Here Comes the Sun(shine Week): Celebrating Some EPIC Open Government Wins

March 14, 2024 | Enid Zhou, Senior Counsel

Leading up to the Freedom of Information Day, which coincides with the birthday of James Madison, principal drafter of the U.S. Constitution and a key advocate for open government, EPIC is highlighting some open government successes from the past year. EPIC publishes a Freedom of Information Act (FOIA) gallery featuring our open government work each year during Sunshine Week, a week promoting open government and transparency.

The Importance of FOIA & Why Sunshine the Best Disinfectant

The Freedom of Information Act and other state sunshine laws establish a legal right for individuals to obtain records in the possession of government agencies. Open records laws are critical for the functioning of democratic government because they help ensure that the public is fully informed about matters of public concern. Open government laws have often helped uncover fraud, waste, and abuse in federal, state, and local government.

A hallmark of many of the surveillance programs and tools adopted by government agencies is a disregard for public accountability. As the government seeks to expand its power to collect and exploit information about individuals, it increasingly hides that power behind a wall of secrecy. Congress has long recognized this tendency in the Executive Branch and sought to limit government secrecy by creating legal obligations of openness under the FOIA and the Privacy Act of 1974. EPIC has used these open government laws—along with the Federal Advisory Committee Act, the E-Government Act of 2002, and state open government laws—to enable public oversight of key government activities.

EPIC’s Recent Open Government Highlights

Through FOIA requests, reports, and public comments, EPIC has been shaping public policy that enables greater transparency and government oversight. Our open government work over the past year has resulted in disclosure of critical information about the activities of state and federal agencies. But our open government work was not without bumps in the road such as issues surrounding access to key information and the timeliness of government responses. Below are some recent open govern highlights and insights gleaned from fighting for more transparency.

EPIC Takes an In-Depth Look in AI Procurement and Publishes Outsourced & Automated

Outsourced & Automated: How AI Companies Have Taken Over Government Decision-Making

Following the Screened & Scored in D.C. report, EPIC published Outsourced & Automated: How AI Companies Have Taken Over Government Decision-Making in September 2023. Built on two years of state open records requests and over 9,000 government records about automated systems used in public benefits programs, the report provides a first-of-its-kind look into state AI procurement across the country.

Outsourced & Automated sheds light on the variety of AI systems that are embedded in state government, the risk these systems pose, and the major private companies behind these core government systems. EPIC also highlights four recommendations for state agencies using AI: (1) implement robust AI testing and auditing; (2) require protective contract language so agencies can better monitor AI systems operated by contractors; (3) implement greater public transparency around AI decision-making; and (4) stop AI use when an agency cannot mitigate AI risks.

As part of the report research, EPIC submitted open records requests to 27 states and the District of Columbia about government contracts with AI companies. EPIC found 621 state contracts for AI or automated decision-making systems and compiled a database that identifies prominent third-party vendors, their total potential market reach, and their relationship with various state and local agencies. In the course of the research, we encountered plenty of challenges when trying to access information published in state databases. For example, some state websites had incomplete contract entries, and some did not include any available contract information despite having documents available for other similar contracts. Some states had extremely poor search and filter functionality, making it difficult to find relevant contracts. And even when search and filter functionalities existed, some state databases did not have relevant categories for tech contracts and instead these contracts were arbitrarily scattered across a variety of categories. All these challenges highlight that, despite state government attempts to make information publicly available in state databases, the public still has difficulty accessing public information about what state agencies are up to. Public information that is not easily accessible goes against the spirit of open government.

ODNI Releases Partially Declassified Report on Intelligence Community’s Purchase of Commercially Available Information

In June 2023, the Office of the Director of National Intelligence (ODNI) released a partially declassified report on the Intelligence Community’s (IC) purchase of commercially available information in response to EPIC’s FOIA request. The partially declassified report was featured in Wired. As reported in the Wired article, the ODNI’s Senior Advisory Group found that the IC is collecting increasing amounts of commercially available information—including sensitive information like location data. But the Advisory Group does not know how much commercially available information agencies are collecting, what types, or even what it is doing with that data. The report also found that, despite the Supreme Court’s 2018 decision in Carpenter v. United States, which requires a warrant for persistent location information and potentially other data, the IC has no formal, community-wide position on the issue. Individual agencies continue to narrowly construe Carpenter to allow for the purchase of otherwise protected information from data brokers without a warrant.

EPIC Law Fellow Chris Baumohl is quoted in Wired saying, “[t]his report makes it clear that the government continues to think that it can buy its way out of constitutional protections using taxpayers’ own money. Congress must tackle the government’s data broker pipeline this year, before it considers any reauthorization of Section 702 of the Foreign Intelligence Surveillance Act (FISA).” EPIC has long challenged warrantless government surveillance, utilizing the FOIA and other open government laws to shed light on various government surveillance programs. We even launched a campaign to significantly reform Section 702 of FISA.

EPIC Pushes OMB to Integrate AI Requirements into Section 208 of the E-Government Act; Urges White House to Give More Resources for AI Oversight

In August 2023, EPIC urged the Office of Management and Budget (OMB) to update its E-Government Act guidance on agencies’ mandated privacy impact assessments to include AI impact requirements. Under Section 208 of the E-Government Act, federal agencies are required to complete a Privacy Impact Assessment (PIA) before undertaking data collection—and before developing or procuring technological systems that handle personally identifiable information. We emphasized that, because data collection and processing are central to AI functionality, AI impact assessment requirements are natural extensions of PIA requirements under the Act. Our recommendations will help ensure that there is as much focus put on AI transparency and accountability as there is on development and procurement. AI transparency and accountability is an essential oversight mechanism that ensures responsible government use of AI.

A few months later, EPIC also called on the White House to prioritize building agency workforce and resources for AI oversight and accountability. EPIC’s memo to the OMB and letter to the White House were in anticipation to the White House issuing its landmark Executive Order on Artificial Intelligence. In December 2023, EPIC submitted public comments to the OMB regarding its draft guidance on use of AI in the federal government—comments that reemphasized the need to incorporate AI impacts within PIA requirements. One of our top recommendations is that OMB must prioritize transparency and accountability by using its oversight and budgetary authorities to enforce compliance, coordinate their compliance protocols with existing reporting requirements like PIAs, and expand the scope and accessibility of information to the public.

DHS Releases 2021 Data Mining Report After EPIC FOIA Request

In June 2023, EPIC submitted a FOIA request to the Department of Homeland Security (DHS) seeking the “2020 DHS Data Mining Report and all subsequent DHS data mining reports.” Two months after EPIC’s FOIA request, the Department of Homeland Security (DHS) publicly released the 2021 Data Mining Report. DHS only informed EPIC of the release in December 2023 in a FOIA response. According to the agency, the 2021 report also covers the year 2020 because “[t]he DHS 2020 Data Mining Report to Congress was not submitted as planned.” The 2021 report is dated August 2022, suggesting DHS did not move to release the report until EPIC requested it. The 2022 report has not been released to the public and EPIC will continue to push for its release.

But it should not be the responsibility of watchdog groups like EPIC to compel the timely release of agency reports mandated by law. The Federal Agency Data Mining Reporting Act of 2007 requires DHS to publish a report on its data mining activities on an annual basis. The reports are required to describe the data mining activity and technology used, the data sources, and the impact on privacy and civil liberties among other things. In the 2021 report, DHS identified a new data mining program: “Continuous Immigration Vetting for Operation Allies Welcome, utilizing ATS, conducted by CBP.”  ATS stands for Automated Targeting System and according to the 2021 Data Mining report it “runs risk-based rules, predictive analytics, and queries to identify patterns indicative of terrorist or criminal activity.” The Continuous Immigration Vetting for Operation Allies Welcome is using ATS to vet Afghans for Special Immigrant Visas.

Looking Ahead

While Sunshine Week is a critical reminder of the importance of open government and gives us a moment to reflect on our past successes, our work persists. EPIC will continue to use all the tools at its disposal to improve oversight and transparency of government programs. There are no shortage of issues, but in the near future EPIC is particularly focused on the government’s use of facial recognition, location data and other commercially available information, and the use of AI in surveillance programs. We are using sunshine laws to discover, expose, and where appropriate roll back surveillance systems in public housing funded by Department of Housing and Urban Development (HUD), facial recognition systems deployed without public input by police agencies, and data broker provided monitoring systems exploited by border security and immigration agencies.

Support Our Work

EPIC's work is funded by the support of individuals like you, who allow us to continue to protect privacy, open government, and democratic values in the information age.