To hear some practitioners tell it, a new exemption from the Freedom of Information Act (FOIA) is the number-one thing companies want before they’ll willingly share information with the government about security threats, vulnerabilities and incidents. But press these practitioners for details and you’ll find they’re pretty foggy about what the proposed exemption would or would not do. One chief security officer of a Fortune 500 company, who spoke on condition of anonymity, argued for the exemption and then admitted that he really didn’t know what FOIA was.Established in 1966 in Section 552 of Title 5 of the U.S. Code, FOIA was designed to give the public access to the inner workings of government. Journalists, researchers, advocacy groups, businesses and private individuals can file a request with any government agency to access records that might otherwise remain private. In recent years, FOIA requests have led to the disclosure of files about the assassination of John F. Kennedy and details about Vice President Dick Cheney’s energy task force.FOIA already has several exemptions, but the current debate centers on whether exemption B4?for “trade secrets and commercial or financial information”?protects information about security threats and vulnerabilities as well as it protects, say, the ingredients in Coke’s syrup. Many of the government’s experts, including Richard Clarke, President Bush’s top information security adviser, insist that B4 is protection enough. Nevertheless, they still advocate for an additional exemption, if only to reassure corporate lawyers who don’t want to have to rely on case law to protect sensitive data. SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe In response, the U.S. House of Representatives added an additional FOIA exemption to last July’s bill creating the new Department of Homeland Defense. H.R. 5005 protects voluntarily submitted critical infrastructure information, including the identity of the submitting person or entity, to any covered federal agency. In the Senate’s proposed Homeland Defense bill, S. 2452, a narrower version of the exemption would cover only information voluntarily submitted to the new Department of Homeland Defense. Neither exemption says anything about information that’s not critical to the infrastructure?like, say, the ingredients in Coke’s syrup. But critics fear that the exemption is poorly worded and may be used to hide things like oil spills. At press time, the Senate was scheduled to debate its Homeland Defense bill. The differences between the bills are likely to be hammered out in a conference committee in one of the rowdiest debates on Capitol Hill this fall. Related content feature Mastercard preps for the post-quantum cybersecurity threat A cryptographically relevant quantum computer will put everyday online transactions at risk. Mastercard is preparing for such an eventuality — today. By Poornima Apte Sep 22, 2023 6 mins CIO 100 CIO 100 CIO 100 feature 9 famous analytics and AI disasters Insights from data and machine learning algorithms can be invaluable, but mistakes can cost you reputation, revenue, or even lives. These high-profile analytics and AI blunders illustrate what can go wrong. By Thor Olavsrud Sep 22, 2023 13 mins Technology Industry Technology Industry Technology Industry feature Top 15 data management platforms available today Data management platforms (DMPs) help organizations collect and manage data from a wide array of sources — and are becoming increasingly important for customer-centric sales and marketing campaigns. By Peter Wayner Sep 22, 2023 10 mins Marketing Software Data Management opinion Four questions for a casino InfoSec director By Beth Kormanik Sep 21, 2023 3 mins Media and Entertainment Industry Events Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe