Congresswoman Jan Schakowsky, Ninth District, IL
District MapHomeWelcomeJan in the NewsJan in WashingtonCapitol Hill9th Congressional District, IllinoisServicesFeedback Privacy Statement
 

 

White House Pushes Voluntary Data Sharing; 
But critics say homeland security effort would allow companies to hide too much

July 29th, 2002

By Patrick Thibodeau

Computerworld

Law enforcement and private-sector officials arguing for legislation to protect data on corporate information security from public disclosure were accused last week of backing a measure that could be used to hide dirty corporate secrets. 

There is an alternative to trying to entice corporations to share information security data by means of weakening federal freedom of information laws, said U.S. Rep. Janice Schakowsky (D-Ill.) at a hearing of the Subcommittee on Government Efficiency, Financial Management and Intergovernmental Relations. "That is to say this information isn't voluntary -- that we require it,"she said. If Schakowsky, a ranking committee Democrat, were to make good on her threat, she would face opposition from Bush administration officials, who have repeatedly opposed forcing companies to share information about threats, software vulnerabilities and other data-security-related information. Instead, the administration is working to convince private companies to cooperate voluntarily with the government. 

Key to this voluntary sharing effort are provisions in pending legislation to create a cabinet-level homeland security department. 

Fear of Disclosure 

That legislation would include new exemptions to the federal Freedom of Information Act (FOIA) for information security. The intent is to help the private-sector Information Sharing and Analysis Centers (ISAC), which are industry-specific groups intended to assist private-sector companies with protecting themselves from cyberthreats. 

Stanley Jarocki, vice president for information security at New York-based Morgan Stanley Dean Witter &Co. and chairman of the financial services ISAC, said at the hearing that fear of disclosure "has severely hindered information sharing efforts." He called for a "narrowly written" exemption. 

How narrow an exemption is the point of contention. Schakowsky, as well as civil liberties groups, have accused the Bush administration of backing a measure that was overly broad and could conceivably be used by a company to hide unpleasant information -- a pollution incident, for example -- from public disclosure under the guise of security. 

John Tritak, director of the Critical Information Assurance Office, said the Bush administration wants a narrowly crafted rule. "No one is talking about a safe haven for illegal activity," he said. 

Scott Charney, the chief security strategist at Microsoft Corp., said the argument that companies will use exemption from FOIA obligations to hide information "presumes that this information is public information today. It's not." 

Companies involved in an ISAC share threat and suspicious activity data to detect patterns, software vulnerability information and other intelligence. The government would like to see more of that data.
 

 
Home  In the News  Jan in DC  Capitol Hill  9th District, IL  Services  Feedback