POGO outlines its concerns with the International Boundary and Water Commission's Sensitive Information Protection Manual in a letter to the IBWC Commissioner

Commissioner Arturo Duran

International Boundary and Water Commission

United States Section

4171 North Mesa, Suite C-100

El Paso, TX 79902-1441

1-800-262-8857

RE: USIBWC's Sensitive Information Protection Manual

Dear Commissioner Duran:

The Project On Government Oversight (POGO) has several concerns with the International Boundary and Water Commission's (IBWC) Sensitive Information Protection Manual (hereafter referred to as the "Manual") distributed internally to employees on July 8, 2005. [1] The Manual casts an excessive blanket of secrecy over the activities of the IBWC and will unnecessarily stifle employee speech because of the fear of "administrative or disciplinary action and/or criminal prosecution." (Manual Part IV Section I.4.) This secrecy will hinder the effectiveness of the IBWC as well as make it more difficult to hold the agency accountable to the American public. As the 9/11 Commission report notes, public disclosure is "democracy's best oversight mechanism." [2]

The Manual is troubling in another sense. The agency does not have a history of secrecy. While some information at the IBWC may need protection, great care must be taken when crafting and implementing information security policies at agencies which, by and large, do not need them. Secrecy should be the exception in a democratic government, not the norm, especially when the agency in question has nothing to do with sensitive defense or intelligence activities. Regardless of the agency, secrecy is often used to cover up waste of taxpayer money, abuse of employees or other kinds of malfeasance. Secrecy should be kept to a minimum and used only when absolutely necessary.

Here are troubling aspects of the Manual:

The information designations outlined in the Sensitive Information Protection Manual are too vague and overreaching. "Sensitive Information" is defined as:

Unclassified information of a sensitive nature not otherwise categorized by federal statute or regulation and the unauthorized disclosure, loss, or misuse of which could adversely impact on the following: a person's privacy or welfare; the conduct of federal programs; or the conduct of other programs or operations essential to the national interest. (Manual Part II)Given this definition, "sensitive information" can be a catch-all for every piece of information within the IBWC. An anonymous critique of the Manual astutely notes, this definition is "impermissibly vague and broad. One could argue that any disclosure that would embarrass the IBWC 'adversely' impacts the agency and its programs." [3]Regarding "Sensitive Procurement Information," the public has a right to know at least some information "containing data, facts, or observations pertaining to conceptual, proposed, or actual procurement actions in draft or final format." (Manual Part II) Some of this information is necessary to ensure the proper and effective spending of taxpayer money. Procurement actions should be as transparent as possible.One standard the Manual lists for designating information sensitive is whether the information "could be sold for profit or other material gain." (Manual Part III Section A.4.) This is a weak standard on its own to withhold or control information since theoretically any piece of information could be sold for material gain. Disclosure of information that could lead to material gain might be a reasonable standard in denying Freedom of Information Act fee waivers, but should not create a blanket prohibition for information release.The Manual prohibits the disclosure of "Sensitive Information" that may be obtainable under the Freedom of Information Act (FOIA) 5 U.S.C. § 552. (Manual Part III Section A. 1.) IBWC has created a rule requiring the IBWC employees to protect the same information that FOIA officers may release to the public.The Manual also states that unmarked information that might be sensitive (which is too vaguely and broadly defined by the Manual) must be protected as Sensitive Information. (Manual Part III Section C. 1.) As a result, the Manual throws a blanket over all IBWC information and creates an excessive burden for IBWC employees who are assumed to know if a document is sensitive, whether it is marked so or not. Employees should not be expected to treat any piece of information as sensitive.The Manual also requires employees to protect information above and beyond the stated requirements. (Manual Part III Section C.2.d.) Those heightened standards are nebulous at best since little guidance is given indicating what necessitates higher standards and what those higher standards would be. This can create a chilling effect that dissuades the sharing of government information with government officials or the public. The Manual's policies may even be impossible to implement, barring heavy-handed and harmful management practices to monitor and control employee behavior. To avoid this situation, the IBWC should scale back the scope of what is considered sensitive. Furthermore, an appeals process should be included so that employees who question the "sensitive information" status of a document can challenge that designation.We look forward to your written response to these concerns. Please contact me or Nick Schwellenbach at (202) 347-1122 if you have any questions or comments.Sincerely,Danielle BrianExecutive DirectorProject On Government Oversight 1 Available at http://www.ibwcanonymous.org/documents/sensfull.pdf 2 The 9/11 Commission Report. p. 103, July 2004. 3 Available at http://www.ibwcanonymous.org/documents/sens.pdf