By Kirsten Murphy, Silha Fellow
President Bush's proposal for a new cabinet-level Department of Homeland Security contains provisions for a broad FOIA exemption. Under the Bush plan, information voluntarily supplied to the government by private businesses would not be subject to disclosure under the Freedom of Information Act.
House Majority Leader Richard Armey (R-Texas) introduced HR-5005, the Homeland Security Act of 2002, on June 24, 2002. Section 204 of the bill states that information that exposes national "infrastructure vulnerabilities or other vulnerabilities to terrorism" will be exempt from the Freedom of Information Act. The bill is currently under review by 12 committees of the House of Representatives, and the FOIA exemption debate is one of the flash points over the legislation. The FOIA already contains numerous exemptions, including law enforcement and national security exemptions.
The Bush administration argues that the exemption will encourage businesses to share security information with the government. According to supporters of the bill, which include telecommunications and energy industry representatives, release of "critical infrastructure" data through FOIA creates risks for the private sector.
Although the House Commerce Committee Chairman Billy Tauzin (R-La) removed the original FOIA exemption language during the Committee mark-up on July 11, 2002, on the grounds that the exemption should be narrower, the House Select Committee on Homeland Security has the final say on the FOIA exemption.
Bill Smith, the Chief Technology Officer of BellSouth, has stated that the telecommunications industry is reluctant to share information with the government because of security concerns. Smith testified before the House Subcommittee on Oversight and Investigations on July 9, 2002 that BellSouth has "received numerous requests for sensitive information - such as lists of critical facilities - from federal, state and local authorities. From the perspective of a corporation such as BellSouth, these requests are troubling because if such a list were released publicly, whether through a FOIA request or through accidental disclosure, it could provide terrorists with a road map directing them to our most critical locations."
However, critics of the proposed exemption point out that the types of information which concern industry are already covered by existing FOIA exemptions. Exemption 1 of the FOIA covers software vulnerabilities of classified computer systems used by the government and Exemption 4 protects trade secrets and confidential information. David Sobel, the General Counsel for the Electronic Privacy Information Center, who also testified on July 9, stated that Exemption 4 covers all the "critical infrastructure" material.
Sobel urged the Subcommittee to reject the new exemption as unnecessary and potentially dangerous legislation. "If a company is willing to fudge its financial numbers to maintain its stock price, what assurance would we have that it was not hiding behind a "critical infrastructure" FOIA exemption in order to conceal gross negligence in its maintenance and operation of a chemical plant or a transportation system?" asked Sobel.
Government watchdog groups expressed concern over other aspects of the Bush proposal. They argued that the Bush plan limits the agency's accountability and openness by establishing advisory committees that may be closed to the press and public. The President's Homeland Security Advisory Council has already met in secret session on July 2, 2002. Many express concern that the administration's penchant for secrecy will shape the guidelines and culture of the new department, creating an executive Agency that will not have to answer to the public about its activities and competence.
The Department would also act without the benefit of an internal watchdog under the Bush plan, as the proposal hamstrings the ability of the departmental inspector general to conduct investigations of the department. The Cabinet secretary will have the power to halt Inspector General investigations or audits.
In addition, the legislation gives the secretary of Homeland Security discretion to determine whether department employees are covered by current whistleblower laws, possibly creating legal or employment repercussions for employees who report on agency mistakes or misconduct.
Two other pending bills proposed even broader protection of the private sector than H.R. 5005. Senator Robert Bennett (R-Utah) supported a bill, S. 1456, which would create more specific FOIA exemptions. Representative Thomas Davis (R-VA) has proposed that the Homeland Security bill protect businesses from anti-trust actions and liability suits (H.R. 2435). However, after weeks of negotiations with Senator Patrick Leahy (D-Vt) and Carl Levin (D-Mich), Senator Bennett agreed to several compromises to a Homeland Security Bill (S. 2452) that would significantly narrow the FOIA exemptions for the private sector.
The Senators' agreement allows records to be covered by the exemption, not simply information, and only records that have been submitted to the Department of Homeland Security; records submitted to other agencies are not covered by the exemption. Records given to other agencies, even if also submitted to the Department of Homeland Security, are not subject to the exemption.
The submitter of the record is required to certify its confidentiality and confidentiality is limited to records containing information about threats and vulnerabilities to the national infrastructure, as opposed to any information concerning "critical infrastructure." Furthermore, the compromise narrows the definition "furnish voluntarily, " to ensure that any company submissions to receive government grants, licenses or other government benefits are not covered by the exemption.
The Senators also agreed that the FOIA exemption will not preempt state or local sunshine laws, nor will private companies gain civil or antitrust immunity. Any portions of voluntarily submitted reports that are not classified under the exemption are subject to FOIA and any person who discloses classified information is not subject to criminal penalty.