Breaking and associated brands will be offline for scheduled maintenance Friday Feb. 26 9 PM US EST to Saturday Feb. 27 6 AM EST. We apologize for the inconvenience.


Thank you for sharing!

Your article was successfully shared with the contacts you provided.
special to the national law journal Steven E. Roberts writes and speaks frequently on critical infrastructure protection and cybersecurity. He can be contacted at The homeland Security Act of 2002 sparked the largest reorganization of government in more than 50 years. The legislation did not merely merge 22 federal entities into the new Department of Homeland Security; it also recast the Freedom of Information Act (FOIA). Certain security information provided to the Department of Homeland Security from the private sector is now exempt from FOIA disclosure requirements. Critics of the changes- ranging from public interest groups and environmentalists to jour-nalists and academics- allege that FOIA has been co-opted by homeland security. Such criticism is misplaced, and arguably, unjustified. Information is the lifeblood of a defense against terrorism. As such, the department ensures that information-such as terrorist “chatter” alluding to potential attacks or facts concerning terror vulnerabilities-is now shared evenly and openly across government. But a large portion of security data originates not from government wiretaps or spy satellites, but from the private sector. This is particularly true for critical infrastructures, such as power plants, chemical manufacturing facilities, telecommunications networks and oil refineries, among others. Because a terrorist assault on any of these systems could inflict human and economic damage that would cascade throughout the American economy, experts worry that such attacks are a matter of when, not if. Facilities in private hands Yet mounting a defense is not so simple: Up to 90% of critical infrastructures are owned and operated by the private sector, putting most of the information needed for a defense out of the government’s reach. The critical information that is shared comes voluntarily, or not at all. The department has no legal authority to compel its release. Privacy concerns temper industry attitudes. The culprit is FOIA: Since critical infrastructure-security information is often proprietary, competitive owners and operators worry that information they provide might be subject to obligatory release. Industry rivals, potential litigants and even terrorists could use the law to gain access to sensitive company data. Without a FOIA exemption specific to critical infrastructure-security information, industry has had reason not to share, and the security of America’s critical infrastructures has suffered as a result. The recent changes to FOIA were designed to address this problem, and were a leap forward in the fight against terror. The changes, though, have not been universally welcomed. Many owners and operators are proceeding cautiously, not wanting to be the first to take the leap. Critics view the new FOIA exemptions as unnecessary. Indeed, since Sept. 11, 2001, FOIA itself has fallen victim to the sometimes ambiguous imperatives of security and counterterrorism. There are concerns that the new provisions will allow owners and operators to shield incriminating, and even illegal, practices from the public-or worse, from regulators and law enforcement agencies. The reality and scope of the statute suggests the contrary. First, the FOIA changes were necessary to gain the trust of the private sector, and therefore ensure the meaningful protection of the nation’s critical infrastructures. Under the old FOIA provisions, none of the nine enumerated FOIA exemptions, including those for national-security information as well as for confidential business information, applied precisely to the specific class of “critical infrastructure information.” In defining clear statutory exemptions, the Homeland Security Act of 2002 increased the likelihood that critical infrastructure owners and operators would share pertinent security information and do so frequently and openly. Second, for the new immunity provisions to apply, critical infrastructure- security information must be submitted to the department. The good-faith qualification ensures that critical-infrastructure owners and operators cannot use the exemption to conceal wrongdoing from regulators or potential litigants. For example, companies that attempt to hide a chemical accident from environmental regulators by volunteering information under the guise of “critical infrastructure-security information” will not receive FOIA protection. Furthermore, information necessary for law enforcement investigations or the prosecution of criminal acts does not enjoy FOIA-exempt status. Balancing competing goals Critics of the new FOIA provisions need to recognize that two imperatives of governance are intersecting: the need to promote transparency and accountability, and the need to provide for the common defense. Terrorism has made a new kind of threat credible; yet, “homeland security” is meaningless if it is gained at the expense of public accountability, the essence of democracy. An evolving accommodation of the two principles is now emerging. Certainly, a FOIA exemption for a specific and limited class of critical infrastructure-security information does not take America down the path of Orwellian government. Quite the contrary, the government cannot share, cannot conceal and cannot obstruct what it does not have. But for the FOIA exemption, the federal government would never be granted access to otherwise private critical-infrastructure security information in the first place. However, without the FOIA exemption, our nation would be more vulnerable, and our critical infrastructures-the underpinnings of modern society-would be more at risk.

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Advance® Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]


ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2021 ALM Media Properties, LLC. All Rights Reserved.