Policy Letter

POGO and Partners Say Cybersecurity Bill is Flawed

Chairman Joseph Lieberman

Senate Homeland Security and Governmental Affairs Committee

340 Dirksen Senate Office Building

Washington, DC 20510

Chairman John Rockefeller

Senate Commerce, Science and Transportation Committee

254 Russell Senate Office Building

Washington, DC 20510

Ranking Member Susan Collins

Senate Homeland Security and Governmental Affairs Committee

350 Dirksen Senate Office Building

Washington, DC 20510

Chairwoman Diane Feinstein

Senate Select Committee on Intelligence

211 Harkin Senate Office Building

Washington, DC 20510

Dear Senators:

On behalf of the undersigned organizations concerned with government openness and accountability, we are writing to let you know of our serious concerns with sections of S.2105, the Cybersecurity Act of 2012, that create unnecessary, overbroad and unwise limitations to access of information, including broad exemptions to the Freedom of Information Act (FOIA), and jeopardize the rights of whistleblowers.

Section 107, as drafted, includes an exceedingly broad definition of “critical infrastructure information,” encapsulating information that is crucial for the public to understand public health and safety risks and information already protected under one of the FOIA’s other exemptions. Furthermore, the proposed exemption conflicts with Congress’ recent effort in the National Defense Authorization Act (NDAA) of 2012 to limit the scope of CII information that can be withheld by the Department of Defense. In the language signed into law this December, Congress rightly recognizes that there can be an overwhelming public interest in disclosing some CII information, and requires the Secretary of Defense to weigh the public interest in disclosure before it can be withheld under FOIA.

Similarly, the language in Section 704(d) relating to cybersecurity threat indicators is troublingly broad, especially considering we do not know what kind of information may be shared in the newly-created cybersecurity exchanges. Cutting off all public access to information in the cybersecurity exchanges before we understand the types of information that may be covered and how best to protect that information while promoting accountability, is bad policy.

We also have concerns about how this bill would limit the lawful disclosures of wrongdoing by whistleblowers. In particular, Section 107(e) would far too narrowly define free speech rights and is not inclusive of existing protections under law. Realistically, whistleblowers will be proceeding at their own risk.

We urge you to not fast track this bill. The unaddressed issues we have identified demand a more careful and thorough consideration. We look forward to working with you to ensure the bill protects our nation’s computer networks and promotes transparency and accountability.

Sincerely,

Rick Blum, Coordinator

Sunshine in Government Initiative

Kenneth Bunting, Executive Director

National Freedom of Information Coalition

Angela Canterbury, Director of Public Policy

Project On Government Oversight – POGO

Kevin Goldberg, Counsel

American Society of News Editors

Patrice McDermott, Executive Director

OpenTheGovernment.org

Anne Weismann, Chief Counsel

Citizens for Responsibility and Ethics in Washington

cc: Majority Leader Harry Reid

Minority Leader Mitch McConnell

Senator Patrick Leahy

Senator John Cornyn

Senator Daniel Akaka

Senator Charles Grassley

Senator Carl Levin