Skip to Main Content
Project on Government Oversight

POGO and Partners Say Cybersecurity Bill is Flawed

Related Content: FOIA
Printer Friendly
February 16, 2012 | By: Angela Canterbury

Chairman Joseph Lieberman
Senate Homeland Security and Governmental Affairs Committee
340 Dirksen Senate Office Building
Washington, DC 20510

Chairman John Rockefeller
Senate Commerce, Science and Transportation Committee
254 Russell Senate Office Building
Washington, DC 20510

Ranking Member Susan Collins
Senate Homeland Security and Governmental Affairs Committee
350 Dirksen Senate Office Building
Washington, DC 20510

Chairwoman Diane Feinstein
Senate Select Committee on Intelligence
211 Harkin Senate Office Building
Washington, DC 20510

Dear Senators:

On behalf of the undersigned organizations concerned with government openness and accountability, we are writing to let you know of our serious concerns with sections of S.2105, the Cybersecurity Act of 2012, that create unnecessary, overbroad and unwise limitations to access of information, including broad exemptions to the Freedom of Information Act (FOIA), and jeopardize the rights of whistleblowers.

Section 107, as drafted, includes an exceedingly broad definition of “critical infrastructure information,” encapsulating information that is crucial for the public to understand public health and safety risks and information already protected under one of the FOIA’s other exemptions. Furthermore, the proposed exemption conflicts with Congress’ recent effort in the National Defense Authorization Act (NDAA) of 2012 to limit the scope of CII information that can be withheld by the Department of Defense. In the language signed into law this December, Congress rightly recognizes that there can be an overwhelming public interest in disclosing some CII information, and requires the Secretary of Defense to weigh the public interest in disclosure before it can be withheld under FOIA.

Similarly, the language in Section 704(d) relating to cybersecurity threat indicators is troublingly broad, especially considering we do not know what kind of information may be shared in the newly-created cybersecurity exchanges. Cutting off all public access to information in the cybersecurity exchanges before we understand the types of information that may be covered and how best to protect that information while promoting accountability, is bad policy.

We also have concerns about how this bill would limit the lawful disclosures of wrongdoing by whistleblowers. In particular, Section 107(e) would far too narrowly define free speech rights and is not inclusive of existing protections under law. Realistically, whistleblowers will be proceeding at their own risk.

We urge you to not fast track this bill. The unaddressed issues we have identified demand a more careful and thorough consideration. We look forward to working with you to ensure the bill protects our nation’s computer networks and promotes transparency and accountability.

Sincerely,

Rick Blum, Coordinator
Sunshine in Government Initiative

Kenneth Bunting, Executive Director
National Freedom of Information Coalition

Angela Canterbury, Director of Public Policy
Project On Government Oversight – POGO

Kevin Goldberg, Counsel
American Society of News Editors

Patrice McDermott, Executive Director
OpenTheGovernment.org

Anne Weismann, Chief Counsel
Citizens for Responsibility and Ethics in Washington

cc: Majority Leader Harry Reid
Minority Leader Mitch McConnell
Senator Patrick Leahy
Senator John Cornyn
Senator Daniel Akaka
Senator Charles Grassley
Senator Carl Levin

Related Work