Hill: Block FOIA

The Clinton administration's plan to protect critical networks from cyberattacks

may get the bipartisan congressional support it needs this week in the

form of legislation that shields companies' data when it is shared with

federal security officials.

Reps. Tom Davis (R-Va.) and Jim Moran (D-Va.), both outspoken proponents

of enhancing critical infrastructure protection efforts, are sponsoring

the bill, which would protect companies' proprietary information from inadvertent

disclosure under the Freedom of Information Act.

Private companies, which own most of the nation's critical infrastructure,

have been reluctant to share proprietary data with the government, fearing

that it would end up in the hands of competitors. Companies also often refuse

to report hacker attacks on their enterprises to the government out of fear

that the news will create public distrust in their services and lead to

falling stock prices.

Dave Morin, a spokesman for Davis, said the bill will cover not only

real-time and after-the-fact hacker attacks but also "preventative" security

efforts by companies who own key nodes and systems. "At this point, we think

neither type of information is being shared," Morin said. "We want to make

sure information is shared at every level."

Bill Poulos, director of electronic commerce policy for Electronic Data

Systems Corp.'s Government Affairs Division, said FOIA protection is one

of the main issues he and other industry leaders mentioned to President

Clinton at the White House cybersecurity summit in February. "Reporting

information to the government is in effect making it public information,"

Poulos said. "The safest thing to do is say nothing, but we don't want to

do that."

Steven Aftergood, director of the Proj-ect on Government Secrecy at

the Federation of American Scientists, said a new law may be unnecessary.

The case has yet to be made that critical infrastructure information held

by industry is subject to disclosure under FOIA if it is provided to the

government, he said. "Most or all of it would probably be exempt as proprietary

information or law enforcement information," Aftergood said.

Some privacy advocates are not convinced that the new bill comes with

pure intentions. "This will potentially allow companies to keep secret things

like environmental hazard information [and the] safety of water supplies,"

said Wayne Madsen, senior fellow with the Electronic Privacy Information

Center.