Bill backs FOIA exemption for cybersecurity information

A leading cybersecurity lawmaker said Monday that he would introduce legislation to exempt from the Freedom of Information Act businesses that share information on computer intrusions with the government.

Sen. Robert Bennett, R-Utah, said such a move is essential to help safeguard the Internet from hackers and cyber terrorists.

The bill, which Bennett said he would introduce within the next 45 days, would draw upon his experiences as chairman of the Senate's now-disbanded Y2K Committee in fighting threats to keep America's computer networks open. Bennett's remarks came as he delivered the opening keynote speech at the Electronic Industries Alliance's conference in Washington.

Drawing an analogy to what he described as the Roman empire's three rules for stability--keep the peace, keep the roads open and trade with everyone--Bennett said, "There is an obvious parallel with America, the world's only superpower."

But while Bennett said the military bears the responsibility for preserving peace and Congress the responsibility for enhancing free trade with foreign nations, American industry must work together with the government to preserve its critical computer networks.

"The Internet, in today's world, is the counterpart to the Roman road network," he said. "It goes throughout the entire world, and it is essential it be kept open to allow the world's business."

But unlike physical roads, Bennett continued, "someone can click in and out, add his network or take it off, without any central controlling authority even being aware of what is being done."

Bennett said a FOIA exemption for businesses participating in information-sharing and analysis centers, private-sector coordinating bodies that eventually may share threat-detection information with the government, is essential to developing the tools to keep the Internet running. He also said a better understanding of the type of information to be shared and more software tools to analyze and understand computer attacks are essential.

Last year, Virginia Reps. Tom Davis, R, and James Moran, D, introduced legislation to provide such a FOIA exemption, and the Clinton administration Justice Department supported the measure--a position that is likely to be continued in the Bush administration.

Although Bennett offered few details on his pending legislation, he said he did not intend to include broader language on product liability or tort reform. A limitation on liability for software and computer manufacturers--provisions opposed by many Democrats and trial lawyers--was a key element of Y2K liability legislation Bennett helped shepherd through Congress in 1999.