|NMU||WASHINGTON, D.C.||Freedom of Information||Mar 29, 2000|
Congress looks at additional FOI restrictions for ‘cyberattack’ data
- Witnesses at a congressional hearing in late March asked the government to amend the federal Freedom of Information Act to protect “critical infrastructure information.”
Senators and witnesses in late March discussed amending the federal Freedom of Information Act to protect “critical infrastructure information ” at a hearing on “Cyberattacks Investigation and Information Sharing” by the Senate Judiciary Committee’s Subcommittee on Terrorism, Technology and Government Information.
Emphasizing a need to entice private companies to share information about “cybercrimes” that have been committed against them and their vulnerabilities to other cybercrimes, Sen. Jon Kyl (R-Ariz.), subcommittee chairman, said overall protection from Internet sabotage requires that information about electronic vulnerabilities, threats and attacks be communicated among companies and with government agencies.
He said private sector competitors need to create information sharing and analysis centers and cooperate to combat cyberthreats. He also said that the FOI Act may need to be “updated” to encourage companies to share information with the federal government.
FBI Director Louis Freeh said, in response to questioning, that he would “tend to favor” an FOI Act exemption for industry prohibiting public access in the limited area of trade secrets, proprietary information and intellectual property, although he said the Department of Justice is in the process of preparing its recommendations. In his testimony Freeh said that the Economic Espionage Act provides some protection for information submitted as a part of an investigation.
Harris Miller, President of the Information Technology Association of America told the subcommittee that belief by companies that they risk disclosure of “very sensitive and confidential” information about proprietary secrets or customer records will be a “show stopper” to sharing information with the government.
Rich Pethia, who directs Carnegie-Mellon University’s Computer Emergency Response Team Center in Pittsburgh, Penn., said that the protection from the FOI Act must extend beyond information sharing. “Information assurance” needs to become a real engineering discipline, he said, with a detailed understanding of organizations’ systems, policies and practices — the kind of information that “would make an organization vulnerable. That kind of information has to come from federal organizations as well as federally funded research programs and it has to be protected,” he said.
© 2000 The Reporters Committee for Freedom of the Press