 | |
| |
TechnologyDaily Mobile
The Quiet Fight For A FOIA Break
by Bara Vaida
Last November and December, the National Resources Defense Council and other environmental groups were able to energize their constituent bases to respond to a cyber-security bill in a way that the high-tech and business sectors have yet to do.
In two months, the environmental lobby successfully flooded Senate offices with about 12,000 calls and letters to block movement of the measure, S. 1456. "We believed if it was passed, it would shut down environmental enforcement," said Rena Steinzor, an academic fellow at the council, which activated its grassroots network to stop the bill on expectations that it would be attached to pending bioterrorism legislation.
The environmental group's lobbying halted movement on the bill, which would grant companies a limited exemption from the Freedom of Information Act (FOIA). The high-tech and business sectors quietly have pushed the legislation since February 2000 but have yet to aggressively counter critics of the bill with a cohesive lobbying campaign of their own. Instead, individual companies have left the advocacy to a loose-knit industry coalition, in part because of the backlash against corporations generated by the collapse of the Enron energy firm.
"It's one of those issues that companies prefer to hide behind the trade associations," said Harris Miller, president of Information Technology Association of America (ITAA), one of the trade groups in the coalition. "In this atmosphere of Enron, they are worried there will be people saying, 'Oh, you just want a FOIA exemption to hide something.'"
Stuck In Legislative Limbo
Introduced by Republican Sens. Robert Bennett of Utah and Jon Kyl of Arizona, the legislation seeks to spur businesses to disclose to regulatory and enforcement agencies any information they have about vulnerabilities in computer networks. The measure would grant those businesses exemptions from FOIA, antitrust prosecution and lawsuits that could stem from the voluntary disclosure of such information. Reps. Tom Davis, R-Va., and James Moran, D-Va., introduced a similar bill, H.R. 2435, in the House.
Action on the measure currently remains on hold while the environmental groups discuss their concerns with Senate Governmental Affairs Committee staff and the White House Office of Cyber Security. The Electronic Privacy Information Center (EPIC), the Center for Democracy and Technology (CDT), the American Library Association and OMB Watch also oppose the bill.
Numerous business executives continue to say the FOIA legislation is necessary to boosting their confidence in sharing information with the public, but no one company has championed the legislation's cause. In addition to ITAA, the coalition that supports the bill includes the Edison Electric Institute, the Financial Services Roundtable, the Business Software Alliance, the U.S. Chamber of Commerce, the National Association of Manufacturers (NAM), Americans for Computer Privacy and several other high-tech associations.
None of the organizations, however, is in charge of the lobbying effort, and there are no plans for the groups to pool funds for an advertising blitz or other high-profile lobbying strategies. Rather, each association has agreed to use its resources to lobby for the FOIA legislation on its own.
The coalition has organized itself enough to jointly send a letter urging Congress and the Bush administration to move Bennett's bill and to counter opponent's arguments. Their work also persuaded White House cyber-security adviser Richard Clarke and Attorney General John Ashcroft to recently state that the administration would support a "narrowly crafted" FOIA exemption if it would foster information sharing.
"We are making real progress, and I think Clarke and Ashcroft's comments are the clearest indication of that yet," said David Peyton, NAM's director of technology policy.
A Debate About Information Sharing
Supporters of the legislation argue that it is needed in an era when information sharing may be crucial to national security. In particular, supporters believe the bill can solidify formalized information-sharing organizations called the information-sharing assurance centers (ISACs).
The ISACs were created during the Clinton administration as a place for the private sector and government to share information on critical infrastructure attacks. The plan divided critical infrastructure into eight sectors and tasked each with creating an ISAC.
The financial services, telecommunications and information technology sectors already have their ISACs, and the government has an ISAC through the General Services Administration. Yet ISACs for the transportation, water, electricity and energy sectors are still being created, and supporters of the cyber-security bill said the centers have yet to satisfy their full potential because companies fear that ISAC information could be leaked to the public and hurt their share prices.
"If you look at all the operating ISACs, the biggest is the financial services ISAC and they only have 50 members," said Joe Rubin, director of congressional affairs for the U.S. Chamber of Commerce. "We've heard from a number of financial services companies that they probably would be more engaged if they had the FOIA exemption."
Patrice McDermott, assistant director of government relations at the American Library Association's Washington office, does not completely buy that argument. She said several existing laws and court rulings, including Critical Mass Energy Project v. NRC, provide sufficient protection for voluntary submission of information to the government.
Groups opposing the legislation have asked businesses to identify specific circumstances where a FOIA exemption for cyber-security information would have made a difference for companies. "While we agree there are pieces of information that probably the public doesn't need to know, what we need to get to is what kinds of information need to be protected and what do not so the government can be held accountable," McDermott said.
She said Senate Governmental Affairs Committee Chairman Joseph Lieberman, D-Conn., "has heard and shares our concern," and that is part of why the committee is working to schedule a hearing on information sharing and the Bennett bill this spring or early summer. "There was no outreach being made to the public-interest sector in the drafting on this bill," McDermott said, "so we had to force our way into the discussion."
The Right Time For Lobbying
Rubin said the business community is working to produce the examples opponents of the legislation seek to help address their concerns. He also noted that the business community does not see a need for more aggressive lobbying until congressional action appears more likely.
"We haven't activated our grassroots [lobby] because they are most effective when things are happening," Rubin said. "So we have been trying to build momentum for the issue, but because we don't think its [movement] is imminent, we haven't activated anyone."
Meanwhile, there is one area where the business community will have to redouble its lobbying efforts, and that is on the antitrust exemption proposed in Bennett's bill. Clarke has said that although the administration does not oppose that exemption, it also does not see a necessity for the exemption because the Justice Department has published a letter stating that companies would not be violating antitrust laws if they gather to share cyber-security information.
"The antitrust exemption will need more educational effort," Rubin said.
Chamber president Tom Donohue is scheduled to discuss the FOIA bill with White House Homeland Security Director Tom Ridge within the next few weeks, Rubin said.
NEW FEATURE
-Advertisement-
-Advertisement-
-Advertisement-
