SECRECY NEWS
from the FAS Project on Government Secrecy
Volume 2015, Issue No. 33
May 11, 2015Secrecy News Blog: http://fas.org/blogs/secrecy/
- "CONTROLLED UNCLASSIFIED INFORMATION" IS COMING
- THE FUTURE OF INTERNET GOVERNANCE, AND MORE FROM CRS
"CONTROLLED UNCLASSIFIED INFORMATION" IS COMING
After years of preparation, the executive branch is poised to adopt a government-wide system for designating and safeguarding unclassified information that is to be withheld from public disclosure.
The new system of "controlled unclassified information" (CUI) will replace the dozens of improvised control markings used by various agencies that have created confusion and impeded information sharing inside and outside of government. A proposed rule on CUI was published for public comment on May 8 in the Federal Register.
http://fas.org/sgp/news/2015/05/cui-proposed.html
While CUI is by definition unclassified, it is nevertheless understood to require protection against public disclosure on the basis of statute, regulation, or agency policy. In many or most cases, the categories of information that qualify as CUI are non-controversial, and include sensitive information related to law enforcement, nuclear security, grand jury proceedings, and so on.
Until lately, "more than 100 different markings for such information existed across the executive branch. This ad hoc, agency-specific approach created inefficiency and confusion, led to a patchwork system that failed to adequately safeguard information requiring protection, and unnecessarily restricted information sharing," the proposed rule said.
One of the striking features of the new CUI program is that it limits the prevailing autonomy of individual agencies and obliges them to conform to a consistent government-wide standard.
"CUI categories and subcategories are the exclusive means of designating CUI throughout the executive branch," the proposed rule states. "Agencies may not control any unclassified information outside of the CUI Program."
Nor do agencies get to decide on their own what qualifies as CUI. That status must be approved by the CUI Executive Agent (who is the director of the Information Security Oversight Office) based on an existing statutory or regulatory requirement, or on a legitimate agency policy. And it must be published in the online CUI Registry. There are to be no "secret" CUI categories.
http://www.archives.gov/cui/registry/category-list.html
Importantly, the CUI Program offers a way of validating agency information control practices pertaining to unclassified information. (A comparable procedure for externally validating agency classification practices does not exist.) But CUI status itself is not intended to become an additional barrier to disclosure.
"The mere fact that information is designated as CUI has no bearing on determinations pursuant to any law requiring the disclosure of information or permitting disclosure as a matter of discretion," the new proposed rule said. The possibility that CUI information could or should be publicly disclosed on an authorized basis is not precluded.
More specifically, a CUI marking in itself does not constitute an exemption to the Freedom of Information Act, the rule said. However, a statutory restriction that justifies designating information as CUI would also likely make it exempt from release under FOIA.
One complication arises from the fact that simply removing CUI controls does not equate to or imply public release.
"Decontrolling CUI relieves authorized holders from requirements to handle the information under the CUI Program, but does not constitute authorization for public release," the rule said. Instead, disclosure is only permitted "in accordance with existing agency policies on the public release of information."
The upshot is that while there can be "controlled unclassified information" that is publicly releasable, there can also be non-CUI (or former CUI) information that is not releasable. The latter category might include unclassified deliberative materials, for example, that are not controlled as CUI but are still exempt from disclosure under the Freedom of Information Act.
More subtly, noted John Fitzpatrick, the director of the Information Security Oversight Office, there is a large mass of material that is neither CUI nor non-CUI-- until someone looks at it and makes an assessment. In all such cases (other than voluntary disclosure by an agency), public access would be governed by the provisions and exemptions of the FOIA.
The genealogy of the CUI Program dates back at least to a December 16, 2005 memorandum in which President George W. Bush directed that procedures for handling what was called "sensitive but unclassified" information "must be standardized across the Federal Government."
http://www.fas.org/sgp/news/2005/12/wh121605-memo.html
At that time, the impetus for standardization (which never came to fruition) was based on the need for improved sharing of homeland security and terrorism-related information. The initiative was broadened and developed in the 2010 Obama executive order 13556, which eventually led to the current proposed rule. Public comments are due by July 7.
THE FUTURE OF INTERNET GOVERNANCE, AND MORE FROM CRS
Noteworthy new reports from the Congressional Research Service that Congress has withheld from public distribution include the following.
The Future of Internet Governance: Should the U.S. Relinquish Its Authority Over ICANN?, May 5, 2015:
http://fas.org/sgp/crs/misc/R44022.pdf
Money for Something: Music Licensing in the 21st Century, May 7, 2015:
http://fas.org/sgp/crs/misc/R43984.pdf
Iran's Foreign Policy, May 5, 2015:
http://www.fas.org/sgp/crs/mideast/R44017.pdf
Current Debates over Exchange Rates: Overview and Issues for Congress, May 7, 2015:
http://fas.org/sgp/crs/misc/R43242.pdf
Immigration Detainers: Legal Issues, May 7, 2015:
http://fas.org/sgp/crs/homesec/R42690.pdf
U.S.-Mexican Security Cooperation: the Merida Initiative and Beyond, May 7, 2015:
http://fas.org/sgp/crs/row/R41349.pdf
Franking Privilege: Mass Mailings and Mass Communications in the House, 1997-2014, May 6, 2015:
http://fas.org/sgp/crs/misc/RL34458.pdf
Obama Library Likely Headed to Chicago's South Side, CRS Insights, May 1, 2015:
http://fas.org/sgp/crs/misc/IN10270.pdf
Tesla's Home Battery--An Electricity Storage Breakthrough?, CRS Insights, May 4, 2015:
http://fas.org/sgp/crs/misc/IN10271.pdf
******************************
Secrecy News is written by Steven Aftergood and published by the Federation of American Scientists.
The Secrecy News blog is at:
http://fas.org/blogs/secrecy/To SUBSCRIBE to Secrecy News, go to:
http://fas.org/sgp/news/secrecy/subscribe.htmlTo UNSUBSCRIBE, go to:
http://fas.org/sgp/news/secrecy/unsubscribe.htmlOR email your request to saftergood@fas.org
Secrecy News is archived at:
SUPPORT the FAS Project on Government Secrecy with a donation here:
http://fas.org/sgp/news/secrecy/index.html
https://fas.org/donate/