Better Oversight Due on Unclassified Control Markings
The use of access control markings such as the Transportation Security Agency’s “Sensitive Security Information” (SSI) to limit disclosure of unclassified records has been criticized from time to time as arbitrary and self-serving. But now, due to a subtle change in the recent executive order on “Controlled Unclassified Information,” SSI and other such markings should receive new oversight and scrutiny.
In a preliminary draft (pdf) of the new executive order 13556 on Controlled Unclassified Information (at section 1.3b), four existing control markings were “grandfathered” into the new CUI system — Sensitive Security Information, Critical Infrastructure Information, Chemical Vulnerability Information, and Safeguards Information. This means that they were presumptively approved for future use without any further review.
But in the final draft of the executive order approved by the President on November 4, that provision and those presumptive approvals were withdrawn. Consequently, SSI and the other control markings will have to go through the same external review and approval process as other controls on unclassified information in order to qualify as CUI.
SSI and several other unclassified control categories are authorized in statute, so they cannot be categorically eliminated or disapproved by the CUI Executive Agent. But what the CUI review process can do is to help ensure that what agencies claim is SSI really does fall into that category.
This became a live issue recently when the Transportation Security Administration moved to seal a lawsuit brought by a former TSA air marshal by claiming that the names of officials who disciplined and removed the air marshal are themselves SSI. To outside observers, this appeared to be an abuse of the SSI control marking to gain tactical advantage in the lawsuit. See “Why Is the TSA Keeping Air Marshal Employment Disputes Under a Veil of Secrecy?” by Nick Schwellenbach, Project on Government Oversight (POGO), November 2, 2010.
Eliminating the a priori approval of SSI markings from the CUI system should mean more scrupulous use of such markings, according to a government official involved in drafting the new executive order. “Treating them as any other allows oversight…to at least try to avoid the sort of alleged absurd decisions highlighted by POGO,” the official said.
To secure the U.S. bio-infrastructure, maintain global leadership in biotechnology, and safeguard American citizens from emerging threats to their privacy, the federal government must modernize its approach to human genetic and biological data.
To ensure an energy transition that brings broad based economic development, participation, and direct benefits to communities, we need federal policy that helps shape markets. Unfortunately, there is a large gap in understanding of how to leverage federal policy making to support access to capital and credit.
From use to testing to deployment, the scaffolding for responsible integration of AI into high-risk use cases is just not there.
OPM’s new HR 2.0 initiative is entering hostile terrain. Those who have followed federal HR modernization for years desperately want this effort to succeed.