IP: Cyberterror Bill Keeps Company Secrets

[David Farber <farber () cis upenn edu>]

> Date: Tue, 11 Apr 2000 15:56:47 -0700 (PDT)
> From: "Kevin L. Poulsen" <klp () securityfocus com>
> X-Sender: >X-Sender: klp@mail
> To: farber () cis upenn edu
> Subject: Cyberterror Bill Keeps Company Secrets
>
>
> http://www.securityfocus.com/news/17
>
> Cyberterror Bill Keeps Company Secrets
>
> The "Cyber Security Information Act," to be announced Wednesday,
> would keep vulnerability information away from the public.
>
> By Kevin Poulsen
> April 11, 2000 3:27 PM PST
>
> Sensitive information about computer network vulnerabilities and
> intrusions transferred from the private sector to the federal government
> would be shielded from public disclosure, under a bill set to be announced
> Wednesday by Representatives Tom Davis (R-Va.) and Jim Moran (D-Va.).
>
> The proposed legislation would carve out a new exemption to the Freedom of
> Information Act (FOIA), a law used primarily by journalists which allows a
> certain degree of public access to government files.
>
> Companies have cited FOIA as a roadblock to the public-private
> partnership envisioned by President Clinton's cyberterrorism policy. The
> Administration has long pushed for the creation of an Information Sharing
> and Analysis Center (ISAC) which would act as a central repository for
> cyberthreat data, both among companies, and between corporations and
> the government. But the private sector has proven reluctant to give
> agencies potentially sensitive and embarrassing information that could be
> accessible to the public through FOIA.
>
> An advanced draft of the proposed "Cyber Security Information Act"
> obtained by SecurityFocus.com would allow federal agencies to
> specifically designate requests for information as FOIA exempt. Anything
> obtained in response to such a request would be kept confidential, and
> "may not be used by any Federal entity, agency or authority or by any
> third party, directly or indirectly, in any civil action."
>
> ...