Federal Action
Following the 9/11 terrorist attacks, President George W. Bush and the U.S. Congress created the independent, bipartisan National Commission on Terrorist Attacks Upon the United States, also known as the 9/11 Commission. The 9/11 Commission’s charter empowered it to investigate and prepare a complete account of the circumstances surrounding the attacks. The 9/11 Commission Report includes recommendations designed to guard against future attacks, many of which concern critical infrastructure. For instance, the commission recommended creating the Department of Homeland Security and recommended that its objectives should include assessing readiness and protecting America’s critical infrastructure.
The attacks demonstrated the vulnerability of U.S. infrastructure. The attacks prompted Congress to enact The Critical Infrastructures Protection Act of 2001, which defines critical infrastructure as physical or virtual systems and assets that are vital to the national security, economic security and public health of the U.S. Additionally, the attacks set in motion substantial changes in American life, such as federalizing airport security with the Aviation and Transportation Security Act and giving the government additional powers in its war against terrorism with the Patriot Act.
State Activity
Several states—including Indiana, Kentucky, Louisiana, North Carolina, Pennsylvania and Washington— use the word “terrorism” or “counterterrorism” in their statutes exempting critical infrastructure from disclosure under each state’s open government laws. For example, Indiana exempts from disclosure “a record or a part of a record, the public disclosure of which would have a reasonable likelihood of threatening public safety by exposing a vulnerability to terrorist attack.” The statute includes records detailing communications, electrical, ventilation, water and wastewater systems under the exemption.
Today, more than half of U.S. states have an open government law exemption for CEII, although each state may use different language to indicate the same category of information. Missouri, Nebraska and North Carolina’s statutes exempt disclosure of information about “infrastructure” while other state statutes use the phrase “energy infrastructure” and West Virginia exempts "specific engineering plans and descriptions of existing public utility plants and equipment."
States’ exemptions from CEII disclosure are not always created by statute. Washington’s exemption from disclosing CEII comes from a 2007 Court of Appeals decision. In Northwest Gas Association v. Washington Utilities and Transportation Commission, Washington’s Court of Appeals granted an injunction for an information request seeking a detailed map and attribute-level pipeline data under the terrorist security exemption of the Public Records Act. Although the phrase “critical energy infrastructure” is not used in the Public Records Act, the court interpreted the statute’s terrorist security exemption to include CEII.
Also, Hawaii’s public information exemption for CEII comes from a 2007 opinion letter from its Office of Information Practices director. The advisory opinion letter addresses the issue of whether governmental agencies must “disclose sensitive information reported to it by energy companies regarding the physical security of Hawaii’s critical energy infrastructure.” The director explains that if an agency seeks to withhold information in the interest of public security, the agency must show that public disclosure of a particular piece of information could reasonably be expected to compromise the physical security of critical energy infrastructure. The agency must meet that burden before it can withhold that particular information.
In addition to state laws and regulations exempting disclosure of critical energy infrastructure from open government laws, the Federal Energy Regulatory Commission (FERC) revised and finalized a rule that went into effect on Feb. 21, 2017. The rule exempts critical electric infrastructure information from mandatory disclosure under the Freedom of Information Act (FOIA). A few states, including Colorado, Iowa and Oregon, amended their respective open government laws in the 2017 legislative session to include language similar to the 2017 FERC rule.
Background: The Creation of Open Government Laws
The states have a rich tradition of supporting government transparency based on the idea that a democracy functions better when citizens are informed about the government itself. Early forms of open government laws appeared in the common law in the first state laws following colonization, in territorial laws in the west and in state constitutions. Massachusetts enacted its first statutory provision establishing the public’s right to access governmental documents in 1851 and several states, including Illinois and Montana, enacted open record laws in the late 1800s. The federal Freedom of Information Act (FOIA) was enacted in 1967 and several states now have statutes modeled on the federal FOIA statute.
There are two types of open government laws: open meeting laws and open record laws. Open meeting laws are often called “sunshine laws” and allow access to meetings of commissions, councils, boards and other government bodies. Open record laws are also called “freedom of information” laws and ensure access to governmental documents. FOIA provides the public the right to request records from any federal agency and it also requires agencies to proactively post certain categories of information, including frequently requested records. Many state laws requiring government transparency arose in response to scandals arising from government secrecy. Notably, the U.S. Congress strengthened the federal Freedom of Information Act after Watergate in 1974, and many states followed suit by creating or amending state-level open government laws in favor of transparency.