Industry's FOIA shield debated

Featured eBooks
CDM
Read Now

Future-Ready Workforce

Read Now

Health Tech

Read Now
Insights & Reports
From Ambition to Action: Modernizing Federal Healthcare IT
Presented By Google Public Sector
Download Now
Smarter Contracting for Federal Agencies and Government Contractors
Presented By Carahsoft
Download Now
By Diane Frank,
FCW

By Diane Frank,
FCW

|

The bill would give companies an exemption from the Freedom of Information Act when sharing information about cybersecurity

House members on Thursday stood behind their bill to give companies an exemption

from the Freedom of Information Act when sharing information about cybersecurity.

However, critics say the bill is unnecessary and that the government cannot

handle the information that industry would provide.

The Cyber Security Information Act, co-sponsored by Reps. Tom Davis (R-Va.)

and James Moran (D-Va.), is designed to promote the sharing of cybersecurity

information between the private sector and government.

The administration has asked agencies to work with industry and form information

sharing and analysis centers (ISACs). The financial services sector has

started its ISAC, and the telecommunications and information technology

sectors are working on ISACs. But businesses consistently have raised questions

about the sharing of security information, Moran said before the House Government

Management, Information and Technology Subcommittee on Thursday.

"Their concerns stemmed from the lack of clarity in antitrust laws and concerns

related to disclosures the government would have to make based on [FOIA],"

he said.

The Davis-Moran bill is based on the Year 2000 Information and Readiness

Disclosure Act. It will provide a limited FOIA exemption, protecting companies

from civil litigation over shared information, and it establishes an antitrust

exemption for information shared within an ISAC, Davis said.

However, David Sobel, general counsel for the Electronic Privacy Information

Center, said that existing FOIA exemptions already protect information that

would be shared in an ISAC. "The courts have really bent over backwards

to make sure private-sector companies do feel comfortable sharing information

with the government," he said.

Davis said companies perceive those protections as not enough, and they

will not share information with government until they have "ironclad assurance"

that it will not be released.

The bill could provide agencies with a better picture of information security

threats across the country because it "creates an additional protected channel

for potent, valuable information," said Joel Willemssen, director of civil

agencies information systems at the General Accounting Office.

But regardless of whether the bill succeeds, the government may not be prepared

to deal with the information, Willemssen said. Agencies don't have a process

to ensure that they are collecting the correct information, nor is there

evidence the organizations in place can analyze and share this information

in a timely manner, he said.

NEXT STORY: Web resource open for minority businesses