Hirono, Colleagues Press DoD on Repeated Refusal to Share Information with Members of Congress

WASHINGTON, D.C. – Today, U.S. Senator Mazie K. Hirono (D-HI), member of the Senate Armed Services Committee, led her colleagues in demanding answers from the Department of Defense (DoD) regarding its treatment of sensitive information known as Controlled Unclassified Information (CUI). In a letter to Secretary of Defense Lloyd Austin, the lawmakers express their concern with the Department’s use of the CUI designation and its regular withholding of CUI from Members of Congress. In addition to Senator Hirono, the letter was also signed by Sens. Richard Blumenthal (D-CT), Tim Kaine (D-VA), Jeanne Shaheen (D-NH), and Elizabeth Warren (D-MA).  

“While many DoD components have been appropriately responsive to congressional oversight inquiries, we have heard from numerous colleagues and many Senators have had personal experience with the Department of Defense and the military Services limiting the ability of individual Members to receive Controlled Unclassified Information (CUI), often under the premise that release to a Member is akin to release to the public,” write the lawmakers. “It is further explained, at times, that committee staff may receive CUI material, but that Member staff cannot access the information provided to the committee. These classification and withholding practices raise serious concerns about potential overuse of the CUI designation as a way to impede Member offices’ ability to perform important oversight responsibilities.

The CUI program was established in 2010 by Executive Order at the recommendation of a Presidential Task Force in order to standardize the Executive Branch’s protection and dissemination of unclassified information that requires safeguarding. Prior to its creation the federal government had a labyrinth of more than 100 different sensitive but unclassified markings.

“Despite the CUI program having been in effect for over a decade, it seems there is still no standardized practice for the dissemination of CUI material to Member offices,” the lawmakers continue. “Member offices are instead told they are unable to receive information because it is CUI without any justification for the designation or recognition of Congress’s oversight responsibilities. This practice of withholding CUI material from Member offices is especially troubling in light of allegations that the Department of Defense is using CUI to ‘suppress bad news under the guise of national security.’”

In the letter, the lawmakers pose a series of questions to DoD to clarify the Department’s policies and procedures surrounding the use of the CUI designation and the dissemination of CUI.

The full text of the letter is below and can be found here.

Dear Secretary Austin, 

We write today to express concerns regarding methods of information classification within the Department of Defense. While many DoD components have been appropriately responsive to congressional oversight inquiries, We have heard from numerous colleagues and many Senators have had personal experience with the Department of Defense and the military Services limiting the ability of individual Members to receive Controlled Unclassified Information (CUI), often under the premise that release to a Member is akin to release to the public. It is further explained, at times, that committee staff may receive CUI material, but that Member staff cannot access the information provided to the committee. These classification and withholding practices raise serious concerns about potential overuse of the CUI designation as a way to impede Member offices’ ability to perform important oversight responsibilities.

The Constitution empowers Congress to pass legislation regulating, and conduct oversight of, the Executive branch. Congress must access Executive branch information to adequately fulfill these constitutional functions.

CUI was developed at the recommendation of a Presidential Task Force to standardize the Executive Branch’s protection and appropriate dissemination of unclassified information that requires safeguarding. Prior to its creation the federal government had a labyrinth of more than 100 different sensitive but unclassified markings. But CUI was not intended to—and cannot be used to—impede Congress’s oversight function. Indeed, Executive Order 13556, which established the CUI program, states that “the mere fact that information is designated as CUI shall not have a bearing on determinations pursuant to any law requiring the disclosure of information or permitting disclosure as a matter of discretion, including disclosures to the legislative or judicial branches.”

As the Senate Armed Services Committee noted, there is an ongoing concern “that a clear, systematic process and corresponding guidance from the Department for applying the CUI marking guidance is lacking.” In response, the Department of Defense Inspector General is conducting a review of DoD’s practices and the Department has been asked to incorporate CUI guidance into program classification guides and program protection plans. The lack of clarity and consistency in the application of CUI endangers information the policy was designed to protect.

Despite the CUI program having been in effect for over a decade, it seems there is still no standardized practice for the dissemination of CUI material to Member offices. Member offices are instead told they are unable to receive information because it is CUI without any justification for the designation or recognition of Congress’s oversight responsibilities. This practice of withholding CUI material from Member offices is especially troubling in light of allegations that the Department of Defense is using CUI to “suppress bad news under the guise of national security.” What’s more, the Department routinely ignores its own rules, outlined in DODI 5200.48, regarding the use of CUI designation indicators and proper banner marking requirements, making it impossible to understand what is being withheld, why, and by whom.

Also concerning is the Department’s tendency to resort to Freedom of Information Act (FOIA) exemptions to justify decisions to limit dissemination of CUI material to Member offices.  It is clearly established that “FOIA should not be cited as a safeguarding or dissemination control authority for CUI.” FOIA is a public disclosure statute. It is not a statute that authorizes information to be controlled. Moreover, FOIA explicitly does not provide “authority to withhold information from Congress.”

Nor, even if it applied, could FOIA provide any basis for distinguishing between Members of Congress and congressional committees. Indeed, the D.C. Circuit has explained that “[i]t would be an inappropriate intrusion into the legislative sphere for the courts to decide without congressional direction that, for example, only the chairman of a committee shall be regarded as the official voice of Congress for purposes of receiving such information, as distinguished from its ranking minority member, other committee members, or other members of Congress.”

The Department’s procedures for the marking and dissemination of CUI material are so opaque and inconsistent as to give the impression that they are subject to political considerations. The lack of standardization and transparency make it difficult for Congress to fulfill its constitutional role. Consequently, we ask that you provide the following information:

1. What are the Department’s policies and procedures for determining what information will be designated as CUI and how it will be so designated?
2. Who determines whether to designate something as CUI?
3. Who is responsible for applying CUI markings to documents?
4. What is the review process to ensure consistency in the designation and marking outlined above?
5. Does the Department have a process to challenge improper designation of information as CUI?
6. Does the Department have written policy, regulation, or other guidance regarding sharing of CUI material to individual Members of Congress?
1. How is this policy, regulation, or guidance implemented across the DOD and the Services?
2. How is the Department ensuring that this policy, regulation, or guidance is applied consistently to different Members of Congress?
7. If the Department does not have written policy, regulation, or other guidance, how does the Department decide whether or not to provide documents designated as CUI to individual Members of Congress?
1. How are these decisions made across the DOD and the Services?
2. How is the Department ensuring that these decisions are made consistently with respect to different Members of Congress?

###