Homeland Security Act of 2002: Critical Infrastructure Information Act

CRS Report for Congress
Received through t he CRS W e b
Homeland Security Act o f 2002:
Critical Infrastructure
Information Act
February28,2003
Gina Marie Stevens
Legislative Attorney
American Law Division


Congressional Research Service ˜ The Library of Congress

InformationAct
Summary
The C ritical In frastructure Informatio n Act of 2002 (“CIIA”), t o b e codified at
6 U.S.C. §§131 - 134, was p assed o n November 25, 2002 as subtitle B o f Title II of
the Homeland S ecurity Act (P.L. 107-296, 116 Stat. 2135, sections 211 - 215), and
regulates t he use and disclosure of information s ubmitted t o t h e Department of
Homeland Security (DHS) about vulnerabilities and threats t o critical infrastructure.
This report ex amines the C IIA. For furt her i nformation, see CRS Report R L30153,
Critical Infrastructures: Background, Policy, and Implementation , b y J ohn Moteff.
This report will be updated as warranted.


Congressional Research Service ˜ The Library of Congress

Background ..............................................1
Critical In frastructure Information Act of 2002 ...................3
Definitions ...........................................3
P rot ect i o n o f V ol unt ari l y S h ared C ri t i cal In frast ruct ure
Information ......................................5
Criminal Penalties ....................................11
WhistleblowerProtectionAct ...........................12
CongressionalDisclosure ...............................14
OtherProvisions .....................................16


Congressional Research Service ˜ The Library of Congress

Homeland Security Act o f 2002: Critical
Infras truc ture Information Ac t
Background.
The P resident’s National S trategy for Homeland Security, which proposed the
creation of a new Department of Homeland Security (DHS), es tablished as one of the
Department’s core missions the protection of America’s i nfrastruct ure. 1 The
proposal had t he new Department responsible f o r c omprehensively evaluating t he
vulnerabilities of America’s critical infrastruct ure, incl uding food and water system s,
agri cul t u re, health systems and em ergency s ervi ces, i nform at i o n and
t el ecom m uni cat i ons, b anki ng and fi n ance, energy (el ect ri cal , n u c l ear, gas and o i l ,
dams), transportation (ai r, road, rail, ports, wat erw a ys ), the chemical and defense
industries, postal and shipping entities, an d n ational m onuments and i cons. W orking
cl osel y w i t h st at e an d l o cal offi ci al s, ot her federal agenci es, and t h e p ri vat e sect or,
the p roposal had t he Department hel p i n g t o ensure t hat p roper s teps are t aken to
pro t ect high-risk target s. Information s haring between public and private entities
about threats and vulnerabilities t o critical infrastructures was a central component
of the P resident’s proposal which was s ubsequently introduced by request as H.R.
5005 (Armey), the Homeland S ecuri t y A c t o f 2 002. Section 204 of H.R. 5005
ex empted infrastructure vulnerabilities i nformat i o n from d isclosure under t he
Freedom of In formation Act (5 U.S.C. § 552) , and stated that “Information p rovided
voluntarily by non-federal entities or i ndivi d u a l s that relates t o i nfrastruct ure
vulnerabilities or other vul nerabilities t o terrorism and is or has been in the
possession of the Department [ o f Homeland S ecurity] s hall not be subject to section

552 of title 5, United S tates C ode.”


A debat e ensued regarding the ex emption of critical infrastruct ure i nformation
from t he Freedom of In formation Act (FOIA). The debate essentially focused on t he
reconciliation o f t wo public goods that come into conflict, on the one hand, the n eed
to encourage voluntary i nformation s hari ng, and on the o ther, t he demands of open
government. A new FOIA ex emption for critical infrast ruct ure i nformation was
opposed by civil libertarians and advocat es of open government on several grounds.
They testified t hat a new ex emption would j eopardize t h e ab i l ity to obtai n
information about abusive government practices, would cast a shroud of secrecy over
one o f t h e Department of Homeland Secu rity’s critical functions, and was
unnecessary because FOIA ex em pt i o n 4 p rot ect s p ri vat e com p ani es agai n st
disclosures o f t rade secrets and confidential business i nformation, and can be
ex tended t o critical infrastructure m ater ial t hat p roperly s hould b e withheld from
disclosure.


1 A Legislative Proposal to Create a N e w C a binet Department of Homeland Security, H.
Doc. 107-227 (J une 18, 2002).
Congressional Research Service ˜ The Library of Congress

Proponents o f a new FOIA ex empt i o n for cr itical infrastructure i nformation
testified t hat p rivate industry wou l d b e u n willing t o voluntarily share critical
infrastructure i nformation wit h t he federal government without assurances that its
co n f i d ential busines s i nformation would not be released by the governmen t .
Companies worri ed that if information sharing with the government becomes a
reality, FOIA requests for in fo rm ation could prove em barrassing and costly. In
addi t i on, com p ani es ex p ressed concern t hat agency d ecisions abo u t disclosure of
busi n ess confi d ent i al d at a were fraught wi t h am bi gu i t y and d i s cret i on. There were
also concerns ex pressed b y p rivate industry about antitrust and civil liability issues
with respect to the willingnes s of s ome of t hose entiti es t o p r ovide information
voluntarily to the federal government. S peci fi cal l y, i n congressi onal h eari n gs
industry representatives ex pressed c once r n about disclosure under t he Freedom of
In formation Act; t hird-party liability (e.g., sharing s uspected problems about a p iece
of equipment b efore its being t horoughly test ed and veri fi ed); t h e l ack of a d efi n ed
antitrust ex emption fo r appropriate information s haring concerning infrastruct ure
vulnerabilities; possible disclosure of i nformation under s tate open records l aws; and
disclosure of sensitive corporat e i nformation t o competitors.
When H. R . 5005 was reported out of the House S elect Committee on
Homeland Security after hearings on the l egislation, the Administration’s FOIA
ex em ption was modified, and new limitations on th e u s e an d discl osure of critical
infrastruct ure i nformation were i ncluded i n a separate subtitle (Title VII, Subtitle C,
sections 721 - 724). The Select Committee o n Homeland S ecurity s i gn i ficantly
ex panded upon the P resident’s proposal for an ex emption from FOIA for information
on infrastructure vulnerabilities. Section 204 of H.R. 5005 was no l onger limited t o
the ex emption from d isclosure under FOIA o f i nfor m a tion o n “infrastructure
vulnerabilities or other vulnerabilities t o t errorism.” It s protections now ex tended t o
a b road and n ewl y defi ned cat egory o f i nform at i o n – critical infras t r u c t ure
information voluntarily submitted t o t he DHS with an ex pres s s t a t e m ent of
ex pect at i o n o f p rot ect i o n from d i s cl osure. The report ed b i l l i n cl uded s om e o f t he
protections sought by industry representatives: i t p rovided ex emption from disclosure
under FOIA; it provided t hat covered i nformation would not be used directly in civil
actions; i t p rovided t hat critical infrast r u c t u r e i nformation would not be used or
discl o sed by any Federal employee (ex cept t o further criminal investigation or
prosecution o r t o d isclose t he information t o C ongress or the Genera l A ccounting
Offi ce); i t est abl i s hed t hat cri t i cal i n frast ructure i nformation p rovided t o a S t a t e o r
local government by DHS may not be made av ailable pursuant t o any State o r l ocal
law requiring disclosure of informa tion o r records; a n d i t p rovided t hat
com m uni cat i ons of cri t i cal i n frast ruct ure i nforma t i o n would not be subject to the
requirements o f t he Federal Advisory Committee Act (FACA).
The S enat e G o v e rnmental Affairs C ommittee, too, voted to add a FOIA
ex emption t o its bill, S. 2452 (Lieberman, section 198) establishing a Department of
Homeland Security. S . 2452, the National Homeland S ecurity and C omb a t i ng
Terrorism Act o f 2002, agreed to by the S en ate Governmental Affairs C ommittee o n
J u ly 25, 2002, ex empted a “record” p ertaining t o t he vulnerability of and t hreats t o
cri t i cal i n frast ruct ure (as defi ned i n t he USA P ATRIOT Act), furnished voluntarily
to the Department of Homelan d S e curity, from b eing made available under FOIA.
A record was p rot ect ed from d i s cl osure i f t he provider would not customarily make
the record available t o t he public. It also required t he provider t o certify, in a m anner
speci fied by the Department of Homeland Security, t hat t he record is confidential and
not custom arily made availabl e t o t he public. Under S . 2452 a r ecord is submitted


Congressional Research Service ˜ The Library of Congress

voluntarily if it was submitted t o t h e D e p a rt ment of Homeland Security “i n t he
ab s e n c e of authority of the Department requiring that record to be submitted,” an d
it is not submitted or used t o s atisfy any l egal requirement or obligation or t o obtai n
an y grant, p ermit, benefit, or other approval from t he federal government. Agencies
wi t h whi ch t he Depart m ent of Hom el and S ecuri t y shares prot ect ed records were t o
be bound by the FOIA ex emption. FOIA requests for protected information were t o
be referred back to the Department of Homeland Security. S. 2452 allowed an
agency which h ad received i ndependen tly of t h e Department a record “similar o r
identical” t o t hat received b y t he Department, t o d isclose t he record under F OIA.
T h e S enat e bill did not preem pt stat e or l ocal disclosure laws if the state or l o cal
aut hori t y recei ved t he i n form at i o n i ndependent of t h e De p a r t m ent of Hom el and
Security, nor did i t contai n civil liability immunity, or criminal penalties. Fi nally, t he
Senate bill req u i red t he Comptroller General to report t o C ongress on the
implementation and use of its protections.
Critical Infrastructure Information Ac t of 2002.
On November 25, 2002, President Bush s igned H.R. 5005, the H o m e l a n d
Security Act of 2002, P.L. 107-296. The "Critical In frastructure Information Act of
2002," (“CIIA”), t o b e codified at 6 U.S.C. § 131 et seq., i s found in Subtitle B of
Title II of the Homeland S ecurity Act (sections 211 - 215). C IIA consists of a group
of provisions that addres s t h e circum stances under which the Department of
Homeland Security may obtai n, use, and discl ose critical infrastruct ure i nformation
as part of a c r i t i c a l i n frast ruct ure p rot ect i o n p rogram . C IIA est abl i s hes s everal
limitations on the discl osure of critical infrastruct ure i nform a t i o n voluntarily
submitted t o DH S . The CIIA was enacted, i n p art, to respond to the n eed for t he
federal government and o wners and operators of the nation's critical infrastruct ures
to share i nformation on vulnerabilities and threat s, an d t o promote information
shari n g b et ween t h e p ri vat e and publ i c sect ors i n o rder t o prot ect cri t i cal asset s . T he
Homeland Security Act o f 2002 adopted sections 721- 725 of H.R. 5005 on critical
infrastruct ure i nformation verbatim. Congress' enactment of the C ritical
In frastructure Informa t i o n A c t of 2002 was and continues t o b e s omewhat
controversial. The n arrower S enate v ersion, S. 2452, was not considered by the full
Senate, o r t he House o f R ep resent at i v es, when C ongress enact ed t h e Hom el and
S ecuri t y Act o n an accel erat ed schedul e. The H om el and S ecuri t y Act w as approved
by the House and the S enat e ex peditiously, with relativel y little focus on its FOIA-
related provisions. Following is a s ummary of the new law.
Definitions.
T h e C IIA i n cl udes 4 key d efi n i t i ons: covered federal agency; cri t i c a l
infrastructure i nformation; voluntary; and express statement. Another k ey definition,
cri t i cal i n frast ruct ure, i s defi ned el s ewhere i n t h e H om el and S ecuri t y Act .
The most important definition in CIIA is that of “critical infrastructure
i n form at i on” because t h e C IIA prot ect i ons are t ri ggered onl y for such i n form at i on.
C ri t i cal i n frast ruct ures are d efi n ed el sewhere i n t he Hom el and S ecuri t y Act . S ect i o n
2(4) of the Homelan d S e c u rity Act s tates t hat critical infrastructure “has t h e
meaning given that term in s e c t ion 1016(e) of Public Law 107-56 (42 U.S.C.


Congressional Research Service ˜ The Library of Congress

5195(e)).”2 Section 1016(e) of the USA PATRIOT Act defines critical
infrastructure as “sys tems and assets, whether physical or virtu a l , s o vital t o t he
United S tates t hat t he incapacity or destruction o f s uch s ys tems and assets would
have a d ebilitating impact on security, n ati onal economic security, n ational public
health or safety, or any combination of t hese matters.”3 This definition i s viewed as
a broad cat ch-all provision likel y t o cover a wide array of activities.
Critical infrastructure information is defined as “information not customarily
in the public domai n and related t o t he security of critical infrastruct ure or protect ed
systems—
(A) act ual, potential, or threat ened interference with, attack on,
compromise of, or incapacitation of critical infrastruct ure or p ro t ect ed
system s by either physical or computer-bas ed attack or ot h er s imilar
conduct (i n c l uding misuse o f o r unauthoriz ed access t o all types o f
communications and d ata t ransmission syst em s) t h at vi ol at es federal, state,
or local law, harms i nterstat e commerce of t he United S tates, or threat ens
publ i c heal t h and s afet y;
(B) t he ability of critical infrastruct ure or protect ed system s t o res ist s uch
interference, compromise, or incapacitation, incl uding any planned or pas t
assessment, projection or estimate of the vulnerability of critical
i n frast ruct ure o r a prot ect ed sys t em , i ncluding security testing, risk
eval uation t hereto, risk m anagem ent planning, or risk audit; or,
(C) any planned o r p ast operational probl em or sol u t i o n regardi ng cri t i cal
infras t ructure...including repair, recovery, reconstruction, insurance, or
continuity to t h e ex t ent i t rel at es to such interference, compromise, or
incapacitation.”4
This definition covers a wide ran ge of information, and i s further ex panded by
reference to t he stat utory d efinition o f critical infrastruct ure from t he USA P ATRIOT
Act.5
Covered federal agency is defined b y t he CIIA as the Department of Homeland
Security. On t he House floor, an amendment t o t his definition was offered, and
failed. 6 Amendment No. 25 would have amended t he definition of “covered agency”
to incl ude not just the Department of Homeland Security, but any other agency
designat ed by the Department of Homeland Security or with which t he Department
shares cri t i cal i n frast ruct ure i nform at i on. 7
Another important definition i s of voluntary. S ection 214 of the C IIA protects
critical infrastruct ure i nformation voluntarily submitted t o t he DHS when


2 P.L. 107-296, § 2(4), 116 Stat. 2140.
3 P.L. 107-56, § 1016(e), 42 U.S.C. 5195(e).
4 P.L. 107-296, § 212(3).
5 See the “Issues and Concerns” section of CRS Report RL31547, Cr i tical Infrastructure
Information Disclosure and Homeland Security , by J ohn Moteff and Gina M arie St evens.
6 P.L. 107-296, 116 Stat. 2135, § 212(2); See also i d. at § 214(c) (adding that the provi sion
does not apply t o " independen tly obtained i nformation").
7 148 Cong. Rec. H5845 (J uly 26, 2002).
Congressional Research Service ˜ The Library of Congress

accom p ani ed b y an ex p ress st at em ent o f ex p ect at i o n o f p rot ect i o n from d i s cl osure.
The t erm “vo l u n t ary” with respect to the s ubmittal of critical infrastruct ure
information t o a covered federal agency means “the s ubmittal t hereof in the absence
of such agency’s ex erci se of l egal aut hori t y t o com p el access o r s ubm i ssi on of such
information and may b e accomplished b y a single entity or an In formation S haring
and Analysis Organization on b eh al f o f itsel f or its members”8 The C IIA defines
“Information S haring and Analysis Organizations” as “any formal or i nformal entity
or collaboration created or employed by public or private s ector organiz ati o n s , f o r
purposes of–(A)gatheringand analyzingcritical infrastructureinformation...(B)
communicating or discl osing critical infrastruct ure i nformation . . . and (C)
voluntarilydisseminatingcritical infrastructureinformation....”9 In addition, the
definition of voluntary i ncludes a critical ex cl usion. A voluntary s ubmission to DHS
does not include filings that were also made with the S ecurities and Ex change
Commission or Federal b anking regu lators , s tatements m ade pursuant t o t he sale of
securities, or inform ation or statements submitted or reli e d upon as a basis for
making lic e n s i ng or permitting determinations, o r during regulatory p roceedings .
Consequently, i nformation falling within the ex clusion would not be protect ed from
disclosure.
The l as t critical definition i s of an express st at ement. 10 In o r der t o obtain t he
prot ect i ons of t h e C IIA, t he subm i s s i o n m u st be accom p ani ed b y an ex p ress
stat em ent. In t h e cas e of written i nformation or records, this means a written
marking on t he information or r eco rds s imilar t o “This information i s voluntarily
submitted t o t he Federal Government in ex pect ation of protection from discl osure as
provided b y t he provisions of the C ritical In frastructure Information Act of 2002.”11
In the cas e of oral i nformation, CIIA requires t he submission of a s imilar w ri t t en
stat em ent within a reas onable time period following the oral communication. 12
Protection of V oluntarily Shared Critical Infrastructure I nformation.
Section 214 of the C IIA is entitled "Protection of Voluntarily Shared Critical
In frastructure Information.” The s ection est ablishes s everal protections for critical
infrastruct ure i nformation voluntarily submitted t o t he Department of Homeland
S ecuri t y for u se regardi n g t he securi t y of cri t i cal i n f r ast ruct ures and p rot ect ed
syst em s and for o t h er purposes when such i n form at i o n i s accom p ani ed b y an ex p ress
stat em ent t o t he effect that the i nformation i s voluntarily submitted t o t he federal
governm ent i n ex pect at i o n o f p rot ect i o n from d i s cl osure. To encourage p ri vat e and
p u blic sect or entities and persons to voluntarily share t heir critical infrastruct ure
i n form at i o n w i t h t h e D epart m e n t o f H om el and S ecuri t y, t he C IIA i n cl udes s everal
m easures t o ensure agai nst d i s cl osure o f p rot ect ed cri t i cal i n frast ruct ure i nform at i o n
by DHS. S ection 214(a)(1), entitled “In General”, p rovides:


8 P.L. 107-296, § 212(7).
9 P.L. 107-296, § 212(5).
10 See i d. at § 214(a)(2)(A)-(B)
11 P.L. 107-296, § 214(a)(2).
12 Id.
Congressional Research Service ˜ The Library of Congress

Notwithstanding any o th e r provision of law, critical infrastructure
information (incl uding the i dentity of the s ubmitting person or entity) t hat
is voluntarily submitted t o a covered Federal agency for use by that agency
re ga r d i n g t he securi t y of cri t i cal i n frast ruct ures and p rot ect ed syst em s,
an al ys i s , w arn i n g, i n t erd e p e n d e n c y s tudy, recovery, reconstitution, o r o t h e r
i n form at i onal purpose, when accom p ani ed b y an ex p ress st at em ent ....
(A) “shall b e ex empt from d isclosure under s ection 552 of title 5, United
States Code (commonly referred t o as t he Freedom of In formation Act).”13
According t o t he Department of J u stice, the agency responsible for administering the
FOIA, s ection 214(a)(1) will operate as a n ew "Ex emption 3 s tatute"14 under FOIA
for "critical infrastructur e " informatio n t hat i s obtained b y t he Department of
Homeland Security.15 This section eliminates the p resumptive right of access b y any
person—corporate o r i ndividual, regardless of nationality— t o ex i sting, unpublished
DHS reco rd s o n critical infrastruct ure i nformation. Unlike FOIA, which s peci fies
nine cat egories of i nformation t hat m ay be ex em pted from discl osure, and permits
rather than requires t he withholding of re quested information s ection 214(a)( 1 )(A)
leaves no discretion and requires t hat criti cal infrastructure i nformation voluntarily
submitted t o t he DHS not be disclosed under FOIA.
P r ior t o t he enactment of this new FOIA ex emption 3 statute, critical
infrastructure i nformation would h ave fallen under t he scope of ex emption 4 o f FOIA
whi ch ex em p t s from d i s cl osure “t rade s ecret s and com m erci al o r f i n anci al
information obtai ned from a person an d p ri vileged or confidential.”16 Most
ex emption 4 cases have involved a dis pute over whether the i nformation was
“ confidential.” In 1992, in Critical Mass Ener gy Project v. NRC ,17 the full D . C .
Circuit C ourt of Appeal s established a new t es t t o det ermine confidentiality for
information submitted voluntarily to an agency. It ruled that voluntarily submitted
information i s ex empt from d isclosure under FOIA i f t he submitter can show that it
does not customarily release t he i n formation t o t he public.18 The court i n Critical
Mass did not ex pressly d efine t he two t erms “required” and “voluntary” information
submissions. The Department of J ustice i ssued policy guidance o n t he Critical Mass


13 P.L. 107-296, 116 Stat. 2135, § 214(a)(1)(A) ( to be codified at 6 U.S.C. § 133(a)(1)(A)).
14 Under e xemption 3 of t he FOIA, i n f o r ma t i on protected from disclosure under other
statutes is also exempt from publi c d i sclosure provided that such statute r equires t hat t he
matters be withheld from t he public in such a manner as t o l eave no discretion on t he issue,
or establishes particular criteria f or withholding or refers to particular types of matters to be
withheld. Unlike other FOIA exemptions, i f t he information r equested under FOIA meets
the withholding criteria of exemption 3, t he in formation must be withheld. See 5 U.S.C. §

552(b)(3).


15 Department of J ustice, “Homeland Security La w C o ntains New Exemption 3 Statute,”
FOIAPost(2003).
16 5 U.S.C. § 552(b)(4).
17 975 F.2d 871, 879-80 (D.C. Cir. 1992)( en banc )(“Critical Mass II”), cert. denied, 113 S.
Ct.1579(1993).
18 Id. at 879.
Congressional Research Service ˜ The Library of Congress

distinction under ex emption 4.19 Fu rther guidance o f t h e t reatment of confidential
bus i n es s i nform at i o n i s found i n Ex ecut i ve O rder 12,600 (Prediscl osure N otification
Procedures for C onfidential C ommercial Information ). 20
Similarly, the C IIA protect s from discl osure critical infrastruct ure i nformation
“not customarily in the public domai n” voluntarily submitted t o DHS. The Report
o f the House S elect Committee o n Homeland S ecurity accompanyi ng H.R . 5005
stat es that “The Select Committee i ntends that subtitle C only protect privat e,
security-related i nformation t hat i s voluntarily shared with the government in order
to assist in increas ing homel and s ecurity. This s ubtitle does not protect information
required under any health, safety, or environmental law” (emphasis added).21 It
should b e n o t ed that section 214(d) provides t hat “the voluntary s ubmittal t o t he
Government of information o r records t hat are protected from d isclosure b y t he Act
shall not be cons t r u e d a s compliance with any l egal requirement to submit such
information t o a federal agency. ”
Section 214(a)(1)(B) o f t he CIIA provi des t hat covered i nformation will not be
subj ect t o agency rul es o r j udi ci al doct ri n e regardi ng ex -part e com m uni cat i ons. T he
Administrative P rocedure Act (APA) establishes t he rules for agenci es to adhere to
wi t h respect t o ex part e com m uni cat i ons i n agency proceedi n gs . 22 The APA defines
an "ex p arte communication" as an “oral o r written communication not on the public
recordwithrespect to which reasonable prior notice to all parties is not given...”23
Section 556(e) of the Administrative P roce dure Act incorporates th e p r i n ciple that
form al agency adj udi cat i ons are t o b e d eci ded s ol el y o n t he basi s o f record evi d ence.
It provides t hat “[ t ] h e t ranscript o f t estim ony and ex h i b i t s , t oget her w i t h al l p apers
and requests filed i n t he proceeding, constitutes t he ex clusive record for d ecision.” 24
The reason for t his “ex clusiveness o f record” p rinciple is to provide fairness to the
parties i n order to en s u re meaningfully participation. Challenges to the
“ex cl usi v eness o f record” o ccur w hen t here are ex p art e cont act s – com m uni cat i ons
from an i nt erest ed p art y t o a d ec i s i o n m aki n g o ffi ci al t h at t ake pl ace out si de t h e
heari n g and off t he record. E x p art e cont act i ssues ari s e m ore frequent l y i n agency
adj udi cat i ons t h an i n j udi ci al proceedi n gs because t h e l at t er are al m o st al ways m ade
on t h e record, aft er an adversary p roceedi n g; however, o n t he record proceedi n gs are
a v ery s m al l part of t h e docket i n m ost agency p roceedi n gs .
Section 557(d)(1) o f t he APA p rohibits any “ i n t e r e sted person outside the
agency” from m aking, or knowingl y causing, “any ex p arte communication relevant
to the m erits of the p roceeding” to any d ecision making official. S imilar restraints
are i m posed on t h e agency d eci si on m akers, who are d efi n ed t o i n cl ude any “m em b er
of the body comprising the agency, administrative l aw judge, or other employee who


19 Department of J ustice, “OIP Guidance: The Critical Mass Di stinction Under Exemption

4," FOIA Update, V ol. X IV , No. 2, at 3-5.


20 Exec. Order No. 12,600, 3 C.F.R. 235, reprinted i n 5 U.S.C. § 552 note.
21 H. Rep. No. 107-609, Home land Security Act of 2002, p. 116.
22 5 U.S.C. § 551 et seq.
23 5 U.S.C. § 551(14).
24 Id. at § 556(e).
Congressional Research Service ˜ The Library of Congress

is or may reasonably b e ex p ected to be involved i n t he decisional p rocess.”25 When
an improper ex p arte contact occurs, t he AP A requires t hat i t b e p laced on the public
record; i f i t was an oral communicati on, a m emorandum summariz i ng the contact
must b e fi led.26 Upon receipt of an ex parte communication knowingl y m ade o r
knowingl y cau s e d t o b e m ade b y a party i n v iolation o f t he APA, the agency,
administrative l aw judge, or other employee presiding at the hearing m ay require the
party t o s how cause why h is claim o r i n t e r e s t i n t he proceeding s hould not be
dismissed, denied, d isregarded, o r o therwise adversely affected on account of such
vi olation.27 S ect i o n 214(a)(1)(B) o f t he C IIA ex em pt s p rot ect ed critical infrastructure
information from APA prohibitions on ex parte communications.28
Section 214(a)(1)(C) o f t he CIIA creates an evidentiary ex clusion for protected
information. Section 214(a)(1)(C) p rohi bits the d irect use, without the written
consent of t he information s ubmitter, of protect ed critical infrastruct ure i nformation
by such agency (DHS ), any o t h er Federal , S t at e, or l o cal aut hori t y, o r t hi rd part y i n
any civil action arising under federal or state l aw if submitted i n good faith. This
protection i s limited to critical infra structure i nformation t hat i s voluntarily submitted
t o a covered federal agency [ DHS ] for use b y t hat agency regardi ng t h e s ecuri t y o f
critical infrastructureand protected systems...orotherinformationalpurpose, when
accompanied b y an ex p ress statement. This evidentiary limitation does not apply t o
regulatory or enforcem ent actions by Federal, Stat e, or local governmental entities,
nor to civil actions when the i nformation i s obtained i ndependently of the DHS. The
courts may also limit application of t he evidentiary ex cl usion i n cas es of bad faith.
Public interest groups are concerned t hat this provision is ve r y b road, and would
shield owners and operators fro m l iability under antitrust, tort, t ax , civil rights,
environmental, labor, consum er prot ect i on, and h eal t h and s afet y l aws. However, a
Federal entity may s eparat el y obtai n t he critical infrastruct ure i nformation s ubmitted
t o t h e DHS for its critical infrastruct ure p rotection p rogram through t he use o f
independent legal authorities, and use such information i n any action. 29 T h e C IIA
does not limit the ability of governments, entities, or third parties t o i ndependently
obtai n critical infrastruct ure i nformation o r t o use critical infrastruct ure i nformation
for limited purposes .
Section 214(a)(1)(D) o f t he CIIA proh i b i t s u se or disclosure of critical
infrastructure i nformation b y U.S. o ffic e r s o r employees, without consent, for
unauthoriz ed purposes; and authoriz es the u se or disclosure of such information b y
such officers and employees in furtherance of t he investigation or t he prosecution of
a criminal act; o r for disclosure to Congress or the General Accounting Office. The


25 5 U.S.C. § 557(d)(1)(E).
26 Id. at § 557(d)(1)(C).
27 Id. at § 557(D).
28 For an example of a statute which mo d i f i es the APA rules with respect to ex parte
communications, s ee 49 U.S. C. 11324.
29 Subsection § 214(c) provides: “ (c) INDE PENDENT LY OBT AINED INFORMAT ION-
Nothing i n t his section shall be construed t o limit or otherwise affect the ability of a State,
local, or Federal Government entity, agency, or authority, or any third party, un d e r
applicable law, to obtain critical infra s t r u c t u r e i nformation i n a manner not covered by
subsection ( a), i ncluding any i nformatio n l awfully and properly disclosed generally or
broadly t o t he public and t o use such information i n any manner permitted by l aw.
Congressional Research Service ˜ The Library of Congress

P r e s i d ent 's s i gni ng st at em ent accom p anyi ng t h e Hom el and S ecuri t y Act o f 2002
e x p r essly addressed t his p rovision. It st at es t h at “The ex ecut i v e b ranch does n o t
construe this provision to impose any independent or affirmative requirement to share
such information wit h t h e C ongress or the C omptroller General and s hall construe
it in any m anner consistent with the constitutional authorities of t he P r es i d ent t o
supervise t he unitary ex ecutive b ranch a n d to withhold i nformation t he disclosure
of which could impai r forei gn relation s , t h e n ational s ecurity, t he deliberative
processes of the Executive, or the performance of the Executive's constitutional
duties."30
This subsection adopts word-for-word t he language from p rovisions of the
Privacy Act o f 1974 which p ermit disclosure of personal i nformation m aintained b y
ex ecutive branch agencies i n s ys t ems of records t o C ongress, and t o t he General
Account i n g O ffi ce. 31 Similarly, FOIA provides t hat i t i s not authority for
withholding information from C ongress.32 S everal exi st i n g federal st at ut es aut hori z e
the discl osure of certain cat egories of i nformation for the investigation or prosecution
of a c riminal act . Federal laws protecting government, credit, communications,
education, bank, cable, v ideo, m otor vehicl e, heal t h , t el ecom m uni cat i ons, chi l d ren's,
and fi n anci al i n form at i o n general l y carve out ex cept i ons for t he di scl o sure of
personal l y i d ent i fi abl e i nform at i o n t o l aw enforcem ent o ffi cials, and authorize access
to personal i nformation t hrough u se of se a r c h warrants, subpoenas, and court
orders. 33
Section § 214(a)(1)(E) o f t h e C IIA specifically mandates t hat t he critical
infrastructur e i nformation now ex empt under t he FOIA "s hall not, i f p rovided t o a
Stateorlocal government ...bemadeavailablepursuant toanyStateorlocal law
requiring disclosure of information or records." This s tatute thus ex plicitly provides
for t he "preem pt i on" of st at e fr e e d o m of i n form at i o n l aws b y federal l aw.34 It a l s o
prohi bi t s S t at e o r l ocal governm ent s from d i s cl osi n g p rot ect ed cri t i cal i n frast ruct ure
information p rovided t o t h e m b y DHS without written consent o f t he entity
submitting t he information; prohib i t s i t s use for other t han critical infrastruct ure
protection, or the furtherance of a criminal investigation or prosecution.
Section 214(a)(1)(F) o f t he Act gua r d s against "waiver o f any applicable
privilege or protection p rovided under l aw , s u c h as t rade secret protection." Legal
prot ect i ons for t rade secret s v ary from s t at e t o st at e. Accordi n g t o t he R est at em ent
of Tort s, § 757, comment b, as adopt ed by m o st state laws, “a trade secret may


30 T he White House, Statement by t he President on H.R. 5005, the Homeland Secuirty Act
of 2002 (Nov. 25, 2002).
31 See 5 U.S.C. § 552a(b)(9 -10)(“(9) t o e ither House of Congress, or, t o t he extent of ma tter
within its j urisdictio n , any committee or subcommittee t hereof, any j oint committee of
Congress or subcommittee of any such j oint committee; (10) to the Comptroller General, or
any of his authorized representatives, i n t he course of the performance of the duties of t he
General Accounting Office;”).
32 5 U.S.C. § 552(d).
33 See CRS Report RL31730, Privacy: Total I nformation Awareness Programs and Related
Information Access, Collection, and Pr otection Laws , by Gina Marie Stevens.
34 See also Freedom of Information Act Guide & Pr ivacy Act Overview (May 2002), a t 563-

64 (discussing operation of " preemp tion doctrine" in FOIA context).


Congressional Research Service ˜ The Library of Congress

consist of any formula, pattern, device or compilation of i nformation which is used
in one’s business, and which gi ves h im an opportunity to obtain an advantage over
competitors who do not know or use it.” Oth er relevant evidentiary privileges m ay
incl ude the attorney-client privilege. 35
Section 214(b) of the Act provides t hat n o communication o f c r i t i cal
infrastructure i nformation t o t he Department of Homeland Security pursuant t o t he
C IIA shal l b e consi d ered an act i o n s ubj ect t o t h e requi rem ent s o f t he F e d e r a l
Advisory Committee Act which requires that the meetings of federal advisory
committees serving ex ecutive b ranch en tities b e open t o t he public. FACA d efines
an “advisory committee” as “any committee, board, commission, counci l , c o n f e r e n c e ,
panel, task force, or other s imilar grou p , o r any s ubcommittee or other subgroup
thereo f ( hereafter i n t his p aragraph referred t o as ''committee''), which is - (A)
established by statute or reorganization plan, or (B) e s t ab l i shed or utilized by the
Pres ident, or (C) established or utilized by one or more agenci es , i n t he interest of
obtaining a d v i c e or recommendations for t he President o r one or more agencies or
officers of t he Federal Government, ex cept t hat s uch t erm ex cludes (i) any committee
that is composed wholly of full-time, or permanent part-time, officers or employees
of the Federal Government, and (ii) any committee t hat i s creat ed by the National
Academy o f S ciences or the National Academy of P ublic Administration.”36 The
FACA al s o s peci fies nine cat egories of i nformation, similar t o t hose i n FOIA, that
may b e p ermissively relied upon to close advisory committee d eliberations. 37
Prior t o passage of the critical infrastru cture i nformation p rovisions, m eetings
of “Information S haring and Analys i s Organiz ations” (IS AO) could potentially be
subject to FACA’s requirements. However, the C IIA ex pressly authoriz es IS AOs to
voluntarily submit information t o t he DHS on behalf of itsel f or its members with the
result being t hat s uch i nformation will be protected in material respects under t he Act
from u ses and di scl o sures unrel at ed t o cri t i cal i n frast ruct ure p rot ect i on. 38 T h e C IIA
defines “In formation S haring and Analysis Organiz ations” as “any formal or informal
entity or collaboration created or employed by public or private s ector organizations,
forpurposesof–(A)gatheringandanalyzingcriticalinfrastructureinformation...
(B)communicatingordisclosingcritical infrastructureinformation...and (C)
voluntarily disseminating critical infrastruct ure i nformation . . . .”39 For a discussion
of information s haring and analysis centers formed by several s ectors (e.g. , b anking
and finance, telecommunica tions, electricity, water, etc.), s ee CRS Report R L30153,
Critical Infrastructures: Background, Policy, and Implementation , b y J ohn Moteff.
Section 214(e) r e q u i r es t he Secretary o f DHS to establish p rocedures for t he
receipt, care, and s torage of critical infrast ructure i nformation not later t han 9 0 d ays
after enactment. The Homeland Security Act t ook effect 60 days after p assage; t he
legi slation was enacted on November 25, 2003. In other words, S ecretary R idge is
to estab l i s h t h o s e p rocedures no later t hat February 23, 2003. The S ecretary o f


35 See Fed. Evi d. Rule 501.
36 5 U.S.C. App. 2, § 3(2).
37 5 U.S.C. App. 2.
38 Id. at § 212(7)
39 P.L. 107-296, § 212(5).
Congressional Research Service ˜ The Library of Congress

Homeland Security is to consult with the National S ecurity Council and t he Office
of Science and Technology P olicy t o estab lish uniform procedures. In addition, it
appears t hat t hese DHS procedures will not be subject to agency notice and comment
rulema king requirements for agency regu lations under t he AP A b ecause the C IIA
requires t he promulgation o f agency p rocedures, not regu lations. M oreover, in other
sect i ons of t h e Hom el and S ecuri t y Act , C ongress cl earl y di rect ed t h at regu l at i ons be
promulgated. Presumably it would have done the s ame h ere i f t hat i s what i t s ought.
J u d i ci al revi ew of agenci es’ i nt erpret at i ons of st at ut es ent ai l s a s i gni fi cant
el em e n t o f d eference, as t h e S uprem e C ourt em phasi z ed i n Chevron U.S.A., Inc. v
NRDC .40 In C h evron, the C ourt p rescribed t wo inquiries that a reviewi n g court
should conduct when reviewing an agency’s c onstruction o f a statute. The first was
whether “Congress has d ir ectly addressed t he precise question at i ssue.” If s o, the
court would h ave t o “gi ve effect to the unambiguously ex pressed i ntent o f C ongress.”
However, if the statute were to prove “silent or ambiguous with respect to the
speci fi c i ssue,” t he rem ai n i n g quest i o n was whet he r t he agency’s answer was
“permissible” – o r, as the C ourt phras ed it, a “reasonable i nterpretation.” C h evron,
in effect , creat es a presumption applicable to regulatory schemes i n which Congress
has d elegated power to an agency: t o w hateve r ex t ent t he statute remains ambiguous,
the reviewing court s hould p resume that C ongress has d elegat e d t o t h e agency t he
task of filling i n t he gap i n s ome reas onable way.
Criminal Penalties.
Section 214(f) contai ns a provision that makes i t a criminal offense for any
federal employee t o "knowingl y ...disclose[] ...anycritical infrastruct ure
information [ that is] p r o t ected from d isclosure" under it, without proper l egal
authorization.
“(f) PENALT IES- W hoeve r, being a n officer or employee of the United States
or of any department or agency t hereof, knowingl y publishes, divulges, discloses,
or ma ke s known i n a ny ma n n e r or t o a ny extent not authorized by law, any
critical infrastructure i nformation protected from disclosure by t his subtitle
comi ng to him i n t he course of this employment or offi c i a l duties or by r eason
o f a n y exami nation or i nvestigation made by, or return, r eport, or record made
to or filed with, s uch department or agency or officer or employee thereof, shall
be fined under title 18 of the United Sta t e s C o de, imprisoned not more than 1
year, or both, and s hall be removed from office or employment.”
This provision is similar t o t he criminal penalties imposed in the P rivacy Act,41 and
t h e T rade S ecret s A ct . 42


40 467 U.S. 837 (1984).
41 5 U.S.C. § 552a (i)(1)(“ Cr iminal Penalties. Any officer or employee of an agency, who
by vi rtue of h i s e mp l oyment or official position, has possession of, or access to, agency
records which contain i ndivi dually identifiable i nformation t he disclos u r e o f which i s
p r ohibited by t his s ection or by r ules or regulations established t hereunder, a n d w h o
knowing t hat disclosure of t he specific material is so prohibited, wil l f ully discloses t he
material in any manner t o any person or agency not entitled t o r eceive it, shall be guilty of
a misdemeanor and f ined not more than $5,000.”)
42 18 U.S.C. § 1905 (Whoeve r, being a n officer or employee of the United States or of a ny
(continued...)
Congressional Research Service ˜ The Library of Congress

Whistleblower P rotection Act.
A possible concern with the criminal penalty provisions imposed under C IIA is
their potential conflict with certain protections provided under the Whistleblower
Protection A ct (W PA),43 which p rotect s covered employees from p rohibited44
personnel actions taken b ecause of a p rotected disclosure. W P A ex p ressly p rovides
that current em ployees , former employees , or applicants for employm ent t o positions
in the ex ecutive branch of government in bo t h t h e competitive and the ex cepted
servi ce, as wel l as posi t i ons i n t h e S eni o r E x ecut i v e S ervi ce, are consi d ered covered45
em pl oyees. WPA p ro tect s "any discl osure of i nformation" that the employee
"reason a b l y b e lieves" evidences "a violation o f any law, rule, o r regulation" or
evidences "gross mismanagement, a gross waste of funds, an abuse o f authority, o r
a s ubstantial a n d speci fic danger t o public health or safety," if the discl osure i s not46
prohibited b y l aw or required t o b e k ept s ecret by Ex ecutiv e O r d e r . WPA also
protects "any disclosure" m ade t o t he Special Couns el or to the Inspector General o f
an agency or anot her em p l o yee d esi gnat ed b y t he head of t h e agency t o recei ve such
disclosures, which t he employee "reasonabl y b el i eves"evi d ences "a vi ol at i o n o f any
law, rule, o r regulation," or evidences "gro ss mismanagement, a gross waste of funds,
an abuse o f authority, o r a substantial and specific d anger t o public h e a l t h or47
safety." W P A further protects “cooperating with or disclosing information t o t he
Inspector General of an agency, or the S pecial Counsel, in acco rd an ce with48
applicable provisions of law.” W P A p rovides t hat t he whistleblowing p rovisions
are "not to be construed t o authoriz e t he withholding of informa t i o n f r o m t he


42 (...continued)
department or agency thereof, any person acting on behalf of t he Office of Federal Housing
Enterprise Oversight, or agent of t he Department of J ustice as defined in the Antitrust Civil
Process Act (15 U.S.C. 1311-1314), publishes, divulges, discloses, or makes known i n a ny
manner or t o any extent not authorized by law any information coming t o him in the course
of his employment or official duties or by r eason of any exami nation or i nvestigation made
by, or r eturn, report or r ecord made to or filed with, s uch department or agency or officer
or employee thereof, which i nforma tion c oncer ns or relates t o t he trade s ecrets, processes,
operations, style of work, or apparatus, or to the i dentity, confidential statistical data,
amount or source of any i ncome, profits, l osses, or expenditures o f a n y person, firm,
partnership, corporation, or association; or permits any i ncome r eturn or copy thereof or any
b ook containing any abstract or particulars t hereof to be seen or examined by any perso n
except as provi ded by l aw; s hall be fined under t his title, or i mprisoned not more than one
year, or both; and s hall be removed from office or employment.”).
43 Codified, a s a me nded, at 5 U.S.C. § 1201 et seq.
44 5 U.S.C. § 2302. See CRS Report 97-787, Whistleblower P r o t e c t ions for Federal
E m p l oyees , ( May 18, 1998) by L. Paige W hitake r; and CRS V i deo T ape MM70034,
Proposed Departme n t o f Home land Security: Freedom of Information Act Exemptions,
Whistleblower Protection Act, and Information Sharing by Gina Stevens, Paige Whitaker,
and Elizabeth Bazan. Online V ideo. ( September 25, 2002).
45 5 U.S.C. § 2302(a)(2)(B). Legi slative branch employees would not fall with i n this
definition.
46 5 U.S.C. § 2302(b)(8)(A).
47 5 U.S.C. § 2302(b)(8)(B)( emphasis added).
48 5 U.S.C. § 2302(b)(9)(C).
Congressional Research Service ˜ The Library of Congress

Con gress or the t aking o f any personnel action against an employee who d iscloses
information t o t he C ongress."49
Hypot het i cal l y, i f a “covere d ” f ederal em p l o yee d i s cl oses prot ect ed cri t i cal
infrastructure i nformation without legal authoriz ation, she would be i n violation of
CIIA (and, for ex ample, could b e fined, imprisoned, a n d r e m o v e d from o ffice or
employment). T h a t i s , s ince CIIA genera lly prohibits the discl osure of protect ed
critical infrastruct ure i n f o r m a t i on, ex cept for the purpose of criminal investigation
o r p r osecut i o n o r t o d i s cl ose p rot ect ed i n form at i o n t o C ongress or t h e G eneral
Accounting Office, such a d isclosure would s ubject the “covered” federal employee
to criminal sanctions under t he CIIA. M ore over, the p rotections of the C IIA apply
“Notwithstanding any o ther p r o v i s i o n of law.”50 Under t he W P A, if a “covered”
federal employee d isclosed protected criti cal infrastructure i nformation without legal
authoriz ation, she would not be protected by W P A i f t he disclosure was p rohibited
by law. However, the “covered” federal employee would appear to be protected by
WPA, on th e c o n dition t hat s uch employee m ade "any discl osure t o t he Speci al
Counse l , o r t o t he In spector General o f an agency ... which t he employee or
applicant reasonably b elieves evidences a v iolation o f any law, rule or regu lation,"
or evidences "gross mismanagement, a gross waste of funds, an abuse o f authority,
or a s ubstantia l a n d s p e c i fic d anger t o public health or safety."51 Fu rthermore, she
would appear t o b e p r o t ected “from t he taking of any p ersonnel action against an
employee who d iscloses information t o C ongress.” 52
In addition, it should b e noted that Section 883 of the Homeland S ecurity Act
(P.L. 107-296), t o b e codified at 6 U.S.C. § 463, ex pressly p rovides t hat “Nothing i n
this Act s hall be construed as ex empting t h e Department [of Homel and S ecurity]
from requirements applic a b l e w i th respect to ex ecutive agencies ... (2) t o p rovide
w h i s t l e blower protections for employees of the Department (including pursuant t o
the p rovisions in section 2302(b)(8) and (9) o f s uch title.”53
Congressional Disclosure.
A n o t h e r i ssue t hat has been raised with respect to the criminal penalti es
provision in section 214(f) of the C IIA wh ich applies t o “an officer or employee of
the Uni t e d S t a tes” is whether M embers of Congress and t heir staff could b e
criminally liable for the rel eas e of protect ed critical infrastruct ure i nformation. The
CIIA does not incl ude a definition of “officer or em ployee of the United S tates.”
Section 214(C) o f C IIA p rohibits without written consent t he use or disclosure of
protected inform a t i o n b y any officer or employee of the United S tates for


49 5 U.S.C. § 2302(b).
50 P.L. 107-296, § 214(a)(1).
51 5 U.S.C. § 2302(b)(8)(B).
52 5 U.S.C. § 2302(b).
53 P.L. 107-296, § 883. For i nforma t i on on t he DHS Inspector General’s r eporting
requirements t o Congress, see CRS Report RS21251, Analysi s of President’s Proposal
Concerning the Office of I nspector Ge neral f or the Proposed De partment of Home l a nd
Security. See also H o me l a n d Security Act of 2002 Amendments, Sec. 104 (Inspector
General of t he Departme nt of Home lan d Secu rity) i n t he H. Conference Rep. on H.J .Res.

2, Consolidated Appropriations Resolution, 2003, 149 Cong. Rec. H846 (Feb. 12, 2003).


Congressional Research Service ˜ The Library of Congress

unauthorized purposes ex cept when discl osure would be for criminal prosecution or
investigation, to Congress, or to G A O presumably for purposes of oversight. The
Report o f t he Select Committee o n Homeland S ecurity on H.R. 5005, the Homeland
Security Act, stat es that "unauthorized d i s closures of critical infrastruct ure
information by any U.S. employee may b e punished by fines, imprisonment u p t o one
year, and removal from employm en t."54
In l i g h t o f the fact that the underlyi ng purpose o f t he CIIA is to promote
voluntary i nformation s haring on threat s and vulnerabilities t o critical infrastruct ure
through t he establishment of a statutory s chem e d e s i gned t o p rot ect agai nst
unauthorized disclosures of confidential busines s i nformation, it is arguable that the
criminal penalties for unauthorized disclosure of protected information were intended
to apply t o C ongress. However, if Congress had t hought it was i ncluding itself, then
disclosure from "an officer or employee of the United S tates" to Congress might
arguably not be a "disclosure" at all, just information s hared bet ween one officer of
the United S tates and another officer of the United S tates, and one could argue that
the ex ception p ermitting d isclosure t o C ongress wouldn't h ave b een necessary.
Another consideration t hat s upports the conclusion that Congress is not subject
to the criminal penalty provision is the fact that one of the penalties i s "removal from
e m p l oyment." This argu es against t he provision applyi ng to Congress, s i n c e a
Member of Congress cannot be remo v e d b y s tatutory fiat, but only b y t he
Constitutional process set out in Article I, Section 5 of t h e C o n s t itution, that is,
ex pulsion. Even though t he plain m eaning o f “an officer or employee of the United
States” could reasonably b e i nterpret ed to incl ude Members of C ongress, the
Supreme C ourt h ad interpreted 1 8 U.S.C. 1001, prohibiting false statements in any
matter before any agen cy o r d e partment of the United S tates, as not applyi ng to
C o n g r e s s o r the courts after m ore t han 4 0 years o f applyi ng it to statements before
some congressional entities. 55 Congress had t o a m e n d i t to ex pressly i nclude
Congress.56 In light of the Hubbard precedent i t woul d appear unl i k el y t hat t he t erm
"o fficer or employee of the United S tates" would b e construed b y a court as applyi ng
to Congress without more definitions or legi slative history.
Moreover, the S peech or Debate cla u se of the U.S. C onstitution prevents
criminal prosecution of a Member of Congress for what s h e s a ys o n the floor, or
during committee p roceedings . M embers of Congr e s s h ave immunity for t heir
legi slative acts under Article I, § 6 , cl. 1, of the C onstitution, which p rovides i n p art
t h at "for any s peech or debat e i n ei t h er House, [ S enat ors and R epresent at i v es] s hal l
not be quest i o n e d i n any ot her p l ace." E ven i f t he act i ons of a S enat or or
R epresent at i v e are wi t h i n t h e s cope of t h e s peech or debat e cl ause or s o m e o t h e r
legal immunity, he remains accountable to the House o f C ongress in which h e s erves
and t o t he el ect orat e. The cl ause p rot ect s a Mem b er when speaki n g o n t he House o r
Senate floor, i ntroducing and voting o n bills and resolutions, p reparing and
submitting committee reports, acting at committee meetings and hearings, and


54 H.Rept. 107-609, Part 1 a t 116.
55 Hubbard v . U.S. , 514 U.S. 695 (1995).
56 See CRS Congressional D istribution M emo CD953350, “Impact of United States v.
Hubbard, 115 S.Ct. 1754 (1995), on t he Prosec ution of False Statements Made in Matters
of Concern t o t he J udiciary a nd the Congress” (J uly 13, 1995).
Congressional Research Service ˜ The Library of Congress

conducting inves t i gat i ons and i s s u i n g s ubpoenas . 57 In a frequently quoted description
of the s cope of the privilege, t he Court i n Gravel v. United States,58 ex plained t hat,
in addition t o actual s peech or debate in either House, the clause applies only t o acts
which are “an integral part of the deliberative and communicative processes by which
Members p articipate i n committee and H ouse p roceedings with respect to the
consideration and passage or rejection o f p roposed legi sl ation o r with respect to other
matters which t he Constitution p laces with in the j urisdiction of either House.”59 In
addi t i on, t h e “S p eech or Debat e C l ause appl i es not onl y t o a Mem b er but al so t o hi s
aides i nsofar as the conduct o f t he latter w ould b e a p r o tected legi slative act if
performed by the M ember h imself.”60


57 See CRS Report RL30843, Speech or Debate Clause Constitutiona l I mmunity: An
Overview, by J ay Shampansky.
58 408 U.S. 606 (1972).
59 Id. at 625.
60 Id. at 618.
Congressional Research Service ˜ The Library of Congress

Other P rovisions.
Section 214(g) of the C IIA authoriz es the federal government to provide
advi sori es, al ert s, and warni ngs t o rel e v ant companies, t argeted s ectors, other
governmen t entities, or the general public regarding potential t hreats t o critical
i n frast ruct ure. In i ssui n g a warni n g, t h e federal go v e r n m e n t m u st prot ect from
disclosure the s ource of any voluntarily submitted critical infrastruct ure i nformation
that forms t he ba s i s f o r t h e warning, o r i nformation t hat i s proprietary, busines s
sensitive, or otherwise not appropriately in the public domain.
Secti o n 2 15 of CIIA ex pressly p rovi des t hat a private right of action for
enforcem ent o f t he Act i s not creat ed. M any federal st at ut es cont ai n a pri v at e ri ght
of act i on, usual l y ex press but occasi onal l y i m p l i ed, whi ch aut hori z es sui t s agai nst t he
United S tates.


Congressional Research Service ˜ The Library of Congress