Homeland Security Act blocks unclassified information from public, protects the companies that provide it
From the Winter 2003 issue of The News Media & The Law, page 9.
By Rebecca Daugherty
Despite efforts by key senators to avert such legislation, Congress in November 2002 passed a Homeland Security Act that criminalizes leaks of unclassified critical infrastructure information provided to the government by businesses who, in turn, are promised secrecy and immunity from prosecution if they share what they know. Sen. Patrick Leahy (D-Vt.), then-chairman of the Senate Judiciary Committee and a veteran open-government advocate, called the act that ultimately passed “the most severe weakening of the Freedom of Information Act in its 36-year history.”
Leahy, Sen. Carl Levin (D-Mich.) and Sen. Robert Bennett (R-Utah) had crafted an alternative, which they believed met with administration approval, but in the rush to pass a Homeland Security measure, a House version with the unprecedented controls on information was signed into law.
By February, Leahy and Levin already were asking for revisions to the new law and planned to introduce a new measure like the one approved by committee in the last Congress.
Levin also used the nomination hearings of the new head of the Department of Homeland Security to garner support for change. Responding to Levin’s questions, Tom Ridge told the Government Affairs Committee that it certainly wasn’t the intent of the advocates of the FOI exemption to give wrongdoers protection or to protect illegal activity.
“I’ll certainly work with you to clarify that language,” he said.
The new Homeland Security Act not only removes critical infrastructure information from disclosure mandates of the FOI Act, it removes Homeland Security advisory boards from the openness requirements of the Federal Advisory Committee Act and creates restrictions that will deter whistleblowers.
But its arguably worst feature for reporters is that it criminalizes disclosure of information that does not even merit classification. To entice companies to share information about weaknesses that might affect the critical infrastructure, the new law not only puts that information out of reach of the FOI Act but sets criminal penalties for persons who might leak that information.
At Ridge’s nomination hearing, Levin said that the new act cut back on the public’s right to know what its government is up to by expanding the types of information that the new department can keep shielded from the public, including unclassified information about “critical infrastructure: issues involving such matters as electrical grids, computer systems, or water treatment facilities.”
Because of the new law, the information cannot be used in civil proceedings, Levin said. For instance, if the department got information submitted by a chemical company indicating that it was in danger of releasing a toxic gas because of a vulnerability in its infrastructure, the statute “ties the hands” of the department, barring it from releasing the information in court or even to another agency such as the Environmental Protection Agency, he said.
Even a member of Congress who releases the information could be jailed, Levin said. “I find this incredible. Limiting the public’s right to know and jailing whistleblowers isn’t the direction we should be going and is not necessary to protect America.”
The new act does not really create an “exemption” to the FOI Act. An existing FOI Act exemption (Exemption 3) allows Congress to require confidentiality through other laws. By specifically providing that some kinds of information will not be available under the FOI Act, the Homeland Security measure became an Exemption 3 statute.
It protects critical infrastructure information that is voluntarily submitted to the Homeland Security Department for use “regarding the security of critical infrastructure and protected systems, analysis, warning, interdependency study, recovery, reconstitution, or other informational purpose” if it is accompanied by an “express statement” that the submitter intends it to be confidential.
The act specifically protects information that the new department might share with state and local governments. The Department of Justice’s Office of Information and Privacy says that means that the federal act preempts state open records laws. If critical infrastructure information is submitted to the department and it disseminates it to state or local authorities, the information still must remain secret, according to the Justice Department.
However, the act only applies to information submitted to the new department. Information provided to other agencies is not exempt under this law.
Reporters and others had argued that the new provisions were not necessary, that existing exemptions to the Freedom of Information Act clearly protected information from businesses when decisions could clearly cause harm.
Some state legislators are trying to get similar bills enacted.
California’s Gov. Gray Davis met in mid-January with the California Newspaper Publisher Association and the California First Amendment Coalition to discuss bills that would similarly change the state’s open government laws.
The organizations criticized one bill to allow closure of vulnerability assessments and plans for action against terrorist attacks and another to amend the Bagley-Keene Act, which requires state boards to meet openly, so that state bodies could discuss security issues in executive session.
The California groups told the governor that terrorists are unlikely to use the public records act to obtain records, that existing exemptions already protect records that might truly be sensitive to terrorist misuse and that measures to keep board meetings of regulatory bodies secret could keep the public from seeing records associated with safety. (SB 1643; AB 2072)
A committee in the Montana Senate in late January approved a measure to protect information about public officials and facilities following the terrorist attacks of September 11.
If passed, the bill would allow the state to withhold any information when it believes that disclosure would threaten the privacy or safety of any person. (SB 142).
In Texas at least two bills were filed by early February to limit access to emergency response plans because, as Sen. Jeff Wentworth (R-San Antonio) told the Associated Press, “We don’t want to have all the details available to terrorists.”
The Texas legislature meets every other year and had not convened since the September 11 attacks. (HB437; SB152)