B. Proprietary Information
Comment: The proposed rule should ensure that contractor trade secret and proprietary information is protected. It is apparent that DoD is seeking to collect more than high-level, basic information regarding each IR&D project. Moreover, the proposed rule seeks to incentivize and encourage the voluntary disclosure by contractors of competition-sensitive, proprietary information. The respondent understands that DoD has had concerns with the security of proprietary information contained in the DTIC database, as discussed in a September 2008 presentation by the Deputy Undersecretary of Defense, International Technology Security. Therefore the respondent made the following suggestions:
(1) DoD should first assure that the DTIC database is capable of protecting contractor trade secret and proprietary information. How can DoD assure contractors that the data will not be compromised? The sensitive nature of the data should require encryption at the very least.
(2) DoD should ensure that provisions are in place that provide assurance that only DoD personnel will have access to this data. If any third party contractors have access, ensure that assurances/restrictions are in place to ensure that none of a contractor's proprietary IR&D data is disclosed outside of DoD.
(3) The respondent suggested that the on-line input information be high level only and if the area has interest to DoD, contact the contractor to obtain more detail. This will limit the sensitive information in the database and still allow DoD to obtain the information it seeks.
(4) DoD should reconsider the requirement that the submission of IR&D data be exclusively by means of the DTIC's on-line input form, and alternative means for submission should be permitted.
(5) The rule should be revised so as to avoid imposing on contractors the burden and expense of resisting public release under the Freedom of Information Act ("FOIA") of information entered into the DTIC database.
(6) The rule should be revised to make clear that the submission of IR&D information is voluntary, and that there is a presumption that information entered into and maintained in the DTIC database pursuant to the rule is confidential, and that its release is likely to cause the provider of the information substantial competitive harm if such information were to be released to the public. This would make it clear that the information entered into the DTIC database is within the scope of FOIA exemption (b)(4) and, therefore, not subject to public disclosure. The Trade Secrets Act, 18 U.S.C. Sec. 1905, prohibits the Government from releasing private information within its possession, unless law otherwise authorizes the release.
(7) DoD should ensure that processes are in place to verify data for accuracy and verify input for timeliness.
(8) The proposed rule should make clear that the Government cannot release or disclose proprietary IR&D submissions outside the Government without the data owner's written authorization. Further, contractors should be able to restrict the internal Government use of such IR&D data to DoD only. If DoD needs to share such proprietary IR&D data with support contractors, such as "covered Government support contractors" furnishing independent and impartial advice or technical assistance directly to DoD, then DoD should be required to obtain the data owner's written permission to do so.
Response:
(1) Information protection. DTIC advises that adequate controls are in place to protect information from compromise. Only unclassified IR&D project summary information should be provided. Both database screens and printouts will be marked "Proprietary." Any markings on attachments provided by a contractor would not be altered.
(2) Access control. DTIC advises that sufficient measures are being employed to limit access to authorized DoD users.
(3) Inputs. Firms have discretion regarding presentation of information they regard as sensitive when they submit project summaries.
(4) Submission format. The DTIC on-line input form has been established to provide contractors with a template for reporting on their IR&D projects. This format allows for submission of additional information as attachments.
(5) FOIA exemption. Information submitted is within the scope of FOIA exemption (b)(4).
(6) FOIA exemption and trade secrets. Information submitted is within the scope of FOIA exemption (b)(4).
(7) Timeliness and accuracy. Providing updates on an annual basis will ensure timeliness of the information submitted. Firms will be responsible for the accuracy of their submissions.
(8) Proprietary information controls. The rule makes no changes to existing laws and regulations dealing with Government use of proprietary information.