Group items tagged

Nearly half (50 out of 101) of all federal agencies have still not updated their Freedom of Information Act regulations to comply with Congress's 2007 FOIA amendments, and even more agencies (55 of 101) have FOIA regulations that predate and ignore President Obama's and Attorney General Holder's 2009 guidance for a "presumption of disclosure," according to the new National Security Archive FOIA Audit released today to mark Sunshine Week. Congress amended the Freedom of Information Act in 2007 to prohibit agencies from charging processing fees if they missed their response deadlines, to include new online journalists in the fee waiver category for the media, to order agencies to cooperate with the new FOIA ombudsman (the Office of Government Information Services, OGIS), and to require reports of specific data on their FOIA output, among other provisions co-authored by Senators Patrick Leahy (D-VT) and John Cornyn (R-TX). But half the government has yet to incorporate these changes in their regulations, according to the latest National Security Archive FOIA Audit. After President Obama's "Day One" commitments to open government, Attorney General Eric Holder issued new FOIA guidance on March 19, 2009, declaring that agencies should adopt a "presumption of disclosure," encourage discretionary releases if there was no foreseeable harm (even if technically covered by an exemption), proactively post the records of greatest public interest online, and remove "unnecessary bureaucratic hurdles" from the FOIA process. But five years later, the Archive found a majority of agencies have old regulations that simply ignore this guidance.

The Archive's FOIA Audit also highlights some good news this Sunshine Week: New plans from both the House of Representatives and White House have the potential to compel delinquent agencies to update their regulations. "Both Congress and the White House now recognize the problem of outdated FOIA regulations, and that is something to celebrate," said Archive director Tom Blanton. "But new regs should not follow the Justice Department's terrible lead, they must follow the best practices already identified by the FOIA ombuds office and FOIA experts." "If and when this important FOIA reform occurs, open government watchdogs must be vigilant to ensure that the agencies' updated regulations are progressive, rather than regressive, and embrace best practices to ensure that more documents are released to requesters, more quickly" said Nate Jones, the Archive's FOIA coordinator.

In 2011, the back-to-back Rosemary Award-winning Department of Justice proposed FOIA regulations that would have — among many other FOIA setbacks — allowed the Department to lie to FOIA requesters, eliminated online-only publications from receiving media fee status, and made it easier to destroy records. After intense pushback by openness advocates, the DOJ temporarily pulled these regulations, and Pustay claimed, "some people misinterpreted what we were trying to do, misconstrued some of the provisions, and didn't necessarily understand some of the fee guidelines." Pustay also claimed — to an incredulous Senate Judiciary Committee — that updating FOIA regulations to conform with the 2007 OPEN Government Act was merely optional and "not required." National Security Archive director Tom Blanton warned in his own 2013 Senate testimony that these terrible "vampire" regulations were not gone for good. This year, Pustay testified that the Department of Justice has indeed resubmitted its FOIA regulations for OMB approval; their content is unknown to the public.

Nearly 20 years after Congress passed the Electronic Freedom of Information Act Amendments (E-FOIA), only 40 percent of agencies have followed the law's instruction for systematic posting of records released through FOIA in their electronic reading rooms, according to a new FOIA Audit released today by the National Security Archive at www.nsarchive.org to mark Sunshine Week. The Archive team audited all federal agencies with Chief FOIA Officers as well as agency components that handle more than 500 FOIA requests a year — 165 federal offices in all — and found only 67 with online libraries populated with significant numbers of released FOIA documents and regularly updated.

Congress called on agencies to embrace disclosure and the digital era nearly two decades ago, with the passage of the 1996 "E-FOIA" amendments. The law mandated that agencies post key sets of records online, provide citizens with detailed guidance on making FOIA requests, and use new information technology to post online proactively records of significant public interest, including those already processed in response to FOIA requests and "likely to become the subject of subsequent requests." Congress believed then, and openness advocates know now, that this kind of proactive disclosure, publishing online the results of FOIA requests as well as agency records that might be requested in the future, is the only tenable solution to FOIA backlogs and delays. Thus the National Security Archive chose to focus on the e-reading rooms of agencies in its latest audit. Even though the majority of federal agencies have not yet embraced proactive disclosure of their FOIA releases, the Archive E-FOIA Audit did find that some real "E-Stars" exist within the federal government, serving as examples to lagging agencies that technology can be harnessed to create state-of-the art FOIA platforms. Unfortunately, our audit also found "E-Delinquents" whose abysmal web performance recalls the teletype era.

E-Delinquents include the Office of Science and Technology Policy at the White House, which, despite being mandated to advise the President on technology policy, does not embrace 21st century practices by posting any frequently requested records online. Another E-Delinquent, the Drug Enforcement Administration, insults its website's viewers by claiming that it "does not maintain records appropriate for FOIA Library at this time."

Director of National Intelligence James Clapper has won the infamous Rosemary Award for worst open government performance in 2013, according to the citation published today by the National Security Archive at www.nsarchive.org. Despite heavy competition, Clapper's "No, sir" lie to Senator Ron Wyden's question: "Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?" sealed his receipt of the dubious achievement award, which cites the vastly excessive secrecy of the entire U.S. surveillance establishment. The Rosemary Award citation leads with what Clapper later called the "least untruthful" answer possible to congressional questions about the secret bulk collection of Americans' phone call data. It further cites other Clapper claims later proved false, such as his 2012 statement that "we don't hold data on U.S. citizens." But the Award also recognizes Clapper's fellow secrecy fetishists and enablers, including:

Gen. Keith Alexander, director of the NSA, for multiple Rose Mary Woods-type stretches, such as (1) claiming that the secret bulk collection prevented 54 terrorist plots against the U.S. when the actual number, according to the congressionally-established Privacy and Civil Liberties Oversight Board (PCLOB) investigation (pp. 145-153), is zero; (2) his 2009 declaration to the wiretap court that multiple NSA violations of the court's orders arose from differences over "terminology," an explanation which the chief judge said "strains credulity;" and (3) public statements by the NSA about its programs that had to be taken down from its website for inaccuracies (see Documents 78, 85, 87 in The Snowden Affair), along with public statements by other top NSA officials now known to be untrue (see "Remarks of Rajesh De," NSA General Counsel, Document 53 in The Snowden Affair).

Robert Mueller, former FBI director, for suggesting (as have Gen. Alexander and many others) that the secret bulk collection program might have been able to prevent the 9/11 attacks, when the 9/11 Commission found explicitly the problem was not lack of data points, but failing to connect the many dots the intelligence community already had about the would-be hijackers living in San Diego. The National Security Division lawyers at the Justice Department, for misleading their own Solicitor General (Donald Verrilli) who then misled (inadvertently) the U.S. Supreme Court over whether Justice let defendants know that bulk collection had contributed to their prosecutions. The same National Security Division lawyers who swore under oath in the Electronic Frontier Foundation's Freedom of Information Act lawsuit for a key wiretap court opinion that the entire text of the opinion was appropriately classified Top Secret/Sensitive Compartmented Information (release of which would cause "exceptionally grave damage" to U.S. national security). Only after the Edward Snowden leaks and the embarrassed governmental declassification of the opinion did we find that one key part of the opinion's text simply reproduced the actual language of the 4th Amendment to the U.S. Constitution, and the only "grave damage" was to the government's false claims.

At 4:00 PM today President Barack Obama signed the FOIA Improvement Act of 2016 (S. 337) into law. The bipartisan, bicameral bill – introduced by Senators John Cornyn, Chuck Grassley, and Patrick Leahy, and supported by Representatives Jason Chaffetz and Elijah Cummings in the House – will improve FOIA in several meaningful ways and reflects many of the findings of the National Security Archive’s FOIA audits and litigation. The legislation mandates a 25-year sunset for the “wildly misused” FOIA exemption (b)(5), an exemption that currently has no time limit and is often called the “withhold it because you want to” exemption. The CIA recently successfully hid a draft history of its 53-year-old Bay of Pigs invasion by invoking an overly-broad interpretation of the exemption. Thanks to President Obama and FOIA lions in the Senate and the House, the new FOIA bill will curtail such senseless secrecy. Agencies are now required to update their FOIA regulations within 180 days after the passage of the bill. A National Security Archive audit shows that too many federal agencies have not updated their regulations to comply with the 2007 Open Government FOIA improvements. By neglecting to update their “FOIA handbooks,” agencies are essentially ignoring Congress’s FOIA reforms.

Today’s signing also codifies the presumption of openness. Archive audits going back to 2009 show that most federal agencies have continued to ignore President Obama’s “presumption of disclosure” guidance that he issued on his first day in office. The new bill codifies this presumption, mirrors the Obama administration’s and the Department of Justice’s (non binding) instructions on FOIA, thereby requiring that records be released unless there is a foreseeable harm or legal requirement to withhold them. The law will also improve public digital access to released records, and strengthen and increase the independence of the FOIA Ombuds Office – the Office of Government Information Services (OGIS). But the bill did not fulfill all of the public's openness asks. It does not include a public interest balancing test to force the release of information which can technically be withheld under the law; it also does not establish a government commission or mechanism which can overturn bad agency FOIA decisions. "This is an important improvement to the US Freedom of Information Act," said Archive director Tom Blanton, "but there are several large leaps the US law still needs to make to catch up with international Freedom of Information norms and standards." The signing of today’s legislation comes just before the law – signed begrudgingly by LBJ on July 4, 1966 – turns 50.

The controversy over Barack Hussein Obama and his past, along with fraudulent documents continues to make headlines. Yet, the items needed to actually verify who Obama is continue to be kept from the public eye. Well, that all may be about to change. Attorney Orly Taitz may have just found a chink in the federal government’s armor in protecting Barack Obama from scrutiny, following a judge’s ruling over her Freedom of Information Act request from the Social Security Administration. Taitz has claimed that Obama uses the Social Security number of Harry Bounel and has submitted several Freedom of Information Act requests for the information from the Social Security Administration. Each time, she has been met with stonewalling by the Social Security Administration. However, Judge Ellen Lipton Hollander has ruled to give Taitz “an opportunity to file a second amended complaint and add allegations of SSA not doing a proper search and withholding records.”

The CIA today released the long-contested Volume V of its official history of the Bay of Pigs invasion, which it had successfully concealed until now by claiming that it was a “draft” and could be withheld from the public under the FOIA’s "deliberative process" privilege. The National Security Archive fought the agency for years in court to release the historically significant volume, only to have the U.S. Court of Appeals in 2014 uphold the CIA’s overly-broad interpretation of the "deliberative process" privilege. Special credit for today’s release goes to the champions of the 2016 FOIA amendments, which set a 25-year sunset for the exemption:  Senators John Cornyn, Patrick Leahy, and Chuck Grassley, and Representatives Jason Chaffetz, Elijah Cummings, and Darrell Issa. Chief CIA Historian David Robarge states in the cover letter announcing the document’s release that the agency is “releasing this draft volume today because recent 2016 changes in the Freedom of Information Act (FOIA) requires us to release some drafts that are responsive to FOIA requests if they are more than 25 years old.” This improvement – codified by the FOIA Improvement Act of 2016 – came directly from the National Security Archive’s years of litigation. The CIA argued in court for years – backed by Department of Justice lawyers – that the release of this volume, written by Agency historian Jack B. Pfeiffer, would “confuse the public.” National Security Archive Director Tom Blanton says, “Now the public gets to decide for itself how confusing the CIA can be.  How many thousands of taxpayer dollars were wasted trying to hide a CIA historian's opinion that the Bay of Pigs aftermath degenerated into a nasty internal power struggle?” Archive senior analyst and Cuba Project Director Peter Kornbluh notes, “We know now why the CIA attempted to cover up this document for so long. It is a vivid historical example of what Pfeiffer called ‘the agency's dirty linen’ that CIA officials never wanted to air in public."

Two companion bills pending in the House and Senate would amend the Freedom of Information Act “for the purpose of increasing public access,” a new analysis of the legislation from the Congressional Research Service explains. Among other things, “both the House and Senate legislation would establish a statutory ‘presumption of openness,’ whereby information may only be withheld if it harms an interest protected by a statutory exemption or if disclosure is prohibited by law.” While both bills “address a number similar topics, often in similar ways, there are substantive differences between them.” The similarities and the differences in the pending bills are summarized in the new CRS report. See Freedom of Information Act Legislation in the 114th Congress: Issue Summary and Side-by-Side Analysis, February 26, 2015.

This month, the United States District Court for the District of Columbia ruled that the Department of Homeland Security must make its plan to shut off the Internet and cellphone communications available to the American public. You, of course, may now be thinking: What plan?! Though President Barack Obama swiftly disapproved of ousted Egyptian President Hosni Mubarak turning off the Internet in his country (to quell widespread civil disobedience) in 2011, the US government has the authority to do the same sort of thing, under a plan that was devised during the George W. Bush administration. Many details of the government’s controversial “kill switch” authority have been classified, such as the conditions under which it can be implemented and how the switch can be used. But thanks to a Freedom of Information Act lawsuit filed by the Electronic Privacy Information Center (EPIC), DHS has to reveal those details by December 12 — or mount an appeal. (The smart betting is on an appeal, since DHS has fought to release this information so far.) Yet here’s what we do know about the government’s “kill switch” plan:

What are the constitutional problems? Civil liberties advocates argue that kill switches violate the First Amendment and pose a problem because they aren’t subject to rigorous judicial and congressional oversight. “There is no court in the loop at all, at any stage in the SOP 303 process,” according to the Center for Democracy and Technology. ”The executive branch, untethered by the checks and balances of court oversight, clear instruction from Congress, or transparency to the public, is free to act as it will and in secret.” David Jacobs of EPIC says, “Cutting off communications imposes a prior restraint on speech, so the First Amendment imposes the strictest of limitations…We don’t know how DHS thinks [the kill switch] is consistent with the First Amendment.” He adds, “Such a policy, unbounded by clear rules and oversight, just invites abuse.”

It wasn’t ever seriously in doubt, but the FBI yesterday acknowledged that it secretly took control of Freedom Hosting last July, days before the servers of the largest provider of ultra-anonymous hosting were found to be serving custom malware designed to identify visitors. Freedom Hosting’s operator, Eric Eoin Marques, had rented the servers from an unnamed commercial hosting provider in France, and paid for them from a bank account in Las Vegas. It’s not clear how the FBI took over the servers in late July, but the bureau was temporarily thwarted when Marques somehow regained access and changed the passwords, briefly locking out the FBI until it gained back control. The new details emerged in local press reports from a Thursday bail hearing in Dublin, Ireland, where Marques, 28, is fighting extradition to America on charges that Freedom Hosting facilitated child pornography on a massive scale. He was denied bail today for the second time since his arrest in July. Freedom Hosting was a provider of turnkey “Tor hidden service” sites — special sites, with addresses ending in .onion, that hide their geographic location behind layers of routing, and can be reached only over the Tor anonymity network. Tor hidden services are used by sites that need to evade surveillance or protect users’ privacy to an extraordinary degree – including human rights groups and journalists. But they also appeal to serious criminal elements, child-pornography traders among them.

On August 4, all the sites hosted by Freedom Hosting — some with no connection to child porn — began serving an error message with hidden code embedded in the page. Security researchers dissected the code and found it exploited a security hole in Firefox to identify users of the Tor Browser Bundle, reporting back to a mysterious server in Northern Virginia. The FBI was the obvious suspect, but declined to comment on the incident. The FBI also didn’t respond to inquiries from WIRED today. But FBI Supervisory Special Agent J. Brooke Donahue was more forthcoming when he appeared in the Irish court yesterday to bolster the case for keeping Marques behind bars, according to local press reports. Among the many arguments Donahue and an Irish police inspector offered was that Marques might reestablish contact with co-conspirators, and further complicate the FBI probe. In addition to the wrestling match over Freedom Hosting’s servers, Marques allegedly dove for his laptop when the police raided him, in an effort to shut it down.

The apparent FBI-malware attack was first noticed on August 4, when all of the hidden service sites hosted by Freedom Hosting began displaying a “Down for Maintenance” message. That included at least some lawful websites, such as the secure email provider TorMail. Some visitors looking at the source code of the maintenance page realized that it included a hidden iframe tag that loaded a mysterious clump of Javascript code from a Verizon Business internet address. By midday, the code was being circulated and dissected all over the net. Mozilla confirmed the code exploited a critical memory management vulnerability in Firefox that was publicly reported on June 25, and is fixed in the latest version of the browser. Though many older revisions of Firefox were vulnerable to that bug, the malware only targeted Firefox 17 ESR, the version of Firefox that forms the basis of the Tor Browser Bundle – the easiest, most user-friendly package for using the Tor anonymity network. That made it clear early on that the attack was focused specifically on de-anonymizing Tor users. Tor Browser Bundle users who installed or manually updated after June 26 were safe from the exploit, according to the Tor Project’s security advisory on the hack.

Yesterday, the Guardian released two previously-classified documents describing the internal "minimization" and "targeting" procedures used by the NSA to conduct surveillance under Section 702. These procedures are approved by the Foreign Intelligence Surveillance Court (FISC) on an annual basis and are supposed to serve as the bulwark between the NSA's vast surveillance capabilities and the private communications of Americans. As we noted earlier today, the procedures, themselves, aren't reassuring: far too much discretion is retained by NSA analysts, the procedures frequently resolve doubt in favor of collection, and information is obtained that could otherwise never be obtained without a warrant. Which would be bad enough, if it were the end of the story. But it's not.

Unless the government substantially changed the procedures between August 2010 and October 2011, these are the very procedures that the FISC eventually found resulted in illegal and unconstitutional surveillance. In October 2011, the FISC issued an 86-page opinion finding that collection carried out under the NSA's classified minimization procedures was unconstitutional. The opinion remains secret, but it is very likely that yesterday's leaked NSA documents show the very minimization procedures the Director of National Intelligence admitted the FISC had found resulted in surveillance that was “unreasonable under the Fourth Amendment" and "circumvented the spirit of the law." And for good reason: the procedures are unconstitutional. They allow for the government to obtain and keep huge amounts of information it could never Constitutionally get without a warrant based on probable cause. As we explained, the procedures are designed such that the NSA will routinely fail to exclude or remove United States persons' communications, and the removal of those communications are wholly entrusted to the "reasonable discretion" of an analyst.  

Yesterday, the Guardian released two previously-classified documents describing the internal "minimization" and "targeting" procedures used by the NSA to conduct surveillance under Section 702. These procedures are approved by the Foreign Intelligence Surveillance Court (FISC) on an annual basis and are supposed to serve as the bulwark between the NSA's vast surveillance capabilities and the private communications of Americans. As we noted earlier today, the procedures, themselves, aren't reassuring: far too much discretion is retained by NSA analysts, the procedures frequently resolve doubt in favor of collection, and information is obtained that could otherwise never be obtained without a warrant. Which would be bad enough, if it were the end of the story. But it's not. The targeting and minimization documents released yesterday are dated a few months after the first publicly known scandal over the new FAA procedures: In April 2009, the New York Times reported that Section 702 surveillance had “intercepted the private e-mail messages and phone calls of Americans . . . on a scale that went beyond the broad legal limits established by Congress." In June 2009, the Times reported that members of Congress were saying NSA's "recent intercepts of the private telephone calls and e-mail messages of Americans are broader than previously acknowledged." Rep. Rush Holt described the problems as "so flagrant that they can't be accidental."

A former IT expert who was previously responsible for Hillary ClintonHillary Rodham ClintonTrump warns against Syrian refugees: 'A lot of those people are ISIS' Overnight Finance: Senate sends Puerto Rico bill to Obama | Treasury, lawmakers to meet on tax rules | Obama hits Trump on NAFTA | Fed approves most banks' capital plans Bush World goes for Clinton, but will a former president? MORE’s private email server answered virtually no questions during a roughly 90-minute deposition as part of an open records lawsuit this week.Aside from stating his name and saying three times that he understood procedural rules of the sworn-oath interview, Bryan Pagliano declined to say a single word other than to plead his Fifth Amendment right against self-incrimination.

The extensive reliance on the Fifth Amendment, which was first reported by Fox News on Wednesday, was expected; Pagliano’s lawyers had previously notified the court about the IT consultant’s plans.But it nonetheless could reflect poorly on Clinton, the former secretary of State and presumed Democratic presidential nominee, whom the judge in the case has said could be forced to answer questions herself.Pagliano’s refusal to talk ensures that key details about her email system remain unsettled and may raise the chances that she is asked to be interviewed herself as part of the case.

Pagliano has been granted limited immunity as part of the FBI’s ongoing investigation of Clinton’s email setup and the possibility that classified information was mishandled. In court documents filed ahead of his Wednesday morning deposition, lawyers for him and the federal government refused to outline the terms of the agreement or say how he might be assisting the investigation.However, lawyers did warn that the limited nature of his deal could leave him open to prosecution for incriminating information he divulged outside of protected sessions.The federal court ruled last week that Pagliano's immunity deal could remain secret.

Although the government’s warrantless surveillance program is associated with the National Security Agency, the Federal Bureau of Investigation has gradually become a significant player in administering it, a newly declassified report shows.In 2008, according to the report, the F.B.I. assumed the power to review email accounts the N.S.A. wanted to collect through the “Prism” system, which collects emails of foreigners from providers like Yahoo and Google. The bureau’s top lawyer, Valerie E. Caproni, who is now a Federal District Court judge, developed procedures to make sure no such accounts belonged to Americans.

Then, in October 2009, the F.B.I. started retaining copies of unprocessed communications gathered without a warrant to analyze for its own purposes. And in April 2012, the bureau began nominating new email accounts and phone numbers belonging to foreigners for collection, including through the N.S.A.’s “upstream” system, which collects communications transiting network switches.That information is in a 231-page study by the Justice Department’s inspector general about the F.B.I.’s activities under the FISA Amendments Act of 2008, which authorized the surveillance program. The report was entirely classified when completed in September 2012. But the government has now made a semi-redacted version of the report public in response to a Freedom of Information Act lawsuit filed by The New York Times.

The report also filled in a gap about the evolving legality of the warrantless wiretapping program, which traces back to a decision by President George W. Bush in October 2001 to direct the N.S.A. to collect Americans’ international phone calls and emails, from network locations on domestic soil, without the individual warrants required by the Foreign Intelligence Surveillance Act, or FISA. The Times revealed that program in December 2005.After the article appeared, telecommunications providers that had voluntarily participated in the program were sued, and a Federal District Court judge in Detroit ruled that the program was illegal, although that decision was later vacated. The Bush administration sought to put the program on more solid legal footing by gaining orders from the Foreign Intelligence Surveillance Court approving it.Continue reading the main story Continue reading the main story Continue reading the main story In January 2007, the Bush administration persuaded the court’s Judge Malcolm Howard to issue an order to telephone and network companies requiring them to let the security agency target foreigners’ accounts for collection without individual warrants. But in April 2007, when the order came up for renewal before Judge Roger Vinson, he said that it was illegal.

When the National Security Agency’s bulk collection of records about Americans’ emails came to light in 2013, the government conceded the program’s existence but said it had shut down the effort in December 2011 for “operational and resource reasons.” While that particular secret program stopped, newly disclosed documents show that the N.S.A. had found a way to create a functional equivalent. The shift has permitted the agency to continue analyzing social links revealed by Americans’ email patterns, but without collecting the data in bulk from American telecommunications companies — and with less oversight by the Foreign Intelligence Surveillance Court.

The disclosure comes as a sister program that collects Americans’ phone records in bulk is set to end this month. Under a law enacted in June, known as the U.S.A. Freedom Act, the program will be replaced with a system in which the N.S.A. can still gain access to the data to hunt for associates of terrorism suspects, but the bulk logs will stay in the hands of phone companies.The newly disclosed information about the email records program is contained in a report by the N.S.A.’s inspector general that was obtained by The New York Times through a lawsuit under the Freedom of Information Act. One passage lists four reasons that the N.S.A. decided to end the email program and purge previously collected data. Three were redacted, but the fourth was uncensored. It said that “other authorities can satisfy certain foreign intelligence requirements” that the bulk email records program “had been designed to meet.”The report explained that there were two other legal ways to get such data. One was the collection of bulk data that had been gathered in other countries, where the N.S.A.’s activities are largely not subject to regulation by the Foreign Intelligence Surveillance Act and oversight by the intelligence court. Because of the way the Internet operates, domestic data is often found on fiber optic cables abroad.

The N.S.A. had long barred analysts from using Americans’ data that had been swept up abroad, but in November 2010 it changed that rule, documents leaked by Edward J. Snowden have shown. The inspector general report cited that change to the N.S.A.’s internal procedures.The other replacement source for the data was collection under the FISA Amendments Act of 2008, which permits warrantless surveillance on domestic soil that targets specific noncitizens abroad, including their new or stored emails to or from Americans.“Thus,” the report said, these two sources “assist in the identification of terrorists communicating with individuals in the United States, which addresses one of the original reasons for establishing” the bulk email records program.