Congressional Record: March 12, 2003 (Senate)
     Page S3622-S3639
           By Mr. LEAHY (for himself, Mr. Levin, Mr. Lieberman, Mr.
             Jeffords, and Mr. Byrd):
       S. 609. A bill to amend the Homeland Security Act of 2002 (Public Law
     107-296) to provide for the protection of voluntarily furnished
     confidential information, and for other purposes; to the Committee on
     the Judiciary.
       Mr. LEAHY. Mr. President, last year when I voted to support passage
     of the Homeland Security Act, HSA, I voiced concerns about several
     flaws in the legislation. I called for the Administration and my
     colleagues on both sides of the aisle to monitor implementation of the
     new law and to craft corrective legislation in the 108th Congress. One
     of my chief concerns with the HSA was a subtitle of the act that
     granted an extraordinarily broad exemption to the Freedom of
     Information Act, FOIA, in exchange for the cooperation of private
     companies in sharing information with the government regarding
     vulnerabilities in the nation's critical infrastructure.
       Unfortunately, the law that was enacted undermines Federal and State
     sunshine laws permitting the American people to know what their
     government is doing. Rather than increasing security by encouraging
     private sector disclosure to the government, it guts FOIA at the
     expense of our national security and public health and safety.
       On March 16, we mark Freedom of Information Day, which falls on the
     anniversary of James Madison's birthday. Madison said, "A popular
     government, without popular information, or the means of acquiring it,
     is but a prologue to a farce or tragedy or perhaps both." As a long-
     time supporter of open government, I believe we must heed Madison's
     warning and revisit the potentially damaging limitations placed on
     access to information by the HSA.
       I rise today to introduce legislation with my distinguished
     colleagues Senator Levin, Senator Jeffords, Senator Lieberman, and
     Senator Byrd to restore the integrity of FOIA. I want to thank my
     colleagues for working with me on this important issue of public
     oversight. This bill protects Americans' "right to know" while
     simultaneously providing security to those in the private sector who
     voluntarily submit critical infrastructure records to the newly created
     Department of Homeland Security, DHS.
       Encouraging cooperation between the private sector and the government
     to keep our critical infrastructure systems safe from terrorist attacks
     is a goal we all support. But the appropriate way to meet this goal is
     a source of great debate--a debate that has been all but ignored since
     the enactment of the HSA last year.
       The HSA created a new FOIA exemption for "critical infrastructure
     information." That broadly defined term applies to information
     regarding a variety of facilities--such as privately operated power
     plants, bridges, dams, ports, or chemical plants--that might be
     targeted for a terrorist attack. In HSA negotiations last fall, House
     Republicans and the administration promoted language that they
     described as

     [[Page S3632]]

     necessary to encourage owners of such facilities to identify
     vulnerabilities in their operations and share that information with the
     Department of Homeland Security, DHS. The stated goal was to ensure
     that steps could be taken to ensure the facilities' protection and
     proper functioning.
       In fact, such descriptions of the legislation were disingenuous.
     These provisions, which were eventually enacted in the HSA, shield from
     FOIA almost any voluntarily submitted document stamped by the facility
     owner as "critical infrastructure." This is true no matter how
     tangential the content of that document may be to the actual security
     of a facility. The law effectively allows companies to hide information
     about public health and safety from American citizens simply by
     submitting it to DHS. The enacted provisions were called "deeply
     flawed" by Mark Tapscott of the Heritage Foundation in a November 20,
     2002 Washington Post op-ed. "Too Many Secrets," Washington Post,
     November 20, 2002, at A25. He argued that the "loophole" created by
     the law "could be manipulated by clever corporate and government
     operators to hide endless varieties of potentially embarrassing and/or
     criminal information from public view."
       In addition, under the HSA, disclosure by private facilities to DHS
     neither obligates the private company to address the vulnerability, nor
     requires DHS to fix the problem. For example, in the case of a chemical
     spill, the law bars the government from disclosing information without
     the written consent of the company that caused the pollution. As the
     Washington Post editorialized on February 10, 2003, "A company might
     preempt environmental regulators by `voluntarily' divulging
     incriminating material, thereby making it unavailable to anyone else."
     "Fix This Loophole," Washington Post, February 10, 2003, at A20.
       The new law also 1. shields the companies from lawsuits to compel
     disclosure, 2. criminalizes otherwise legitimate whistleblower activity
     by DHS employees, and 3. preempts any state or local disclosure laws.
       The Restore FOIA bill I introduce today with Senators Levin,
     Jeffords, Lieberman, and Byrd is identical to language I negotiated
     with Senators Levin and Bennett last summer when the HSA was debated by
     the Governmental Affairs Committee. Senator Bennett stated in the
     Committee's July 25, 2003 mark up that the administration had endorsed
     the compromise. He also said that industry groups had reported to him
     that the compromise language would make it possible for them to share
     information with the government without fear of the information being
     released to competitors or to other agencies that might accidentally
     reveal it. The Governmental Affairs Committee reported out the
     compromise language that day. Unfortunately, much more restrictive
     House language was eventually signed into law.
       The February 10 Post editorial called the Leahy-Levin-Bennett
     language "a compromise that would accomplish the reasonable purpose"
     of "encouraging companies to share information with the government
     about infrastructure that might be vulnerable to terrorist attack
     without such broad harmful effects." Id. The Post editorial was
     titled, "Fix This Loophole," which is exactly what my colleagues and
     I hope to accomplish with the introduction of this bill. Id.
       The Restore FOIA bill would correct the problems in the HSA in
     several ways. First, it limits the FOIA exemption to relevant
     "records" submitted by the private sector, such that only those that
     actually pertain to critical infrastructure safety are protected.
     "Records" is the standard category referred to in FOIA. This corrects
     the effective free pass given to industry by the HSA for any
     information it labels "critical infrastructure."
       Second, unlike the HSA, the Restore FOIA bill allows for government
     oversight, including the ability to use and share the records within
     and between agencies. It does not limit the use of such information by
     the government, except to prohibit public disclosure where such
     information is appropriately exempted under FOIA.
       Third, it protects the actions of legitimate whistleblowers, rather
     than criminalizing their acts.
       Fourth, it does not provide civil immunity to companies that
     voluntarily submit information. This corrects a flaw in the current
     law, which would prohibit such information from being used directly in
     civil suits by government or private parties.
       Fifth, unlike the HSA, the Restore FOIA bill allows local authorities
     to apply their own sunshine laws. The Restore FOIA bill does not
     preempt any state or local disclosure laws for information obtained
     outside the Department of Homeland Security. Likewise, it does not
     restrict the use of such information by state agencies.
       Finally, the Restore FOIA bill does not restrict congressional use or
     disclosure of voluntarily submitted critical infrastructure
     information. The HSA language was unclear on this point, and even the
     Congressional Research Service could not say for certain that members
     of Congress or their staff would not be criminally liable. Homeland
     Security Act of 2002: Critical Infrastructure Information Act, February
     29, 2003, CRS Report for Congress, Order Code RL31762, at 14-15.
       These changes to the HSA would accomplish the stated goals of the
     critical infrastructure provisions in the HSA without tying the hands
     of the government in its efforts to protect Americans and without
     cutting the public out of the loop.
       The Administration has flip-flopped on how to best approach the issue
     of critical infrastructure information. The Administration's original
     June 18, 2002, legislative proposal establishing a new department
     carved out an FOIA exemption, in section 204, and required non-
     disclosure of any "information" "voluntarily" provided to the new
     Department of Homeland Security by "non-Federal entities or
     individuals" pertaining to "infrastructure vulnerabilities or other
     vulnerabilities to terrorism" in the possession of, or that passed
     through, the new department. Critical terms, such as "voluntarily
     provided," were undefined.
       The Judiciary Committee had an opportunity to query Governor Ridge
     about the Administration's proposal on June 26, 2002, when the
     Administration reversed its long-standing position and allowed him to
     testify in his capacity as the Director of the Transition Planning
       Governor Ridge's testimony at that hearing is instructive. He seemed
     to appreciate the concerns expressed by Members about the President's
     June 18 proposal and to be willing to work with us in the legislative
     process to find common ground. On the FOIA issue, he described
     the Administration's goal to craft "a limited statutory exemption to
     the Freedom of Information Act" to help "the Department's most
     important missions [which] will be to protect our Nation's critical
     infrastructure." (June 26, 2002 Hearing, Tr., p. 24). Governor Ridge
     explained that to accomplish this, the Department must be able to
     "collect information, identifying key assets and components of that
     infrastructure, evaluate vulnerabilities, and match threat assessments
     against those vulnerabilities." (Id., at p. 23).

       I do not understand why some have insisted that FOIA and our national
     security are inconsistent. Before the HSA was enacted, the FOIA already
     exempted from disclosure matters that are classified; trade secret,
     commercial and financial information, which is privileged and
     confidential; various law enforcement records and information,
     including confidential source and informant information; and FBI
     records pertaining to foreign intelligence or counterintelligence, or
     international terrorism. These already broad exemptions in the FOIA
     were designed to protect national security and public safety and to
     ensure that the private sector can provide needed information to the
       Prior to enactment of the HSA, the FOIA exempted from disclosure any
     financial or commercial information provided voluntarily to the
     government, if it was of a kind that the provider would not customarily
     make available to the public. Critical Mass Energy Project v. NRC, 975
     F.2d 871 (D.C. Cir. 1992) (en banc). Such information enjoyed even
     stronger nondisclosure protections than did material that the
     government requested. Applying this exception, Federal regulatory
     agencies safeguarded the confidentiality of all kinds of critical
     infrastructure information, like nuclear power plant safety reports

     [[Page S3633]]

     Mass, 975 F.2d at 874), information about product manufacturing
     processes and internal security measures (Bowen v. Food & Drug Admin.,
     925 F.2d 1225 (9th Cir. 1991), design drawings of airplane parts
     (United Technologies Corp. by Pratt & Whitney v. F.A.A., 102 F.3d 688
     (2d Cir. 1996)), and technical data for video conferencing software
     (Gilmore v. Dept. of Energy, 4 F. Supp.2d 912 (N.D. Cal. 1998)).
       The head of the FBI National Infrastructure Protection Center, NIPC,
     testified more than five years ago, in September, 1998, that the "FOIA
     excuse" used by some in the private sector for failing to share
     information with the government was, in essence, baseless. He explained
     the broad application of FOIA exemptions to protect from disclosure
     information received in the context of a criminal investigation or a
     "national security intelligence" investigation, including information
     submitted confidentially or even anonymously. [Sen. Judiciary
     Subcommittee on Technology, Terrorism, and Government Information,
     Hearing on Critical Infrastructure Protection: Toward a New Policy
     Directive, S. HRG. 105-763, March 17 and June 10, 1998, at p. 107]
       The FBI also used the confidential business record exemption under
     (b)(4) "to protect sensitive corporate information, and has, on
     specific occasions, entered into agreements indicating that it would do
     so prospectively with reference to information yet to be received."
     NIPC was developing policies "to grant owners of information certain
     opportunities to assist in the protection of the information (e.g., by
     `sanitizing the information themselves') and to be involved in
     decisions regarding further dissemination by the NIPC." Id. In short,
     the former Administration witness stated:

            Sharing between the private sector and the government
          occasionally is hampered by a perception in the private
          sector that the government cannot adequately protect private
          sector information from disclosure under the Freedom of
          Information Act, FOIA. The NIPC believes that this perception
          is flawed in that both investigative and infrastructure
          protection information submitted to NIPC are protected from
          FOIA disclosure under current law. (Id.)

       Nevertheless, for more than five years, businesses continued to seek
     a broad FOIA exemption that also came with special legal protections to
     limit their civil and criminal liability. That business wish list was
     largely granted in the Homeland Security Act.
       At the Senate Judiciary Committee hearing with Governor Ridge, I
     expressed my concern that an overly broad FOIA exemption would
     encourage government complicity with private firms to keep secret
     information about critical infrastructure vulnerabilities, reduce the
     incentive to fix the problems and end up hurting rather than helping
     our national security. In the end, more secrecy may undermine rather
     than foster security.
       Governor Ridge seemed to appreciate these risks, and said he was
     "anxious to work with the Chairman and other members of the committee
     to assure that the concerns that [had been] raised are properly
     addressed." Id. at p. 24. He assured us that "[t]his Administration
     is ready to work together with you in partnership to get the job done.
     This is our priority, and I believe it is yours as well." Id. at p.
     25. This turned out to be an empty promise.
       Almost before the ink was dry on the Administration's earlier June
     proposal, on July 10, 2002, the Administration proposed to substitute a
     much broader FOIA exemption that would (1) exempt from disclosure under
     the FOIA critical infrastructure information voluntarily submitted to
     the new department that was designated as confidential by the submitter
     unless the submitter gave prior written consent, (2) provide limited
     civil immunity for use of the information in civil actions against the
     company, with the likely result that regulatory actions would be
     preceded by litigation by companies that submitted designated
     information to the department over whether the regulatory action was
     prompted by a confidential disclosure, (3) preempt state sunshine laws
     if the designated information is shared with state or local government
     agencies, (4) impose criminal penalties of up to one year imprisonment
     on government employees who disclosed the designated information, and
     (5) antitrust immunity for companies that joined together with agency
     components designated by the President to promote critical
     infrastructure security.
       Despite the Administration's promulgation of two separate proposals
     for a new FOIA exemption in as many weeks, in July, Director Ridge's
     Office of Homeland Security released The National Strategy for Homeland
     Security, which appeared to call for more study of the issue before
     legislating. Specifically, this report called upon the Attorney General
     to "convene a panel to propose any legal changes necessary to enable
     sharing of essential homeland security information between the
     government and the private sector." (P. 33)
       The need for more study of the Administration's proposed new FOIA
     exemption was made amply clear by its possible adverse environmental,
     public health and safety affects. Keeping secret problems in a variety
     of critical infrastructures would simply remove public pressure to fix
     the problems. Moreover, several environmental groups pointed out that,
     under the Administration's proposal, companies could avoid enforcement
     action by "voluntarily" providing information about environmental
     violations to the EPA, which would then be unable to use the
     information to hold the company accountable and also would be required
     to keep the information confidential. It would bar the government from
     disclosing information about spills or other violations without the
     written consent of the company that caused the pollution.
       I worked on a bipartisan basis with many interested stakeholders from
     environmental, civil liberties, human rights, business and government
     watchdog groups to craft a compromise FOIA exemption that did not grant
     the business sector's wish-list but did provide additional
     nondisclosure protections for certain records without jeopardizing the
     public health and safety. At the request of Chairman Lieberman for the
     Judiciary Committee's views on the new department, I shared my concerns
     about the Administration's proposed FOIA exemption and then worked with
     Members of the Governmental Affairs Committee, in particular Senator
     Levin and Senator Bennett, to craft a more narrow and responsible
     exemption that accomplishes the Administration's goal of encouraging
     private companies to share records of critical infrastructure
     vulnerabilities with the new Department of Homeland Security without
     providing incentives to "game" the system of enforcement of
     environmental and other laws designed to protect our nation's public
     health and safety. We refined the FOIA exemption in a manner that
     satisfied the Administration's stated goal, while limiting the risks of
     abuse by private companies or government agencies.
       This compromise solution was supported by the Administration and
     other Members of the Committee on Governmental Affairs and was
     unanimously adopted by that Committee at the markup of the Homeland
     Security Department bill on July 25, 2002. The compromise which I now
     introduce as a free standing bill would exempt from the FOIA certain
     records pertaining to critical infrastructure threats and
     vulnerabilities that are furnished voluntarily to the new Department
     and designated by the provider as confidential and not customarily made
     available to the public. Notably, the compromise FOIA exemption made
     clear that the exemption only covered "records" from the private
     sector, not all "information" provided by the private sector and
     thereby avoided the adverse result of government agency-created and
     generated documents and databases being put off-limits to the FOIA
     simply if private sector "information" is incorporated. Moreover, the
     compromise FOIA exemption clearly defined what records may be
     considered "furnished voluntarily," which did not cover records used
     "to satisfy any legal requirement or obligation to obtain any grant,
     permit, benefit (such as agency forbearance, loans, or reduction or
     modifications of agency penalties or rulings), or other approval from
     the Government." The FOIA compromise exemption further ensured that
     portions of records that are not covered by the exemption would be
     released pursuant to FOIA requests. This compromise did not provide any
     civil liability or antitrust immunity that could be used to immunize
     bad actors or frustrate regulatory enforcement action, nor did

     [[Page S3634]]

     the compromise preempt state or local sunshine laws.
       Unfortunately, the version of the HSA that we enacted last November
     jettisoned the bipartisan compromise on the FOIA exemption, worked out
     in the Senate with the Administration's support, and replaced it with a
     big-business wish-list gussied up in security garb. The HSA's FOIA
     exemption makes off-limits to the FOIA much broader categories of
     "information" and grants businesses the legal immunities and
     liability protections they have sought so vigorously for over five
     years. This law goes far beyond what is needed to achieve the laudable
     goal of encouraging private sector companies to help protect our
     critical infrastructure. Instead, it ties the hands of the federal
     regulators and law enforcement agencies working to protect the public
     from imminent threats. It gives a windfall to companies who fail to
     follow federal health and safety standards. Most disappointingly, it
     undermines the goals of openness in government that the FOIA was
     designed to achieve. In short, the FOIA exemption in the HSA represents
     the most severe weakening of the Freedom of Information Act in its 36-
     year history.
       In the end, the broad secrecy protections provided to critical
     infrastructure information in this bill will promote more secrecy,
     which may undermine rather than foster national security. In addition,
     the immunity provisions in the bill will frustrate enforcement of the
     laws that protect the public's health and safety.

       Let me explain in greater detail. The FOIA exemption enacted in the
     HSA allows companies to stamp or designate certain information as
     critical infrastructure information, or "CII," and then submit this
     information about their operations to the government either in writing
     or orally, and thereby obtain a blanket shield from FOIA's disclosure
     mandates as well as other protections. A Federal agency may not
     disclose or use voluntarily-submitted and CII-marked information,
     except for a limited "informational purpose," such as "analysis,
     warning, interdependency study, recovery, reconstitution," without the
     company's consent. Even when using the information to warn the public
     about potential threats to critical infrastructure, the bill requires
     agencies to take steps to protect from disclosure the source of the CII
     information and other "business sensitive" information.
       The law also contains an unprecedented provision that threatens jail
     time and job loss to any government employee who happens to disclose
     any critical infrastructure information that a company has submitted
     and wants to keep secret. These penalties for using the CII information
     in an unauthorized fashion or for failing to take steps to protect
     disclosure of the source of the information are severe and will chill
     any release of CII information--not just when a FOIA request comes in,
     but in all situations, no matter the circumstance. Criminalizing
     disclosures not of classified information or national security related
     information, but of information that a company decides it does not want
     public--is an effective way to quash discussion and debate over many
     aspects of the government's work. In fact, under the HSA, CII
     information is granted more comprehensive protection under Federal
     criminal laws than classified information.
       This provision of the law has potentially disastrous consequences. If
     an agency is given information from an internet service provider, ISP,
     about cyberattack vulnerabilities, agency employees will have to think
     twice about sharing that information with other ISPs for fear that,
     without the consent of the ISP to use the information, even a warning
     might cost their jobs or risk criminal prosecution.
       This provision means that if a Federal regulatory agency needs to
     issue a regulation to protect the public from threats of harm, it
     cannot rely on any voluntarily submitted information--bringing the
     normal regulatory process to a grinding halt. Public health and law
     enforcement officials need the flexibility to decide how and when to
     warn or prepare the public in the safest, most effective manner. They
     should not have to get "sign off" from a Fortune 500 company to do
       While the HSA risks making it harder for the government to protect
     American families, it makes it much easier for companies to escape
     responsibility when they violate the law by giving them unprecedented
     immunity from civil and regulatory enforcement actions. Once a business
     declares that information about its practices relates to critical
     infrastructure and is "voluntarily" provided, it can then prevent the
     Federal Government from disclosing it not just to the public, but also
     to a court in a civil action. This means that an agency receiving CII-
     marked submissions showing invasions of employee or customer privacy,
     environmental pollution, or government contracting fraud will be unable
     to use that information in a civil action to hold that company
     accountable. Even if the regulatory agency obtains the information
     necessary to bring an enforcement action from an alternative source,
     the company will be able to tie the government up in protracted
     litigation over the source of the information.
       For example, if a company submits information that its factory is
     leaching arsenic in ground water, that information may not be turned
     over to local health authorities to use in any enforcement proceeding
     nor turned over to neighbors who were harmed by drinking the water for
     use in a civil tort action. Moreover, even if EPA tries to bring an
     action to stop the company's wrongdoing, the "use immunity" provided
     in the HSA will tie the agency up in litigation making it prove where
     it got the information and whether it is tainted as "fruit of the
     poisonous tree"--i.e., obtained from the company under the "critical
     infrastructure program."
       Similarly, if the new Department of Homeland Security receives
     information from a bio-medical laboratory about its security
     vulnerabilities, and anthrax is released from the lab three weeks
     later, the Department will not be able to warn the public promptly
     about how to protect itself without consulting with and trying to get
     the consent of the laboratory in order to avoid the risk of job loss or
     criminal prosecution for a non-consensual disclosure. Moreover, if the
     laboratory is violating any state, local or federal regulation in its
     handling of the anthrax, the Department will not be able to turn over
     to another Federal agency, such as the EPA or the Department of Health
     and Human Services, or to any State or local health officials,
     information or documents relating to the laboratory's mishandling of
     the anthrax for use in any enforcement proceedings against the
     laboratory, or in any wrongful death action, should the laboratory's
     mishandling of the anthrax result in the death of any person. The law
     specifically states that such CII-marked information "shall not,
     without the written consent of the person or entity submitting such
     information, be used directly by such agency, any other Federal, State,
     or local authority, or any third party, in any civil action arising
     under Federal or State law if such information is submitted in good
     faith." [H.R. 5710, section 214(a)(1)(C)]
       Most businesses are good citizens and take seriously their
     obligations to the government and the public, but this "disclose-and-
     immunize" provision is subject to abuse by those businesses that want
     to exploit legal technicalities to avoid regulatory guidelines. The HSA
     lays out the perfect blueprint to avoid legal liability: funnel
     damaging information into this voluntary disclosure system and pre-empt
     the government or others harmed by the company's actions from being
     able to use it against the company. This is not the kind of two-way
     public-private cooperation that our country needs.
       The scope of the information that is covered by the new HSA FOIA
     exemption is overly broad and undermines the openness in government
     that FOIA was intended to guarantee. Under this law, information about
     virtually every important sector of our economy that today the public
     has a right to see can be shut off from public view simply by labeling
     it "critical infrastructure information." Prior to enactment of the
     HSA, under FOIA standards, courts had required federal agencies to
     disclose 1. pricing information in contract bids so citizens can make
     sure the government is wisely spending their taxpayer dollars; 2.
     compliance reports that allow constituents to insist that government
     contractors comply with federal equal

     [[Page S3635]]

     opportunity mandates; and 3. banks' financial data so the public can
     ensure that federal agencies properly approve bank mergers. Without
     access to this kind of information, it will be harder for the public to
     hold its government accountable. Under the HSA, all of this information
     may be marked CII information and kept out of public view.
       The HSA FOIA exemption goes so far in exempting such a large amount
     of material from FOIA's disclosure requirements that it undermines
     government openness without making any real gains in safety for
     families in Vermont and across America. We do not keep America safer by
     chilling Federal officials from warning the public about threats to
     their health and safety. We do not ensure our nation's security by
     refusing to tell the American people whether or not their federal
     agencies are doing their jobs or their government is spending their
     hard earned tax dollars wisely. We do not encourage real two-way
     cooperation by giving companies protection from civil liability when
     they break the law. We do not respect the spirit of our democracy when
     we cloak in secrecy the workings of our government from the public we
     are elected to serve.
       The argument over the scope of the FOIA and unilateral executive
     power to shield matters from public scrutiny goes to the heart of our
     fundamental right to be an educated electorate aware of what our
     government is doing. The Rutland Herald got it right in a November 26,
     2002 editorial that explained: "The battle was not over the right of
     the government to hold sensitive, classified information secret. The
     government has that right. Rather, the battle was over whether the
     government would be required to release anything it sought to
       We need to fix this troubling restriction on public accountability.
     Exempting the new Department from laws that ensure responsibility to
     the Congress and to the American people makes for a tenuous start not
     the sure footing we all want for the success and endurance of this new
     Department. I urge my colleagues to support the Restoration of Freedom
     of Information Act of 2003.
       I ask unanimous consent to print the editorials I mentioned and
     several letters of support of the Restore FOIA bill in the Record.
       There being no objection, the additional material was ordered to be
     printed in the Record, as follows:

     Restoration of Freedom of Information Act ("Restore FOIA") Sectional

            Sec. 1. Short title. This section gives the bill the short
          title, the "Restoration of Freedom of Information Act".
            Sec. 2. Protection of Voluntarily Furnished Confidential
          Information. This section strikes subtitle B (secs. 211-215)
          of the Homeland Security Act ("HSA") (P.L. 107-296) and
          inserts a new section 211.
            Sections to be repealed from the HSA: These sections
          contain an exemption to the Freedom of Information Act (FOIA)
          that (1) exempt from disclosure critical infrastructure
          information voluntarily submitted to the new department that
          was designated as confidential by the submitter unless the
          submitter gave prior written consent; (2) provide civil
          immunity for use of such information in civil actions against
          the company; (3) preempt state sunshine laws if the
          designated information is shared with state or local
          government agencies; and (4) impose criminal penalties of up
          to one year imprisonment on government employees who
          disclosed the designated information.
            Provisions that would replace the repealed sections of the
          HAS: The Restore FOIA bill inserts a new section 211 to the
          HSA that would exempt from the FOIA certain records
          pertaining to critical infrastructure threats and
          vulnerabilities that are furnished voluntarily to the new
          Department and designated by the provider as confidential and
          not customarily made available to the public. Notably, the
          Restore FOIA bill makes clear that the exemption covers
          "records" from the private sector, not all "information"
          provided by the private sector, as in the enacted version of
          the HSA. The Restore FOIA bill ensures that portions of
          records that are not covered by the exemption would be
          released pursuant to FOIA requests. It does not provide any
          civil liability immunity or preempt state or local sunshine
          laws, and it does not criminalize whistleblower activity.
            Specifically, this section of the Restore FOIA bill
          includes the following:
            A definition of "critical infrastructure": This term is
          given the meaning adopted in section 1016(e) the USA Patriot
          Act (42 U.S.C. 5195c(e)) which reads, "critical
          infrastructure means systems and assets, whether physical or
          virtual, so vital to United States that the incapacity or
          destruction of such systems and assets would have a
          debilitating impact on security, national economic security,
          national public health or safety, or any combination of those
          matters." This definition is commonly understood to mean
          facilities such as bridges, dams, ports, nuclear power
          plants, or chemical plants.
            A definition of the term "furnished voluntarily": This
          term signifies documents provided to the Department of
          Homeland Security (DHS) that are not formally required by the
          department and that are provided to it to satisfy any legal
          requirement. The definition excludes any document that is
          provided to DHS with a permit or grant application or to
          obtain any other benefit from DHS, such as a loan, agency
          forbearance, or modification of a penalty.
            An exemption from FOIA of records that pertain to
          vulnerabilities of and threats to critical infrastructure
          that are furnished voluntarily to DHS. This exemption is made
          available where the provider of the record certifies that the
          information is confidential and would not customarily be
          released to the public.
            A requirement that other government agencies that have
          obtained such records from DHS withhold disclosure of the
          records and refer any FOIA requests to DHS for processing.
            A requirement that reasonably segregable portions of
          requested documents be disclosed, as is well-established
          under FOIA.
            An allowance to agencies that obtain critical
          infrastructure records from a source other than DHS to
          release requested records consistent with FOIA, regardless of
          whether DHS has an identical record in its possession.
            An allowance to providers of critical infrastructure
          records to withdraw the confidentiality designation of
          records voluntarily submitted to DHS, thereby making the
          records subject to disclosure under FOIA.
            A direction to the Secretary of Homeland Security to
          establish procedures to receive, designate, store, and
          protect the confidentiality of records voluntarily submitted
          and certified as critical infrastructure records.
            A clarification that the bill would not preempt state or
          local information disclosure laws.
            A requirement for the Comptroller General to report to the
          House and Senate Judiciary Committees, the House Governmental
          Reform Committee and the Senate Governmental Affairs
          Committee the number of private entities and government
          agencies that submit records to DHS under the terms of the
          bill. The report would also include the number of requests
          for access to records that were granted or denied. Finally,
          the Comptroller General would make recommendations to the
          committees for modifications or improvements to the
          collection and analysis of critical infrastructure
            Sec. 3. Technical and conforming amendment. This section
          amends the table of contents of the Homeland Security Act.

                    [From the Washington Post, Feb. 10, 2003]

                                Fix This Loophole

            The Homeland Security law enacted last year contains a
          miserable provision that weakens important federal regulation
          and public access to information. Congress should act soon to
          repair the damage.
            The goal of the provision was reasonable enough:
          encouraging companies to share information with the
          government about infrastructure that might be vulnerable to
          terrorist attack. Fearing public disclosure, companies have
          been reluctant to share information on vulnerabilities at,
          say, power plants or chemical factories. So under the law,
          any such "critical infrastructure" information that
          companies voluntarily provide to the government is exempted
          from disclosure to the public, litigants and enforcement
            But the law defines "information" so broadly that it will
          cover, and thus keep secret, virtually anything a company
          decides to fork over. A company might preempt environmental
          regulators by "voluntarily" divulging incriminating
          material, thereby making it unavailable to anyone else.
          Unless regulators could show they had obtained the material
          independently, it would be off limits to them. And the law
          prescribes criminal penalties for whistle-blowers who make
          such information public. The collective impact will be to put
          in the hands of a regulated party the power, simply by
          turning over information, to shield that information from
          legitimate law enforcement purposes and from public
            Sens. Patrick J. Leahy (D-Vt.) and Robert F. Bennett (R-
          Utah) had negotiated a compromise that would accomplish the
          reasonable purpose without such broad harmful effects. It
          should be restored before the government finds its hands
          tied--and the public finds itself out of the loop--on
          important regulatory matters.

                    [From the Washington Post, Nov. 20, 2002]

                                 Too Many Secrets

                                (By Mark Tapscott)

            Why does the White House sometimes seem so determined to
          close the door on the people's right to know what their
          government is doing? Even some of us who admire the
          leadership of President Bush in the war on terrorism would
          like to know.
            Admittedly, insisting that the public's business be done in
          public isn't a popular cause these days. Recent surveys show
          that many Americans are willing to trade significant chunks
          of their First Amendment rights for the promise of greater
          security in the war on terrorism. Such surveys must gladden
          the hearts of Bush administration

     [[Page S3636]]

          officials who--presumably unintentionally--undermine measures
          such as the Freedom of Information Act (FOIA).
            Consider just three examples from the past year: Section
          204 of the White House's original proposal to establish a
          Department of Homeland Security, White House Chief of Staff
          Andrew Card's March 2002 directive that agencies restrict
          access to "sensitive but unclassified" information, and the
          administration's claim of executive privilege to keep secret
          information regarding President Clinton's infamous midnight
            The administration's Section 204 proposal exempted from
          FOIA disclosure any information "provided voluntarily by
          non-federal entities or individuals that relates to
          infrastructure vulnerabilities or other vulnerabilities to
          terrorism." One need not be a Harvard law graduate to see
          that, without clarification of what constitutes such
          vulnerabilities, this loophole could be manipulated by clever
          corporate and government operators to hide endless varieties
          of potentially embarrassing and/or criminal information from
          public view.
            Subsequent negotiations in the Senate with the White House
          resulted in compromise language that takes care of some of
          the major problems, but in the rush to final passage, the
          Senate has accepted the House version of the legislation,
          which, being virtually identical to the administration's
          original version, remains deeply flawed in this regard.
            The Card memo was issued when public anger over the Sept.
          11, 2001, massacre was still intense. Despite the fact that
          the memo failed to define what constitutes "sensitive but
          unclassified" information, agencies responded by removing
          thousands of previously public documents from FOIA
          disclosure. The Pentagon, for example, estimated recently
          that approximately 6,000 Defense Department documents were
          removed from public view. Who now outside of government can
          verify that any of those documents contained information that
          could help terrorists?
            Few would argue that the Section 204 proposal and the Card
          memo do not address legitimate national security needs in the
          war against terrorism. But to date, nobody has produced a
          single example of vital information that could not have been
          properly exempted from disclosure under the current FOIA,
          which is backed by 25 years of detailed case law. Instead,
          the administration offers vague language that invites abuse.
            Finally, there are those pardons, which provoked a national
          outcry when first reported. President Clinton had pardoned
          140 people, including his Whitewater partner Susan McDougal,
          his brother Roger (convicted on cocaine-related charges) and
          international fugitive Marc Rich, wanted by the Justice
          Department for allegedly conspiring with the Iranian
          government in 1980 to buy 6 million barrels of oil, contrary
          to a U.S. trade embargo.
            It is doubtful that the full facts behind the pardons will
          ever be known as long as the administration refuses to
          disclose nearly 4,000 pages related to the former president's
          actions. The Bush administration has taken a similar position
          on documents related to former attorney general Janet Reno's
          controversial decision not to appoint a special counsel to
          investigate possible Clinton administration campaign finance
            There was a time when at least one senior Bush
          administration official thought the FOIA essential because
          "no matter what party has held the political power of
          government, there have been attempts to cover up mistakes and
          errors." That same official added that "disclosure of
          government information is particularly important today
          because government is becoming involved in more and more
          aspects of every citizen's personal and business life, and so
          access to information about how government is exercising its
          trust becomes increasingly important."
            So spoke a young Illinois Republican congressman named
          Donald Rumsfeld, in a floor speech on June 20, 1966,
          advocating passage of the FOIA, of which he was a co-sponsor.
            The writer is director of the Heritage Foundation's Center
          for Media and Public Policy.

      Fix the Critical Infrastructure Information Subtitle in the Homeland
                               Security Act of 2002

            The undersigned organizations are concerned about the
          current language for Critical Infrastructure Information in
          the Homeland Security Act of 2002, which contains ambiguous
          definitions that could unintentionally allow companies to
          keep broad categories of information secret and provisions
          that restrict the government's ability to use the
          information. In order to better serve the goal of improving
          public safety and security, we support efforts to fix the
          Homeland Security Act by clarifying the scope of the
          information protected and removing provisions that overly
          restrict the government's ability to use the information.
            Senators Leahy (D-VT), Levin (D-MI), Jeffords (I-VT),
          Lieberman (D-CT), and Byrd (D-WV) will soon introduce
          legislation entitled the Restoration of Freedom of
          Information Act of 2003 ("Restore FOIA") addressing these
          concerns, using bipartisan language developed last year by
          the Senate Governmental Affairs Committee. The Restore FOIA
          solution would:
            Clarify the FOIA exemption to be more consistent with
          established law.
            Remove the restrictions on the government's ability to act
          as it sees fit in response to the information it receives.
            Preserve whistleblower protections by removing unnecessary
          criminal penalties.
            The information provisions currently within the Homeland
          Security Act of 2002 do not accomplish the goal of the law--
          empowering the government to protect citizens using private-
          sector information which is "voluntarily" shared and
          identifies potential vulnerabilities to terrorist attacks.
          The current language could have devastating effects on the
          work of the government to protect public health, safety and
          security, as well as government accountability. It is
          essential that these problems in the Homeland Security Act be
          fixed immediately before they become too firmly entrenched in
          the law.
            Jean AbiNader, Managing Director, Arab American Institute.
            Prudence S. Adler, Associate Executive Director,
          Association of Research Libraries.
            Steven Aftergood, Project Director, Federation of American
            Gary Bass, Executive Director, OMB Watch.
            Jeremiah Baumann, Director, Toxics Right to Know Campaign,
          U.S. Public Interest Research Group.
            Ruth Berlin, Executive Director, MD Pesticide Network.
            Lynne Bradley, Director, Government Relations, American
          Library Association.
            Danielle Brian, Executive Director, Project on Government
            Sandy Buchanan, Executive Director, Ohio Citizen Action.
            Jeanne Butterfield, Executive Director, American
          Immigration Lawyers Association.
            Alyssondra Campaigne, Legislative Director, Natural
          Resources Defense Council.
            Kevin S. Curtis, Vice President, Government Affairs,
          National Environmental Trust.
            Lucy Dalglish, Executive Director, Reporters Committee for
          Freedom of the Press.
            Charles N. Davis, Executive Director, Freedom of
          Information Center, University of Missouri School of
            Tom Devine, Legal Director, Government Accountability
            Rick Engler, Director, New Jersey Work Environment Council.
            Jason Erb, Director, Governmental Relations, Council on
          American-Islamic Relations.
            Darryl Fagin, Legislative Director, Americans for
          Democratic Action.
            Margaret Fung, Executive Director, Asian American Legal
          Defense and Education Fund.
            Vickie Goodwin, Organizer, Powder River Basin Resource
            Evan Hendricks, Editor/Publisher, Privacy Times.
            Rick Hind, Legislative Director, Greenpeace.
            Khalil Jahshan, Director of Government Affairs, American-
          Arab Anti-Discrimination Committee.
            Susan E. Kegley, Staff Scientist/Program Coordinator,
          Pesticide Action Network, North America.
            Robert Leger, President, Society of Professional
            Dave LeGrande, Director, Occupational Safety & Health, CWA/
            Sanford Lewis, Director, Strategic Counsel on Corporate
            Conrad Martin, Executive Director, Fund for Constitutional
            Alexandra McPherson, Director, Clean Production Action.
            Dena Mottola, Acting Director, New Jersey Public Interest
          Research Group.
            Laura W. Murphy, Director, Washington National Office,
          American Civil Liberties Union.
            Ralph G. Neas, President, People for the American Way.
            Robert Oakley, Washington Affairs Representative, American
          Association of Law Libraries.
            Paul Orum, Director, Working Group on Community Right-to-
            Deborah Pierce, Executive Director, Privacy Activism.
            Chellie Pingree, President and CEO, Common Cause.
            Ari Schwartz, Associate Director, Center for Democracy and
            Debbie Sease, Legislative Director, Sierra Club.
            Bob Shavelson, Executive Director, Cook Inlet Keeper.
            Peggy M. Shepard, Executive Director, West Harlem
          Environmental Action.
            Ted Smith, Executive Director, Silicon Valley Toxics
            David Sobel, General Counsel, Electronic Privacy
          Information Center.
            Ed Spar, Executive Director, Council on Professional
          Association of Federal Statistics.
            Vivian Stockman, Communications Coordinator, Ohio Valley
          Environmental Coalition.
            Daniel Swartz, Executive Director, Children's Environmental
          Health Network.
            Lee Tien, Senior Staff Attorney, Electronic Frontier
            Elizabeth Thompson, Legislative Director, Environmental
            Sara Zdeb, Legislative Director, Friends of the Earth.

     [[Page S3637]]

                                                        March 12, 2003.
          Hon. Susan Collins,
          Chair, Senate Committee on Governmental Affairs, U.S. Senate,
              Dirksen Senate Office Building, Washington, DC.
          Hon. Orrin Hatch,
          Chair, Senate Committee on the Judiciary, U.S. Senate,
              Dirksen Senate Office Building, Washington, DC.
          Hon. Joseph Lieberman,
          Ranking Member, Senate Committee on Governmental Affairs,
              U.S. Senate, Hart Senate Office Building, Washington, DC.
          Hon. Patrick Leahy,
          Ranking Member, Senate Committee on the Judiciary, U.S.
              Senate, Dirksen Senate Office Building, Washington, DC.
            Dear Senators Collins, Hatch, Lieberman, and Leahy: The
          Homeland Security Act of 2002 was a very important
          legislative accomplishment that responded to new challenges
          facing our country.
            On the path to passage of the Act, however, certain
          sections, particularly Section 214, dealing with Critical
          Infrastructure Information, left a number of journalistic
          organizations concerned that broad categories of
          information--particularly information that relates to the
          public's health and safety--would unnecessarily be shielded
          from public view.
            Thus, we support efforts to clarify the language in favor
          of essential openness, which, in fact, will also resolve
          potential barriers that restrict the government's own use of
          information provided by companies. The "Restoration of
          Freedom of Information Act of 2003" would substitute
          bipartisan language developed last year by the Senate
          Government Affair Committee for that which was enacted into
          law. This bill would:
            Clarify the FOIA exemption to be more consistent with
          established law, while still protecting records on critical
          infrastructure vulnerabilities submitted to the Department of
          Homeland Security by private firms.
            Remove the restrictions on the government's ability to act
          as it sees fit in response to the information it receives.
            Preserve whistleblower protections by removing unnecessary
          criminal penalties.
            It is important for both citizens and the government
          process that these changes in law are made quickly.
            Thank you for your consideration.
              American Society of Magazine Editors; American Society of
                Newspaper Editors; Associated Press Managing Editors;
                Freedom of Information Center, University of Missouri
                School of Journalism; Magazine Publishers of America;
                National Federation of Press Women; National Newspaper
                Association; National Press Club; Newsletter &
                Electronic Publishers Association; Newspaper
                Association of America; Radio-Television News Directors
                Association; Reporters Committee for Freedom of the
                Press; Society of Professional Journalists.

                                 Let Freedom Ring

                             (By Maurice J. Freedman)

            What if you want to find out if toxic chemicals are buried
          under your child's schoolyard? How could you tell if your
          veterans' benefits hinged on proving you were exposed to
          biohazards during a top-secret mission? Or perhaps a
          candidate for your city council wants to better understand
          formerly classified plans for emergency evacuation.
            These days, it's possible, with considerable patience,
          determination, and a few clicks of a mouse, to file a request
          for answers to questions like these and a broad range of
          government information that are critical to our lives, work,
          health and well being.
            But like registering to vote, in some places and for some
          people, this precious freedom hasn't always been so easy to
            The main tool for such fact-finding, the Freedom of
          Information Act, known as FOIA, which we honor each year on
          the anniversary of James Madison's birthday, was first
          enacted on July 4, 1966. Before that, any-one who wanted to
          get records from the federal government had to establish his
          or her legal right to examine those records. That was
          expensive, time-consuming and a barrier for countless
          legitimate requests for information on issues from whether
          the nuclear reactor downwind had a record of safety
          violations to how the Nixon administration tried to deport
          John Lennon as detailed in his FBI files.
            With FOIA, the burden shifted to government agencies,
          requiring them to meet these requests unless they fell within
          a handful of specific national security exemptions. Indeed,
          since then, any decision by an agency to withhold a document
          could be challenged in federal court.
            From John Lennon's or Rev. Dr. Martin Luther King Jr.'s FBI
          files to record of debates on whether to use nuclear weapons
          in Vietnam, FOIA requests now run the gamut of what we need
          to know about what our government is doing with our tax
          dollars in our name. Whether it's internal NASA memos about
          space shuttle safety or exchanges among federal officials
          about Japanese internment camps during World War II, our
          right to know about the deliberations and actions of our
          federal government is a cornerstone of American democracy.
            In 1974, in reaction to Watergate, Congress moved to
          strengthen FOIA. Unwilling to let our country be run more
          like a closed corporation than an open, democratic society,
          this change allowed courts to order the release of documents,
          even when the President said they couldn't be made public.
            Our system of representative democracy depends on the free
          flow of information produced, collected and published by our
          government and available to the public so we can participate
          as an informed electorate.
            Since the early 19th century, libraries have served as
          depositories for the written record of our nation's
          development and gateways to the decisions of its leaders,
          thus assuring public access to government information. Today,
          21st-century librarians are committed to ensuring the
          public's right to know is protected in the electronic age. As
          organizers, navigators and providers of government
          information that serves the public, we help file FOIA
          requests and otherwise support freedom of information @ your
            Many Americans depend on access to information collected,
          organized and disseminated by the federal government--from
          farmers and health care professionals, to journalists and
          veterans, community interest groups to local and state
          government officials, and indeed, all voters.
            Americans come to libraries to find Census and other
          statistics; to help plan new business and marketing
          strategies; to research environmental issues and hazards,
          laws and regulations; and to learn about job opportunities
          from government and other employment lists.
            The ongoing transition to predominantly electronic
          transmission of federal information offers both promise and
          problems for the public in this realm. Information that is
          only in electronic form quickly appears on--and as quickly
          disappears from--Web sites. There is often no one charged
          with capturing, preserving or making electronic data
          available to future generations, as well as those, who for a
          variety of reasons, cannot access or work with electronic
            True national security is built on a vibrant democracy and
          a well-informed citizenry, not a culture of secrecy. Said
          James Madison, on whose birthday we make Freedom of
          Information Day, "Knowledge will forever govern ignorance,
          and a people who mean to be their own governors must arm
          themselves with the power which knowledge gives." Although
          he wrote in response to abuses by Britain's King George III,
          his warnings ring equally true today.
            Every country has hospitals, police and schools. But only
          free countries allow the free flow of ideas. Free libraries
          are the hub of public access to government information.
          Challenges to an informed citizenry range from the complexity
          and inequality in information technology to illiteracy,
          limited information literacy skills and unequal access to
          education and information resources.
            Thankful for our freedoms, we must do our best as we
          prepare to fight halfway around the world to ensure that we
          continue to guard with unrelating vigilance the right to know
          here at home.

       Mr. LEVIN. Mr. President, today I join with Senators Leahy, Byrd,
     Jeffords, and Lieberman to introduce the Restore Freedom of Information
     Act, Restore FOIA, that will provide the public with access to
     information, while at the same time ensuring that information
     voluntarily submitted to the government by companies is not improperly
     disclosed. In order to ensure public access and limit improper
     disclosure, we need to reexamine some aspects of the Homeland Security
     Act, HSA, which was rushed through Congress last year, dropping several
     carefully-crafted, bipartisan measures which had been adopted by the
     Senate Governmental Affairs Committee, along the way. Dropping those
     measures left ambiguities in the law that need to be clarified, and
     today's bill is an attempt to make those clarifications and address
     certain problems that could otherwise result.
       The issue this bill addresses is public access to information in the
     possession of the Homeland Security Department. Although some seem to
     want to shroud all homeland security efforts in secrecy, as Judge Damon
     Keith, writing for the U.S. Sixth Circuit of Appeals, recently warned
     "Democracies die behind closed doors." The principles of open
     government and the public's right to know are cornerstones of our
     democracy. We cannot sacrifice those principles in the name of
     protecting them.
       One of the reasons that I voted against the Homeland Security Act
     last year was because the final bill dropped a bipartisan provision,
     passed by the Senate Governmental Affairs Committee, clarifying how the
     new Department of Homeland Security, DHS, should comply with the
     Freedom of Information Act, FOIA. The final bill substituted a poorly
     drafted provision that could inappropriately close the door on persons
     seeking unclassified information from the Department related to
     critical infrastructure.
       What is critical infrastructure? Critical infrastructure is the
     backbone that holds our country together and

     [[Page S3638]]

     makes it work--our roads, computer grids, telephones, pipelines, water
     treatment plants, utilities, and other facilities essential to a fully
     functioning Nation. It so happens that, in the United States, much of
     our critical infrastructure is controlled by private entities, often
     privately owned or publicly traded corporations. To strengthen existing
     protections for these facilities, the Federal Government asked the
     companies that own them to submit unclassified information about their
     facilities to assist the government in evaluating them, identifying
     possible problems, and designing stronger protections from terrorist
     attack, natural disasters, or other threats to homeland security.
       Some companies asked to voluntarily submit this information feared
     that it might be improperly disclosed, and sought a new exemption from
     the Federal Freedom of Information Act, FOIA, to prohibit disclosure of
     so-called "critical infrastructure information." Reporters, public
     interest groups, and others feared that, if this FOIA exemption were
     granted, companies could send important environmental and safety
     information to DHS under the general heading of "critical
     infrastructure information" and thereby put this information out of
     the public's reach. To bring these sides together, last July, Senators
     Bennett, Leahy and I worked out a bipartisan FOIA compromise that
     codified existing case law with regard to companies voluntarily
     submitting information. At the Senate Governmental Affairs Committee
     mark-up of the homeland security legislation, Senator Bennett said that
     the Administration supported our compromise, but the language was
     ultimately dropped from the final Homeland Security Act. As a result,
     the media, public interest groups, and others continue to fear that
     companies may be hiding important health and safety information that
     has long been public and should be public behind the mask of "critical
       To rectify this situation, today we are introducing a bill that would
     change the existing HSA language in several important ways. First, our
     bill defines the key term, "critical infrastructure," in a more
     focused way than the overly broad language in the HSA. To do that, our
     bill draws from language in existing case law, that has already been
     tested by the courts. The existing HSA language, it interpreted
     broadly, could expand the prohibition on disclosing critical
     infrastructure information to include virtually every aspect of a
     company's operations, denying public access to a great deal of health
     and safety information that the public has a right to know. If this
     expansive interpretation was not the intent of the bill's drafters,
     then they should be willing to accept our court-tested language.
       A second important change that our bill would make in the existing
     HSA involves the issue of civil immunity for companies that violate the
     law. As currently worded, the HSA seems to suggest that companies
     which voluntarily submit to DHS critical infrastructure information
     indicating that the company is in violation of public health or safety
     regulations may gain protection from legal action in court to halt or
     penalize this wrongdoing, even if the information shows that the
     company is acting negligently. For example, the current HSA provisions
     could lead to the disturbing situation where DHS learns, through a
     critical infrastructure submission, that a company is leaking polluted
     sludge into a nearby waterway in violation of environmental
     restrictions, but is barred from going to court to stop the pollution
     because the law appears to prohibit the agency's use of the critical
     infrastructure information in a civil action. Our bill would eliminate
     the possibility that the HSA would provide companies with civil
     immunity under these circumstances.

       A third key problem with the existing HSA language is that it
     includes a provision that could send a Federal whistleblower who
     discloses critical infrastructure information, even to an appropriate
     authority, to prison. The language is clear that if a DHS employee
     discloses unclassified critical infrastructure information, even when
     acting as a whistleblower who reveals the information to Congress in an
     act of conscience or patriotism, that whistleblower could wind up in
     jail. My colleague, Senator Leahy, describes a whistleblower who works
     at the FAA who blew the whistle on government collusion to coverup
     failures by airlines to meet tests on airline preparedness. That
     whistleblower could have ended up in jail had he blown the whistle
     under today's law. A year in jail is quite a deterrent for a Federal
     employee who is thinking about blowing the whistle, and we have never
     before threatened Federal whistleblowers with jail terms. It is a bad
     idea, and it is counterproductive to homeland safety.
       There are other troubling provisions in the current HSA law as well,
     equally detrimental to the public's right to know. For example, the HSA
     exempts all communication of critical infrastructure information from
     the open meeting and other sunshine requirements of the Federal
     Advisory Committee Act, and places critical infrastructure information
     outside restrictions on ex parte contacts. The HSA also pre-empts state
     and local sunshine laws, an undue intrusion on the power of the States.
     The bill we are introducing today would strike all of these unnecessary
     provisions, and create in their stead a narrow FOIA exemption that
     balances the prohibition against improper disclosures of critical
     infrastructure information with the public's right to know.
       Finally, I would like to include in the Record two examples of
     situations that could occur under the language in the HSA but would not
     occur under our bill. These disturbing examples were provided by Dr.
     Rena Steinzor, Professor at the University of Maryland School of Law,
     on behalf of the center for Progressive Regulation.
       Case Study Number 1 is the following:
       A large Midwest utility decides to replace an old coal burning
     electric generation unit with a new one. The new unit, much larger than
     the first, will produce significantly greater air pollution emissions.
     The company could mitigate these increases by installing additional
     pollution control equipment, but decides it does not wish to incur the
     expense. It begins construction and simultaneously reports its plans to
     the DHS as "critical infrastructure information," so Federal security
     experts will know about its increased capacity to generate electricity.
       A Department of Homeland Security employee, visiting the plant to
     consult on government purchases of power during emergency situations,
     notices readings on internal gauges reflecting the dramatically
     increased emissions. She telephones EPA to report the situation. EPA
     issues a Notice of Violation to the company, and threatens to bring an
     action for civil penalties, but is instructed to desist by DHS
     officials who inform EPA that the HSA prohibits disclosing the
     information provided to the agency in court and that DHS wants to list
     the company as an emergency supplier capable of providing expanded
     electricity production in an upcoming report to Congress. EPA drops its
     enforcement action, and the DHS employee not only loses her job but
     also is prosecuted criminally.
       Case Study Number 2 is the following:
       Lobbyists representing companies that provide goods and services to
     the Department of Homeland Security routinely submit materials
     describing their companies' products in glowing terms. They arrange
     repeated trips for government purchasing agents to exotic locations
     under the guise of briefing them regarding the technical aspects of the
     products. All of this information is designated as critical
     infrastructure by the companies, and is therefore protected from
     disclosure and oversight by the media or possibly even individual
     members of Congress who could see the information but not reveal it.
       The Homeland Security Act was never intended to protect polluters or
     special interests from public scrutiny. But as these examples
     demonstrate, that is exactly what could happen if the current, vague
     language in the law is not corrected. The bill we are introducing today
     would make the needed corrections.
       On January 17, 2003 at his confirmation hearing before the
     Governmental Affairs Committee, I questioned Governor Ridge about these
     problems with the current wording of the Homeland

     [[Page S3639]]

     Security Act. I asked him whether the HSA could have the unintended
     consequences of providing protections for wrongdoing while impeding
     access to necessary information to protect public health and safety.
     Governor Ridge replied: "[T]hat certainly wasn't the intent, I am
     sure, of those who advocated the Freedom of Information Act exemption,
     to give wrongdoers protection or to protect illegal activity, and I
     will certainly work with you to clarify that language." If that was
     not the intent, then let us fix the vague, and potentially dangerous
     provisions that are in this bill.
       I would also note, for the record, that many organizations have
     endorsed our bill including the following:
       American Association of Law Libraries, American Civil Liberties
     Union, American Immigration Lawyers Association, American Library
     Association, American-Arab Anti-Discrimination Committee, Americans for
     Democratic Action, American Society of Magazine Editors, American
     Society of Newspaper Editors, Arab American Institute, Asian American
     Legal Defense and Education Fund, Associated Press Managing Editors,
     Association of Research Libraries, Center for Democracy and Technology,
     Children's Environmental Health Network, Clean Production Network,
     Common Cause, Communications Workers of America, Cook Inlet Keeper,
     Council on American-Islamic Relations, Council on Professional
     Association of Federal Statistics, Electronic Frontier Foundation,
     Electronic Privacy Information Center, Environmental Defense,
     Federation of American Scientists, Freedom of Information Center,
     Friends of the Earth, Fund for Constitutional Government, Government
     Accountability Project, Greenpeace, Magazine Publishers of America,
     Maryland Pesticide Network, National Federation of Press Women,
     National Newspaper Association, National Press Club, Natural Resources
     Defense Council, New Jersey Work Environment Council, Newsletter &
     Electronic Publishers Association, Newspaper Association of America,
     Ohio Valley Environmental Coalition, OMB Watch, Pesticide Action
     Network, North America Powder River Basin Resource Council, Privacy
     Activism, Privacy Times, Project on Government Oversight, Radio-
     Television News Directors Association, Reporters Committee for Freedom
     of the Press, Sierra Club, Silicon Valley Toxics Coalition, Society of
     Professional Journalists, Strategic Counsel on Corporate
     Accountability, U.S. Public Interest Research Group, University of
     Missouri School of Journalism, West Harlem Environmental Action Working
     Group on Community Right-to-Know.