Domestic Security Enhancement Act of 2003, A.K.A. Patriot Act II, is circulating in "discussion draft" form. It includes a requirement for companies that use potentially dangerous chemicals to produce a "worst case scenario" report which would be "obfuscated" to provide everyone with increased security. Although Patriot Act II is a terrible, horrible, not-very-good idea, the parallels here with what software vendors should be required to do in the way of publishing their own "worst case scenario" reports for code they propose to release into the wild or vulnerabilities they patch are poignant. See: http://publicintegrity.org/dtaweb/home.asp http://www.publicintegrity.org/dtaweb/downloads/Story_01_020703_Doc_1.pdf Section 202, “Distribution of ‘Worst Case Scenario’ Information”: This would introduce new FOIA restrictions with regard to the Environmental Protection Agency. As provided for in the Clean Air Act, the EPA requires private companies that use potentially dangerous chemicals must produce a “worst case scenario” report detailing the effect that the release of these controlled substances would have on the surrounding community. Section 202 of this Act would, however, restrict FOIA requests to these reports, which the bill’s drafters refer to as “a roadmap for terrorists.” By reducing public access to “read-only” methods for only those persons “who live and work in the geographical area likely to be affected by a worst-case scenario,” this subtitle would obfuscate an established level of transparency between private industry and the public.
