Congressional Record: March 15, 2005 (Senate)
Page S2735-S2746


      By Mr. LEAHY (for himself, Mr. Levine, Mr. Feingold, and Mr. 
  S. 622. A bill to amend the Homeland Security Act of 2002 (Public Law 
107-296) to provide for the protection of voluntarily furnished 
confidential information, and for other purposes; to the Committee on 
the Judiciary.
  Mr. LEAHY. Mr. President, this week marks the first national 
``Sunshine Week.'' The centerpiece of this week is Freedom of 
Information Day, which falls on March 16, the anniversary of James 
Madison's birthday. A firm believer in the need for open and 
accountable government, Madison said, ``A popular government, without 
popular information, or the means of acquiring it, is but a prologue to 
a farce or tragedy or perhaps both.'' Each generation of Americans 
should heed James Madison's warning, and it is fitting and proper that 
today's generations of Americans use this week to revisit the 
potentially damaging limitations placed on access to government 
information in just the last few years.
  The Freedom of Information Act (FOIA) has been the centerpiece of 
open government for the 38 years since it came into force in 1967. It 
enables citizens to obtain information on how their government is 
protecting the Nation, spending their tax dollars, and implementing the 
laws their officeholders enact. FOIA helps hold our government 
accountable. It was through FOIA requests that the St. Petersburg Times 
uncovered information showing that since the 1991 Gulf War, and due in 
part to lax security at military bases, thousands of pounds of weapons 
have been lost or stolen from U.S. stockpiles, and some remains 
unaccounted for. The Bremerton Sun newspaper in Washington State used 
FOIA to confirm the mishandling of a nuclear missile at a Navy 
submarine facility. These are examples of the day-to-day importance of 
FOIA in helping Americans safeguard our security infrastructure. There 
are countless other examples of FOIA enabling citizens to obtain 
information relating to health and safety concerns in their cities and 
  In 2002, when I voted to support passage of the Homeland Security Act 
(HSA), I voiced concerns about several flaws in the legislation. I 
called for the Administration and my colleagues on both sides of the 
aisle to monitor implementation of the new law and to craft corrective 
legislation. One of my chief concerns with the HSA was a subtitle of 
the act that granted an extraordinarily broad exemption to FOIA in 
exchange for the cooperation of private companies in sharing 
information with the government regarding vulnerabilities in the 
nation's critical infrastructure.
  Unfortunately, the law that was enacted undermines Federal and State 
sunshine laws permitting the American people to know what their 
government is doing. Rather than increasing security by encouraging 
private sector disclosure to the government, it guts FOIA at the 
expense of our national security and the safety and health of the 
American people.
  Today, with my distinguished colleagues Senators Levin, Feingold, and 
Lieberman I reintroduce legislation to restore the integrity of FOIA. I 
thank my colleagues for working with me on this important issue of 
public oversight. We first offered this bill, which we call the 
Restoration of Freedom of Information Act, or ``Restore FOIA,'' in the 
108th Congress.
  ``Restore FOIA'' protects Americans' right to know while 
simultaneously providing security to those in the private sector who 
voluntarily submit critical infrastructure records to the Department of 
Homeland Security (DHS).
  Encouraging cooperation between the private sector and the government 
to keep our critical infrastructure systems safe from terrorist attacks 
is a goal we all support. But the appropriate way to meet this goal is 
a source of great debate a debate that has been all but ignored since 
the enactment of the HSA.
  The HSA created a new FOIA exemption for ``critical infrastructure 
information.'' That broadly defined term applies to information 
covering a wide variety of facilities such as privately operated power 
plants, bridges, dams, ports, or chemical plants that might be targeted 
for a terrorist attack. In HSA negotiations in 2002, House Republicans 
and the Administration promoted language that they described as 
necessary to encourage owners of such facilities to identify 
vulnerabilities in their operations and share that information with 
DHS. The stated goal was to ensure that steps could be taken to ensure 
the facilities' protection and proper functioning.
  In fact, such descriptions of the legislation were disingenuous. 
These provisions, which were eventually enacted in the HSA, shield from 
FOIA almost any voluntarily submitted document stamped by the facility 
owner as ``critical infrastructure.'' This is true no matter how 
tangential the content of that document may be to the actual security 
of a facility. The law effectively allows companies to hide information 
about public health and safety from the American people even from 
neighbors of such a facility in its local community--simply by 
submitting it to DHS. The enacted provisions were called ``deeply 
flawed'' by Mark Tapscott of the Heritage Foundation in a November 20, 
2002, Washington Post op-ed. He argued that the ``loophole'' created by 
the law ``could be manipulated by clever corporate and government 
operators to hide endless varieties of potentially embarrassing and/or 
criminal information from public view.''
  In addition, under the HSA, disclosure by private facilities to DHS 
neither obligates the private company to address the vulnerability, nor 
requires DHS to fix the problem. For example, in the case of a chemical 
spill, the law bars the government from disclosing information without 
the written consent of the company that caused the pollution. As the 
Washington Post pointed out in an editorial on February 10, 2003, ``A 
company might preempt environmental regulators by 'voluntarily' 
divulging incriminating material, thereby making it unavailable to 
anyone else.''

[[Page S2737]]

  The law also 1. shields the companies from lawsuits to compel 
disclosure, 2. criminalizes otherwise legitimate whistleblower activity 
by DHS employees, and 3. preempts any state or local disclosure laws.
  Finally, the HSA requires no reporting whatsoever to the Congress or 
the public on critical infrastructure submissions to DHS. As a result, 
it is nearly impossible for the public to learn whether this law is 
being followed in good faith, whether it is being manipulated by 
submitters, and whether DHS is conducting due diligence on submissions. 
It also places hurdles before those of us in Congress who believe in 
effective oversight.
  In an effort to obtain some basic data on the treatment of ``critical 
infrastructure information'' at DHS, two organizations filed a FOIA 
request in 2004. OMB Watch and the Electronic Privacy Information 
Center sought public release of the number of submissions and 
rejections under the law, and of any communications between DHS and 
submitters. They also requested the Department's program procedures for 
handling information. DHS did not provide answers. The groups filed a 
complaint, and the D.C. District Court ordered DHS to respond. We 
learned that as of February 2005, the critical infrastructure program 
received 29 submissions and rejected seven of those. We know nothing of 
the substance of the accepted submissions, what vulnerabilities they 
may describe, or what is being done to address them.

  Most businesses are good citizens and take seriously their 
obligations to the government and the public, but this ``disclose-and-
immunize'' provision is subject to abuse by those businesses that want 
to exploit legal technicalities to avoid regulatory guidelines that are 
designed to protect the public's health and safety. The HSA lays out 
the perfect blueprint to avoid legal liability: funnel damaging 
information into this voluntary disclosure system and preempt the 
government or others harmed by the company's actions from being able to 
use it against the company. This is not the kind of two-way public-
private cooperation that serves the public interest.
  The HSA FOIA exemption goes so far in exempting such a large amount 
of material from FOIA's disclosure requirements that it undermines 
government openness without making any real gains in safety for 
families in Vermont and across America. We do not keep America safer by 
chilling federal officials from warning the public about threats to 
their health and safety. We do not ensure our nation's security by 
refusing to tell the American people whether or not their federal 
agencies are doing their jobs, or whether their government is spending 
their hard-earned tax dollars wisely. We do not encourage real 
cooperation by giving companies protection from civil liability when 
they break the law. We do not respect the spirit of our democracy when 
we cloak in secrecy the workings of our government from the public we 
are elected to serve.
  The Restore FOIA bill I introduce today with Senators Levin, Feingold 
and Lieberman is identical to language I negotiated with Senators Levin 
and Bennett in the summer of 2002 when the HSA charter was debated by 
the Governmental Affairs Committee. Senator Bennett stated in the 
Committee's July 25, 2002, markup that the Administration had endorsed 
the compromise. He also said that industry groups had reported to him 
that the compromise language would make it possible for them to share 
information with the government without fear of the information being 
released to competitors or to other agencies that might accidentally 
reveal it. The Governmental Affairs Committee reported out the 
compromise language that day. Unfortunately, much more restrictive 
House language was eventually signed into law.
  The Restore FOIA bill would correct the problems in the HSA in 
several ways. First, it limits the FOIA exemption to relevant 
``records'' submitted by the private sector, such that only those that 
actually pertain to critical infrastructure safety are protected. 
``Records'' is the standard category referred to in FOIA. This corrects 
the effective free pass given to regulated industries by the HSA for 
any information it labels ``critical infrastructure.''
  Second, unlike the HSA, the Restore FOIA bill allows for government 
oversight, including the ability to use and share the records within 
and between agencies. It does not limit the use of such information by 
the government, except to prohibit public disclosure where such 
information is appropriately exempted under FOIA.
  Third, it protects the actions of legitimate whistleblowers rather 
than criminalizing their acts.
  Fourth, it does not provide civil immunity to companies that 
voluntarily submit information. This corrects a flaw in the current 
law, which would prohibit such information from being used directly in 
civil suits by government or private parties.
  Fifth, unlike the HSA, the Restore FOIA bill allows local authorities 
to apply their own sunshine laws. The Restore FOIA bill does not 
preempt any state or local disclosure laws for information obtained 
outside the Department of Homeland Security. It also does not restrict 
the use of such information by state agencies.
  Finally, the Restore FOIA bill does not restrict congressional use or 
disclosure of voluntarily submitted critical infrastructure 
  These changes to the HSA would accomplish the stated goals of the 
critical infrastructure provisions in the HSA--without tying the hands 
of the government in its efforts to protect Americans and without 
cutting the public out of the loop.
  Restore FOIA is supported by the American Library Association, Common 
Cause, the Freedom of Information Center, OMB Watch, Association of 
Research Libraries, the Project on Government Oversight, and, among other leading open government 
  The argument over the scope of the FOIA and unilateral Executive 
power to shield matters from public scrutiny goes to the heart of our 
fundamental right to be an educated electorate aware of what our 
government is doing. The Rutland Herald got it right in a November 26, 
2002, editorial that explained: ``The battle was not over the right of 
the government to hold sensitive, classified information secret. The 
government has that right. Rather, the battle was over whether the 
government would be required to release anything it sought to 
  We need to fix this troubling restriction on public accountability. 
James Madison's warning is a clear warning to us, and it is our 
generation's duty to heed it. I urge my colleagues to support the 
Restoration of Freedom of Information Act of 2005.
  I ask unanimous consent that the text of the bill and a sectional 
analysis be printed in the Record.
  There being no objection, the bill was ordered to be printed in the 
Record, as follows:

                                 S. 622

       Be it enacted by the Senate and House of Representatives of 
     the United States of America in Congress assembled,


       This Act may be cited as the ``Restoration of Freedom of 
     Information Act of 2005''.


       Title II of the Homeland Security Act of 2002 (6 U.S.C. 121 
     et seq.) is amended by striking subtitle B and inserting the 

    ``Subtitle B--Protection of Voluntarily Furnished Confidential 


       ``(a) Definitions.--In this section:
       ``(1) Critical infrastructure.--The term `critical 
     infrastructure' has the meaning given that term in section 
     1016(e) of the USA PATRIOT ACT of 2001 (42 U.S.C. 5195c(e)).
       ``(2) Furnished voluntarily.--
       ``(A) Definition.--The term `furnished voluntarily' means a 
     submission of a record that--
       ``(i) is made to the Department in the absence of authority 
     of the Department requiring that record to be submitted; and
       ``(ii) is not submitted or used to satisfy any legal 
     requirement or obligation or to obtain any grant, permit, 
     benefit (such as agency forbearance, loans, or reduction or 
     modifications of agency penalties or rulings), or other 
     approval from the Government.
       ``(B) Benefit.--In this paragraph, the term `benefit' does 
     not include any warning, alert, or other risk analysis by the 
       ``(b) In General.--Notwithstanding any other provision of 
     law, a record pertaining to the vulnerability of and threats 
     to critical infrastructure (such as attacks, response, and 
     recovery efforts) that is furnished voluntarily to the 
     Department shall not be made available under section 552 of 
     title 5, United States Code, if--

[[Page S2738]]

       ``(1) the provider would not customarily make the record 
     available to the public; and
       ``(2) the record is designated and certified by the 
     provider, in a manner specified by the Department, as 
     confidential and not customarily made available to the 
       ``(c) Records Shared With Other Agencies.--
       ``(1) In general.--
       ``(A) Response to request.--An agency in receipt of a 
     record that was furnished voluntarily to the Department and 
     subsequently shared with the agency shall, upon receipt of a 
     request under section 552 of title 5, United States Code, for 
     the record--
       ``(i) not make the record available; and
       ``(ii) refer the request to the Department for processing 
     and response in accordance with this section.
       ``(B) Segregable portion of record.--Any reasonably 
     segregable portion of a record shall be provided to the 
     person requesting the record after deletion of any portion 
     which is exempt under this section.
       ``(2) Disclosure of independently furnished records.--
     Notwithstanding paragraph (1), nothing in this section shall 
     prohibit an agency from making available under section 552 of 
     title 5, United States Code, any record that the agency 
     receives independently of the Department, regardless of 
     whether or not the Department has a similar or identical 
       ``(d) Withdrawal of Confidential Designation.--The provider 
     of a record that is furnished voluntarily to the Department 
     under subsection (b) may at any time withdraw, in a manner 
     specified by the Department, the confidential designation.
       ``(e) Procedures.--The Secretary shall prescribe procedures 
       ``(1) the acknowledgment of receipt of records furnished 
       ``(2) the designation, certification, and marking of 
     records furnished voluntarily as confidential and not 
     customarily made available to the public;
       ``(3) the care and storage of records furnished 
       ``(4) the protection and maintenance of the confidentiality 
     of records furnished voluntarily; and
       ``(5) the withdrawal of the confidential designation of 
     records under subsection (d).
       ``(f) Effect on State and Local Law.--Nothing in this 
     section shall be construed as preempting or otherwise 
     modifying State or local law concerning the disclosure of any 
     information that a State or local government receives 
     independently of the Department.
       ``(g) Report.--
       ``(1) Requirement.--Not later than 18 months after the date 
     of the enactment of the Restoration of Freedom of Information 
     Act of 2005, the Comptroller General of the United States 
     shall submit to the committees of Congress specified in 
     paragraph (2) a report on the implementation and use of this 
     section, including--
       ``(A) the number of persons in the private sector, and the 
     number of State and local agencies, that furnished 
     voluntarily records to the Department under this section;
       ``(B) the number of requests for access to records granted 
     or denied under this section; and
       ``(C) such recommendations as the Comptroller General 
     considers appropriate regarding improvements in the 
     collection and analysis of sensitive information held by 
     persons in the private sector, or by State and local 
     agencies, relating to vulnerabilities of and threats to 
     critical infrastructure, including the response to such 
     vulnerabilities and threats.
       ``(2) Committees of congress.--The committees of Congress 
     specified in this paragraph are--
       ``(A) the Committees on the Judiciary and Homeland Security 
     and Governmental Affairs of the Senate; and
       ``(B) the Committees on the Judiciary and Government Reform 
     and Oversight of the House of Representatives.
       ``(3) Form.--The report shall be submitted in unclassified 
     form, but may include a classified annex.''.


       The table of contents for the Homeland Security Act of 2002 
     (Public Law 107-296) is amended by striking the matter 
     relating to subtitle B of title II and inserting the 

    ``Subtitle B--Protection of Voluntarily Furnished Confidential 

``Sec. 211. Protection of Voluntarily Furnished Confidential 

   The Restoration of Freedom of Information Act (``Restore FOIA'') 
                           Sectional Analysis

  Sec. 1. Short title. This section gives the bill the short title, the 
``Restoration of Freedom of Information Act.''
  Sec. 2. Protection of Voluntarily Furnished Confidential Information. 
This section strikes subtitle B (secs. 211-215) of the Homeland 
Security Act (``HSA'')(P.L. 107-296) and inserts a new section 211.
  Sections to be repealed from the HSA: These sections contain an 
exemption to the Freedom of Information Act (FOIA) that (1) exempt from 
disclosure critical infrastructure information voluntarily submitted to 
the new department that was designated as confidential by the submitter 
unless the submitter gave prior written consent; (2) provide civil 
immunity for use of such information in civil actions against the 
company; (3) preempt state sunshine laws if the designated information 
is shared with state or local government agencies; and (4) impose 
criminal penalties of up to one year imprisonment on government 
employees who disclosed the designated information.
  Provisions that would replace the repealed sections of the HSA: The 
Restore FOIA bill inserts a new section 211 to the HSA that would 
exempt from the FOIA certain records pertaining to critical 
infrastructure threats and vulnerabilities that are furnished 
voluntarily to the new Department and designated by the provider as 
confidential and not customarily made available to the public. Notably, 
the Restore FOIA bill makes clear that the exemption covers ``records'' 
from the private sector, not all ``information'' provided by the 
private sector, as in the enacted version of the HSA. The Restore FOIA 
bill ensures that portions of records that are not covered by the 
exemption would be released pursuant to FOIA requests. It does not 
provide any civil liability immunity or preempt state or local sunshine 
laws, and it does not criminalize whistleblower activity.
  Specifically, this section of the Restore FOIA bill includes the 

       A definition of ``critical infrastructure": This term is 
     given the meaning adopted in section 1016(e) the USA Patriot 
     Act (42 U.S.C. 5195c(e)) which reads, ``critical 
     infrastructure means systems and assets, whether physical or 
     virtual, so vital to United States that the incapacity or 
     destruction of such systems and assets would have a 
     debilitating impact on security, national economic security, 
     national public health or safety, or any combination of those 
     matters.'' This definition is commonly understood to mean 
     facilities such as bridges, dams, ports, nuclear power 
     plants, or chemical plants.
       A definition of the term ``furnished voluntarily'': This 
     term signifies documents provided to the Department of 
     Homeland Security (DHS) that are not formally required by the 
     department and that are provided to it to satisfy any legal 
     requirement. The definition excludes any document that is 
     provided to DHS with a permit or grant application or to 
     obtain any other benefit from DHS, such as a loan, agency 
     forbearance, or modification of a penalty.
       An exemption from FOIA of records that pertain to 
     vulnerabilities of and threats to critical infrastructure 
     that are furnished voluntarily to DHS. This exemption is made 
     available where the provider of the record certifies that the 
     information is confidential and would not customarily be 
     released to the public.
       A requirement that other government agencies that have 
     obtained such records from DHS withhold disclosure of the 
     records and refer any FOIA requests to DHS for processing.
       A requirement that reasonably segregable portions of 
     requested documents be disclosed, as is well-established 
     under FOIA.
       An allowance to agencies that obtain critical 
     infrastructure records from a source other than DHS to 
     release requested records consistent with FOIA, regardless of 
     whether DHS has an identical record in its possession.
       An allowance to providers of critical infrastructure 
     records to withdraw the confidentiality designation of 
     records voluntarily submitted to DHS, thereby making the 
     records subject to disclosure under FOIA.
       A direction to the Secretary of Homeland Security to 
     establish procedures to receive, designate, store, and 
     protect the confidentiality of records voluntarily submitted 
     and certified as critical infrastructure records.
       A clarification that the bill would not preempt state or 
     local information disclosure laws.
       A requirement for the Comptroller General to report to the 
     House and Senate Judiciary Committees, the House Governmental 
     Reform Committee and the Senate Homeland Security and 
     Governmental Affairs Committee the number of private entities 
     and government agencies that submit records to DHS under the 
     terms of the bill. The report would also include the number 
     of requests for access to records that were granted or 
     denied. Finally, the Comptroller General would make 
     recommendations to the committees for modifications or 
     improvements to the collection and analysis of critical 
     infrastructure information.

  Sec. 3. Technical and conforming amendment. This section amends the 
table of contents of the Homeland Security Act.