The Senate is raising questions about how the Pentagon uses a label for unclassified information that some officials say makes it more difficult to access public information.
In its version of the Fiscal Year 2023 National Defense Authorization Act, the Senate Armed Services Committee wants to better define how the Defense Department can use the controlled unclassified information (CUI) designation.
CUI was intended to speed the disclosure of information to other agencies and the public, but the Defense Department has used the designation to keep the information from public view, several congressional sources and defense officials have told USNI News.
Since the new CUI regime came to the Pentagon in late 2021 – replacing the old “for official use only,” or FOUO label – officials have put the designation on a government phone directory, an “any questions?” slide in a PowerPoint presentation and an invitation to a ship tour, USNI News has learned.
The designation has been in the wider federal government for more than a decade as part of an Obama administration initiative to streamline the handling of non-secret government information like personal data, in-progress law enforcement investigations and confidential business information.
The promise of CUI was to refine rules from agencies like the Environmental Protection Agency to the Fish and Fish and Wildlife Service and make them into a simple standard across the government.
“This inefficient, confusing patchwork has resulted in inconsistent marking and safeguarding of documents, led to unclear or unnecessarily restrictive dissemination policies, and created impediments to authorized information sharing,” reads the 2010 executive order outlining the policy.
The best-known example to date is the annual Pentagon weapons report. Federal law says the DoD director of operational test and evaluation (DOT&E) must deliver two annual reports on the health of acquisition programs to Congress – a classified and unclassified version.
In February, the public report came out with CUI printed on it. By publishing the DOT&E report under CUI, the Department of Defense prevented members of Congress and the general public from being able to see what Sen. Elizabeth Warren (D-Mass.) called “key information” in a letter asking for the release of the full version.
It also highlighted the inconsistent ways in which the Pentagon uses CUI, staff members of the Senate Armed Services Committee’s minority and majority told USNI News.
While there is guidance on how to use it, published as recently as 2020, the Senate Armed Services Committee wrote in the report accompanying its version of the NDAA about inconsistent use of the designation.
“As noted elsewhere in this Act, the committee is concerned with the uneven application of controlled unclassified information (CUI) document marking within the Department of Defense (DOD). While the committee understands the need to protect sensitive unclassified information, we remain concerned that a clear, systematic process and corresponding guidance from the Department for applying the CUI marking guidance is lacking,” according to the committee report.
The SASC NDAA version contains two different sections set to address CUI, including one section that calls for more oversight and training.
Section 874 in the Senate Armed Services Committee version calls for a process to use controlled unclassified information in a consistent way, with the undersecretary of defense for intelligence and security and the undersecretary of defense for research and engineering creating a process to monitor CUI to ensure it’s used correctly.
It also includes training on CUI, with the deadline to complete the process of refining guidelines and education by the beginning of 2029.
In the section, senators also called for a Department of Defense inspector general review of controlled unclassified information.
The other section addresses the director of operational test and evaluation (DOT&E) assessment. Under the SASC version, if the director releases a classified version or a version marked CUI, there must also be an unclassified version.
Committee members have dealt with CUI on other documents, chalking it up to minor annoyances, a Senate aide said. But seeing CUI on the DOT&E report affected their ability to provide oversight for the Pentagon.
It turned their attention to the inconsistent use of CUI by the Department of Defense, the aide said, resulting in the inclusion in the SASC NDAA.
CUI can make documents difficult to share, the senate aide told USNI News.
In response, SASC included the provision on guidance and training in the NDAA. Right now, the guidance available is overly broad, the aide said.
“And I will say, just from my own perspective, […] having worked in industry, I ran into the same problems that there was inconsistent guidance, or, in some cases, no guidance beyond the very high-level instruction and marking guides that are out there,” the aide said.
It’s not that SASC wants to get rid of CUI, which does have a use, the aide said. The committee wants better parameters so that those determining whether to mark a document with the CUI label are consistent, the aide said.
The aide referenced similar guidance on classified documents, in which the individuals determining if a document should be classified follow strict, defined rules.
“So you have classification guides that sort of are very explicit about […] what is included at different levels of classification to give you that specificity when you’re applying it to other documents,” the aide said.
Republicans on SASC also want a clearer definition for CUI, a SASC Republican spokesperson told USNI News.
“Broadly throughout the bill, it’s clear the Committee has concerns about the proper classification of information to allow everyone, including Congress and industry, to do their jobs well while protecting sensitive national security information,” the SASC Republican spokesperson said.