Protecting “Critical Program Information” Within DoD
The Department of Defense last week issued new guidelines (pdf) for protecting “critical program information” (CPI), a term that refers to the most sensitive technology information in DoD research, development and acquisition programs.
CPI consists of those program elements “that, if compromised, could cause significant degradation in mission effectiveness; shorten the expected combat-effective life of the system; reduce technological advantage; significantly alter program direction; or enable an adversary to defeat, counter, copy, or reverse engineer the technology or capability.”
CPI “includes technology that would reduce the US technological advantage if it came under foreign control.”
“It is DoD policy… to provide uncompromised and secure military systems to the warfighter by performing comprehensive protection of CPI.”
The new CPI instruction, issued by James. R. Clapper, Jr., the Under Secretary of Defense for Intelligence, updates and expands upon a prior directive (pdf) from 1997.
Among the interesting changes adopted in the new instruction is an increased role for security oversight by the DoD Inspector General, who is called upon to “develop a uniform system of periodic inspections” to ensure compliance with CPI protection requirements, and to “publish an annual report of significant findings, recommendations, and best practices.”
Though it is not specifically addressed in the new instruction, the use of agency inspectors general to conduct oversight of classification and declassification activity is the single most promising near-term option for augmenting oversight of the government secrecy system. Increased IG oversight of CPI may serve as a useful precedent for validating the IG’s capacity to perform that function and advancing its classification oversight role.
See “Critical Program Information (CPI) Protection Within the Department of Defense,” DoD Instruction 5200.39, July 16, 2008.
These ideas aim to advance the detailed policy solutions needed to foster public trust and implement fairness in the adoption of AI across diverse domains, from healthcare and government benefits to rural access, education, and worker protections.
The evidence is clear: algorithmic pay-setting is established in app-based work, and payroll/timekeeping failures show how software can produce systemic wage harm at scale
While a few states have taken steps to implement decision-making mechanisms for certain AI systems, too many leaders are simply accepting narratives about AI’s purported public benefit at face value – jumping to the “how” of AI implementation before thoroughly vetting potential systems and deciding whether they are appropriate to use at all.
When properly structured — with specific numeric targets, secured financial obligations, independent monitoring, and meaningful enforcement — CBAs transform data center deals into durable community partnerships.