FOUO and FOIA: Two Letters (Should) Make All the Difference

In 2010 transparency advocates welcomed an important new Executive Order that promised to phase out the use of confusing stamps like For Official Use Only (FOUO) and make sure that such markings were not used by agencies to deny the public access to information. However, as Patrice McDermott testified before a House subcommittee this week, intransigence and resistance from some agencies has drawn out the process so that it will be 2018, 2019 and beyond before agencies stop using these stamps. And, as we learned from a story posted by Jason Leopold on the Guardian earlier this week, the public is still not seeing the benefits that should have begun almost immediately. What should the government do to make sure agencies are not using the delay in implementation to keep information from the public?

 

 

As we noted in our 2011 Secrecy Report, federal agencies use more than 100 unique markings like “For Official Use Only” to restrict public access to unclassified information. Agencies use these markings because the information is asserted to be sensitive, but it does meet the standards for classification. In fine DC tradition, information that these markings are applied to has had not one, but two, three-letter acronyms associated with it: Sensitive But Unclassified (SBU) and Controlled Unclassified Information (CUI).

President Obama's 2010 Executive Order (EO) on Controlled Unclassified Information (EO 13556), included a clear statement about the relationship between markings like FOUO and the Freedom of Information Act (FOIA): "the mere fact that information is designated as CUI shall not have a bearing on determinations pursuant to any law requiring the disclosure of information or permitting disclosure as a matter of discretion." In plain English, this statement means that whether a document has a marking on it has no effect on whether it should be withheld under FOIA.

An Executive Order directly instructing agencies should not require a follow-up memo, but this one apparently has. One year after the release of the EO, the Information Security Oversight Office (ISOO), which has responsibility for implementing the CUI policy, and the Office of Information Policy at the Department of Justice, which has responsibility for providing guidance on implementing FOIA, sent out follow-up memo that was even more direct: "In sum, CUI markings and designations should not be associated with or paired to FOIA exemptions and should not be used as a basis for applying a FOIA exemption." As we learned from the Guardian story, however, not all agencies have gotten the memo.

According to email messages (that were released to Leopold as a result of a FOIA request), the National Security Agency's Chief FOIA Officer wrote that the agency "can deny all classified and all FOUO [for official use only]" FOIA requests (be sure to read Leopold's full story here for more on how the NSA responded to the wave of FOIA requests generated by Edward Snowden's leaks). While the NSA is not generally thought of as an agency at the forefront of good transparency practices, it is pretty safe to assume that they are not the only agency that is inappropriately using markings to guide FOIA decisions.

The joint guidance from ISOO and OIP should have clarified any misunderstanding in the agencies. It is going to take more than a follow-up memo, however, to make sure all agencies are making FOIA determinations without regard for the markings placed on a record. At least two things can help make sure rhetoric more closely matches reality: training and oversight.

We should look to OIP to take responsibility for training and oversight on this issue because: 1) the determinations are made by FOIA officers; 2) OIP already provides FOIA officers with regular training opportunities; and 3) OIP also already collects, through the Chief Officer Reports, information about how agencies are implementing certain aspects of FOIA. We encourage OIP to address this on-going problem head-on by integrating the EO on CUI markings into their training sessions and by asking agencies to report on what they have done to make sure these markings are not being relied on to withhold information when it should be public.

Categories: Uncategorized