CISPA is Terrible for Transparency


The new cybersecurity bill, CISPA, or HR 3523, is terrible on transparency.

The bill proposes broad new information collection and sharing powers (which many other organizations are covering at length).  Even as the bill proposes those powers, it proposes to limit public oversight of this work.

Read this section:

‘(2) USE AND PROTECTION OF INFORMATION- Cyber threat information shared in accordance with paragraph (1)–

‘(i) shall be exempt from disclosure under section 552 of title 5, United States Code;

That part about “section 552” is the Freedom of Information Act, being dismissed wholesale by Congress, for a whole new category of information that they don’t understand, that doesn’t even exist yet.

Let’s make something clear. The Freedom of Information Act is the law that lets the public force the government to determine whether information should be released or not. The Freedom of Information Act doesn’t guarantee that information will be released, but just that anyone can request its release, and then have a legal process to try to provide a fair ruling on whether that information should be made public.  Information that shouldn’t be shared is already protected by law, through largely uncontroversial exemptions.

The FOIA is, in many ways, the fundamental safeguard for public oversight of government’s activities. CISPA dismisses it entirely, for the core activities of the newly proposed powers under the bill.

If this level of disregard for public accountability exists througout the other provisions, then CISPA is a mess. Even if it isn’t, creating a whole new FOIA exemption for information that is poorly defined and doesn’t even exist yet is irresponsible, and should be opposed.

If you’re carelessly creating whole new exemptions to FOIA without hearings on the question, that suggests that the public interest isn’t being considered in this legislation. I suspect that (again) government officials have been at the table with industry, and (again) think that the interests of the public at large can be swept aside.

This is wrong. Our public accountability laws are the foundation for democratic governance, and even if government officials are comfortable being given new powers, and even if industry demands it, that doesn’t mean it’s acceptable.

Follow for more updates on this issue, they first brought it to our attention, and are an absolutely essential safeguard against those who would undermine our open government laws.