Bloomberg Anywhere Remote Login Bloomberg Terminal Demo Request


Connecting decision makers to a dynamic network of information, people and ideas, Bloomberg quickly and accurately delivers business and financial information, news and insight around the world.


Financial Products

Enterprise Products


Customer Support

  • Americas

    +1 212 318 2000

  • Europe, Middle East, & Africa

    +44 20 7330 7500

  • Asia Pacific

    +65 6212 1000


Industry Products

Media Services

Follow Us

Bloomberg Customers


Reject the Corporate Secrecy Grab

By David Banisar In the name of improving cyber security, corporations are pushing for

exemptions to the U.S. Freedom of Information Act (FOIA) that are

unnecessary and dangerous. These will result in crucial information being

suppressed without improving security.

There are two bills pending before the Congress -- HR 2435, the Cyber Security Information Act, introduced by Reps. Davis and Moran, and S. 1456, the Critical Infrastructure Information Act, introduced by Senators Bennett and Kyl.

The Senate bill defines "critical infrastructure" as almost every possible

imaginable system: "physical and cyber-based systems and services essential

to the national defense, government, or economy of the United States." It

then exempts from FOIA, and also prevents the government from using for

other purposes, broad categories of information including assessments; risk

audits and evaluations; and insurance and recovery plans submitted by

companies about critical infrastructure systems.

Industry claims that without these exemptions, it will not share

information, because of fears that it will become public. But these broad

exemptions are totally unnecessary. Trade secrets are already well protected

under FOIA.

Section 552 (b)(4) states that records that are "trade secrets and

commercial or financial information obtained from a person and privileged or

confidential" and not subject to the FOIA. That is not exactly a high hurdle

to jump. The courts have been very expansive of this and there are no

credible examples of confidential information of this nature being released.

'Corporations are trying to ensure that evidence of their ineptness is kept

out of the spotlight. 'David Banisar is a research fellow at the Harvard

Information Infrastructure Project at the Kennedy School of Government at

Harvard University and Deputy-Director of Privacy International.

So why push so hard for FOIA exemptions?

The wide list of exemptions from use by government agencies is interesting.

What is supposed to be confidential? Why insurance and recovery plans? It

sounds like the corporations are trying to ensure that evidence of their

ineptness is kept out of the spotlight, not because of concerns about the

release of information causing more harm, but to cover their own butts. They

don't want the government using the info to smack them around when they

screw up.

And saving themselves from public embarrassment by having something that

covers everything, not just confidential information, is a nice bonus.

One of the major problems with creating this gaping hold in FOIA is the

nature of some of the information likely to be suppressed in the name of

security. When the Congress enacted an exemption in 1996 to information

related to security and safety of airlines, the FAA used it as an excuse to

block the release of information on racial-based profiling and the legal

basis for requiring that all flyers show government I.D. before boarding a



Imagine all the materials relating to cyber security that have been obtained

by groups such as EPIC over the last 10 years that the government would have

loved to have hidden: the Clipper Chip, Digital Signature Standard, the

Communications Assistance to Law Enforcement Act (CALEA), Carnivore, FIDNet,

and Echelon. FOIA was used to reveal how these systems worked, and allowed

for better informed public debate on them. Would we really be better off if

none of these documents had been released?

It's no surprise why Bush announced in October that he supports more FOIA

exemptions. It fits in well with the general campaign by the Administration

to gut access to information, especially post September 11. Thus far,

Attorney General Ashcroft has issued a directive on FOIA calling on agencies

eliminate the old presumption in favor of releasing information; Bush has

turned the President Records Act on its head to prevent Reagan

Administration files (such as his father's) from being released; and Bush

hid his own governor's records at his father's Presidential library to

prevent access. We can also expect the return of the Official Secrets Act

bill that Clinton vetoed.

Senator Bennett agreed in December to delay moving his bill forward,

following a protest led by environmentalists, doctors, librarians and others

who saw the bill as allowing companies to limit disclosure of information

about toxic releases and other health data. But the good Senator, who is a

champion of industry-sponsored bills that hurt the public, claimed that the

groups misunderstand his bill, telling the Salt Lake Tribune, "It sounds as

if they are talking about a different bill." Funny that he said essentially

the same thing to the remarkably anti-privacy "medical privacy bill" he

introduced a few years ago. Must be something in the water in Utah ...

James Madison, one of our founding fathers, once said, "Knowledge will

forever govern ignorance, and a people who mean to be their own governors,

must arm themselves with the power knowledge gives. A popular government

without popular information or the means of acquiring it, is but a prologue

to a farce or a tragedy or perhaps both."

These bills do nothing to improve security, and they harm the public's

ability to find out what is going on. Congress has better things to do than

to hold the hand of industry and give it another free pass on weak security. David Banisar is a research fellow at the Harvard Information

Infrastructure Project at the Kennedy School of Government at Harvard University and Deputy-Director of Privacy International.

blog comments powered by Disqus