Two lawmakers plan to introduce legislation that would give businesses immunity from portions of the Freedom of Information Act (FOIA) and certain liability laws. Rep. Tom Davis, R-Va., and Rep. Jim Moran, D-Va., hope to foster private sector cooperation with the government on protecting the nation's critical infrastructure.
FOIA emerged late last year as a stumbling block to the development of the Clinton administration's national plans for protecting the country's computer networks. Businesses told the administration that they were afraid that their proprietary information could be made public under FOIA if they shared information with government agencies in their efforts to protect computer networks.
"You have to have some immunity to FOIA," Davis told reporters Tuesday after speaking at the Commerce Department's Partnership for Critical Infrastructure Security meeting hosted by the U.S. Chamber of Commerce.
The FOIA immunity legislation was an idea cultivated by the Justice Department late last year to resolve businesses' fears. Davis and Moran expect to work with the administration on drafting the legislation.
A key component of the administration's plan for protecting the nation's most critical networks is encouraging the financial, telecommunications, transportation, energy and health services to develop centers, called Information Sharing and Analysis Centers (ISACs), for sharing information and experiences on protecting their systems from attacks. So far, only the financial services industry has been successful at setting up such a center.
"The goal is to craft a bill that would encourage companies, such as a bank in New York that had its Visa card numbers stolen, to share information on how the attack occurred with other banks to prevent it from happening again," said Davis spokesman David Marin.
In addition, Davis and Moran plan to spearhead a bill to provide legal liability immunity to companies sharing information, not unlike how Congress handled the Y2K computer problem. In 1998, Congress passed the Year 2000 Information and Readiness Disclosure Act to encourage businesses to share information on how they were fixing the Y2K bug.
Davis said he thought the legislation could move through Congress quickly.
Separately, Moran and Davis said Clinton's $2 billion fiscal 2001 budget request for implementing the administration's critical infrastructure protection plan is likely to be met, as network security is a high priority to Congress.
"I don't think there will be a problem with funding," Davis said.