Advocates of legislation that would exempt the technology industry from portions of the Freedom of Information Act (FOIA) are promoting a bill, introduced Wednesday by Rep. Tom Davis, R-Va., and Rep. James Moran, D-Va., as a complement to a popular 1998 law designed to aid the Year 2000 computer conversion.
That law, the Information Readiness and Disclosure Act, passed the House and the Senate by voice vote, and was dubbed the "Good Samaritan" act because it limited the liability of businesses that disclosed information regarding their readiness for the computer date change.
Davis and Moran said that their new bill, the Cyber Security Information Act of 2000, H.R. 4626, does the same thing for businesses confronting computer security issues.
In addition to providing an exemption from the Freedom of Information Act for businesses that share information about computer network intrusions, the bill would exempt businesses from liability and free them from potential antitrust violations for participating in the much-discussed Information Sharing and Analysis Centers.
"These three protections have been previously cited by the (Clinton) administration as necessary legislative remedies" in its January national plan for protecting the nation's critical infrastructure, David said at the unveiling of the bill. "This legislation will enable the ISACs to move forward without fear from industry so that government industry may enjoy the mutually cooperating partnership" called for by the national plan and previous administrative proposals to protect computer networks.
The two Virginia representatives also circulated a letter to their lawmaker peers soliciting support for their bill and touting it as a private-sector remedy to permit businesses to "safely share information with the federal government on potential cyber vulnerabilities, or actual threats." But the bill may run up against opposition from civil liberties groups that have long cherished the Freedom of Information's Act to root out government malfeasance.
"It should be a no-brainer that the sharing of internal incident information with the proper law enforcement authorities shouldn't be subject to a FOIA," said Mark Pearl, senior vice president of the Information Technology Association of America, who praised Davis and Moran at the Wednesday launch. The Information Technology Industry Council was also present.
"It should not be something that would cause fear that it would gut the FOIA," Pearl said.