CDT POLICY POST Volume 8, Number 15, July 24, 2002
A BRIEFING ON PUBLIC POLICY ISSUES AFFECTING CIVIL LIBERTIES ONLINE
from
THE CENTER FOR DEMOCRACY AND TECHNOLOGY
CONTENTS:
(1) Homeland Security Act Moves through Congress
(2) New Department Likely to Gain Authority over Cyber Security and
Infrastructure Protection
(3) H.R. 5005 Creates Broad New FOIA Exemption, Criminalizes Leaks
(4) Congress Proposes New Agency Have Internal Watchdog for Privacy and
Civil Rights
(5) House Bill Rejects TIPS Program, National ID Card
------------------------------------------------------------------------
(1) HOMELAND SECURITY ACT MOVES THROUGH CONGRESS
Congress is moving rapidly to enact legislation to create a new Cabinet-level
Department of Homeland Security, with uncertain but potentially large
implications for privacy, cyber security and government accountability. The
new agency will likely absorb the Coast Guard, the Customs Service, the Secret
Service, part of the Immigration and Naturalization Service (INS), and the
Federal Emergency Management Agency (FEMA), among nearly two dozen offices
and agencies that will be consolidated to improve counter-terrorism efforts.
Here's a brief status report:
* In the House, the bill is H.R. 5005. The latest action occurred on Friday,
July 19, when a special select committee marked up and reported the bill,
drawing on the recommendations of the various standing committees
(Judiciary,
Government Reform, Transportation, etc). The Rules Committee is meeting
today,
Wednesday, July 24, to craft a rule for Floor debate, and the full House is
expected to consider the legislation on Thursday and/or Friday, July 25
and 26.
The full legislative history of H.R. 5005 will be available at
http://thomas.loc.gov/cgi-bin/bdquery/z?d107:HR.5005: but Thomas is lagging
a little, so you can access the latest version of the bill, the version
reported by the select committee, at http://hsc.house.gov/
* In the Senate, the bill is S. 2452, introduced by Senator Joseph Lieberman
(D-CT), chairman of the Governmental Affairs Committee, which is marking-up
the bill today, Wednesday, July 24.
The Lieberman bill as introduced is posted at
http://www.senate.gov/~gov_affairs/072402bill.pdf
------------------------------------------------------------------------
(2) NEW DEPARTMENT LIKELY TO GAIN AUTHORITY OVER CYBER SECURITY AND
INFRASTRUCTURE PROTECTION
Both House and Senate bills would grant the Department of Homeland Security
authority over cyber security and infrastructure protection. Specifically,
the bills would transfer to the new department the functions of the following
entities:
* the National Infrastructure Protection Center of the Federal Bureau of
Investigation (excluding the Computer Investigations and Operations
Section);
* the National Communications System of the Department of Defense;
* the Critical Infrastructure Assurance Office of the Department of Commerce;
* the National Infrastructure Simulation and Analysis Center of the Department
of Energy;
* the Federal Computer Incident Response Center of the General Services
Administration.
Following objections by the high-tech industry and others, the House bill would
not transfer the Computer Security Division of the National Institute of
Standards and Technology. The Senate bill as introduced would transfer that
NIST component, along with the Energy Security and Assurance Program of the
Department of Energy and the Federal Protective Service of the General Services
Administration.
Both bills would leave the FBI and CIA untouched by the reshuffling (with the
exception of the FBI's NIPC, as noted above).
------------------------------------------------------------------------
(3) H.R. 5005 CREATES BROAD NEW FOIA EXEMPTION, CRIMINALIZES LEAKS
H.R. 5005 contains a controversial provision carving out a new exception to the
Freedom of Information Act (FOIA), the 1966 law that promotes government
accountability and effectiveness by requiring agencies to disclose information
of public interest.
Under the bill that is moving through the House, the Department of Homeland
Security could withhold information it receives voluntarily from "non-Federal
entities or individuals that relates to" the vulnerability of a critical
infrastructure, including the computers that are at the heart of
communications,
banking, transportation, power and other infrastructures. Much of the U.S.
infrastructure is privately owned, and no one has proposed requiring companies
to disclose information about their systems to the government. The FOIA
exception has been justified as necessary to encourage industry to voluntarily
share with the government information about the flaws and vulnerabilities of
and attacks on these infrastructures. The language in H.R. 5005 is very broad:
* The FOIA exception in H.R. 5005 is not limited to information which, if
disclosed, could be used to harm a critical infrastructure - the language
requires withholding of information even if the public interest and the
goal
of improving homeland security would benefit from its disclosure.
* H.R. 5005 preempts state open government laws, even for information
independently obtained by the states.
* H.R. 5005 provides civil use immunity for information voluntarily submitted
to the government, prohibiting the government from using in litigation
information submitted to it, even if the information relates to a faulty
system that the government owns.
* As we read section 724(h), the bill would also empower the Administration
to grant antitrust immunity to selected industries.
* Most remarkably, section 724 of H.R. 5005 includes a provision making it a
crime for government officials to disclose information about critical
infrastructure vulnerability.
The Senate bill as introduced contained no FOIA language, but at the mark-up
today the Governmental Affairs Committee just adopted a FOIA amendment offered
by Sen. Robert Bennett (R-UT). The Bennett language, negotiated with FOIA
defender Sen Patrick Leahy (D-VT) is much more focused than the House provision
and does not include the civil immunity provision, antitrust immunity or any
criminal penalties.
------------------------------------------------------------------------
(4) CONGRESS PROPOSES NEW AGENCY HAVE INTERNAL WATCHDOGS FOR PRIVACY AND
CIVIL RIGHTS
On the surface of both bills, it appears that the Department will have no new
intelligence collection authority, although many of the components being
transferred to it (Secret Service, Customs, Coast Guard, INS) have intelligence
divisions and will carry their investigative and intelligence authority with
them.
Moreover, the new Department will have access to the full range of intelligence
information about terrorist threats collected domestically and overseas by the
FBI, the CIA and other intelligence and law enforcement agencies. The House
bill specifies the Department would have access to all reports, assessments,
and analytical information and all information concerning the vulnerability of
the US to terrorism, whether or not such information has been analyzed,
suggesting that the information obtained by the Department would include raw
intelligence. Presumably, the Department also will be able to subscribe to
private sector databases. The Senate bill as introduced would give the new
Department authority to direct the intelligence agencies to provide (and
apparently collect) additional information on specific threats. The Senate bill
would also expressly authorize the new Department to engage in data mining and
to buy or otherwise obtain private sector databases for that purpose.
Clearly, therefore, the activities of the new Department will raise many
privacy
issues. As a step towards addressing those issues, the bills include several
internal oversight mechanisms.
In the House bill --
* Section 205 requires the Secretary of the new Department to appoint a senior
official to assume primary responsibility for privacy policy, including
assuring that the use of information technologies sustains, and does not
erode, privacy protections and conducting privacy impact assessments of
proposed rules of the Department.
* Section 604 requires the Secretary to establish an Office for Civil Rights
and Civil Liberties, whose Director shall review and assess information
alleging abuses of civil rights, civil liberties and racial and ethnic
profiling by the Department.
* Section 204 requires the Secretary to establish procedures on the use of
information shared to limit its redissemination, ensure its security and
confidentiality, and provide data integrity. These requirements overlap
with the requirements of the Privacy Act, but could provide additional
impetus within the Department for careful attention to privacy issues
in the handling of personal information.
Similarly, Sections 110 and 111 of the Senate bill would create a Civil
Rights Officer and a Privacy Officer.
CDT believes that these provisions need to be fleshed out, either in the
legislation or through subsequent Congressional oversight.
* In particular, it should be made clear that guidelines adopted by the new
Department on data mining and information privacy should be adopted
following public and Congressional consultation and comment.
* Further, Congress should require public reporting of statistical information
on sensitive issues, such as descriptions of data mining contracts and
arrangements. Such descriptions should include the types of databases
"mined"
and approximate numbers of persons in each database.
------------------------------------------------------------------------
(5) HOUSE BILL REJECTS TIPS PROGRAM, NATIONAL ID CARD
At the urging of Rep, Richard Armey (R-TX), chairman of the House select
committee, the House bill would reject two privacy-threatening initiatives:
* Section 779 of H.R. 5005 prohibits "any and all activities of the Federal
Government to implement the proposed Operations TIPS (Terrorism Information
and Prevention System)," which would have encouraged delivery men and cable
guys to report anything they think may indicate terrorist activity.
* Section 815 states that "nothing in this Act shall be construed to authorize
the development of a national identification system or card."
CDT has established a special page where we are indexing materials on the
homeland security issue: http://www.cdt.org/security/usapatriot/hearings.shtml
------------------------------------------------------------------------
Detailed information about online civil liberties issues may be found at
http://www.cdt.org/.
This document may be redistributed freely in full or linked to
http://www.cdt.org/publications/pp_8.15.shtml.
Excerpts may be re-posted with prior permission of ari@cdt.org
Policy Post 8.15 Copyright 2002 Center for Democracy and Technology
--
To subscribe to CDT's Activist Network, sign up at:
http://www.cdt.org/join/
If you ever wish to remove yourself from the list, unsubscribe at:
http://www.cdt.org/action/unsubscribe.shtml
If you just want to change your address, you should unsubscribe
yourself and then sign up again or contact: mclark@cdt.org
--
Michael Clark, Grassroots Webmaster
mclark@cdt.org
PGP Key available on keyservers
Center for Democracy and Technology
1634 Eye Street NW, Suite 1100
Washington, DC 20006
http://www.cdt.org/
voice: 202-637-9800
fax: 202-637-0968
========== HURIDOCS-Tech listserv ==========
Send mail intended for the list to <huridocs-tech@hrea.org>.
Archives of the list can be found at:
http://www.hrea.org/lists/huridocs-tech/markup/maillist.php
To subscribe to the list, send a message to <majordomo@hrea.org>,
with the following text in the message: subscribe huridocs-tech
To unsubscribe from the list, send a message to <majordomo@hrea.org>,
with the following text in the message: unsubscribe huridocs-tech
If you have problems (un)subscribing, contact <owner-huridocs-tech@hrea.org>.
[Reply to this message] [Start a new topic] [Date Index] [Thread Index] [Author Index] [Subject Index] [List Home Page] [HREA Home Page]