Crossroads Blog | CYBER SECURITY LAW AND POLICY

Legislation

Cybersecurity vs. FOIA: Can Congress Find A Balance? GCN

On March 13th, 2012, William Jackson reported for Government Computer News on testimony before the Senate Judiciary Committee on the Freedom of Information Act's (FOIA) impact on cybersecurity legislation.  Check out this recent blog post for more background on the issue.  Almost all of the recent cybersecurity proposals contain FOIA exemptions for cybersecurity threat information.  Broadly speaking, the issue is whether (or to what exent) we want to exempt cyber threat information under the FOIA.

According to the article, witnesses testified on both sides of the issue.  On one hand, broad FOIA exemptions "could threaten public safety."  In this sense, a broad FOIA exemption would prompt concerns about government secrecy and unchecked government powers.

On the other hand, "the threat of public disclosure could hamstring the sharing of information about threats and vulnerabilities."  This was Paul's Rosenzweig's stance (again, you can find his testimony here).  Mr. Rosenzweig argued that without a strong FOIA exemption, businesses won't engage in effective threat information sharing because of fears about antitrust laws and accidentally exposing proprietary information.

The GCN article also cited Kenneth Bunting, executive director of the National Freedom of Information Coalition.  Mr. Bunting took the middle road and and advocated for a narrowly defined exemption that incorporates a balancing test between the risks of disclosure and "an effective oversight process."

You can find the GCN source article here.

Leave a Reply

Legislation

Cybersecurity vs. FOIA: Can Congress Find A Balance? GCN

On March 13th, 2012, William Jackson reported for Government Computer News on testimony before the Senate Judiciary Committee on the Freedom of Information Act's (FOIA) impact on cybersecurity legislation.  Check out this recent blog post for more background on the issue.  Almost all of the recent cybersecurity proposals contain FOIA exemptions for cybersecurity threat information.  Broadly speaking, the issue is whether (or to what exent) we want to exempt cyber threat information under the FOIA.

According to the article, witnesses testified on both sides of the issue.  On one hand, broad FOIA exemptions "could threaten public safety."  In this sense, a broad FOIA exemption would prompt concerns about government secrecy and unchecked government powers.

On the other hand, "the threat of public disclosure could hamstring the sharing of information about threats and vulnerabilities."  This was Paul's Rosenzweig's stance (again, you can find his testimony here).  Mr. Rosenzweig argued that without a strong FOIA exemption, businesses won't engage in effective threat information sharing because of fears about antitrust laws and accidentally exposing proprietary information.

The GCN article also cited Kenneth Bunting, executive director of the National Freedom of Information Coalition.  Mr. Bunting took the middle road and and advocated for a narrowly defined exemption that incorporates a balancing test between the risks of disclosure and "an effective oversight process."

You can find the GCN source article here.

Leave a Reply

Legislation

Cybersecurity vs. FOIA: Can Congress Find A Balance? GCN

On March 13th, 2012, William Jackson reported for Government Computer News on testimony before the Senate Judiciary Committee on the Freedom of Information Act's (FOIA) impact on cybersecurity legislation.  Check out this recent blog post for more background on the issue.  Almost all of the recent cybersecurity proposals contain FOIA exemptions for cybersecurity threat information.  Broadly speaking, the issue is whether (or to what exent) we want to exempt cyber threat information under the FOIA.

According to the article, witnesses testified on both sides of the issue.  On one hand, broad FOIA exemptions "could threaten public safety."  In this sense, a broad FOIA exemption would prompt concerns about government secrecy and unchecked government powers.

On the other hand, "the threat of public disclosure could hamstring the sharing of information about threats and vulnerabilities."  This was Paul's Rosenzweig's stance (again, you can find his testimony here).  Mr. Rosenzweig argued that without a strong FOIA exemption, businesses won't engage in effective threat information sharing because of fears about antitrust laws and accidentally exposing proprietary information.

The GCN article also cited Kenneth Bunting, executive director of the National Freedom of Information Coalition.  Mr. Bunting took the middle road and and advocated for a narrowly defined exemption that incorporates a balancing test between the risks of disclosure and "an effective oversight process."

You can find the GCN source article here.

Leave a Reply