Does sharing violate security or help preserve it?

Industry and government are struggling to combat the cybersecurity breaches that are in the news these days. One suggestion is to amend the Freedom of Information Act (FOIA) to shield some private communications from public view. While government activities generally should be open for review, the suggestion in this particular context may have merit if developed properly.

Sen. Bob Bennett (R-Utah) recently announced that he intends to introduce legislation that would provide an FOIA exemption that would shield from public scrutiny computer network information shared with the government, hopefully encouraging cooperative efforts between industry and government toward strengthening cybersecurity. The idea is to foster the sharing of confidential information to help build defenses against Internet criminals. Bennett plans to introduce the legislation in the next couple of months.

Of course, government secrecy can have tremendous problems. It is for that reason that the FOIA was given real teeth in the post-Watergate era of the mid-1970s. According to the Supreme Court, the greatest light is to be shined on "what the government is up to." Indeed, without public oversight, the government no longer may be accountable to the people.

The FOIA does allow the government to block public disclosure of information if one of a handful of narrow exemptions applies.

For example, there are exemptions that bar disclosure of information that could reveal national security strategies or compromise law enforcement investigations.

Another exemption prevents disclosure of government information if that disclosure would cause an invasion of someone's personal privacy. To determine whether such information should be disclosed, a balancing test is applied to ascertain whether the privacy interests at stake are outweighed by competing public interests.

A 1998 law also allowed government and business to share information privately to help address the then-looming Y2k problem. Sources suggest that the Bush administration may be favorable to approaches like the one suggested by Bennett. The feeling is that industry until now has been reluctant to share confidential information with the government if that information could be revealed to any person under the FOIA.

The motivations of Bennett and like-minded people are laudable. But the devil is in the details. The wording of the proposed legislation, when it is introduced, will need to be carefully examined to ensure that it isn't so broad that it shields from public view that which truly is not confidential. Moreover, the public's interest in information should be taken into account, at least at some level. Perhaps, like the balancing test relating to the personal privacy exemption, computer network information shared with the government for cybersecurity purposes should be deemed undiscoverable unless a competing public interest outweighs the confidentiality of particular information.

Sinrod is a partner in the San Francisco office of Duane Morris LLP. He can be reached at ejsinrod@duanemorris.com. His Web site is at www.sinrodlaw.com.

Related:

Copyright © 2001 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon