Focusing public attention on emerging privacy and civil liberties issues

FOIA Gallery 2012

In recognition of Sunshine Week
March 12-16, 2012

Introduction

The Freedom of Information Act establishes a legal right for individuals to obtain records in the possession of government agencies. The FOIA is critical for the functioning of democratic government because it helps ensure that the public is fully informed about matters of public concern. The FOIA has helped uncover fraud, waste, and abuse in the federal government. It has become particularly important in the last few years as the government has tried to keep more of its activities secret.

A hallmark of the new surveillance measures proposed by various government agencies is their disregard for public accountability. As the government seeks to expand its power to collect information about individuals, it increasingly hides that surveillance power behind a wall of secrecy. Congress has long recognized this tendency in the Executive Branch, and sought to limit government secrecy by creating legal obligations of openness under the FOIA and the Privacy Act of 1974. EPIC has used these open government laws aggressively to enable public oversight of potentially invasive surveillance initiatives.

Public access through the FOIA not only allows for a more informed public debate over new surveillance proposals, but also ensures accountability for government officials. Public debate fosters the development of more robust security systems and leads to solutions that better respect the nation's democratic values. EPIC's FOIA litigation activity over the past year has resulted in disclosure of information about several government surveillance programs. The EPIC FOIA Gallery highlights some of the most significant documents we obtained in the past year.

Previous EPIC FOIA Gallerys were published in 2001, 2002, 2003, 2004, 2005, 2006, 2010, and 2011.

Federal Bureau of Investigation Watch List

EPIC obtained documents that revealed new details about the Federal Bureau of Investigation's expansive and highly secret watch list. The disclosed documents include previously secret FBI Watch List Guidelines from 2010, previously secret FBI Watch List Guidelines from 2009, a Report to Congress on the Terrorist Screening Center, and previously classified answers to questions by members of Congress. The documents reveal that the FBI's standard for inclusion on the list is "particularized derogatory information," which has never been recognized by a court of law. Also, individuals may remain on the FBI watch list even if charges are dropped or a case is dismissed. The New York Times broke the story and posted the documents obtained by EPIC.

NSA Refuses to Acknowledge Google Agreement

In January 2012, EPIC filed an opening brief in EPIC v. NSA, No. 11-5233, challenging the National Security Agency’s response to EPIC's Freedom of Information Act request. EPIC is seeking information about the widely publicized cybersecurity agreement between the NSA and Google that followed the January 2010 China hack. The NSA claimed it "could neither confirm nor deny" the existence of any information about its relations with Google. After the attack, Google's implemented encryption technology for Gmail by default, a privacy safeguard EPIC and technical experts had urged in 2009.

NSA Tries to Throw Request Down a "FOIA Blackhole"

A District of Columbia federal court ordered an EPIC lawsuit against the National Security Agency to proceed, holding that EPIC can "pursue its claim against the NSA for wrongfully withholding an agency record in its possession." EPIC's Freedom of Information Act lawsuit seeks disclosure of National Security Presidential Directive 54 - the document that provides the legal basis for the NSA's cybersecurity activities. The NSA failed to disclose the document in response to EPIC's FOIA request, instead forwarding the request to the National Security Council. The Court held that the NSC is not subject to FOIA, but that the NSA's transfer of EPIC's request does not absolve the agency of its responsibility to respond to EPIC.

DHS is Monitoring of Social Media for Dissent, Criticism

As the result of EPIC v. DHS, a Freedom of Information Act lawsuit, EPIC obtained nearly three hundred pages of documents detailing a Department of Homeland Security's surveillance program. The documents include contracts and statements of work with General Dynamics for 24/7 media and social network monitoring and periodic reports to DHS. The documents reveal that the agency is tracking media stories that "reflect adversely" on DHS or the U.S. government. One tracking report -- "Residents Voice Opposition Over Possible Plan to Bring Guantanamo Detainees to Local Prison-Standish MI" -- summarizes dissent on blogs and social networking cites, quoting commenters.

Contrary to DHS Testimony, Agency Continues to Monitor for Dissent

Shortly after Department officials testified before Congress in February 2012, EPIC obtained new documents that contradicted the agency officials' testimony. Though DHS testified that it does not monitor for public reaction to government proposals, the documents obtained by EPIC indicate that the DHS analysts are specifically instructed to look for criticism of the agency and then to redirect reports that would otherwise be circulated to other agencies. The documents also indicate that, contrary to agency testimony, DHS continues to monitor public reaction to government policy proposals.

Google's First Privacy Compliance Report

As a result of a Freedom of Information Act request, EPIC obtained a full copy of Google's first Privacy Compliance Report. Last year, spurred by a complaint pursued by EPIC, the FTC reached a settlement with Google and required the company to file regular reports with the Commission detailing its steps to comply with the Consent order. However, the report obtained by EPIC raises new questions about the company's efforts to safeguard user privacy.

Surveillance of WikiLeaks Supporters

In January 2012, EPIC filed lawsuit against the Department of Justice and Federal Bureau of Investigation under the Freedom of Information Act for documents detailing surveillance of WikiLeaks supporters. After WikiLeaks' November 2010 publication of diplomatic cables, the U.S. government opened investigations into WikiLeaks supporters and pressured many online donation systems, including Amazon and Paypal, to cease processing donations to WikiLeaks. In June 2011, EPIC filed Freedom of Information Act requests with the Department of Justice and the Federal Bureau of Investigation. EPIC is seeking documents that detail government requests for information about users of Facebook, Twitter, Paypal and Visa.

Body Scanners at U.S. Borders

EPIC received several hundred pages of responsive documents from the Department of Homeland Security's Customs and Border Protection Component. These documents detail the development of border portal scanning systems that would scan vehicles with the driver and passengers still inside. These portal scanners, which are apparently already in place along the United States' southern border, integrate automated license plate readers with whole body imaging and closed circuit television. As detailed in the documents, the portal scanners are designed to penetrate glass and metal components of vehicles. The portal scanners would scan vehicles with passengers still inside, and would expose those passengers to potentially dangerous iodizing radiation. The documents also have no mention of privacy protections and fail to explain what would happen with the images generated by the machine.

Entities that Could Receive Information From Social Media Monitoring

In response to an EPIC Freedom of Information Act request, the Department of Homeland Security disclosed a single heavily redacted three-page document listing public and private entities to which DHS could disclose information about social media users. The disclosed document contains a list of 230 e-mail addresses. 190 were redacted under a claim of FOIA exemption b(6), a "clearly unwarranted invasion of personal privacy."

Body Scanner Radiation Problems

As the result of an EPIC FOIA lawsuit, TSA disclosed documents revealing new details about the radiation risks posed by body scanners. The documents showed that the TSA has publicly mischaracterized the findings of the National Institute of Standards and Technology, stating that NIST "affirmed the safety" of full body scanners. NIST stated that the Institute did not, in fact, test full body scanners for safety, and that the Institute does not do product testing. The NIST study detailed in the documents actually warns airport screeners to avoid standing next to full body scanners. The documents also revealed a Johns Hopkins University study that showed that radiation zones around body scanners could exceed the “General Public Dose Limit.” The documents also revealed that TSA employees have identified cancer clusters allegedly linked to radiation exposure while operating body scanners and other screening technology. However, the agency failed to issue employees dosimeters - safety devices that would warn of radiation exposure.

Mobile Body Scanners Pose Radiation Risks

As the result of another EPIC FOIA lawsuit, the DHS disclosed several hundred pages of documents related to mobile body scanners. According to the documents obtained by EPIC, vehicles equipped with mobile body scanners are designed to scan crowds and pedestrians on the street and can see through bags, clothing, and even other vehicles. The documents also reveal that the mobile backscatter machines cannot be American National Standards Institute “certified people scanners” because of the high level of radiation output and because subjects would not know they have been scanned.

Government's "Minority Report" Scanning Program

EPIC obtained documents from the Department of Homeland Security about a secretive "pre-crime" detection program. The "Future Attribute Screening Technology" (FAST) Program gathers "physiological measurements" from subjects, including heart rate, breathing patterns, and thermal activity, to determine "malintent." The documents detail the scope of the technology, DHS's plans for public testing, and the agency's failure to adequately address privacy risks. According to the documents obtained by EPIC, the agency is considering the use of the device at conventions and sporting events, and has already conducted field testing.