Classified documents are exempt from disclosure under the Freedom of Information Act. (FOIA). Another way to shelter agency documents from disclosure is by pseudo-classification: labeling documents that can’t actually be classified with “keep secret” titles. According to the nonpartisan Congressional Research Service’s report, “Sensitive But Unclassified” and Other Federal Security Controls on Scientific and Technical Information: History and Current Controversy:
The U.S. Government has always protected scientific and technical information that might compromise national security. Since the 2001 terrorist attacks, controls have been widened on access to information and scientific components that could threaten national security. The policy challenge is to balance science and security without compromising national security, scientific progress, and constitutional and statutory protections.
That balance has been hard to come by, as there is no overall statutory definition of "Sensitive but Unclassified" (SBU) or other "not classified" types of documents. The Department of Homeland Security (DHS) is one example; The Patriot Act required DHS to implement regulations regarding Sensitive Security Information (SSI), and it did so at 49 C.F.R 1520 et seq.The definitions of documents to be labeled SSI is at 49 C.F.R. 1520.5, and the definitions are extremely broad. There are fifteen listed categories, and a final catchall category that can sweep in anything accidentally left out:
"Any information not otherwise described in this section that TSA determines is SSI under 49 U.S.C. 114(s) [anything detrimental to the security of transportation] or ... 49 U.S.C. 40119
[anything detrimental to transportation safety].Upon the request of another Federal agency,
TSA or the Secretary of DOT may designate as SSI information not otherwise described in this section."
Unlike classified documents, there are no consistent rules about what constitutes a document that is being “pseudo-classified.” There is no review agency. Since SBU has not been defined by statute, agencies have been left to their own devices to come up with definitions. Some examples include Sensitive But Unclassified (SBU), Sensitive Security Information (SSI), For Official Use Only (FOUO), and Controlled Unclassified Information (CUI). For a more detailed list of potential pseudo-classifications, see The Office of Security and Emergency Preparedness’s Manual Guide – Information Security.
Even the Heritage Foundation, a self-designated conservative think tank,is calling for consistency and oversight. The Foundation notes that "unclassified but security-relevant information" does not have a usable definition, a common understanding about how to control it, no agreement on the significance of the information for national security, and no means of adjudicating concerns about appropriate levels of protection. The Foundation issued a critical report in 2004, called DHS 2.0: Rethinking the Department of Homeland Security, and recommended that:
"There must be consistent policy and legislation that encourages the sharing of unclassified but security-relevant information between the private sector and the government. This policy must be sensitive to the public benefit of openness and should not necessarily remove information from public access."
Congress apparently agrees, and it is starting with DHS. The latest House Conference Report on H.R. 2360, The Department of Homeland Security Appropriations Act 2006, states the conferees concerns about insufficient management controls over SSI, and adds section 537 to the bill, requiring each office that creates SSI to have one officer to coordinate policy and provide guidance, and requires a yearly list of each and every document designated SSI to be provided to Congress starting in January 3, 2006.
Thanks to Secrecy News and the Federation of American Scientists for the tip about the Conference Report.
Comments