by Sarah D. Scalet

Fact, Fiction and FOIA

Oct 15, 20023 mins

To hear some practitioners tell it, a new exemption from the Freedom of Information Act (FOIA) is the number-one thing companies want before they’ll willingly share information with the government about security threats, vulnerabilities and incidents. But press these practitioners for details and you’ll find they’re pretty foggy about what the proposed exemption would or would not do. One chief security officer of a Fortune 500 company, who spoke on condition of anonymity, argued for the exemption and then admitted that he really didn’t know what FOIA was.

Established in 1966 in Section 552 of Title 5 of the U.S. Code, FOIA was designed to give the public access to the inner workings of government. Journalists, researchers, advocacy groups, businesses and private individuals can file a request with any government agency to access records that might otherwise remain private. In recent years, FOIA requests have led to the disclosure of files about the assassination of John F. Kennedy and details about Vice President Dick Cheney’s energy task force.

FOIA already has several exemptions, but the current debate centers on whether exemption B4?for “trade secrets and commercial or financial information”?protects information about security threats and vulnerabilities as well as it protects, say, the ingredients in Coke’s syrup. Many of the government’s experts, including Richard Clarke, President Bush’s top information security adviser, insist that B4 is protection enough. Nevertheless, they still advocate for an additional exemption, if only to reassure corporate lawyers who don’t want to have to rely on case law to protect sensitive data.

In response, the U.S. House of Representatives added an additional FOIA exemption to last July’s bill creating the new Department of Homeland Defense. H.R. 5005 protects voluntarily submitted critical infrastructure information, including the identity of the submitting person or entity, to any covered federal agency. In the Senate’s proposed Homeland Defense bill, S. 2452, a narrower version of the exemption would cover only information voluntarily submitted to the new Department of Homeland Defense. Neither exemption says anything about information that’s not critical to the infrastructure?like, say, the ingredients in Coke’s syrup. But critics fear that the exemption is poorly worded and may be used to hide things like oil spills.

At press time, the Senate was scheduled to debate its Homeland Defense bill. The differences between the bills are likely to be hammered out in a conference committee in one of the rowdiest debates on Capitol Hill this fall.