Davis preps FOIA exemption

Rep. Tom Davis (R-Va.) is planning to reintroduce a bill as soon as next week to protect companies that share cybersecurity information with federal agencies.

The new bill is a reworking of the Cyber Security Information Act co-sponsored last year by Rep. James Moran (D-Va.). It will provide companies with a specific exemption from the Freedom of Information Act for information they share with federal organizations such as the Federal Computer Incident Response Center (FedCIRC), the coordinating center for civilian agencies on cyberattack alerts and analysis.

Davis has been working on a draft of the bill, which is one of his top technology priorities, spokesman David Marin said in January. The decision to put forward the new version comes as Sen. Robert Bennett (R-Utah) announced plans to introduce a similar bill in the Senate. Davis will talk with the senator on how to coordinate the two, Marin told Federal Computer Week today.

Vendors and agencies, including FedCIRC and the Justice Department, have been pushing for an exemption to cover security information because of the priority on securing systems that support the nation's critical infrastructure. Presidential Decision Directive 63, signed by President Clinton in May 1998, identified critical infrastructure systems as including those that run the nation's electric power grids and those that maintain telecommunications networks.

PDD-63 required federal agencies to take the lead on securing these systems, many of which are under the control of the private sector. Companies must feel comfortable telling the government about security breaches, officials have said many times in the past.

However, experts have insisted that data such as the security information targeted by these bills is already covered in exemptions recognized by courts, and they say another exemption would be nothing more than show.