Focusing public attention on emerging privacy and civil liberties issues

Freedom of Information Act Gallery 2011

In recognition of Sunshine Week
March 14-18, 2011

Introduction

The Freedom of Information Act establishes a legal right for individuals to obtain records in the possession of government agencies. The FOIA is critical for the functioning of democratic government because it helps ensure that the public is fully informed about matters of public concern. The FOIA has helped uncover fraud, waste, and abuse in the federal government. It has become particularly important in the last few years as the government has tried to keep more of its activities secret.

A hallmark of the new surveillance measures proposed by various government agencies is their disregard for public accountability. As the government seeks to expand its power to collect information about individuals, it increasingly hides that surveillance power behind a wall of secrecy. Congress has long recognized this tendency in the Executive Branch, and sought to limit government secrecy by creating legal obligations of openness under the FOIA and the Privacy Act of 1974. EPIC has used these open government laws aggressively to enable public oversight of potentially invasive surveillance initiatives.

Public access through the FOIA not only allows for a more informed public debate over new surveillance proposals, but also ensures accountability for government officials. Public debate fosters the development of more robust security systems and leads to solutions that better respect the nation's democratic values. EPIC's FOIA litigation activity over the past year has resulted in disclosure of information about several government surveillance programs. The EPIC FOIA Gallery highlights some of the most significant documents we obtained in the past year.

Previous EPIC FOIA Gallerys were published in 2001, 2002, 2003, 2004, 2005, 2006, and 2010.

Intelligence Oversight Board records reveal FBI not in compliance with Attorney General guidelines

[click for full document]

EPIC obtained internal reports of intelligence law violations that the Federal Bureau of Investigation (FBI) sent to the Intelligence Oversight Board. The documents detail intelligence practices that do not comply with Attorney General guidelines. One report details agents in the Phoenix, AZ field office making unlawful, handwritten changes onto a National Security Letter in an attempt to expand surveillance. The Attorney General's National Security Letter Guidelines explicitly require field offices to clear all National Security Letter requests through the National Security Law Branch of the FBI or the Chief Division Counsel, which reviews requests for legality. The handwritten changes violate this safeguard and frustrate oversight.

Homeland Security Spending Millions on Mobile Strip Search Devices

Documents obtained by EPIC under the Freedom of Information Act reveal that the Department of Homeland Security has spent millions of dollars on mobile body scanner technology that could be used at railways, stadiums, and elsewhere. EPIC has already challenged the use of the devices in airports, calling them "invasive, ineffective, and unconstitutional." According to the documents obtained by EPIC, the federal agency plans to expand the use of these systems to monitor crowds, peering under clothes and inside bags away from airports.

Justice Offers No Public Justification for Data Retention

In response to an EPIC Freedom of Information Act request, the Department of Justice returned heavily redacted documents with no justification for data retention legislation. EPIC filed the request in 2010, seeking the Department's views on the Internet SAFETY Act, which would require internet service providers to retain user records for at least two years. The DOJ publicly supported the Act but has refused to provide a single substantive reason for that support. The Internet SAFETY Act has not yet been reintroduced in the 112th Congress.

EPIC Pursues FTC's Decision Not to Investigate Google Streetview

EPIC has filed an administrative appeal with the Federal Trade Commission, challenging the agency's failure to disclose to information about the FTC's decision to end the Google Spy-Fi investigation. EPIC is specifically seeking a slide presentation that the FTC provided to Congress about the matter. The agency has claimed that the presentation to Congress is exempt from disclosure under the Freedom of Information Act. Privacy agencies around the world found that Google intercepted private communications traffic. Yet documents obtained earlier by EPIC under the FOIA suggest that the FTC did not even examine the data Google gathered from private residential wifi routers in the US. In documents obtained by EPIC through a Freedom of Information Act request, a senior attorney with the Federal Trade Commission describes the Google WiFi investigation as a "wasted summer" and hopes that a Hill briefing on Google WiFi "won't be too much of a time suck." For more information, see Google: Street View.

EPIC Files Suit For Documents Regarding Google/NSA Partnership

EPIC filed a Freedom of Information Act lawsuit against the National Security Agency in the United States District Court in the District of Columbia. The agency failed to respond to EPIC's FOIA request for documents about an "Information Assurance" partnership with Google. EPIC previously appealed to the agency to comply with its legal duty to produce the documents, but the agency failed to respond. EPIC is also seeking the Presidential Directive that grants the NSA authority to conduct electronic surveillance in the United States.

EPIC FOIA - Feds Save Thousands of Body Scan Images

In an open government lawsuit against the United States Marshals Service, EPIC obtained more than one hundred images of undressed individuals entering federal courthouses. The images, which are routinely captured by the federal agency, prove that body scanning devices store and record images of individuals stripped naked. The 100 images are a small sample of more than 35,000 at issue in the EPIC lawsuit. EPIC has pursued a similar FOIA lawsuit against the Dept. of Homeland Security but the DHS refuses to release the images it has obtained. EPIC has also filed suit to stop the deployment of the machines in US airports.

EPIC Forces Disclosure of Report on Obama Passport Breach

EPIC's Freedom of Information Act lawsuit against the State Department, EPIC v. State, produced a report detailing security breaches of passport data for several Presidential candidates. Federal investigators prepared the report in the wake of March 2008 breaches that exposed Barack Obama, Hillary Clinton, and John McCain's personal information. Previously secret sections state "the Department was ineffective at detecting possible incidents of unauthorized access," and criticized the agency's failure to "provide adequate control or oversight." Portions of the report remain secret - the agency hasn't fully implemented investigators' recommendations. EPIC testified before the Senate in 2008 concerning the security breaches, urging lawmakers to limit employee and contractor access to personal data.

Homeland Security Has More Than 2,000 Photos from Airport Body Scanners

As a result of a Freedom of Information Act lawsuit, EPIC obtained hundreds of pages of documents from the Department of Homeland Security about the plan to deploy full body scanners in US airports. A letter to EPIC reveals that the government agency possesses about 2,000 body scanner photos from devices that the DHS said earlier "could not store or record images." EPIC also obtained the most recent device procurement specifications, and several hundred new pages of traveler complaints.

EPIC FOIA Request Forces Homeland Security to Release Privacy Study of Cybersecurity Project

Following an EPIC FOIA request, the Department of Homeland Security (DHS) Privacy Office released an unclassified version of the Privacy Impact Assessment (PIA) for the Initiative Three Exercise, a pilot exercise for the classified cybersecurity tool known as "EINSTEIN 3." EINSTEIN 3 is the next generation of the U.S. Computer Emergency Readiness Team's intrusion detection and prevention system for the federal government, which will involve active monitoring of all network traffic to and from federal agencies. DHS has not released the full, classified PIA for the tool in either complete or redacted form, but instead drafted a different version for release to the public.