Today's Paper Obits Today's Photos NWA Outdoors Opinion: In search of their voice Weather NWADG Redesign Puzzles NWA Basketball 2018
ADVERTISEMENT
ADVERTISEMENT
story.lead_photo.caption In this Sept. 24, 2015 file photo, Senate Intelligence Committee Chairman Sen. Richard Burr, R-N.C., right, confers with committee Vice Chair. Sen. Dianne Feinstein, D-Calif. on Capitol Hill in Washington. - Photo by AP / PABLO MARTINEZ MONSIVAIS

WASHINGTON -- A proposed law meant to encourage companies to share information about cyberthreats with the U.S. government includes measures that could significantly limit what details, if any, the public can review about the program through federal and state public records laws.

The legislation -- already passed with broad bipartisan support in both houses of Congress but not yet finalized -- would keep secret any information a company hands over to the Obama administration under a new cybersecurity agreement, including specifics the firms decide themselves shouldn't be disclosed. It's not clear whether that secrecy would extend to learning whether particular companies are even participating.

The cyber agreement passed despite privacy concerns over Senate language from some lawmakers and technology companies, including Apple Inc. and Dropbox Inc. It's the culmination of a roughly six-year effort made possible by recent additions of antitrust and consumer-liability protections for the companies' participation.

Transparency advocates said the new law would provide excessive cover to tech companies through new restrictions to the U.S. Freedom of Information Act, which also supersedes state and tribal open-records laws. That could shield all sorts of information about what the government is -- or isn't -- doing to protect Americans from cybercriminals.

"There should be an element of public debate," said Rick Blum, director of the Washington-based Sunshine in Government Initiative. "Oftentimes, public disclosure and accountability motivates people to be doing more and to be making the right choices."

Under the federal records law, requesters can obtain government information unless disclosure would hurt national security, violate personal privacy or expose business secrets or certain confidential decision-making. Critical infrastructure information is also excluded, but the new law explicitly allows additional exemptions for "cyberthreat indicators" and "defensive measures" shared by companies. Those terms aren't well defined, so there is more leeway to interpret what could be kept secret.

Federal agencies are encouraged to apply discretion in balancing some protections against what can be revealed, but no such discretion would be allowed under the proposed bills. Requesters may have to file a lawsuit in federal court to resolve disputes.

Congress has yet to work out differences between the House and Senate bills before any legislation would ultimately go to President Barack Obama, who early in his administration pledged greater transparency. The White House supports the new exemptions.

The Senate bill passed last month was co-sponsored by Republican U.S. Sen. Richard Burr of North Carolina, who chairs the Senate Intelligence Committee, and California U.S. Sen. Dianne Feinstein, the top Democrat on the panel.

Burr said in an statement provided by his staff that "it's important that the bill has this provision [to] keep private entities' information confidential, enhance the sharing of cyber threat indicators and prevent the disclosure of information that isn't the government's to disclose."

U.S. Sen. Patrick Leahy, D-Vt., put forward an ultimately failed provision to remove the exemptions, criticizing it for being "drafted behind closed doors by the Senate Intelligence Committee" without meaningful public debate.

A Section on 12/02/2015

Print Headline: Bill would add records public can't see

Sponsor Content

Comments

ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT