Pentagon Tackles Controls on Unclassified Information

In a small step that could nevertheless have far-reaching consequences for government information policy, the Department of Defense is preparing to eliminate various markings such as “For Official Use Only” and “Limited Distribution” that regulate disclosure of unclassified documents and will replace them with a new standardized marking.

The DoD move (pdf) anticipates near-term Presidential approval of a new government-wide policy on so-called Sensitive But Unclassified information that would streamline and rationalize controls on unclassified information. It could also potentially lead to the public release of a vast amount of currently controlled information.

President Bush called for development of the new policy in a December 16, 2005 memorandum intended to promote information sharing.

In response to the Presidential memorandum, officials soon discovered that “there are at least 107 unique markings” for unclassified information “and more than 131 different labeling or handling processes,” according to testimony (pdf) last April by Amb. Thomas E. McNamara, Program Manager of the ODNI Information Sharing Environment.

In some cases the very same markings are used to refer to different control systems, Mr. McNamara explained. Thus, SSI usually means “Sensitive Security Information,” but sometimes it stands for “Source Selection Information.” Likewise, some agencies use ECI to designate “Export Controlled Information,” while others use it to mean “Enforcement Confidential Information,” each of which entail “very different safeguarding and dissemination controls.”

In short, the handling of unclassified information within government has become chaotic and counterproductive.

More than two years after the President’s directive, a new policy that replaces many of the existing information control categories with a new “Controlled Unclassified Information” (CUI) category is said to be close to final approval.

Last month, the Department of Defense established a CUI Task Force to oversee implementation of the impending new policy, according to a memo (pdf) from the DoD Deputy Chief Information Officer.

“The new policy will replace all of the markings currently used for CUI within DoD (e.g. FOUO, FOUO-LES, LIMITED DISTRIBUTION) with [the] new standardized marking,” the memo stated. “We anticipate White House approval of the new policy shortly.”

The DoD memo was first reported this week by Sebastian Sprenger in InsideDefense.com.

See “Transition to New Markings for Controlled Unclassified Information (CUI),” memorandum from David M. Wennergren, December 28, 2007.

At a minimum, the new policy should facilitate information sharing within the government. But it might possibly do much more than that.

While many existing control categories are expected to merely be consolidated and replaced by the new, uniform CUI marking, other controls may be eliminated outright, according to Amb. McNamara, the Information Sharing Environment Program Manager.

“The great majority of the information which is now controlled can be put in a simple unclassified, uncontrolled category, it seems to me,” he told Congress in 2006 (pdf).

If controls on “the great majority” of unclassified but restricted information are truly going to be removed, that would imply an unprecedented avalanche of disclosure of controlled government records. The recent DoD memo contains no hint of such an outcome.

Yet “that is the system that we are trying to put together,” Amb. McNamara said, “a rational limited set of categories that… can be applied to controllable information, but leave most of it as fully unclassified.”

See “Building the Information Sharing Environment,” hearing before the House Homeland Security Committee, May 10, 2006 (at p. 17).