Where I work "CUI" is just the header we slap on all of our PowerPoints on NIPR[1], and basically means "don't email this to your civilian email account, or otherwise share it with people outside of work"...but it's still feasible, from a technical standpoint. It's just wrong from an administrative policy perspective. CUI doesn't automatically entail/require encryption. Most people don't even bother to encrypt their emails in Outlook even when chock-full of CUI documents, or worse, high-impact PII/PHI.
If politicians want encrypted comms they'll probably have a //SECRET Blackberry or iPhone.
Years ago I worked on a Special Access project. Everything that got thrown away went into the burn barrels, whether it had a classified label or not. Of course, when California took away our license to burn stuff, we acquired a grinder type shredder.
That is just an easy general policy to adopt, secret project or not. At this point I would call it as basic as using HTTPS, just a general good practice.
If politicians want encrypted comms they'll probably have a //SECRET Blackberry or iPhone.
[1]https://en.wikipedia.org/wiki/NIPRNet