Homeland Security reverses secrecy policy, but protests persist

Two of the largest federal labor unions and a government watchdog group said Wednesday that the Homeland Security Department still has overly broad and vague policies for handling sensitive information, even though the department has rescinded one of its most controversial regulations.

On Tuesday, DHS reversed a policy that required all employees to sign an oath that they will not disclose certain information without proper authorization, including material labeled as sensitive but unclassified. Department contractors and consultants, however, still must sign the nondisclosure agreement, which also allows the government "to conduct inspections, at any time or place, for the purpose of ensuring compliance."

Janet Hale, DHS undersecretary for management, issued a memo announcing the policy changes. The memo and a revised management directive were posted online by the Federation of American Scientists' Project on Government Secrecy.

Hale referred to the nondisclosure agreement as "an interim measure" and said that the DHS Office of Security will now develop an "education and awareness program" for all employees on safeguarding sensitive but unclassified information.

The program will consist of classroom or computer-based training sessions "designed to educate employees on what constitutes [sensitive but unclassified] information and the standards for handling and disseminating it." According to the management directive, that category covers information that, if released, "would cause harm to a person's privacy or welfare, adversely impact economic or industrial institutions, or compromise programs or operations essential to the safeguarding of our national interests."

The American Federation of Government Employees and the National Treasury Employees Union welcomed the policy reversal. They had protested the policy and threatened to sue the department over it, saying that the nondisclosure agreement would undermine national security and the public interest by suppressing whistleblowing activity and discouraging dissent.

"The original directive was nothing more than a fear tactic being used by DHS to censor its employees," AFGE president John Gage said. "We are pleased that DHS has recognized its error and is taking the steps to correct it. We only hope that the agency continues on that positive path."

The unions added that they appreciate the necessity--and importance-of safeguarding classified information.

Gage and NTEU president Colleen Kelley issued a joint statement, however, saying that the management directive "still covers a broad and vaguely defined universe of information. It opens up the possibility of using the designation to cover up misconduct, among other things."

They were especially concerned about the "for official use only" category of information.

"DHS' decision to keep the FOUO category is an invitation for injustice," the two said. "The potential for misuse here is astronomical. The policy still is not clear regarding who can designate FOUO and how employees who are found in violation of the agreement will be disciplined.

"Additionally, we still are concerned with the overly broad, subjective designation of sensitive but unclassified information," they added.

AFGE assistant general counsel Anne Wagner said her union wants the department to work with it to develop clear guidelines for handling and designating information, and laying out the consequences for unauthorized disclosure.

The department's reversal has halted legal action for now, but AFGE isn't closing the door on a lawsuit.

"I think because of the vagueness of the directive, we are still considering the possibility of pursing litigation," Wagner said.

Jack Johnson, DHS chief security officer, said the new training program is specifically intended to educate employees on the different types of designations for information, and when and how to use them. He said within a month, the department will begin training new employees. Later, the training effort will be expanded to include all 180,000 workers in the department. The training will be web-based, and recurrent training will be provided in the future.

Johnson said DHS has dealt with "unprecedented amounts and types of information." The department had to find a way to handle the information, he said, and the nondiscolsure agreement was the "quickest and easiest way" until a new policy could be determined.

He said each of the designations have specific criteria associated with them, and are made by officials based on training and departmental guidance. He added that each bureau or agency within the department has officials who can help employees if they have questions about making designations, along with the DHS Office of Security.

"It's not a unilateral, arbitrary designation that we're doing," he said. "We face a balancing act every day about safeguarding information, but at the same time ensuring that we have the ability to share that information with our partners."

The Project on Government Oversight, a watchdog group, said the revised policy is "still problematic" for several reasons. For example, the department still prevents employees from disclosing information that is available to the public under the Freedom of Information Act. Also, any employee, detailee or contractor within the department can designate information to be withheld.

"The Department of Homeland Security's revision of its policy for handling sensitive information changes nothing," said POGO general counsel Scott Amey. "To ensure that secrecy oaths do not happen, Congress must pass legislation and make its intent known. A government agency should never threaten its employees or contractors with criminal prosecution for disclosing information that is available under the Freedom of Information Act."

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from GovExec.com.
We think these reports might interest you:

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Cyber Risk Report: Cybercrime Trends from 2016

    In our first half 2016 cyber trends report, SurfWatch Labs threat intelligence analysts noted one key theme – the interconnected nature of cybercrime – and the second half of the year saw organizations continuing to struggle with that reality. The number of potential cyber threats, the pool of already compromised information, and the ease of finding increasingly sophisticated cybercriminal tools continued to snowball throughout the year.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • GBC Issue Brief: The Future of 9-1-1

    A Look Into the Next Generation of Emergency Services

  • GBC Survey Report: Securing the Perimeters

    A candid survey on cybersecurity in state and local governments

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

  • eBook: State & Local Cybersecurity

    CenturyLink is committed to helping state and local governments meet their cybersecurity challenges. Towards that end, CenturyLink commissioned a study from the Government Business Council that looked at the perceptions, attitudes and experiences of state and local leaders around the cybersecurity issue. The results were surprising in a number of ways. Learn more about their findings and the ways in which state and local governments can combat cybersecurity threats with this eBook.


When you download a report, your information may be shared with the underwriters of that document.