necessary to encourage
owners of such facilities to identify
vulnerabilities in their operations and share that information with the
Department of Homeland Security, DHS. The stated goal was to ensure
that steps could be taken to ensure the facilities' protection and
In fact, such descriptions of the legislation were disingenuous.
These provisions, which were eventually enacted in the HSA, shield from
FOIA almost any voluntarily submitted document stamped by the facility
owner as "critical infrastructure." This is true no matter how
tangential the content of that document may be to the actual security
of a facility. The law effectively allows companies to hide information
about public health and safety from American citizens simply by
submitting it to DHS. The enacted provisions were called "deeply
flawed" by Mark Tapscott of the Heritage Foundation in a November 20,
2002 Washington Post op-ed. "Too Many Secrets," Washington Post,
November 20, 2002, at A25. He argued that the "loophole" created by
the law "could be manipulated by clever corporate and government
operators to hide endless varieties of potentially embarrassing and/or
criminal information from public view."
In addition, under the HSA, disclosure by private facilities to DHS
neither obligates the private company to address the vulnerability, nor
requires DHS to fix the problem. For example, in the case of a chemical
spill, the law bars the government from disclosing information without
the written consent of the company that caused the pollution. As the
Washington Post editorialized on February 10, 2003, "A company might
preempt environmental regulators by `voluntarily' divulging
incriminating material, thereby making it unavailable to anyone else."
"Fix This Loophole," Washington Post, February 10, 2003, at A20.
The new law also 1. shields the companies from lawsuits to compel
disclosure, 2. criminalizes otherwise legitimate whistleblower activity
by DHS employees, and 3. preempts any state or local disclosure laws.
The Restore FOIA bill I introduce today with Senators Levin,
Jeffords, Lieberman, and Byrd is identical to language I negotiated
with Senators Levin and Bennett last summer when the HSA was debated by
the Governmental Affairs Committee. Senator Bennett stated in the
Committee's July 25, 2003 mark up that the administration had endorsed
the compromise. He also said that industry groups had reported to him
that the compromise language would make it possible for them to share
information with the government without fear of the information being
released to competitors or to other agencies that might accidentally
reveal it. The Governmental Affairs Committee reported out the
compromise language that day. Unfortunately, much more restrictive
House language was eventually signed into law.
The February 10 Post editorial called the Leahy-Levin-Bennett
language "a compromise that would accomplish the reasonable purpose"
of "encouraging companies to share information with the government
about infrastructure that might be vulnerable to terrorist attack
without such broad harmful effects." Id. The Post editorial was
titled, "Fix This Loophole," which is exactly what my colleagues and
I hope to accomplish with the introduction of this bill. Id.
The Restore FOIA bill would correct the problems in the HSA in
several ways. First, it limits the FOIA exemption to relevant
"records" submitted by the private sector, such that only those that
actually pertain to critical infrastructure safety are protected.
"Records" is the standard category referred to in FOIA. This corrects
the effective free pass given to industry by the HSA for any
information it labels "critical infrastructure."
Second, unlike the HSA, the Restore FOIA bill allows for government
oversight, including the ability to use and share the records within
and between agencies. It does not limit the use of such information by
the government, except to prohibit public disclosure where such
information is appropriately exempted under FOIA.
Third, it protects the actions of legitimate whistleblowers, rather
than criminalizing their acts.
Fourth, it does not provide civil immunity to companies that
voluntarily submit information. This corrects a flaw in the current
law, which would prohibit such information from being used directly in
civil suits by government or private parties.
Fifth, unlike the HSA, the Restore FOIA bill allows local authorities
to apply their own sunshine laws. The Restore FOIA bill does not
preempt any state or local disclosure laws for information obtained
outside the Department of Homeland Security. Likewise, it does not
restrict the use of such information by state agencies.
Finally, the Restore FOIA bill does not restrict congressional use or
disclosure of voluntarily submitted critical infrastructure
information. The HSA language was unclear on this point, and even the
Congressional Research Service could not say for certain that members
of Congress or their staff would not be criminally liable. Homeland
Security Act of 2002: Critical Infrastructure Information Act, February
29, 2003, CRS Report for Congress, Order Code RL31762, at 14-15.
These changes to the HSA would accomplish the stated goals of the
critical infrastructure provisions in the HSA without tying the hands
of the government in its efforts to protect Americans and without
cutting the public out of the loop.
The Administration has flip-flopped on how to best approach the issue
of critical infrastructure information. The Administration's original
June 18, 2002, legislative proposal establishing a new department
carved out an FOIA exemption, in section 204, and required non-
disclosure of any "information" "voluntarily" provided to the new
Department of Homeland Security by "non-Federal entities or
individuals" pertaining to "infrastructure vulnerabilities or other
vulnerabilities to terrorism" in the possession of, or that passed
through, the new department. Critical terms, such as "voluntarily
provided," were undefined.
The Judiciary Committee had an opportunity to query Governor Ridge
about the Administration's proposal on June 26, 2002, when the
Administration reversed its long-standing position and allowed him to
testify in his capacity as the Director of the Transition Planning
Governor Ridge's testimony at that hearing is instructive. He seemed
to appreciate the concerns expressed by Members about the President's
June 18 proposal and to be willing to work with us in the legislative
process to find common ground. On the FOIA issue, he described
the Administration's goal to craft "a limited statutory exemption to
the Freedom of Information Act" to help "the Department's most
important missions [which] will be to protect our Nation's critical
infrastructure." (June 26, 2002 Hearing, Tr., p. 24). Governor Ridge
explained that to accomplish this, the Department must be able to
"collect information, identifying key assets and components of that
infrastructure, evaluate vulnerabilities, and match threat assessments
against those vulnerabilities." (Id., at p. 23).
not understand why some have insisted that FOIA and our national
security are inconsistent. Before the HSA was enacted, the FOIA already
exempted from disclosure matters that are classified; trade secret,
commercial and financial information, which is privileged and
confidential; various law enforcement records and information,
including confidential source and informant information; and FBI
records pertaining to foreign intelligence or counterintelligence, or
international terrorism. These already broad exemptions in the FOIA
were designed to protect national security and public safety and to
ensure that the private sector can provide needed information to the
Prior to enactment of the HSA, the FOIA exempted from disclosure any
financial or commercial information provided voluntarily to the
government, if it was of a kind that the provider would not customarily
make available to the public. Critical Mass Energy Project v. NRC, 975
F.2d 871 (D.C. Cir. 1992) (en banc). Such information enjoyed even
stronger nondisclosure protections than did material that the
government requested. Applying this exception, Federal regulatory
agencies safeguarded the confidentiality of all kinds of critical
infrastructure information, like nuclear power plant safety reports
Mass, 975 F.2d at
874), information about product manufacturing
processes and internal security measures (Bowen v. Food & Drug Admin.,
925 F.2d 1225 (9th Cir. 1991), design drawings of airplane parts
(United Technologies Corp. by Pratt & Whitney v. F.A.A., 102 F.3d 688
(2d Cir. 1996)), and technical data for video conferencing software
(Gilmore v. Dept. of Energy, 4 F. Supp.2d 912 (N.D. Cal. 1998)).
The head of the FBI National Infrastructure Protection Center, NIPC,
testified more than five years ago, in September, 1998, that the "FOIA
excuse" used by some in the private sector for failing to share
information with the government was, in essence, baseless. He explained
the broad application of FOIA exemptions to protect from disclosure
information received in the context of a criminal investigation or a
"national security intelligence" investigation, including information
submitted confidentially or even anonymously. [Sen. Judiciary
Subcommittee on Technology, Terrorism, and Government Information,
Hearing on Critical Infrastructure Protection: Toward a New Policy
Directive, S. HRG. 105-763, March 17 and June 10, 1998, at p. 107]
The FBI also used the confidential business record exemption under
(b)(4) "to protect sensitive corporate information, and has, on
specific occasions, entered into agreements indicating that it would do
so prospectively with reference to information yet to be received."
NIPC was developing policies "to grant owners of information certain
opportunities to assist in the protection of the information (e.g., by
`sanitizing the information themselves') and to be involved in
decisions regarding further dissemination by the NIPC." Id. In short,
the former Administration witness stated:
Sharing between the private sector and the government
occasionally is hampered by a perception in the private
sector that the government cannot adequately protect private
sector information from disclosure under the Freedom of
Information Act, FOIA. The NIPC believes that this perception
is flawed in that both investigative and infrastructure
protection information submitted to NIPC are protected from
FOIA disclosure under current law. (Id.)
for more than five years, businesses continued to seek
a broad FOIA exemption that also came with special legal protections to
limit their civil and criminal liability. That business wish list was
largely granted in the Homeland Security Act.
At the Senate Judiciary Committee hearing with Governor Ridge, I
expressed my concern that an overly broad FOIA exemption would
encourage government complicity with private firms to keep secret
information about critical infrastructure vulnerabilities, reduce the
incentive to fix the problems and end up hurting rather than helping
our national security. In the end, more secrecy may undermine rather
than foster security.
Governor Ridge seemed to appreciate these risks, and said he was
"anxious to work with the Chairman and other members of the committee
to assure that the concerns that [had been] raised are properly
addressed." Id. at p. 24. He assured us that "[t]his Administration
is ready to work together with you in partnership to get the job done.
This is our priority, and I believe it is yours as well." Id. at p.
25. This turned out to be an empty promise.
Almost before the ink was dry on the Administration's earlier June
proposal, on July 10, 2002, the Administration proposed to substitute a
much broader FOIA exemption that would (1) exempt from disclosure under
the FOIA critical infrastructure information voluntarily submitted to
the new department that was designated as confidential by the submitter
unless the submitter gave prior written consent, (2) provide limited
civil immunity for use of the information in civil actions against the
company, with the likely result that regulatory actions would be
preceded by litigation by companies that submitted designated
information to the department over whether the regulatory action was
prompted by a confidential disclosure, (3) preempt state sunshine laws
if the designated information is shared with state or local government
agencies, (4) impose criminal penalties of up to one year imprisonment
on government employees who disclosed the designated information, and
(5) antitrust immunity for companies that joined together with agency
components designated by the President to promote critical
Despite the Administration's promulgation of two separate proposals
for a new FOIA exemption in as many weeks, in July, Director Ridge's
Office of Homeland Security released The National Strategy for Homeland
Security, which appeared to call for more study of the issue before
legislating. Specifically, this report called upon the Attorney General
to "convene a panel to propose any legal changes necessary to enable
sharing of essential homeland security information between the
government and the private sector." (P. 33)
The need for more study of the Administration's proposed new FOIA
exemption was made amply clear by its possible adverse environmental,
public health and safety affects. Keeping secret problems in a variety
of critical infrastructures would simply remove public pressure to fix
the problems. Moreover, several environmental groups pointed out that,
under the Administration's proposal, companies could avoid enforcement
action by "voluntarily" providing information about environmental
violations to the EPA, which would then be unable to use the
information to hold the company accountable and also would be required
to keep the information confidential. It would bar the government from
disclosing information about spills or other violations without the
written consent of the company that caused the pollution.
I worked on a bipartisan basis with many interested stakeholders from
environmental, civil liberties, human rights, business and government
watchdog groups to craft a compromise FOIA exemption that did not grant
the business sector's wish-list but did provide additional
nondisclosure protections for certain records without jeopardizing the
public health and safety. At the request of Chairman Lieberman for the
Judiciary Committee's views on the new department, I shared my concerns
about the Administration's proposed FOIA exemption and then worked with
Members of the Governmental Affairs Committee, in particular Senator
Levin and Senator Bennett, to craft a more narrow and responsible
exemption that accomplishes the Administration's goal of encouraging
private companies to share records of critical infrastructure
vulnerabilities with the new Department of Homeland Security without
providing incentives to "game" the system of enforcement of
environmental and other laws designed to protect our nation's public
health and safety. We refined the FOIA exemption in a manner that
satisfied the Administration's stated goal, while limiting the risks of
abuse by private companies or government agencies.
This compromise solution was supported by the Administration and
other Members of the Committee on Governmental Affairs and was
unanimously adopted by that Committee at the markup of the Homeland
Security Department bill on July 25, 2002. The compromise which I now
introduce as a free standing bill would exempt from the FOIA certain
records pertaining to critical infrastructure threats and
vulnerabilities that are furnished voluntarily to the new Department
and designated by the provider as confidential and not customarily made
available to the public. Notably, the compromise FOIA exemption made
clear that the exemption only covered "records" from the private
sector, not all "information" provided by the private sector and
thereby avoided the adverse result of government agency-created and
generated documents and databases being put off-limits to the FOIA
simply if private sector "information" is incorporated. Moreover, the
compromise FOIA exemption clearly defined what records may be
considered "furnished voluntarily," which did not cover records used
"to satisfy any legal requirement or obligation to obtain any grant,
permit, benefit (such as agency forbearance, loans, or reduction or
modifications of agency penalties or rulings), or other approval from
the Government." The FOIA compromise exemption further ensured that
portions of records that are not covered by the exemption would be
released pursuant to FOIA requests. This compromise did not provide any
civil liability or antitrust immunity that could be used to immunize
bad actors or frustrate regulatory enforcement action, nor did
the compromise preempt
state or local sunshine laws.
Unfortunately, the version of the HSA that we enacted last November
jettisoned the bipartisan compromise on the FOIA exemption, worked out
in the Senate with the Administration's support, and replaced it with a
big-business wish-list gussied up in security garb. The HSA's FOIA
exemption makes off-limits to the FOIA much broader categories of
"information" and grants businesses the legal immunities and
liability protections they have sought so vigorously for over five
years. This law goes far beyond what is needed to achieve the laudable
goal of encouraging private sector companies to help protect our
critical infrastructure. Instead, it ties the hands of the federal
regulators and law enforcement agencies working to protect the public
from imminent threats. It gives a windfall to companies who fail to
follow federal health and safety standards. Most disappointingly, it
undermines the goals of openness in government that the FOIA was
designed to achieve. In short, the FOIA exemption in the HSA represents
the most severe weakening of the Freedom of Information Act in its 36-
In the end, the broad secrecy protections provided to critical
infrastructure information in this bill will promote more secrecy,
which may undermine rather than foster national security. In addition,
the immunity provisions in the bill will frustrate enforcement of the
laws that protect the public's health and safety.
explain in greater detail. The FOIA exemption enacted in the
HSA allows companies to stamp or designate certain information as
critical infrastructure information, or "CII," and then submit this
information about their operations to the government either in writing
or orally, and thereby obtain a blanket shield from FOIA's disclosure
mandates as well as other protections. A Federal agency may not
disclose or use voluntarily-submitted and CII-marked information,
except for a limited "informational purpose," such as "analysis,
warning, interdependency study, recovery, reconstitution," without the
company's consent. Even when using the information to warn the public
about potential threats to critical infrastructure, the bill requires
agencies to take steps to protect from disclosure the source of the CII
information and other "business sensitive" information.
The law also contains an unprecedented provision that threatens jail
time and job loss to any government employee who happens to disclose
any critical infrastructure information that a company has submitted
and wants to keep secret. These penalties for using the CII information
in an unauthorized fashion or for failing to take steps to protect
disclosure of the source of the information are severe and will chill
any release of CII information--not just when a FOIA request comes in,
but in all situations, no matter the circumstance. Criminalizing
disclosures not of classified information or national security related
information, but of information that a company decides it does not want
public--is an effective way to quash discussion and debate over many
aspects of the government's work. In fact, under the HSA, CII
information is granted more comprehensive protection under Federal
criminal laws than classified information.
This provision of the law has potentially disastrous consequences. If
an agency is given information from an internet service provider, ISP,
about cyberattack vulnerabilities, agency employees will have to think
twice about sharing that information with other ISPs for fear that,
without the consent of the ISP to use the information, even a warning
might cost their jobs or risk criminal prosecution.
This provision means that if a Federal regulatory agency needs to
issue a regulation to protect the public from threats of harm, it
cannot rely on any voluntarily submitted information--bringing the
normal regulatory process to a grinding halt. Public health and law
enforcement officials need the flexibility to decide how and when to
warn or prepare the public in the safest, most effective manner. They
should not have to get "sign off" from a Fortune 500 company to do
While the HSA risks making it harder for the government to protect
American families, it makes it much easier for companies to escape
responsibility when they violate the law by giving them unprecedented
immunity from civil and regulatory enforcement actions. Once a business
declares that information about its practices relates to critical
infrastructure and is "voluntarily" provided, it can then prevent the
Federal Government from disclosing it not just to the public, but also
to a court in a civil action. This means that an agency receiving CII-
marked submissions showing invasions of employee or customer privacy,
environmental pollution, or government contracting fraud will be unable
to use that information in a civil action to hold that company
accountable. Even if the regulatory agency obtains the information
necessary to bring an enforcement action from an alternative source,
the company will be able to tie the government up in protracted
litigation over the source of the information.
For example, if a company submits information that its factory is
leaching arsenic in ground water, that information may not be turned
over to local health authorities to use in any enforcement proceeding
nor turned over to neighbors who were harmed by drinking the water for
use in a civil tort action. Moreover, even if EPA tries to bring an
action to stop the company's wrongdoing, the "use immunity" provided
in the HSA will tie the agency up in litigation making it prove where
it got the information and whether it is tainted as "fruit of the
poisonous tree"--i.e., obtained from the company under the "critical
Similarly, if the new Department of Homeland Security receives
information from a bio-medical laboratory about its security
vulnerabilities, and anthrax is released from the lab three weeks
later, the Department will not be able to warn the public promptly
about how to protect itself without consulting with and trying to get
the consent of the laboratory in order to avoid the risk of job loss or
criminal prosecution for a non-consensual disclosure. Moreover, if the
laboratory is violating any state, local or federal regulation in its
handling of the anthrax, the Department will not be able to turn over
to another Federal agency, such as the EPA or the Department of Health
and Human Services, or to any State or local health officials,
information or documents relating to the laboratory's mishandling of
the anthrax for use in any enforcement proceedings against the
laboratory, or in any wrongful death action, should the laboratory's
mishandling of the anthrax result in the death of any person. The law
specifically states that such CII-marked information "shall not,
without the written consent of the person or entity submitting such
information, be used directly by such agency, any other Federal, State,
or local authority, or any third party, in any civil action arising
under Federal or State law if such information is submitted in good
faith." [H.R. 5710, section 214(a)(1)(C)]
Most businesses are good citizens and take seriously their
obligations to the government and the public, but this "disclose-and-
immunize" provision is subject to abuse by those businesses that want
to exploit legal technicalities to avoid regulatory guidelines. The HSA
lays out the perfect blueprint to avoid legal liability: funnel
damaging information into this voluntary disclosure system and pre-empt
the government or others harmed by the company's actions from being
able to use it against the company. This is not the kind of two-way
public-private cooperation that our country needs.
The scope of the information that is covered by the new HSA FOIA
exemption is overly broad and undermines the openness in government
that FOIA was intended to guarantee. Under this law, information about
virtually every important sector of our economy that today the public
has a right to see can be shut off from public view simply by labeling
it "critical infrastructure information." Prior to enactment of the
HSA, under FOIA standards, courts had required federal agencies to
disclose 1. pricing information in contract bids so citizens can make
sure the government is wisely spending their taxpayer dollars; 2.
compliance reports that allow constituents to insist that government
contractors comply with federal equal
and 3. banks' financial data so the public can
ensure that federal agencies properly approve bank mergers. Without
access to this kind of information, it will be harder for the public to
hold its government accountable. Under the HSA, all of this information
may be marked CII information and kept out of public view.
The HSA FOIA exemption goes so far in exempting such a large amount
of material from FOIA's disclosure requirements that it undermines
government openness without making any real gains in safety for
families in Vermont and across America. We do not keep America safer by
chilling Federal officials from warning the public about threats to
their health and safety. We do not ensure our nation's security by
refusing to tell the American people whether or not their federal
agencies are doing their jobs or their government is spending their
hard earned tax dollars wisely. We do not encourage real two-way
cooperation by giving companies protection from civil liability when
they break the law. We do not respect the spirit of our democracy when
we cloak in secrecy the workings of our government from the public we
are elected to serve.
The argument over the scope of the FOIA and unilateral executive
power to shield matters from public scrutiny goes to the heart of our
fundamental right to be an educated electorate aware of what our
government is doing. The Rutland Herald got it right in a November 26,
2002 editorial that explained: "The battle was not over the right of
the government to hold sensitive, classified information secret. The
government has that right. Rather, the battle was over whether the
government would be required to release anything it sought to
We need to fix this troubling restriction on public accountability.
Exempting the new Department from laws that ensure responsibility to
the Congress and to the American people makes for a tenuous start not
the sure footing we all want for the success and endurance of this new
Department. I urge my colleagues to support the Restoration of Freedom
of Information Act of 2003.
I ask unanimous consent to print the editorials I mentioned and
several letters of support of the Restore FOIA bill in the Record.
There being no objection, the additional material was ordered to be
printed in the Record, as follows:
Restoration of Freedom
of Information Act ("Restore FOIA") Sectional
Sec. 1. Short title. This section gives the bill the short
title, the "Restoration of Freedom of Information Act".
Sec. 2. Protection of Voluntarily Furnished Confidential
Information. This section strikes subtitle B (secs. 211-215)
of the Homeland Security Act ("HSA") (P.L. 107-296) and
inserts a new section 211.
Sections to be repealed from the HSA: These sections
contain an exemption to the Freedom of Information Act (FOIA)
that (1) exempt from disclosure critical infrastructure
information voluntarily submitted to the new department that
was designated as confidential by the submitter unless the
submitter gave prior written consent; (2) provide civil
immunity for use of such information in civil actions against
the company; (3) preempt state sunshine laws if the
designated information is shared with state or local
government agencies; and (4) impose criminal penalties of up
to one year imprisonment on government employees who
disclosed the designated information.
Provisions that would replace the repealed sections of the
HAS: The Restore FOIA bill inserts a new section 211 to the
HSA that would exempt from the FOIA certain records
pertaining to critical infrastructure threats and
vulnerabilities that are furnished voluntarily to the new
Department and designated by the provider as confidential and
not customarily made available to the public. Notably, the
Restore FOIA bill makes clear that the exemption covers
"records" from the private sector, not all "information"
provided by the private sector, as in the enacted version of
the HSA. The Restore FOIA bill ensures that portions of
records that are not covered by the exemption would be
released pursuant to FOIA requests. It does not provide any
civil liability immunity or preempt state or local sunshine
laws, and it does not criminalize whistleblower activity.
Specifically, this section of the Restore FOIA bill
includes the following:
A definition of "critical infrastructure": This term is
given the meaning adopted in section 1016(e) the USA Patriot
Act (42 U.S.C. 5195c(e)) which reads, "critical
infrastructure means systems and assets, whether physical or
virtual, so vital to United States that the incapacity or
destruction of such systems and assets would have a
debilitating impact on security, national economic security,
national public health or safety, or any combination of those
matters." This definition is commonly understood to mean
facilities such as bridges, dams, ports, nuclear power
plants, or chemical plants.
A definition of the term "furnished voluntarily": This
term signifies documents provided to the Department of
Homeland Security (DHS) that are not formally required by the
department and that are provided to it to satisfy any legal
requirement. The definition excludes any document that is
provided to DHS with a permit or grant application or to
obtain any other benefit from DHS, such as a loan, agency
forbearance, or modification of a penalty.
An exemption from FOIA of records that pertain to
vulnerabilities of and threats to critical infrastructure
that are furnished voluntarily to DHS. This exemption is made
available where the provider of the record certifies that the
information is confidential and would not customarily be
released to the public.
A requirement that other government agencies that have
obtained such records from DHS withhold disclosure of the
records and refer any FOIA requests to DHS for processing.
A requirement that reasonably segregable portions of
requested documents be disclosed, as is well-established
An allowance to agencies that obtain critical
infrastructure records from a source other than DHS to
release requested records consistent with FOIA, regardless of
whether DHS has an identical record in its possession.
An allowance to providers of critical infrastructure
records to withdraw the confidentiality designation of
records voluntarily submitted to DHS, thereby making the
records subject to disclosure under FOIA.
A direction to the Secretary of Homeland Security to
establish procedures to receive, designate, store, and
protect the confidentiality of records voluntarily submitted
and certified as critical infrastructure records.
A clarification that the bill would not preempt state or
local information disclosure laws.
A requirement for the Comptroller General to report to the
House and Senate Judiciary Committees, the House Governmental
Reform Committee and the Senate Governmental Affairs
Committee the number of private entities and government
agencies that submit records to DHS under the terms of the
bill. The report would also include the number of requests
for access to records that were granted or denied. Finally,
the Comptroller General would make recommendations to the
committees for modifications or improvements to the
collection and analysis of critical infrastructure
Sec. 3. Technical and conforming amendment. This section
amends the table of contents of the Homeland Security Act.
[From the Washington Post, Feb. 10, 2003]
Fix This Loophole
The Homeland Security law enacted last year contains a
miserable provision that weakens important federal regulation
and public access to information. Congress should act soon to
repair the damage.
The goal of the provision was reasonable enough:
encouraging companies to share information with the
government about infrastructure that might be vulnerable to
terrorist attack. Fearing public disclosure, companies have
been reluctant to share information on vulnerabilities at,
say, power plants or chemical factories. So under the law,
any such "critical infrastructure" information that
companies voluntarily provide to the government is exempted
from disclosure to the public, litigants and enforcement
But the law defines "information" so broadly that it will
cover, and thus keep secret, virtually anything a company
decides to fork over. A company might preempt environmental
regulators by "voluntarily" divulging incriminating
material, thereby making it unavailable to anyone else.
Unless regulators could show they had obtained the material
independently, it would be off limits to them. And the law
prescribes criminal penalties for whistle-blowers who make
such information public. The collective impact will be to put
in the hands of a regulated party the power, simply by
turning over information, to shield that information from
legitimate law enforcement purposes and from public
Sens. Patrick J. Leahy (D-Vt.) and Robert F. Bennett (R-
Utah) had negotiated a compromise that would accomplish the
reasonable purpose without such broad harmful effects. It
should be restored before the government finds its hands
tied--and the public finds itself out of the loop--on
important regulatory matters.
[From the Washington Post, Nov. 20, 2002]
Too Many Secrets
(By Mark Tapscott)
Why does the White House sometimes seem so determined to
close the door on the people's right to know what their
government is doing? Even some of us who admire the
leadership of President Bush in the war on terrorism would
like to know.
Admittedly, insisting that the public's business be done in
public isn't a popular cause these days. Recent surveys show
that many Americans are willing to trade significant chunks
of their First Amendment rights for the promise of greater
security in the war on terrorism. Such surveys must gladden
the hearts of Bush administration
officials who--presumably unintentionally--undermine measures
such as the Freedom of Information Act (FOIA).
Consider just three examples from the past year: Section
204 of the White House's original proposal to establish a
Department of Homeland Security, White House Chief of Staff
Andrew Card's March 2002 directive that agencies restrict
access to "sensitive but unclassified" information, and the
administration's claim of executive privilege to keep secret
information regarding President Clinton's infamous midnight
The administration's Section 204 proposal exempted from
FOIA disclosure any information "provided voluntarily by
non-federal entities or individuals that relates to
infrastructure vulnerabilities or other vulnerabilities to
terrorism." One need not be a Harvard law graduate to see
that, without clarification of what constitutes such
vulnerabilities, this loophole could be manipulated by clever
corporate and government operators to hide endless varieties
of potentially embarrassing and/or criminal information from
Subsequent negotiations in the Senate with the White House
resulted in compromise language that takes care of some of
the major problems, but in the rush to final passage, the
Senate has accepted the House version of the legislation,
which, being virtually identical to the administration's
original version, remains deeply flawed in this regard.
The Card memo was issued when public anger over the Sept.
11, 2001, massacre was still intense. Despite the fact that
the memo failed to define what constitutes "sensitive but
unclassified" information, agencies responded by removing
thousands of previously public documents from FOIA
disclosure. The Pentagon, for example, estimated recently
that approximately 6,000 Defense Department documents were
removed from public view. Who now outside of government can
verify that any of those documents contained information that
could help terrorists?
Few would argue that the Section 204 proposal and the Card
memo do not address legitimate national security needs in the
war against terrorism. But to date, nobody has produced a
single example of vital information that could not have been
properly exempted from disclosure under the current FOIA,
which is backed by 25 years of detailed case law. Instead,
the administration offers vague language that invites abuse.
Finally, there are those pardons, which provoked a national
outcry when first reported. President Clinton had pardoned
140 people, including his Whitewater partner Susan McDougal,
his brother Roger (convicted on cocaine-related charges) and
international fugitive Marc Rich, wanted by the Justice
Department for allegedly conspiring with the Iranian
government in 1980 to buy 6 million barrels of oil, contrary
to a U.S. trade embargo.
It is doubtful that the full facts behind the pardons will
ever be known as long as the administration refuses to
disclose nearly 4,000 pages related to the former president's
actions. The Bush administration has taken a similar position
on documents related to former attorney general Janet Reno's
controversial decision not to appoint a special counsel to
investigate possible Clinton administration campaign finance
There was a time when at least one senior Bush
administration official thought the FOIA essential because
"no matter what party has held the political power of
government, there have been attempts to cover up mistakes and
errors." That same official added that "disclosure of
government information is particularly important today
because government is becoming involved in more and more
aspects of every citizen's personal and business life, and so
access to information about how government is exercising its
trust becomes increasingly important."
So spoke a young Illinois Republican congressman named
Donald Rumsfeld, in a floor speech on June 20, 1966,
advocating passage of the FOIA, of which he was a co-sponsor.
The writer is director of the Heritage Foundation's Center
for Media and Public Policy.
Fix the Critical
Infrastructure Information Subtitle in the Homeland
Security Act of 2002
The undersigned organizations are concerned about the
current language for Critical Infrastructure Information in
the Homeland Security Act of 2002, which contains ambiguous
definitions that could unintentionally allow companies to
keep broad categories of information secret and provisions
that restrict the government's ability to use the
information. In order to better serve the goal of improving
public safety and security, we support efforts to fix the
Homeland Security Act by clarifying the scope of the
information protected and removing provisions that overly
restrict the government's ability to use the information.
Senators Leahy (D-VT), Levin (D-MI), Jeffords (I-VT),
Lieberman (D-CT), and Byrd (D-WV) will soon introduce
legislation entitled the Restoration of Freedom of
Information Act of 2003 ("Restore FOIA") addressing these
concerns, using bipartisan language developed last year by
the Senate Governmental Affairs Committee. The Restore FOIA
Clarify the FOIA exemption to be more consistent with
Remove the restrictions on the government's ability to act
as it sees fit in response to the information it receives.
Preserve whistleblower protections by removing unnecessary
The information provisions currently within the Homeland
Security Act of 2002 do not accomplish the goal of the law--
empowering the government to protect citizens using private-
sector information which is "voluntarily" shared and
identifies potential vulnerabilities to terrorist attacks.
The current language could have devastating effects on the
work of the government to protect public health, safety and
security, as well as government accountability. It is
essential that these problems in the Homeland Security Act be
fixed immediately before they become too firmly entrenched in
Jean AbiNader, Managing Director, Arab American Institute.
Prudence S. Adler, Associate Executive Director,
Association of Research Libraries.
Steven Aftergood, Project Director, Federation of American
Gary Bass, Executive Director, OMB Watch.
Jeremiah Baumann, Director, Toxics Right to Know Campaign,
U.S. Public Interest Research Group.
Ruth Berlin, Executive Director, MD Pesticide Network.
Lynne Bradley, Director, Government Relations, American
Danielle Brian, Executive Director, Project on Government
Sandy Buchanan, Executive Director, Ohio Citizen Action.
Jeanne Butterfield, Executive Director, American
Immigration Lawyers Association.
Alyssondra Campaigne, Legislative Director, Natural
Resources Defense Council.
Kevin S. Curtis, Vice President, Government Affairs,
National Environmental Trust.
Lucy Dalglish, Executive Director, Reporters Committee for
Freedom of the Press.
Charles N. Davis, Executive Director, Freedom of
Information Center, University of Missouri School of
Tom Devine, Legal Director, Government Accountability
Rick Engler, Director, New Jersey Work Environment Council.
Jason Erb, Director, Governmental Relations, Council on
Darryl Fagin, Legislative Director, Americans for
Margaret Fung, Executive Director, Asian American Legal
Defense and Education Fund.
Vickie Goodwin, Organizer, Powder River Basin Resource
Evan Hendricks, Editor/Publisher, Privacy Times.
Rick Hind, Legislative Director, Greenpeace.
Khalil Jahshan, Director of Government Affairs, American-
Arab Anti-Discrimination Committee.
Susan E. Kegley, Staff Scientist/Program Coordinator,
Pesticide Action Network, North America.
Robert Leger, President, Society of Professional
Dave LeGrande, Director, Occupational Safety & Health, CWA/
Sanford Lewis, Director, Strategic Counsel on Corporate
Conrad Martin, Executive Director, Fund for Constitutional
Alexandra McPherson, Director, Clean Production Action.
Dena Mottola, Acting Director, New Jersey Public Interest
Laura W. Murphy, Director, Washington National Office,
American Civil Liberties Union.
Ralph G. Neas, President, People for the American Way.
Robert Oakley, Washington Affairs Representative, American
Association of Law Libraries.
Paul Orum, Director, Working Group on Community Right-to-
Deborah Pierce, Executive Director, Privacy Activism.
Chellie Pingree, President and CEO, Common Cause.
Ari Schwartz, Associate Director, Center for Democracy and
Debbie Sease, Legislative Director, Sierra Club.
Bob Shavelson, Executive Director, Cook Inlet Keeper.
Peggy M. Shepard, Executive Director, West Harlem
Ted Smith, Executive Director, Silicon Valley Toxics
David Sobel, General Counsel, Electronic Privacy
Ed Spar, Executive Director, Council on Professional
Association of Federal Statistics.
Vivian Stockman, Communications Coordinator, Ohio Valley
Daniel Swartz, Executive Director, Children's Environmental
Lee Tien, Senior Staff Attorney, Electronic Frontier
Elizabeth Thompson, Legislative Director, Environmental
Sara Zdeb, Legislative Director, Friends of the Earth.
March 12, 2003.
Hon. Susan Collins,
Chair, Senate Committee on Governmental Affairs, U.S. Senate,
Dirksen Senate Office Building, Washington, DC.
Hon. Orrin Hatch,
Chair, Senate Committee on the Judiciary, U.S. Senate,
Dirksen Senate Office Building, Washington, DC.
Hon. Joseph Lieberman,
Ranking Member, Senate Committee on Governmental Affairs,
U.S. Senate, Hart Senate Office Building, Washington, DC.
Hon. Patrick Leahy,
Ranking Member, Senate Committee on the Judiciary, U.S.
Senate, Dirksen Senate Office Building, Washington, DC.
Dear Senators Collins, Hatch, Lieberman, and Leahy: The
Homeland Security Act of 2002 was a very important
legislative accomplishment that responded to new challenges
facing our country.
On the path to passage of the Act, however, certain
sections, particularly Section 214, dealing with Critical
Infrastructure Information, left a number of journalistic
organizations concerned that broad categories of
information--particularly information that relates to the
public's health and safety--would unnecessarily be shielded
from public view.
Thus, we support efforts to clarify the language in favor
of essential openness, which, in fact, will also resolve
potential barriers that restrict the government's own use of
information provided by companies. The "Restoration of
Freedom of Information Act of 2003" would substitute
bipartisan language developed last year by the Senate
Government Affair Committee for that which was enacted into
law. This bill would:
Clarify the FOIA exemption to be more consistent with
established law, while still protecting records on critical
infrastructure vulnerabilities submitted to the Department of
Homeland Security by private firms.
Remove the restrictions on the government's ability to act
as it sees fit in response to the information it receives.
Preserve whistleblower protections by removing unnecessary
It is important for both citizens and the government
process that these changes in law are made quickly.
Thank you for your consideration.
American Society of Magazine Editors; American Society of
Newspaper Editors; Associated Press Managing Editors;
Freedom of Information Center, University of Missouri
School of Journalism; Magazine Publishers of America;
National Federation of Press Women; National Newspaper
Association; National Press Club; Newsletter &
Electronic Publishers Association; Newspaper
Association of America; Radio-Television News Directors
Association; Reporters Committee for Freedom of the
Press; Society of Professional Journalists.
Let Freedom Ring
(By Maurice J. Freedman)
What if you want to find out if toxic chemicals are buried
under your child's schoolyard? How could you tell if your
veterans' benefits hinged on proving you were exposed to
biohazards during a top-secret mission? Or perhaps a
candidate for your city council wants to better understand
formerly classified plans for emergency evacuation.
These days, it's possible, with considerable patience,
determination, and a few clicks of a mouse, to file a request
for answers to questions like these and a broad range of
government information that are critical to our lives, work,
health and well being.
But like registering to vote, in some places and for some
people, this precious freedom hasn't always been so easy to
The main tool for such fact-finding, the Freedom of
Information Act, known as FOIA, which we honor each year on
the anniversary of James Madison's birthday, was first
enacted on July 4, 1966. Before that, any-one who wanted to
get records from the federal government had to establish his
or her legal right to examine those records. That was
expensive, time-consuming and a barrier for countless
legitimate requests for information on issues from whether
the nuclear reactor downwind had a record of safety
violations to how the Nixon administration tried to deport
John Lennon as detailed in his FBI files.
With FOIA, the burden shifted to government agencies,
requiring them to meet these requests unless they fell within
a handful of specific national security exemptions. Indeed,
since then, any decision by an agency to withhold a document
could be challenged in federal court.
From John Lennon's or Rev. Dr. Martin Luther King Jr.'s FBI
files to record of debates on whether to use nuclear weapons
in Vietnam, FOIA requests now run the gamut of what we need
to know about what our government is doing with our tax
dollars in our name. Whether it's internal NASA memos about
space shuttle safety or exchanges among federal officials
about Japanese internment camps during World War II, our
right to know about the deliberations and actions of our
federal government is a cornerstone of American democracy.
In 1974, in reaction to Watergate, Congress moved to
strengthen FOIA. Unwilling to let our country be run more
like a closed corporation than an open, democratic society,
this change allowed courts to order the release of documents,
even when the President said they couldn't be made public.
Our system of representative democracy depends on the free
flow of information produced, collected and published by our
government and available to the public so we can participate
as an informed electorate.
Since the early 19th century, libraries have served as
depositories for the written record of our nation's
development and gateways to the decisions of its leaders,
thus assuring public access to government information. Today,
21st-century librarians are committed to ensuring the
public's right to know is protected in the electronic age. As
organizers, navigators and providers of government
information that serves the public, we help file FOIA
requests and otherwise support freedom of information @ your
Many Americans depend on access to information collected,
organized and disseminated by the federal government--from
farmers and health care professionals, to journalists and
veterans, community interest groups to local and state
government officials, and indeed, all voters.
Americans come to libraries to find Census and other
statistics; to help plan new business and marketing
strategies; to research environmental issues and hazards,
laws and regulations; and to learn about job opportunities
from government and other employment lists.
The ongoing transition to predominantly electronic
transmission of federal information offers both promise and
problems for the public in this realm. Information that is
only in electronic form quickly appears on--and as quickly
disappears from--Web sites. There is often no one charged
with capturing, preserving or making electronic data
available to future generations, as well as those, who for a
variety of reasons, cannot access or work with electronic
True national security is built on a vibrant democracy and
a well-informed citizenry, not a culture of secrecy. Said
James Madison, on whose birthday we make Freedom of
Information Day, "Knowledge will forever govern ignorance,
and a people who mean to be their own governors must arm
themselves with the power which knowledge gives." Although
he wrote in response to abuses by Britain's King George III,
his warnings ring equally true today.
Every country has hospitals, police and schools. But only
free countries allow the free flow of ideas. Free libraries
are the hub of public access to government information.
Challenges to an informed citizenry range from the complexity
and inequality in information technology to illiteracy,
limited information literacy skills and unequal access to
education and information resources.
Thankful for our freedoms, we must do our best as we
prepare to fight halfway around the world to ensure that we
continue to guard with unrelating vigilance the right to know
here at home.
Mr. President, today I join with Senators Leahy, Byrd,
Jeffords, and Lieberman to introduce the Restore Freedom of Information
Act, Restore FOIA, that will provide the public with access to
information, while at the same time ensuring that information
voluntarily submitted to the government by companies is not improperly
disclosed. In order to ensure public access and limit improper
disclosure, we need to reexamine some aspects of the Homeland Security
Act, HSA, which was rushed through Congress last year, dropping several
carefully-crafted, bipartisan measures which had been adopted by the
Senate Governmental Affairs Committee, along the way. Dropping those
measures left ambiguities in the law that need to be clarified, and
today's bill is an attempt to make those clarifications and address
certain problems that could otherwise result.
The issue this bill addresses is public access to information in the
possession of the Homeland Security Department. Although some seem to
want to shroud all homeland security efforts in secrecy, as Judge Damon
Keith, writing for the U.S. Sixth Circuit of Appeals, recently warned
"Democracies die behind closed doors." The principles of open
government and the public's right to know are cornerstones of our
democracy. We cannot sacrifice those principles in the name of
One of the reasons that I voted against the Homeland Security Act
last year was because the final bill dropped a bipartisan provision,
passed by the Senate Governmental Affairs Committee, clarifying how the
new Department of Homeland Security, DHS, should comply with the
Freedom of Information Act, FOIA. The final bill substituted a poorly
drafted provision that could inappropriately close the door on persons
seeking unclassified information from the Department related to
What is critical infrastructure? Critical infrastructure is the
backbone that holds our country together and
makes it work--our
roads, computer grids, telephones, pipelines, water
treatment plants, utilities, and other facilities essential to a fully
functioning Nation. It so happens that, in the United States, much of
our critical infrastructure is controlled by private entities, often
privately owned or publicly traded corporations. To strengthen existing
protections for these facilities, the Federal Government asked the
companies that own them to submit unclassified information about their
facilities to assist the government in evaluating them, identifying
possible problems, and designing stronger protections from terrorist
attack, natural disasters, or other threats to homeland security.
Some companies asked to voluntarily submit this information feared
that it might be improperly disclosed, and sought a new exemption from
the Federal Freedom of Information Act, FOIA, to prohibit disclosure of
so-called "critical infrastructure information." Reporters, public
interest groups, and others feared that, if this FOIA exemption were
granted, companies could send important environmental and safety
information to DHS under the general heading of "critical
infrastructure information" and thereby put this information out of
the public's reach. To bring these sides together, last July, Senators
Bennett, Leahy and I worked out a bipartisan FOIA compromise that
codified existing case law with regard to companies voluntarily
submitting information. At the Senate Governmental Affairs Committee
mark-up of the homeland security legislation, Senator Bennett said that
the Administration supported our compromise, but the language was
ultimately dropped from the final Homeland Security Act. As a result,
the media, public interest groups, and others continue to fear that
companies may be hiding important health and safety information that
has long been public and should be public behind the mask of "critical
To rectify this situation, today we are introducing a bill that would
change the existing HSA language in several important ways. First, our
bill defines the key term, "critical infrastructure," in a more
focused way than the overly broad language in the HSA. To do that, our
bill draws from language in existing case law, that has already been
tested by the courts. The existing HSA language, it interpreted
broadly, could expand the prohibition on disclosing critical
infrastructure information to include virtually every aspect of a
company's operations, denying public access to a great deal of health
and safety information that the public has a right to know. If this
expansive interpretation was not the intent of the bill's drafters,
then they should be willing to accept our court-tested language.
A second important change that our bill would make in the existing
HSA involves the issue of civil immunity for companies that violate the
law. As currently worded, the HSA seems to suggest that companies
which voluntarily submit to DHS critical infrastructure information
indicating that the company is in violation of public health or safety
regulations may gain protection from legal action in court to halt or
penalize this wrongdoing, even if the information shows that the
company is acting negligently. For example, the current HSA provisions
could lead to the disturbing situation where DHS learns, through a
critical infrastructure submission, that a company is leaking polluted
sludge into a nearby waterway in violation of environmental
restrictions, but is barred from going to court to stop the pollution
because the law appears to prohibit the agency's use of the critical
infrastructure information in a civil action. Our bill would eliminate
the possibility that the HSA would provide companies with civil
immunity under these circumstances.
key problem with the existing HSA language is that it
includes a provision that could send a Federal whistleblower who
discloses critical infrastructure information, even to an appropriate
authority, to prison. The language is clear that if a DHS employee
discloses unclassified critical infrastructure information, even when
acting as a whistleblower who reveals the information to Congress in an
act of conscience or patriotism, that whistleblower could wind up in
jail. My colleague, Senator Leahy, describes a whistleblower who works
at the FAA who blew the whistle on government collusion to coverup
failures by airlines to meet tests on airline preparedness. That
whistleblower could have ended up in jail had he blown the whistle
under today's law. A year in jail is quite a deterrent for a Federal
employee who is thinking about blowing the whistle, and we have never
before threatened Federal whistleblowers with jail terms. It is a bad
idea, and it is counterproductive to homeland safety.
There are other troubling provisions in the current HSA law as well,
equally detrimental to the public's right to know. For example, the HSA
exempts all communication of critical infrastructure information from
the open meeting and other sunshine requirements of the Federal
Advisory Committee Act, and places critical infrastructure information
outside restrictions on ex parte contacts. The HSA also pre-empts state
and local sunshine laws, an undue intrusion on the power of the States.
The bill we are introducing today would strike all of these unnecessary
provisions, and create in their stead a narrow FOIA exemption that
balances the prohibition against improper disclosures of critical
infrastructure information with the public's right to know.
Finally, I would like to include in the Record two examples of
situations that could occur under the language in the HSA but would not
occur under our bill. These disturbing examples were provided by Dr.
Rena Steinzor, Professor at the University of Maryland School of Law,
on behalf of the center for Progressive Regulation.
Case Study Number 1 is the following:
A large Midwest utility decides to replace an old coal burning
electric generation unit with a new one. The new unit, much larger than
the first, will produce significantly greater air pollution emissions.
The company could mitigate these increases by installing additional
pollution control equipment, but decides it does not wish to incur the
expense. It begins construction and simultaneously reports its plans to
the DHS as "critical infrastructure information," so Federal security
experts will know about its increased capacity to generate electricity.
A Department of Homeland Security employee, visiting the plant to
consult on government purchases of power during emergency situations,
notices readings on internal gauges reflecting the dramatically
increased emissions. She telephones EPA to report the situation. EPA
issues a Notice of Violation to the company, and threatens to bring an
action for civil penalties, but is instructed to desist by DHS
officials who inform EPA that the HSA prohibits disclosing the
information provided to the agency in court and that DHS wants to list
the company as an emergency supplier capable of providing expanded
electricity production in an upcoming report to Congress. EPA drops its
enforcement action, and the DHS employee not only loses her job but
also is prosecuted criminally.
Case Study Number 2 is the following:
Lobbyists representing companies that provide goods and services to
the Department of Homeland Security routinely submit materials
describing their companies' products in glowing terms. They arrange
repeated trips for government purchasing agents to exotic locations
under the guise of briefing them regarding the technical aspects of the
products. All of this information is designated as critical
infrastructure by the companies, and is therefore protected from
disclosure and oversight by the media or possibly even individual
members of Congress who could see the information but not reveal it.
The Homeland Security Act was never intended to protect polluters or
special interests from public scrutiny. But as these examples
demonstrate, that is exactly what could happen if the current, vague
language in the law is not corrected. The bill we are introducing today
would make the needed corrections.
On January 17, 2003 at his confirmation hearing before the
Governmental Affairs Committee, I questioned Governor Ridge about these
problems with the current wording of the Homeland
Security Act. I asked
him whether the HSA could have the unintended
consequences of providing protections for wrongdoing while impeding
access to necessary information to protect public health and safety.
Governor Ridge replied: "[T]hat certainly wasn't the intent, I am
sure, of those who advocated the Freedom of Information Act exemption,
to give wrongdoers protection or to protect illegal activity, and I
will certainly work with you to clarify that language." If that was
not the intent, then let us fix the vague, and potentially dangerous
provisions that are in this bill.
I would also note, for the record, that many organizations have
endorsed our bill including the following:
American Association of Law Libraries, American Civil Liberties
Union, American Immigration Lawyers Association, American Library
Association, American-Arab Anti-Discrimination Committee, Americans for
Democratic Action, American Society of Magazine Editors, American
Society of Newspaper Editors, Arab American Institute, Asian American
Legal Defense and Education Fund, Associated Press Managing Editors,
Association of Research Libraries, Center for Democracy and Technology,
Children's Environmental Health Network, Clean Production Network,
Common Cause, Communications Workers of America, Cook Inlet Keeper,
Council on American-Islamic Relations, Council on Professional
Association of Federal Statistics, Electronic Frontier Foundation,
Electronic Privacy Information Center, Environmental Defense,
Federation of American Scientists, Freedom of Information Center,
Friends of the Earth, Fund for Constitutional Government, Government
Accountability Project, Greenpeace, Magazine Publishers of America,
Maryland Pesticide Network, National Federation of Press Women,
National Newspaper Association, National Press Club, Natural Resources
Defense Council, New Jersey Work Environment Council, Newsletter &
Electronic Publishers Association, Newspaper Association of America,
Ohio Valley Environmental Coalition, OMB Watch, Pesticide Action
Network, North America Powder River Basin Resource Council, Privacy
Activism, Privacy Times, Project on Government Oversight, Radio-
Television News Directors Association, Reporters Committee for Freedom
of the Press, Sierra Club, Silicon Valley Toxics Coalition, Society of
Professional Journalists, Strategic Counsel on Corporate
Accountability, U.S. Public Interest Research Group, University of
Missouri School of Journalism, West Harlem Environmental Action Working
Group on Community Right-to-Know.