ICYMI: Lee Steven Appears on The Daily Ledger to Discuss Use of Encrypted Messaging Apps at EPA

 

Last week, Cause of Action Institute Assistant Vice President Lee Steven appeared on The Daily Ledger—a national cable TV political news program airing on the One America News Network. Couched in broader discussion of the “Deep State,” Lee spoke with Graham Ledger, the show’s two-time EMMY Award-winning host, about Environmental Protection Agency (“EPA”) employees’ use of unauthorized communications applications on agency-furnished and taxpayer-funded mobile devices.

Steven’s interview with Ledger comes after Cause of Action Institute’s investigative efforts revealed EPA employees had installed WhatsApp, Signal, and at least sixteen other messaging apps on their work-issued devices. As discussed in the video (and previously written about on this website), EPA employees’ use of encrypted messaging apps is in violation of agency policy and, necessarily, the Federal Records Act as well.

CoA Institute Encourages Supreme Court to Provide Check on Federal Agencies in Latest Amicus Brief

Washington, D.C. – Cause of Action Institute (“CoA Institute”) today filed an amicus curiae brief in the Supreme Court case Weyerhaeuser v. U.S. Fish and Wildlife Service, arguing that United States Fish and Wildlife Service’s (FWS) authority to exclude an area of land from critical habitat designation under the Endangered Species Act is not discretionary, but rather is subject to judicial review.

“Previous Supreme Court precedent as well as the Endangered Species Act make it clear that the Fish and Wildlife Service is subject to judicial review when it comes to determining what is and isn’t a critical habitat,” said John Vecchione, CoA Institute President and CEO. “We look forward to the Court upholding its previous standard and providing a check for the administrative state.”

CoA Institute’s brief encourages the Supreme Court to reverse the Fifth Circuit ruling in this case because it failed to conduct the sort of “careful examination” required by law to determine if FWS is excluded from judicial review.

The Supreme Court will hear argument in Weyerhaeuser during the fall 2018 term.

The amicus brief is available here.

About Cause of Action Institute
Cause of Action Institute is a 501(c)(3) non-profit working to enhance individual and economic liberty by limiting the power of the administrative state to make decisions that are contrary to freedom and prosperity by advocating for a transparent and accountable government free from abuse.

For more information, please contact Mary Beth Gombita, mbgcomms@gmail.com.

2016-2018 FOIA Advisory Committee Issues Final Report

The 2016-2018 iteration of the federal Freedom of Information Act (FOIA) Advisory Committee, of which I was a member, has just issued its final report and recommendations.  The report takes the form of recommendations to the Archivist of the United States about how to improve the administration of the FOIA.  The Committee is composed of government FOIA staff and representatives from the requester community, and the report represents areas where those professionals’ ideas for improvement overlap.  The Committee also sought to foster dialogue between these two groups who otherwise do not have an opportunity to discuss these issues.

The Committee’s Recommendations

Improving proactive disclosure. The Committee recommends that the Archivist direct OGIS to publish as a best practice that agencies proactively post specific categories of records, including calendars of top agency officials, unclassified reports provided to Congress, FOIA logs, and other categories identified below. The best practice also offers methods to ensure FOIA logs are most useful, and provides considerations for agencies when identifying additional areas for proactive disclosure.

Balancing proactive disclosure and accessibility obligations. The Committee recommends that the Archivist direct OGIS to publish a best practice encouraging agencies to avoid the removal of documents already posted on agency websites that are not currently compliant with Section 508 of the Rehabilitation Act of 1973, as amended, 29 U.S.C. § 794d. Instead, the best practice would be to remediate such documents. When agencies are concerned about the practicality of remediation, the best practice would be to conduct an “undue burden” analysis by balancing Section 508 with their FOIA statutory obligations; the Rehabilitation Act allows agencies to release electronic documents that are not Section 508-compliant if rendering them compliant would “impose an undue burden” on the agency.

Improving FOIA Searches. The Committee recommends that the Archivist address the lack of public information about current methods and technologies agencies use to search for responsive records by: (1) requesting that the U.S. Department of Justice’s (DOJ) Office of Information Policy (OIP) affirmatively collect this type of information in next year’s Chief FOIA Officer (CFO) Reports, and (2) recommending that the CFO Council work with the Chief Information Officers (CIO) Council to explore the technological issues related to searches and to promote best practices. The Committee further recommends that the Archivist suggest a modification to the Federal Acquisition Regulation (FAR) to ensure that all agencies consider FOIA obligations when acquiring electronic records management software and that the Archivist also direct OGIS to examine and report on the use of appropriate FOIA performance standards for federal employees.

Making efficient use of agency resources. The Committee recommends that the Archivist direct OGIS to publish as best practices a number of identified strategies to ensure agencies maximize the use of available resources. These best practices address several issues, including staffing, career incentives, workflow, accountability, and technology.

The full report is available here.

James Valvo is Counsel and Senior Policy Advisor at Cause of Action Institute.  He was a member of the 2016-2018 FOIA Advisory Committee.  You can follow him on Twitter @JamesValvo.

Senate Overturns CFPB “Guidance” Document

The Senate has overturned a CFPB “guidance” document that was for all intents and purposes a regulation. This repeal was effected by the Congressional Review Act (“CRA”) which allows the Congress to overturn regulations within 60 days of the later of the regulation being sent to Congress or being published in the Federal Register. As I wrote for the Hill in March of last year, the CRA’s evasion of the filibuster invites a deregulatory agenda by the Congress that need not be blocked by partisan divisions or the filibuster. As we noted on this website at that time there are many, many such regulations. With the wise test of a “guidance document” by Senator Toomey more avenues for reform open up.

I have remarked on the threat to the Rule of Law and our Constitutional structure by the CFPB before. One of its previous high-handed regulations has already been removed by a similar use of the CFPB to our applause. The various federal agencies’ attempts to rule by letter and by guidance have been brushed back here and there. But they remain a troubling bureaucratic subversion of the fundamental separation of powers created to protect and empower American liberty.

John J. Vecchione is president and CEO at Cause of Action Institute.

Oversight Victory: Tax Regulations Now Subject to OMB Review

In a major win for oversight and constitutional governance, the White House Office of Management and Budget (“OMB”) and the Department of the Treasury have scrapped a decades-old agreement that exempted many IRS tax regulations from independent review and oversight.  In its place, the agencies have set up a new agreement that requires Treasury to submit important tax regulations to OMB’s Office of Information and Regulatory Affairs (“OIRA”) for review pursuant to Executive Order 12,866 (“EO 12,866”) just like nearly every other agency.

This change came after an investigative report from Cause of Action Institute and a sustained campaign over the past few months from supporters of OIRA review.  From a transparency perspective, this agreement is already an improvement because it has been announced publicly, posted on Treasury’s website, and not kept secret for thirty-five years, like the previous agreement.

 

The New Memorandum of Agreement

The new agreement will require Treasury to submit the following categories of tax regulations to OIRA for review:

All three categories are well conceived.  First, one of the main focuses of OIRA review has always been interagency consultation.  And IRS rules can overlap with rules from the Department of Labor and, increasingly in the wake of the Affordable Care Act, the Department of Health and Human Services.  Allowing those and other agencies to weigh in on proposed tax regulations is an appropriate and necessary level of oversight, and can lead to better policymaking.  At the Senate hearing where the agreement was unveiled, Senator Lankford asked Treasury General Counsel Brent McIntosh who will make the determination of whether a new rule is likely to create a conflict with another agency.  McIntosh replied that, under the agreement, Treasury will submit a list of rules to OIRA on a quarterly basis and OIRA will then be in a position to flag rules that may create a conflict.

Second, Treasury will send OIRA tax regulations that raise novel legal or policy issues.  These are exactly the type of rules should not be decided in a vacuum and when independent review from OIRA and others can provide a fresh look at novel questions.  This is also an existing category of rules that are covered by EO 12,866 and so it makes sense to include tax regulations in this existing mandate.

Third, and finally, the new agreement includes tax regulations that are likely to have an annual non-revenue impact on the economy of $100 million or more.  This is the existing threshold for significant regulatory actions for other agencies.  The agreement makes a distinction for the “non-revenue” impact of tax regulations.  This is a commonsense distinction because OIRA review and cost-benefit considerations should be focusing on the distortionary impacts of regulatory choices, not money transferred to the fisc.  This modification of the existing language in EO 12,866 was necessary to fit the existing system to the way tax regulations work.  At the hearing, Senator Lankford asked McIntosh which rules from the 2017 tax cuts may meet this threshold.  McIntosh estimated that rules related to pass-through entities, interest expense deductions, bonus depreciation, section 199A, partnerships under section 512, and section 951A could now be subject to OIRA review.

 

The New MOA Puts OIRA in Control

The new agreement includes an important provision that bars Treasury from rushing rules out the door to the Federal Register before OIRA has signed off.

In order for the president and the White House to properly oversee the Executive Branch, they must be able to control its regulatory actions.  This provision makes it explicit that OIRA gets the final say.

 

Agreement Addresses Concerns about Delay and Expertise

Perhaps the biggest pushback against subjecting tax regulations to the same review that applies to other agencies’ rules was concerns about delay.  The new agreement addresses that issue by putting a 45-day clock on OIRA review and a special 10-business-day expedited review for rules stemming from the 2017 tax cuts.  Responding to concerns about OIRA’s expertise, Administrator Naomi Rao announced that Minnesota Law Professor and tax administration expert Kristin Hickman was joining OIRA as an advisor.  And OMB has been staffing up on other tax experts as well.

 

Concerns about the New Agreement

There is at least one concern about the agreement.  It only applies to “tax regulatory actions,” which the agreement gives the same meaning as “regulatory actions” in EO 12,866.  That definition covers “any substantive action by an agency (normally published in the Federal Register) that promulgates or is expected to lead to the promulgation of a final rule or regulation, including notices of inquiry, advance notices of proposed rulemaking, and notices of proposed rulemaking.”  Noticeably absent from this definition are interpretative rules that are not published in the Federal Register.  The IRS is notorious for trying to claim that its rules are interpretative and do not need to follow the strictures of the Administrative Procedure Act.  (CoA Institute recently filed an amicus brief in a case challenging this behavior.)  It remains to be seen whether the IRS and Treasury will try to assert that interpretative rules do not meet the definition of a “regulatory action” under EO 12,866 and thus do not need to be sent to OIRA for review.  A fair reading of the term “regulatory action” should include interpretative rules, even under the IRS’s improperly broad definition of that term.

But overall a dramatic improvement in the oversight of tax regulations and milestone in the project to end so-called tax exceptionalism and bring IRS under the same administrative law as everyone else.

James Valvo is Counsel and Senior Policy Advisor at Cause of Action Institute.  He is the principal author of Evading Oversight.  You can follow him on Twitter @JamesValvo.

CoA Institute Calls for EPA Watchdog Investigation into the Use of Unauthorized Electronic Messaging and Web-Based Email Apps on Agency Devices

Washington, D.C. – Cause of Action Institute (“CoA Institute”) wrote yesterday to the Environmental Protection Agency (“EPA”) Office of Inspector General (“OIG”) to request an investigation into the unauthorized use of electronic messaging and web-based email applications on agency-furnished and taxpayer-funded mobile devices, including iPhones and iPads. CoA Institute’s request follows the recent release under the Freedom of Information Act (“FOIA”) of a contractor-generated report that proves EPA employees installed at least sixteen different messaging applications, including Facebook Messenger and Google Hangouts, in contravention of official agency policy.  EPA employees also installed personal email programs, such as AOL and Yahoo Mail, on their government phones.  The OIG previously examined the use of two other encrypted messaging applications, “Signal” and “WhatsApp,” after CoA Institute opened its own investigation into allegations concerning the possible avoidance of records management laws.

 Cause of Action Institute Counsel Ryan Mulvey: “The newest details concerning the range of applications that EPA employees installed on their taxpayer-funded phones and tablets raise serious concerns.  Beyond the fact that many of these applications should never have been found on a government phone because of their personal nature, the presence of sixteen different electronic messaging applications raises doubts about the EPA’s compliance with record preservation rules.  All work-related communications created or received on a personal email account, or an electronic messaging program like Facebook Messenger, should have been preserved for disclosure to the public.  The EPA Inspector General must examine this matter and consider what steps the agency should take to rectify any deficiencies in meeting its record preservation obligations.”

Shortly after President Trump took office, Politico reported that a small group of EPA employees were using an encrypted messaging application, called “Signal,” to discuss ways to prevent incoming political appointees from implementing the new Administration’s policy agenda.  CoA Institute opened an investigation and, over the past year, has slowly pieced together details about the Signal scandal.

In response to its first FOIA lawsuit, the EPA acknowledged that there was an “open law enforcement” investigation.  Then, records released to CoA Institute revealed how an EPA contractor “scanned” most agency-furnished devices for the different applications that had been installed by employees.  That scan, which was requested “orally” by the OIG, was conducted with a software tool known as “Mobile Device Management,” or “MDM.”  As part CoA Institute’s second FOIA lawsuit, the EPA disclosed the contractor-generated report, as well as other documents.  A summary of the report, which consists of a list running ninety-six pages long, identifies all of the applications installed on most agency-furnished devices.

In addition to Signal and WhatsApp, at least another sixteen applications with electronic messaging capabilities were used by EPA employees, along with three email programs.  To the extent the OIG was unaware of these other messaging applications, further inquiries are necessary, as the use of these applications raise issues relating to federal records management.  Moreover, although the OIG has reported that the EPA disabled the ability of many iPhone and iPad users to download the “Apple Store app,” and thus to install unauthorized applications, it is unknown whether all unapproved messaging applications have been deleted or, alternatively, whether adequate procedures have been put in place so that the EPA can meet its recordkeeping obligations.

CoA Institute’s April 11, 2018 letter to the EPA Inspector General is available HERE.

For information regarding this press release, please contact Nichole Wilson: Nichole.wilson@causeofaction.org

Cause of Action Institute Launches Investigation into Agency Use of Instant Messaging Applications

The number of communications devices and platforms has mushroomed in recent years, making communication both quicker and easier. Naturally, these technologies have been incorporated into business and government. The use of instant messaging applications (“IM”) for business communications has become so common that most enterprise software includes IM functionality (for example, Google Hangouts, Skype for Business instant messaging, Slack, etc.).

In response to these developments, the Federal Records Act (“FRA”) was amended in 2014 to codify a new definition of electronic messages.  The FRA now states that electronic messages include “electronic mail and other electronic messaging systems that are used for purposes of communicating between individuals” 44 U.S.C. § 2911. Electronic communications sent or received in the course of agency business—regardless of the method of message delivery—are therefore federal records and must be properly captured, retained, and stored such that they can be searched and reproduced upon request. National Archives and Records Administration (“NARA”) Bulletin 2015-02, “Guidance on Managing Electronic Messages,” makes this explicitly clear.

Unfortunately, recent events have highlighted the failure of federal agencies to properly capture, retain, and store electronic messages, including:

  • five months of missing, and then recovered, text messages between the FBI’s Peter Strzok and Lisa Page related to their official duties,
  • 2016 EPA Inspector General investigation into the use of encrypted text messages,
  • CFPB using encrypted messaging apps, the so-called “Dumbledore’s Army”,
  • IRS not retaining communications through their internal instant messaging system due to a memorandum of understanding with the Treasury Employees Union, and
  • NOAA’s questionable use of Google Hangouts.

It appears incidents of federal agencies neglecting and/or intentionally failing to properly capture, retain, and store electronic messages that are federal records are not isolated or exceptional. In light of this, CoA Institute has launched a broad inquiry into federal agencies’ efforts to implement the 2014 FRA amendments and NARA Bulletin 2015-02. Last week, CoA Institute sent FOIA requests to nearly forty agencies seeking records:

  • regarding policies on the use, retention, and management of electronic (instant) messages;
  • related to implementation of or compliance with NARA Bulletin 2015-02;
  • reflecting the electronic messaging systems installed on agency devices; and
  • reflecting whether the agency has enabled automatic electronic message archiving, indexing, and eDiscovery features on instant messaging platforms in use.

The FRA and Freedom of Information Act are essential to government transparency and accountability and they must be enforced even when—or especially when—government regulations, policies, and practices lag behind the implementation of new technologies. With respect to instant messages, the federal government’s characteristic bureaucratic torpidity bears potentially far-reaching implications for proper oversight of the federal government. With this investigation, CoA Institute seeks to discover whether (and where) government neglect or exploitation of new technologies threatens transparency and accountability.

 

Thomas Kimbrell is a research fellow at Cause of Action Institute.