Secretary Tom Ridge
Office of the Secretary
U.S. Department of Homeland Security
Washington, D.C. 20528
RE: DHS's Management Directive on FOUO Information
Dear Secretary Ridge:
The Project On Government Oversight (POGO) has a number of concerns regarding the directive on "Safeguarding Sensitive But Unclassified (For Official Use Only) Information" (revised on January 6, 2005 – MD Number 11042.1). POGO believes that DHS's directive is overreaching in scope and essentially places a cloak of secrecy over the entire agency and all of its operations. The directive inhibits the public's right to know how the federal government operates. Furthermore, it poses a significant threat to our nation's security as well as to the rights of American citizens – specifically, Department of Homeland Security (DHS) employees, contractors and consultants.
One of our concerns involved the non-disclosure agreement. The recent decision to exempt DHS employees was an important step toward a more open government. However, the directive still silences contractors and consultants, who make up the vast majority of DHS workers, by requiring them to sign non-disclosure agreements. The agreement threatens signatories with criminal, civil, and administrative punishment if they reveal any information. Of particular concern are those cases when they had tried to report internal problems and were ignored by their supervisors.
POGO knows that scenario all too well. We have been contacted by numerous DHS employees who reported problems internally, but were ignored. The government's usual reaction to an internal critique is to shine the spotlight on the messenger rather than on the critical issues. As a result, serious lapses, misconduct, or weaknesses in homeland security may go uncorrected.
The non-disclosure agreement is problematic not only because of who must sign them, but also because of the types of information that can no longer be disclosed. The agreement will conceal the broad and overreaching umbrella category of "Sensitive But Unclassified," which includes any document marked "For Official Use Only" (FOUO). It unconstitutionally criminalizes disclosure of this and other non-classified information, violating the First Amendment right of free speech.
Furthermore, the agreement allows the government to "conduct inspections, at any time or place, for the purpose of ensuring compliance" among signatories. Effectively, signatories are forced as a condition of their employment to consent to warrantless searches, and made to relinquish their constitutional right to privacy. Even the government's current "Classified Information Nondisclosure Agreement" (Standard Form 312), which is so overreaching that Congress prohibits the spending of federal money to enforce this agreement, does not go as far as expressly infringing on government employees' expectation of privacy by requiring inspections of signatories' personal property.
Moreover, the revised directive is problematic for the following reasons:
- The directive prohibits the disclosure of information that may be obtainable under the Freedom of Information Act (FOIA) 5 U.S.C. § 552. (Directive Part 6.A.4) DHS has created a rule requiring the DHS community to steadfastly protect the same information that FOIA officers may release to the public.
- The directive's definition of FOUO information is a catch-all for every piece of information within the DHS community. (Directive Part 6.B-C) The directive also states that unmarked information must be protected as FOUO. (Directive Part 6.F.1) As a result, the directive throws a blanket of secrecy over all DHS information.
- The directive allows all DHS employees, contractors, and consultants to have FOUO designation authority for an unlimited period without any review or appeal procedure. (Directive Part 6.D-E) At the same time, DHS's non-disclosure policy does not establish check and balances to prevent information from being inappropriately shielded from Congressional and public scrutiny.
- The directive also requires employees to protect information above and beyond the stated requirements. (Directive Part 6.G) Those heightened standards are nebulous at best and provide a further chilling effect that dissuades the sharing of government information with government officials or the public.
- The directive is contradictory regarding dissemination of information. (Directive Part 6.J.3) Despite the high standard for releasing FOUO to persons with a "need-to-know," FOUO information may be sent via non-secure fax, regular email channels, or displayed on the DHS intranet, where any employee without a "need-to-know" may access the protected information.
POGO believes that the directive permits too many employees, contractors, and consultants to make unilateral and unchallenged decisions regarding what information should be shielded from the public, what designation it should receive, who has a "need-to-know," and the means of disseminating the information internally to personnel with or without a need to know. That system provides DHS employees and others with great responsibility and the majority of the risk in making those determinations. DHS's message is nothing more than "err on the side of caution – protect all DHS information," which is too broad and overreaching.
In essence, DHS is silencing the nation's already muted federal workforce – the only people who can alert the public when the government is not doing its job. Even prior to the chilling effect created by the directive, airport baggage screeners (who compromise one-fourth of DHS's workforce) were stripped of key Whistleblower Protection Act (WPA) rights. Moreover, current loopholes in the WPA mean that protections are not provided to any government employees who find wrongdoing as a part of their job; report offenses to their management; challenge policies; or tell co-workers.
The principle that all government information is publicly available through public reading rooms or FOIA, absent a specified exemption that prohibits disclosure (such as privacy, national security, or internal personnel rules/practices), has been eroded in recent years. DHS's policies for protecting all levels of purportedly sensitive information are out of step with current law and further erodes the open-government principle by not providing adequate procedures for challenging decisions. The result is that DHS is shielding information from the public, making public access to information the exception rather than the rule.
POGO recognizes the need for secrecy of certain government activities and information, but DHS has made a leap in the wrong direction – a leap that could harm homeland security by silencing those who are trying to improve security for all Americans. This policy could create at the least an environment fostering waste and fraud, and at worst, possibly endanger American lives. POGO urges DHS to reconsider those policies in the directive which far exceed any legitimate need for secrecy and, in fact, appear unconstitutional.
In summary, POGO has several questions. First, what controls does the DHS plan to implement to oversee all of the information that is designated as FOUO? Second, what review process will be established to investigate whether information should remain concealed from the public? Third, where are the protections against over-classification in this system? We look forward to your written response. Please contact me or Scott Amey at (202) 347-1122 if you have any questions or comments.