SECRECY NEWS
from the FAS Project on Government Secrecy
Volume 2009, Issue No. 100
December 15, 2009

Secrecy News Blog: http://www.fas.org/blog/secrecy/

NEW FRAMEWORK PROPOSED FOR "SENSITIVE" GOVT INFO

The government should replace the more than 100 different control markings that are now used to limit the distribution of sensitive but unclassified (SBU) information and should establish a single "controlled unclassified information" (CUI) policy for all such information in government, according to an interagency task force report that was released by the Obama Administration today.

"The Task Force concluded that Executive Branch performance suffers immensely from interagency inconsistency in SBU policies, frequent uncertainty in interagency settings as to exactly what policies apply to given SBU information, and the inconsistent application of similar policies across agencies," the Report said. "Additionally, the absence of effective training, oversight, and accountability at many agencies results in a tendency to over-protect information, greatly diminishing government transparency."

The Task Force said that their proposal for a single "controlled unclassified information" (CUI) regime would not only facilitate information sharing among federal, state and local government agencies, it would also increase transparency and enhance public access to government information.

"Because of its uniformity, standardized training requirements, and the public availability of the registry [indicating what categories of information are controlled], the expanded scope of the CUI Framework can be expected to significantly increase the openness and transparency of government...."

Not only that, "It is foreseeable, based on the revised definition and scope of CUI recommended herein, that some information currently treated as 'sensitive' may be found not to warrant CUI designation."

The Task Force presented 40 recommendations to the President on implementing the proposed CUI policy that could serve as the basis for an executive order on the subject. It builds upon, and would expand the scope of, the CUI Framework that was established in a May 2008 memorandum issued by President Bush, which dealt with the control and sharing of terrorism-related information.

See the Report and Recommendations of the Presidential Task Force on Controlled Unclassified Information, transmitted August 25, 2009 and released December 15, 2009:

The Task Force proposal is an admirable effort to bring order to a chaotic information environment. But it has some rough edges, and some unresolved internal contradictions.

The proposed definition of CUI seems disturbingly lax: "All unclassified information for which, pursuant to statute, regulation, or departmental or agency policy, there is a compelling requirement for safeguarding and/or dissemination controls" (p. 11). Putting "departmental or agency policy" on a par with statutes or regulations could potentially open the door to all kinds of arbitrary or improvised controls on information.

More fundamentally, it is hard to see how the Task Force proposal could achieve its central goal of eliminating all non-CUI controls on unclassified information. The Task Force report itself states (in Recommendation 20) that "decontrol of CUI" does not by itself authorize public disclosure; it only means removal from the CUI Framework. But if information that has been removed from the CUI Framework does not necessarily have to be disclosed, this means that decontrolled information can still be controlled!

The report properly takes pains to distinguish information control under the CUI regime from the statutory disclosure requirements of the Freedom of Information Act, which cannot be altered by executive fiat. "At no time, pre- or post-control, is a CUI marking itself determinative of whether it may be released," the Report states (p. 21). But this implies, oddly, that information marked as CUI may sometimes be released, while information that is no longer CUI may sometimes be withheld. And if it is withheld, one must also expect it to be marked with a (non-CUI) control marking.

In short, the CUI concept still has some wrinkles that remain to be ironed out.

The Task Force recommended a ten-year life cycle for CUI that is not otherwise subject to defined disclosure deadlines. It recommended a baseline assessment of the volume of current SBU activity, but this is probably unachievable or at least not worth the effort involved. Staffing and resources for the "Executive Agent" that manages the whole enterprise are uncertain, but are likely to be crucial or even decisive in the success of the proposed policy. An appendix to the Task Force report listed 117 different markings currently in use to protect SBU information (described as "a partial listing").

The Task Force proposal is "a good foundation," said one senior Administration official. But before the subject is addressed in an executive order, the final policy "needs to be more forward-leaning," he said.

Meanwhile, the Department of Defense, the intelligence agencies, and the Department of Homeland Security have already indicated that they plan to use the CUI Framework for all of their sensitive unclassified information, another official said.


SOME RECENT CONGRESSIONAL PUBLICATIONS

Noteworthy new congressional reports and hearing volumes include the following:

"Report on Whistleblower Protection Enhancement Act of 2009," Senate Homeland Security and Governmental Affairs Committee, Report No. 111-101, December 3, 2009:

"Report on the USA PATRIOT Act Sunset Extension Act of 2009," Senate Judiciary Committee report 111-92, October 28, 2009:

"National Industrial Security Program: Addressing the Implications of Globalization and Foreign Ownership for the Defense Industrial Base," House Armed Services Committee, April 16, 2008 (published November 2009):

"Upholding the Principle of Habeas Corpus for Detainees," House Armed Services Committee, July 26, 2007 (published November 2009):


IC "SCRAMBLES" TO COMPLY WITH OPEN GOVT DIRECTIVE

The U.S. intelligence community is not exempt from the requirements of the Obama Administration's December 8 Open Government Directive, and agency officials are now trying to figure out how to comply with it.

"As you can imagine, there is some scrambling going on," one official said. "I think it's a good sign."

See "Open government could present a challenge to intelligence agencies" by Aliya Sternstein, NextGov, December 11, 2009:

******************************

Secrecy News is written by Steven Aftergood and published by the Federation of American Scientists.

See also "Reducing Government Secrecy: Finding What Works" by Steven Aftergood, Yale Law and Policy Review, vol. 27, no. 2, Spring 2009:
      http://www.fas.org/sgp/eprint/aftergood.pdf

The Secrecy News blog is at:
      http://www.fas.org/blog/secrecy/

To SUBSCRIBE to Secrecy News, go to:
     http://www.fas.org/sgp/news/secrecy/subscribe.html

To UNSUBSCRIBE, go to:
      http://www.fas.org/sgp/news/secrecy/unsubscribe.html

OR email your request to saftergood@fas.org

Secrecy News is archived at:
      http://www.fas.org/sgp/news/secrecy/index.html

SUPPORT the FAS Project on Government Secrecy with a donation here:
      http://www.fas.org/member/donate_today.html