White House Issues Policy on “Controlled Unclassified Info”
The White House last week issued a long-awaited policy on “controlled unclassified information” (CUI) to provide a uniform government-wide system for safeguarding unclassified information that is deemed sensitive.
The CUI framework is supposed to replace the numerous individual agency control markings — “sensitive but unclassified,” “for official use only,” and over a hundred other designations — and thereby to overcome barriers to information sharing within the government.
But the new policy will do nothing to restore public access to government records that have been improperly withheld.
Development of the CUI policy began with a December 16, 2005 memo from the President directing agencies to “standardize procedures for sensitive but unclassified information.” Despite the passage of two and a half years, however, little progress has been made in defining the terms of the new policy.
It establishes a single CUI framework, with three graduated levels of sensitivity and security. But the definition of what information may qualify as CUI, which includes anything that “under law or policy” requires protection from unauthorized disclosure, is vague and expansive.
To put it another way, the CUI policy does not exclude anything that is currently controlled as Sensitive But Unclassified.
This is a disappointment in light of previous suggestions that wholesale disclosures of currently controlled unclassified information might ensue.
“The great majority of the information which is now controlled can be put in a simple unclassified, uncontrolled category, it seems to me,” said Amb. Thomas McNamara, program manage of the ODNI Information Sharing Environment, in 2006 testimony (pdf) before Congress.
But under the new Bush policy, “the great majority of the information” that Amb. McNamara said should be uncontrolled will remain controlled and unavailable to the public.
The CUI policy properly notes that the new policy does not modify the requirements of the Freedom of Information Act process: “CUI markings may inform but do not control the decision of whether to disclose or release the information to the public, such as in response to a request made pursuant to the Freedom of Information Act.”
But despite the passage of years since the policy was proposed, many of the hard decisions involved have been deferred to the implementation phase.
Which, if any, of the more than 100 existing control categories will be canceled, rather than absorbed into the new CUI category? The new policy does not say. At what point, if any, does the CUI designation expire? There’s no way to tell. What enforcement mechanisms are established to ensure compliance with the new policy? To be determined.
Update: Smintheus at Daily Kos has more.
Extreme heat is the leading weather-related cause of injury and death and innovations in the built environment can save money and lives.
By requiring all states to conduct flood infrastructure vulnerability assessments (FIVAs), the federal government can limit its financial liability while advancing a more efficient and effective model of flood resilience that puts states and localities at the fore.
FAS is invested in seeing more students gain science and technology skills and enter STEM careers, both for students and for our country’s competitive advantage.
To sustain America’s leadership in AI innovation, accelerate adoption across the economy, and guarantee that AI systems remain secure and trustworthy, we offer a set of policy recommendations.