Better Oversight Due on Unclassified Control Markings
The use of access control markings such as the Transportation Security Agency’s “Sensitive Security Information” (SSI) to limit disclosure of unclassified records has been criticized from time to time as arbitrary and self-serving. But now, due to a subtle change in the recent executive order on “Controlled Unclassified Information,” SSI and other such markings should receive new oversight and scrutiny.
In a preliminary draft (pdf) of the new executive order 13556 on Controlled Unclassified Information (at section 1.3b), four existing control markings were “grandfathered” into the new CUI system — Sensitive Security Information, Critical Infrastructure Information, Chemical Vulnerability Information, and Safeguards Information. This means that they were presumptively approved for future use without any further review.
But in the final draft of the executive order approved by the President on November 4, that provision and those presumptive approvals were withdrawn. Consequently, SSI and the other control markings will have to go through the same external review and approval process as other controls on unclassified information in order to qualify as CUI.
SSI and several other unclassified control categories are authorized in statute, so they cannot be categorically eliminated or disapproved by the CUI Executive Agent. But what the CUI review process can do is to help ensure that what agencies claim is SSI really does fall into that category.
This became a live issue recently when the Transportation Security Administration moved to seal a lawsuit brought by a former TSA air marshal by claiming that the names of officials who disciplined and removed the air marshal are themselves SSI. To outside observers, this appeared to be an abuse of the SSI control marking to gain tactical advantage in the lawsuit. See “Why Is the TSA Keeping Air Marshal Employment Disputes Under a Veil of Secrecy?” by Nick Schwellenbach, Project on Government Oversight (POGO), November 2, 2010.
Eliminating the a priori approval of SSI markings from the CUI system should mean more scrupulous use of such markings, according to a government official involved in drafting the new executive order. “Treating them as any other allows oversight…to at least try to avoid the sort of alleged absurd decisions highlighted by POGO,” the official said.
These ideas aim to advance the detailed policy solutions needed to foster public trust and implement fairness in the adoption of AI across diverse domains, from healthcare and government benefits to rural access, education, and worker protections.
The evidence is clear: algorithmic pay-setting is established in app-based work, and payroll/timekeeping failures show how software can produce systemic wage harm at scale
While a few states have taken steps to implement decision-making mechanisms for certain AI systems, too many leaders are simply accepting narratives about AI’s purported public benefit at face value – jumping to the “how” of AI implementation before thoroughly vetting potential systems and deciding whether they are appropriate to use at all.
When properly structured — with specific numeric targets, secured financial obligations, independent monitoring, and meaningful enforcement — CBAs transform data center deals into durable community partnerships.