Comments on: Controlled Unclassified Information http://www.outsidethebeltway.com/archives/controlled_unclassified_information/ Online Journal of Politics and Foreign Affairs Wed, 25 Nov 2009 18:04:01 -0600 http://wordpress.org/?v=2.8.5 hourly 1 By: Michael http://www.outsidethebeltway.com/archives/controlled_unclassified_information/comment-page-1/#comment-405408 Michael Tue, 10 Jun 2008 12:52:25 +0000 http://www.outsidethebeltway.com/archives/2008/06/controlled_unclassified_information/#comment-405408 <blockquote>My suspicion, unfortunately, is that the bill which actually emerges — at least after the bean counters lard it with “clarifying” regulation — will further the tendency to treat routine operating information as sensitive and thus not sharable with the public because those who would do us harm could cobble together something damaging from bits and pieces of information that, in isolation, are innocuous.</blockquote>Security through obscurity is not actual security. <blockquote>An example is a detailed map (GPS exact) of all the natural gas pipelines and pumping stations in an area. Just marking it proprietary information isn't adequate, as that is mostly used in the financial end of things. Should such information be available to anyone that submits a FOIA or Sunshine Act request?</blockquote>The problem is that the locations of these things are not secrets. All you're doing by not making the maps available is requiring someone to go look for themselves, you're not preventing them from finding it out. It's like preventing someone without a security badge from using the elevator, but keeping the stairs freely accessible. The top floors are no more secure in that situation than if you just let everyone use the elevator.

My suspicion, unfortunately, is that the bill which actually emerges — at least after the bean counters lard it with “clarifying” regulation — will further the tendency to treat routine operating information as sensitive and thus not sharable with the public because those who would do us harm could cobble together something damaging from bits and pieces of information that, in isolation, are innocuous.

Security through obscurity is not actual security.

An example is a detailed map (GPS exact) of all the natural gas pipelines and pumping stations in an area. Just marking it proprietary information isn't adequate, as that is mostly used in the financial end of things. Should such information be available to anyone that submits a FOIA or Sunshine Act request?

The problem is that the locations of these things are not secrets. All you're doing by not making the maps available is requiring someone to go look for themselves, you're not preventing them from finding it out.

It's like preventing someone without a security badge from using the elevator, but keeping the stairs freely accessible. The top floors are no more secure in that situation than if you just let everyone use the elevator.

]]> By: Richard Gardner http://www.outsidethebeltway.com/archives/controlled_unclassified_information/comment-page-1/#comment-404450 Richard Gardner Mon, 09 Jun 2008 22:01:13 +0000 http://www.outsidethebeltway.com/archives/2008/06/controlled_unclassified_information/#comment-404450 <blockquote>Ending the practice of stamping that sort of material — including huge documents with only a sentence of such material — “classified” could be a boon.</blockquote> On the other hand, sometimes you have a piece of paper whose individual items are all unclassified but when combined make it a sensitive document, particularly in homeland security. An example is a detailed map (GPS exact) of all the natural gas pipelines and pumping stations in an area. Just marking it proprietary information isn't adequate, as that is mostly used in the financial end of things. Should such information be available to anyone that submits a FOIA or Sunshine Act request? The above natural gas pipeline example actually occurred in WA State a year or so ago (State Emergency Department or equivalent (in this case the WA Utilities and Transportation Commission)) required the companies to provide the info), but the same could apply to FEMA/DHS/<a href="https://www.npms.phmsa.dot.gov/" rel="nofollow">DOT</a>. The problem with classifying this info in the conventional Confidential/Secret/Top Secret methodology is that it just doesn't fit into the (outdated in my mind) "National Security Information" framework. It should be need-to-know, but there is no need to massively increase the number of folks with security clearances (even Confidential).

Ending the practice of stamping that sort of material — including huge documents with only a sentence of such material — “classified” could be a boon.

On the other hand, sometimes you have a piece of paper whose individual items are all unclassified but when combined make it a sensitive document, particularly in homeland security. An example is a detailed map (GPS exact) of all the natural gas pipelines and pumping stations in an area. Just marking it proprietary information isn't adequate, as that is mostly used in the financial end of things. Should such information be available to anyone that submits a FOIA or Sunshine Act request?

The above natural gas pipeline example actually occurred in WA State a year or so ago (State Emergency Department or equivalent (in this case the WA Utilities and Transportation Commission)) required the companies to provide the info), but the same could apply to FEMA/DHS/DOT.

The problem with classifying this info in the conventional Confidential/Secret/Top Secret methodology is that it just doesn't fit into the (outdated in my mind) "National Security Information" framework. It should be need-to-know, but there is no need to massively increase the number of folks with security clearances (even Confidential).

]]>