Industry's FOIA shield debated

House members on Thursday stood behind their bill to give companies an exemption

from the Freedom of Information Act when sharing information about cybersecurity.

However, critics say the bill is unnecessary and that the government cannot

handle the information that industry would provide.

The Cyber Security Information Act, co-sponsored by Reps. Tom Davis (R-Va.)

and James Moran (D-Va.), is designed to promote the sharing of cybersecurity

information between the private sector and government.

The administration has asked agencies to work with industry and form information

sharing and analysis centers (ISACs). The financial services sector has

started its ISAC, and the telecommunications and information technology

sectors are working on ISACs. But businesses consistently have raised questions

about the sharing of security information, Moran said before the House Government

Management, Information and Technology Subcommittee on Thursday.

"Their concerns stemmed from the lack of clarity in antitrust laws and concerns

related to disclosures the government would have to make based on [FOIA],"

he said.

The Davis-Moran bill is based on the Year 2000 Information and Readiness

Disclosure Act. It will provide a limited FOIA exemption, protecting companies

from civil litigation over shared information, and it establishes an antitrust

exemption for information shared within an ISAC, Davis said.

However, David Sobel, general counsel for the Electronic Privacy Information

Center, said that existing FOIA exemptions already protect information that

would be shared in an ISAC. "The courts have really bent over backwards

to make sure private-sector companies do feel comfortable sharing information

with the government," he said.

Davis said companies perceive those protections as not enough, and they

will not share information with government until they have "ironclad assurance"

that it will not be released.

The bill could provide agencies with a better picture of information security

threats across the country because it "creates an additional protected channel

for potent, valuable information," said Joel Willemssen, director of civil

agencies information systems at the General Accounting Office.

But regardless of whether the bill succeeds, the government may not be prepared

to deal with the information, Willemssen said. Agencies don't have a process

to ensure that they are collecting the correct information, nor is there

evidence the organizations in place can analyze and share this information

in a timely manner, he said.


  • Defense
    The U.S. Army Corps of Engineers and the National Geospatial-Intelligence Agency (NGA) reveal concept renderings for the Next NGA West (N2W) campus from the design-build team McCarthy HITT winning proposal. The entirety of the campus is anticipated to be operational in 2025.

    How NGA is tackling interoperability challenges

    Mark Munsell, the National Geospatial-Intelligence Agency’s CTO, talks about talent shortages and how the agency is working to get more unclassified data.

  • Veterans Affairs
    Veterans Affairs CIO Jim Gfrerer speaks at an Oct. 10 FCW event (Photo credit: Troy K. Schneider)

    VA's pivot to agile

    With 10 months on the job, Veterans Affairs CIO Jim Gfrerer is pushing his organization toward a culture of constant delivery.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.