Deep in the homeland security legislation now being prepared by the House of Representatives is a provision designed to protect sensitive information about America's critical infrastructure. Most of this country's vulnerable infrastructure _ dams, computer networks, chemical plants _ is privately owned. So, for counterterrorism to be effective, the government needs companies to share information about their vulnerabilities. But companies are sometimes unwilling to do so, fearing public disclosure or regulatory action. So the administration is backing a proposal to exempt from public disclosure under the Freedom of Information Act critical infrastructure information that companies provide voluntarily to federal agencies. It also would bar the government from using such information in regulatory proceedings against companies.
But all kinds of information might be designated by companies as related to critical infrastructure. Merely by labeling their own information as sensitive, companies might avoid public disclosure and keep damning data off-limits in enforcement actions. A company that feared an impending government action over an environmental hazard risk could preempt the action by "voluntarily" delivering self-incriminating documents as critical infrastructure information. This material would then presumptively become unavailable to regulators in enforcement actions _ unless they could show they had obtained it independently _ and to the public and private litigants as well. No law should put in the hands of a regulated party the power _ by turning over information _ to preclude government's use of that information for legitimate law enforcement purposes.
. . . Homeland security should not be about secrecy for secrecy's sake, and it certainly shouldn't be about strengthening industry's hand against government's other important regulatory functions.