Controlled Unclassified Information

Controlled Unclassified Information Steven Aftergood has an interesting look at a proposal from Jane Harmon to formalize the concept of “controlled unclassified information” (CUI) that the White House rolled out on a trial balloon basis last month.

Aftergood is dubious of the so-called “The Improving Public Access to Documents Act” and I mostly defer to him on this matter.

[I]t is tactically unwise to lock into statute an executive branch “framework” that still remains largely undefined and that may be subject to significant modification in the course of its projected five-year implementation period. The CUI Office at the National Archives that is supposed to develop the implementing regulations referenced in the bill does not even have its own funding this year, and has also missed the funding cycle for next year.

Among other questionable features (and some positive ones), the bill regrettably endorses the executive branch view of the Freedom of Information Act as the proper channel for public access to agency information on homeland security and related topics. Thus, the bill says, “The Department [of Homeland Security] should start with the presumption that all homeland security information that is not properly classified, or marked as controlled unclassified information and otherwise exempt from disclosure, should be shared with the public pursuant to section 552 of title 5, United States Code (commonly referred to as the `Freedom of Information Act’).”

This is not a “presumption” — disclosure of non-exempt information pursuant to FOIA is already required by law — and it would not “improve public access.” To the contrary, by presenting disclosure under FOIA as the primary alternative to classification or control, the bill would place an impossible burden on the FOIA process, and would diminish agency responsibility to unilaterally disclose homeland security information that has not been formally requested.

Fair enough. Our goal should be making it easier, not harder, for journalists, scholars, and other interested citizens to get access to information about how their government operates.

In theory, though, a bill could be written that would actually achieve the titular objective. A regulatory scheme that provides rules for internal handling and dissemination of information but that stops short of formal classification is, theoretically, a good idea. Once something is classified, it’s ridiculously hard to overcome inertia even if it only needed to be held close for a very short period of time. Ending the practice of stamping that sort of material — including huge documents with only a sentence of such material — “classified” could be a boon.

My suspicion, unfortunately, is that the bill which actually emerges — at least after the bean counters lard it with “clarifying” regulation — will further the tendency to treat routine operating information as sensitive and thus not sharable with the public because those who would do us harm could cobble together something damaging from bits and pieces of information that, in isolation, are innocuous.

FILED UNDER: General, , ,
James Joyner
About James Joyner
James Joyner is a Security Studies professor at Marine Corps University's Command and Staff College and a nonresident senior fellow at the Scowcroft Center for Strategy and Security at the Atlantic Council. He's a former Army officer and Desert Storm vet. Views expressed here are his own. Follow James on Twitter @DrJJoyner.

Comments

  1. Richard Gardner says:

    Ending the practice of stamping that sort of material — including huge documents with only a sentence of such material — “classified” could be a boon.

    On the other hand, sometimes you have a piece of paper whose individual items are all unclassified but when combined make it a sensitive document, particularly in homeland security. An example is a detailed map (GPS exact) of all the natural gas pipelines and pumping stations in an area. Just marking it proprietary information isn’t adequate, as that is mostly used in the financial end of things. Should such information be available to anyone that submits a FOIA or Sunshine Act request?

    The above natural gas pipeline example actually occurred in WA State a year or so ago (State Emergency Department or equivalent (in this case the WA Utilities and Transportation Commission)) required the companies to provide the info), but the same could apply to FEMA/DHS/DOT.

    The problem with classifying this info in the conventional Confidential/Secret/Top Secret methodology is that it just doesn’t fit into the (outdated in my mind) “National Security Information” framework. It should be need-to-know, but there is no need to massively increase the number of folks with security clearances (even Confidential).

  2. Michael says:

    My suspicion, unfortunately, is that the bill which actually emerges — at least after the bean counters lard it with “clarifying” regulation — will further the tendency to treat routine operating information as sensitive and thus not sharable with the public because those who would do us harm could cobble together something damaging from bits and pieces of information that, in isolation, are innocuous.

    Security through obscurity is not actual security.

    An example is a detailed map (GPS exact) of all the natural gas pipelines and pumping stations in an area. Just marking it proprietary information isn’t adequate, as that is mostly used in the financial end of things. Should such information be available to anyone that submits a FOIA or Sunshine Act request?

    The problem is that the locations of these things are not secrets. All you’re doing by not making the maps available is requiring someone to go look for themselves, you’re not preventing them from finding it out.

    It’s like preventing someone without a security badge from using the elevator, but keeping the stairs freely accessible. The top floors are no more secure in that situation than if you just let everyone use the elevator.