ISOO Spurs Agencies to Perform Classification Review
In a focused effort to combat overclassification, President Obama has ordered executive branch agencies to conduct a “Fundamental Classification Guidance Review.” The two year Review process, mandated in the December 2009 executive order 13526 (sect. 1.9) is intended to identify and eliminate obsolete classification requirements in current agency policies.
Last week, the Information Security Oversight Office (ISOO) told selected senior agency officials that the Review is more than a formality, and that they must make a serious commitment to its implementation.
“The scope of this review needs to be systematic, comprehensive, and conducted with thoughtful scrutiny involving detailed data analysis,” wrote ISOO director William J. Bosanko in a memorandum (pdf) dated January 27.
Merely rubber-stamping the status quo is not going to be enough, he explained to the senior agency officials.
“Please be advised that a review conducted only by the pertinent original classification authority is not sufficient.” Instead, “the broadest possible range of perspectives” shall be brought to bear on reviewing agency classification guidance.
Moreover, the resulting recommendations for eliminating obsolete classification guidance should be clear and actionable.
“Agencies should be specific in their determinations as to what no longer requires protection,” Mr. Bosanko wrote. “An example would be a specific part of a weapon system versus the weapon system as a whole. The user of the guide must be able to identify the specific element of information that does or does not require protection.”
Interim status reports on agency progress are to be provided every six months, Mr. Bosanko advised.
The present Fundamental Classification Guidance Review is loosely modeled on the Fundamental Classification Policy Review that was performed by the Department of Energy in the mid-1990s. That Review led to the declassification by DOE of numerous areas of classified information that had ceased to be sensitive (as well as increased protection for a smaller number of other areas deemed highly sensitive).
Until now, a similar approach has never been tried on a government-wide basis. If diligently implemented, it holds the promise of a measurable reduction in the scope of national security secrecy. On the other hand, if it does not produce meaningful results, then the prospects for classification reform will become vanishingly small.
These ideas aim to advance the detailed policy solutions needed to foster public trust and implement fairness in the adoption of AI across diverse domains, from healthcare and government benefits to rural access, education, and worker protections.
The evidence is clear: algorithmic pay-setting is established in app-based work, and payroll/timekeeping failures show how software can produce systemic wage harm at scale
While a few states have taken steps to implement decision-making mechanisms for certain AI systems, too many leaders are simply accepting narratives about AI’s purported public benefit at face value – jumping to the “how” of AI implementation before thoroughly vetting potential systems and deciding whether they are appropriate to use at all.
When properly structured — with specific numeric targets, secured financial obligations, independent monitoring, and meaningful enforcement — CBAs transform data center deals into durable community partnerships.