|NMU||WASHINGTON, D.C.||Freedom of Information||Apr 12, 2000|
Bill to exempt government-industry ‘cyberattack’ discussions introduced
- A proposed bill before the U.S. Congress would exempt from disclosure under the FOI Act communications related to thwarting attacks by computer hackers.
Congressmen Thomas Davis (R-Va.) And James Moran (D-Va..) on April 12 introduced the Cyber Security Information Act of 2000 to exempt from disclosure under the federal Freedom of Information Act exchanges of information between government and private industry — discussions intended to ward off “cyberattacks” from hackers.
In announcing the bill, Davis described it as a “very, very limited” exemption to the FOI Act which does not mandate secrecy if information is broadly disclosed to the public or if it is obtained independently through legal means. However, the bill appears to protect any statement about cyber security requested either by the government or a private company the government recognizes as collecting the information for discussion in combating hackers.
The measure is intended to entice private industries to share information about threats and security problems. It promises that both the government and private companies privy to the discussions will keep secret shared information about vulnerabilities of the “critical infrastructure.” The bill anticipates that through sharing information government and industry can together eliminate the potential for information misuse by hackers who can range from mischievous teenagers to professional criminals to foreign government-sponsored attackers, according to the bill.
The bill defines the “critical infrastructure” as facilities or services so vital to the nation and its economy that their “disruption, incapacitation or destruction would have a debilitating impact” on defense, security, economic prosperity or public health and safety. Industries covered would include financial services, telecommunications, information technology, transportation, utilities, and health care facilities. Government information shared with industry about defense, law enforcement or international security would apparently also be considered as exempt from the FOI Act.
The bill also protects private industry from any antitrust measures or civil litigation based on the shared information.
© 2000 The Reporters Committee for Freedom of the Press