FBI Director James Comey’s announcement regarding the investigation into Hillary Clinton’s use of personal e-mail servers when she was secretary of state is likely to generate a good deal more heat than light. By lambasting her e-mail practices and then declaring that no reasonable prosecutor would bring charges, he managed to offend Clinton’s supporters and her critics in equal measure. But the real question on most Americans’ minds is whether Clinton put truly sensitive information—and thus, perhaps, the nation’s security—at risk. Thanks to our bloated and dysfunctional classification system, it may be decades before we have an answer.

First, a brief synopsis of the FBI’s findings as Comey described them: A hundred and thirteen of the more than 30,000 e-mails on Clinton’s servers contained information that intelligence agencies had classified, in some cases at the highest level (“Top Secret”), at the time the e-mails were sent or received. That means officials within those agencies had determined that the information should be protected. Although marking classified information is an important part of ensuring its protection, only a small number of the 113 e-mails were marked as classified. Nonetheless, as Comey put it, “participants who know or should know that the subject matter is classified are still obligated to protect it.”

The FBI concluded that Clinton and her colleagues were “extremely careless,” but found insufficient evidence to support criminal charges under statutes that require evidence of intentional misconduct or gross negligence. Comey suggested that prosecuting Clinton would break with past practice, as prior prosecutions all have involved clearly intentional mishandling, the exposure of vast quantities of classified information, indications of disloyalty to the United States, or efforts to obstruct justice.

To someone unfamiliar with the classification system, Comey’s comments may have caused some whiplash. If Clinton sent and received e-mails that were classified as “Top Secret” on her personal servers, and if (as Comey implied) officials should be able to identify highly sensitive information regardless of its markings, then it would seem to follow that Clinton put our national security at grave risk. Viewed in this light, the decision not to recommend prosecution based on insufficient evidence of bad faith is at best unsatisfying, and at worst smacks of a whitewash.

The picture becomes much less clear when some key facts about the nation’s classification system are considered. Classification is not a science. The 2,000-plus officials who are authorized to make initial classification decisions exercise their individual judgments as to whether disclosure would harm national security. They have extremely broad discretion, and they are not required to explain their thinking. Given the subjectivity of the analysis, agencies frequently come to different conclusions about the sensitivity of the same piece of information. Needless to say, this would not happen if the appropriate classification status were self-evident.

Moreover, officials encounter multiple incentives to err liberally on the side of classification. It is easier and safer for busy, risk-averse national-security officials to make classification the default. It also greases the skids when pursuing policy initiatives that otherwise might require broad buy-in. It can hide embarrassing facts or evidence of misconduct. And it serves as a way for officials to enhance their status or protect their agencies’ turf. There are no disincentives on the other side of the scale, as classification decisions normally go unreviewed and agencies do not punish officials for classifying too much.

This subjectivity, discretion, and skewed incentive structure combine to produce massive “overclassification,” a phenomenon noted by experts and blue-ribbon commissions for decades. Current and former government officials have estimated that 50 to 90 percent of classified documents could safely be released. The Obama administration pledged greater transparency and managed to reduce the yearly number of classification decisions by 18.5 percent in the last two years for which data are available, but there were still 77.5 million decisions to classify information in fiscal year 2014.

When so much information is needlessly classified, many officials cut corners for the sake of efficiency, sidestepping the complex and cumbersome procedures for handling classified information. Others simply lose respect for the system and become careless. But even the best-intentioned officials are hard pressed to maintain strict compliance in such an unwieldy regime. The system sets them up to fail, putting at risk the truly sensitive information buried within the chaff.

Was sensitive information compromised by Clinton’s e-mail practices? It is tempting to assume—and the tenor of Comey’s remarks suggests—that a “Top Secret” designation is a clear indicator of a document’s sensitivity. In fact, unnecessary classification happens at all levels. The CIA’s use of drones to conduct targeted killings in Pakistan, for instance, is highly classified, despite being painfully familiar to Pakistanis and well-known to the rest of the world. It is difficult to imagine how national security could suffer as a result of that program’s being referenced in some of Clinton’s e-mails, as reported.

Nor can it be assumed that information about a top-secret program should jump out at any high-level official, even if unmarked. Aside from the subjectivity of the underlying classification decision, the sheer number of such programs is staggering. The Pentagon’s list of code names for highly classified “Special Access Programs” runs 300 pages, leading Director of National Intelligence James Clapper to remark, “There’s only one entity in the entire universe that has visibility on all SAPs—that’s God.”

Of course, there is also a substantial amount of information for which classification is not only justified but self-evidently necessary. But it may be a long time before we learn whether Clinton’s e-mails contained any such information. Although officials who classify a document must specify a date on which the agency should declassify it, this rarely happens on schedule. After 25 years, declassification is supposed to be “automatic” for most categories of information, but in practice agencies insist in lengthy reviews that can add years to the process. With the government producing petabytes of classified information each year, there is no way the current declassification system can keep up.

False assumptions about classified information do not merely distort the public’s understanding of the Clinton e-mail story. They sustain a broken classification system that threatens national security and democratic self-governance alike. Regardless of who wins the coming election or the election after that one, the government should redouble its efforts to reduce overclassification and accelerate declassification. On this matter, at least, the picture is quite clear.