FOIA Cases
EPIC v. FBI (Russian Hacking)
US District Court for the District of Columbia
Background
EPIC is seeking records pertaining to the FBI’s investigation of Russian interference in the 2016 U.S. Presidential election. This interference, by a foreign government in the democratic processes of the United States, is under investigation by the U.S. Intelligence community and is of widespread concern to the American public. The activities of the Russian government also pose a risk to democratic institutions in other countries.
During the 2016 election season, there were numerous cyberattacks on both the Democratic National Committee and the Republican National Committee. News reports indicate that the FBI first contacted the DNC about potential cyber threats in September 2015. However, until the FBI met with party officials in March 2016, the FBI’s response was limited to one telephone call to an I.T. contractor and several voicemail messages. The head of the cybersecurity firm hired by the DNC in April 2016 said “he was baffled that the F.B.I. did not call a more senior official at the D.N.C. or send an agent in person to the party headquarters to try to force a more vigorous response.”
Fallout from the disclosures mired congressional candidates in accusations of scandal,8 and led to the resignation of a DNC leader. The New York Times reported that the RNC’s computer systems were also attacked. News outlets report that hackers attempted to penetrate the RNC’s computer network “using the same techniques that allowed them to infiltrate its Democratic counterpart.”11 “Once inside, [hackers] reportedly were able to access a trove of DNC opposition research on Mr. Trump, then a candidate.”
In October 2016, prior to the outcome of the election, the Obama administration accused the Russian government of perpetrating the attacks on the U.S. election process. “The U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of emails from US persons and institutions,” said the Department of Homeland Security and Office of the Director of National Intelligence in a joint statement, which “intended to interfere with the US election process.” The DHS and ODNI concluded “We believe, based on the scope and sensitivity of these efforts, that only Russia’s senior-most officials could have authorized these activities.”
The U.S. Intelligence Community recently reaffirmed its assessment that the Russian government was responsible for interference in the 2016 Presidential elections. Press reports indicate that FBI Director Comey agreed with this assessment. “Earlier this week, I met separately with FBI [Director] James Comey and [Director of National Intelligence] Jim Clapper, and there is strong consensus among us on the scope, nature, and intent of Russian interference in our presidential election,” said CIA Director John Brennan. President Obama “has ordered a full review of foreign-based digital attacks that U.S. intelligence agencies say were aimed at influencing this year’s presidential election.”
Investigations undertaken by private security firms, apart from the FBI, indicate that the attacks on the 2016 U.S. Presidential election also threaten democratic institutions in other countries. The private cybersecurity firm hired by the DNC to investigate the hacks has published evidence pointing to the Russian military’s involvement. CrowdStrike “linked malware used in the DNC intrusion to malware used to hack and track an Android phone app used by the Ukrainian army in its battle against pro-Russia separatists in eastern Ukraine from late 2014 through 2016.” CrowdStrike co-founder Dmitri Alperovitch concluded, “we have high confidence” it was a unit of the GRU, Russia’s military intelligence agency.
The FBI has recognized that the nation’s “critical infrastructure, including both private and public sector networks, are targeted by adversaries.” Among the various federal agencies tasked with ensuring the nation’s cybersecurity, “the FBI is the lead federal agency for investigating cyber attacks by criminals, overseas adversaries, and terrorists.” The FBI has also acknowledged threats to our electoral system. “Although individual states have primary responsibility for conducting fair and impartial elections, the FBI becomes involved when paramount federal interests are affected or electoral abuse occurs,” testified FBI Director James Comey.
Since inauguration day, new facts indicating the depth of the Russian interference continue to emerge. On June 21, 2017, nearly eight months after election day, in an open hearing before the Senate Select Committee on Intelligence, NPPD’s Acting Deputy Under Secretary for Cybersecurity and Communications Jeanette Manfra confirmed for the first time that “election-related systems in 21 states were targeted” by Russian cyber actors during the 2016 election cycle. Nearly half of the United States were targets of Russian activities during the 2016 election cycle. Acting Deputy Under Secretary Manfra did not indicate which states were affected, and, when pressed, would not disclose the states from which data was exfiltrated. On September 13, 2017, Acting Secretary of Homeland Security Elain Duke issued a Binding Operational Directive to Federal Executive Branch departments and agencies to stop using software made by the Russian cybersecurity firm Kaspersky Lab. Facebook was forced to reveal to Congress over 3,000 Russia-linked political ads posted to the social media platform during the election cycle. And, finally, investigative reporting exposed that on social media “Russian trolls and automated bots not only promoted explicitly pro-Donald Trump messaging, but also used social media to sow social divisions in America by stoking disagreement and division around a plethora of controversial topics”
The FBI did not notify “scores” of U.S. officials whose e-mail accounts were targeted by Russian operatives. “Nearly 80 interviews with Americans targeted by Fancy Bear, a Russian government-aligned cyberespionage group, turned up only two cases in which the FBI had provided a heads-up,” the Washington Post explained. The FBI procedures, obtained by EPIC in EPIC v. FBI, say that notification should be considered “even when it may interfere with another investigation or (intelligence) operation.””It’s just remarkable to me that the Bureau did not do what it was supposed to do,” Marc Rotenberg told the San Francisco Chronicle.
EPIC’s Interest
EPIC has filed this lawsuit to determine the FBI’s response to knowledge of the Russian interference with the 2016 Presidential Election. The Congress is in the midst of a critical debate about Russia and the 2016 Presidential Election. But very little information has been provided to the public and very little is known about how the FBI protected US democratic institutions against foreign attack. That is why the FBI should provide this information to EPIC and the public as expeditiously as possible.
As EPIC notes in the Complaint against the FBI, “[T]here is a profound and urgent public interest in the release of the FBI records sought by EPIC, concerning the Russian interference with the 2016 Presidential Election. The release of these records is necessary for the public to evaluate the FBI response to the Russian interference, assess threats to American democratic institutions, and to ensure the accountability of the federal agency with the legal authority to safeguard the American people against foreign cyber attacks.”
EPIC has filed several Freedom of Information Act requests concerning Russian interference in the 2016 Presidential Election. The first is the request at issue in the case, and the other is a request for the full report on “Russian Activities and Intentions in Recent US Elections.”
EPIC has also urged the Senate Armed Services Committee to pursue an investigation.
Legal Documents
U.S. District Court for the District of Columbia (No. 17-121)
- Complaint (Jan. 18, 2017)
- FBI Answer (Feb. 23, 2017)
- Order (Mar. 10, 2017)
- FBI Motion to Modify (Mar. 20, 2017)
- Joint Status Report (Mar. 27, 2017)
- EPIC Motion to Compel Preservation (May 12, 2017)
- FBI Opposition to EPIC Preservation Motion (May 19, 2017)
- Denial Motion To Compel Preservation (June 30, 2017)
- Joint Status Report (August 8, 2017)
- Joint Status Report (August 14, 2017)
- FBI Motion to Clarify Scheduling Order (October 6, 2017)
- FBI Motion to Submit Ex Parte, In Camera Version of MSJ (October 12, 2017)
- FBI Motion for Summary Judgment (October 12, 2017)
- EPIC Opposition to FBI Motion to Submit Ex Parte, In Camera Version of MSJ (October 26, 2017)
- EPIC Motion for Summary Judgment (November 15, 2017)
- FBI Motion to Modify Briefing Schedule (Nov. 30, 2017)
- FBI Reply (December 11, 2017)
- EPIC Reply (December 21, 2017)
- Order Granting Motion for Leave fo File In Camera (March 1, 2018)
- Opinion Denying Plaintiff Motion for Summary Judgment (May 22, 2018)
FOIA Documents
-
- EPIC FOIA Request (Dec. 22, 2016)
EPIC v. FBI Documents
First Production (May 11, 2017)
Second Production Letter (May 2017) and Third Production Letter (July 2017)
Resources
-
- Media Advisory
- Press Release
- Audio of Press Conference
- EPIC Letter to Senate Armed Services Committee (Jan. 4, 2017)
- Honest Ads Act Introduced Oct. 19, 2017
- Summary: Honest Ads Act
News
-
- FBI Deviated From Its Policy On Alerting Hacking Victims, In Homeland Security (Nov. 30, 2017)
- FBI Stayed Mum on Kremlin-Linked Hacks, Ignoring Its Own Policy, NewsFactor (Nov. 29, 2017)
- FBI Stayed Mum on Kremlin-Linked Hacks, Ignoring Its Own Policy, CIO Today (Nov. 29, 2017)
- FBI Stayed Mum on Kremlin-Linked Hacks, Ignoring Its Own Policy, Sci-Tech Today (Nov. 29, 2017)
- FBI Deviated From its Policy on Alerting Computer Hacking Victims, The Spokesman Review (Nov. 29, 2017)
- FBI deviated from its policy on alerting hacking victims, Atlanta Black Star (Nov. 29, 2017)
- FBI deviated from its policy on alerting hacking victims, ABC (Nov. 29, 2017)
- FBI deviated from its policy on alerting hacking victims, FaceOff.com (Nov. 28, 2017)
- FBI deviated from its policy on alerting hacking victims, SF Gate (Nov. 28, 2017)
- FBI deviated from its policy on alerting hacking victims, NY Daily News (Nov. 28, 2017)
- FBI Deviated From Its Policy on Alerting Hacking Victims, Hamodia (Nov. 28, 2017)
- FBI deviated from its policy on alerting hacking victims, Colorado Springs (Nov. 28, 2017)
- Is Press Doing Job FBI Won’t By Informing Americans They’re Targets Of Russian Hackers?, Red State (Nov. 28, 2017)
- FBI leaves US targets of Russian hackers in the dark, India (Nov. 28, 2017)
- FBI Failed To Alert Victims Of Russia-Linked Group’s Email Hacking Attempts, TPM (Nov. 28, 2017)
- FBI deviated from its policy on alerting hacking victims, SF Chronicle (Nov. 27, 2017)
- FBI leaves US targets of Russian hackers in the dark, New Jersey Herald (Nov. 27, 2017)
FBI leaves US targets of Russian hackers in the dark, Daily Herald (Nov. 27, 2017)
- FBI gave heads-up to fraction of Russian hackers’ US targets, Philly.com (Nov. 27, 2017)
- Jeh Johnson says FBI delayed notification of DNC cyberattack, CBS News (June 21, 2017)
- Civil liberties group sues FBI to release Russia response, The Hill (Jan. 19, 2017)
- EPIC files FOIA suit over records of Russia hacking, Politico Pro (Jan. 19, 2017)
- FBI sued to release info on probe of Russia role in election, Washington Times (Jan. 19, 2017)
- Privacy Group Presses FBI On Russia’s Election Hacking, Law 360 (Jan. 19, 2017)
- Transparency Group Sues for FBI Records on Russian Hacking, NextGov (Jan 19, 2017)
- Federal intelligence agencies sued over Russian Interference in U.S., SC Magazine (Dec. 28, 2016)
Support Our Work
EPIC's work is funded by the support of individuals like you, who allow us to continue to protect privacy, open government, and democratic values in the information age.
Donate