Saturday, December 29, 2007

HR 4806 – Reducing Over-Classification Act of 2007

Last week Representative Jane Harman (D-Venice), Chair of the Homeland Security Subcommittee on Intelligence, Information Sharing & Terrorism Risk Assessment, along with all of her fellow Democrats on the sub-committee, introduced “The Reducing Over-Classification Act of 2007” (ROC Act, HR 4806). Congresswoman Harmon described the purpose of the bill as putting the “Department of Homeland Security on the path to better information sharing by turning back the tide of over-classification that imperils our ability to make America safer from terrorism.” 

 

According to Harden; “Almost three and a half years ago, the 9/11 Commission made clear the urgent need to eliminate the over-classification of intelligence information by the Federal Government.” Unfortunately, HR4806 goes well beyond decreasing the over classification of intelligence information in the Department of Homeland Security. This bill takes on all classified information as well as all unclassified but sensitive information.

 

 Section 210F(b)(2)(D) of the proposed regulation requires that DHS establish a document control strategy that requires that “documents only be classified for the limited purpose of protecting sensitive intelligence sources or methods….” This would prohibit DHS from producing classified plans to respond to terrorist attacks or other assaults against homeland security.

 

It is in the area of unclassified but sensitive information that this legislation proposes the most sweeping changes in document security. Section 210F(b)(3) requires that DHS establish a new category of information, sensitive and shared information. This category would supercede “any existing policies and procedures relating to the creation, control, and sharing of unclassified information of a sensitive nature….” One such policy/procedure that would be superceded by this classification would be the Chemical-Terrorism Vulnerability Information (CVI) program introduced in the CFATS regulations.

 

While rationalizing the various categories of unclassified but sensitive information may be a bureaucratic improvement, the rules established in this bill are entirely inappropriate for CVI. The one requirement that is most inappropriate is Section 210F(b)(3)(C)(iv) that requires that the markings on the documents would be “of limited duration not to exceed 90 days unless an affirmative showing as described in subparagraph (iii) is made that an extension, of similar limited duration, is warranted….” Under this schedule the CVI protection of the information provided in a facility’s Top Screen would run out before their SVA had to be completed.

 

To keep industry provided information protected from terrorists and competitors, this bill would require an extensive bureaucracy just to keep the CVI marking up to date on all of the documents held by DHS. Furthermore, each state and local office that would be expected to maintain records on chemical facility security plans in their areas, would have to receive communications from DHS for each document on file for these plans, every 90 days to ensure that they had up to date information on its classification status. This would require another bureaucracy at DHS with smaller bureaucracies at each state and local government agency that maintains these records.

 

Another provision of this bill that would present problems for the administration of the CVI program would be the requirement in Section 210F(b)(3)(D)(i) for DHS to provide a process by which “Department personnel, personnel of other Departments and agencies of the Federal Government, or the public may challenge the appropriateness of a marking on a document and seek the removal of the marking….” Labor unions and environmental groups have already complained about CVI protections afforded to designations as High-Risk Facilities, Security Vulnerability Assessments and Site Security Plans. These groups would certainly be expected to keep another bureaucracy tied up with their appeals of the CVI markings on these documents. 

Facilities cannot be expected to share with DHS the security and process data necessary for the implementation of CFATS if DHS cannot make reasonable assurances of the security of that data. DHS cannot, with its limited manpower resources, focus on the proper sharing of that data with state and local governments while they are implementing an intensively bureaucratic document security program.

It would be a shame if, in the name of easing the sharing of intelligence information, we complicated the management of site security documents to the point that site security suffers. The law of unintended consequences rears its ugly head once again. Fortunately we still have time to nip this problem in the congressional bud. Exempting CVI information from the requirements of this bill would be an easy way of ensuring that this happens.

No comments:

 
/* Use this with templates/template-twocol.html */