Almost a full year ago OMB Watch filed a request, under the Freedom of Information Act, to the Department of Homeland Security (DHS) for information on their Critical Infrastructure Information (CII) program. The request sought an accounting of how the program was used thus far including the number of submissions, rejections, and communications, as well as program procedures for handling information. Unfortunately, DHS was not very prompt with answers. In fact, it took a summons filed in the DC Circuit Court to get even a few pieces of basic information about the CII program. According to documents obtained by OMB Watch, the CII program has received 29 submissions of information for which the submitters requested protections under the CII provisions. DHS approved 22 of those submissions for protection and rejected the other seven submissions as not meeting the program’s requirements. To qualify, the information must address a vulnerability of some critical infrastructure, it must be voluntarily submitted, and it must not exist customarily in the public domain. DHS implies that the seven submissions “deemed non-CII or non protected CII” have been destroyed per agency policy. Most of the submissions appear to be brief, measuring only a few pages in length, however, at least one submission contained over 300 pages of material. Additionally, it should be noted that the length of the documents reveals nothing about the importance of the information contained within those pages. Even the shortest documents may contain vital information about a vulnerability that threatens a community’s safety, information that now sits in a locked drawer while nothing is done to fix the vulnerability or ensure the community’s safety. DHS also treated numerous communications between the agency and submitters concerning their CII submissions as protected under the same provisions. This appears to be an extension of the program’s protections from what the agency outlined in its final CII rule.