Statement of Senator Patrick Leahy
The Homeland Security
Department Act
November 19, 2002

Mr. LEAHY.  The idea of coordinating homeland security functions in a cabinet-level department is a constructive one and a sound one.  In large part it originated in this body with legislation offered by Senator Lieberman and Senator Specter, who deserve great credit for their work.  President Bush, after initially opposing this idea, also deserves credit for coming to understand its value and for reversing his Administration’s resistance to it.

In the several months that the Congress has spent in writing and debating this complex bill, the issue has not been whether such a department should be created, but how it should be created.  The Judiciary Committee, which I chair, has played a constructive role in examining these issues in our hearings and in providing guidance in the writing of this bill, and I have supported and helped to advance the key objectives envisioned for this new department.  The fact that we are on the verge of enacting a charter for the new department is good for the Nation and our efforts to defend the American people against the threats of terrorism.  Many of the “hows” that have found their way into this bill, and the process by which that has happened, are a needless blot on this charter.  As we act to approve this charter, we should also feel obligated to remedy many of these ill-advised and ill-considered provisions in succeeding congressional sessions, through corrective steps and through close oversight.

As they come to understand some of the imprudent extraneous additions to this bill, many Americans will feel that their trust and goodwill have been abused, and I share their disappointment about several elements of this version of the bill that has been placed, without due consideration, before the Senate.  This deal, negotiated behind closed doors by a few Republican leaders in the House and Senate and the White House, has been presented to us as a done deal.  It includes several blatant flaws that should at the very least be debated.  That is why I could not vote for cloture to end debate on a bill almost 500-pages long that was presented to us for the first time only five days ago, on November 14.

The bill undertakes a significant restructuring of the Federal government by relocating in the new Department of Homeland Security several agencies, including the Immigration and Naturalization Service, the U.S. Secret Service, the Federal Emergency Management Agency, the Office of Domestic Preparedness, the Transportation Security Administration, the U.S. Customs Service, and the Coast Guard.  In addition, many functions of the Bureau of Alcohol, Tobacco, Firearms and Explosives would be transferred to the Department of Justice.

Overall I support the President’s conclusion that several government functions should be reorganized to improve our effectiveness in combating terrorism and preserving our national security, although he has been responsible for leading all of these agencies and fulfilling their responsibilities since assuming the Presidency in January 2001, and the President himself opposed significant reorganization until recently.  Homeland security functions are now dispersed among more than 100 different governmental organizations.  Testimony at a June 26, 2002, Judiciary Committee hearing illuminated the problem of such a confusing patchwork of agencies with none having homeland security as its sole or even primary mission.  I had thought that the Department of Justice and FBI were the lead agencies responsible for the country’s security in 2001 and 2002, but I understand why the President has come to realize that the lack of a single agency responsible for homeland security increases both the potential for mistakes and opportunities for terrorists to exploit our vulnerabilities.

The bill will bring under one cabinet level officer agencies and departments that share overlapping missions for protecting our border, our financial and transportation infrastructure and responding to crises.  Having these agencies under a single cabinet level officer will help coordinate their efforts and focus their mission with a single line of authority to get the job done. 

This is something that I support. 

The bill also encourages information sharing.  Our best defense against terrorism is improved communication and coordination among local, State, and Federal authorities; and between the U.S. and its allies.  Through these efforts, led by the Federal government and with the active assistance of many others in other levels of government and in the private sector, we can enhance our prevention efforts, improve our response mechanisms, and at the same time ensure that funds allotted for protection against terrorism are being used most effectively. 

The recent sniper rampage in the Washington, D.C. area demonstrated the dire need for such coordination among Federal, State and local law enforcement agencies.  Fortunately, we were able to see the productive results of effective information sharing and coordination with the arrests of the two alleged snipers on October 31. 

While we all support increased sharing of relevant information with the new Department of Homeland Security by and among other Federal, State and local agencies, we must be careful that information sharing does not turn into information dumping.  We want our law enforcement officials to have the information they need to do their jobs effectively and efficiently, with communications equipment that allows different agencies to talk to each other and with the appropriate training and tools so that multiple agencies are able to coordinate their responses during emergencies.  We know that large amounts of information were collected, but never read or analyzed, before September 11, and we know that translators and resources are what we need to help make the already-gathered information useful.

There is no dispute that information sharing is critical, but we have to make sure we do not go overboard.  Information dumping is harmful to our national security if the information is not accurate, complete, or relevant, or if it is dumped in such a bulk fashion that end-users are unable to determine its reliability.  The legislation before us provides very broad authority for information collection from and sharing with not just Federal, State and local law enforcement authorities, but also other government agencies, foreign government agencies and the private sector.  Highly sensitive grand jury information, criminal justice, and electronic, wire, and oral interception information is authorized to be shared not just across this country but also around the world.  Without clear guidance, this sweeping new authority can be a recipe for mischief.  The Congress now will have an imperative to monitor vigilantly and responsibly the implementation of this new authority to ensure that the risks to the privacy of the American people and the potential for abuse do not become a reality.

This bill contains several constructive provisions, including establishment in the new Department of a Privacy Office and an Office for Civil Rights and Civil Liberties.  The bill also includes the Sessions-Leahy bill, S. 3073, and whistleblower protections that the Administration’s original proposal rejected.  In addition, as I will discuss in more detail in these remarks, the bill includes a prohibition on both the TIPS Program and a national identification system or card. 

The TIPS Program

I am pleased the bill, in section 880, forbids the creation of Operation TIPS, a proposed citizen reporting program theoretically designed to prevent terrorism.  That ill-designed program threatened to turn neighbors into spies and to discredit valuable neighborhood watch programs.  When I questioned the Attorney General about the program earlier this year, I found his answers to be incomplete and far from reassuring.  As such, I was prepared to offer an amendment in the Senate to bar Operation TIPS, and I welcome the House’s strong opposition to the program that has made my amendment unnecessary.

Under the plan originally announced by the Justice Department, Operation TIPS would have enlisted millions of Americans as volunteers who would report their suspicions about their neighbors and customers to the government.  This plan was criticized by Republicans and Democrats alike, and Justice Department officials then said they planned to make the program smaller than originally anticipated.  But the Department never made clear how the program would work, what it would cost, or how the privacy interests of American citizens would be protected.                                     

Indeed, the Administration offered a constantly shifting set of explanations to Congress and the public about how Operation TIPS would work, leaving Congress unable even to evaluate a program that could easily lead to the invasion of the privacy of our fellow Americans.  Even the Operation TIPS website offered differing explanations of how the program would work, depending on what day a concerned user accessed it.  For example, before July 25, the web site said that Operation TIPS “involving 1 million workers in the pilot stage, will be a national reporting system that allows these workers, whose routines make them well-positioned to recognize unusual events, to report suspicious activity.@  By contrast, the July 25 version declared that “the program will involve the millions of American workers who, in the daily course of their work, are in a unique position to see potentially unusual or suspicious activity in public places.”  It was unclear whether these changes reflected actual changes in the Justice Department’s plans, or whether they were simply cosmetic differences designed to blunt opposition to the program raised by concerned citizens, newspaper editorials, and Members of Congress.

The Administration originally proposed Operation TIPS as “a nationwide program giving millions of American truckers, letter carriers, train conductors, ship captains, utility employees, and others a formal way to report suspicious terrorist activity.”  In other words, the Administration would recruit people whose jobs gave them access to private homes to report on any “suspicious” activities they discovered.  Nor would this program start small; the Administration planned a pilot program that alone would have enlisted 1 million Americans.

We also never received a full understanding of how the Administration planned to train Operation TIPS volunteers.  The average citizen has little knowledge of law enforcement methods, or of the sort of information that is useful to those working to prevent terrorism.  Such a setup could have allowed unscrupulous participants to abuse their new status to place innocent neighbors under undue scrutiny.  The number of people who would have abused this opportunity is undoubtedly small, but the damage these relatively few could do would be very real and potentially devastating.  In addition, it was crucial that citizen volunteers receive training about the permissible use of race and ethnicity in their evaluation of whether a particular individual=s behavior is suspicious, but the Justice Department seemed not to have considered the issue.  

Even participants acting in good faith may have been prone to report activity that would not be suspicious to a well-trained professional.  Our law enforcement agencies are already operating under heavy burdens, and I questioned the usefulness of bombarding them with countless tips from millions of volunteers.  As the Washington Post put it in a July editorial: “It is easy to imagine how such a program might produce little or no useful information but would flood law enforcement with endless suspicions that would divert authorities from more promising investigative avenues.”

The Administration’s plan also raised important questions about how and whether information submitted by TIPS volunteers would be retained.  Many of us were deeply concerned about the creation of a TIPS database that would retain TIPS reports indefinitely.  When he testified before the Judiciary Committee in July, the Attorney General said that he, too, was concerned about this.  He told us that he had been given assurances that there would be no database, but he could not tell us who had given him those assurances.  Many months later, the Administration’s plans on this issue still are unclear.  We simply cannot allow a program that will use databases to store unsubstantiated allegations against American citizens to move forward. 

Opposition to Operation TIPS has been widespread.  Representative Armey, the House Majority Leader, has led the fight against it in the House.  The Postal Service refused to participate.  The Boston Globe called it a scheme Joseph Stalin would have loved.  In an editorial, The New York Times said:  “If TIPS is ever put into effect, the first people who should be turned in as a threat to our way of life are the Justice Department officials who thought up this most un-American of programs.”   The Las Vegas Sun said that “Operation TIPS has the potential of becoming a monster.”  The Washington Post said that the Administration “owes a fuller explanation before launch day.” 

In evaluating TIPS, we need to remember our past experience with enlisting citizen informants on such a grand scale.  During World War I, the Department of Justice established the American Protective League (APL), which enrolled 250,000 citizens in at least 600 cities and towns to report suspicious conduct and investigate fellow citizens.  For example, the League spied on workers and unions in thousands of industrial plants with defense contracts and organized raids on German-language newspapers.  Members wore badges and carried ID cards that showed their connection to the Justice Department and were even used to make arrests.  Members of the League used such methods as tar and feathers, beatings, and forcing those who were suspected of disloyalty to kiss the flag.  The New York Bar Association issued a report after the war stating of the APL:  “No other one cause contributed so much to the oppression of innocent men as the systematic and indiscriminate agitation against what was claimed to be an all-pervasive system of German espionage.”  No one wants to relive those dark episodes or anything close to them. 

I am pleased that we have achieved bicameral and bipartisan agreement that Operation TIPS goes too far, infringing on the liberties of the American people while promising little benefit for law enforcement efforts.  If the Administration comes to Congress with a limited, common-sense proposal that respects liberties, Congress will likely support it.  But Congress cannot simply write a blank check for such a troubled program. 

No National ID Card

I am also pleased that the bill, in section 1514, states clearly that nothing in the legislation shall be construed to authorize the development of a national identification system or card.  Given the other provisions in the bill that pose a risk to our privacy, this at least is a line in the sand which I fully support.

The Sessions-Leahy Bill

The House-passed bill also includes, in section 601, a provision that Senator Sessions and I introduced last month as S.3073.  This provision will facilitate private charitable giving for servicemen and other federal employees who are killed in the line of duty while engaged in the fight against international terrorism.  Under current law, beneficiaries of members of the U.S. Armed Forces get paid only $6,000 in death benefits from the government, over any insurance that they may have purchased.  Moreover, these individuals may not be eligible for payments from any existing victims’ compensation program or charitable organization.  The Sessions-Leahy provision will provide much-needed support for the families of those who have made the ultimate sacrifice for their country.  It encourages the establishment of charitable trusts for the benefit of surviving spouses and dependents of military, CIA, FBI, and other federal government employees who are killed in operations or activities to curb international terrorism.  This provision also authorizes Federal officials to contact qualifying trusts on behalf of surviving spouses and dependents, pursuant to regulations to be prescribed by the Secretary of Defense.  This will help to inform survivors about benefits and to ensure that those who are eligible have the opportunity to access the money.  It will also spare grieving widows the embarrassment of having to go to a charity and ask for money.  Finally, for the avoidance of doubt, this provision makes clear that federal officeholders and candidates may help raise funds for qualifying trusts without running afoul of federal campaign finance laws.                                             

Whistleblower Protections

I am also pleased that, unlike the President's original proposal, the current bill would ensure that employees of the new Department of Homeland Security will have all the same whistleblower protections as employees in the rest of the federal government.  As we saw during the many FBI oversight hearings that the Judiciary Committee has held over the last 15 months, strong whistleblower protection is an important homeland security measure in itself.

Indeed, it was whistleblower revelations that helped lead to the creation of this Department.  The President was vehemently opposed to creating the new Department of Homeland Security for nine months after the September 11 attacks.  Then, just minutes before FBI whistleblower Coleen Rowley came before the Judiciary Committee in a nationally televised appearance to expose potential shortcomings in the FBI's handling of the Zacarias Moussaoui case before 9-11, the White House announced that it had changed its position and that the creation of a new cabinet- level Department of Homeland Security was vital.  Of course that made it all the more ironic that the President's original proposal did not assure whistleblower protections in the new Department.

In any event, although the new Department has the same legal protections as those that apply in the rest of the government, the protections will mean nothing without the vigorous enforcement of these laws by the Administration.  The leadership of the new Department and the Office of Special Counsel must work to encourage a culture that does not punish whistleblowers, and the Congress -- including the Judiciary Committee -- must continue to vigorously oversee the new and other administrative departments to make sure that this happens.

While I am glad that the many employees of the new Department will have the same substantive and procedural whistleblower protections as other government employees, I wish that we could have done more.  Unfortunately, a Federal court with a monopoly on whistleblower cases that is hostile to such claims has improperly and narrowly interpreted the provisions of the Whistleblower Protection Act.  Senators Grassley, Levin, Akaka and I had proposed a bipartisan amendment to this measure that would have strengthened whistleblower protections in order to protect national security.  The amendment was similar to S. 995, of which I am a cosponsor, and our amendment would have corrected some of the anomalies in the current law.  It is unfortunate for the success of the Department and for the security of the American people that the amendment was not part of the final measure, and I hope that we can work to pass S. 995 in the 108th Congress.

The Administration’s Turnaround

The Administration was slow to accept the idea for a cabinet-level department to coordinate homeland security, but experience in the months after the September 11 attacks helped in the evolution of the Administration’s position.  Soon after the President invited Governor Ridge to serve as the Director of an office of homeland security within the White House, I invited Governor Ridge in October, 2001, to testify before the Judiciary Committee about how he would improve the coordination of law enforcement and intelligence efforts and about his views on the role of the National Guard in carrying out the homeland security mission, but he declined our invitation at that time.  The Administration would not allow Director Ridge to testify before Congress.

Without Governor Ridge’s input, the Judiciary Committee continued oversight work that had begun in the summer of 2001, before the terrorist attacks, on improving the effectiveness of the U.S. Department of Justice, the lead Federal agency with responsibility for domestic security.  This task has involved oversight hearings with the Attorney General and with officials of the Federal Bureau of Investigation and the Immigration and Naturalization Service.  In the weeks immediately after the attacks, the Committee turned its attention to hearings on legislative proposals to enhance the legal tools available to detect, investigate and prosecute those who threaten Americans both here and abroad.  Committee members worked in partnership with the White House and the House to craft the new anti-terrorism law, the USA PATRIOT Act, which was enacted on October 26, 2001.

We were prepared to include in the new anti-terrorism law provisions creating a new cabinet-level officer heading a new department of homeland security, but we did not do so at the request of the White House.  Indeed, from September, 2001, until June, 2002, the Administration was steadfastly opposed to the creation of a cabinet-level department to protect homeland security. Governor Ridge said in an interview with National Journal reporters in May, 2001, that if Congress put a bill on the President’s desk to make his position statutory, he would, “probably recommend that he veto it.”  That same month, White House spokesman Ari Fleischer also  objected to a new department, commenting that, “You still will have agencies within the Federal government that have to be coordinated.  So the answer is: Creating a Cabinet post doesn’t solve anything.” 

In one respect, the White House was correct: Simply moving agencies around among departments does not address the problems inside agencies like the FBI or the INS – problems like outdated computers, hostility to employees who report problems, lapses in intelligence sharing, and lack of translation and analytical capabilities, along with what many have termed  “cultural problems.”  The Judiciary Committee and its subcommittees have been focusing on identifying those problems and finding constructive solutions to fix them.  We have worked hard to be bipartisan and even nonpartisan in this regard.  To that end, the Committee unanimously reported the Leahy- Grassley FBI Reform Act, S.1974, to improve the FBI, especially at this time when the country needs the FBI to be as effective as it can be in the war against terrorism.  Unfortunately, that bill has been blocked on the Senate floor since it was reported by the Judiciary Committee in April, 2002, by an anonymous Republican hold. 

The White House’s about-face on June 6, 2002, announced just minutes before the Judiciary Committee’s oversight hearing with FBI Special Agent Coleen Rowley, telegraphed the President’s new support for the formation of a new homeland Security Department along the lines that Senator Lieberman and Senator Specter had long suggested. 

Two weeks later, on June 18, 2002, Governor Ridge transmitted a legislative proposal to create a new homeland security department.  It should be apparent that knitting together a new agency will not by itself fix existing problems. In writing the charter for this new department, we must be careful not to generate new management problems and accountability issues. Yet the Administration's early proposal would have exempted the new department from many legal requirements that apply to other agencies.  The Freedom of Information Act would not apply, nor would the conflicts of interest and accountability rules for agency advisors.  The new department head would have the power to suspend the Whistleblower Protection Act and the normal procurement rules and to intervene in Inspector General investigations.  In these respects, the Administration asked us to put this new department above the law and outside the checks and balances these laws are there to ensure. 

Exempting the new department from laws that ensure accountability to the Congress and to the American people makes for soggy ground and a tenuous start – not the sure footing we all want for the success and endurance of this endeavor.

We all wanted to work with the President to meet his ambitious timetable for setting up the new department.  Senate Democrats worked diligently to craft responsible legislation that would establish a new department but would also make sure that it was not outside the laws.  We all knew that one sure way to slow up the legislation would be to use the new department as the excuse to undermine or repeal laws not liked by partisan interests, or to stick unrelated political items in the bill under the heading of “management flexibility.”  Unfortunately, the Republican leadership and the White House have been unable to resist that temptation, even as they urge prompt passage of a bill unveiled for the first time only five days ago. 

This bill has its problems.  As I will discuss in more detail in the balance of my remarks, this legislation has five significant problems.  It would: (1) undermine Federal and State sunshine laws permitting the American people to know what their government is doing, (2) threaten privacy rights, (3) provide sweeping liability protections for companies at the expense of consumers, (4) weaken rather than fix our immigration enforcement problems, and (5) under the guise of “management flexibility,” it would authorize political cronyism rather than professionalism within the new department.  These problems are unfortunate and entirely unnecessary to the overall objective of establishing a new department of homeland security.  Republican leaders and the White House have forced on the Senate a process under which these problem areas cannot be substantively and meaningfully addressed, and that is highly regrettable and a needless blot on this charter.  Though I will support passage of this legislation in order to get the new department up and running, the flaws in this legislation will require our attention next year, when I hope to work with the Administration and my colleagues on both sides of the aisle to monitor implementation of the new law and to craft corrective legislation.

The FOIA Exemption

First, the bill guts the FOIA at the expense of our national security and public health and safety.  This bill eliminates a bipartisan Senate provision that I crafted with Senator Levin and Senator Bennett to protect the public’s right to use the Freedom of Information Act (FOIA) in order to find out what our government is doing, while simultaneously providing security to those in the private sector that records voluntarily submitted to help protect our critical infrastructures will not be publicly disclosed.  Encouraging cooperation between the private sector and the government to keep our critical infrastructure systems safe from terrorist attacks is a goal we all support.  But the appropriate way to meet this goal is a source of great debate – a debate that has been all but ignored by the Republicans who crafted this legislation.

The Administration itself has flip-flopped on how to best approach this issue.  The Administration’s original June 18, 2002, legislative proposal establishing a new department carved out a FOIA exemption, in section 204, and required non-disclosure of any “information” “voluntarily” provided to the new Department of Homeland Security by “non-Federal entities or individuals” pertaining to “infrastructure vulnerabilities or other vulnerabilities to terrorism” in the possession of, or that passed through, the new department.  Critical terms, such as “voluntarily provided,” were undefined.   

The Judiciary Committee had an opportunity to query Governor Ridge about the Administration’s proposal on June 26, 2002, when the Administration reversed its long-standing position and allowed him to testify in his capacity as the Director of the Transition Planning Office.

Governor Ridge’s testimony at that hearing is instructive.  He seemed to appreciate the concerns expressed by Members about the President’s June 18^th proposal and to be willing to work with us in the legislative process to find common ground.  On the FOIA issue, he described the Administration’s goal to craft “a limited statutory exemption to the Freedom of Information Act” to help “the Department’s most important missions [which] will be to protect our Nation’s critical infrastructure.” (June 26, 2002 Hearing, Tr., p. 24).  Governor Ridge explained that to accomplish this, the Department must be able to “collect information, identifying key assets and components of that infrastructure, evaluate vulnerabilities, and match threat assessments against those vulnerabilities.” (Id., at p. 23).  

I do not understand why some have insisted that FOIA and our national security are inconsistent.  The FOIA already exempts from disclosure matters that are classified; trade secret, commercial and financial information, which is privileged and confidential; various law enforcement records and information, including confidential source and informant information; and FBI records pertaining to foreign intelligence or counterintelligence, or international terrorism.  These already broad exemptions in the FOIA are designed to protect national security and public safety and to ensure that the private sector can provide needed information to the government.

Current law already exempts from disclosure any financial or commercial information provided voluntarily to the government, if it is of a kind that the provider would not customarily make available to the public.  Critical Mass Energy Project v. NRC, 975 F.2d 871 (D.C. Cir. 1992) (en banc).  Such information enjoys even stronger nondisclosure protections than does material that the government requests.  Applying this exception, Federal regulatory agencies are today safeguarding the confidentiality of all kinds of critical infrastructure information, like nuclear power plant safety reports (Critical Mass, 975 F.2d at 874), information about product manufacturing processes and internal security measures (Bowen v. Food & Drug Admin., 925 F.2d 1225 (9^th Cir. 1991), design drawings of airplane parts (United Technologies Corp. by Pratt & Whitney v. F.A.A., 102 F.3d 688 (2d Cir. 1996)), and technical data for video conferencing software (Gilmore v. Dept. of Energy, 4 F. Supp.2d 912 (N.D. Cal. 1998)).  

The head of the FBI National Infrastructure Protection Center (NIPC) testified more than five years ago, in September, 1998, that the “FOIA excuse” used by some in the private sector for failing to share information with the government was, in essence, baseless.  He explained the broad application of FOIA exemptions to protect from disclosure information received in the context of a criminal investigation or a “national security intelligence” investigation, including information submitted confidentially or even anonymously.  [Sen. Judiciary Subcommittee On Technology, Terrorism, and Government Information, Hearing on Critical Infrastructure Protection: Toward a New Policy Directive, S. HRG. 105-763, March 17 and June 10, 1998, at p. 107]

The FBI also used the confidential business record exemption under (b)(4) “to protect sensitive corporate information, and has, on specific occasions, entered into agreements indicating that it would do so prospectively with reference to information yet to be received.”  NIPC was developing policies “to grant owners of information certain opportunities to assist in the protection of the information (e.g., by ‘sanitizing the information themselves”) and to be involved in decisions regarding further dissemination by the NIPC.” Id.  In short, the former Administration witness stated:

“Sharing between the private sector and the government occasionally is hampered by a perception in the private sector that the government cannot adequately protect private sector information from disclosure under the Freedom of Information Act (FOIA).  The NIPC believes that this perception is flawed in that both investigative and infrastructure protection information submitted to NIPC are protected from FOIA disclosure under current law.” (Id.)

Nevertheless, for more than five years, businesses have continued to seek a broad FOIA exemption that also comes with special legal protections to limit their civil and criminal liability, and special immunity from the antitrust laws.  The Republicans are largely granting this business wish-list in the legislation for the new Department of Homeland Security.

At the Senate Judiciary Committee hearing with Governor Ridge, I expressed my concern that an overly broad FOIA exemption would encourage government complicity with private firms to keep secret information about critical infrastructure vulnerabilities, reduce the incentive to fix the problems and end up hurting rather than helping our national security.  In the end, more secrecy may undermine rather than foster security. 

Governor Ridge seemed to appreciate these risks, and said he was “anxious to work with the Chairman and other members of the committee to assure that the concerns that [had been] raised are properly addressed.” Id. at p. 24.  He assured us that “[t]his Administration is ready to work together with you in partnership to get the job done.  This is our priority, and I believe it is yours as well.”  Id. at p. 25.  This turned out to be an empty promise.

Almost before the ink was dry on the Administration’s earlier June proposal, on July 10, 2002, the Administration proposed to substitute a much broader FOIA exemption that would (1) exempt from disclosure under the FOIA critical infrastructure information voluntarily submitted to the new department that was designated as confidential by the submitter unless the submitter gave prior written consent, (2) provide limited civil immunity for use of the information in civil actions against the company, with the likely result that regulatory actions would be preceded by litigation by companies that submitted designated information to the department over whether the regulatory action was prompted by a confidential disclosure, (3) preempt state sunshine laws if the designated information is shared with state or local government agencies, (4) impose criminal penalties of up to one year imprisonment on government employees who disclosed the designated information, and (5) antitrust immunity for companies that joined together with agency components designated by the President to promote critical infrastructure security. 

Despite the Administration’s promulgation of two separate proposals for a new FOIA exemption in as many weeks, in July, Director Ridge’s Office of Homeland Security released The National Strategy for Homeland Security, which appeared to call for more study of the issue before legislating.  Specifically, this report called upon the Attorney General to “convene a panel to propose any legal changes necessary to enable sharing of essential homeland security information between the government and the private sector.” (P. 33) 

The need for more study of the Administration’s proposed new FOIA exemption was made amply clear by its possible adverse environmental, public health and safety affects.  Keeping secret problems in a variety of critical infrastructures would simply remove public pressure to fix the problems.  Moreover, several environmental groups pointed out that, under the Administration’s proposal, companies could avoid enforcement action by “voluntarily” providing information about environmental violations to the EPA, which would then be unable to use the information to hold the company accountable and also would be required to keep the information confidential.  It would bar the government from disclosing information about spills or other violations without the written consent of the company that caused the pollution. 

I worked on a bipartisan basis with many interested stakeholders from environmental, civil liberties, human rights, business and government watchdog groups to craft a compromise FOIA exemption that did not grant the business sector’s wish-list but did provide additional nondisclosure protections for certain records without jeopardizing the public health and safety.  At the request of Chairman Lieberman for the Judiciary Committee’s views on the new department, I shared my concerns about the Administration’s proposed FOIA exemption and then worked with Members of the Governmental Affairs Committee, in particular Senator Levin and Senator Bennett, to craft a more narrow and responsible exemption that accomplishes the Administration’s goal of encouraging private companies to share records of critical infrastructure vulnerabilities with the new Department of Homeland Security without providing incentives to “game” the system of enforcement of environmental and other laws designed to protect our nation’s public health and safety.  We refined the FOIA exemption in a manner that satisfied the Administration’s stated goal, while limiting the risks of abuse by private companies or government agencies.

This compromise solution was supported by the Administration and other Members of the Committee on Governmental Affairs and was unanimously adopted by that Committee at the markup of the Homeland Security Department bill on July 24, 2002.  The provision would exempt from the FOIA certain records pertaining to critical infrastructure threats and vulnerabilities that are furnished voluntarily to the new Department and designated by the provider as confidential and not customarily made available to the public.  Notably, the compromise FOIA exemption made clear that the exemption only covered “records” from the private sector,  not all “information” provided by the private sector and thereby avoided the adverse result of government agency-created and generated documents and databases being put off-limits to the FOIA simply if private sector “information” is incorporated.  Moreover, the compromise FOIA exemption clearly defined what records may be considered “furnished voluntarily,” which did not cover records used “to satisfy any legal requirement or obligation to obtain any grant, permit, benefit (such as agency forbearance, loans, or reduction or modifications of agency penalties or rulings), or other approval from the Government.”  The FOIA compromise exemption further ensured that portions of records that are not covered by the exemption would be released pursuant to FOIA requests.  This compromise did not provide any civil liability or antitrust immunity that could be used to immunize bad actors or frustrate regulatory enforcement action, nor did the compromise preempt state or local sunshine laws.

Unfortunately, the new Republican version of this legislation that we are voting on today jettisoned the bipartisan compromise on the FOIA exemption, worked out in the Senate with the Administration’s support, and replaced it with a big-business wish-list gussied up in security garb.  The Republican FOIA exemption would make off-limits to the FOIA much broader categories of “information” and grant businesses the legal immunities and liability protections they have sought so vigorously for over five years.  This bill goes far beyond what is needed to achieve the laudable goal of encouraging private sector companies to help protect our critical infrastructure.  Instead, it will tie the hands of the federal regulators and law enforcement agencies working to protect the public from imminent threats.  It will give a windfall to companies who fail to follow federal health and safety standards.  Most disappointingly, it will undermine the goals of openness in government that the FOIA was designed to achieve.  In short, the FOIA exemption in this bill represents the most severe weakening of the Freedom of Information Act in its 36-year history.

In the end, the broad secrecy protections provided to critical infrastructure information in this bill will promote more secrecy which may undermine rather than foster national security.  In addition, the immunity provisions in the bill will frustrate enforcement of the laws that protect the public's health and safety.

Let me explain.  The Republican FOIA exemption would allow companies to stamp or designate certain information as “Critical Infrastructure Information” or “CII” and then submit this information about their operations to the government either in writing or orally, and thereby obtain a blanket shield from FOIA’s disclosure mandates as well as other protections.  A Federal agency may not disclose or use voluntarily-submitted and CII-marked information, except for a limited “informational purpose,” such as “analysis, warning, interdependency study, recovery, reconstitution,” without the company’s consent.  Even when using the information to warn the public about potential threats to critical infrastructure, the bill requires agencies to take steps to protect from disclosure the source of the CII information and other “business sensitive” information. 

Criminalizing Non-Consensual Disclosures

The bill contains an unprecedented provision that threatens jail time and job loss to any government employee who happens to disclose any critical infrastructure information that a company has submitted and wants to keep secret.  These penalties for using the CII information in an unauthorized fashion or for failing to take steps to protect disclosure of the source of the information are severe and will chill any release of CII information not just when a FOIA request comes in, but in all situations, no matter the circumstance.  Criminalizing disclosures – not of classified information or national security related information, but of information that a company decides it does not want public -- is an effective way to quash discussion and debate over many aspects of the government’s work.  In fact, under this bill, CII information would be granted more comprehensive protection under Federal criminal laws than classified information.

This provision has potentially disastrous consequences.  If an agency is given information from an ISP about cyberattack vulnerabilities, agency employees will have to think twice about sharing that information with other ISPs for fear that, without the consent of the ISP to use the information, even a warning might cost their jobs or risk criminal prosecution. 

This provision means that if a Federal regulatory agency needs to issue a regulation to protect the public from threats of harm, it cannot rely on any voluntarily submitted information -- bringing the normal regulatory process to a grinding halt.  Public health and law enforcement officials need the flexibility to decide how and when to warn or prepare the public in the safest, most effective manner.  They should not have to get “sign off” from a Fortune 500 company to do so. 

While this legislation risks making it harder for the government to protect American families, it will make it much easier for companies to escape responsibility when they violate the law by giving them unprecedented immunity from civil and regulatory enforcement actions.  Once a business declares that information about its practices relates to critical infrastructure and is “voluntarily” provided, it can then prevent the federal government from disclosing it not just to the public, but also to a court in a civil action.  This means that an agency receiving CII-marked submissions showing invasions of employee or customer privacy, environmental pollution, or government contracting fraud will be unable to use that information in a civil action to hold that company accountable.  Even if the regulatory agency obtains the information necessary to bring an enforcement action from an alternative source, the company will be able to tie the government up in protracted litigation over the source of the information.

For example, if a company submits information that its factory is leaching arsenic in ground water, that information may not be turned over to local health authorities to use in any enforcement proceeding nor turned over to neighbors who were harmed by drinking the water for use in a civil tort action.  Moreover, even if EPA tries to bring an action to stop the company's wrongdoing, the “use immunity” provided in the Republican bill will tie the agency up in litigation making it prove where it got the information and whether it is tainted as "fruit of the poisonous tree" -- i.e., obtained from the company under the "critical infrastructure program."

Similarly, if the new Department of Homeland Security receives information from a bio-medical laboratory about its security vulnerabilities, and anthrax is released from the lab three weeks later, the Department will not be able to warn the public promptly about how to protect itself without consulting with and trying to get the consent of the laboratory in order to avoid the risk of job loss or criminal prosecution for a non-consensual disclosure.  Moreover, if the laboratory is violating any state, local or federal regulation in its handling of the anthrax, the Department will not be able to turn over to another Federal agency, such as the EPA or the Department of Health and Human Services, or to any State or local health officials, information or documents relating to the laboratory’s mishandling of the anthrax for use in any enforcement proceedings against the laboratory, or  in any wrongful death action, should the laboratory’s mishandling of the anthrax result in the death of any person.  The bill specifically states that such CII-marked information “shall not, without the written consent of the person or entity submitting such information, be used directly by such agency, any other Federal, State, or local authority, or any third party, in any civil action arising under Federal or State law if such information is submitted in good faith.” [H.R. 5710, section 214(a)(1)(C)]

Most businesses are good citizens and take seriously their obligations to the government and the public, but this “disclose-and-immunize” provision is subject to abuse by those businesses that want to exploit legal technicalities to avoid regulatory guidelines.  This bill lays out the perfect blueprint to avoid legal liability: funnel damaging information into this voluntary disclosure system and pre-empt the government or others harmed by the company’s actions from being able to use it against the company.  This is not the kind of two-way public-private cooperation that our country needs. 

The scope of the information that would be covered by the new Republican FOIA exemption is overly broad and would undermine the openness in government that FOIA was intended to guarantee.  Under this legislation, information about virtually every important sector of our economy that today the public has a right to see can be shut off from public view simply by labeling it “critical infrastructure information.”  Today, for example, under current FOIA standards, courts have required federal agencies to disclose (1) pricing information in contract bids so citizens can make sure the government is wisely spending their taxpayer dollars; (2) compliance reports that allow constituents to insist that government contractors comply with federal equal opportunity mandates; and (3) banks’ financial data so the public can ensure that federal agencies properly approve bank mergers.  Without access to this kind of information, it will be harder for the public to hold its government accountable.  Under this bill, all of this information may be marked CII information and kept out of public view.

The Republican FOIA exemption goes so far in exempting such a large amount of material from FOIA’s disclosure requirements that it undermines government openness without making any real gains in safety for families in Vermont and across America.  We do not keep America safer by chilling federal officials from warning the public about threats to their health and safety.  We do not ensure our nation’s security by refusing to tell the American people whether or not their federal agencies are doing their jobs or their government is spending their hard earned tax dollars wisely.  We do not encourage real two-way cooperation by giving companies protection from civil liability when they break the law.  We do not respect the spirit of our democracy when we cloak in secrecy the workings of our government from the public we are elected to serve.

Notably, another part of the bill, section 892, would further undermine government sunshine laws by authorizing the President to prescribe and implement procedures requiring Federal agencies to “identify and safeguard homeland security information that is sensitive but unclassified.”  The precise type of information that would be covered by this new category of “sensitive” information that is not classified but subject to carte blanche executive authority to keep secret is not defined and no guidance is provided in the Republican bill as to how far the President may go. 

As the Rutland Herald so aptly put it in an editorial on November 16, the Republicans “are moving to cloak the federal government in an unprecedented regime of secrecy.”  The argument over the scope of the FOIA and unilateral executive power to shield matters from public scrutiny goes to the heart of our fundamental right to be an educated electorate aware of what our government is doing.  The Rutland Herald got it right in explaining:  “The battle was not over the right of the government to hold sensitive, classified information secret.  The government has that right.  Rather, the battle was over whether the government would be required to release anything it sought to withhold.”

Second, extraneous provisions added by the House also pose significant privacy risks.  As I noted before, increased information sharing is necessary but also poses privacy risks if the government is not properly focused on the information necessary to collect, the people appropriate to target for surveillance and the necessary controls to ensure that dissemination is confined to those with a need to know.

Recent press reports have warned that this bill will turn it into a “supersnoop’s dream” because it will allow creation of a huge centralized grand database containing a dossier or profile of private transactions and communications that each American has had within the private sector and with the government.  Indeed, in section 201, the bill authorizes a new Directorate for Information Analysis and Infrastructure Protection to collect and integrate information from government and private sector entities and to “establish and utilize ... data-mining and other advanced analytical tools.”  In addition, in section 307, the bill authorizes $500,000,000 next year to be spent by a new Homeland Security Advanced Research Projects Agency (HSARPA) to make grants to develop new surveillance and other technologies for use in detecting, preventing and responding to homeland security threats. 

We do not want the Federal government to become the proverbial “big brother” while every local police and sheriff’s office or foreign law enforcement agency to become “little brothers.”  How much information should be collected, on what activities and on whom, and then shared under what circumstances, are all important questions that should be answered with clear guidelines understandable by all Americans and monitored by Congress, in its oversight role, and by court review to curb abuses. 

Other provisions added in haste to the Republican House-passed bill raise serious concerns about privacy protections for the sensitive electronic communications of law-abiding Americans.  In particular, the so-called "emergency disclosure" amendment in section 225(d) would greatly expand the ability of Internet service providers to reveal private communications to government agencies without any judicial authority or any evidence of wrongdoing.

As Americans move their lives online, the privacy of their sensitive e-mails, instant messages, and web traffic is of growing concern.  Current law protects the privacy of electronic communications by prohibiting service providers from revealing the contents of those communications to anyone without proper lawful orders.  Emergency disclosure provisions exist in the current law based on the reasonable premise that ISPs who encounter an imminent threat of death or serious injury should be able to reveal communications to law enforcement agencies on an emergency basis, even without judicial oversight.  We just recently expanded that emergency exception a year ago in the USA PATRIOT Act to provide even more flexibility for service providers.

In practice, however, the emergency disclosure authority is being used in a different way. Reports in the press and from the field indicate that ISPs, universities, and libraries are approached by government agents and asked to disclose communications “voluntarily” for ongoing investigations.  Providers are then faced with a terrible choice -- turn over the private communications of their customers without any court order, or say “no” to a government request.  Of course, many comply with the requests.  Small providers have few legal resources to challenge such requests.  The agents who are making the requests may be the same agents to whom the providers will have to turn for help in the event of hacking attacks or other problems.  So without proper restrictions, such "voluntary disclosure" provisions risk becoming a major exception to the law.  Section 225(d) takes this exception even further and turns it into a loophole big enough to drive a truck through.  It would allow literally thousands of local, State and Federal employees to seek private e-mails, instant messages, and other sensitive communications, without any judicial orders or even a subpoena.  ISPs could turn over those communications based on vague concerns of future injury to someone, even if those concerns are totally unreasonable.

Section 225(d) makes three important changes to the already very generous authorities for these extraordinary disclosures, which Congress gave to law enforcement in the USA PATRIOT Act just one year ago.  First, it would remove the requirement that there be "imminent" danger of injury or death. Instead it would allow these extraordinary disclosures when there is some danger, which might be far in the future and far more hypothetical.  As the Attorney General and the President have warned us consistently over the last year, the entire country faces some risk of future attack.  Under this new language, there will now always be a rationale for using the so-called "emergency" disclosure provision.

Second, section 225(d) would remove even the low hurdle that there be a "reasonable belief" in danger on the part of the ISP.  Instead, this new provision would allow these sensitive disclosures if there is any good faith belief – even if totally unreasonable – of danger.  Vague, incoherent, or even obviously fictitious threats of future danger could all form the basis for disclosing our most private electronic communications under this new provision of law.

Finally, section 225(d) would allow disclosure of sensitive communications to any local, State or Federal government entity, not just law enforcement agents.  That could include literally hundreds of thousands of government employees.  The potential for abuse is enormous.  More importantly, in cases of real threats of death or serious injury, it is law enforcement agencies --trained to deal with such situations and cognizant of legal strictures -- who should be the first contact point for concerned citizens.

As a result of Section 225(d), many more disclosures of sensitive communications would be permitted without any court oversight.  Moreover, these disclosures would happen without any notice to people – even after the fact – that their communications have been revealed.  It would allow these disclosures to be requested by potentially thousands of government employees, ranging from cotton inspectors to dogcatchers to housing department administrators.

The public's most sensitive e-mails, web transactions, and instant messages sent to loved ones, business associates, doctors and lawyers, and friends deserve the highest level of privacy we can provide.  The provisions of section 225(d) make a mockery of our privacy laws, and the carefully crafted exceptions we have created in them, by allowing disclosure of our most private communications to thousands of government officials based on the flimsiest of excuses.  These provisions were never approved by any committee in the Senate, are not in the interests of the American people, and should not now be finding there way into the law of the land.

Third, the bill provides liability protections for companies at the expense of consumers.  I am disappointed that the measure also contains sweeping liability protection for corporate makers of vaccines and any other products deemed to be “anti-terrorism technology” by the Secretary of Homeland Security.  This unprecedented executive authority to unilaterally immunize corporations from accountability for their products is irresponsible and endangers the consumers and our military service men and women. 

These provisions, for example, would apply to negligence, gross negligence and even willful misconduct in producing vaccines, gas masks, airport screening machines and any other “anti-terrorism technology” used by the general public and our service men and women. 

In addition, the bill would completely eliminate punitive damages against the maker of such a defective product.  Without the threat of punitive damages, callous corporations can decide it is more cost-effective to continue cutting corners despite the risk to American lives.  This would let private parties avoid accountability in cases of wanton, willful, reckless or malicious conduct. 

There is no need to enact these special legal protections and take away the rights of victims of defective products.  At a time when the American people are looking for Congress to take measured actions to protect them from acts of terror, these “tort reform” proposals are unprecedented, inappropriate and irresponsible.  At the very moment that the President is calling on all Americans to be especially vigilant, this legislation lets special interests avoid their responsibility of vigilance under existing law.

I am disappointed that some may be taking advantage of the situation to push “tort reform” proposals that have been rejected by Congress for years.  This smacks of political opportunism.  I strongly oppose rewriting the tort law of each of the 50 states for the benefit of private industry and at the expense of consumers and our service men and woman, and their families. 

Further, I am saddened that this so-called compromise provides retroactive liability protection for some private airport security firms involved in the September 11^th terrorist attacks.  Last year, Congress explicitly excluded private airport security firms from the liability limits for airlines in the Aviation and Transportation Security Act because we did not know if any airport screening firm may have contributed to the September 11th attacks through willful misconduct or negligence.  Unfortunately, we still do not know all the facts regarding the 9/11 attacks because the Bush Administration has opposed Congressional oversight and an independent commission to investigate the attacks. 

This special-interest provision in the so-called compromise is a travesty to the families of the victims of September 11^th.  Indeed, I have already been contacted by a family member of a 9/11 victim outraged by this retroactive liability protection.  I share their outrage.  

I also find it particularly galling, that just because "the White House wants it," this bill includes a provision that blatantly puts the interests of a few corporate pharmaceutical manufacturers before the interests of thousands of consumers, parents and children.  Sections 714 through 716 give a "get out of court free card" to Eli Lilly and other manufacturers of thimerasol.  Let's be clear, this provision has nothing to do with homeland security.  Smallpox and anthrax vaccines do not use thimerosal.  Thimerasol is a mercury-based vaccine preservative that was used until recently in children's vaccines for everything from hepatitis B to diphtheria.  By making changes to the Vaccine Injury Compensation Program sought by the pharmaceutical industry, this provision cuts the legs out from under thousands of parents currently in court seeking compensation for the alleged harm caused by thimerosal. 

For years, I have been working to remove sources of mercury from our environment because of the neurological effect of mercury on infants and children.  Although Eli Lilly's own documents show that they knew of the potential risks from mercury-based preservatives in the 1940s, its use was not stopped until 1999 when pediatricians and the Public Health Service acted.  Instead of looking into why pharmaceutical companies and the federal government failed to act for so long or improving the current compensation system, the Homeland Security bill takes away the legal options of parents and gives pharmaceutical companies new protections from large penalties. 

Fourth, the bill weakens immigration enforcement just when we need it the most.  The Republican House-passed bill fails to take important steps to help fix and restructure our immigration agencies.  This Republican package abandons the close coordination between immigration enforcement and immigration services that was included in the Lieberman amendment to the Homeland Security bill.  Instead, immigration enforcement falls under the Undersecretary for Border and Transportation Policy, while immigration services are relegated to a bureau that lacks its own undersecretary.  Apparently, the Undersecretary for Border and Transportation Security is expected to be an expert in immigration enforcement, FEMA, agriculture, and other issues.  Meanwhile, there is no one figure within the Homeland Security Department who is responsible for immigration policy.  Testimony before the Judiciary Committee showed clearly the numerous links between the enforcement of our immigration laws and the provision of immigration benefits – it is unfortunate that this bill fails to acknowledge those links.

Unfortunately, this legislation fails to codify the Executive Office of Immigration Review appropriately.  Instead of defining the functions, shape, and jurisdiction of the EOIR, as the Lieberman amendment did, it simply says there shall be an EOIR and the Attorney General shall have complete discretion over it.  It is critical that both immigrants and the government have a meaningful opportunity to appeal adverse decisions, and we should have done more through this legislation to guarantee it.

In addition, I am disappointed that provisions designed to guarantee decent treatment for unaccompanied minors were not included in the Republican amendment.  Through Senator Feinstein’s leadership, the Lieberman substitute assured that unaccompanied alien minors receive counsel.  The Judiciary Committee heard earlier this year from children who had been mistreated by the immigration system, and we had a real opportunity to solve that problem through this bill.  We have failed to take advantage of that opportunity. 

I will continue to work to ensure that the reorganization of our immigration service proceeds in as orderly and appropriate a fashion as possible.  I have spoken often about the valuable service provided by employees of the Immigration and Naturalization Service in Vermont, and the need to retain their expertise in any reshuffling of the agency’s functions.  We will not make our nation safer by alienating, underutilizing, or discarding knowledgeable employees, and I will do what I can to prevent that outcome. 

Finally, the bill undermines the professionalism in favor of the “management flexibility” to engage in political cronyism at the new Department.  Although it has already received substantial comment, I want to add my voice to those who have criticized the Administration for its heavy-handed and wrong-headed approach to the rights of employees who will come under the new Department.  At the same time we are seeking to motivate the government workers who will be moved to the new Department with an enhanced security mission, the Administration is insisting on provisions that threaten the job security for these hardworking government employees.  

The Administration should not use this transition as an excuse to cut the wages and current workplace security and rights of the brave employees who have been defending the nation.  That is not the way to encourage retention or recruitment of the vital human resources on which we will need to rely.

I represent some of those employees and have firsthand knowledge of their dedication to our nation and their jobs.  Contrary to the Administration’s pre-election rhetoric, where disputes over employment conditions have had potential effects on the public safety, they have been resolved quickly.  I am disappointed that the bill we consider today contains so few protections for these vital employees, and that the White House chose to use these valuable public servants in an election year tactic. 

The Oversight Imperative

So our vote today will help answer the question of whether a new Department of Homeland Security will be created – a question that has never really been at issue or in doubt.  Perhaps there are members of the Senate who oppose creation of this Department, though I am not aware of such opposition.  But many troubling questions remain about the “hows” as we move forward to charter this massive new agency.  A process has been imposed on the Senate that prevents addressing them adequately in the remaining hours of this session.  But answering and resolving these questions, in the interest of the security and privacy and well-being of the American people, will be an imperative that the Administration and the next Congress must not shirk.

# # # # #