HR 624, the "new" cybersecurity legislation introduced by the Chair and Ranking Member of the House Intelligence Committee threatens to blow a hole in the public's right to know under the Freedom of Information Act (FOIA). In the interest of encouraging private companies to share cyber threat information with the federal government, the bill, which is called the Cyber Intelligence Sharing and Protection Act (CISPA), unwisely and unnecessarily cuts of all access to any information that is shared.
HR 624, including the provision exempting the release of information under the FOIA (page 7, lines 10 – 13), is virtually identical to the version of the bill passed by the House during the 112th Congress (HR 3523). More than 40 organizations dedicated to openness and accountability joined OpenTheGovernment.org in urging Representatives to vote against the legislation last year.
Why is the provision so bad?
First, it ignores the fact that much of the sensitive information private companies are likely to share with the government is already protected from disclosure under the FOIA. Granting a sweeping provision from disclosure to encourage companies to share information that is already protected under the law is just bad policy.
Second, it is incredibly broad. There is a dangerous lack of specificity as to what can be considered "cybersecurity threat information." It is not possible for us — or Congress — to know what types of information may be covered by this exemption.
Furthermore, there is no mechanism to weigh the public interest in disclosure of the information. Some of the information that may be shared under the bill — and therefore exempt from disclosure — could be critical for the public to ensure its safety.
We continue to encourage Congress to protect the public's right to know. Any effort to expand of the authority of the federal government to withhold information from the public should begin with careful consideration, including public hearings, by the House Oversight and Government Reform Committee, which has jurisdiction over FOIA. That Committee has the expertise needed to ensure that FOIA-related provisions promote transparency and public accountability while allowing the government to withhold only that information which truly requires protection.