On recommendation of the Secure Virginia Panel, Virginia Governor Mark R. Warner (D) recently signed several bills into law that are part of a state effort to strengthen security measures and prevent domestic terrorism. Two of the bills, the Sensitive Records Protection Act and its companion bill, the Freedom of Information Act Critical Infrastructure and Vulnerability Assessments, are aimed at facilitating communication between the private sector and state agencies in order to prevent threats to critical assets. Under the guise of increasing communication about vulnerabilities, these bills actually promote secrecy and inhibit information sharing, preventing the public from accessing information which could protect them. Under the Sensitive Records Protection Act, similar to information restriction provisions in the federal Homeland Security Act of 2002, state agencies must withhold from the public voluntarily submitted information from public and private sources. The only reasons state agencies may disclose these “sensitive records” is if the information would assist in a criminal prosecution, the agency has been served a judicial order, or the submitter has given written consent. The law specifically blocks access to the information under the Freedom of Information Act. The overly broad exemption does not define what information would fall under the category of relating to “critical infrastructure sectors and components.” This could lead to abuses by companies using the new law to simply withhold information. The Act also contains no provisions for the state to act on the information submitted to ensure that the critical infrastructure is well-protected, leaving the charge of the bill unfulfilled. The Freedom of Information Act (FOIA): Critical Infrastructure and Vulnerability Assessments bill also restricts the amount of information the public can access. It expands the record exemptions under FOIA to include engineering and architectural drawings, and any other records relating to critical infrastructure components. Both bills are alarming because they infringe upon the rights of citizens to gain access to unclassified information. The Virginia bills are some of the first state versions the federal Homeland Security Act of 2002 that have been signed into law. Since the Critical Infrastructure Information provisions in the federal Homeland Security Act preempt all state and local disclosure laws, these state-level laws are useless unless they place even greater restrictions on information then the federal law does.