Friday, January 14, 2011

HR 209 Introduced – CFATS

On January 6th, Rep Speier (D, CA) introduced HR 209, the Reducing Information Control Designations Act. The bill was finally made available by the GPO yesterday. The bill is designed to increase intra-governmental information sharing and ensuring that the public has proper access to that information by “by standardizing and limiting the use of information control designations” (§2). These designations are currently placed on unclassified but sensitive information, controlled unclassified information and information marked “For Official Use Only”.

This bill takes Executive Order 13556, Controlled Unclassified Information, promulgated last fall by President Obama, extends its provisions, and provides it with the force of Federal law. It makes each Federal agency responsible for reducing and minimizing its use of “of information control designations on information that is not classified” {§3(a)}

Regulating Information Control Designations

The Archivist of the United States is given the responsibility to establish the regulations governing the use of information control designations. Those regulations are specifically required to address {§3(b)(2)}:

● Standards for utilizing the information control designations in a manner that is narrowly tailored to maximize public access to information.

● The process by which information control designations will be removed.

Procedures for identifying, marking, dating, and tracking information assigned the information control designations, including the identity of officials making the designations.

● Provisions to ensure that the use of information control designations is minimized.

● Provisions to ensure that the presumption shall be that information control designations are not necessary.

● Methods to ensure that compliance with this Act protects national security and privacy rights.

● Procedures for members of the public to be heard regarding improper applications of information control designations.

● A procedure to ensure that all agency policies and standards for utilizing information control designations that are issued pursuant to subsection (c) be provided to the Archivist and that such policies and standards are made publicly available on the Web site of the National Archives and Records Administration.
Additionally the Archivist is expected to ensure that each piece of information marked with information control designations is also marked with information identifying the person applying the information control designation. This is being required to allow the agencies to track who is misusing such designations.

While EO 13556 specifically addresses the matter of information control designations that are established in law or regulation, and excepts those so established from possible elimination, there are no such provisions provided in this bill. Where information control designations are clearly established by law this sets up an interesting conflict, but where the basis of establishment in just by regulatory fiat, this bill (if passed) would clearly take precedent.

Chemical-Terrorism Vulnerability Information (CVI)

CVI is not specifically mentioned in this bill, but it is clearly one of the information control designations covered under its provisions. Since CVI has its underpinnings established in Federal Law, it is one of the designations for which there are potential conflicts. I don’t believe that this bill would allow for the elimination of CVI (though that is an interesting nit to pick for lawyers). Nor do I believe that the major disclosure provisions would be modified, since those are set forth in the §550 CFATS authorizing language. The detailed control and marking provisions would certainly be subject to potential revision.

The provision of this bill that would provide the most obvious problems from a CVI perspective would be the requirements for identifying the person responsible for the initial marking of the document. Since copies of the CFATS submission documents are electronically generated and designated CVI by regulation, it is not clear how copies printed at the regulated facility would receive this marking. One of the facility CSAT authorized personnel would clearly not be the Federal Official making the designation.

There will be similar types of problems with just about all of the information control designations currently in use.

No one who has worked with government agencies would disagree with the underlying premise of this bill; that there is a natural tendency for a number of understandable (and sometimes illegitimate) reasons for such agencies to over-classify information. Passage of this bill would do little to address the underlying problems causing that over-classification. Until that is done, the use of procedures like those outlined in this bill will do little more than muddy the waters and extend the bureaucracy even further.

No comments:

 
/* Use this with templates/template-twocol.html */