Under the proposed solution what is to prevent a corporation from "voluntarily" sharing confidential information with the government in order to preempt the government from discovering that information independently and using for regulatory purposes that could and should be accessible to the public via the FOIA ?

The only way I could see supporting such legislation would be if the information "voluntarily" shared with the government was so compartmentalized that corporations had absolutely no basis for claiming that parallel information developed by regulatory agencies was derived from information "voluntarily" shared under this program. If the public could be sure information developed independently by regulatory agencies was subject to FOIA even when such information exactly duplicated information "voluntarily" disclosed by corporations only then should any protection be provided to privacy of corporations.

It seems to me there are competing interests here. While private corporations do have a legitimate interest in being able to improve their security by collaborating with government and other entities it is surely outweighed by the interest of the public in having an informed input into the activities of its government. The former is a privilege for private interests, the latter is the basis of our democracy.

While there are threats to our infrastructure, frankly the cyber security threat (as has been pointed out elsewhere) is VASTLY overstated. Furthermore, I'm not certain that it has been demonstrated that sharing of the kind of specific and detailed private corporate data that such legislation is designed to protect would have any appreciable effect in making our national infrastructure more secure.

Finally I will conclude by expressing the opinion that if critical portions of our national infrastructure are so insecure that they are vulnerable to attack by some 14 year old from the PRC sitting at home with a laptop, then they really have no business being connected to a publicly accessible network in the first place.

You want to have a true impact on the cyber-security of critical national infrastructure, forget legislation.... start yanking out network cards.


Chris

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/61/10577#10577