Hacks? What Hacks?Sen. Robert Bennett (R-Utah), the Senate’s computer security point man, wants you to start reporting hacks of your company networks to the government. But he thinks you need a little incentive. His plan? To pass a new law that exempts any information that businesses share on hacks from disclosure under the Freedom of Information Act (FOIA).It sounds reasonable enough. The government needs this information to understand why attacks occur and to develop better security protections. FOIA is a law that lets the public request internal government documents?like memos about Gulf War veterans’ illnesses or FBI files about criminal gangs. Companies fear that if reports of their security weaknesses are aired publicly (the press is a major FOIA user), the information would cast doubt on their future health and their stock prices could slide. Bennett’s critics, however, see a slippery slope, leading to companies covering up problems that investors and customers should know about. Scott Armstrong, a journalist and founder of the National Security Archive, says it’s not clear how the government would define what constitutes protected information about a network intrusion. Hypothetically, a software company could use such a law to cover up that it knew there were vulnerabilities in its product before it was sold but did nothing about it. Armstrong thinks most information that companies would legitimately want to keep secret is already protected by existing FOIA exemptions. The statute shields proprietary information about companies and data about law enforcement investigations. At press time, Bennett was planning to introduce his bill this summer. Similar legislation sponsored by Reps. Tom Davis (R-Va.) and Jim Moran (D-Va.) went nowhere last year, but the idea has influential friends. Backers include companies in the banking, telecommunications, electricity and IT industries. For more on this issue, see “Break Glass, Pull Handle, Call FBI” (June 1, 2001). -Stephanie Viscasillas The Man to See About IT PolicyJohn Graham, head of The Harvard Center for Risk Analysis, is a leading skeptic of the value of government regulation. And he’s the man President Bush hopes to put in charge of deciding which regulations?including those relating to IT policy?go on the books. If he’s instated he’ll pass judgment on everything from whether agencies will put their forms online to what companies have to do to protect the privacy of financial or medical data they keep about customers.Graham, whose confirmation by the Senate as head of the Office of Information and Regulatory Affairs (OIRA) was imminent at press time, is controversial. He’s taken strong stands against some regulations, like proposals to prohibit using cell phones while driving, arguing their costs outweigh their benefits. And he’s been criticized for kowtowing to companies that fund his research (consumer advocates jumped on the fact that AT&T had funded his cell phone research). Meanwhile, some detractors contend he’s ill-qualified to make IT policy. Gary Bass, executive director of OMB Watch, a government watchdog group, thinks the OIRA head should have some technology expertise (Graham is a professor of policy and decision sciences). No past OIRA administrators have been technologists, though former Presi-dent Clinton’s appointee, Sally Katzen, was an expert in telecommunications law. At his confirmation hearings in May, Graham said he simply calls things as he sees them. No senators on the Governmental Affairs Committee asked for his views on IT issues during the confirmation hearings, and he didn’t volunteer any. -S. Viscasillas Related content BrandPost The future of trust—no more playing catch up Broadcom: 2023 Tech Trends That Transform IT By Eric Chien, Director of Security Response, Symantec Enterprise Division, Broadcom Mar 31, 2023 5 mins Security BrandPost TCS gives Blackhawk Network an edge with Microsoft Cloud In this case study, Blackhawk Network’s Cara Renfroe joins Tata Consultancy Services’ Rakesh Kumar and Microsoft’s Nilendu Pattanaik to explain how TCS transformed the gift card company’s customer engagement and global operati By Tata Consultancy Services Mar 31, 2023 1 min Financial Services Industry Cloud Computing IT Leadership BrandPost How TCS pioneered the ‘borderless workspace’ with Microsoft 365 Microsoft’s modern workplace solution proved a perfect fit for improving productivity and collaboration, while maintaining security of systems and data. By Tata Consultancy Services Mar 31, 2023 1 min Financial Services Industry Microsoft Cloud Computing BrandPost Supply chain decarbonization: The missing link to net zero By improving the quality of global supply chain data, enterprises can better measure their true carbon footprint and make progress toward a net-zero business ecosystem. By Tata Consultancy Services Mar 31, 2023 2 mins Retail Industry Supply Chain Green IT Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe