When the Bush Administration drafted its version of the legislation creating the Department of Homeland Security, it included something that had long been on the business communities' wish lists: special immunity and secrecy for information that businesses provide to the government about critical infrastructures.
"Critical infrastructures" refers to a host of systems that are vital to the economy, such as computer systems that handle financial transactions, electrical power grids, communications networks, and water systems. See CRS Report on Critical Infrastructures: What Makes an Infrastructure Critical? According to the government, approximately 90% of these systems are controlled by private businesses.
Businesses have argued that the United States' ability to protect these systems from computer viruses, sabotage and terrorism would be enhanced if businesses share what they know about the vulnerability of these systems. However, many businesses say that they do not share all of the useful information that they have because they fear that the information might be used against them in a regulatory proceeding, or disclosed by the government under the FOIA.
To encourage disclosure of this information to government, trade associations and the businesses that operate "critical infrastructures" have promoted the idea that they should be given something akin to a confessional: a procedure in which information is shared with the government (including information that shows that the entity submitting the information has broken the law or subjected the public to significant hazards), but the government cannot use the information against the confessor and could not disclose to the public.
Although FOIA already provides protection for trade secrets and confidential business information, those who have advocated this special protection for critical infrastructure information seek more sweeping laws that will allow businesses to keep information secret even if it is just embarrassing. Such laws might also give business a shield to protect them from liability if they confess misdeeds before they are discovered.
The Bush Administration proposed giving business this type of protection in its proposal to create the Homeland Security Department. See Whitehouse Press release (June 18, 2002), and Text of bill proposed by President Bush. However, Congress did not give the President everything he requested. The legislation that Congress enacted to create the Department includes a subsection called the Critical Information Infrastructure Act of 2002, that provides restrictions on the use of critical infrastructure information that is voluntarily submitted to the government. But Congress limited the ability of businesses to take advantage of these restrictions by providing that only submissions that meet certain qualifications are covered by the Act. For example, information that government agencies obtain independent of a voluntary submission to the Department of Homeland Security is not covered by the restrictions imposed in this Act.
In April 2003, The Bush Administration proposed procedures for management of critical infrastructure information submissions that ignore many of the limitations that Congress imposed. In particular, the proposed regulations would extend protection to information that is not submitted to the Department of Homeland Security, but is submitted to other Federal agencies with a request that the information be "forwarded" to the Department of Homeland Security. The procedures also provide that when officials evaluate whether information satisfies the requirements for protection, they should "defer" to the judgment of the business that submits the information.
Public Citizen has submitted detailed comments arguing that the Bush Administration's proposed procedures for handling critical infrastructure information need to be re-drafted so that they conform to the limitations imposed by Congress and do not encourage businesses to use the Homeland Security Act as a vehicle to avoid accountability. These comments, and other documents discussing how the Administration's effort to impose special secrecy on business submissions about critical infrastructures may actually undermine national security, are available through the links below.