence that says the most likely attack against you will be from these people, for these purposes, with these tools, which then allows you to get a higher return on investment in terms of how you defend yourself, both actively and passively. But that’s different than teeing up counter-battery fire, you know? And that’s where we are. That’s the debate. Should the private sector be allowed some limited counter-battery fire?

Should companies be able to go on the cyber-offensive?

I’m not yet convinced that the private sector reducing the threat, i.e. disabling the threat, is a good idea. But it’s certainly an idea that’s circulating out there. There are some merits to it because the government is late in meeting the need in this domain. And so much advantage goes to the offense that playing strictly defense, you’re always disadvantaged.

But I’m not quite prepared to say, so, let’s go ahead and let these guys launch some rounds downrange, because it could be undisciplined, it could impact other sectors, it could generate counter-battery fire against people not involved in the original skirmish, it could have unpredicted and unpredictable collateral damage. It could turn the digital domain into a digital free-fire zone. So I’m not quite prepared to endorse it. But the amazing thing is that there are a lot of people talking about it now. Go to [former NSA general counsel] Stewart Baker’s blog and he lays out a pretty interesting case for it.

What else can companies do to protect themselves?

Number one, get good intelligence because you can’t do this abstractly. You’ve got to focus on the most likely threat, the most likely target and the most likely tools. Otherwise you can spend money forever and not know that you’re any safer. It gives you a greater return on investment. The second thing, build up your defenses, reduce your vulnerabilities as much as possible. But the good bad guys are getting in. And therefore, presume breach, presume penetration and begin to plan and program to operate while under attack, to operate while penetrated. And here the magic word is less pure defense and more in the character of resiliency. Recover, respond and wrap your most precious data more tightly than other things on your network.

Why hasn’t government done more, in the US and elsewhere?

We have not yet decided, by broad consensus, what it is we want the government to do here, or what it is we will let the government do here. It is not a question of technology, it’s a question of privacy and civil liberties and the appropriate role of government in a domain in which we’ve got, what, 25 years of experience?

Is it legal for companies to fight back in cyberspace? 

Here I’m quoting Stewart [Baker] again; Stewart tries to remind you of the last black and white cowboy movie you saw where the bank got robbed, the sheriff and his deputy got all the able-bodied men of the town and had them raise their right hand and said we’re going to get our money back. In other words, normal people from the private sector were authorized for a limited period of time with certain tools under certain supervision for a limited purpose to act like a government. And Stewart asks the question, hmmm, I wonder if that’s possible.

And by the way, when I get people hyperventilating about this in an audience, I say look, before you just casually dismiss it, look at Article One of the Constitution. And when the United States government was too weak to defend America in another domain, that one the maritime domain, the Constitution actually gives the Congress the right to issue letters of marque and reprisal. Yeah, privateers! So we do have an example in our history in another domain, which was global and new and ungoverned, that at times in our history, Congress has authorized private people to go out and raid somebody else’s commerce. I’m not recommending it, I’m saying you can’t just dismiss it as inherently crazy. You have to argue against it with good points.

What can companies do to hackers who have breached their systems?

I’m international corporation X headquartered out by Dulles [International Airport]. And somebody has penetrated my network and is living on it. Is that implied consent that I can treat him just like I treat the people who are authorized to be on my network? Has he, by penetrating my network, now put himself somewhat under my authority? That’s a pretty good question [whether they’re subject to being fired upon]. I’m prepared to say I would like to see that question answered.

What are other solutions for companies to thwart hackers?

I think the secret sauce here might end up being insurance. Before someone insures my house they want to inspect it. They know how to ask questions like what kind of shingles do I have on my roof and do I have an alarm system or not. And so rather than having the government imposing standards, what you have are companies who are out there buying insurance, understanding that their insurance will cost less if they adhere to certain standards. I’ve got insurance; comprehensive, collision, uninsured driver and personal injury. All for my car. What does that look like for cyber? It could be, I want insurance for my loss of business if my network goes down. Or, I want insurance for my loss of intellectual property. Or I want insurance against the class action lawsuit I’m going to suffer when I lose personal identifiable information.  There are a lot of different lanes here. It’s very immature. But I think that’s where we’re going to end up.

This is an area that’s very intellectually appealing. I mean, I wear seat belts. My car is inspected. There’s Driver’s Ed, you know. And all those things have come out not just through government regulation. [Cyber]insurance companies would need to have teams saying. ‘These guys are at level B or at level C minus,’ that kind of thing. Not inspectors. Validators? Certifiers!

That’s how the next major war could start. One event in space—random or not—prompts another, and soon space-based weapons start firing away. This is something that has worried countries for a few decades now, even as they’ve quietly expanded a space arms race while an unsuspecting public focuses on more mundane potential conflicts.

Well, there’s some good news today on this front. The US State Department announced that a “landmark” consensus has been achieved by the United Nations’s Group of Governmental Experts on Transparency and Confidence-Building Measures for Outer Space Activities. The group is comprised of 15 international experts nominated by UN member states that have some interest in space issues, from the usual suspects down to Kazakhstan, Romania, and Sri Lanka.

The report is based on two years of work, and hasn’t been released publicly yet. But the US promises that it will help bring more “strategic stability” to the space domain. Here’s why the solution might not get very far:

Its recommendations are voluntary and non-legally binding. And they focus on generic-sounding goals like enhancing the transparency of outer space activities and furthering international cooperation, consultations, and outreach. The report also calls for improved international coordination to enhance safety and predictability in the uses of outer space, but the devil in accomplishing something like is in the details.

This has been tried before. The UN and other international bodies have worked to maintain outer space for peaceful purposes since 1957, without much success. A group of governmental experts just like the current one was convened between 1991 and 1993, and it too produced a consensus report, weighing in at 144 pages. And though the US has since supported the current process, it abstained from the initial UN vote creating the group because of some actions by China and Russia.

Other efforts could complicate it. The international negotiating body responsible for preventing an arms race in outer space, the Conference on Disarmament, has been deadlocked for 15 years. Also, there is a Long-term Sustainability of Space Activities (LTSSA) Working Group in the UN Committee on the Peaceful Uses of Outer Space (UNCOPUOS), which focuses on related civilian space issues.

Space is a mess these days, and hard to police. In recent decades, space has become a giant junkyard, with all sorts of debris floating around. At the same time, dozens of countries, corporations and even your occasional eccentric billionairehave put objects in space. Who knows how many military-grade satellites are collecting and intercepting data, and how many possess defensive and offensive weapons.

Tiffany Chow of the Secure World Foundation says this makes space a very anarchic and dangerous place, where even the most random collision between a satellite and some space junk can be (mis)interpreted as an act of war. Chow has been following the UN group’s work closely and says the new consensus is a major step forward. “Space has become so critical for so many different purposes, and there are so many things that could happen in space,” Chow told Quartz. “There needed to be some rules of the road.”

The group is expected to submit its report to the United Nations General Assembly at its 68th session in September.

Washington isn’t alone, of course; dozens of other governments do the same, in collaboration with each other and individually. But one thing that US officials insist they won’t do is use the information gleaned from industrial espionage to help US corporations, like the Chinese do with their state-run defense, oil and other companies.

Is it really possible that US government spies surreptitiously collect confidential information from foreign multinationals and don’t share it with domestic US business interests to give them a leg up? And why would it collect the information if not for such purposes?

Here are some reasons:

National security. US intel agencies acutely focus on foreign companies, especially defense, technology and telecommunications firms, to gauge what kind of threat they might pose to US interests. That includes finding out what kind of products they are developing, who they’re selling them to and what kind of strategic plans they have. This is particularly the case with weapons manufacturers and those making dual-use products that can be used to build nuclear weapons programs. It’s also done when such companies, like China’s telecommunications firm  Huawei, seek to buy US companies. The information is used to help the Commerce Department and secretive Committee on Foreign Investment in the United Statesassess whether or not the US should object to such sales as being against US national security interests.

Competition.  Sometimes the US spies on foreign companies to see what they’ve been getting via industrial espionage, either from their own efforts or from state-run intelligence-gathering. Efforts to uncover what Chinese firms have been getting is a full-time job in and of itself. A year after the 1996 Economic Espionage Act was passed, US authorities had already estimated that intellectual property theft was costing US firms $300 billion. Coincidentally, the same number was used earlier this year by the Commission on the Theft of International Property. US intel officials say at least 23 countries actively target US companies. Besides China, France has long been one of the worst offenders, for years targeting dozens of big US corporations, and placing intel agents in “deep cover” as corporate officials without revealing their true allegiance. US spying, in turn, has been used to root out such people and to do damage control in each of those countries. (Sometimes those efforts backfired, such as in the mid-1990s when US intelligence agents were expelled from France and from Germany, prompting at least a temporary scale-back in US commercial espionage efforts overseas).

Trade. Increasingly, US industrial espionage operations also provide Washington with key information about the capabilities and plans of foreign multinationals to be used in trade negotiations. The information isn’t shared with the US corporations (not as a matter of policy, anyway). But it is used, at least indirectly, to inform the negotiations, and give the US leverage based on having knowledge of what kind of bargaining position the other country is in, former intel officials told Quartz.

Anti-corruption. Intel officials, including former CIA director R. James Woolsey, say the US and its allies spy on foreign companies to gather evidence used to prosecute foreigners for flouting the US Foreign Corrupt Practices Act and gaining an unfair advantage over their US competitors. Back in 2000, Woolsey told reporters that the US spied on European companies Thomson-CSF (now Thales Group) and Airbus to see if they, respectively, had been paying bribes to the Brazilian and Saudi governments “That’s right, my continental friends,” Woolsey said, “we have spied on you because you bribe.” The information is also given to the Departments of State and Commerce so they can confront the other countries to take corrective action.

From time to time, concerns have arisen that US companies have benefitted from such spying. US officials insist it isn’t done, at least not intentionally. For one thing, there are too many potential complications, including which of various competing companies would get the valuable information, and what they would be allowed to do with it. Also, it’s illegal to disseminate the highly classified information to people not authorized to receive it, and few, if any, private sector executives have the necessary security clearances.

Those concerns about whether the US engages in industrial espionage arose again last week, after president Obama confirmed Snowden’s assertions that the US spies on its allies. A senior administration official was asked at the end of the two-day US-China security and economy summit in Washington whether the US government was any better than China when it comes to industrial espionage, and whether the White House pressed Beijing on the issue. “All I’ll say is we were exceptionally clear, as the president has been, that there is a vast distinction between intelligence-gathering activities that all countries do and the theft of intellectual property for the benefit of businesses in the country, which we don’t do and we don’t think any country should do,” the official said.

The cash-heavy groups are tapping into corporate cost-cutting in Europe’s crisis-torn economy, including the often exorbitant expenses required to properly dispose of waste, according to a recent report by European law enforcement agency Europol. The Italian mafia is famous for its forays into waste management, but thanks to shrinking budgets and tightening environmental regulations in Europe, illegal dumping and waste trafficking are booming under the guise of eco-friendly trash disposal. They’re high-return low-risk endeavors that are rarely prosecuted, Europol says.

The Italian mafia is exploiting other green markets, too. In 2010, Italian authoritiesseized $1.9 billion US from Vito Nicastri, known as Sicily’s “Lord of the Wind,” and his alleged mafia associates, saying they illegally profited from wind farms and other government-subsidized alternative energy companies. Since then, Italian officials have been investigating so many suspected “clean energy” rackets that experts fear the related tax evasion and corruption is undermining Italy’s economy.

Similar illicit industries are cropping up in Scotland, where illegal landfills are booming thanks to tax hikes on trash. One unlicensed trash pit can fit enough waste for a company to avoid 1 million euros in taxes a month. Meanwhile, Australian authorities have been on the lookout for criminal exploitation of carbon tax initiatives.

Europol stressed that these businesses are a “very real threat” to the European Union. Crime syndicates tend to squeeze out legitimate businesses by operating initially at a loss to corner the market. Also, Europol fears the groups will use their green acquisitions to launder illicit proceeds from other criminal enterprises like drug trafficking, counterfeiting of products and extortion. That would allow the groups to move further into the mainstream financial system, giving them more room to grow, and more avenues to evade the law.

Thanks to massive budget cuts and tanking economies, many Western governments, especially in Europe and the United States, are slashing defense spending and eliminating big-ticket weapons systems. Dozens of other countries, throughout Asia, the Middle East and Latin America, are spending more and more these days on their burgeoning militaries. But no matter their economic situation, the one thing they’re all clamoring for is drones. Especially those made in a certain tiny Middle East country surrounded by lots of enemies.

Israel was recently anointed as the world’s largest exporter of the small surveillance planes, according to a major study by the Frost & Sullivan international business consulting firm.  The handful of Israeli companies that manufacture the drones earned at least $4.6 billion in sales during the last eight years, Frost & Sullivan said in its report. That tally includes exports of the planes themselves and operating and communications systems and payloads. American defense companies probably manufacture more drones, but they send much of them to the US military and its close allies, Frost & Sullivan’s Eran Flumin told Quartz. Also, US restrictions limit the number of drones that American firms can export.

Israel doesn’t have as strict export curbs. And drone manufacturers like state-owned Israel Aerospace Industries as well as Elbit Systems and Aeronautics Defense Systems  have been busy in recent years, Flumin says, expanding their geographic footprint and locking up lucrative new deals. The Frost & Sullivan  report did not contain a comparable estimate for American exports for 2005 to 2012. But Flumin and analyst Yakov Baranes said Frost & Sullivan estimates that US companies exported less than $3 billion worth of similar products during that same time period.

Flumin and Baranes also noted that the nature of the drone business is cyclical, and that a recent drop in Israeli exports was more of a fluctuation than a trend. It is also based on a small number of large deals. For example, a major Israeli deal with India for UAV upgrades is worth another $958 million that will be reflected in future figures, they said.

Sure, drones—especially the armed military ones—are often criticized as being morally reprehensible, if not illegal. But the ones Israel exports are arguably one of Israel’s proudest accomplishments on the global commercial stage. More than half of those Israeli exports were to Europe, while a third went to Asia-Pacific countries including India and Azerbaijan. Another 11% went to Latin America, while 3.9% went to the United States and 1.5% to Africa. The top clients: the United Kingdom, India and Brazil. Many countries buy them for surveillance and other non-weaponized uses.

Some analysts predict a quadrupling of demand for military UAVs over the next decade, thanks to their success in wars in Iraq and Afghanistan and Israel’s use of them in many types of operations. Another analysis, issued last month by the Teal Group, predicts that the total worldwide UAV market will more than double over the next decade from current expenditures of $5.2 billion annually to $11.6 billion, totaling just over $89 billion in the next 10 years.

Flumin, who heads Frost & Sullivan’s Israel operations, said Israel is well situated to cement its position as the lead exporter of drones for years to come. That’s in part because Israeli firms are aggressively marketing their drones, for myriad new military and civilian uses, in virtually every corner of the world. The Israeli firms are also leading the way in developing cutting-edge research and development, thanks to longstanding ties to Israel’s military, which has pioneered the use of the vehicles in war zones, conflict areas and for general reconnaissance.

Here’s just one of their newfangled uses under development: a large drone that can swoop in and rescue an injured soldier—or in a civilian application, a wounded hiker stuck in a remote canyon. Other drones will be able to take off vertically, eliminating the need for an airstrip, but without the bulky rotor blades that make helicopters unwieldy in tight quarters.

Israeli firms are also leading the way in developing payloads, or the gear carried within the drones. That includes extremely advanced surveillance cameras and sensors, vastly improved communications capabilities between drones and those operating them and other features that will widely expand the use of drones, especially for civilian uses like law enforcement, search and rescue and agriculture.

“Why Israel is so successful in exporting their drones is that they are optimizing the technology to allow them to be used for many different missions,” Flumin said. “You want to maximize the duration of the mission or the weight of the payload or have a better camera with higher resolution? Everything can be optimized as much as possible.”

But not everyone wants an Israeli drone—especially customers in the Middle East, where there’s a budding arms race over who can buy the most drones the fastest. Because of the growing fear of expanding regional unrest, “every large country in the region understands the need to acquire UAVs,” Frost & Sullivan said in another recent report. That is opening up some opportunities for American firms, which are aggressively lobbying Washington for permission to increase their export capabilities, especially as the Pentagon cuts military spending.

At the IDEX  international defense trade show in Abu Dhabi in February, the United Arab Emirates announced it was buying an unspecified number of Predator surveillance drones from US firm General Atomics in a deal worth $196.57 million. Frost & Sullivan cited that as evidence that Washington was easing its stances on such exports. Gulf countries are looking for other manufacturers too, and China, Turkey and even Pakistan are working overtime to create drones that they can sell on the international market.

Meanwhile, Brazil and a host of other countries are developing their own drones to monitor borders and vast swaths of farmland. And three of Europe’s top military contractors last month urged the region’s governments to establish a joint program to develop drones of their own, to reduce reliance on Israeli and US manufacturers.

However, the Bahamas is one of the top countries in the world for registering and flagging ships, along with such seafaring great powers as Panama, Liberia and the Marshall Islands. At least 50 million gross tonnes (the standard measurement) of ships around the world are flying the Bahamas flag, including the pirate-infested waters off Africa, making it the country with the world’s fifth-largest maritime presence (pdf, p. 12, and chart below). The Bahamas is especially popular because foreigners can hold direct title to a Bahamian vessel, and the Bahamas does not impose any tax on income, capital gains or similar financial revenues.

And with the successful recent crackdown on pirates, especially off the coast of Somalia, the United States—as this year’s chair of the multinational Contact Group on Piracy off the Coast of Somalia—is now seeking some longer-term solutions to the problem. At the top of the list: getting the big flag registry countries to become full partners in the global counter-piracy effort. “We are in a maintenance mode right now, past the crisis stage, and we certainly want flag states to exercise their sovereign responsibilities,’’ a State Department official speaking anonymously told Quartz.

The need for the Bahamas to do more became apparent in January 2012 when theMV Sunshine was raided by pirates in the Arabian Sea, and US commandos rescued the ship and captured 15 Somalis. The ship was Bahamian-flagged, but the Nassau government wasn’t prepared to arrest, prosecute and try the pirates. The men wereultimately convicted in the Seychelles, and Washington and Nassau have been working together ever since on a memorandum of understanding that will be signed next week. What’s in the document isn’t yet public, but it apparently includes non-binding (and very general) provisions for better consultation—and technical cooperation—so that the Bahamas is prepared to deal with the next boatful of pirates caught hijacking a Bahamian-owned or flagged ship.

The State Department official said Washington will now try to forge similar agreements with other countries, especially those that register and flag a lot of ships. That’s because such prosecutions can be  extraordinarily time-consuming and expensive, and the Justice Department doesn’t want to prosecute all of them itself, as it has in recent years. “The Bahamas is not alone in this,”  the official said. “The laws of many countries are antiquated. For a long time, piracy had been a forgotten problem.”

On July 1, while wrapping up his trip to Africa, US president Barack Obama announced that he wants to get serious about thwarting black market trafficking in elephant tusks, rhinoceros horns and body parts of other endangered species. The added bonus, if not the underlying motivation, is that the crackdown would undermine the many organized crime syndicates, insurgent groups and terrorists that are flourishing on the continent. Here’s why:

Experts now say the illegal animal trade is a multi-billion dollar industry, second only to the drug trade in global profitability, and recently surpassing human and weapons trafficking. As Reuters reports, wildlife trafficking, organized crime and terrorism have become interwined in Africa. Transnational criminal gangs, paramilitary groups and al Qaeda affiliates use poaching to fund other  illegal activities.

The primary attraction to the wildlife poaching business is simple: it’s extremely lucrative. In practice, however, it’s extremely complicated. It involves sophisticated smuggling operations that build on existing trafficking networks to transport, process and sell the animal parts for huge profits, mostly in Asia. Ivory from elephant tusks used to make jewelry sells for $1,000 a pound, and a rhino horn is now worth $30,000 per pound, “which is literally more valuable than its weight in gold,” according to senior US National Security Council official Grant Harris, who briefed reporters traveling with Obama in Africa. As Quartz described recently, rhino horn powder is used for cancer cures, hangover remedies and myriad other things, especially in Vietnam but also in China. It all adds up to a global wildlife trafficking industry worth between $7 billion and $10 billion a year, said Harris. These networks evade even the relatively stringent enforcement regimes of countries like Botswana and Thailand.

Given the staggering amounts of money to be made, many African governments have stepped aside or taken part, fueling corruption, money laundering and lax regulation. Rebel militias are even using ivory and rhino horns as currency, which has exacerbated local and regional conflicts. According to Obama’s executive order, the poaching operations have grown more sophisticated. What were once fragmented piecemeal poaching efforts are now coordinated slaughter campaigns that involve multiple illegal groups and target great apes, tigers, sharks, tuna and turtles, among other species.

Obama’s new campaign to fight wildlife trafficking includes an executive order, $10 million in funding, a task force and a presidential advisory council. The campaign will focus on helping affected countries establish and enforce better trafficking laws;, supporting regional cooperation; training their police and rangers; and beefing up their law enforcement and intelligence-gathering capacities. It will also use a new “Transnational Organized Crime Rewards Program” to offer bounties for poachers and push for more modern technologies to identify and capture them.

The US plan comes on the heels of an announcement in May by the United Nations that international wildlife (and timber) trafficking will now be defined as a serious organized crime. Both measures, according to advocates, will finally allow international law enforcement officials to investigate, arrest and prosecute poachers—especially those operating across borders.

But the problems extend far beyond who gets security clearances. So says the latest annual report (pdf), published June 20, by the Information Security Oversight Office, whose job is to get agencies to classify fewer documents and to declassify many more of them while making sure that real secrets stay secret.

The ISOO estimates that the government and its contractors spent $11 billion last year on “security classification activities”—plus an estimated 20% more for the CIA, NSA and other agencies whose activities are too secret to even mention in the report. The good news is that this is 13%, or $1.7 billion, less than the year before.

But there’s a more important statistic. The report attributes the lower cost, in part, to a project launched by the Obama administration called the Fundamental Classification Guidance Review (FCGR), which pressures officials to set a higher bar for making things secret. Last year, the report said, US agencies reported 73,477 “original classification decisions” (i.e., the decision to classify something, and at what level)—a drop of 42% from the previous year.

Here’s the breakdown:

And if that seems like a lot, look at how much it has come down, especially since Barack Obama took office:

The report isn’t all good news. Overall, it says the government continues to generate classified information at historically high levels, especially through derivative classification, which means putting already classified information in a new document.

Here’s a breakdown of that:

And a historical breakdown, showing the huge jump when electronic documents were included:

Steven Aftergood, who heads the Project on Government Secrecy for the Federation of American Scientists, told Quartz that there’s a direct correlation between all of the over-classification cited in the report and the government’s inability to stop people like Snowden from stealing information. “The more secrets we have, the worse job we do in preserving them,” he says. But he says the 42% drop in the creation of “new secrets” is a glimmer of hope because it appears to be the result of a concerted effort that includes several Obama administration initiatives. “People are saying, ‘Wait a minute, do we need to classify this?’ in a way they had not been before,” Aftergood says. “It is a modest but hopeful sign, potentially a turning point in overall secrecy reduction.”

One thing the new report doesn’t do, though: Describe what kinds of information—the 42%—are no longer considered secret.