Sometime this week, perhaps as early as Wednesday, the Senate is expected to take up a new version of Senator Lieberman's cybersecurity proposal. While some provisions of the new bill are improvements over the language in the original proposal, S.2105, we remain concerned that the bill still includes unnecessary, overbroad and unwise limitations to access of information.
A previous letter OpenTheGovernment.org and several of our partners sent to Senator Lieberman and his co-sponsors on S.2105 expressed concerns about a provision that exempts over-broadly defined "critical infrastructure information" from disclosure under FOIA, and the impact the provision could have on whistleblower protections. The new version of the bill, S.3414, includes a much narrower definition, scope and limitation of covered "critical infrastructure information," and preserves existing whistleblower protections.
Virtually unchanged from the original bill is a provision that summarily cuts off all public access to any information that the private sector shares with the federal government through the new cybersecurity exchanges created under the bill. This language, which has been included to encourage companies to share what could be sensitive information, ignores that there are existing protections for sensitive business and security information under the Freedom of Information Act (FOIA). Furthermore, we continue to say it is bad policy to exempt information from public disclosure before Congress or the public have any idea about the scope and type of information that may be shared is bad policy, and could make it impossible for the public to understand whether the government is taking appropriate steps to protect our nation's cyber-connected infrastructure.