Agencies Pursue Standardized Policy for “Sensitive” Info
An interagency report on proposals to streamline controls on so-called “sensitive but unclassified” (SBU) information is due to be presented to the White House this month.
Efforts to promote information sharing among government agencies and others involved in homeland security have been stymied by the growing use of over sixty different types of access controls on unclassified information, such as For Official Use Only, Law Enforcement Sensitive, Limited Official Use, and many more. Such controls are often poorly defined and mutually incompatible.
Last December 16, the White House initiated an ongoing review that began with preparation of an inventory of all of the various SBU access controls used in the federal government, which was completed in March. The next step was to formulate recommendations for standardizing SBU policies related to terrorism, homeland security and law enforcement, which are now due.
See Guideline 3, “Standardize Procedures for Sensitive But Unclassified Information,” in the December 16 White House memo.
As of last week, a report to the President on those recommendations was awaiting the signatures of the Attorney General and the Secretary of Homeland Security.
The pending report sets forth principles upon which SBU policy should be based, but stops short of the crucial task of defining exactly how those principles ought to be implemented, government officials said.
One of those principles is that each type of control on unclassified information should have a uniform, public and government-wide definition so that it is employed the same way by all agencies. That is not the case today.
The proposed principles include provisions for oversight of how SBU controls are used, officials told Secrecy News.
They also include a proposed moratorium on the creation of new SBU categories.
The new report to the President has not been released. But a 2005 report prepared for the Department of Homeland Security provides one detailed perspective on the complexity of the information sharing problem and some options for addressing it.
See “Information Sharing and Collaboration Business Plan,” Institute for Defense Analyses, June 2005 (205 pages, 1.5 MB PDF).
These ideas aim to advance the detailed policy solutions needed to foster public trust and implement fairness in the adoption of AI across diverse domains, from healthcare and government benefits to rural access, education, and worker protections.
The evidence is clear: algorithmic pay-setting is established in app-based work, and payroll/timekeeping failures show how software can produce systemic wage harm at scale
While a few states have taken steps to implement decision-making mechanisms for certain AI systems, too many leaders are simply accepting narratives about AI’s purported public benefit at face value – jumping to the “how” of AI implementation before thoroughly vetting potential systems and deciding whether they are appropriate to use at all.
When properly structured — with specific numeric targets, secured financial obligations, independent monitoring, and meaningful enforcement — CBAs transform data center deals into durable community partnerships.