Agencies Pursue Standardized Policy for “Sensitive” Info
An interagency report on proposals to streamline controls on so-called “sensitive but unclassified” (SBU) information is due to be presented to the White House this month.
Efforts to promote information sharing among government agencies and others involved in homeland security have been stymied by the growing use of over sixty different types of access controls on unclassified information, such as For Official Use Only, Law Enforcement Sensitive, Limited Official Use, and many more. Such controls are often poorly defined and mutually incompatible.
Last December 16, the White House initiated an ongoing review that began with preparation of an inventory of all of the various SBU access controls used in the federal government, which was completed in March. The next step was to formulate recommendations for standardizing SBU policies related to terrorism, homeland security and law enforcement, which are now due.
See Guideline 3, “Standardize Procedures for Sensitive But Unclassified Information,” in the December 16 White House memo.
As of last week, a report to the President on those recommendations was awaiting the signatures of the Attorney General and the Secretary of Homeland Security.
The pending report sets forth principles upon which SBU policy should be based, but stops short of the crucial task of defining exactly how those principles ought to be implemented, government officials said.
One of those principles is that each type of control on unclassified information should have a uniform, public and government-wide definition so that it is employed the same way by all agencies. That is not the case today.
The proposed principles include provisions for oversight of how SBU controls are used, officials told Secrecy News.
They also include a proposed moratorium on the creation of new SBU categories.
The new report to the President has not been released. But a 2005 report prepared for the Department of Homeland Security provides one detailed perspective on the complexity of the information sharing problem and some options for addressing it.
See “Information Sharing and Collaboration Business Plan,” Institute for Defense Analyses, June 2005 (205 pages, 1.5 MB PDF).
With thoughtful policy action, it is still possible to build systems that are fair, transparent, and accountable, and to earn the public trust that will ultimately determine AI’s future. We hope policymakers are ready to act.
Procurement is not merely an administrative function—it is how AI enters government and the first line of defense for responsible AI in the public sector.
Responsible AI starts with who is in the data, who is at the table, whose needs shape the outcome, and who is responsible when it falls short.
There is no question this is a Big Deal. If you are a university or research lab, or aspire to work in one, or are simply an enthusiast of federally-funded research, what’s next will matter.