A Warrantless Phone Search, A Dangerous Precedent

Washington D.C. – Cause of Action Institute (“CoA Institute”) today filed an amicus curiae brief in support of Defendant Hamza Kolsuz who in February, 2016 was arrested at a Virginia airport attempting to board a plane bound for Istanbul, Turkey.

At the time of his arrest, U.S. Department of Homeland Security (“DHS”) Customs and Border Patrol (“CBP”) officers seized Mr. Kolsuz’s iPhone and subsequently ordered a month-long, warrantless forensic search, resulting in nearly 900 pages of detailed information, including Mr. Kolsuz’s internet-browsing history, text messages, emails, and various geographic locations he had visited. Under a 2014 Supreme Court case, any search of a cellphone seized during an arrest requires a warrant.  

While Mr. Kolsuz filed a legal motion to suppress the evidence obtained without a warrant, the presiding judge ruled that the search constituted a border search, and was therefore legal under a narrow exception to the Fourth Amendment. Mr. Kolsuz was found guilty and sentenced to thirty months in prison.

We believe the District Court erred in allowing the evidence. Our brief urges the court to reverse the previous decision and grant Mr. Kolsuz a new trial.  While in certain circumstances, a border search may be conducted without a warrant, in this instance the governmental interests that justify this exception were not in play because neither Mr. Kolsuz nor his phone were crossing any border after his arrest. 

The brief states:

At the time of the search, neither Mr. Kolsuz nor his smartphone were in the process of crossing any border. The Government was not furthering any interest in prohibiting the entry or exit of contraband, enforcing currency control, levying duties or tariffs, or excluding travelers without the property documentation to enter the country…

The privacy interests inherent in electronic devices are so high as to require a minimum of probable cause to justify their search.  Any less protection will continue to chill First Amendment protections, harm business interests, and violate the Fourth Amendment rights of Americans to be free from unreasonable search and seizure.

Federal customs agencies have essentially turned what was supposed to be a narrow exception to the Fourth Amendment’s warrant requirement into a loophole to search anyone’s cellphone or laptop without any reasonable suspicion or probable cause to suspect them of a crime.  Under current DHS “guidance,” anyone who travels internationally can be detained, asked to grant a customs agent access to their cellphone or laptop (including their social media accounts, email, and other remotely-stored information), and even face seizure of their device for off-site searching if they refuse to consent to the search.  News reports have detailed the recounts of many Americans who have been subjected to this policy.  DHS searched 5,000 electronic devices in February of this year alone.  

In addition to the troubling implications under the Fourth Amendment’s right to privacy, the brief outlines how electronic devices are such a commonplace tool that modern business would be unable to function without them.  Journalists and legal organizations rely on smartphones, tablets, and laptops to communicate with sources around the world, store research and contact information, draft and publish news articles, and film or photograph live events, and upload stories to social media.  Similarly, lawyers routinely utilize laptops and smartphones as repositories of attorney-client communications and work product documents. Businesses also need such devices to perform proprietary work, transmit documents detailing trade secrets, and remotely access company information.   

The courts have carefully crafted legal balancing tests that recognize the need to protect certain information, like journalist sources, attorney-client privileged information, and confidential trade secrets, by allowing the government to access such privileged information only when certain compelling justifications exist. In this regard, the current DHS “policy” purporting to allow the agency unfettered access to information at the border does not only contravene the privacy rights of individuals, but also disrupts other carefully-created judicial safeguards that protect the information of businesses, journalists, and lawyers’ clients, from disclosure.

The brief was filed on behalf of Cause of Action Institute, along with the Committee for Justice, a nonprofit organization dedicated to promoting the rule of law, and Floor64 Inc. that publishes the online news site, Techdirt.com. Techdirt’s journalists routinely depend on the ability to protect its sources and private information.

The full brief is available here

For information regarding this press release, please contact Zachary Kurz, Director of Communications at CoA Institute: zachary.kurz@causeofaction.org

 

The Proof is in the Metadata: Recent Developments in CEI v. OSTP

Last summer, in Competitive Enterprise Institute v. Office of Science & Technology Policy, 827 F.3d 145 (D.C. Cir. 2016) (“CEI v. OSTP”), the D.C. Circuit reached an important decision concerning an agency’s obligation to search private email accounts maintained by government officials for records responsive to a Freedom of Information Act (“FOIA”) request. The court determined that if an official “possesses what would otherwise be agency records [e.g., work-related email], the records do not lose their agency character just because the official . . . takes them out the door [e.g., to a private account][.]” Id. at 149. Thus, if a personal email account may contain agency records, the agency cannot categorically refuse to conduct a search of that private account.

This past week, however, the district court on remand appeared to dampen the impact of the D.C. Circuit’s ruling. Judge Gladys Kessler determined that OSTP had met its burden under the FOIA and did not have to conduct a search of former Director John Holdren’s personal email account, the contents of which had been saved on a thumb drive last December under court order. OSTP successfully argued that any agency records on Holdren’s non-governmental account would be duplicative of records already on OSTP servers. The agency pointed to a policy that required Holdren to forward work-related email to his official account or to copy that account on work-related correspondence. OSTP also attested that Holdren obeyed this policy on “approximately 4,500 occasions” and was otherwise entitled to a presumption of compliance “absent evidence to the contrary.” CEI could not rebut the presumption.

The district court’s decision, particularly on the heels of Sunshine Week, is disappointing. First, although a requester admittedly cannot rely on speculation to prove wrongdoing, once a requester has proven that a non-governmental system contains agency records, the agency should not be allowed to forego a search of that system simply because it claims to possess “duplicative” records elsewhere. It is difficult enough to demonstrate that an agency official is violating the spirit, if not the law, of transparent government by using personal email for work-related purposes. The existence and usage of a parallel personal account should be enough, in most cases, to rebut any presumption of compliance with preservation rules. Of course, OSTP may have given sufficient evidence of Holdren’s compliance in this case—an affidavit indicated that he forwarded or copied his official email account approximately 4,500 times—but courts should remain skeptical that all agency records have been forwarded when atypical means of conducting government business are at issue. One need only consider the ongoing saga of former Secretary of State Hillary Clinton’s private email accounts, where additional State Department records were uncovered even after she had averred that all such records had been turned over, to understand why this should be the case.

Second, assuming OSTP had copies of all agency records from Holdren’s personal account, it is not clear that these copies would actually be “duplicative.” For example, CEI argued that it sought Holdren’s email in “electronic format” along with any “metadata.” On this theory, copied or forwarded email records on OSTP’s servers may not, in fact, be “duplicative” because they may not include all original metadata. Judge Kessler found this line of argument unpersuasive and held that the metadata in Holdren’s personal email would “not in itself make each email unique as compared to the forwarded reproduction[.]” This conclusion is wrong and sets a dangerous precedent.

Metadata includes various types of information about an electronic document that are not usually visible, but reflect important characteristics concerning the document’s origin, alteration, or usage. It includes “substantive metadata,” such as tracked changes in Microsoft Word; “system metadata,” which is created by a computer system, such as the information contained in a file’s properties; and “embedded metadata,” such as hyperlink details or Excel formulae. See Aguilar v. Immigration & Customs Enf’t, 255 F.R.D. 350, 354–55 (S.D.N.Y. 2008) (discussing different types of metadata).

Numerous state courts have ruled that metadata forms an integral part of an electronic record and is subject to disclosure under state-based Freedom of Information regimes. No federal court has settled the question for the FOIA, but it seems appropriate to adopt a similar default presumption that metadata must be disclosed so long as it forms an integral part of an electronic record and is readily reproducible. A requester should not even need to specifically request integral metadata.

There may not be a one-size-fits-all approach to distinguishing different types of metadata and which form an integral part of a record. The best approach would take into account an agency’s storage practices and the type of electronic records at issue—Does the agency store email in a hard-copy format or electronically? Are electronic copies kept in native or near-native format? What sort of metadata is preserved in those formats? It would also consider an agency’s ability to readily reproduce metadata—Are email records readily releasable as PDF or MSG files? Finally, it would look to whether a requester has specified that he wants an agency to produce (rather than merely search for) records in a form that includes metadata. See, e.g., Citizens for Responsibility & Ethics in Washington v. Department of Education, 905 F. Supp. 2d 161, 171–72 (D.D.C. 2012) (“CREW did not request that DoEd produce its records in electronic format . . . DoEd thus had no obligation to produce the documents in any particular format.”) (internal citation omitted).

This proposed approach under the FOIA is supported by the treatment of metadata in other legal contexts. Under implementing regulations for the Federal Records Act, for example, “electronic record” is defined as “both record content and associated metadata that the agency determines is required to meet agency business needs.” 36 C.F.R. § 1220.18. “Metadata,” in turn, “consists of preserved contextual information describing the history, tracking, and/or management of an electronic document.” Id. When it comes to email records, some metadata can form an integral part of the electronic record. See id. § 1236.22(a). In the civil discovery context, when metadata exists as part of a document’s native format, it should be produced to an opponent. If a party seeks discovery of additional metadata, a court will typically grant it so long as the metadata is reasonably accessible and potentially relevant to the dispute at hand.

From the outset of its case, CEI argued that it sought agency records that were stored on Holdren’s personal email account in an electronic format. Metadata integral to those records (viz., sender, recipient, and “BCC” recipient information, etc.) might not have carried over in toto to the copies on OSTP’s servers. Such information could be instructive, as any litigator or investigative journalist would attest, and might even explain why Holdren was using a personal email account for official government business in the first place. The district court considered OSTP’s “duplicative” email records “functionally equivalent” to the originals on Holdren’s private account. That much is true when considering the visible content of the email. But that’s only half of the story. Metadata lurks beneath, and without the original integral metadata, any copies of Holdren’s email on OSTP’s servers are incomplete and not duplicative.

Ryan Mulvey is counsel at Cause of Action Institute.

Selective Memory: Presidential Control of Press and Information

Among people who know and use the Freedom of Information Act and similar laws to discover and report what the government is doing, this week is known as Sunshine Week, a time to promote government transparency. But a disorienting fog has settled in.

When was the last day that the news did not include a report about the President’s use of direct social media to avoid traditional press outlets whom he regularly disparages for using unlawfully leaked information to unfairly report what the government is doing and planning? Allegations abound that the administration regularly imposes unprecedented policies that restrict or remove access to government information and impede contacts between the press and knowledgeable civil servants.  For example:

“White House curbs routine disclosure of information and deploys its own media to evade scrutiny by the press.”

“It’s turning out to be the administration of unprecedented secrecy and unprecedented attacks on a free press.”

The “administration’s steadily escalating war on leaks, the most militant I have seen since the Nixon administration, has disregarded the First Amendment and intimidated a growing number of government sources of information — most of which would not be classified — that is vital for journalists to hold leaders accountable.”

The administration’s anti-leak effort “targets not only national security departments and agencies but most federal bureaucracies from the Peace Corps to the Social Security Administration and the Education and Agriculture Departments.”

“[W]e now have evidence of a pattern of anti-media behavior…. The suspicion has to be that maybe these ‘leak’ investigations are less about deterring leakers and more about intimidating the press.”

The administration’s “recent effort to stem leaks in the federal workforce doesn’t just exemplify … cluelessness. It verges on being a parody of it.”

The depth of dismay is hard to overstate. An executive editor of The New York Times put it this way: “I would say it is the most secretive White House that I have ever been involved in covering, and that includes — I spent 22 years of my career in Washington and covered presidents from President Reagan on up through now, and I was Washington bureau chief of the Times during George W. Bush’s first term.”

But none of the above-linked stories is about President Trump or current events. All of these complaints were written about President Obama early in his second term.

This selection of stories about how the Obama administration manipulated the media and restricted independent access to government information is representative. If anything, it’s too cautious.  Readers can find much more, and much worse, reported by the most respected of voices. Even so, complaints about the relationship between the press and the Obama and Trump administrations and their unprecedented, programmatic restriction of access to information are strikingly similar.  Perhaps such practices sting more sharply after a President takes the oath and starts to govern.  Politico reports that the President’s aides are “obsessed with taking advantage of Twitter, Facebook, YouTube and every other social media forum, not just for campaigns, but governing.” Yet that story, too, was about President Obama, not President Trump.

Controlling information in service of a president’s political objectives is not new. It is not sui generis and did not spring forth fully formed like Athena from Zeus’s head—or President Trump’s.  The current administration has taken another step in a well-known progression, and not a big one at that.  In historical context we can recognize it without surprise as the next manifestation of Leviathan’s thirst for ever more power and control.  Bob Schieffer, after decades as a Washington correspondent and broadcast news anchor, sums up the situation this way:  “When I’m asked what is the most manipulative and secretive administration I’ve covered, I always say it’s the one in office now.”

Mike Geske is counsel at Cause of Action Institute

Fighting Confusion and Complacency to Keep the IRS Accountable

It seems like a simple idea – the Freedom of Information Act (FOIA) allows any interested citizen to request documents from the people and agencies who exercise power over them. Elected officials have called it “our nation’s premiere transparency law” and one which serves a “crucial need … for open access to government information.”  Unfortunately, as one recent case shows, the process rarely works this way, leading to frustrating and sometimes bizarre results.

In 2014, Cause of Action Institute became concerned that lawyers employed by the Tax Division of the Department of Justice (DOJ) were being detailed to work at the White House. At least two of these attorneys had access to the confidential taxpayer information of administration opponents because of their prior work on lawsuits connected to the IRS “targeting” scandal, and giving them this kind of assignment was unprecedented.  Taxpayer information would normally be kept private from White House officials, including the president, but now a pipeline had been opened where such information could reach political appointees. [See our investigative report discussing this issue in greater detail]

IRS quotes[Excerpts from IRS letters complaining about having to search its own records. CoAI would later discover a search had already taken place]

The IRS has a long history of misusing tax information, one that reaches as far back as FDR. Without proper procedures or training, the same kind of misconduct will inevitably happen again no matter which political party is in charge.  To find out more about the attorney transfers and whether any steps had been taken to safeguard taxpayer privacy, we submitted a FOIA request to the Internal Revenue Service (IRS) for e-mails between three attorneys assigned to the White House and the IRS division at the heart of the targeting scandal.

The request was sent in January 2014. The first reply arrived a month later, but it was merely notification that the agency would be “unable to send the information” within the 20 business days required by FOIA.  A second delay letter arrived in May, followed by a third delay in August and yet another delay in December.

Finally, in April of the following year – a full 282 business days after the 20 business-day deadline – we received a response. But it was not the e-mails we requested; it was a notice that our request was now too broad and would be closed because searching the e-mails of three people was “an unreasonable burden upon the IRS.”  Even if this were true, which seemed very unlikely, the agency had violated its own rules by dragging out the process and then failing to give us a chance to narrow the request before rejecting it.  We pointed out these problems in an appeal of the IRS decision, but the agency refused to acknowledge these problems and again rejected our request.

In an attempt to figure out how the process had gone so wrong, we submitted another FOIA request in May 2016 requesting the “processing notes” for the original request.  These notes document what happens to a request once it arrives at a government agency.  They are internally made, follow a particular format, and should be among the simplest of documents to locate and share.  Yet the first delay letter soon arrived, and another one three months later.  Not wanting to wait for a third delay notification, we filed a lawsuit against the agency to get a full explanation of what happened.

Such lawsuits are often required to get a meaningful response from the government, and ours finally forced the IRS to release the processing notes for our original request. So what was the explanation for the agency refusing to conduct a simple search – and taking over a year to say so?

Apparently, there wasn’t one. The IRS tax law specialist processing the request had marked in her records all the way back in December 2014 that a search had been done and “produced no documents.”  This happened four months before the IRS called our request “an unreasonable burden,” seven months before the agency claimed it was “unable to initiate a search” at all, and a full two years before we filed suit just to discover the IRS could have saved everyone time and money simply by reporting its original findings.

Why would government officials compare our request to “an all-encompassing fishing expedition” if they already knew there weren’t any fish to catch? The answer, if there is one, remains to be seen.  The original FOIA request is the subject of a separate and ongoing lawsuit, but the IRS has not yet produced any responsive documents.  If no improper communication took place between the lawyers transferred to the White House and their former IRS colleagues, then that is good news.  If no ethics training was given to those lawyers, then that good news is merely a coincidence.  Whatever the truth turns out to be, it is a worrying sign that a simple request can result in years of delays, constant obstruction, contradictory answers, and no solid explanation for any of these.

John McGlothlin is counsel at Cause of Action Institute

CoA Institute Files Lawsuit for ObamaCare Records

Washington, D.C. – Cause of Action Institute (“CoA Institute”) filed a lawsuit in the U.S. District Court for the District of Columbia after the Department of Health and Human Services (“HHS”) failed to disclose records about the potential misuse of taxpayer information to market the Affordable Care Act (“ACA”), as well as records on the funding of two controversial ACA programs.

The lawsuit follows three Freedom of Information Act (“FOIA”) requests to HHS and its subsidiary agency, the Centers for Medicare and Medicaid Services (“CMS”), seeking records relating to obligations under the transitional reinsurance program and the risk corridors program, as well as attempts to market ObamaCare to individuals who declined coverage by using information obtained from individual federal tax returns. The agencies failed to produce any responsive records well past the applicable FOIA time limits.

Cause of Action Institute President and CEO John Vecchione: “It appears that senior Obama administration officials acted against taxpayers’ interests and disregarded the law to make ObamaCare appear more successful. Under the law, Americans’ tax information may be used to determine eligibility for subsidies, but not to market ObamaCare to individuals who have already declined to enroll. Disclosures of taxpayer information by the IRS raises serious privacy concerns. As Congress continues its efforts to repeal and replace the ACA, it’s more important than ever for HHS to be transparent and forthcoming about ObamaCare’s failures and missteps in implementation.”

Background

Taxpayer Information: To boost enrollment in ACA programs, it appears the Obama administration attempted to market the ACA to individuals who declined coverage by using information obtained from individual tax returns. A fact sheet released by CMS highlights its plan to “conduct outreach to individuals and families who paid the fee for being uninsured, or claimed an exemption from that fee, for 2015.” Under the ACA, however, tax information may only be used to determine ACA subsidy eligibility; it may not be used to market the ACA to individuals who have already declined to enroll. Taxpayer information disclosures by the IRS to an unknown number of individuals at CMS and throughout the government raises serious legal and privacy concerns.

Risk Corridors: Since its enactment, the ACA has faced considerable funding issues. The risk corridors program was supposed to collect payments from insurers with lower than expected losses and redirect the money to subsidize insurers with higher than expected losses. Because of low enrollment and monetary shortfalls, a CMS memorandum announced that funding for the risk corridors program would not be available to insurers in 2015. The memorandum, however, appears to invite insurers to sue CMS and then settle with the Department of Justice (“DOJ”) to obtain funding, which would constitute an end-run of a provision enacted by Congress in 2014 to prevent shifting funds into the risk corridors program and a violation of DOJ guidance regarding “backdoor bailouts.” Obtaining risk corridor funding through the DOJ Judgment Fund would be an illegal misuse of appropriated taxpayer money.

Reinsurance Program: Section 1341 of the ACA requires the HHS to return payments to taxpayers under the transitional reinsurance program. Under this program HHS collects reinsurance contributions from health insurance providers and third party administrators on behalf of group health plans. In 2014, HHS was supposed to collect $10 billion in payments to health insurers who enroll high-risk individuals and an additional $2 billion in contributions to be deposited directly to the U.S. Treasury. Unfortunately for taxpayers, it appears when HHS collected less money than required by the ACA, the agency violated the law by allocating all funding to health insurers, depriving taxpayers of billions of dollars.

The full complaint can be found here

For information regarding this press release, please contact Zachary Kurz, Director of Communications: zachary.kurz@causeofaction.org

 

 

 

 

Government Obligated to Recover Colin Powell’s Emails

Washington, DC – Cause of Action Institute (“CoA Institute”) today filed its opposition to the government’s motion to dismiss a lawsuit to compel Secretary of State Rex Tillerson and U.S. Archivist David Ferriero to fulfill their statutory obligations to recover former Secretary of State Colin Powell’s work-related email records from a personal account hosted by AOL, Inc.  CoA Institute filed the lawsuit in October 2016 after then-Secretary John Kerry and Archivist Ferriero both failed to act on a CoA Institute Federal Records Act (“FRA”) notice and Freedom of Information Act (“FOIA”) request.

Cause of Action Institute President and CEO John Vecchione: “The law requires an agency or the Archivist to initiate action through the Attorney General to recover unlawfully removed records, especially when initial remedial efforts have failed.  This is a mandatory obligation that cannot be sidestepped.  Whether AOL no longer has Secretary Powell’s email records in its systems is unproven.  More importantly, the government cannot point to any evidence that more intensive, forensic recovery methods—like those employed in the case of Secretary Clinton—might lead to the recovery of these important and historically-vital State Department records.”

In September 2016, the House Oversight & Government Reform Committee held a hearing at which then-Under Secretary of State Patrick Kennedy testified that the State Department had undertaken minimal efforts to retrieve Powell’s work-related email.  After learning that Powell no longer had access to his AOL account or its contents, the State Department merely asked that Powell contact AOL to see if anything could be retrieved.  Despite a request from the National Archives and Records Administration (“NARA”) to contact AOL directly, the State Department never did so.

The government now argues the case should be dismissed because CoA Institute cannot show that involving the Attorney General will result in the recovery of Powell’s email.  That argument is faulty on both the law and the facts.  As to the law, the government confuses the nature of an agency head’s non-discretionary obligation under the FRA, which requires it to initiate action through the Attorney General to recover unlawfully removed records.  This requirement is all the more important when an agency’s or the Archivist’s remedial recovery efforts have proven fruitless.

Though the State Department and NARA exerted minimal effort to recover Powell’s email records, they failed.  Moreover, the government has yet to prove that the Attorney General could not achieve that recovery.  Many State Department officials believed that federal records that had been deleted from Secretary Hillary Clinton’s private email server were unrecoverable, for example, but the FBI retrieved many of those records using forensic techniques.  The same could be done here, assuming AOL cannot in fact access or recover Powell’s records through less intensive means.

Although the government argues that Powell’s email records are no longer in AOL’s system, that allegation depends on unreliable hearsay.  The State Department relies on the representations of Powell’s secretary, but an email uncovered by CoA Institute through FOIA shows that this representative received only vague details about an apparent phone conservation between someone at AOL and a staff member of the House Oversight Committee, during the course of which the unnamed AOL employee indicated that AOL no longer had Powell’s email.  The details of the phone call, the exact content of the representations made, and the reasons for why AOL reached the conclusion it did are all unclear, but even assuming the truth of the claim, it does not speak to the ability of the government to recover Powell’s email through other means.

Cause of Action Institute’s opposition brief can be accessed HERE.

John Vecchione Named President and CEO of Cause of Action Institute

Washington D.C. – John Vecchione has been tapped as the new President and CEO of Cause of Action Institute (“CoA Institute”), a non-profit government watchdog group and public interest law firm based in Washington, D.C.  Mr. Vecchione first joined CoA Institute as Vice President in March, 2016, bringing more than two decades of extensive litigation experience as both a trial lawyer and appellate advocate.

“As President of Cause of Action Institute, I will continue to advocate for a more transparent and accountable government free from waste, fraud, abuse, and cronyism,” Vecchione said. “It is an honor to lead a dedicated, talented team of attorneys here at CoA Institute who are committed to advancing the ideals of a free and open society. In our organization’s short five-year history, we have represented numerous individuals whose livelihoods have been threatened by federal government overreach, and pressed to know how the Government is making decisions.  CoA Institute was founded to promote individual and economic liberty by limiting the power of the administrative state to make decisions that are contrary to freedom and prosperity. These goals have never been more important.”

dsc06987Mr. Vecchione earned his J.D. from Georgetown University Law Center in Washington, D.C., and his Bachelor’s Degree from Hamilton College in Clinton, N.Y. He has tried cases and argued appeals across the country in private practice and is a member of the bars of the State of New York, the District of Columbia, and the Commonwealth of Virginia, as well as the Supreme Court of the United States and many federal courts. Mr. Vecchione’s cases have been reported in scores of published opinions. He has published numerous op-eds advancing the freedom agenda and constitutional order in the Wall Street Journal, the Washington Times and many other forums.

John Vecchione’s full biography is available here