Side-by-Side Analysis of the Leahy-Levin-Jeffords-Lieberman-Byrd Restoration of Freedom of Information Act of 2003 (“Restore FOIA”) and theCritical Infrastructure Information Subtitle of the Homeland Security Act of 2002

U.S. SENATOR PATRICK LEAHY

CONTACT: Office of Senator Leahy, 202-224-4242

VERMONT

Side-by-Side Analysis Of The Leahy-Levin-Jeffords-Lieberman-Byrd
Restoration Of Freedom Of Information Act Of 2003 (“Restore FOIA”) And The Critical Infrastructure Information Subtitle Of The
Homeland Security Act of 2002

Issue

“Restore FOIA” Bill

Homeland Security Act

Scope of FOIA Exemption

Creates a FOIA exemption limited to "records" submitted by the private sector, not "information" from the private sector. Records, the standard category used in FOIA exemptions, refer to physical and well-defined communications (documents, reports, emails, etc.).

Uses the new and more expansive term “information” for the FOIA exemption, which could include telephone calls, conversations, or verbal answers (if the information is not required). This new and untested category could create confusion and hinder government’s ability to manage information efficiently.

Definition of Critical Infrastructure Information

Limits the exemption to records pertaining to "the vulnerability of and threats to critical infrastructure (such as attacks, response and recovery efforts)"

Applies the exemption to the broader and more vague category of any "critical infrastructure information” which could allow information not directly related to vulnerabilities to inappropriately be protected.

Definition of Voluntarily Submitted

Defines “voluntarily” narrowly to mean submissions in the absence of legal authority. This means that the information falls outside current regulatory authority and that the government could not obtain the records except by voluntary submission.

Defines “voluntarily” broadly to mean submissions in the absence of the exercise of legal authority. This implies that legal authority to require the documents may exist but is not currently being exercised, yet the companies may be credited as voluntarily submitting the information. Information and details that agencies do not currently request could be submitted and protected before regulators have the opportunity to exercise their authority.

Agency Oversight

Allows and anticipates agency review clearly establishing that portions of records that are not covered by the exemption should be released pursuant to FOIA requests.

Does not allow for any agency review and fails to provide any direction for handling records that only partially contain critical infrastructure information.

Government Use of Information

Sets no limits or restrictions on the government’s use and sharing of the records within the government. The only restriction upon government agencies is the record cannot be disclosed to the public.

Significantly limits the government’s ability to act upon the information received by prohibiting any use or disclosure, even to other federal agencies, of the information except for purposes stated in the Act.

State & Local Disclosure laws

Does not preempt any state or local disclosure laws for information obtained outside the Department of Homeland Security. Does not restrict the use of the information by state agencies.

Preempts the release of all “voluntarily submitted” critical infrastructure information under state and local disclosure and information access laws. State agencies are restricted in their use of the information in the same manner as federal agencies.

Criminal Penalties

Does not criminalize disclosure of critical infrastructure information or preempt any whistleblower protections.

Preempts whistleblower protections for government employees and attaches criminal penalties including a fine and up to one year in jail for disclosure of critical infrastructure information.

Immunity

Does not forbid use of such information in civil court cases to hold companies accountable for wrongdoing or to protect

the public.

Information cannot be directly used in civil suits by government or private parties. Information would be more difficult to use in civil suits where the information was obtained independently. Provisions could potentially impede criminal investigations and prosecutions.

Agencies covered

Clarifies that records submitted to other agencies are not covered, even if the same document is also submitted to the DHS.

Wording allows for the provision to be interpreted more broadly and may allow the exemption to apply to information submitted to other agencies that is also submitted voluntarily to the Department of Homeland Security.

FACA

Does not exempt any communication of information from the open meetings and other requirements of the Federal Advisory Committee Act.

Exempts all communication of critical infrastructure information from the open meetings and other requirements of the Federal Advisory Committee Act.

Congressional Oversight

Does not restrict Congressional use or disclosure of the information. Requires a report on the provisions’ implementation be made to Congress within 18 months of enactment.

May limit the ability of members of Congress to disclose or use critical infrastructure information. Does not require that any report on the implementation of new provisions be made to Congress.