Closing the books: open government after 9/11 - information collected from private industry could be kept secret from public under spcial privilege of Department of Homeland Security

Reason, Oct, 2002 by Jeffrey Benner

Congress passed the Freedom of Information Act in 1966 and strengthened it significantly in 1974, in the aftermath of Watergate. According to David Sobel, lead counsel at EPIC, the act may now be on its deathbed. The White House bill "would gut FOIA as a vehicle for open government in a large number of critical areas," he says. Testifying before a House subcommittee on July 9, Sobel warned that the exemption would make it impossible to hold the Department of Homeland Security (DHS) accountable should things go wrong. "'What did DHS know and when did it know it?' is a question that will go unanswered," he told the committee.

A combination of six existing departments spread across five agencies, the new infrastructure protection office is supposed to coordinate security for the nation's key infrastructure and industries, including telecommunications, energy, water supply, banking and finance, transportation, emergency services, and public health facilities. Bush's lead adviser on infrastructure protection, Richard Clarke, recently told Congress this definition might need to be expanded to include other industries. The administration's proposed exemption would place all information that corporations "voluntarily" submit to the office under wraps forever.

Despite its broad definition, "critical infrastructure protection" in practice has thus far meant fighting malicious computer hackers. Debates over information flows have generally focused on the reluctance of companies to inform the government when they have been hacked. Corporations complain that they need assurance that potentially embarrassing or proprietary information about attacks submitted voluntarily to the government won't leak out to the public or to their competitors.

Ronald Dick is director of the FBI's National Infrastructure Protection Center, a department created in 1998 to monitor and provide warnings of cybercrime. He told Congress in May that only 34 percent of computer hacking attacks on industry were reported to law enforcement during the 12-month period ending in April of this year. "The two primary reasons for not making a report were negative publicity and the recognition that competitors would use the information against them," Dick said. He testified that his department finds the existing FOIA exemptions sufficient, but "if the private sector doesn't believe it...then we need to provide them those assurances that make them feel that a partnership with the government is worthwhile." With that, he tacitly endorsed a broader exemption.

But opponents of the exemption argue that plenty of protection for sensitive information is already written into the law. After all, nine categories of information are currently protected from disclosure under FOIA. "Trade secrets and commercial or financial information" are exempt from FOIA requests, along with banking and law enforcement records, data pertaining to national security, and the like.

"Any claimed private sector reluctance to share important data with the government grows out of, at best, a misperception of current law" EPIC's Sobel said in his July 9 testimony. "Exemption proponents have not cited a single instance in which a federal agency has disclosed voluntarily submitted data against the express wishes of an industry submitter." An industry representative at the hearing countered that the reason there were no cases of such disclosure is that business has thus far declined to reveal sensitive information to the government.