Congressional Record: March 12, 2003 (Senate)
Page S3622-S3639

      By Mr. LEAHY (for himself, Mr. Levin, Mr. Lieberman, Mr. 
        Jeffords, and Mr. Byrd):
  S. 609. A bill to amend the Homeland Security Act of 2002 (Public Law 
107-296) to provide for the protection of voluntarily furnished 
confidential information, and for other purposes; to the Committee on 
the Judiciary.
  Mr. LEAHY. Mr. President, last year when I voted to support passage 
of the Homeland Security Act, HSA, I voiced concerns about several 
flaws in the legislation. I called for the Administration and my 
colleagues on both sides of the aisle to monitor implementation of the 
new law and to craft corrective legislation in the 108th Congress. One 
of my chief concerns with the HSA was a subtitle of the act that 
granted an extraordinarily broad exemption to the Freedom of 
Information Act, FOIA, in exchange for the cooperation of private 
companies in sharing information with the government regarding 
vulnerabilities in the nation's critical infrastructure.
  Unfortunately, the law that was enacted undermines Federal and State 
sunshine laws permitting the American people to know what their 
government is doing. Rather than increasing security by encouraging 
private sector disclosure to the government, it guts FOIA at the 
expense of our national security and public health and safety.
  On March 16, we mark Freedom of Information Day, which falls on the 
anniversary of James Madison's birthday. Madison said, "A popular 
government, without popular information, or the means of acquiring it, 
is but a prologue to a farce or tragedy or perhaps both." As a long-
time supporter of open government, I believe we must heed Madison's 
warning and revisit the potentially damaging limitations placed on 
access to information by the HSA.
  I rise today to introduce legislation with my distinguished 
colleagues Senator Levin, Senator Jeffords, Senator Lieberman, and 
Senator Byrd to restore the integrity of FOIA. I want to thank my 
colleagues for working with me on this important issue of public 
oversight. This bill protects Americans' "right to know" while 
simultaneously providing security to those in the private sector who 
voluntarily submit critical infrastructure records to the newly created 
Department of Homeland Security, DHS.
  Encouraging cooperation between the private sector and the government 
to keep our critical infrastructure systems safe from terrorist attacks 
is a goal we all support. But the appropriate way to meet this goal is 
a source of great debate--a debate that has been all but ignored since 
the enactment of the HSA last year.
  The HSA created a new FOIA exemption for "critical infrastructure 
information." That broadly defined term applies to information 
regarding a variety of facilities--such as privately operated power 
plants, bridges, dams, ports, or chemical plants--that might be 
targeted for a terrorist attack. In HSA negotiations last fall, House 
Republicans and the administration promoted language that they 
described as

[[Page S3632]]

necessary to encourage owners of such facilities to identify 
vulnerabilities in their operations and share that information with the 
Department of Homeland Security, DHS. The stated goal was to ensure 
that steps could be taken to ensure the facilities' protection and 
proper functioning.
  In fact, such descriptions of the legislation were disingenuous. 
These provisions, which were eventually enacted in the HSA, shield from 
FOIA almost any voluntarily submitted document stamped by the facility 
owner as "critical infrastructure." This is true no matter how 
tangential the content of that document may be to the actual security 
of a facility. The law effectively allows companies to hide information 
about public health and safety from American citizens simply by 
submitting it to DHS. The enacted provisions were called "deeply 
flawed" by Mark Tapscott of the Heritage Foundation in a November 20, 
2002 Washington Post op-ed. "Too Many Secrets," Washington Post, 
November 20, 2002, at A25. He argued that the "loophole" created by 
the law "could be manipulated by clever corporate and government 
operators to hide endless varieties of potentially embarrassing and/or 
criminal information from public view."
  In addition, under the HSA, disclosure by private facilities to DHS 
neither obligates the private company to address the vulnerability, nor 
requires DHS to fix the problem. For example, in the case of a chemical 
spill, the law bars the government from disclosing information without 
the written consent of the company that caused the pollution. As the 
Washington Post editorialized on February 10, 2003, "A company might 
preempt environmental regulators by `voluntarily' divulging 
incriminating material, thereby making it unavailable to anyone else." 
"Fix This Loophole," Washington Post, February 10, 2003, at A20.
  The new law also 1. shields the companies from lawsuits to compel 
disclosure, 2. criminalizes otherwise legitimate whistleblower activity 
by DHS employees, and 3. preempts any state or local disclosure laws.
  The Restore FOIA bill I introduce today with Senators Levin, 
Jeffords, Lieberman, and Byrd is identical to language I negotiated 
with Senators Levin and Bennett last summer when the HSA was debated by 
the Governmental Affairs Committee. Senator Bennett stated in the 
Committee's July 25, 2003 mark up that the administration had endorsed 
the compromise. He also said that industry groups had reported to him 
that the compromise language would make it possible for them to share 
information with the government without fear of the information being 
released to competitors or to other agencies that might accidentally 
reveal it. The Governmental Affairs Committee reported out the 
compromise language that day. Unfortunately, much more restrictive 
House language was eventually signed into law.
  The February 10 Post editorial called the Leahy-Levin-Bennett 
language "a compromise that would accomplish the reasonable purpose" 
of "encouraging companies to share information with the government 
about infrastructure that might be vulnerable to terrorist attack 
without such broad harmful effects." Id. The Post editorial was 
titled, "Fix This Loophole," which is exactly what my colleagues and 
I hope to accomplish with the introduction of this bill. Id.
  The Restore FOIA bill would correct the problems in the HSA in 
several ways. First, it limits the FOIA exemption to relevant 
"records" submitted by the private sector, such that only those that 
actually pertain to critical infrastructure safety are protected. 
"Records" is the standard category referred to in FOIA. This corrects 
the effective free pass given to industry by the HSA for any 
information it labels "critical infrastructure."
  Second, unlike the HSA, the Restore FOIA bill allows for government 
oversight, including the ability to use and share the records within 
and between agencies. It does not limit the use of such information by 
the government, except to prohibit public disclosure where such 
information is appropriately exempted under FOIA.
  Third, it protects the actions of legitimate whistleblowers, rather 
than criminalizing their acts.
  Fourth, it does not provide civil immunity to companies that 
voluntarily submit information. This corrects a flaw in the current 
law, which would prohibit such information from being used directly in 
civil suits by government or private parties.
  Fifth, unlike the HSA, the Restore FOIA bill allows local authorities 
to apply their own sunshine laws. The Restore FOIA bill does not 
preempt any state or local disclosure laws for information obtained 
outside the Department of Homeland Security. Likewise, it does not 
restrict the use of such information by state agencies.
  Finally, the Restore FOIA bill does not restrict congressional use or 
disclosure of voluntarily submitted critical infrastructure 
information. The HSA language was unclear on this point, and even the 
Congressional Research Service could not say for certain that members 
of Congress or their staff would not be criminally liable. Homeland 
Security Act of 2002: Critical Infrastructure Information Act, February 
29, 2003, CRS Report for Congress, Order Code RL31762, at 14-15.
  These changes to the HSA would accomplish the stated goals of the 
critical infrastructure provisions in the HSA without tying the hands 
of the government in its efforts to protect Americans and without 
cutting the public out of the loop.
  The Administration has flip-flopped on how to best approach the issue 
of critical infrastructure information. The Administration's original 
June 18, 2002, legislative proposal establishing a new department 
carved out an FOIA exemption, in section 204, and required non-
disclosure of any "information" "voluntarily" provided to the new 
Department of Homeland Security by "non-Federal entities or 
individuals" pertaining to "infrastructure vulnerabilities or other 
vulnerabilities to terrorism" in the possession of, or that passed 
through, the new department. Critical terms, such as "voluntarily 
provided," were undefined.
  The Judiciary Committee had an opportunity to query Governor Ridge 
about the Administration's proposal on June 26, 2002, when the 
Administration reversed its long-standing position and allowed him to 
testify in his capacity as the Director of the Transition Planning 
  Governor Ridge's testimony at that hearing is instructive. He seemed 
to appreciate the concerns expressed by Members about the President's 
June 18 proposal and to be willing to work with us in the legislative 
process to find common ground. On the FOIA issue, he described 
the Administration's goal to craft "a limited statutory exemption to 
the Freedom of Information Act" to help "the Department's most 
important missions [which] will be to protect our Nation's critical 
infrastructure." (June 26, 2002 Hearing, Tr., p. 24). Governor Ridge 
explained that to accomplish this, the Department must be able to 
"collect information, identifying key assets and components of that 
infrastructure, evaluate vulnerabilities, and match threat assessments 
against those vulnerabilities." (Id., at p. 23).

  I do not understand why some have insisted that FOIA and our national 
security are inconsistent. Before the HSA was enacted, the FOIA already 
exempted from disclosure matters that are classified; trade secret, 
commercial and financial information, which is privileged and 
confidential; various law enforcement records and information, 
including confidential source and informant information; and FBI 
records pertaining to foreign intelligence or counterintelligence, or 
international terrorism. These already broad exemptions in the FOIA 
were designed to protect national security and public safety and to 
ensure that the private sector can provide needed information to the 
  Prior to enactment of the HSA, the FOIA exempted from disclosure any 
financial or commercial information provided voluntarily to the 
government, if it was of a kind that the provider would not customarily 
make available to the public. Critical Mass Energy Project v. NRC, 975 
F.2d 871 (D.C. Cir. 1992) (en banc). Such information enjoyed even 
stronger nondisclosure protections than did material that the 
government requested. Applying this exception, Federal regulatory 
agencies safeguarded the confidentiality of all kinds of critical 
infrastructure information, like nuclear power plant safety reports 

[[Page S3633]]

Mass, 975 F.2d at 874), information about product manufacturing 
processes and internal security measures (Bowen v. Food & Drug Admin., 
925 F.2d 1225 (9th Cir. 1991), design drawings of airplane parts 
(United Technologies Corp. by Pratt & Whitney v. F.A.A., 102 F.3d 688 
(2d Cir. 1996)), and technical data for video conferencing software 
(Gilmore v. Dept. of Energy, 4 F. Supp.2d 912 (N.D. Cal. 1998)).
  The head of the FBI National Infrastructure Protection Center, NIPC, 
testified more than five years ago, in September, 1998, that the "FOIA 
excuse" used by some in the private sector for failing to share 
information with the government was, in essence, baseless. He explained 
the broad application of FOIA exemptions to protect from disclosure 
information received in the context of a criminal investigation or a 
"national security intelligence" investigation, including information 
submitted confidentially or even anonymously. [Sen. Judiciary 
Subcommittee on Technology, Terrorism, and Government Information, 
Hearing on Critical Infrastructure Protection: Toward a New Policy 
Directive, S. HRG. 105-763, March 17 and June 10, 1998, at p. 107]
  The FBI also used the confidential business record exemption under 
(b)(4) "to protect sensitive corporate information, and has, on 
specific occasions, entered into agreements indicating that it would do 
so prospectively with reference to information yet to be received." 
NIPC was developing policies "to grant owners of information certain 
opportunities to assist in the protection of the information (e.g., by 
`sanitizing the information themselves') and to be involved in 
decisions regarding further dissemination by the NIPC." Id. In short, 
the former Administration witness stated:

       Sharing between the private sector and the government 
     occasionally is hampered by a perception in the private 
     sector that the government cannot adequately protect private 
     sector information from disclosure under the Freedom of 
     Information Act, FOIA. The NIPC believes that this perception 
     is flawed in that both investigative and infrastructure 
     protection information submitted to NIPC are protected from 
     FOIA disclosure under current law. (Id.)

  Nevertheless, for more than five years, businesses continued to seek 
a broad FOIA exemption that also came with special legal protections to 
limit their civil and criminal liability. That business wish list was 
largely granted in the Homeland Security Act.
  At the Senate Judiciary Committee hearing with Governor Ridge, I 
expressed my concern that an overly broad FOIA exemption would 
encourage government complicity with private firms to keep secret 
information about critical infrastructure vulnerabilities, reduce the 
incentive to fix the problems and end up hurting rather than helping 
our national security. In the end, more secrecy may undermine rather 
than foster security.
  Governor Ridge seemed to appreciate these risks, and said he was 
"anxious to work with the Chairman and other members of the committee 
to assure that the concerns that [had been] raised are properly 
addressed." Id. at p. 24. He assured us that "[t]his Administration 
is ready to work together with you in partnership to get the job done. 
This is our priority, and I believe it is yours as well." Id. at p. 
25. This turned out to be an empty promise.
  Almost before the ink was dry on the Administration's earlier June 
proposal, on July 10, 2002, the Administration proposed to substitute a 
much broader FOIA exemption that would (1) exempt from disclosure under 
the FOIA critical infrastructure information voluntarily submitted to 
the new department that was designated as confidential by the submitter 
unless the submitter gave prior written consent, (2) provide limited 
civil immunity for use of the information in civil actions against the 
company, with the likely result that regulatory actions would be 
preceded by litigation by companies that submitted designated 
information to the department over whether the regulatory action was 
prompted by a confidential disclosure, (3) preempt state sunshine laws 
if the designated information is shared with state or local government 
agencies, (4) impose criminal penalties of up to one year imprisonment 
on government employees who disclosed the designated information, and 
(5) antitrust immunity for companies that joined together with agency 
components designated by the President to promote critical 
infrastructure security.
  Despite the Administration's promulgation of two separate proposals 
for a new FOIA exemption in as many weeks, in July, Director Ridge's 
Office of Homeland Security released The National Strategy for Homeland 
Security, which appeared to call for more study of the issue before 
legislating. Specifically, this report called upon the Attorney General 
to "convene a panel to propose any legal changes necessary to enable 
sharing of essential homeland security information between the 
government and the private sector." (P. 33)
  The need for more study of the Administration's proposed new FOIA 
exemption was made amply clear by its possible adverse environmental, 
public health and safety affects. Keeping secret problems in a variety 
of critical infrastructures would simply remove public pressure to fix 
the problems. Moreover, several environmental groups pointed out that, 
under the Administration's proposal, companies could avoid enforcement 
action by "voluntarily" providing information about environmental 
violations to the EPA, which would then be unable to use the 
information to hold the company accountable and also would be required 
to keep the information confidential. It would bar the government from 
disclosing information about spills or other violations without the 
written consent of the company that caused the pollution.
  I worked on a bipartisan basis with many interested stakeholders from 
environmental, civil liberties, human rights, business and government 
watchdog groups to craft a compromise FOIA exemption that did not grant 
the business sector's wish-list but did provide additional 
nondisclosure protections for certain records without jeopardizing the 
public health and safety. At the request of Chairman Lieberman for the 
Judiciary Committee's views on the new department, I shared my concerns 
about the Administration's proposed FOIA exemption and then worked with 
Members of the Governmental Affairs Committee, in particular Senator 
Levin and Senator Bennett, to craft a more narrow and responsible 
exemption that accomplishes the Administration's goal of encouraging 
private companies to share records of critical infrastructure 
vulnerabilities with the new Department of Homeland Security without 
providing incentives to "game" the system of enforcement of 
environmental and other laws designed to protect our nation's public 
health and safety. We refined the FOIA exemption in a manner that 
satisfied the Administration's stated goal, while limiting the risks of 
abuse by private companies or government agencies.
  This compromise solution was supported by the Administration and 
other Members of the Committee on Governmental Affairs and was 
unanimously adopted by that Committee at the markup of the Homeland 
Security Department bill on July 25, 2002. The compromise which I now 
introduce as a free standing bill would exempt from the FOIA certain 
records pertaining to critical infrastructure threats and 
vulnerabilities that are furnished voluntarily to the new Department 
and designated by the provider as confidential and not customarily made 
available to the public. Notably, the compromise FOIA exemption made 
clear that the exemption only covered "records" from the private 
sector, not all "information" provided by the private sector and 
thereby avoided the adverse result of government agency-created and 
generated documents and databases being put off-limits to the FOIA 
simply if private sector "information" is incorporated. Moreover, the 
compromise FOIA exemption clearly defined what records may be 
considered "furnished voluntarily," which did not cover records used 
"to satisfy any legal requirement or obligation to obtain any grant, 
permit, benefit (such as agency forbearance, loans, or reduction or 
modifications of agency penalties or rulings), or other approval from 
the Government." The FOIA compromise exemption further ensured that 
portions of records that are not covered by the exemption would be 
released pursuant to FOIA requests. This compromise did not provide any 
civil liability or antitrust immunity that could be used to immunize 
bad actors or frustrate regulatory enforcement action, nor did

[[Page S3634]]

the compromise preempt state or local sunshine laws.
  Unfortunately, the version of the HSA that we enacted last November 
jettisoned the bipartisan compromise on the FOIA exemption, worked out 
in the Senate with the Administration's support, and replaced it with a 
big-business wish-list gussied up in security garb. The HSA's FOIA 
exemption makes off-limits to the FOIA much broader categories of 
"information" and grants businesses the legal immunities and 
liability protections they have sought so vigorously for over five 
years. This law goes far beyond what is needed to achieve the laudable 
goal of encouraging private sector companies to help protect our 
critical infrastructure. Instead, it ties the hands of the federal 
regulators and law enforcement agencies working to protect the public 
from imminent threats. It gives a windfall to companies who fail to 
follow federal health and safety standards. Most disappointingly, it 
undermines the goals of openness in government that the FOIA was 
designed to achieve. In short, the FOIA exemption in the HSA represents 
the most severe weakening of the Freedom of Information Act in its 36-
year history.
  In the end, the broad secrecy protections provided to critical 
infrastructure information in this bill will promote more secrecy, 
which may undermine rather than foster national security. In addition, 
the immunity provisions in the bill will frustrate enforcement of the 
laws that protect the public's health and safety.

  Let me explain in greater detail. The FOIA exemption enacted in the 
HSA allows companies to stamp or designate certain information as 
critical infrastructure information, or "CII," and then submit this 
information about their operations to the government either in writing 
or orally, and thereby obtain a blanket shield from FOIA's disclosure 
mandates as well as other protections. A Federal agency may not 
disclose or use voluntarily-submitted and CII-marked information, 
except for a limited "informational purpose," such as "analysis, 
warning, interdependency study, recovery, reconstitution," without the 
company's consent. Even when using the information to warn the public 
about potential threats to critical infrastructure, the bill requires 
agencies to take steps to protect from disclosure the source of the CII 
information and other "business sensitive" information.
  The law also contains an unprecedented provision that threatens jail 
time and job loss to any government employee who happens to disclose 
any critical infrastructure information that a company has submitted 
and wants to keep secret. These penalties for using the CII information 
in an unauthorized fashion or for failing to take steps to protect 
disclosure of the source of the information are severe and will chill 
any release of CII information--not just when a FOIA request comes in, 
but in all situations, no matter the circumstance. Criminalizing 
disclosures not of classified information or national security related 
information, but of information that a company decides it does not want 
public--is an effective way to quash discussion and debate over many 
aspects of the government's work. In fact, under the HSA, CII 
information is granted more comprehensive protection under Federal 
criminal laws than classified information.
  This provision of the law has potentially disastrous consequences. If 
an agency is given information from an internet service provider, ISP, 
about cyberattack vulnerabilities, agency employees will have to think 
twice about sharing that information with other ISPs for fear that, 
without the consent of the ISP to use the information, even a warning 
might cost their jobs or risk criminal prosecution.
  This provision means that if a Federal regulatory agency needs to 
issue a regulation to protect the public from threats of harm, it 
cannot rely on any voluntarily submitted information--bringing the 
normal regulatory process to a grinding halt. Public health and law 
enforcement officials need the flexibility to decide how and when to 
warn or prepare the public in the safest, most effective manner. They 
should not have to get "sign off" from a Fortune 500 company to do 
  While the HSA risks making it harder for the government to protect 
American families, it makes it much easier for companies to escape 
responsibility when they violate the law by giving them unprecedented 
immunity from civil and regulatory enforcement actions. Once a business 
declares that information about its practices relates to critical 
infrastructure and is "voluntarily" provided, it can then prevent the 
Federal Government from disclosing it not just to the public, but also 
to a court in a civil action. This means that an agency receiving CII-
marked submissions showing invasions of employee or customer privacy, 
environmental pollution, or government contracting fraud will be unable 
to use that information in a civil action to hold that company 
accountable. Even if the regulatory agency obtains the information 
necessary to bring an enforcement action from an alternative source, 
the company will be able to tie the government up in protracted 
litigation over the source of the information.
  For example, if a company submits information that its factory is 
leaching arsenic in ground water, that information may not be turned 
over to local health authorities to use in any enforcement proceeding 
nor turned over to neighbors who were harmed by drinking the water for 
use in a civil tort action. Moreover, even if EPA tries to bring an 
action to stop the company's wrongdoing, the "use immunity" provided 
in the HSA will tie the agency up in litigation making it prove where 
it got the information and whether it is tainted as "fruit of the 
poisonous tree"--i.e., obtained from the company under the "critical 
infrastructure program."
  Similarly, if the new Department of Homeland Security receives 
information from a bio-medical laboratory about its security 
vulnerabilities, and anthrax is released from the lab three weeks 
later, the Department will not be able to warn the public promptly 
about how to protect itself without consulting with and trying to get 
the consent of the laboratory in order to avoid the risk of job loss or 
criminal prosecution for a non-consensual disclosure. Moreover, if the 
laboratory is violating any state, local or federal regulation in its 
handling of the anthrax, the Department will not be able to turn over 
to another Federal agency, such as the EPA or the Department of Health 
and Human Services, or to any State or local health officials, 
information or documents relating to the laboratory's mishandling of 
the anthrax for use in any enforcement proceedings against the 
laboratory, or in any wrongful death action, should the laboratory's 
mishandling of the anthrax result in the death of any person. The law 
specifically states that such CII-marked information "shall not, 
without the written consent of the person or entity submitting such 
information, be used directly by such agency, any other Federal, State, 
or local authority, or any third party, in any civil action arising 
under Federal or State law if such information is submitted in good 
faith." [H.R. 5710, section 214(a)(1)(C)]
  Most businesses are good citizens and take seriously their 
obligations to the government and the public, but this "disclose-and-
immunize" provision is subject to abuse by those businesses that want 
to exploit legal technicalities to avoid regulatory guidelines. The HSA 
lays out the perfect blueprint to avoid legal liability: funnel 
damaging information into this voluntary disclosure system and pre-empt 
the government or others harmed by the company's actions from being 
able to use it against the company. This is not the kind of two-way 
public-private cooperation that our country needs.
  The scope of the information that is covered by the new HSA FOIA 
exemption is overly broad and undermines the openness in government 
that FOIA was intended to guarantee. Under this law, information about 
virtually every important sector of our economy that today the public 
has a right to see can be shut off from public view simply by labeling 
it "critical infrastructure information." Prior to enactment of the 
HSA, under FOIA standards, courts had required federal agencies to 
disclose 1. pricing information in contract bids so citizens can make 
sure the government is wisely spending their taxpayer dollars; 2. 
compliance reports that allow constituents to insist that government 
contractors comply with federal equal

[[Page S3635]]

opportunity mandates; and 3. banks' financial data so the public can 
ensure that federal agencies properly approve bank mergers. Without 
access to this kind of information, it will be harder for the public to 
hold its government accountable. Under the HSA, all of this information 
may be marked CII information and kept out of public view.
  The HSA FOIA exemption goes so far in exempting such a large amount 
of material from FOIA's disclosure requirements that it undermines 
government openness without making any real gains in safety for 
families in Vermont and across America. We do not keep America safer by 
chilling Federal officials from warning the public about threats to 
their health and safety. We do not ensure our nation's security by 
refusing to tell the American people whether or not their federal 
agencies are doing their jobs or their government is spending their 
hard earned tax dollars wisely. We do not encourage real two-way 
cooperation by giving companies protection from civil liability when 
they break the law. We do not respect the spirit of our democracy when 
we cloak in secrecy the workings of our government from the public we 
are elected to serve.
  The argument over the scope of the FOIA and unilateral executive 
power to shield matters from public scrutiny goes to the heart of our 
fundamental right to be an educated electorate aware of what our 
government is doing. The Rutland Herald got it right in a November 26, 
2002 editorial that explained: "The battle was not over the right of 
the government to hold sensitive, classified information secret. The 
government has that right. Rather, the battle was over whether the 
government would be required to release anything it sought to 
  We need to fix this troubling restriction on public accountability. 
Exempting the new Department from laws that ensure responsibility to 
the Congress and to the American people makes for a tenuous start not 
the sure footing we all want for the success and endurance of this new 
Department. I urge my colleagues to support the Restoration of Freedom 
of Information Act of 2003.
  I ask unanimous consent to print the editorials I mentioned and 
several letters of support of the Restore FOIA bill in the Record.
  There being no objection, the additional material was ordered to be 
printed in the Record, as follows:

Restoration of Freedom of Information Act ("Restore FOIA") Sectional 

       Sec. 1. Short title. This section gives the bill the short 
     title, the "Restoration of Freedom of Information Act".
       Sec. 2. Protection of Voluntarily Furnished Confidential 
     Information. This section strikes subtitle B (secs. 211-215) 
     of the Homeland Security Act ("HSA") (P.L. 107-296) and 
     inserts a new section 211.
       Sections to be repealed from the HSA: These sections 
     contain an exemption to the Freedom of Information Act (FOIA) 
     that (1) exempt from disclosure critical infrastructure 
     information voluntarily submitted to the new department that 
     was designated as confidential by the submitter unless the 
     submitter gave prior written consent; (2) provide civil 
     immunity for use of such information in civil actions against 
     the company; (3) preempt state sunshine laws if the 
     designated information is shared with state or local 
     government agencies; and (4) impose criminal penalties of up 
     to one year imprisonment on government employees who 
     disclosed the designated information.
       Provisions that would replace the repealed sections of the 
     HAS: The Restore FOIA bill inserts a new section 211 to the 
     HSA that would exempt from the FOIA certain records 
     pertaining to critical infrastructure threats and 
     vulnerabilities that are furnished voluntarily to the new 
     Department and designated by the provider as confidential and 
     not customarily made available to the public. Notably, the 
     Restore FOIA bill makes clear that the exemption covers 
     "records" from the private sector, not all "information" 
     provided by the private sector, as in the enacted version of 
     the HSA. The Restore FOIA bill ensures that portions of 
     records that are not covered by the exemption would be 
     released pursuant to FOIA requests. It does not provide any 
     civil liability immunity or preempt state or local sunshine 
     laws, and it does not criminalize whistleblower activity.
       Specifically, this section of the Restore FOIA bill 
     includes the following:
       A definition of "critical infrastructure": This term is 
     given the meaning adopted in section 1016(e) the USA Patriot 
     Act (42 U.S.C. 5195c(e)) which reads, "critical 
     infrastructure means systems and assets, whether physical or 
     virtual, so vital to United States that the incapacity or 
     destruction of such systems and assets would have a 
     debilitating impact on security, national economic security, 
     national public health or safety, or any combination of those 
     matters." This definition is commonly understood to mean 
     facilities such as bridges, dams, ports, nuclear power 
     plants, or chemical plants.
       A definition of the term "furnished voluntarily": This 
     term signifies documents provided to the Department of 
     Homeland Security (DHS) that are not formally required by the 
     department and that are provided to it to satisfy any legal 
     requirement. The definition excludes any document that is 
     provided to DHS with a permit or grant application or to 
     obtain any other benefit from DHS, such as a loan, agency 
     forbearance, or modification of a penalty.
       An exemption from FOIA of records that pertain to 
     vulnerabilities of and threats to critical infrastructure 
     that are furnished voluntarily to DHS. This exemption is made 
     available where the provider of the record certifies that the 
     information is confidential and would not customarily be 
     released to the public.
       A requirement that other government agencies that have 
     obtained such records from DHS withhold disclosure of the 
     records and refer any FOIA requests to DHS for processing.
       A requirement that reasonably segregable portions of 
     requested documents be disclosed, as is well-established 
     under FOIA.
       An allowance to agencies that obtain critical 
     infrastructure records from a source other than DHS to 
     release requested records consistent with FOIA, regardless of 
     whether DHS has an identical record in its possession.
       An allowance to providers of critical infrastructure 
     records to withdraw the confidentiality designation of 
     records voluntarily submitted to DHS, thereby making the 
     records subject to disclosure under FOIA.
       A direction to the Secretary of Homeland Security to 
     establish procedures to receive, designate, store, and 
     protect the confidentiality of records voluntarily submitted 
     and certified as critical infrastructure records.
       A clarification that the bill would not preempt state or 
     local information disclosure laws.
       A requirement for the Comptroller General to report to the 
     House and Senate Judiciary Committees, the House Governmental 
     Reform Committee and the Senate Governmental Affairs 
     Committee the number of private entities and government 
     agencies that submit records to DHS under the terms of the 
     bill. The report would also include the number of requests 
     for access to records that were granted or denied. Finally, 
     the Comptroller General would make recommendations to the 
     committees for modifications or improvements to the 
     collection and analysis of critical infrastructure 
       Sec. 3. Technical and conforming amendment. This section 
     amends the table of contents of the Homeland Security Act.

               [From the Washington Post, Feb. 10, 2003]

                           Fix This Loophole

       The Homeland Security law enacted last year contains a 
     miserable provision that weakens important federal regulation 
     and public access to information. Congress should act soon to 
     repair the damage.
       The goal of the provision was reasonable enough: 
     encouraging companies to share information with the 
     government about infrastructure that might be vulnerable to 
     terrorist attack. Fearing public disclosure, companies have 
     been reluctant to share information on vulnerabilities at, 
     say, power plants or chemical factories. So under the law, 
     any such "critical infrastructure" information that 
     companies voluntarily provide to the government is exempted 
     from disclosure to the public, litigants and enforcement 
       But the law defines "information" so broadly that it will 
     cover, and thus keep secret, virtually anything a company 
     decides to fork over. A company might preempt environmental 
     regulators by "voluntarily" divulging incriminating 
     material, thereby making it unavailable to anyone else. 
     Unless regulators could show they had obtained the material 
     independently, it would be off limits to them. And the law 
     prescribes criminal penalties for whistle-blowers who make 
     such information public. The collective impact will be to put 
     in the hands of a regulated party the power, simply by 
     turning over information, to shield that information from 
     legitimate law enforcement purposes and from public 
       Sens. Patrick J. Leahy (D-Vt.) and Robert F. Bennett (R-
     Utah) had negotiated a compromise that would accomplish the 
     reasonable purpose without such broad harmful effects. It 
     should be restored before the government finds its hands 
     tied--and the public finds itself out of the loop--on 
     important regulatory matters.

               [From the Washington Post, Nov. 20, 2002]

                            Too Many Secrets

                           (By Mark Tapscott)

       Why does the White House sometimes seem so determined to 
     close the door on the people's right to know what their 
     government is doing? Even some of us who admire the 
     leadership of President Bush in the war on terrorism would 
     like to know.
       Admittedly, insisting that the public's business be done in 
     public isn't a popular cause these days. Recent surveys show 
     that many Americans are willing to trade significant chunks 
     of their First Amendment rights for the promise of greater 
     security in the war on terrorism. Such surveys must gladden 
     the hearts of Bush administration

[[Page S3636]]

     officials who--presumably unintentionally--undermine measures 
     such as the Freedom of Information Act (FOIA).
       Consider just three examples from the past year: Section 
     204 of the White House's original proposal to establish a 
     Department of Homeland Security, White House Chief of Staff 
     Andrew Card's March 2002 directive that agencies restrict 
     access to "sensitive but unclassified" information, and the 
     administration's claim of executive privilege to keep secret 
     information regarding President Clinton's infamous midnight 
       The administration's Section 204 proposal exempted from 
     FOIA disclosure any information "provided voluntarily by 
     non-federal entities or individuals that relates to 
     infrastructure vulnerabilities or other vulnerabilities to 
     terrorism." One need not be a Harvard law graduate to see 
     that, without clarification of what constitutes such 
     vulnerabilities, this loophole could be manipulated by clever 
     corporate and government operators to hide endless varieties 
     of potentially embarrassing and/or criminal information from 
     public view.
       Subsequent negotiations in the Senate with the White House 
     resulted in compromise language that takes care of some of 
     the major problems, but in the rush to final passage, the 
     Senate has accepted the House version of the legislation, 
     which, being virtually identical to the administration's 
     original version, remains deeply flawed in this regard.
       The Card memo was issued when public anger over the Sept. 
     11, 2001, massacre was still intense. Despite the fact that 
     the memo failed to define what constitutes "sensitive but 
     unclassified" information, agencies responded by removing 
     thousands of previously public documents from FOIA 
     disclosure. The Pentagon, for example, estimated recently 
     that approximately 6,000 Defense Department documents were 
     removed from public view. Who now outside of government can 
     verify that any of those documents contained information that 
     could help terrorists?
       Few would argue that the Section 204 proposal and the Card 
     memo do not address legitimate national security needs in the 
     war against terrorism. But to date, nobody has produced a 
     single example of vital information that could not have been 
     properly exempted from disclosure under the current FOIA, 
     which is backed by 25 years of detailed case law. Instead, 
     the administration offers vague language that invites abuse.
       Finally, there are those pardons, which provoked a national 
     outcry when first reported. President Clinton had pardoned 
     140 people, including his Whitewater partner Susan McDougal, 
     his brother Roger (convicted on cocaine-related charges) and 
     international fugitive Marc Rich, wanted by the Justice 
     Department for allegedly conspiring with the Iranian 
     government in 1980 to buy 6 million barrels of oil, contrary 
     to a U.S. trade embargo.
       It is doubtful that the full facts behind the pardons will 
     ever be known as long as the administration refuses to 
     disclose nearly 4,000 pages related to the former president's 
     actions. The Bush administration has taken a similar position 
     on documents related to former attorney general Janet Reno's 
     controversial decision not to appoint a special counsel to 
     investigate possible Clinton administration campaign finance 
       There was a time when at least one senior Bush 
     administration official thought the FOIA essential because 
     "no matter what party has held the political power of 
     government, there have been attempts to cover up mistakes and 
     errors." That same official added that "disclosure of 
     government information is particularly important today 
     because government is becoming involved in more and more 
     aspects of every citizen's personal and business life, and so 
     access to information about how government is exercising its 
     trust becomes increasingly important."
       So spoke a young Illinois Republican congressman named 
     Donald Rumsfeld, in a floor speech on June 20, 1966, 
     advocating passage of the FOIA, of which he was a co-sponsor.
       The writer is director of the Heritage Foundation's Center 
     for Media and Public Policy.

 Fix the Critical Infrastructure Information Subtitle in the Homeland 
                          Security Act of 2002

       The undersigned organizations are concerned about the 
     current language for Critical Infrastructure Information in 
     the Homeland Security Act of 2002, which contains ambiguous 
     definitions that could unintentionally allow companies to 
     keep broad categories of information secret and provisions 
     that restrict the government's ability to use the 
     information. In order to better serve the goal of improving 
     public safety and security, we support efforts to fix the 
     Homeland Security Act by clarifying the scope of the 
     information protected and removing provisions that overly 
     restrict the government's ability to use the information.
       Senators Leahy (D-VT), Levin (D-MI), Jeffords (I-VT), 
     Lieberman (D-CT), and Byrd (D-WV) will soon introduce 
     legislation entitled the Restoration of Freedom of 
     Information Act of 2003 ("Restore FOIA") addressing these 
     concerns, using bipartisan language developed last year by 
     the Senate Governmental Affairs Committee. The Restore FOIA 
     solution would:
       Clarify the FOIA exemption to be more consistent with 
     established law.
       Remove the restrictions on the government's ability to act 
     as it sees fit in response to the information it receives.
       Preserve whistleblower protections by removing unnecessary 
     criminal penalties.
       The information provisions currently within the Homeland 
     Security Act of 2002 do not accomplish the goal of the law--
     empowering the government to protect citizens using private-
     sector information which is "voluntarily" shared and 
     identifies potential vulnerabilities to terrorist attacks. 
     The current language could have devastating effects on the 
     work of the government to protect public health, safety and 
     security, as well as government accountability. It is 
     essential that these problems in the Homeland Security Act be 
     fixed immediately before they become too firmly entrenched in 
     the law.
       Jean AbiNader, Managing Director, Arab American Institute.
       Prudence S. Adler, Associate Executive Director, 
     Association of Research Libraries.
       Steven Aftergood, Project Director, Federation of American 
       Gary Bass, Executive Director, OMB Watch.
       Jeremiah Baumann, Director, Toxics Right to Know Campaign, 
     U.S. Public Interest Research Group.
       Ruth Berlin, Executive Director, MD Pesticide Network.
       Lynne Bradley, Director, Government Relations, American 
     Library Association.
       Danielle Brian, Executive Director, Project on Government 
       Sandy Buchanan, Executive Director, Ohio Citizen Action.
       Jeanne Butterfield, Executive Director, American 
     Immigration Lawyers Association.
       Alyssondra Campaigne, Legislative Director, Natural 
     Resources Defense Council.
       Kevin S. Curtis, Vice President, Government Affairs, 
     National Environmental Trust.
       Lucy Dalglish, Executive Director, Reporters Committee for 
     Freedom of the Press.
       Charles N. Davis, Executive Director, Freedom of 
     Information Center, University of Missouri School of 
       Tom Devine, Legal Director, Government Accountability 
       Rick Engler, Director, New Jersey Work Environment Council.
       Jason Erb, Director, Governmental Relations, Council on 
     American-Islamic Relations.
       Darryl Fagin, Legislative Director, Americans for 
     Democratic Action.
       Margaret Fung, Executive Director, Asian American Legal 
     Defense and Education Fund.
       Vickie Goodwin, Organizer, Powder River Basin Resource 
       Evan Hendricks, Editor/Publisher, Privacy Times.
       Rick Hind, Legislative Director, Greenpeace.
       Khalil Jahshan, Director of Government Affairs, American-
     Arab Anti-Discrimination Committee.
       Susan E. Kegley, Staff Scientist/Program Coordinator, 
     Pesticide Action Network, North America.
       Robert Leger, President, Society of Professional 
       Dave LeGrande, Director, Occupational Safety & Health, CWA/
       Sanford Lewis, Director, Strategic Counsel on Corporate 
       Conrad Martin, Executive Director, Fund for Constitutional 
       Alexandra McPherson, Director, Clean Production Action.
       Dena Mottola, Acting Director, New Jersey Public Interest 
     Research Group.
       Laura W. Murphy, Director, Washington National Office, 
     American Civil Liberties Union.
       Ralph G. Neas, President, People for the American Way.
       Robert Oakley, Washington Affairs Representative, American 
     Association of Law Libraries.
       Paul Orum, Director, Working Group on Community Right-to-
       Deborah Pierce, Executive Director, Privacy Activism.
       Chellie Pingree, President and CEO, Common Cause.
       Ari Schwartz, Associate Director, Center for Democracy and 
       Debbie Sease, Legislative Director, Sierra Club.
       Bob Shavelson, Executive Director, Cook Inlet Keeper.
       Peggy M. Shepard, Executive Director, West Harlem 
     Environmental Action.
       Ted Smith, Executive Director, Silicon Valley Toxics 
       David Sobel, General Counsel, Electronic Privacy 
     Information Center.
       Ed Spar, Executive Director, Council on Professional 
     Association of Federal Statistics.
       Vivian Stockman, Communications Coordinator, Ohio Valley 
     Environmental Coalition.
       Daniel Swartz, Executive Director, Children's Environmental 
     Health Network.
       Lee Tien, Senior Staff Attorney, Electronic Frontier 
       Elizabeth Thompson, Legislative Director, Environmental 
       Sara Zdeb, Legislative Director, Friends of the Earth.

[[Page S3637]]

                                                   March 12, 2003.
     Hon. Susan Collins,
     Chair, Senate Committee on Governmental Affairs, U.S. Senate, 
         Dirksen Senate Office Building, Washington, DC.
     Hon. Orrin Hatch,
     Chair, Senate Committee on the Judiciary, U.S. Senate, 
         Dirksen Senate Office Building, Washington, DC.
     Hon. Joseph Lieberman,
     Ranking Member, Senate Committee on Governmental Affairs, 
         U.S. Senate, Hart Senate Office Building, Washington, DC.
     Hon. Patrick Leahy,
     Ranking Member, Senate Committee on the Judiciary, U.S. 
         Senate, Dirksen Senate Office Building, Washington, DC.
       Dear Senators Collins, Hatch, Lieberman, and Leahy: The 
     Homeland Security Act of 2002 was a very important 
     legislative accomplishment that responded to new challenges 
     facing our country.
       On the path to passage of the Act, however, certain 
     sections, particularly Section 214, dealing with Critical 
     Infrastructure Information, left a number of journalistic 
     organizations concerned that broad categories of 
     information--particularly information that relates to the 
     public's health and safety--would unnecessarily be shielded 
     from public view.
       Thus, we support efforts to clarify the language in favor 
     of essential openness, which, in fact, will also resolve 
     potential barriers that restrict the government's own use of 
     information provided by companies. The "Restoration of 
     Freedom of Information Act of 2003" would substitute 
     bipartisan language developed last year by the Senate 
     Government Affair Committee for that which was enacted into 
     law. This bill would:
       Clarify the FOIA exemption to be more consistent with 
     established law, while still protecting records on critical 
     infrastructure vulnerabilities submitted to the Department of 
     Homeland Security by private firms.
       Remove the restrictions on the government's ability to act 
     as it sees fit in response to the information it receives.
       Preserve whistleblower protections by removing unnecessary 
     criminal penalties.
       It is important for both citizens and the government 
     process that these changes in law are made quickly.
       Thank you for your consideration.
         American Society of Magazine Editors; American Society of 
           Newspaper Editors; Associated Press Managing Editors; 
           Freedom of Information Center, University of Missouri 
           School of Journalism; Magazine Publishers of America; 
           National Federation of Press Women; National Newspaper 
           Association; National Press Club; Newsletter & 
           Electronic Publishers Association; Newspaper 
           Association of America; Radio-Television News Directors 
           Association; Reporters Committee for Freedom of the 
           Press; Society of Professional Journalists.

                            Let Freedom Ring

                        (By Maurice J. Freedman)

       What if you want to find out if toxic chemicals are buried 
     under your child's schoolyard? How could you tell if your 
     veterans' benefits hinged on proving you were exposed to 
     biohazards during a top-secret mission? Or perhaps a 
     candidate for your city council wants to better understand 
     formerly classified plans for emergency evacuation.
       These days, it's possible, with considerable patience, 
     determination, and a few clicks of a mouse, to file a request 
     for answers to questions like these and a broad range of 
     government information that are critical to our lives, work, 
     health and well being.
       But like registering to vote, in some places and for some 
     people, this precious freedom hasn't always been so easy to 
       The main tool for such fact-finding, the Freedom of 
     Information Act, known as FOIA, which we honor each year on 
     the anniversary of James Madison's birthday, was first 
     enacted on July 4, 1966. Before that, any-one who wanted to 
     get records from the federal government had to establish his 
     or her legal right to examine those records. That was 
     expensive, time-consuming and a barrier for countless 
     legitimate requests for information on issues from whether 
     the nuclear reactor downwind had a record of safety 
     violations to how the Nixon administration tried to deport 
     John Lennon as detailed in his FBI files.
       With FOIA, the burden shifted to government agencies, 
     requiring them to meet these requests unless they fell within 
     a handful of specific national security exemptions. Indeed, 
     since then, any decision by an agency to withhold a document 
     could be challenged in federal court.
       From John Lennon's or Rev. Dr. Martin Luther King Jr.'s FBI 
     files to record of debates on whether to use nuclear weapons 
     in Vietnam, FOIA requests now run the gamut of what we need 
     to know about what our government is doing with our tax 
     dollars in our name. Whether it's internal NASA memos about 
     space shuttle safety or exchanges among federal officials 
     about Japanese internment camps during World War II, our 
     right to know about the deliberations and actions of our 
     federal government is a cornerstone of American democracy.
       In 1974, in reaction to Watergate, Congress moved to 
     strengthen FOIA. Unwilling to let our country be run more 
     like a closed corporation than an open, democratic society, 
     this change allowed courts to order the release of documents, 
     even when the President said they couldn't be made public.
       Our system of representative democracy depends on the free 
     flow of information produced, collected and published by our 
     government and available to the public so we can participate 
     as an informed electorate.
       Since the early 19th century, libraries have served as 
     depositories for the written record of our nation's 
     development and gateways to the decisions of its leaders, 
     thus assuring public access to government information. Today, 
     21st-century librarians are committed to ensuring the 
     public's right to know is protected in the electronic age. As 
     organizers, navigators and providers of government 
     information that serves the public, we help file FOIA 
     requests and otherwise support freedom of information @ your 
       Many Americans depend on access to information collected, 
     organized and disseminated by the federal government--from 
     farmers and health care professionals, to journalists and 
     veterans, community interest groups to local and state 
     government officials, and indeed, all voters.
       Americans come to libraries to find Census and other 
     statistics; to help plan new business and marketing 
     strategies; to research environmental issues and hazards, 
     laws and regulations; and to learn about job opportunities 
     from government and other employment lists.
       The ongoing transition to predominantly electronic 
     transmission of federal information offers both promise and 
     problems for the public in this realm. Information that is 
     only in electronic form quickly appears on--and as quickly 
     disappears from--Web sites. There is often no one charged 
     with capturing, preserving or making electronic data 
     available to future generations, as well as those, who for a 
     variety of reasons, cannot access or work with electronic 
       True national security is built on a vibrant democracy and 
     a well-informed citizenry, not a culture of secrecy. Said 
     James Madison, on whose birthday we make Freedom of 
     Information Day, "Knowledge will forever govern ignorance, 
     and a people who mean to be their own governors must arm 
     themselves with the power which knowledge gives." Although 
     he wrote in response to abuses by Britain's King George III, 
     his warnings ring equally true today.
       Every country has hospitals, police and schools. But only 
     free countries allow the free flow of ideas. Free libraries 
     are the hub of public access to government information. 
     Challenges to an informed citizenry range from the complexity 
     and inequality in information technology to illiteracy, 
     limited information literacy skills and unequal access to 
     education and information resources.
       Thankful for our freedoms, we must do our best as we 
     prepare to fight halfway around the world to ensure that we 
     continue to guard with unrelating vigilance the right to know 
     here at home.

  Mr. LEVIN. Mr. President, today I join with Senators Leahy, Byrd, 
Jeffords, and Lieberman to introduce the Restore Freedom of Information 
Act, Restore FOIA, that will provide the public with access to 
information, while at the same time ensuring that information 
voluntarily submitted to the government by companies is not improperly 
disclosed. In order to ensure public access and limit improper 
disclosure, we need to reexamine some aspects of the Homeland Security 
Act, HSA, which was rushed through Congress last year, dropping several 
carefully-crafted, bipartisan measures which had been adopted by the 
Senate Governmental Affairs Committee, along the way. Dropping those 
measures left ambiguities in the law that need to be clarified, and 
today's bill is an attempt to make those clarifications and address 
certain problems that could otherwise result.
  The issue this bill addresses is public access to information in the 
possession of the Homeland Security Department. Although some seem to 
want to shroud all homeland security efforts in secrecy, as Judge Damon 
Keith, writing for the U.S. Sixth Circuit of Appeals, recently warned 
"Democracies die behind closed doors." The principles of open 
government and the public's right to know are cornerstones of our 
democracy. We cannot sacrifice those principles in the name of 
protecting them.
  One of the reasons that I voted against the Homeland Security Act 
last year was because the final bill dropped a bipartisan provision, 
passed by the Senate Governmental Affairs Committee, clarifying how the 
new Department of Homeland Security, DHS, should comply with the 
Freedom of Information Act, FOIA. The final bill substituted a poorly 
drafted provision that could inappropriately close the door on persons 
seeking unclassified information from the Department related to 
critical infrastructure.
  What is critical infrastructure? Critical infrastructure is the 
backbone that holds our country together and

[[Page S3638]]

makes it work--our roads, computer grids, telephones, pipelines, water 
treatment plants, utilities, and other facilities essential to a fully 
functioning Nation. It so happens that, in the United States, much of 
our critical infrastructure is controlled by private entities, often 
privately owned or publicly traded corporations. To strengthen existing 
protections for these facilities, the Federal Government asked the 
companies that own them to submit unclassified information about their 
facilities to assist the government in evaluating them, identifying 
possible problems, and designing stronger protections from terrorist 
attack, natural disasters, or other threats to homeland security.
  Some companies asked to voluntarily submit this information feared 
that it might be improperly disclosed, and sought a new exemption from 
the Federal Freedom of Information Act, FOIA, to prohibit disclosure of 
so-called "critical infrastructure information." Reporters, public 
interest groups, and others feared that, if this FOIA exemption were 
granted, companies could send important environmental and safety 
information to DHS under the general heading of "critical 
infrastructure information" and thereby put this information out of 
the public's reach. To bring these sides together, last July, Senators 
Bennett, Leahy and I worked out a bipartisan FOIA compromise that 
codified existing case law with regard to companies voluntarily 
submitting information. At the Senate Governmental Affairs Committee 
mark-up of the homeland security legislation, Senator Bennett said that 
the Administration supported our compromise, but the language was 
ultimately dropped from the final Homeland Security Act. As a result, 
the media, public interest groups, and others continue to fear that 
companies may be hiding important health and safety information that 
has long been public and should be public behind the mask of "critical 
  To rectify this situation, today we are introducing a bill that would 
change the existing HSA language in several important ways. First, our 
bill defines the key term, "critical infrastructure," in a more 
focused way than the overly broad language in the HSA. To do that, our 
bill draws from language in existing case law, that has already been 
tested by the courts. The existing HSA language, it interpreted 
broadly, could expand the prohibition on disclosing critical 
infrastructure information to include virtually every aspect of a 
company's operations, denying public access to a great deal of health 
and safety information that the public has a right to know. If this 
expansive interpretation was not the intent of the bill's drafters, 
then they should be willing to accept our court-tested language.
  A second important change that our bill would make in the existing 
HSA involves the issue of civil immunity for companies that violate the 
law. As currently worded, the HSA seems to suggest that companies 
which voluntarily submit to DHS critical infrastructure information 
indicating that the company is in violation of public health or safety 
regulations may gain protection from legal action in court to halt or 
penalize this wrongdoing, even if the information shows that the 
company is acting negligently. For example, the current HSA provisions 
could lead to the disturbing situation where DHS learns, through a 
critical infrastructure submission, that a company is leaking polluted 
sludge into a nearby waterway in violation of environmental 
restrictions, but is barred from going to court to stop the pollution 
because the law appears to prohibit the agency's use of the critical 
infrastructure information in a civil action. Our bill would eliminate 
the possibility that the HSA would provide companies with civil 
immunity under these circumstances.

  A third key problem with the existing HSA language is that it 
includes a provision that could send a Federal whistleblower who 
discloses critical infrastructure information, even to an appropriate 
authority, to prison. The language is clear that if a DHS employee 
discloses unclassified critical infrastructure information, even when 
acting as a whistleblower who reveals the information to Congress in an 
act of conscience or patriotism, that whistleblower could wind up in 
jail. My colleague, Senator Leahy, describes a whistleblower who works 
at the FAA who blew the whistle on government collusion to coverup 
failures by airlines to meet tests on airline preparedness. That 
whistleblower could have ended up in jail had he blown the whistle 
under today's law. A year in jail is quite a deterrent for a Federal 
employee who is thinking about blowing the whistle, and we have never 
before threatened Federal whistleblowers with jail terms. It is a bad 
idea, and it is counterproductive to homeland safety.
  There are other troubling provisions in the current HSA law as well, 
equally detrimental to the public's right to know. For example, the HSA 
exempts all communication of critical infrastructure information from 
the open meeting and other sunshine requirements of the Federal 
Advisory Committee Act, and places critical infrastructure information 
outside restrictions on ex parte contacts. The HSA also pre-empts state 
and local sunshine laws, an undue intrusion on the power of the States. 
The bill we are introducing today would strike all of these unnecessary 
provisions, and create in their stead a narrow FOIA exemption that 
balances the prohibition against improper disclosures of critical 
infrastructure information with the public's right to know.
  Finally, I would like to include in the Record two examples of 
situations that could occur under the language in the HSA but would not 
occur under our bill. These disturbing examples were provided by Dr. 
Rena Steinzor, Professor at the University of Maryland School of Law, 
on behalf of the center for Progressive Regulation.
  Case Study Number 1 is the following:
  A large Midwest utility decides to replace an old coal burning 
electric generation unit with a new one. The new unit, much larger than 
the first, will produce significantly greater air pollution emissions. 
The company could mitigate these increases by installing additional 
pollution control equipment, but decides it does not wish to incur the 
expense. It begins construction and simultaneously reports its plans to 
the DHS as "critical infrastructure information," so Federal security 
experts will know about its increased capacity to generate electricity.
  A Department of Homeland Security employee, visiting the plant to 
consult on government purchases of power during emergency situations, 
notices readings on internal gauges reflecting the dramatically 
increased emissions. She telephones EPA to report the situation. EPA 
issues a Notice of Violation to the company, and threatens to bring an 
action for civil penalties, but is instructed to desist by DHS 
officials who inform EPA that the HSA prohibits disclosing the 
information provided to the agency in court and that DHS wants to list 
the company as an emergency supplier capable of providing expanded 
electricity production in an upcoming report to Congress. EPA drops its 
enforcement action, and the DHS employee not only loses her job but 
also is prosecuted criminally.
  Case Study Number 2 is the following:
  Lobbyists representing companies that provide goods and services to 
the Department of Homeland Security routinely submit materials 
describing their companies' products in glowing terms. They arrange 
repeated trips for government purchasing agents to exotic locations 
under the guise of briefing them regarding the technical aspects of the 
products. All of this information is designated as critical 
infrastructure by the companies, and is therefore protected from 
disclosure and oversight by the media or possibly even individual 
members of Congress who could see the information but not reveal it.
  The Homeland Security Act was never intended to protect polluters or 
special interests from public scrutiny. But as these examples 
demonstrate, that is exactly what could happen if the current, vague 
language in the law is not corrected. The bill we are introducing today 
would make the needed corrections.
  On January 17, 2003 at his confirmation hearing before the 
Governmental Affairs Committee, I questioned Governor Ridge about these 
problems with the current wording of the Homeland

[[Page S3639]]

Security Act. I asked him whether the HSA could have the unintended 
consequences of providing protections for wrongdoing while impeding 
access to necessary information to protect public health and safety. 
Governor Ridge replied: "[T]hat certainly wasn't the intent, I am 
sure, of those who advocated the Freedom of Information Act exemption, 
to give wrongdoers protection or to protect illegal activity, and I 
will certainly work with you to clarify that language." If that was 
not the intent, then let us fix the vague, and potentially dangerous 
provisions that are in this bill.
  I would also note, for the record, that many organizations have 
endorsed our bill including the following:
  American Association of Law Libraries, American Civil Liberties 
Union, American Immigration Lawyers Association, American Library 
Association, American-Arab Anti-Discrimination Committee, Americans for 
Democratic Action, American Society of Magazine Editors, American 
Society of Newspaper Editors, Arab American Institute, Asian American 
Legal Defense and Education Fund, Associated Press Managing Editors, 
Association of Research Libraries, Center for Democracy and Technology, 
Children's Environmental Health Network, Clean Production Network, 
Common Cause, Communications Workers of America, Cook Inlet Keeper, 
Council on American-Islamic Relations, Council on Professional 
Association of Federal Statistics, Electronic Frontier Foundation, 
Electronic Privacy Information Center, Environmental Defense, 
Federation of American Scientists, Freedom of Information Center, 
Friends of the Earth, Fund for Constitutional Government, Government 
Accountability Project, Greenpeace, Magazine Publishers of America, 
Maryland Pesticide Network, National Federation of Press Women, 
National Newspaper Association, National Press Club, Natural Resources 
Defense Council, New Jersey Work Environment Council, Newsletter & 
Electronic Publishers Association, Newspaper Association of America, 
Ohio Valley Environmental Coalition, OMB Watch, Pesticide Action 
Network, North America Powder River Basin Resource Council, Privacy 
Activism, Privacy Times, Project on Government Oversight, Radio-
Television News Directors Association, Reporters Committee for Freedom 
of the Press, Sierra Club, Silicon Valley Toxics Coalition, Society of 
Professional Journalists, Strategic Counsel on Corporate 
Accountability, U.S. Public Interest Research Group, University of 
Missouri School of Journalism, West Harlem Environmental Action Working 
Group on Community Right-to-Know.