from the FAS Project on Government Secrecy
Volume 2008, Issue No. 51
May 28, 2008

Secrecy News Blog:

Support Secrecy News:


Government press releases could be temporarily marked as "controlled unclassified information" to protect them from premature disclosure, according to an official Background paper on the new White House information security policy.

Controlled unclassified information, or CUI, refers to information that does not meet the standards for classification but that is considered too sensitive for unrestricted public disclosure. The new CUI policy was issued by President Bush on May 7.

While the precise definitions of CUI and the implementing policy directives remain to be written, there are indications that CUI could end up as a catch-all category for information that agencies wish to withhold.

Thus, "embargoed press releases" could be designated as CUI for at least a few hours, according to the newly released Background paper (at page 5, paragraph 8).

What if a member of the public wants to obtain information that some agency has marked as CUI? Well, he should file a Freedom of Information Act request, the Background paper says.

"The FOIA process will provide a straightforward way for anyone to seek public release of CUI and ensure that all CUI for which there is a demand will be carefully reviewed for release." (at page 6).

But anyone who has filed a FOIA request knows that the FOIA process is not quite straightforward, nor does it produce a timely result.

The Background paper thus affirms a view that information deemed "sensitive" shall be presumptively withheld, and any exceptions shall be handled through the FOIA process.

In truth, this policy of presumptive withholding is pretty much how the Bush Administration currently operates. And it makes no tangible difference if agencies use 100 different terms for "sensitive" or replace them all with one term, "controlled unclassified information."

But informal, discretionary disclosure was far more common in previous Administrations, and it could be once again in some future Administration. Institutionalizing presumptive withholding in a government-wide CUI policy could make it harder to overcome current secrecy practices when the opportunity to do so presents itself.

On the other hand, Allen Weinstein, the head of the National Archives (NARA), told agencies in a May 21 memorandum that CUI would be narrowly construed.

"NARA, as the Executive Agent and consistent with the President's direction, will ensure that only that information which truly requires the protections afforded by the President's memorandum be introduced into the CUI Framework," he wrote.

This implies that at least some information that is currently withheld as sensitive might not qualify for the new CUI marking. But if so, the criteria for excluding any existing sensitive information from the CUI category have not been identified.

William J. Bosanko, the Director of the CUI Office, told public interest groups at a May 27 meeting that he was committed to an open and accountable CUI policy process.

Various resources on CUI and sensitive information policy are available here:


Instead of new forms of secrecy, new mechanisms for actively informing the public about threats to homeland security are needed, said Stephen E. Flynn of the Council on Foreign Relations at a May 15 hearing of a House Homeland Security subcommittee.

"The targets of choice for current and future terrorists will be civilians and infrastructure," he said. "Safeguarding those targets can only be accomplished with an informed, inspired and mobilized public. The first preventers and the first responders are far more likely to be civilians and local officials, not soldiers or federal law enforcement officers."

On September 11, 2001, Mr. Flynn recalled, the only hijacked aircraft that was prevented from reaching its target was stopped not by security professionals with Top Secret clearances but "by one thing alone: an alert and heroic citizenry."

Yet "overwhelmingly, the national defense and federal law enforcement community have chosen secrecy over openness when it comes to providing the general public with details about the nature of the terrorist threat and the actions required to mitigate and respond to that risk."

"The discounting of the public can be traced to a culture of secrecy and paternalism" that is rooted in the Cold War, when the Soviet threat dictated adoption of a highly compartmented security regime. "Despite the passage of nearly two decades since the fall of the Berlin Wall, this secretive system remains almost entirely intact."

"What is required is a truly collaborative approach which engages civil society and taps extensive private-sector capabilities and ingenuity for managing risk and coping with disasters. A critical barrier to advancing collaboration," Mr. Flynn said, "is excessive secrecy throughout the federal government reinforced by a reflexive tendency to classify material or to designate it as 'For Official Use Only' or 'Treat as Classified'."

A copy of his May 15 testimony before the House Homeland Security Subcommittee on National Security is available here:

Stephen Flynn, a former Coast Guard officer, addressed related issues in the March/April 2008 issue of Foreign Affairs and at greater length in a 2007 book "The Edge of Disaster: Rebuilding a Resilient Nation."

While such views are congenial to proponents of open government, they stop short of answering all of the questions that a responsible policy maker (let alone a classification officer) would feel obliged to ask. Under exactly what conditions does public disclosure of infrastructure vulnerabilities promote security rather than diminish it? As a practical matter, how does one distinguish between those types of information, such as personal privacy or confidential source data, that everyone agrees should be protected and threat information that an engaged public needs to know?

There may not be simple answers to such questions. But by framing the issue in a way that takes public information needs into account, Mr. Flynn and others are helping to redefine the terms of the debate.


Secrecy News is written by Steven Aftergood and published by the Federation of American Scientists.

The Secrecy News blog is at:

To SUBSCRIBE to Secrecy News, go to:


OR email your request to

Secrecy News is archived at:

SUPPORT Secrecy News with a donation here: