FOIA Gallery 2018
The Freedom of Information Act establishes a legal right for individuals to obtain records in the possession of government agencies. The FOIA is critical for the functioning of democratic government because it helps ensure that the public is fully informed about matters of public concern. The FOIA has helped uncover fraud, waste, and abuse in the federal government.
A hallmark of the new surveillance measures proposed by various government agencies is their disregard for public accountability. As the government seeks to expand its power to collect information about individuals, it increasingly hides that surveillance power behind a wall of secrecy. Congress has long recognized this tendency in the Executive Branch, and sought to limit government secrecy by creating legal obligations of openness under the FOIA and the Privacy Act of 1974. EPIC has used these open government laws aggressively to enable public oversight of potentially invasive surveillance initiatives.
EPIC's FOIA litigation over the past year has resulted in disclosure of critical information about the activities of the government. EPIC's litigation has also generated case law that benefits the FOIA requesters and the open government community across the country.
EPIC's FOIA Work in 2017-2018
For EPIC's Open Government Project, 2017-2018 was a year filled with great success stories. Through vigorous and effective litigation, EPIC bolstered its record as a champion for a more open and transparent government. In 2017, EPIC obtained formerly secret records from government agencies including CBP, DHS, DOJ, FBI, IRS, and prevailed in several cases.
A 2017 report from the TRAC FOIA Project shows that EPIC is among the nation's leading FOIA litigators, ranking fifth among nonprofit and advocacy groups nationwide. Last year EPIC filed eight FOIA lawsuits, including four leading open government cases concerning Russian interference with the 2016 Presidential election: EPIC v. FBI (cyberattack victim notification), EPIC v. ODNI (Russian hacking), EPIC v. DHS (election cybersecurity), and EPIC v. IRS (release of Trump's tax returns).
Through a Freedom of Information Act request to the Department of Justice, EPIC obtained over four hundred pages of records showing that the Election Assistance Commission, the now-defunct Presidential Advisory Commission on Election Integrity, the Voting Section of the Department of Justice Civil Rights Division, and the Department of Homeland Security discussed ways to cooperate on the “cleaning” and “maintenance” of state voter registration databases. In one set of emails, Christy McCormick — an Election Assistance Commissioner and member of the Presidential Commission — dismissed concerns about the federal government’s sweeping demands for state voter information as “conspiracy theories.” Writing to a top voting rights attorney at the DOJ, McCormick said she hoped the DOJ and the Presidential Commission could “clean up the voter rolls” together. The revelations follow last year’s sweeping requests for state election information by the Presidential Commission and the DOJ, both issued on the same day. Many states refused to provide the Presidential Commission their state voter data, citing the privacy rights of their voters and the states’ power to administer their own elections.
EPIC sued the Federal Bureau of Investigation after the agency failed to respond to EPIC's FOIA request for privacy impact assessments. EPIC challenged the adequacy of the agency's search and the FBI's claim that record could be withheld pursuant to "Exemption 7(E)," which concerns law enforcement "techniques and procedures." In February 2017, the federal judge concluded that "the FBI neither adequately described its search nor properly justified its withholdings of information under FOIA exemption 7(E)." The Court ordered the FBI to supplement the record to address the inadequacy of the agency's search and the basis for the Exemption 7(E) claims. EPIC's win was featured in Politico and Courthouse News Service.
EPIC Obtains FBI Cyber Notification Procedures, News Investigation Reveals FBI Did Not Notify Victims of Russian Cyberattacks
As a result of the FOIA lawsuit EPIC v. FBI, EPIC obtained the Federal Bureau of Investigation's "Victim Notification Procedures." This FBI policy requires the agency to notify victims of cyberattacks "even when it may interfere with another investigation or (intelligence) operation." The documents indicate that the FBI Cyber Division is to "notify and disseminate meaningful information to victims and the CND [Computer Network Defense] community." The Cyber Division specifically notifies the "individual, organization, or corporation that is the owner or operator of the computer at the point of compromise or intrusion." Based on the documents uncovered by EPIC, a recent AP investigation found that the FBI, the lead agency for cyber response, did not notify U.S. officials that their email accounts were compromised during the 2016 Presidential election. The Senate Oversight Committee also pressed the FBI on its failure to notify both the DNC and the RNC.
As a result of the FOIA lawsuit EPIC v. CBP, EPIC obtained a report from Customs and Border Protection concerning iris imaging and facial recognition scans for border control. Testing began in 2015 and consisted of capturing iris images to "provide facial and iris biometrics to compare to [a non-U.S. citizen's] entry record." The report, obtained by EPIC, revealed that the agency program failed to perform operational matching at a "satisfactory" level.
Through a Freedom of Information Act request to the Internal Revenue Service, EPIC obtained hundreds of documents detailing procedures for private debt collectors. Following a Congressional mandate, the IRS outsourced debt collection for some U.S. taxpayers to private debt collection agencies. Transfer of personal and financial data to private entities raises data security and privacy concerns, and also makes scams and threatening phone collection tactics easier to perpetrate. The documents obtained by EPIC show how the IRS monitors the companies and the procedures companies must follow when contacting taxpayers.
In EPIC v. IRS, EPIC is seeking release of President Trump's tax returns, which was featured prominently in news publications such as Politico, The Hill, and Law 360. EPIC filed the suit for the tax records after the Internal Revenue Service refused to process EPIC's FOIA request for the President's returns. The IRS has the authority to release the records to correct numerous misstatements of fact concerning financial ties to Russia, such as President Trump’s tweet "Russia has never tried to use leverage over me. I HAVE NOTHING TO DO WITH RUSSIA - NO DEALS, NO LOANS, NO NOTHING." These statements have been directly contradicted by his attorneys, members of his family, and various news reports. EPIC will argue the case before the D.C. Circuit Court of Appeals later this year.
As a result of the FOIA lawsuit EPIC v. NSD, EPIC obtained a report from the Department of Justice National Security Division detailing the FBI's use of foreign intelligence data for a domestic criminal investigation. Section 702 of the Foreign Intelligence Surveillance Act authorizes the surveillance of foreigners located abroad. However, the FBI also used this data to investigate Americans. The report obtained by EPIC also shows that a FBI analyst failed to follow internal guidance to notify superiors of the search, raising questions about whether the FBI is accurately reporting these searches.
As a result of the FOIA lawsuit EPIC v. FBI, EPIC obtained several memorandum of understanding regarding the transfer of biometric identifiers between the Federal Bureau of Investigation and the Department of Defense. One of the agreements, which includes the State Department, calls for "a direct conduit for the parties to access databases storing biometric information." The FBI's biometric identification program, known as "Next Generation Identification," is a centralized government database containing sensitive personal and biometric data on millions of individuals. One of the FBI's stated initiatives is for the agency, through NGI, to exchange information with other data repositories in real or near-real time.
In a response to EPIC's FOIA lawsuit, the Justice Department admitted that the United States Sentencing Commission never produced an evaluation of "risk assessment" tools in criminal sentencing. In 2014, former Attorney General Eric Holder expressed concern about bias in criminal sentencing "risk assessments," secret techniques used to set bail, to determine criminal sentences, and even make decisions about guilt or innocence. Former Attorney General Holder called on the Sentencing Commission to study the problem and produce a report. But after EPIC requested that study and sued the DOJ to obtain it, the DOJ conceded that the report was never produced. Through the suit, EPIC obtained emails confirming the existence of a 2014 DOJ report about "predictive policing" algorithms, but the agency also withheld that report.
EPIC was awarded substantial attorney's fees after securing a victory against the Department of Homeland Security. In 2012, EPIC sued the DHS for information about a secret program to monitor Internet traffic. The "Cyber Pilot" program applied originally to defense contractors, but an executive order dramatically expanded the program, raising concerns about violations of federal wiretap law. EPIC's lawsuit produced the release of several thousand pages on the program, including a presentation in which DOD advised private industry on how to circumvent federal wiretap law. In 2016, the Court ruled that EPIC was entitled to attorney's fees because it "substantially prevailed in [the] litigation" and added "to the fund of information that citizens may use in making vital political choices." On June 2017, the Court issued a final order confirming that decision and awarded EPIC nearly $100,000 in fees — the largest such award in EPIC's history.
Share this page:
EPIC relies on support from individual donors to pursue our work.
Subscribe to the EPIC Alert
The EPIC Alert is a biweekly newsletter highlighting emerging privacy issues.