Department of Homeland Security’s Proposed Secrecy Rules Exceed Statutory Authority

June 16, 2003

Department of Homeland Security’s Proposed Secrecy Rules Exceed Statutory Authority

“Black Hole” of Secrecy Created for Corporate Information

WASHINGTON, D.C. – New regulations being considered by the Department of Homeland Security (DHS) could allow corporations to shield information from public scrutiny indefinitely even when it has little do with protecting Americans from terrorism, Public Citizen said in comments filed with the department today.

The comments concern the DHS’s proposed rules for implementing the Critical Infrastructure Information Act (CIIA) of 2002.

The act restricts the use and disclosure of information submitted voluntarily to DHS by businesses about the vulnerabilities of critical infrastructure systems, such as computer networks, water supplies, public health systems and power grids.

But the proposed rules go further than is authorized under the law, and in a number of cases directly conflict with both the CIIA and other federal statutes, including the Freedom of Information Act and the Federal Records Act, Public Citizen said.

“These restrictions are likely to prevent the public and governmental authorities from being able to obtain and make use of important information about avoidable risks, violations of legal requirements, hazards to public safety that should be regulated, and other matters,” said the 25-page filing, written by Michael Tankersley of the Public Citizen Litigation Group.

Under the CIIA, information qualifying for protection is exempt from disclosure under the Freedom of Information Act. Neither federal, state, nor local authorities can use it in any civil action. And federal officials who divulge the information in an unauthorized manner could face criminal penalties.

Tankersley said the proposed rules misstate the scope of the statute by suggesting that the law restricts the use of information that, in fact, is not protected by the law’s provisions. For example, the DHS rules could erroneously restrict access to information obtained by authorities independent of submissions made under the act.

The rules also fail to require that submitters substantiate claims that information meets the requirements for protection and do not provide a mechanism to promptly reclassify information when it is shown to be information that does not qualify for protection.

In addition, the rules improperly protect from disclosure information contained in a database used by the department to track submissions, and they allow for the illegal destruction of documents determined to be not protected, in violation of the Federal Records Act.

“These rules would allow corporations to dump information into a black hole of secrecy,” Tankersley said. “In a number of important instances, the Department of Homeland Security has expanded the scope of the information that Congress intended to protect from disclosure. Under these rules, corporations could submit information that they wanted to hide from the public and regulatory agencies but that has little to do with the Department’s mission. This is not what Congress intended.”

The comments were filed on behalf of Public Citizen and the Freedom of Information Clearinghouse, a joint project of Public Citizen and the Center for Study of Responsive Law.

To read the comments, please click here.

###