Congressional Record: March 15, 2005 (Senate) Page S2735-S2746 STATEMENTS ON INTRODUCED BILLS AND JOINT RESOLUTIONS By Mr. LEAHY (for himself, Mr. Levine, Mr. Feingold, and Mr. Lieberman): S. 622. A bill to amend the Homeland Security Act of 2002 (Public Law 107-296) to provide for the protection of voluntarily furnished confidential information, and for other purposes; to the Committee on the Judiciary. Mr. LEAHY. Mr. President, this week marks the first national ``Sunshine Week.'' The centerpiece of this week is Freedom of Information Day, which falls on March 16, the anniversary of James Madison's birthday. A firm believer in the need for open and accountable government, Madison said, ``A popular government, without popular information, or the means of acquiring it, is but a prologue to a farce or tragedy or perhaps both.'' Each generation of Americans should heed James Madison's warning, and it is fitting and proper that today's generations of Americans use this week to revisit the potentially damaging limitations placed on access to government information in just the last few years. The Freedom of Information Act (FOIA) has been the centerpiece of open government for the 38 years since it came into force in 1967. It enables citizens to obtain information on how their government is protecting the Nation, spending their tax dollars, and implementing the laws their officeholders enact. FOIA helps hold our government accountable. It was through FOIA requests that the St. Petersburg Times uncovered information showing that since the 1991 Gulf War, and due in part to lax security at military bases, thousands of pounds of weapons have been lost or stolen from U.S. stockpiles, and some remains unaccounted for. The Bremerton Sun newspaper in Washington State used FOIA to confirm the mishandling of a nuclear missile at a Navy submarine facility. These are examples of the day-to-day importance of FOIA in helping Americans safeguard our security infrastructure. There are countless other examples of FOIA enabling citizens to obtain information relating to health and safety concerns in their cities and neighborhoods. In 2002, when I voted to support passage of the Homeland Security Act (HSA), I voiced concerns about several flaws in the legislation. I called for the Administration and my colleagues on both sides of the aisle to monitor implementation of the new law and to craft corrective legislation. One of my chief concerns with the HSA was a subtitle of the act that granted an extraordinarily broad exemption to FOIA in exchange for the cooperation of private companies in sharing information with the government regarding vulnerabilities in the nation's critical infrastructure. Unfortunately, the law that was enacted undermines Federal and State sunshine laws permitting the American people to know what their government is doing. Rather than increasing security by encouraging private sector disclosure to the government, it guts FOIA at the expense of our national security and the safety and health of the American people. Today, with my distinguished colleagues Senators Levin, Feingold, and Lieberman I reintroduce legislation to restore the integrity of FOIA. I thank my colleagues for working with me on this important issue of public oversight. We first offered this bill, which we call the Restoration of Freedom of Information Act, or ``Restore FOIA,'' in the 108th Congress. ``Restore FOIA'' protects Americans' right to know while simultaneously providing security to those in the private sector who voluntarily submit critical infrastructure records to the Department of Homeland Security (DHS). Encouraging cooperation between the private sector and the government to keep our critical infrastructure systems safe from terrorist attacks is a goal we all support. But the appropriate way to meet this goal is a source of great debate a debate that has been all but ignored since the enactment of the HSA. The HSA created a new FOIA exemption for ``critical infrastructure information.'' That broadly defined term applies to information covering a wide variety of facilities such as privately operated power plants, bridges, dams, ports, or chemical plants that might be targeted for a terrorist attack. In HSA negotiations in 2002, House Republicans and the Administration promoted language that they described as necessary to encourage owners of such facilities to identify vulnerabilities in their operations and share that information with DHS. The stated goal was to ensure that steps could be taken to ensure the facilities' protection and proper functioning. In fact, such descriptions of the legislation were disingenuous. These provisions, which were eventually enacted in the HSA, shield from FOIA almost any voluntarily submitted document stamped by the facility owner as ``critical infrastructure.'' This is true no matter how tangential the content of that document may be to the actual security of a facility. The law effectively allows companies to hide information about public health and safety from the American people even from neighbors of such a facility in its local community--simply by submitting it to DHS. The enacted provisions were called ``deeply flawed'' by Mark Tapscott of the Heritage Foundation in a November 20, 2002, Washington Post op-ed. He argued that the ``loophole'' created by the law ``could be manipulated by clever corporate and government operators to hide endless varieties of potentially embarrassing and/or criminal information from public view.'' In addition, under the HSA, disclosure by private facilities to DHS neither obligates the private company to address the vulnerability, nor requires DHS to fix the problem. For example, in the case of a chemical spill, the law bars the government from disclosing information without the written consent of the company that caused the pollution. As the Washington Post pointed out in an editorial on February 10, 2003, ``A company might preempt environmental regulators by 'voluntarily' divulging incriminating material, thereby making it unavailable to anyone else.'' [[Page S2737]] The law also 1. shields the companies from lawsuits to compel disclosure, 2. criminalizes otherwise legitimate whistleblower activity by DHS employees, and 3. preempts any state or local disclosure laws. Finally, the HSA requires no reporting whatsoever to the Congress or the public on critical infrastructure submissions to DHS. As a result, it is nearly impossible for the public to learn whether this law is being followed in good faith, whether it is being manipulated by submitters, and whether DHS is conducting due diligence on submissions. It also places hurdles before those of us in Congress who believe in effective oversight. In an effort to obtain some basic data on the treatment of ``critical infrastructure information'' at DHS, two organizations filed a FOIA request in 2004. OMB Watch and the Electronic Privacy Information Center sought public release of the number of submissions and rejections under the law, and of any communications between DHS and submitters. They also requested the Department's program procedures for handling information. DHS did not provide answers. The groups filed a complaint, and the D.C. District Court ordered DHS to respond. We learned that as of February 2005, the critical infrastructure program received 29 submissions and rejected seven of those. We know nothing of the substance of the accepted submissions, what vulnerabilities they may describe, or what is being done to address them. Most businesses are good citizens and take seriously their obligations to the government and the public, but this ``disclose-and- immunize'' provision is subject to abuse by those businesses that want to exploit legal technicalities to avoid regulatory guidelines that are designed to protect the public's health and safety. The HSA lays out the perfect blueprint to avoid legal liability: funnel damaging information into this voluntary disclosure system and preempt the government or others harmed by the company's actions from being able to use it against the company. This is not the kind of two-way public- private cooperation that serves the public interest. The HSA FOIA exemption goes so far in exempting such a large amount of material from FOIA's disclosure requirements that it undermines government openness without making any real gains in safety for families in Vermont and across America. We do not keep America safer by chilling federal officials from warning the public about threats to their health and safety. We do not ensure our nation's security by refusing to tell the American people whether or not their federal agencies are doing their jobs, or whether their government is spending their hard-earned tax dollars wisely. We do not encourage real cooperation by giving companies protection from civil liability when they break the law. We do not respect the spirit of our democracy when we cloak in secrecy the workings of our government from the public we are elected to serve. The Restore FOIA bill I introduce today with Senators Levin, Feingold and Lieberman is identical to language I negotiated with Senators Levin and Bennett in the summer of 2002 when the HSA charter was debated by the Governmental Affairs Committee. Senator Bennett stated in the Committee's July 25, 2002, markup that the Administration had endorsed the compromise. He also said that industry groups had reported to him that the compromise language would make it possible for them to share information with the government without fear of the information being released to competitors or to other agencies that might accidentally reveal it. The Governmental Affairs Committee reported out the compromise language that day. Unfortunately, much more restrictive House language was eventually signed into law. The Restore FOIA bill would correct the problems in the HSA in several ways. First, it limits the FOIA exemption to relevant ``records'' submitted by the private sector, such that only those that actually pertain to critical infrastructure safety are protected. ``Records'' is the standard category referred to in FOIA. This corrects the effective free pass given to regulated industries by the HSA for any information it labels ``critical infrastructure.'' Second, unlike the HSA, the Restore FOIA bill allows for government oversight, including the ability to use and share the records within and between agencies. It does not limit the use of such information by the government, except to prohibit public disclosure where such information is appropriately exempted under FOIA. Third, it protects the actions of legitimate whistleblowers rather than criminalizing their acts. Fourth, it does not provide civil immunity to companies that voluntarily submit information. This corrects a flaw in the current law, which would prohibit such information from being used directly in civil suits by government or private parties. Fifth, unlike the HSA, the Restore FOIA bill allows local authorities to apply their own sunshine laws. The Restore FOIA bill does not preempt any state or local disclosure laws for information obtained outside the Department of Homeland Security. It also does not restrict the use of such information by state agencies. Finally, the Restore FOIA bill does not restrict congressional use or disclosure of voluntarily submitted critical infrastructure information. These changes to the HSA would accomplish the stated goals of the critical infrastructure provisions in the HSA--without tying the hands of the government in its efforts to protect Americans and without cutting the public out of the loop. Restore FOIA is supported by the American Library Association, Common Cause, the Freedom of Information Center, OMB Watch, Association of Research Libraries, the Project on Government Oversight, and OpenTheGovernment.org, among other leading open government organizations. The argument over the scope of the FOIA and unilateral Executive power to shield matters from public scrutiny goes to the heart of our fundamental right to be an educated electorate aware of what our government is doing. The Rutland Herald got it right in a November 26, 2002, editorial that explained: ``The battle was not over the right of the government to hold sensitive, classified information secret. The government has that right. Rather, the battle was over whether the government would be required to release anything it sought to withhold.'' We need to fix this troubling restriction on public accountability. James Madison's warning is a clear warning to us, and it is our generation's duty to heed it. I urge my colleagues to support the Restoration of Freedom of Information Act of 2005. I ask unanimous consent that the text of the bill and a sectional analysis be printed in the Record. There being no objection, the bill was ordered to be printed in the Record, as follows: S. 622 Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, SECTION 1. SHORT TITLE. This Act may be cited as the ``Restoration of Freedom of Information Act of 2005''. SEC. 2. PROTECTION OF VOLUNTARILY FURNISHED CONFIDENTIAL INFORMATION. Title II of the Homeland Security Act of 2002 (6 U.S.C. 121 et seq.) is amended by striking subtitle B and inserting the following: ``Subtitle B--Protection of Voluntarily Furnished Confidential Information ``SEC. 211. PROTECTION OF VOLUNTARILY FURNISHED CONFIDENTIAL INFORMATION. ``(a) Definitions.--In this section: ``(1) Critical infrastructure.--The term `critical infrastructure' has the meaning given that term in section 1016(e) of the USA PATRIOT ACT of 2001 (42 U.S.C. 5195c(e)). ``(2) Furnished voluntarily.-- ``(A) Definition.--The term `furnished voluntarily' means a submission of a record that-- ``(i) is made to the Department in the absence of authority of the Department requiring that record to be submitted; and ``(ii) is not submitted or used to satisfy any legal requirement or obligation or to obtain any grant, permit, benefit (such as agency forbearance, loans, or reduction or modifications of agency penalties or rulings), or other approval from the Government. ``(B) Benefit.--In this paragraph, the term `benefit' does not include any warning, alert, or other risk analysis by the Department. ``(b) In General.--Notwithstanding any other provision of law, a record pertaining to the vulnerability of and threats to critical infrastructure (such as attacks, response, and recovery efforts) that is furnished voluntarily to the Department shall not be made available under section 552 of title 5, United States Code, if-- [[Page S2738]] ``(1) the provider would not customarily make the record available to the public; and ``(2) the record is designated and certified by the provider, in a manner specified by the Department, as confidential and not customarily made available to the public. ``(c) Records Shared With Other Agencies.-- ``(1) In general.-- ``(A) Response to request.--An agency in receipt of a record that was furnished voluntarily to the Department and subsequently shared with the agency shall, upon receipt of a request under section 552 of title 5, United States Code, for the record-- ``(i) not make the record available; and ``(ii) refer the request to the Department for processing and response in accordance with this section. ``(B) Segregable portion of record.--Any reasonably segregable portion of a record shall be provided to the person requesting the record after deletion of any portion which is exempt under this section. ``(2) Disclosure of independently furnished records.-- Notwithstanding paragraph (1), nothing in this section shall prohibit an agency from making available under section 552 of title 5, United States Code, any record that the agency receives independently of the Department, regardless of whether or not the Department has a similar or identical record. ``(d) Withdrawal of Confidential Designation.--The provider of a record that is furnished voluntarily to the Department under subsection (b) may at any time withdraw, in a manner specified by the Department, the confidential designation. ``(e) Procedures.--The Secretary shall prescribe procedures for-- ``(1) the acknowledgment of receipt of records furnished voluntarily; ``(2) the designation, certification, and marking of records furnished voluntarily as confidential and not customarily made available to the public; ``(3) the care and storage of records furnished voluntarily; ``(4) the protection and maintenance of the confidentiality of records furnished voluntarily; and ``(5) the withdrawal of the confidential designation of records under subsection (d). ``(f) Effect on State and Local Law.--Nothing in this section shall be construed as preempting or otherwise modifying State or local law concerning the disclosure of any information that a State or local government receives independently of the Department. ``(g) Report.-- ``(1) Requirement.--Not later than 18 months after the date of the enactment of the Restoration of Freedom of Information Act of 2005, the Comptroller General of the United States shall submit to the committees of Congress specified in paragraph (2) a report on the implementation and use of this section, including-- ``(A) the number of persons in the private sector, and the number of State and local agencies, that furnished voluntarily records to the Department under this section; ``(B) the number of requests for access to records granted or denied under this section; and ``(C) such recommendations as the Comptroller General considers appropriate regarding improvements in the collection and analysis of sensitive information held by persons in the private sector, or by State and local agencies, relating to vulnerabilities of and threats to critical infrastructure, including the response to such vulnerabilities and threats. ``(2) Committees of congress.--The committees of Congress specified in this paragraph are-- ``(A) the Committees on the Judiciary and Homeland Security and Governmental Affairs of the Senate; and ``(B) the Committees on the Judiciary and Government Reform and Oversight of the House of Representatives. ``(3) Form.--The report shall be submitted in unclassified form, but may include a classified annex.''. SEC. 3. TECHNICAL AND CONFORMING AMENDMENT. The table of contents for the Homeland Security Act of 2002 (Public Law 107-296) is amended by striking the matter relating to subtitle B of title II and inserting the following: ``Subtitle B--Protection of Voluntarily Furnished Confidential Information ``Sec. 211. Protection of Voluntarily Furnished Confidential Information''. The Restoration of Freedom of Information Act (``Restore FOIA'') Sectional Analysis Sec. 1. Short title. This section gives the bill the short title, the ``Restoration of Freedom of Information Act.'' Sec. 2. Protection of Voluntarily Furnished Confidential Information. This section strikes subtitle B (secs. 211-215) of the Homeland Security Act (``HSA'')(P.L. 107-296) and inserts a new section 211. Sections to be repealed from the HSA: These sections contain an exemption to the Freedom of Information Act (FOIA) that (1) exempt from disclosure critical infrastructure information voluntarily submitted to the new department that was designated as confidential by the submitter unless the submitter gave prior written consent; (2) provide civil immunity for use of such information in civil actions against the company; (3) preempt state sunshine laws if the designated information is shared with state or local government agencies; and (4) impose criminal penalties of up to one year imprisonment on government employees who disclosed the designated information. Provisions that would replace the repealed sections of the HSA: The Restore FOIA bill inserts a new section 211 to the HSA that would exempt from the FOIA certain records pertaining to critical infrastructure threats and vulnerabilities that are furnished voluntarily to the new Department and designated by the provider as confidential and not customarily made available to the public. Notably, the Restore FOIA bill makes clear that the exemption covers ``records'' from the private sector, not all ``information'' provided by the private sector, as in the enacted version of the HSA. The Restore FOIA bill ensures that portions of records that are not covered by the exemption would be released pursuant to FOIA requests. It does not provide any civil liability immunity or preempt state or local sunshine laws, and it does not criminalize whistleblower activity. Specifically, this section of the Restore FOIA bill includes the following: A definition of ``critical infrastructure": This term is given the meaning adopted in section 1016(e) the USA Patriot Act (42 U.S.C. 5195c(e)) which reads, ``critical infrastructure means systems and assets, whether physical or virtual, so vital to United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.'' This definition is commonly understood to mean facilities such as bridges, dams, ports, nuclear power plants, or chemical plants. A definition of the term ``furnished voluntarily'': This term signifies documents provided to the Department of Homeland Security (DHS) that are not formally required by the department and that are provided to it to satisfy any legal requirement. The definition excludes any document that is provided to DHS with a permit or grant application or to obtain any other benefit from DHS, such as a loan, agency forbearance, or modification of a penalty. An exemption from FOIA of records that pertain to vulnerabilities of and threats to critical infrastructure that are furnished voluntarily to DHS. This exemption is made available where the provider of the record certifies that the information is confidential and would not customarily be released to the public. A requirement that other government agencies that have obtained such records from DHS withhold disclosure of the records and refer any FOIA requests to DHS for processing. A requirement that reasonably segregable portions of requested documents be disclosed, as is well-established under FOIA. An allowance to agencies that obtain critical infrastructure records from a source other than DHS to release requested records consistent with FOIA, regardless of whether DHS has an identical record in its possession. An allowance to providers of critical infrastructure records to withdraw the confidentiality designation of records voluntarily submitted to DHS, thereby making the records subject to disclosure under FOIA. A direction to the Secretary of Homeland Security to establish procedures to receive, designate, store, and protect the confidentiality of records voluntarily submitted and certified as critical infrastructure records. A clarification that the bill would not preempt state or local information disclosure laws. A requirement for the Comptroller General to report to the House and Senate Judiciary Committees, the House Governmental Reform Committee and the Senate Homeland Security and Governmental Affairs Committee the number of private entities and government agencies that submit records to DHS under the terms of the bill. The report would also include the number of requests for access to records that were granted or denied. Finally, the Comptroller General would make recommendations to the committees for modifications or improvements to the collection and analysis of critical infrastructure information. Sec. 3. Technical and conforming amendment. This section amends the table of contents of the Homeland Security Act. ______