Davis readies new FOIA exemption

Rep. Tom Davis (R-Va.) plans to reintroduce a bill to protect companies that share cyber-security information with federal agencies.

The new bill reworks the Cyber Security Information Act Davis co-sponsored last year with Rep. James Moran (D-Va.). It will provide companies with a specific exemption from the Freedom of Information Act for information they share with federal organizations, such as the Federal Computer Incident Response Center, the coordinating center for civilian agencies on cyberattack alerts.

Sen. Robert Bennett (R-Utah) has announced plans to introduce a similar bill. Davis will talk with Bennett on how to coordinate the two, said David Marin, Davis' spokesman.

Vendors and agencies have pushed for an information security exemption because of the priority put on securing critical infrastructure systems by Presidential Decision Directive 63, signed by President Clinton in May 1998. Such systems include those that run the nation's electric power grids and maintain telecommunications networks.

PDD 63 requires federal agencies to take the lead on securing these systems, many of which are controlled by the private sector. Companies must feel comfortable telling the government about security breaches, officials have said.

However, experts insist that data such as the security information targeted by the bills is already covered in exemptions recognized by courts.