When the Bush administration drew up draft legislation to create a new Department of Homeland Security, it included a special privilege for the Office of Information Analysis and Infrastructure Protection, a key branch of the new agency. Information submitted voluntarily to the office about the security of computer systems, power plants, transportation infrastructure, banks, telecommunications, and any other facilities deemed critical to the U.S. economy would receive a blanket exemption from the Freedom of Information Act (FOIA). As a result, reams of information the government collects from private industry—and from state and local governments—would be kept secret from the public.
Some kind of FOIA exemption will almost certainly become law. The House approved its version of homeland security legislation on July 26. The bill included the broad exemption the administration requested, with some minor changes. The committee marking up the Senate's version of the bill has approved a more limited exemption than the House, setting the stage for a battle over the breadth of the measure in joint committee. Congress has vowed to have a homeland security bill on the president's desk in time for the anniversary of the attack.
Regardless of the exemption's final scope, it will be only the latest offensive in the Bush administration's sustained assault on transparency in government. The trend dates from the second month of Bush's term, when he blocked the scheduled release of presidential and vice presidential records from the Reagan administration. But it has accelerated dramatically since the terrorist attacks last fall. In an October 12, 2001, memo to all federal agencies, Attorney General John Ashcroft instructed government officials to withhold any information requested under FOIA if there is any "sound legal basis" for doing so. (The previous standard for denying a FOIA request, adopted in 1993, instructed agencies to withhold only information that could cause "foreseeable harm.") Ashcroft promised that the Department of Justice would defend any agency that withholds information under his new criterion. The impact of the new standard is hard to measure, but watchdog groups worry it has turned foot dragging and noncooperation on FOIA requests into official policy.
In March, White House Chief of Staff Andrew Card reiterated the message in another all-agency memo. Card reminded departments to safeguard any information, no matter how old, that could be helpful in the development of weapons of mass destruction, "as well as other information that could be misused to harm the security of our Nation and the safety of our people." Guidelines issued with the memo instructed all departments to apply the new standard even to unclassified information that might be "sensitive," a term left undefined.
Such a vague and sweeping directive to withhold information has watchdog groups from all shades of the political spectrum up in arms. Most of these groups, interested in preserving integrity and good practice in government, rely heavily on FOIA requests to uncover government waste and misconduct.
"The whole posture of the administration has been to resist disclosure and discourage public access," says Steven Aftergood, who tracks government secrecy for the Federation of American Scientists, a D.C.-based nonprofit that advocates nuclear disarmament. Using FOIA requests as his primary tool, Aftergood has toiled for years to learn the real size of the U.S. intelligence budget. "I understand the need for increased secrecy in narrowly defined areas, like production of biological weapons, for example," he says. "But what is happening is that a blanket is being thrown over all kinds of things that have nothing to do with terrorism."
As examples, Aftergood cites Vice President Dick Cheney's refusal to release details of his meetings with energy industry executives and the removal of unclassified data from government Web sites—including the entire library of technical reports from the national labs in Los Alamos, New Mexico.
In April the Electronic Privacy and Information Center (EPIC), a nonprofit civil liberties group, filed suit against the new Office of Homeland Security after it refused to respond to a FOIA request for information on proposals to create a national identification card. The Department of Justice will defend the decision in court. The DOJ is also fighting a FOIA suit Aftergood has filed against the CIA: The spy agency has refused to disclose the total U.S. intelligence budget for 1947 and 1948, citing national security concerns.
If the Ashcroft and Card memos threaten the ethic of transparency, critics contend that the proposed FOIA exemption for the new infrastructure protection office is a full-scale assault on the public's right to know what their government is up to.
"This concerns me deeply as a conservative Republican," says Mark Tapscott, director of the Heritage Foundation's Center for Media and Public Policy. "This is so broad it amounts to an exemption without end. Information about any company that could even tangentially identify itself with the war on terrorism could conceivably be put behind closed doors."
Congress passed the Freedom of Information Act in 1966 and strengthened it significantly in 1974, in the aftermath of Watergate. According to David Sobel, lead counsel at EPIC, the act may now be on its deathbed. The White House bill "would gut FOIA as a vehicle for open government in a large number of critical areas," he says. Testifying before a House subcommittee on July 9, Sobel warned that the exemption would make it impossible to hold the Department of Homeland Security (DHS) accountable should things go wrong. "'What did DHS know and when did it know it" is a question that will go unanswered," he told the committee.
A combination of six existing departments spread across five agencies, the new infrastructure protection office is supposed to coordinate security for the nation's key infrastructure and industries, including telecommunications, energy, water supply, banking and finance, transportation, emergency services, and public health facilities. Bush's lead adviser on infrastructure protection, Richard Clarke, recently told Congress this definition might need to be expanded to include other industries. The administration's proposed exemption would place all information that corporations "voluntarily" submit to the office under wraps forever.
Despite its broad definition, "critical infrastructure protection" in practice has thus far meant fighting malicious computer hackers. Debates over information flows have generally focused on the reluctance of companies to inform the government when they have been hacked. Corporations complain that they need assurance that potentially embarrassing or proprietary information about attacks submitted voluntarily to the government won't leak out to the public or to their competitors.
Ronald Dick is director of the FBI's National Infrastructure Protection Center, a department created in 1998 to monitor and provide warnings of cybercrime. He told Congress in May that only 34 percent of computer hacking attacks on industry were reported to law enforcement during the 12-month period ending in April of this year. "The two primary reasons for not making a report were negative publicity and the recognition that competitors would use the information against them," Dick said. He testified that his department finds the existing FOIA exemptions sufficient, but "if the private sector doesn't believe it…then we need to provide them those assurances that make them feel that a partnership with the government is worthwhile." With that, he tacitly endorsed a broader exemption.
But opponents of the exemption argue that plenty of protection for sensitive information is already written into the law. After all, nine categories of information are currently protected from disclosure under FOIA. "Trade secrets and commercial or financial information" are exempt from FOIA requests, along with banking and law enforcement records, data pertaining to national security, and the like.
"Any claimed private sector reluctance to share important data with the government grows out of, at best, a misperception of current law," EPIC's Sobel said in his July 9 testimony. "Exemption proponents have not cited a single instance in which a federal agency has disclosed voluntarily submitted data against the express wishes of an industry submitter." An industry representative at the hearing countered that the reason there were no cases of such disclosure is that business has thus far declined to reveal sensitive information to the government.
Another widespread concern is that, despite the fact that infrastructure protection efforts have until now focused on cybercrime, the new department's mission will cover physical assets as well. This would mean the department would be taking in, and hiding, information about facilities—dams, oil refineries, chemical factories, power plants—that pose a potential health hazard to the public.
Sean Molton—an analyst at OMBWatch, a nonprofit government watchdog named after the Office of Management and Budget—worries that too much secrecy about these industries could pose a threat to the public just as serious as the threat from terrorism. Molton is concerned, for example, that risk assessments for hazardous facilities, which are currently open to the public through the Environmental Protection Agency, might no longer be available if they are filed with Homeland Security. A related concern is that industry will abuse the FOIA exemption to hide safety threats by voluntarily reporting potential hazards at their facilities to Homeland Security before regulators discover them.
"There is a security risk for some information, and an evaluation of it is justified," says Molton. "But chemical facilities, power plants, power lines, gas mains, and pipelines represent their own risks in everyday use." Denying access to information about these facilities ignores that risk, he says.
President Bush and his cabinet, who showed a predilection for secrecy even with the nation at peace, have drawn an even tighter curtain around government since the terrorist attack. Since the government is charged with protecting the country from an ongoing threat of unknowable scope, this response appeals to our instincts and is understandable. But that doesn't make it wise, as critics of the "security through secrecy" approach have been quick to point out.
In a July letter to Sen. Joe Lieberman (D-Conn.), chairman of the committee marking up the Senate's homeland security bill, the American Civil Liberties Union urged the committee to reject an amendment adding a FOIA exemption, predicting that it "could have a devastating effect on the public's right to know, muzzle whistleblowers, and undermine national security."
The amendment passed unanimously.