FOIA Gallery 2022
EPIC and the Freedom of Information Act
The Freedom of Information Act establishes a legal right for individuals to obtain records in the possession of government agencies. The FOIA is critical for the functioning of democratic government because it helps ensure that the public is fully informed about matters of public concern. The FOIA has helped uncover fraud, waste, and abuse in the federal government.
A hallmark of many of the surveillance measures and tools adopted by government agencies is their disregard for public accountability. As the government seeks to expand its power to collect and exploit information about individuals, it increasingly hides that power behind a wall of secrecy. Congress has long recognized this tendency in the Executive Branch and sought to limit government secrecy by creating legal obligations of openness under the FOIA and the Privacy Act of 1974. EPIC has used these open government laws—along with the Federal Advisory Committee Act, the E-Government Act of 2002, and state open government statutes—to enable public oversight of key government activities.
EPIC’s open government work over the past year has resulted in disclosure of critical information about the activities of state and federal agencies. EPIC’s litigation has also generated case law that benefits FOIA requesters and the open government community across the country.
EPIC’s FOIA Work in 2021-2022
For EPIC’s Open Government Project, 2021-2022 was a year filled with success stories. Through vigorous and effective litigation, EPIC maintained its record as a champion for a more open and transparent government.
Notably, EPIC scored a victory in its case against the IRS where the court ruled that the agency must disclose President Trump’s tax settlements to the public. EPIC also obtained formerly secret records from several agencies including ICE, DOJ, DOD, DHS and even the Baltimore Mayor’s Office. Below are some highlights of EPIC’s open government successes in the past year.
Court rules that irs must disclose trump tax settlements
As part of EPIC’s ongoing FOIA lawsuit against the Internal Revenue Service, a federal court ruled in EPIC v. IRS II that the IRS must disclose any accepted offers in compromise—a type of settlement between the IRS and a taxpayer—entered into by former President Trump or his businesses. Although tax information is ordinarily confidential, federal law requires the IRS to release accepted offers in compromise because they are “affected with significant public interest” and because disclosure deters the IRS from striking generous settlements with “politically connected individuals.”
As part of its work to identify questionable financial dealings that threaten democratic institutions, EPIC filed a Freedom of Information Act request for accepted offers in compromise and related return information concerning President Trump. The IRS refused EPIC’s request and asked the court to dismiss EPIC’s subsequent lawsuit, but the court denied the IRS’s motion. The court explained that the tax code “creates a FOIA obligation for the IRS to disclose return information to EPIC, to the extent that information is necessary to permit inspection of an accepted offer-in-compromise.”
The most recent ruling requires the agency to conduct a search to identify any offers in compromise involving President Trump and disclose those records to EPIC. Notably, the New York Times reported last year that Trump and the Internal Revenue Service reached a tentative agreement in 2014 over a disputed $70 million tax refund—a deal that may be covered by EPIC’s FOIA request. News outlets such as Bloomberg, Bloomberg Tax, Law 360, and Courthouse News Services covered EPIC’s recent victory.
EPIC previously sought disclosure of President Trump’s tax returns in EPIC v. IRS I, arguing that disclosure was necessary to correct numerous factual misstatements made by the President. EPIC also filed an amicus brief in Trump v. Vance urging the Supreme Court to allow the release of President Trump’s tax returns to a New York grand jury. EPIC wrote that the “longstanding practice of disclosing presidential tax returns reflects a central principle of modern democracies: privacy must sometimes yield to accountability.” The Court ultimately rejected Trump’s effort to categorically shield his tax returns from state prosecutors.
court orders new Mueller report disclosures
Last year, EPIC highlighted its continued efforts to obtain the full, unredacted Special Counsel report on Russian interference in the 2016 presidential election. EPIC’s Freedom of Information Act case, EPIC v. DOJ, was the first in the nation for the disclosure of the Mueller Report.
This year, a federal court has ordered the Department of Justice to disclose more new material from the Mueller Report. Judge Reggie B. Walton’s order follows a recent D.C. Circuit ruling in an appeal brought by Jason Leopold and BuzzFeed, whose Freedom of Information Act suit for the Mueller Report was consolidated with EPIC’s case. Leopold and BuzzFeed challenged the lower court’s determination that the DOJ could withhold information about individuals investigated by Special Counsel Robert Mueller but not charged with a crime. The D.C. Circuit ruled that the DOJ must release several passages of the Report about individuals investigated for campaign finance violations, as those sections “would show only government decisionmaking, not new private information.”
As a result of EPIC’s 2019 lawsuit for the Mueller Report, the Justice Department was forced on three prior occasions to disclose portions of the Report that it initially withheld from the public. Judge Walton conducted an in camera review of the unredacted Report before ruling in the case. Judge Walton’s decision to conduct in camera review of the report was a step that he deemed necessary after determining that Attorney General Bill Barr’s redactions to the Report may have been “self-serving.”
DOJ identifies number of location data requests in several U.S. attorney’s offices
As part of EPIC’s lawsuit against the Department of Justice for cell phone surveillance orders issued by federal prosecutors, the agency agreed to search five U.S. Attorney’s Offices for 2703(d) applications, orders, and warrants from 2016-2019.
The DOJ identified 75 orders and warrants for cell phone location data under § 2703(d) from the U.S. Attorney’s Office for the Virgin Islands from 2016-2019. During the same period, the attorneys handled 283 criminal cases. The U.S. Attorney’s Office for the Virgin Islands is one of the smallest districts in the country. EPIC also obtained the number of location data requests for the District of Delaware, District of Rhode Island, as well as for both the Eastern District of Oklahoma and Eastern District of Pennsylvania. The Eastern District of Pennsylvania was the only district that released unsealed applications and orders. EPIC settled its lawsuit with the DOJ in March 2022. As part of the settlement agreement, the DOJ released a breakdown of the total number of applications, orders, and warrants by type for each district for the duration of EPIC’s FOIA request. EPIC compiled this information in a comparative table for each district.
Currently prosecutors do not release any comprehensive or uniform data about their surveillance of cell phone location data. In 2018, the U.S. Supreme Court ruled in Carpenter v. United States that the collection of cell phone location data without a warrant violated the Fourth Amendment. Through EPIC’s lawsuit, it is revealed that the U.S Attorney’s Office for the District of Rhode Island and the U.S. Virgin Islands, two of the smallest offices in the country, sought warrants for location data information. It is unclear whether these districts sought warrants before or after the Carpenter decision.
ICE litigation uncovers new details about agency’s use of clearview AI
As part of EPIC’s FOIA lawsuit against the U.S. Immigration and Customs Enforcement, the agency has released records about the agency’s use of facial recognition services and Clearview AI’s controversial facial recognition technology. ICE released a Privacy Impact Assessment for its use of facial recognition services and found that there were thirteen potential privacy risks with the use of facial recognition services. Clearview AI is a provider of facial recognition technology that scrapes images from social media sites to compile a database that has billions of photos. ICE is one of the agencies that has purchased access to Clearview’s technology.
EPIC’s lawsuit combines two FOIA requests that sought to understand ICE’s use of this dangerous technology and how the agency has deployed Clearview AI’s tools. Notably, the agency released emails that provides more details about the agency’s use of Clearview AI. In a December 3, 2019 email, the Department of Homeland Security’s Privacy Office “heard” about the agency’s use of Clearview and then had to ask the office to brief them about ICE’s use of Clearview technology. This email requesting a briefing was sent after the DHS Privacy Office learned that ICE was using Clearview—revealing that ICE started using Clearview without DHS’s Privacy Office’s knowledge.
EPIC and privacy advocates are not the only ones concerned by Clearview AI’s controversial services. In a September 25, 2019 email, Customs and Border Protection emails someone from ICE about Clearview asking if they use the technology. CBP called Clearview AI’s facial recognition technology “creepy as hell.”
For more in depth analysis of the documents obtained in EPIC v. DHS, check out EPIC’s blogpost about the case.
epic obtains 2018 dhs election security briefing with members of congress
Through a Freedom of Information Act request to the Department of Homeland Security, EPIC obtained records circulated in a 2018 election security meeting with members of the U.S. House of Representatives. On May 22, 2018, then-DHS Secretary Kirstjen Nielsen, then-Federal Bureau of Investigation Director Christopher Wray, and then-Director of National Intelligence Dan Coats held a classified briefing for members of Congress informing them of the risks to the election process and steps the administration was taking to assist state officials in ensuring election security. The briefing materials include charts on election infrastructure cyber risk scenarios and cybersecurity considerations, as well as compiled anecdotes of the DHS’s engagement with state election security officials. These anecdotes highlighted how states have taken efforts to strengthen their election systems for the 2018 mid-term elections, including some states taking up the voluntary election security resources from DHS.
Relatedly, EPIC previously sued the DHS for records about the agency’s assessment of election vulnerabilities following the 2016 presidential election and its ongoing role in protecting election systems as critical infrastructure. The agency released hundreds of pages of records to EPIC about its role in election cybersecurity, with records revealing the agency’s rocky initial involvement in election security following its 2017 designation of election infrastructure as critical infrastructure and how far the agency has come since then.
Epic obtains records about Google’s Compliance with 2011 ftc order and recent privacy assessment
Through a Freedom of Information Act request to the Federal Trade Commission, EPIC obtained records about Google’s compliance with the FTC’s 2013 Consent Order as well as part of Google’s recent biennial privacy compliance assessment.
Currently, the FTC does not proactively publish Google’s required biennial privacy compliance assessments. EPIC was able to obtain part of Google’s biennial assessment for 2016-2018, prepared by independent auditor Ernst & Young. The remaining portions of the assessment were withheld in full.
Within the document production, the FTC sent Google several letters demanding answers to a variety of Google activity while under the Consent Order. Some activity that were questioned include Google’s launch of a COVID-19 Response Effort Website, Alphabet’s Sidewalk Labs spin-off of its data platform Replica, and Google offering users to create Student Brand Accounts in 2019.
In 2010, EPIC filed a complaint to the FTC highlighting major privacy violations in Google’s rollout of the Google Buzz social networking tool. A year later, the FTC entered into a Consent Order with Google after finding that the company had violated the FTC Act by engaging in unfair and deceptive uses of users’ personal information.
epic obtains records about Baltimore’s Controversial aerial surveillance program
Through an open government request to the Baltimore Mayor’s Office, EPIC obtained records about Baltimore Police Department’s Aerial Investigation Research (AIR) pilot program. This six month pilot program took place from May to October 2020. The Baltimore Police Department flew privately-owned surveillance planes to capture aerial images that monitored 90% of the city for up to ten hours a day in an attempt to “reduce crime.”
In notes from a briefing with the Mayor’s Office, pilot program leaders were telling the public that the program “will result in a ’20-30% reduction in crime in the first year alone'” but the Mayor’s Office actually determined that “this is merely a guess and is not backed by any science or data.” The notes also revealed that when the program secretly operated in 2016, the program leaders were “not able to provide specific examples of times when the program led to concrete case outcomes in Baltimore (i.e., arrests or convictions).”
In another email to Baltimore officials, the vendor of the program Persistent Surveillance Systems addressed areas of concern including operation times, coverage areas, and integration with Baltimore Police Department systems. Among the claims PSS makes, it emphasized that the program is meant to deter the public from committing crimes. PSS writes, “since a significant part of the effect is through deterrence and people do not always know when the plane is flying, there is a dissuasive effect even if our plane is not aloft. The plane is not visible at the typical altitudes we operate. We are happy to have someone who is thinking of shooting someone walk out, see an airliner, and think maybe not today.”
In an independent audit commission by the city, the auditors found that Baltimore Police Department lied about key aspects of the surveillance program, including how long surveillance footage was stored and the scope of the program. A few months after the pilot program, Baltimore officials voted to end the controversial surveillance program.
epic obtains records about Executive order 12333
Through a Freedom of Information Act request, EPIC obtained records from the Department of Defense about the agency’s surveillance and collection of electronic communications outside of the United States under Executive Order 12333. President Reagan signed EO 12333 in 1981, establishing a new broad surveillance authorities for the intelligence community outside the scope of public law with little to no oversight in place.
One notable document includes instructions on Defense Biometric Enabled Intelligence (BEI) and Forensic Enable Intelligence (FEI). The document notes that both BEI and FEI are considered strategically important for identifying individuals who may pose threats to U.S. forces and national security. Additionally, it is DOD policy that both shall be fully integrated into defense intelligence as an “essential element of national security.” The document notes that “collection, retention, and dissemination of U.S. person information shall be in accordance with Executive Order 12333” as well as discusses developing BEI and FEI strategy and capability to “unambiguously identify foreign persons, networks, and populations of interest” who post a threat to national security.
Another document is instructions on Signals Intelligence that updates the electronic surveillance policy, definitions, and responsibilities within the DOD. The enclosures within the document mention the collection and processing of electronic surveillance for foreign intelligence and counterintelligence. It also mentions the the agency using signals intelligence for wartime also ensure that these capabilities are “productively used during peacetime” to support signals intelligence and readiness requirements.
EO 12333 often serves as an alternate basis of authority for surveillance activities. EPIC has a long-standing interest in public oversight of government surveillance, including activities conducted under EO 12333.