The newly created Critical Infrastructure Partnership Advisory Council is charged with sharing information aimed at protecting the nation's infrastructure, cybercomponents included. Michael Chertoff, the U.S. Department of Homeland Security Secretary, cited security reasons when he signed off on exempting the council from the Federal Advisory Committee Act, or FACA.
The decision, which, was released in a published Friday.
The council, which plans to meet at least quarterly, will bring together various federal agency employees and private-sector representatives to discuss the Department of Homeland Security's, which remains in draft form. The fields represented range from agriculture and energy to information technology and telecommunications. Participants include the U.S. Telecom Association, the Cellular Telecommunications Industry Association and Internet infrastructure services provider VeriSign.
If those participants are required to comply with FACA, it could leave them seriously hindered in sharing "sensitive homeland security information," the department said.
The 1972 law generally requires such groups to meet in open sessions, make written meeting materials publicly available, and deliver a 15-day notice of any decision to close a meeting to the public. The last is a particular point of concern for Homeland Security officials, who anticipate that private emergency meetings may need to be scheduled on short notice.
The private sector, fearing that sensitive data will get to the wrong hands, has continued to resist sharing important information with the feds, the Department of Homeland Security said, citing government auditors' findings from late 2003.
Making the meetings public would amount to "giving our nation's enemies information they could use to most effectively attack a particular infrastructure and cause cascading consequences across multiple infrastructures," another departmental advisory council warned in August.
One privacy advocate said he didn't buy the excuses. "The public has an extremely strong interest in knowing whether DHS and the relevant industries are doing enough to protect facilities, and whether there might be company negligence that contributes to any possible security vulnerabilities," David Sobel, a general counsel at the Electronic Privacy Information Center, wrote in an e-mail interview.
Michael Aisenberg, government relations director for VeriSign, dismissed such worries, saying he predicted only a limited number of the council's meetings would actually be closed to the public.
"But there are families of data and information that are much more appropriately handled in confidence, at least in the early phases of an exploit or event," he said, praising the exemption as highly valuable and long overdue. "There were no tools in place to allow DHS or any other agency to have meetings with collective groups of government and industry that would not be covered by the FACA."
Homeland Security said in Friday's notice that it recognized "the important principle of transparency as a foundation for public confidence in government" and planned to make the council's meetings public whenever "feasibly consistent with security objectives." It said it also planned to issue public notices of all meetings, closed and open alike, "unless exigent circumstances arise" and that it would maintain a publicly available Web site with meeting agendas and periodic reports.