YOU ARE AT:Archived ArticlesDHS will provide guidance on critical infrastructure information

DHS will provide guidance on critical infrastructure information

WASHINGTON-The Department of Homeland Security is considering a controversial plan that could dramatically reshape the relationship between the wireless industry and the federal government on critical infrastructure protection, an initiative that may provide telecom and high-tech firms less privacy protection than advertised by the Bush administration.

The rulemaking, an offshoot of homeland security legislation signed by President Bush last November, would exempt from the Freedom of Information Act information voluntarily provided by companies to DHS and other government agencies-including the Federal Communications Commission-on critical infrastructure protection.

An FCC spokeswoman said the agency is reviewing the DHS plan. Comments are due on the homeland security rulemaking by June 16, but already the rulemaking is attracting attention.

The FOIA exemption-a subject of fierce debate in Congress last year-is designed to encourage firms to share with the government sensitive information they otherwise would be reluctant to disclose out of fear that business competitors and others could gain access to it by filing a FOIA request.

“This is a key issue. Any degree which the [FOIA] provision is undercut would undermine Department of Homeland Security effectiveness,” said Kathryn Condello, vice president of industry operations at the Cellular Telecommunications & Internet Association.

That is precisely what a group of lawmakers led by Sen. Patrick Leahy (D-Vt.) want to do in pending legislation.

Leahy and others argue the FOIA exemption is overly broad so as to shield from public view information about nearly every major industrial sector by simply labeling it critical infrastructure information, or CII.

“We do not keep America safer by chilling federal officials from warning the public about threats to their health and safety. We do not ensure our nation’s security by refusing to tell the American people whether or not federal agencies are doing their jobs or [whether] their government is spending their hard-earned tax dollars wisely,” stated Leahy when he introduced his bill in March.

David Wray, a DHS spokesman, disagreed.

Wray said the CII classification is not automatic, explaining that companies will have the burden of convincing DHS officials that information they choose to share deserves to be kept secret. At the same time, Wray said the FOIA exemption law is good public policy.

“The critical infrastructure information that is collected and protected would essentially be a catalogue on how to hurt us,” said Wray. He said DHS will rely on “sector lead agencies,” which already have established relationships with different industries. Thus, DHS would look to the FCC for critical infrastructure information on wireless, landline telephone and satellite licensees.

Privacy advocates are gearing up for another major battle on the FOIA exemption issue.

“I think the obvious glaring problem is this rule alters critical infrastructure information government-wide. It is not limited to DHS,” said David Sobel, general counsel of the Electronic Privacy Information Center. “This flies in the face of the legislative history.”

That protection of CII would be extended throughout government could be a double-edged sword for industry. What such an approach implies is that a potentially large pool of government personnel will be privy to commercially sensitive data. Thus, while it will oversee the protection of the information, DHS will not have a monopoly on knowledge about computer-based telecom, energy, water and transportation facilities.

Indeed, even with the FOIA exemption, there is plenty of potential for CII to find its way into the public domain. The DHS undersecretary or designate, for example, under certain conditions can share protected CII with other federal, state and local government employees. Disclosure also extends to federal contractors so long as they are performing homeland security-related work.

Violations of CII procedures can result in a fine and/or a jail term of not more than one year. Whether the penalty is enough to dissuade unauthorized disclosure of telecom and high-tech CII is unclear, especially in a town not particularly good at keeping secrets.

Information sharing gained currency in the aftermath of the Sept. 11, 2001, terrorist attacks. Some critics say better communication between law enforcement and intelligence agencies (and within agencies themselves) could have helped foil the deadly assault.

Now, there is an unprecedented effort to improve the way federal agencies talk with each other and the way they relate to the private sector.

Coordinating information sharing among federal agencies and the private sector on homeland security matters represents uncharted territory and a Herculean challenge, a reality underscored in a General Accounting Office report released at a House Government Reform Committee hearing last Thursday.

“If a strategic plan to integrate information systems is effectively and efficiently implemented, we not only will achieve economies of scale, but will also be better prepared to protect the nation’s physical and cyber infrastructure, secure our borders, counteract chemical and biological attacks, and respond to terrorist and natural disaster incidents,”said Rep. Tom Davis (R-Va.), chairman of the House Government Reform Committee. “But,” he added, “that’s a considerable `if’ we’re talking bout.”

Davis has vowed to strip out of any bill language seeking to repeal the homeland security FOIA exemption.

ABOUT AUTHOR