Communications Litigation Today was a service of Warren Communications News.

EPIC SAYS INDUSTRY PROBES ARE REASON TO BLOCK NEW FOIA EXEMPTION

July 10, 2002 by Steve Peacock|Miscellaneous

Industry representatives exhorted House Commerce Oversight Subcommittee Tues. to strengthen proposed exemptions from Freedom of Information Act (FOIA) for communications network owners that share threat data with govt. Several telecom and Internet industry panelists, including BellSouth Chief Technology Officer William Smith, urged panel to support President Bush’s plan (HR-5005) to create cabinet-level Dept. of Homeland Security (DHS), including establishing limited FOIA exemption for companies that voluntarily share infrastructure vulnerability data with authorities. In fact, panelists said plan should be strengthened to include antitrust protection for data-sharing as well.

However, Electronic Privacy Information Center Gen. Counsel David Sobel warned that current flurry of investigations into telcos and other corporations for hiding and falsifying financial data should give Congress fair warning not to provide industry with additional avenues of withholding important information from public. Sobel said: “It should not go unnoticed that we are discussing the desire of private companies to keep secret potentially embarrassing information at a time when the disclosure practices of many in the business world are being scrutinized. If a company is willing to fudge its financial numbers to maintain its stock price, what assurance would we have that it was not hiding behind a ‘critical infrastructure’ FOIA exemption in order to conceal gross negligence?”

Despite claims that FOIA as currently written was barrier to information sharing, Sobel said those who supported expansion of FOIA exemptions had “not cited a single instance in which a federal agency has disclosed voluntarily submitted data against the express wishes of an industry submitter. Nor have they provide a single hypothetical example of voluntarily submitted ‘critical infrastructure’ information that would not fall within the broad protections” under existing law.

Smith said BellSouth and other critical infrastructure operators had “seen dramatic increases in the number of requests to participate” in public-private sector network security initiatives since last year’s terrorist attacks. Companies continue to be reluctant to share information with govt. in light of liability they face from FOIA requests, he said: “We have received numerous requests for sensitive information, such as lists of critical facilities, from federal, state and local authorities. From the perspective of a corporation such as BellSouth, these requests are troubling because if such a list were publicly released, whether through a FOIA request or through accidental disclosure, it could provide terrorists with a road map directing them to our most critical locations.”

Critical Infrastructure Assurance Office Dir. John Tritak said biggest challenge for govt. in consolidating existing federal entities into DHS would be development of “culture of collaboration and partnership” with critical infrastructure owners and operators. Despite progress in forming such partnerships, he acknowledged reluctance of industry to engage in “full-scale exchange” of information. He said FOIA-related provision of White House plan wouldn’t roll back existing law and denied it would serve as “safe haven for gross violations.”

However, he said expanded FOIA exemption was “not a silver bullet” for enhancing govt.-industry alliances and wouldn’t necessarily spur level of cooperation needed for joint protection of the nation’s infrastructure. He said: “There’s not going to be an avalanche of information submitted to the government the day after the bill is passed.” Although critical infrastructure FOIA exemption might ease some of industry’s concerns, additional steps must be taken to build trust between those sectors, he said.

Guy Copeland, Computer Sciences Corp. vp-information infrastructure advisory programs, said infrastructure data “should be entitled to the extraordinary treatment of a complete ban on FOIA disclosure.” Representing Information Technology Assn. of America (ITAA), he said an expanded FOIA exemption also should apply to information shared at state and local level. He said: “Homeland defense is creating a need for federal, state and local bodies to work jointly to a previously unprecedented degree… Information sharing ought not to dead-end at the federal level but should flow all the way down to the first responders.”

Copeland also reiterated ITAA’s suggestion that proposed Information Analysis & Infrastructure Protection division at DHS be split into separate units, creating Bureau of Cybersecurity. He said that melding cybersecurity and physical security functions into same division would be mistake: “The challenges in the cyberworld are sufficiently different from those in the physical world to merit a bureau that focuses on cybersecurity and that is headed by a Senate- confirmed public official.”