Congress creates conundrum: What's 'sensitive'?

In its rush to straighten out security problems at Energy Department nuclear labs last year, Congress ended up creating more confusion for contractors who work for the agency, according to a recent DOE memo.

Section 3147 of the National Defense Authorization Act for fiscal 2000 included a provision penalizing Energy contractors who violate any rules "relating to the safeguarding or security of restricted data or other classified or sensitive information."

Under the law, DOE contractors can be fined up to $100,000 for releasing such data. But one small hitch was discovered after the new regulations were approved- legally, there is no such thing as "sensitive information."

In effect, Congress created a new classification category.

The department has received a number of inquiries from contractors concerning the implementation of the provision, according to a Jan. 5 memo from DOE general counsel Mary Anne Sullivan. To keep things fair, DOE won't impose any penalties until new regulations are issued that define the term "sensitive information," the memo said.

Steven Aftergood, director of the Project on Government Secrecy at the Federation of American Scientists, said the muddled provision is a "good illustration of the excess zeal that overcame Congress last year" while it tried to improve security at the Energy Department.

"This is sloppy legislating. You don't impose severe penalties for an action without describing that action with some precision," Aftergood said.

Sensitive information may not need to be classified, he said. For example, information about alarm systems at DOE nuclear weapons labs isn't classified, because it needs to be shared with emergency response personnel. But it's also not something you would want to disclose to potential enemies, Aftergood said.

DOE already has a classification for such information regarding nuclear weapons called "unclassified controlled nuclear information." Penalties already exist for disclosure of such information. But the new provisions will likely include different types of information, Aftergood said.

While the term "sensitive information" is used by the Defense Department and appears in the Computer Security Act, it does not appear in the Atomic Energy Act where the new amendment is placed.

Until new regulations are issued that define "sensitive," DOE contractors will likely err on the side of caution, Aftergood said.

"To be on the safe side, the contractors are likely to withhold more, rather than less, information. It becomes a problem in terms of cost-effective security and accountability to the public because information gets withheld indiscriminately," he said.

According to Sullivan's memo, a process is underway to develop regulations regarding the new law.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • The Big Data Campaign Trail

    With everyone so focused on security following recent breaches at federal, state and local government and education institutions, there has been little emphasis on the need for better operations. This report breaks down some of the biggest operational challenges in IT management and provides insight into how agencies and leaders can successfully solve some of the biggest lingering government IT issues.

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

  • Ongoing Efforts in Veterans Health Care Modernization

    This report discusses the current state of veterans health care


When you download a report, your information may be shared with the underwriters of that document.