Noteworthy new Congressional Research Service reports obtained by Secrecy News include the following (all pdf).

“Military Service Records and Unit Histories: A Guide to Locating Sources,” December 16, 2009.

“California Drought: Hydrological and Regulatory Water Supply Issues,” December 7, 2009.

“Government Collection of Private Information: Background and Issues Related to the USA PATRTIOT Act Reauthorization,” December 9, 2009.

“Amendments to the Foreign Intelligence Surveillance Act Set to Expire February 28, 2010,” December 23, 2009.

“Homeland Security Department: FY2010 Appropriations,” December 14, 2009.

“Private Security Contractors in Iraq and Afghanistan: Legal Issues,” December 22, 2009.

“International Terrorism and Transnational Crime: Security Threats, U.S. Policy, and Considerations for Congress,” January 5, 2010.

“U.S. Public Diplomacy: Background and Current Issues,” December 18, 2009.

“Prospects for Democracy in Hong Kong: The 2012 Election Reforms,” December 10, 2009.

Iran’s state-run television organization known as the IRIB is profiled in a new report (pdf) from the DNI Open Source Center.

The rather massive IRIB employs an estimated 46,000 persons, according to the OSC report, and has a reported budget of $900 million.  It offers a vast network of internal and external channels, which collectively seek to “strengthen the country’s cultural solidarity,” to promote “the majesty and supremacy of Islam,” and to support “the fulfillment of the Supreme Leader’s point of view.”

The unclassified OSC report has not been approved for public release, but a copy was obtained by Secrecy News.  See “Structure of Iran’s State-Run TV IRIB,” Open Source Center, December 16, 2009.

For the first time, each executive branch agency that classifies information will be required to perform “a comprehensive review” of its internal classification guides to validate them and “to identify classified information that no longer requires protection and can be declassified.”  The new requirement is one of the most potentially significant features of an Executive Order on national security classification policy that was signed by President Obama last week.

There are more than two thousand agency classification guides currently in use and they constitute the detailed operating instructions of the classification system.  If the so-called Fundamental Classification Guidance Review (set forth in section 1.9 of the new Order) is faithfully implemented by the agencies, it should eliminate numerous obsolete classification requirements and effectively rewrite the “software” of government secrecy.

Other outstanding features of the new Executive Order 13526 include the establishment of a National Declassification Center to coordinate and streamline the declassification process (section 3.7);  the adoption of the principle that “No information may remain classified indefinitely” (section 1.5d);  and the elimination of an intelligence community veto of declassification decisions made by the Interagency Security Classification Appeals Panel. This veto authority had been granted by the Bush Administration in 2003.

But the Order contains many dozens of other changes in language that are subtle but important.  So, for example, section 3.1g states that “no information may be excluded from declassification… based solely on the type of document or record in which it is found.”  What this simple formulation does (or is expected to do) is to eliminate the permanent classification of the President’s Daily Brief (PDB), the daily intelligence compilation that is delivered to the President each morning.  The CIA has long argued that by virtue of being presented to the President, the information contained in PDBs is inherently and permanently classified.  Now it’s not.

Not all of the changes are in the direction of increased disclosure.  Section 4.3 authorizes the Attorney General, as well as the Secretary of Homeland Security, to establish highly secured Special Access Programs, an authority reserved in the previous Executive Order to the Secretaries of Defense, State, Energy and the then-Director of Central Intelligence.  Sections 1.8c and 3.5g exclude material submitted for prepublication review from classification challenges and mandatory declassification review.

Some of the changes suggest previously unsuspected problems or issues.  Section 4.1c states curiously that “An official or employee leaving agency service may not … direct that information be declassified in order to remove it from agency control.”  There may be a story behind that new provision, but I don’t know what it is.  Section 3.1h states for the first time that classified “artifacts” and other classified materials that are not in the form of records shall be declassified in the same way as classified records.

The detailed changes in the new Executive Order can best be discerned in a “red line” version of the Order which highlights the deletions and additions that have been made in the text.

The promise of transparency can easily backfire and engender cynicism if it turns out to be a mere pretense.  But in the development of the new Executive Order, the Obama Administration successfully avoided that pitfall, and then some.  To a degree previously unsurpassed not only in classification policy but in most other policy areas as well, the Administration both solicited and acted upon suggestions and recommendations from members of the public and public interest groups.

Members of the White House staff, the National Security Council staff, and the Information Security Oversight Office did more than go through the motions of receiving public input.  They sought it out and, in a surprising number of cases, incorporated it in the final Order.  The Fundamental Classification Guidance Review, the elimination of the intelligence community veto on declassification decisions, the establishment of a date certain for eliminating the backlog of 400 million pages of records awaiting declassification, a “drop dead” date to set a period of time after which classification must expire — all of these and several other provisions in the new Order are traceable to recommendations from the public.  (The National Declassification Center was originally proposed by the 1997 Moynihan Commission report.)

Naturally, not all of the public recommendations were accepted.  A proposal that the Declassification Center be given its own authority to declassify historical records without the concurrence of the originating agencies was rejected as “a bridge too far,” said one official.  So was a recommendation to strengthen internal oversight by granting the Director of the Information Security Oversight Office the unilateral authority to declassify erroneously classified records government-wide.  A proposal for a series of pilot projects to help develop further innovations in information security and disclosure was not acted on.  And quite a few other suggestions from the public were set aside.

Nor was the Administration’s interaction with members of the public perfectly frictionless.  A request by public interest groups for access to an interim draft of the Executive Order was specifically rejected by the National Security Advisor in a September 2 letter (pdf).  But after the draft leaked into the public domain later that month, an NSC official said, the resulting public comments “proved to be tremendously useful in defending and refining” the provisions of the Order.

Beyond the unparalleled degree of public participation in its development, the new Executive Order is the only such Order to be issued in the first year of a Presidential Administration.  (The last two Presidents issued their classification Orders in their third year in office).  And it is the first to be completed in a comparatively brief seven months.  It is also the first Order to be accompanied by a personal Memorandum from the President affirming the terms of the Order, and going beyond them to impose several additional requirements.  Not only that, but the President affirmed his instruction to the National Security Advisor to pursue “a more fundamental transformation of the security classification system” that goes well beyond the latest adjustments.

There are still many ways that the implementation of the new Executive Order can be frustrated, defeated or undermined, although public reporting requirements and public vigilance should help to keep it on track.  But it is clear that this Administration is now invested in the process of secrecy reform.  “There’s a real potential for us to be criticized if the reforms we’re advocating don’t pan out,” one White House official told Secrecy News.

There has been almost no criticism of the new Obama Executive Order on national security classification, which itself is kind of troubling.

For a full-throated denunciation, one has to turn to the outer periphery of Newsmax.com, which argues that declassification of historical editions of the President’s Daily Brief “will render impotent one of the intelligence community’s most vital tools.” (“Obama Imperils Intel Briefings,” by Theodore Kettle, Newsmax.com, January 3.)

A more cogent complaint, put forward by PRI’s show The Takeaway on December 22, is that creation of a National Declassification Center “will actually delay the declassification of 400 million pages of Cold War-era documents,” because these were already subject to a December 31, 2009 deadline, which has now been eliminated.

As previously reported (“New Executive Order Aims to Avoid Declass Deadline,” Secrecy News, November 23, 2009, and by the Boston Globe, Nov. 29, and the Associated Press, Dec. 20), there was a December 31 deadline for automatic declassification of historical records that required referral to more than one agency, and this deadline created some urgency for completion of the new Executive Order, which superseded it.

But even if the deadline had come into effect, officials told Secrecy News, the affected pages would still not have been released to the public.  They said this was so for several reasons.

First, no one knows where those pages are.  There are perhaps as many as 100 million pages (not 400 million) that have been referred from one agency to another for declassification review, but they are not systematically tracked and so they could not be systematically released.

Second, Congress has effectively barred bulk declassification and disclosure by means of the 1999 Kyl-Lott Amendment, which required the painstaking review or certification of all declassified records to ensure that they do not contain any inadvertently released nuclear weapons-related information.  (If Congress wanted to facilitate declassification of historical records, repeal of the Kyl-Lott Amendment would be a good place to start.)

Third, the National Archives lacks the capacity to process large volumes of declassified records for public release.  Even if fully declassified, the affected records would take years to process for disclosure to the public.

In short, the declassification program is seriously messed up, and it has been for many years.  The new National Declassification Center may help to straighten it out.  Significantly, the President ordered that the present backlog of 400 million pages shall not only be declassified over the next four years but also “shall be addressed in a manner that will permit public access to all declassified records.”

To make good on this commitment, the Obama Administration is said to be considering a significant increase in its request for declassification funding for FY 2011.

A five-month long investigation by the Government Accountability Office determined that the inadvertent publication of a 267 page document describing U.S. civilian nuclear research facilities caused no damage to national security and did not require any remedial security measures at the cited facilities.  Yet surprisingly, even though its publication had no adverse consequences at all, GAO endorsed the claim that the document was “sensitive” and recommended that rigorous new procedures be adopted to prevent public disclosure of such information in the future.

See “Managing Sensitive Information: Actions Needed to Prevent Unintended Public Disclosures of U.S. Nuclear Sites and Activities,” Government Accountability Office report GAO-10-251, December 2009.

The inadvertently disclosed document, a draft U.S. government declaration to the International Atomic Energy Agency (IAEA), was transmitted from the White House to Congress in May 2009.  Though it was identified in a cover letter as “sensitive but unclassified,” it was forwarded to the Government Printing Office for publication and was incorporated in an online GPO document database.  Secrecy News identified the document and republished it on June 1.  The New York Times, the Washington Post and other publications reported on it on June 3.  Concluding that a mistake had been made, the GPO removed the document from its public database and recalled the hardcopy editions.  But by that time, tens of thousands of copies had been downloaded around the world.  Speaker of the House Nancy Pelosi asked the GAO to investigate who was at fault, and what damage had been done.

Almost everyone involved was at fault, the GAO concluded.  But what is more remarkable is that the disclosure of the ostensibly “sensitive” document was found to have caused no damage to security at all.

GAO said that the agencies that prepared the unclassified compilation had carefully reviewed it prior to transmitting to Congress “to ensure that information of direct national security significance was not included.”  In cases where site-specific details were described in the draft declaration, such information “was publicly available on agency Web sites or other publicly available documents.”  Department of Energy officials told GAO that “no information detrimental to national security was included in the document.”

After the unintended disclosure of the draft declaration occurred, agencies once again reviewed facility security in light of the document’s public availability.  “Based on these assessments, DOE officials told us they did not increase security at any site,” the GAO said.  Operators of an NRC facility likewise “determined the procedures they had in place were sufficient, even with the release of the draft declaration.”

Unfortunately, instead of critically questioning the “sensitivity” of such a demonstrably innocuous document, the GAO report took for granted that it should never have been published.  Worse, GAO proposed strict new procedures to limit any future disclosures of this kind.

But if a document produces no detrimental effects when disclosed, then it is not sensitive in any meaningful sense of the word.  More rigorous procedures are needed to prevent the unnecessary protection of such material, not to enforce it.  Having missed that central point, the GAO report represents a lost opportunity to advance a more sensible information security policy.

*     *     *

The public disclosure of the draft declaration generated an unusual volume of confusion and misinformation.

“It is probably not that dangerous,” said David Albright of the Institute for Science and International Security in the Washington Post (6/3/09), “but it is a violation of the law.”  But that is not correct.  There is no law prohibiting disclosure of the information in the draft declaration, and so there was no violation of the law.

The document is “a one-stop shop for information on U.S. nuclear programs,” I found myself saying in the New York Times (6/3/09).  Besides being glib, that wasn’t correct either.  The draft declaration dealt only with civilian research programs and excluded U.S. military nuclear programs.

Sen. Christopher Bond (R-MO) said it was all FAS’s fault.  “There’s a group called the Federation of American Scientists – a far Left-wing fringe group that wants to disclose all our vulnerabilities,” he explained to reporters.  “I don’t know what their motives are but I think they are very dangerous to our security.” (“Senator Bond concerned by online posting of civilian nuke sites” by Steve Walsh, Missouri News, June 3, 2009.)

In fact, it is now clear from the GAO investigation that no vulnerabilities were disclosed, no damage to security resulted, and no corrective security measures were required.

*     *     *

Although the International Atomic Energy Agency said in response to an inquiry from FAS that it had no objection to publication of the draft declaration (a fact not noted by the GAO), officials from several U.S. agencies months later remained adamantly opposed to continued public access to the document.

At an August meeting at the State Department, an NRC official told FAS’s Ivan Oelrich and me that the document contained information on the uranium enrichment capacity of certain U.S. companies, the disclosure of which could somehow put them at a commercial disadvantage with foreign uranium producers.  But there are no known indications that anything like that has come to pass.

Another official with the rank of Ambassador made the astonishing claim that if other countries saw just how cursory the U.S.’s reporting of its nuclear activities was, they would soon reduce their own cooperation with the IAEA to a similar, minimal level.

A senior State Department official therefore urged FAS to remove the draft declaration from our website.  The official acknowledged that the document had already been widely disseminated internationally, that it was still posted on several other websites, and that removing it from the FAS website would not make any practical difference of any kind.  But the official courteously requested that we do so, as a “favor.”  We agreed.

Some day, and that day may never come, we will call upon the State Department to do a favor for us.

A new draft executive order on national security classification and declassification policy is expected to be presented to President Obama this week for his personal resolution of issues which remain in dispute among policymakers and affected agencies, especially intelligence agencies.

This marks the first time since the first Bush Administration, nearly two decades ago, that a President has needed to make a final determination on the contents of an executive order because staffers and agencies were unable to reach a consensus view. (Correction: There is a more recent precedent for such presidential involvement. According to Morton Halperin, President Clinton was presented with a “split memo” in 1995 on the question of whether to include a public interest balancing test for declassification in executive order 12958. President Clinton decided against it.)

The currently disputed issues are believed to include the composition of the Interagency Security Classification Appeals Panel, including whether it should include representatives of ODNI or CIA or both, and whether the intelligence agencies should continue to have the veto over Panel declassification decisions that was granted by the George W. Bush Administration.

The final order, which is likely to be issued before the end of December, is expected among other things to direct agencies to conduct a Fundamental Classification Guidance Review in order to eliminate obsolete classification requirements, and to establish a National Declassification Center to coordinate and expedite declassification of historical records, as described in a previous draft dated August 4, 2009.

See “Obama Plan Could Limit Records Hidden From Public” by Pete Yost, Associated Press, December 20, 2009.

The U.S. State Department’s official Foreign Relations of the United States (FRUS) series had another disappointing year in 2009 with only two softcopy volumes published to date, including one released last week on “Global Issues, 1973-1976.”

The FRUS series is supposed to provide “comprehensive documentation of the major foreign policy decisions and actions of the United States Government” and it must must be “thorough, accurate, and reliable.”  As such, it is a potentially vital tool for advancing declassification of significant historical records and assuring government accountability, at least over the long run.

Publication of FRUS is not optional.  By statute, “The Secretary of State shall ensure that the FRUS series shall be published not more than 30 years after the events recorded.”  But that 30 year goal, which has rarely if ever been met, is now receding further and further from realization, leaving the Secretary of State in violation of the law.

State Department spokesman Ian C. Kelly did not respond to a request for comment on the Department’s continuing violation of the law on FRUS publication.

But William B. McAllister, the Acting General Editor of FRUS, expressed a hopeful view of the future despite recent turmoil, which included the last-minute withdrawal of person who was to become the new FRUS General Editor.  He said that a third FRUS volume on “Foreign Economic Policy, 1973-1976” would appear before the end of the year, and at least one other in January 2010.

Likewise, Dr. Robert McMahon, who chairs the State Department’s Historical Advisory Committee, said “We continue to be optimistic about publication prospects for FRUS volumes in the near future despite the disappointing number of volumes that came out this year.  There are four Vietnam volumes alone that should be published in 2010.”

“We anticipate being able to fill all [employment] vacancies in 2010, many of them rather early in the year,” Dr. McAllister wrote in an email message. “The Office of the Historian is … well on its way to resolving the multiple infrastructure, document handling, and archival access issues that impact FRUS production…. The Office of the Historian has launched several initiatives to address systemic impediments that slow the declassification process.”  And over time, “we anticipate returning to a more typical production cycle.”  But a typical production cycle has never yet meant regular compliance with the mandatory 30 year FRUS publication requirement.

The latest FRUS volume on “Global Issues, 1973-1976” has a number of interesting features and a few peculiarities. Oddly, all of the documents were marked as declassified in December 2008, so this collection was apparently ready for publication online a year ago.  And unlike other contemporaneous FRUS volumes, audio tapes are not listed as a source and were apparently not used in the collection.  No explanation for this omission was offered.

Among the noteworthy records in the collection is a 1976 intelligence assessment (pdf) of the likelihood of terrorist acquisition of nuclear weapons, which is deemed “unlikely” in the following year or two.  In most respects, the assessment is no longer current or relevant, but it still includes some remarkable observations.  Thus, it notes that “The locations of most U.S. [nuclear weapons] storage sites abroad are locally known and could be ascertained by any terrorist group with a moderately good intelligence potential.  Detailed intelligence about the site could be fairly readily acquired in many cases….”  Despite this apparent fact, which is even more likely to be true today, the Department of Defense still insists that such information is classified.  By doing so, it disrupts routine declassification activities, forcing reviewers to search for and remove non-sensitive but technically classified information.

See “The Likelihood of the Acquisition of Nuclear Weapons by Foreign Terrorist Groups for Use Against the United States,” United States Intelligence Board, Interagency Intelligence Memorandum, 8 January 1976.

Another 1976 document on Naming the Space Shuttle sought President Ford’s approval of a request from hundreds of thousands of “Star Trek” fans that the first NASA space shuttle be named “Enterprise.”  Most of the White House staff, including Brent Scowcroft and others, concurred.  But presidential counselor Robert T. Hartmann contended that Enterprise is “an especially hallowed Naval name… I think the Navy should keep it.”  Presidential counselor John O. Marsh approved the choice of the name, but said he was “not enthusiastic about the [Star Trek] rationale for the selection,” which he disdained as “appealing to a TV fad.”  President Ford initialed his approval of the proposal.

As it turns out, it seems that the Star Trek “fad” is going to outlast the space shuttle itself.

An Israeli-American attorney who worked for the FBI as a translator pled guilty yesterday to unlawfully disclosing five classified FBI documents to an unidentified blogger last April, who then published information from the documents on his blog, the Justice Department announced.

In a signed plea agreement, Shamai Leibowitz stipulated that he had “knowingly and willfully caused five documents, which were classified at the Secret level and contained classified information concerning the communication intelligence activities of the United States, to be communicated… to a person not entitled to receive classified information (‘Recipient A’).  Recipient A was the host of a public web log (‘blog’) available to anyone with access to the Internet.”

“Recipient A then published on the blog information derived from the classified documents provided to Recipient A by Leibowitz.  As a result of these disclosures, intelligence sources and methods related to these documents were compromised,” the plea agreement said.

Recipient A was not named, and has evidently not been charged with any misconduct.  Leibowitz was charged under 18 U.S.C. 798, which prohibits unauthorized disclosure of communications intelligence information.

“The willful disclosure of classified information to those not entitled to receive it is a serious crime,” said David Kris, Assistant Attorney General for National Security. “Today’s guilty plea should serve as a warning to anyone in government who would consider compromising our nation’s secrets.”

Prosecutors credited Mr. Leibowitz for his “apparent prompt recognition and affirmative acceptance of personal responsibility for his criminal conduct” as well as his “timely notification of his intention to plead guilty.” Based on those and other factors, they proposed a sentence of 20 months imprisonment.

Though it has no bearing on the case, Mr. Leibowitz happens to be the grandson of Yeshayahu Leibowitz (1903-1994), a renowned Israeli scientist, orthodox Jewish philosopher, polemicist and political activist.

The case was first reported in “Israeli lawyer & peacenik guilty of leaking FBI secrets” by Josh Gerstein in Politico, December 17.  Laura Rozen, also writing in Politico, provided additional background and proposed speculatively that Leibowitz’s disclosures were behind an April 16, 2009 story in the New York Times on NSA’s “overcollection” of domestic intelligence.

After a Transportation Security Administration (TSA) manual containing “sensitive security information” was inadvertently disclosed on a government website, it was reposted on several non-governmental websites where it remains freely available.  Asked what TSA intends to do about that, Acting TSA Administrator Gale D. Rossides told Congress that her agency does not have the legal authority to compel members of the public to remove sensitive TSA documents from their websites, though she wished that they would do so.

“Do the current regulations provide you a mechanism to keep individuals from reposting this information on other web sites?” asked Rep. Charles W. Dent (R-PA), at a December 16 hearing of the House Homeland Security Subcommittee on Transportation Security.

“No, sir, they do not,” Ms. Rossides replied.  “We do not have any authority to ask non-government or non-DHS sites to take it down.”

“What action does TSA intend to take against those who are reposting this sensitive document that should not be in the public domain?” Rep. Dent persisted.

“Well, right now, there really isn’t any authoritative action we can take,” Ms. Rossides said.  “Honestly, persons that have posted it, I would, you know, hope that out of their patriotic sense of duty to, you know, their fellow countrymen, they would take it down.  But honestly, I have no authority to direct them and order them to take it down.”

But Rep. Dent expressed his own indignation at the web sites that ignored the official control markings on the TSA manual.  “To those who reposted this security information on the internet, you should share in the blame should security be breached as a result of this disclosure,” he said.

But the urgency of the need to restrict continued access to the leaked TSA manual seemed diminished by Ms. Rossides’ declared view that aviation security has not “been compromised or weakened because of this incident.”  Furthermore, she said, that manual was now obsolete because “very significant changes” have been made to airline security policy since the manual was issued.

Ms. Rossides added that in order to prevent further inadvertent disclosures of the newest security measures, she was refusing to provide a hardcopy of the latest edition of the TSA security manual to Congress.  “I just wanted to take the absolute measures to protect that information, and that’s why a hardcopy wouldn’t be presented,” she said.

Rep. Dent objected to this.  “By refusing to give a document to this committee because of concern about a public disclosure, that’s implying that this subcommittee would disclose the document.  And that’s what, I guess, troubles me the most.” He said he would press the issue.

Subcommittee chair Rep. Sheila Jackson-Lee (D-TX) said she would introduce legislation to bar contractors from access to “sensitive security information,” since contractors apparently were at fault in the inadvertent disclosure of the security manual.  “It’ll be my legislative initiative to insist that contract employees not be used to handle sensitive security information, period,” she said.

Rep. James Himes (D-CT) asked whether TSA was examining who had downloaded the security manual.

“I believe that is part of what [the TSA Inspector General] is looking at,” Ms. Rossides said.  “We do know — our CIO shop has done an initial review of who did download it and has it on their website — non-government, non-DHS websites.  We do know that.”

A Taliban video distributed last month documented the purported seizure of an abandoned U.S. military base by Taliban forces in a remote province of Afghanistan.  The 7-minute video was analyzed in a recent report (pdf) from the DNI Open Source Center.

The video “glorifies the Taliban victory by highlighting the group’s triumphant entry into the ‘captured base,’ the symbolic burning of an American flag, and the [local Taliban governor] touring the area.”  A copy of the OSC report, obtained by Secrecy News, may be found here.

The OSC report was discussed by Bill Gertz of the Washington Times in his Inside the Ring column today (the second item).  Other aspects of the video were previously reported in Wired’s Danger Room and Al-Jazeera.

The government should replace the more than 100 different control markings that are now used to limit the distribution of sensitive but unclassified (SBU) information and should establish a single “controlled unclassified information” (CUI) policy for all such information in government, according to an interagency task force report (pdf) that was released by the Obama Administration today.

“The Task Force concluded that Executive Branch performance suffers immensely from interagency inconsistency in SBU policies, frequent uncertainty in interagency settings as to exactly what policies apply to given SBU information, and the inconsistent application of similar policies across agencies,” the report said.  “Additionally, the absence of effective training, oversight, and accountability at many agencies results in a tendency to over-protect information, greatly diminishing government transparency.”

The Task Force said that their proposal for a single “controlled unclassified information” (CUI) regime would not only facilitate information sharing among federal, state and local government agencies, it would also increase transparency and enhance public access to government information.

“Because of its uniformity, standardized training requirements, and the public availability of the registry [indicating what categories of information are controlled], the expanded scope of the CUI Framework can be expected to significantly increase the openness and transparency of government….”

Not only that, “It is foreseeable, based on the revised definition and scope of CUI recommended herein, that some information currently treated as ‘sensitive’ may be found not to warrant CUI designation.”

The Task Force presented 40 recommendations to the President on implementing the proposed CUI policy that could serve as the basis for an executive order on the subject.  It builds upon, and would expand the scope of, the CUI Framework that was established in a May 2008 memorandum issued by President Bush, which dealt with the control and sharing of terrorism-related information.  See the Report and Recommendations of the Presidential Task Force on Controlled Unclassified Information, transmitted August 25, 2009 and released December 15, 2009.

The Task Force proposal is an admirable effort to bring order to a chaotic information environment.  But it has some rough edges, and some unresolved internal contradictions.

The proposed definition of CUI seems disturbingly lax:  “All unclassified information for which, pursuant to statute, regulation, or departmental or agency policy, there is a compelling requirement for safeguarding and/or dissemination controls” (p.11).  Putting “departmental or agency policy” on a par with statutes or regulations could potentially open the door to all kinds of arbitrary or improvised controls on information.

More fundamentally, it is hard to see how the Task Force proposal could achieve its central goal of eliminating all non-CUI controls on unclassified information.  The Task Force report itself states (in Recommendation 20) that “decontrol of CUI” does not by itself authorize public disclosure; it only means removal from the CUI Framework.  But if information that has been removed from the CUI Framework does not necessarily have to be disclosed, this means that decontrolled information can still be controlled!

The report properly takes pains to distinguish information control under the CUI regime from the statutory disclosure requirements of the Freedom of Information Act, which cannot be altered by executive fiat.  “At no time, pre- or post-control, is a CUI marking itself determinative of whether it may be released,” the report stated (p. 21).  But this implies, oddly, that information marked as CUI may sometimes be released, while information that is no longer CUI may sometimes be withheld.  And if it is withheld, one must also expect it to be marked with a (non-CUI) control marking.

In short, the CUI concept still has some wrinkles that remain to be ironed out.

The Task Force recommended a ten-year life cycle for CUI that is not otherwise subject to defined disclosure deadlines.  It recommended a baseline assessment of the volume of current SBU activity, but this is probably unachievable or at least not worth the effort involved.  Staffing and resources for the “Executive Agent” that manages the whole enterprise are uncertain, but are likely to be crucial or even decisive in the success of the proposed policy.  An appendix to the Task Force report listed 117 different markings currently in use to protect SBU information (described as “a partial listing”).

The Task Force proposal is “a good foundation,” said one senior Administration official.  But before the subject is addressed in an executive order, the final policy “needs to be more forward-leaning,” he said.

Meanwhile, the Department of Defense, the intelligence agencies, and the Department of Homeland Security have already indicated that they plan to use the CUI Framework for all of their sensitive unclassified information, another official said.

Noteworthy new congressional reports and hearing volumes include the following:

“Report on Whistleblower Protection Enhancement Act of 2009,” Senate Homeland Security and Governmental Affairs Committee, Report No. 111-101, December 3, 2009.

“Report on the USA PATRIOT Act Sunset Extension Act of 2009,” Senate Judiciary Committee report 111-92, October 28, 2009.

“National Industrial Security Program: Addressing the Implications of Globalization and Foreign Ownership for the Defense Industrial Base” (pdf), House Armed Services Committee, April 16, 2008 (published November 2009).

“Upholding the Principle of Habeas Corpus for Detainees” (large pdf), House Armed Services Committee, July 26, 2007 (published November 2009).