Letter

Letter to Reps. Burton and Waxman on Open Government and the Cyber Security Information Act, H.R. 2435

Document Date: April 3, 2002

Hon. Dan Burton
Chairman, Committee on Government Reform
United States House of Representatives
Washington, DC 20515

Hon. Henry Waxman
Ranking Member, Committee on Government Reform
United States House of Representatives
Washington, DC 20515

Re: Open Government and the Cyber Security Information Act, H.R. 2435

Dear Mr. Chairman and Representative Waxman:

On behalf of the American Civil Liberties Union (ACLU), we are writing to ask you to support principles of open government by opposing H.R. 2435 because it would unnecessarily weaken the Freedom of Information Act (FOIA), 5 U.S.C. § 552. The ACLU is a non-profit, non-partisan organization of approximately 300,000 members, dedicated to preserving civil liberties and the principles of open and accountable government.

The FOIA is the bedrock statute that preserves government accountability by requiring government agencies to disclosure information to requesters in a timely manner. The basic open government policy of the FOIA has worked well since the statute's enactment. The disclosure of information pursuant to the FOIA has helped citizens protect the health and safety of their communities against environmental hazards. Disclosure laws, including the FOIA, have also helped ACLU and other civil rights organizations obtain information about abusive government practices, such as arbitrary arrests and secretive detentions.

The FOIA contains a number of common sense exemptions. Classified information, sensitive law enforcement information, and confidential business information voluntarily provided to the government by private industry are examples of information the disclosure of which is not required by the FOIA. Courts have carefully weighed the public's need for disclosure against the possible harms of disclosure under FOIA's traditional exemptions. In deciding whether to disclose technical information voluntarily submitted by private industry, courts have given substantial deference to industry demands for confidentiality. See, e.g., Critical Mass Energy Project v. Nuclear Regulatory Commission, 975 F.2d 871 (D.C. Cir. 1992).

Despite these exemptions, private industry is seeking additional, blanket exemptions for so-called "cyber security information" that is shared with government, raising the specter of cyber-terrorism. No showing has been made that any truly sensitive information is in danger of being disclosed under the FOIA. Nor is it likely such a showing could be made, because such information would be exempt from disclosure.

Creating a blanket exemption for so-called "cyber security information" would undermine, rather than enhance, security. Such an exemption would permit private industry and the government to shield from the public accountability the actions they are taking - and, more importantly, the actions they are not taking - to protect the public from cyber attacks.

For these reasons, we urge you to oppose H.R. 2435, and instead work with relevant government agencies, industry and watchdog groups to protect critical infrastructure from cyber attacks without weakening the public's right to know.

Sincerely,

Laura W. Murphy
Director, ACLU Washington Office

Timothy H. Edgar
ACLU Legislative Counsel

Cc: Hon. Steve Horn
Hon. Jerry Lewis
Hon. F. James Sensenbrenner, Jr.
Hon. John Conyers, Jr.