July 12, 2002The Bush administration this week endorsed a Freedom of Information Act (FOIA) exemption for data about computer networks and other security issues that appears to yield little ground to environmentalists and open-record advocates.
The issue of how extensive such an exemption should be granted has stirred partisan disagreement, with many Democrats questioning the need to exempt voluntarily submitted information from FOIA disclosure.
But in a win for the technology industry, united with utilities, financial services firms and manufacturers, the White House weighed in with draft language that includes both elements.
A draft of the bill prepared by the House Select Committee on Homeland Security has included the FOIA exemption, the potential limitation of liability, and language that provides an antitrust exemption for businesses that share information deemed vital for "critical infrastructure security."
The text of the applicable provisions in the Select Committee's draft mirrors those drafted by Rep. Tom Davis, R-Va., and passed late Thursday night by the House Government Reform Committee. The committee accepted an amendment by ranking member Henry Waxman, D-Calif., clarifying that the exemption did not apply to lobbying activities.
Many Democrats have been skeptical because of an aggressive campaign against the exemptions by environmental groups. The bill creating a Homeland Security Department authored by Senate Government Affairs Committee Chairman Joseph Lieberman, D-Conn., contains no similar provisions.
The antitrust exemption in the Davis bill passed on Thursday differs from previous versions in that it gives the president the authority to declare that private-sector centers established to share such information receive an existing antitrust exemption found in the 1950 Defense Production Act. A Davis spokesman said Friday that the administration is supportive of that approach.
Although administration officials failed to return calls seeking clarification, in May, John Malcolm, deputy assistant attorney general in the criminal division, raised questions about both the antitrust exemptions and the provisions that information disclosed to the Homeland Security Department could not be used "in any civil action arising under federal or state law if such information is submitted in good faith."
Open records activists have voiced a similar fear. "How, in a week where Congress is focused on corporate wrongdoing, malfeasance, and scandal, could you present in a serious manner measures that give [businesses] a get out of jail free card?" questioned Gary Bass, executive director of OMB Watch.
Spokesmen for other public interest groups presented scenarios in which businesses voluntarily release information about security vulnerabilities in the expectation that it will then not be used against them.
Business groups and legislative supporters paint such scenarios as far-fetched, and said that the bill will not impede regulatory investigations. "This amendment is very narrowly defined, and only seeks to address information that is deemed essential to the economy and to national defense," said Davis spokesman David Marin.
They argue that the measures are necessary to create a "good Samaritan" exception that would encourage businesses to strengthen computer security, said Mario Correa, director of Internet and network security policy for the Business Software Alliance.
July 12, 2002