By: Ted Bridis, Associated Press Writer
(AP) The White House will support proposals to withhold details about electronic attacks against the nation’s most important computer networks, an administration expert in computer security said Thursday.
The proposed changes, meant to encourage corporate victims of hackers to report crimes, would restrict government agencies’ disclosures about attacks under the Freedom of Information Act. The proposal seeks to overcome traditional reluctance by industries, especially technology, to reveal potentially embarrassing details without fear of disclosure.
John Tritak, director of the federal Critical Infrastructure Assurance Office, said in a speech to technology executives Thursday that the Bush administration will support a “narrowly crafted” exemption to the information act relating to protection of the nation’s most important networks, such as banking or telephone systems. Tritak cautioned that any change must be “fully protective of open government and privacy.”
Other officials, including Ron Dick, director of the FBI’s National Infrastructure Protection Center, privately have expressed support for an FOIA exemption to encourage broader sharing of threat information between industries and the government.
“This is a much stronger, more-clear message from the administration,” said Harris Miller, head of the Information Technology Association of America, a trade group that supports the new limits.
Support by President Bush marks a shift from the Clinton administration, which said existing restrictions on FOIA disclosures were adequate for protecting sensitive corporate information.
In a different move to limit information available under the U.S. information law, Attorney General John Ashcroft ordered federal agencies this week to review more closely which documents they release. Ashcroft’s new policy allows officials to withhold information on any “sound legal basis.” Under looser policies issued in 1993, agencies could hold back information to prevent “foreseeable harm.” Ashcroft cited the Sept. 11 terrorist attacks against New York and Washington as reasons for the change.
Currently, Sens. Robert Bennett, R-Utah, and Jon Kyl, R-Ariz., and Reps. Tom Davis, R-Va., and James Moran, D-Va., have introduced bills to limit government disclosures about hacking attacks.
“If you do not pass this bill, industry will not tell government” about hacking incidents against important networks, Bennett said Thursday.
President Bush decided to support a new FOIA exemption after a request from Daniel Burnham, chairman of the Raytheon Co. and head of the U.S. National Security Telecommunications Advisory Committee. Burnham wrote that “barriers to sharing (information) must be removed” and asked the president also to limit legal liabilities facing companies that make such disclosures.
Burnham’s letter to Bush was obtained this week by the Washington-based Electronic Privacy Information Center, which contends that existing limits under the information law are adequate to protecting disclosures about hacking attacks.
EPIC lawyer David Sobel charged Thursday that technology companies want liability protections for hardware and software products that might be flawed in ways that could allow security breaches. “Most of us have concluded that companies really want the ability to unload this information on the government, then wash their hands of it,” Sobel said.
A White House official, who asked not to be identified, said Bush has not committed to supporting any liability limits.
On the Net:
CIAO Web site: http://www.ciao.gov/index.htm
National Security Telecommunications Advisory Committee: http://www.ncs.gov/nstac/nstac.htm
National Infrastructure Protection Center: http://www.nipc.gov/
Information Technology Association of America: http://www.itaa.org/
Justice Department: http://www.usdoj.gov/