June 6, 2000
Chief of Staff
The White House
Washington, D.C. 20500
Dear Mr. Podesta:
We are writing to express our serious concern about various proposals being discussed to create a wholesale exemption from the Freedom of Information Act for information relating to critical infrastructures. We are opposed to any wholesale exemption for information shared by industry with the government regarding vulnerabilities either in computer security systems or in other infrastructures.
The idea for such an exemption was mentioned, without elaboration, in one line in the Report of the President's Commission on Critical Infrastructure Protection. We have become aware of various ad hoc efforts within the Administration to draft a wholesale exemption for such information; we are also aware that there are similar efforts in the Congress. This approach is fundamentally inconsistent with the basic premise of the Freedom of Information Act: the public in a democratic society must be informed about the activities of its government.
It is clear that, as we enter a new century, the government will focus more and more on the protection of critical infrastructures. Increasingly, government business will be conducted in cooperation with the private sector and, accordingly, will involve extensive sharing of information between the private sector and government. The current proposals all contemplate an automatic wholesale exemption from the Freedom of Information Act for such information. Such an exemption would hide from the public essential information about critically important government activities. Moreover, the most likely result will be weaker, not stronger, protection for infrastructures.
We recognize that there is certain information about specific vulnerabilities of specific infrastructures, which is largely irrelevant to public policy, and which, if disclosed would be likely to cause concrete harm. Much of this information is already exempt from the FOIA. For example, information concerning the software vulnerabilities of classified computer systems used by the government and by defense contractors is already exempt under (b)(1); the exemption in (b)(4) for trade secrets and confidential information also provides extensive protection from disclosure.
The Administration should follow the usual process for considering a new exemption if it is concerned that additional specific information needs to be exempted from disclosure. Individual agencies should identify any such information they may receive from industry. It can then be determined whether the information is already exempt. If the information is not exempt, a specific exemption can be proposed followed by a public debate regarding the need for an exemption, weighing the benefits to the public interest in knowing the specific information against any likely harm from disclosure. Such a process is currently underway at the Federal Aviation Administration regarding an exemption for some voluntarily-submitted industry information. While this approach requires some time and effort, it is necessary to meet the fundamental requirement of the Freedom of Information Act that information in the hands of the government presumptively must be public.
Finally, it is irresponsible to believe that only a wholesale exemption will satisfy industry fears. Industry and government are already cooperating and sharing information concerning how to protect infrastructures; we have no doubt this will continue. But such sharing cannot serve as the occasion to fundamentally rewrite the rules on how public policy is made and implemented in a democracy - that information used by and relied upon by the government is presumptively open to the public, whatever its source.
This Administration's commitment to a strong Freedom of Information Act repeatedly has been demonstrated since its early days. We urge you now to reject any calls for a wholesale exemption and instead to commit to a process consistent with the principles of open government embodied in the FOIA.
Center for National Security Studies
James X. Dempsey
Senior Staff Counsel
Center for Democracy and Technology
Thomas S. Blanton
National Security Archive
Robert S. Norris
Natural Resources Defense Council
Freedom of Information Chairman
American Society of Newspaper Editors
Federation of American Scientists
Reporters Committee for Freedom of Press
British American Security Info Center
Mary Alice Baish
Associate Washington Affairs Representative
American Association of Law Libraries
American Civil Liberties Union
Fund for Constitutional Government
Electronic Privacy Information Center
Project on Government Oversight
JSI Center for Environmental Health Studies
Stephen M. Brittle
Don't Waste Arizona, Inc.