Tackling Sensitive But Unclassified Information

The proliferation of new restrictions on the disclosure of information that is designated “sensitive but unclassified” (SBU) has been the subject of much churning within the national security policy apparatus this year.

Last December, President Bush ordered the development of recommendations to standardize procedures for marking information as SBU. By some counts, there are more than one hundred different SBU-type categories used in executive branch agencies.

“The growing and non-standardized inventory of SBU designations and markings is a serious impediment to information sharing among agencies, between levels of government, and, as appropriate, with the private sector,” according to a recent report to Congress.

The recommendations to reduce and standardize this hypertrophied tangle of restrictions were due last July. But the initial submission was deemed unsatisfactory and an interagency working group was sent back to the drawing board with a new deadline of January 2007.

The latest official word on the subject is contained in Chapter 10 of the “Information Sharing Environment Implementation Plan” (pdf), published by the Office of the Director of National Intelligence, November 2006.

Extensive background on the challenges posed by SBU and the options for dealing with it can be found in a newly updated report on the subject from the Congressional Research Service. See “Sensitive But Unclassified Information and Other Controls: Policy and Options for Scientific and Technical Information” (pdf), updated November 14, 2006.

A focused look at the handling and mishandling of SBU information within the Department of Justice was provided by the Government Accountability Office in a new report last week. See “Managing Sensitive Information: DOJ Needs a More Complete Staffing Strategy for Managing Classified Information and a Set of Internal Controls for Other Sensitive Information” (pdf), [GAO-07-83], October 2006.