By using this website you allow us to place cookies on your computer. Please read our Privacy Policy for more details.

"Sensitive But Unclassified" and Other Federal Security Controls on Scientific and Technical Information: History and Current Controversy

View Publication


 

Publication Date: February 2004

Publisher: Library of Congress. Congressional Research Service

Author(s):

Research Area:

Type:

Abstract:

The U.S. Government has always protected scientific and technical information that might compromise national security. Since the 2001 terrorist attacks, controls have been widened on access to information and scientific components that could threaten national security. The policy challenge is to balance science and security without compromising national security, scientific progress, and constitutional and statutory protections. This report summarizes (1) provisions of the Patent Law; Atomic Energy Act; International Traffic in Arms Control regulations; the USA PATRIOT Act, P.L. 107-56; the Public Health Security and Bioterrorism Preparedness and Response Act of 2002, P.L. 107-188; and the Homeland Security Act, P.L. 107-296, that permit governmental restrictions on either privately generated or federally owned scientific and technical information that could harm national security; (2) the evolution of federal concepts of "sensitive but unclassified" (SBU) information; (3) controversies about pending Department of Homeland Security guidance on federal SBU and "Sensitive Homeland Security Information" (SHSI); and (4) policy options.

Even before the terrorist attacks of 2001, federal agencies used the label SBU to safeguard from public disclosure information that does not meet standards for classification in Executive Order 12958 or National Security Decision Directive 189. New Executive Order 13292 might widen the scope of scientific and technological information to be classified to deter terrorism. SBU has not been defined in statutory law. When using the term, some agencies refer to definitions for controlled information, such as "sensitive," in the Computer Security Act, and to information exempt from disclosure in the Freedom of Information Act (FOIA) and the Privacy Act. The identification of information to be released pursuant to these laws may be discretionary, subject to agency interpretation and risk analysis. The White House and the Department of Justice recently widened the applicability of SBU.

Critics say the lack of a clear SBU definition complicates designing policies to safeguard such information and that, if information needs to be safeguarded, it should be classified. Others say that wider controls will deny access to information needed for oversight and scientific communication. P.L. 107-296 required the President to issue guidance on safeguarding SBU homeland security information, a function assigned to the Department of Homeland Security Secretary in Executive Order 13311; action is pending. Issues of possible interest to Congress include designing uniform concepts and procedures to share and safeguard SBU information; standardizing penalties for unauthorized disclosure; designing an appeals process; assessing the pros and cons of wider SBU controls; and evaluating the implications of giving some research agency heads original classification authority. On February 20, 2004, DHS published a rule to protect voluntarily submitted critical infrastructure information. Some professional groups are starting to limit publication of some "sensitive" privately controlled scientific and technical information. Their actions may be guided by federal policy. This report will be updated as events warrant.