WASHINGTON (03/29/2000) - Industry and law enforcement officials spoke out Tuesday about one of the biggest barriers they perceive to sharing information about security and cyberattacks: the fear that any information turned over to a government agency is open to the Freedom of Information Act.
The officials spoke before Senator Jon Kyl's Senate Judiciary Committee's Technology, Terrorism and Government Information Subcommittee. Kyl, a Republican from Arizona, is considering legislation that would help persuade industry to share cyberattack information with the government by shielding the data from FOIA requests, Kyl's staff said.
Reps. Tom Davis, a Republican from Virginia, and Jim Moran, a Democrat from Virginia, have said they will sponsor a bill to exempt critical infrastructure-related information.
"Companies worry that if information sharing with government really becomes a two-way street, FOIA requests for information they have provided to an agency could prove embarrassing and probably costly," testified Harris Miller, president of the Information Technology Association of America. "Many in industry believe that freedom from FOIA concerns is the most formidable obstacle and that an exemption for this type of information sharing is the only option."
According to U.S. Federal Bureau of Investigation director Louis Freeh, industry information obtained during an investigation into a cyberattack would be afforded the same level of protection against FOIA requests and the legal discovery process as any grand jury testimony. The economic espionage statute also comes into play, he said.
But at the same time, the FBI would support legislation to amend the act to include the type of information industry is worried about. "I would certainly tend to favor it in the limited area of trade secrets, intellectual property," Freeh said. "I would think that's a very fair and traditional area to carve out protections for."