Search Results for: inspector general

Senate finally confirms President Trump’s nominee for Intelligence Community watchdog

Last week, the Senate finally approved the nomination of former Department of Justice attorney Michael Atkinson to be Inspector General of the Intelligence Community.  We commended President Trump on his decision to name Mr. Atkinson as a watchdog back in November 2017.  According to one source, part of the long delay in the confirmation process was due to Senate negotiations with the Director of National Intelligence over the firing of Dan Meyer, the Intelligence Community’s whistleblower ombudsman.  Yet it is still a sad reflection of the current political climate that Mr. Atkinson’s nomination was pending for roughly six months.

As I have argued previously, one of the most troubling aspects of President Obama’s legacy was his failure to nominate permanent Inspectors General (“IGs”) at many agencies across the federal government.  Without presidentially-appointed, Senate-confirmed leadership, there is always a real danger that IG offices will lack the necessary commitment to transparency and accountability in government.  Indeed, Senator Ron Johnson has argued that “acting” IGs—who are typically career civil servants—risk being “not truly independent [because] they can be removed by the agency at any time; they are only temporary and do not drive office policy; and they are at greater risk of compromising their work to appease the agency or the president.”

When President Obama left office, twelve agencies lacked an IG.  During his first year in office, President Trump steadily moved to remedy this dearth of leadership, but the pace of new nominations slowed at the end of last year, and much more now needs to be done.  According to the Project on Government Oversight, which has been tracking IG vacancies since the Obama Administration, there are currently nine agencies without a permanent watchdog, six of which must be appointed by the White House.  This includes vacancies at major Cabinet-level agencies, including the Department of Defense, the Department of Energy, and the Department of Housing and Urban Development.  The Department of the Interior, sadly, continues to lack a permanent IG since the previous watchdog left office 3,374 days ago.

Of course, not all the blame should be placed on the inaction or slow decision-making of President Trump.  Aside from Mr. Atkinson’s recent confirmation, another four presidential nominations have been pending in the Senate for an average of 236 days.  When the White House has moved to fill these watchdog vacancies, the Senate should prioritize its consideration and the confirmation process.  Many Executive Branch agencies have substantial budgets, and presidentially-appointed IGs provide a vital internal check on waste, fraud, and abuse.

Ryan P. Mulvey is Counsel at Cause of Action Institute.

Politics Clouding Criticism of the EPA’s Heightened Sensitive Review FOIA Procedures

Last week, a report from Politico revealed that the Environmental Protection Agency (“EPA”) maintains a burdensome “sensitive review” process for Freedom of Information Act (“FOIA”) requests concerning Administrator Scott Pruitt’s activities.  According to internal sources, officials within the Office of the Administrator have “reviewed documents collected for most or all FOIA requests regarding [Pruitt’s] activities[.]”  The Politico report further claims that this “high-level vetting” has increased, as compared with the policies and practices introduced during the Obama years.  “This does look like the most burdensome review process that I’ve seen documented,” argued Nate Jones from National Security Archive.

It is true that the Trump Administration has enhanced sensitive review processes at the EPA.  Other agencies have witnessed a similar expansion of sensitive review, as Cause of Action Institute’s investigation of the National Oceanic and Atmospheric Administration demonstrates.  But it would be a mistake—as I argued last December—to think that the Obama White House was any better at avoiding FOIA politicization.  The EPA has a long and terrible track record for anti-transparency behavior.  Consider the agency’s blatant weaponization of fee waivers.  According to data compiled by the Competitive Enterprise Institute, and reported by Reason and The Washington Examiner, the Obama EPA regularly denied public interest fee waivers to organizations critical of the agency’s regulatory activities and the White House’s policy agenda.  By contrast, left-leaning groups nearly always (92% of the time) received fee waivers.

In addition to this viewpoint discrimination, the EPA suffered other transparency scandals.  Former Administrator Lisa Jackson infamously used a fictional alter ego—“Richard Windsor”—to conduct agency business on an undisclosed government email account.  And the EPA “misplaced” over 5,000 text messages sent or received by former Administrator Gina McCarthy and other top officials.  The Obama-era EPA also tolerated the widespread use of personal email accounts by high-ranking bureaucrats, a practice that significantly frustrated public access to agency records and proved to foreshadow or parallel other FOIA scandals at the White House Office of Science and Technology Policy, the Department of Defense, and Department of Homeland Security, the Internal Revenue Service, and, most famously, the State Department.  It is noteworthy that, in March of 2015, The Guardian—hardly a right-leaning paper—could seriously ponder: “Is the EPA having a transparency crisis?

The history speaks for itself: the EPA under Scott Pruitt is not a new or unique threat to transparent government.  The litany of FOIA abuses at the EPA and other agencies under both Presidents Obama and Trump demonstrate that we should fight the tendency to view the problem of FOIA politicization through a partisan lens.  “Sensitive review” matured as a practice in the Obama Administration, and is continuing under President Trump, but there are institutional motivations for any and all bureaucrats, regardless of party affiliation, to frustrate the disclosure of records, particularly if they are embarrassing or raise the specter of media attention.

According to EPA Inspector General reports published in August 2015 and January 2011, the EPA’s FOIA regulations allow political appointees—including the Chief FOIA Officer and authorized disclosure official in the Office of the Administrator—to participate in approving requests and redacting records.  Is it any wonder that an agency follows its own long-established rules for processing requests it deems “sensitive”?  So long as the law gives the agency an opportunity to violate the spirit of the FOIA, the agency will take advantage of that discretion, even if it means violating statutory timelines for responding to requesters.

When Administrator Pruitt directed his staff to involve itself with the disclosure of records, he continued a tradition of obstructing the public’s right to access government information.  He deserves the criticism he has received.  But focusing on Administrator Pruitt’s (or President Trump’s) regulatory agenda, or his personal views on hot-button topics like global warming, obscures the underlying problem and makes it more difficult to reach consensus on how to address the real issues.  The FOIA and implementing regulations, for one, need to prohibit “sensitive review,” or at least provide serious restrictions on its implementation.  And guidance from the Department of Justice should address the troubling aspects that sensitive review can present.  This should be part of a solution that everyone who believes in transparency can accept.

Ryan P. Mulvey is Counsel at Cause of Action Institute

CoA Institute Calls for EPA Watchdog Investigation into the Use of Unauthorized Electronic Messaging and Web-Based Email Apps on Agency Devices

Washington, D.C. – Cause of Action Institute (“CoA Institute”) wrote yesterday to the Environmental Protection Agency (“EPA”) Office of Inspector General (“OIG”) to request an investigation into the unauthorized use of electronic messaging and web-based email applications on agency-furnished and taxpayer-funded mobile devices, including iPhones and iPads. CoA Institute’s request follows the recent release under the Freedom of Information Act (“FOIA”) of a contractor-generated report that proves EPA employees installed at least sixteen different messaging applications, including Facebook Messenger and Google Hangouts, in contravention of official agency policy.  EPA employees also installed personal email programs, such as AOL and Yahoo Mail, on their government phones.  The OIG previously examined the use of two other encrypted messaging applications, “Signal” and “WhatsApp,” after CoA Institute opened its own investigation into allegations concerning the possible avoidance of records management laws.

 Cause of Action Institute Counsel Ryan Mulvey: “The newest details concerning the range of applications that EPA employees installed on their taxpayer-funded phones and tablets raise serious concerns.  Beyond the fact that many of these applications should never have been found on a government phone because of their personal nature, the presence of sixteen different electronic messaging applications raises doubts about the EPA’s compliance with record preservation rules.  All work-related communications created or received on a personal email account, or an electronic messaging program like Facebook Messenger, should have been preserved for disclosure to the public.  The EPA Inspector General must examine this matter and consider what steps the agency should take to rectify any deficiencies in meeting its record preservation obligations.”

Shortly after President Trump took office, Politico reported that a small group of EPA employees were using an encrypted messaging application, called “Signal,” to discuss ways to prevent incoming political appointees from implementing the new Administration’s policy agenda.  CoA Institute opened an investigation and, over the past year, has slowly pieced together details about the Signal scandal.

In response to its first FOIA lawsuit, the EPA acknowledged that there was an “open law enforcement” investigation.  Then, records released to CoA Institute revealed how an EPA contractor “scanned” most agency-furnished devices for the different applications that had been installed by employees.  That scan, which was requested “orally” by the OIG, was conducted with a software tool known as “Mobile Device Management,” or “MDM.”  As part CoA Institute’s second FOIA lawsuit, the EPA disclosed the contractor-generated report, as well as other documents.  A summary of the report, which consists of a list running ninety-six pages long, identifies all of the applications installed on most agency-furnished devices.

In addition to Signal and WhatsApp, at least another sixteen applications with electronic messaging capabilities were used by EPA employees, along with three email programs.  To the extent the OIG was unaware of these other messaging applications, further inquiries are necessary, as the use of these applications raise issues relating to federal records management.  Moreover, although the OIG has reported that the EPA disabled the ability of many iPhone and iPad users to download the “Apple Store app,” and thus to install unauthorized applications, it is unknown whether all unapproved messaging applications have been deleted or, alternatively, whether adequate procedures have been put in place so that the EPA can meet its recordkeeping obligations.

CoA Institute’s April 11, 2018 letter to the EPA Inspector General is available HERE.

For information regarding this press release, please contact Nichole Wilson: Nichole.wilson@causeofaction.org

Cause of Action Institute Launches Investigation into Agency Use of Instant Messaging Applications

The number of communications devices and platforms has mushroomed in recent years, making communication both quicker and easier. Naturally, these technologies have been incorporated into business and government. The use of instant messaging applications (“IM”) for business communications has become so common that most enterprise software includes IM functionality (for example, Google Hangouts, Skype for Business instant messaging, Slack, etc.).

In response to these developments, the Federal Records Act (“FRA”) was amended in 2014 to codify a new definition of electronic messages.  The FRA now states that electronic messages include “electronic mail and other electronic messaging systems that are used for purposes of communicating between individuals” 44 U.S.C. § 2911. Electronic communications sent or received in the course of agency business—regardless of the method of message delivery—are therefore federal records and must be properly captured, retained, and stored such that they can be searched and reproduced upon request. National Archives and Records Administration (“NARA”) Bulletin 2015-02, “Guidance on Managing Electronic Messages,” makes this explicitly clear.

Unfortunately, recent events have highlighted the failure of federal agencies to properly capture, retain, and store electronic messages, including:

  • five months of missing, and then recovered, text messages between the FBI’s Peter Strzok and Lisa Page related to their official duties,
  • 2016 EPA Inspector General investigation into the use of encrypted text messages,
  • CFPB using encrypted messaging apps, the so-called “Dumbledore’s Army”,
  • IRS not retaining communications through their internal instant messaging system due to a memorandum of understanding with the Treasury Employees Union, and
  • NOAA’s questionable use of Google Hangouts.

It appears incidents of federal agencies neglecting and/or intentionally failing to properly capture, retain, and store electronic messages that are federal records are not isolated or exceptional. In light of this, CoA Institute has launched a broad inquiry into federal agencies’ efforts to implement the 2014 FRA amendments and NARA Bulletin 2015-02. Last week, CoA Institute sent FOIA requests to nearly forty agencies seeking records:

  • regarding policies on the use, retention, and management of electronic (instant) messages;
  • related to implementation of or compliance with NARA Bulletin 2015-02;
  • reflecting the electronic messaging systems installed on agency devices; and
  • reflecting whether the agency has enabled automatic electronic message archiving, indexing, and eDiscovery features on instant messaging platforms in use.

The FRA and Freedom of Information Act are essential to government transparency and accountability and they must be enforced even when—or especially when—government regulations, policies, and practices lag behind the implementation of new technologies. With respect to instant messages, the federal government’s characteristic bureaucratic torpidity bears potentially far-reaching implications for proper oversight of the federal government. With this investigation, CoA Institute seeks to discover whether (and where) government neglect or exploitation of new technologies threatens transparency and accountability.

 

Thomas Kimbrell is a research fellow at Cause of Action Institute.

Investigation Update: EPA Employees Used a Range of Messaging Apps and Other Non-Work-Related Programs on Agency-Issued Mobile Devices

Shortly after President Trump took office, Politico reported that a small group of career employees at the Environmental Protection Agency (“EPA”) were using an encrypted messaging application, called “Signal,” to discuss ways to prevent incoming political appointees from implementing the Trump Administration’s policy agenda.  The use of Signal at the EPA mirrored reports about the use of other electronic messaging platforms across the government.

Records recently released to CoA Institute under the Freedom of Information Act (“FOIA”) now confirm that a number of EPA employees installed Signal, WhatsApp, and at least sixteen other messaging applications on their agency-furnished devices.  These records also reveal that EPA employees installed a panoply of other applications—including email, sports betting, dating, and entertainment applications—that raise questions about the use of government-issued and taxpayer-funded mobile devices for personal purposes.

CoA Institute’s Investigation of Messaging Apps at the EPA

Cause of Action Institute (“CoA Institute”) opened its investigation into the use of Signal because we were concerned that the application might be used to conceal internal agency communications from oversight and to avoid EPA obligations under the FOIA and the Federal Records Act (“FRA”).  We were not alone in our suspicions.  After the House Committee on Science, Space, and Technology’s requested that the EPA Inspector General analyze the allegations reported in the press, the National Archives and Records Administration (“NARA”) opened its own inquiry into the potential violation of federal records management laws.  That inquiry remains open.

Over the past year we have slowly pieced together details about the Signal scandal.  In response to our first FOIA lawsuit, the EPA acknowledged that there was an “open law enforcement” investigation.  Although the EPA initially claimed that many records would be withheld in full, it changed its position and released records that corroborated the alarming facts reported by the media.  But, as we have explained, the records also revealed much more.  Among other things, they confirmed that CoA Institute’s original FOIA request, as reported by the Washington Times, was the actual impetus for the EPA Inspector General’s (“IG”) investigation.  As Assistant Inspector General Patrick Sullivan noted at the time:

The records also confirmed that an EPA contractor “scanned” most agency-furnished devices for the different applications that had been installed by employees.  This scan, which was requested by the IG, was conducted with a software tool known as “Mobile Device Management,” or “MDM.”  As part CoA Institute’s second FOIA lawsuit, the EPA disclosed that contractor-generated report, as well as other documents.

The EPA IG’s Investigatory Conclusions on Signal

The EPA IG memorialized its findings about the Signal scandal in a series of investigatory memoranda.  The watchdog determined that Signal was not used to “purposefully circumvent the applicable Federal record retention rules.”  Nevertheless, it concluded that two employees—one in the Office of the Inspector General and the other in the Office of the Science Advisor—violated agency policy by downloading the unapproved application, as revealed by a summary of a subset of the MDM report.

In each instance, the IG interviewed the offending employee and consulted the Department of Justice before concluding that no “discernable crime” had been committed.  The employee in the Office of Inspector General had downloaded Signal “to see if there was a suitable law enforcement purpose for the application.”

The employee in the Office of the Science Advisor denied having the application on his or her device, but consented to an examination of the phone.  Although Signal “did not appear to be currently installed,” there was no final explanation for how the application originally found its way onto the phone.  The IG opined that it could have happened due to unintentional synching with a personal Apple account.

But Maybe the Problem Was Never Signal . . .

As exonerating as the IG’s conclusion may be, the story does not end there.  While investigating the use of Signal, the EPA and the IG also discovered that fifty-eight employees violated official policy by downloading another encrypted messaging app, named “WhatsApp.”

The IG similarly determined that federal records laws had not been violated based on voluntary interviews of the fifty-eight employees, but this finding is somewhat contradicted by the admission of two employees that they used WhatsApp for “official EPA work.”

When all fifty-eight employees were polled on their “motivation and intent” for downloading WhatsApp, the clear majority cited a “lack of clarity” in the agency’s policy for not installing unapproved applications.  More than half also suggested that they had downloaded WhatsApp for “the purpose of keeping in touch with family/friends domestically or overseas.”

A Potentially Serious Deficiency in the EPA IG’s Inquiry

When the EPA scanned the contents of most mobile devices during the Signal investigation, it also produced a summary of all the applications installed on agency-furnished devices, along with an “install count” for each program.  The list runs ninety-six pages long and its contents are shocking.

To begin with, although the Signal scandal originally concerned the use of that single program, and was later expanded to include WhatsApp, the complete MDM report, which was released to CoA Institute, indicates that at least another sixteen applications with electronic messaging capabilities were being used by EPA employees.  These applications—many of which are likely unapproved and raise the exact same FOIA and FRA concerns as Signal and WhatsApp—include:

AIM (1 phone)
BlackBerry Messenger (3 phones)
Facebook Messenger (227 phones)
Google Hangouts (27 phones)
GroupMe (10 phones)
Jabber (27 phones)
KakaoTalk (3 phones)
Kik (1 phone)
LINE (1 phone)
Skype (58 phones)
Slack (7 phones)
Snapchat (25 phones)
Telegram (1 phone)
Viber (19 phones)
WeChat (2 phones)
WickrMe (1 phone)

Why did the EPA IG fail to investigate these other applications, some of which are capable of encrypted messaging?  Perhaps because the EPA’s Office of Environmental Information never handed over the full MDM report.  This is suggested by two records.

First, the EPA admitted to CoA Institute that it prepared two attachments (here and here) containing subsets of data from the MDM report, namely, those data that revealed the number and identifies of users with Signal or WhatsApp installed on their phones.

Second, the transmission of only the two summaries is suggested by the email referenced above, which also was disclosed to CoA Institute.  An IT team leader, Greg Zurla, sent the heads of the Office of Environmental Information, Steven Fine and Harvey Simon, the data about Signal and WhatsApp, but nothing else.  The IG’s final investigatory memoranda likewise reflect a targeted investigation into Signal and WhatsApp, with no mention of a broader dataset that could expose the unapproved use of similar encrypted messaging applications.

To the extent the IG was not—or still is not—aware of so many other messaging applications, then further inquiries need to be made.  Whether these platforms were used for personal or work-related purposes, they are problematic and raise issues relating to federal records management.  Moreover, although the IG has suggested that the EPA disabled the ability of some iPhone and iPad users to download the “Apple Store app,” and thus to install unauthorized applications, it is unknown whether all unapproved messaging applications have been deleted or, alternatively, whether adequate procedures have been put in place so that the EPA can meet all recordkeeping obligations.

The Use of Government Property for Personal Use is Deeply Troubling

The results of the IG investigation raise other troubling questions.  Why should a government employee be able to justify his installation of an unapproved, and legally problematic, application on agency-furnished hardware by claiming that he wanted to use it for personal purposes?  Should taxpayers pay for EPA employees to use government data plans to communicate with “family and friends”?

The full MDM report disturbingly reveals the sheer number of non-work-related applications that EPA employees installed.  Some of these, such as web-based email programs, raise records management issues that have plagued other agencies like the Department of Homeland Security.  The applications can be grouped into a number of categories.  Here is a sampling:

  • Web-Based Email
    AOL (16 phones)
    Gmail (129 phones)
    Yahoo Mail (56 phones)
  • Social Media
    Facebook (466 phones)
    Instagram (162 phones)
    LinkedIn (117 phones)
    Pinterest (75 phones)
    Reddit (20 phones)
    Twitter (310 phones)
  • Dating
    Coffee Meets Bagel (1 phone)
    OK Cupid (1 phone)
  • Personal Banking and Finance
    AmEx (11 phones)
    Barclaycard (6 phones)
    Bank of America (29 phones)
    CitiMobile (10 phones)
    Wells Fargo (24 phones)
    Navy Federal (11 phones)
    PayPal (10 phones)
  • Entertainment and Sports Betting
    Angry Birds (14 phones)
    Blackjack (5 phones)
    Candy Crush (32 phones)
    Draft Kings (1 phone)
    Duolingo (10 phones)
    ESPN (60 phones)
    Fandango (15 phones)
    HBO (15 phones)
    Netflix (73 phones)
    Pokémon GO (7 phones)
    Shazam (22 phones)
    SiriusXM (19 phones)
    Spotify (71 phones)
    YouTube (237 phones)
  • Shopping
    Amazon (56 phones)
    eBay (16 phones)
  • Religious
    Bible apps (22 phones)
    Catholic TV (1 phone)
  • Political
    Boycott Trump (1 phone)

Again, this is a non-exhaustive list.  The full list can be accessed here.

Based on the EPA’s list of approved “Terms of Service” agreements, it appears that most of these applications were never authorized for work-related business.  To the extent they were used for personal purposes, the EPA should take its workforce to task for abusing the privilege of a government-furnished and taxpayer-funded phone.

Although the IG reports that the EPA has disabled the Apple Store on newer models of the iPhone and iPad, we hope the agency makes serious efforts to remove these troubling applications from all makes and models of the hardware furnished to employees.  Simply stated, the EPA does not exist so its bureaucrats can spend the day watching Netflix, browsing eBay, or swiping right on a dating application.

Ryan P. Mulvey is Counsel at Cause of Action Institute.

White House Directive on Congressional Oversight Requests Classified as “Presidential Record,” Not Subject to Disclosure under the FOIA

A report published earlier this month by the General Services Administration (“GSA”) Inspector General (“IG”) provides new and illuminating, as well as concerning, details about the White House’s directives to agencies for responding to congressional oversight requests from Democratic legislators and other individual members of Congress.  The IG report confirms that during the first seven months of the Trump Administration, the GSA implemented “a series of . . . unpublished policies that effectively amended” its procedures for handling congressional communications, just as the press and transparency community alleged.  The report also concludes that the GSA’s latest published guidance, which was released in July 2017, is ambiguous because it does not reflect oral policies still in force and cites to a controversial May 2017 Department of Justice Office of Legal Counsel (“OLC”) opinion that the White House has publicly rejected.  Most alarmingly, the IG report identified the underlying written basis for the GSA’s “oral” policy as a White House-created document, which is marked “presidential record” and is therefore “excluded from public disclosure under the Presidential Records Act.”

Cause of Action’s Investigation into the GSA Nondisclosure Policy

For the past year, Cause of Action Institute (“CoA Institute’) has been investigating rumors—now confirmed by the GSA IG—that the White House is directing federal agencies to ignore congressional oversight requests from Democratic legislators and individual Members who are not committee chairmen.  Various reports in the media (here and here, for example) have detailed contentious interactions between congressional staffs and employees at the GSA and the Office of Personnel Management (“OPM”).  According to some sources, White House attorney Uttam Dhillon is responsible for instructing agencies “not to cooperate” with record requests from the minority.

CoA Institute filed a Freedom of Information Act (“FOIA”) request with the GSA in an effort to verify what the Trump Administration’s actual policy might be.  We asked for records concerning the “new policy” cited by the GSA’s Acting Administrator in testimony before Congress.  We also asked the GSA for records reflecting directives or guidance originating with the White House.  When the GSA finally provided its response, it left much to be desired.  The GSA only released two documents: a February 20, 2015 order on congressional and intergovernmental inquiries, which is now obsolete, and an April 15, 2009 White House memo that CoA Institute already had made publicly known in June 2013.

We appealed that final determination, which prompted the GSA to release two additional records created during the Trump Administration.  One of those records, a copy of the agency’s “updated Agency policy,” also known as GSA Order ADM 1040.3, was remarkable.  As I discussed in a September 2017 op-ed in The Hill, although the White House had by then disavowed the OLC opinion letter as a statement of government-wide policy following harsh criticism by Senator Chuck Grassley, GSA Order ADM 1040.3, which is dated July 24, 2017, expressly cites to the OLC opinion as the GSA’s—and, presumably, the White House’s—official policy.

We then wrote to the GSA seeking public clarification, but that request went unanswered.

Our efforts to investigate OPM have been less fruitful.  Last month, the agency responded to our FOIA request by disclosing a single email linking to the OLC opinion, but without further details concerning the opinion’s implementation or continued relevance.  Our appeal challenging the adequacy of OPM’s search efforts, as well as its redaction of the responsive email, is pending.

The GSA’s Confusing Use of “Oral” Policies for Nondisclosure

The IG’s report goes into significant detail describing the evolution of the GSA’s nondisclosure policy under President Trump, but a few key findings stand out:

  • The GSA developed a series of “oral” policies that “effectively amended” the GSA’s published procedures for dealing with Congress. These policies were formulated by the agency’s Senior White House Advisor and Acting General Counsel and disseminated throughout different agency components through “small in-person meetings,” “telephone calls,” and “hallway conversations.”  This sort of official but unwritten policy development violated the GSA’s “internal policymaking directives.”
  • This “oral” policy was continually modified. In March 2017, for example, the GSA decided to permit the disclosure of publicly available information or records that would otherwise be available under the FOIA to a non-congressional requester.  At this point, the GSA’s FOIA office started to process certain requests before providing records to the congressional affairs office for final release.  These changes were based on “guidance”—presumably, written—from the White House.
  • In another instance, the GSA started to treat congressional requests under the “Seven Member Rule” as seven individual requests, thereby avoiding mandatory disclosure as required by 5 U.S.C. § 2954. This development was prompted by Ranking Member Elijah Cummings and other Democrats on the House Oversight Committee investigating the Trump Old Post Office lease.
  • Once the GSA’s FOIA office started processing congressional requests, agency employees were unsure whether the FOIA’s procedural safeguards—such as the right to file an administrative appeal—applied.
  • In one remarkable case, despite instructions from Chairman Jason Chaffetz of the House Oversight Committee to produce agency records to both the Majority and Minority staffs, the GSA intentionally neglected to do so. A senior agency advisor reported to the GSA White House Liaison and Senior White House Advisor that the “cc to [Ranking Member] Cummings” had been “take[n] off” the response to Chairman Chaffetz.
  • The IG concluded that GSA’s nondisclosure policies did not contain vital whistleblower protection language required under federal law. Although the GSA has contested the IG’s interpretation of the law and its application in this context, the agency nevertheless agreed to change its published policies to include explicit whistleblower protection language.

The “Presidential Record” Underlying the Ongoing Problem

On May 19, 2017, the White House Office of Legislative Affairs provided the GSA with some “written guidance” on congressional oversight requests.  This guidance apparently reflected the “oral” policy that had already developed at the GSA, which limited disclosures for non-chairmen to publicly available or publicly accessible records.  This policy, and the underlying White House guidance, were the basis for the GSA Acting Administrator’s testimony before Congress.  And it is this guidance that was marked as a “presidential record,” thereby removing it from access under the FOIA.

Continued Uncertainty about the GSA’s Actual Policy

According to the IG, GSA Order ADM 1040.3 is ambiguous because it does not reflect the unwritten policies that have remained in place at the GSA as late as December 2017, as reported by some officials.  Indeed, two weeks after the order’s publication, and after the White House rejected the OLC opinion, the GSA’s Acting Commissioner for Public Buildings, in testimony before Congress, reiterated the GSA’s practice of responding only to committee chairmen.  He intimated that this was “in line with the current Administration’s policy on responding to oversight questions.”

Ultimately, the lesson here is that unwritten policies, besides being bad from a transparency perspective, lead to confusion and inconsistency.  The GSA IG concluded that many high-ranking officials at the GSA never fully understood the actual policy was for responding to congressional requests.  Nor could they answer vital questions: What was the legal basis, if any, for the GSA’s policy?  What was an “oversight” request?  Were congressional members in their individual capacity really subject to the FOIA with all of the statute’s procedural safeguards?  What role did the White House have in formulating the policy?  Was it agency-specific, or indicative of a wider, government-wide policy change?

In response to the IG’s revelations, the GSA has agreed to remove any reference to the OLC opinion in Order ADM 1040.3.  But the agency still insists on qualifying its commitment to processing disclosure requests from individual members based on unidentified “longstanding agency and Executive Branch policies.”

CoA Institute will continue to investigate this matter and the extent to which “oral” policies have influenced the processing of congressional oversight requests at other agencies.  In the meantime, we have submitted a new FOIA request to the GSA, explicitly seeking the so-called “presidential records” that were the basis for the GSA’s unwritten policies.  It is not clear why the Presidential Records Act should even apply in this instance.

Ryan Mulvey is Counsel at Cause of Action Institute

CoA Institute President John Vecchione Submits Written Testimony to Senate Judiciary Committee for Sunshine Week

Before The United States Senate Committee on the Judiciary

Hearing on The Freedom of Information Act: Examining the Administration’s Progress on Reforms and Looking Ahead

March 13, 2018

Written Testimony of John Vecchione

President & CEO, Cause of Action Institute

Chairman Grassley, Ranking Member Feinstein, and Members of the Committee, thank you for the opportunity to submit this written testimony about the Freedom of Information Act (“FOIA”), the implementation of the FOIA Improvement Act of 2016, and other issues related to government transparency.

My name is John Vecchione and I am the president and CEO of Cause of Action Institute (“CoA Institute”).  We are a nonpartisan, nonprofit government oversight organization committed to ensuring that government decision-making is open, honest, and fair.  We use various communication, investigatory, and legal tools to pursue that mission.  We believe deeply that in order for a government to be accountable to the people, it must be transparent.  To that end, we use the FOIA to gather information and educate the public.  But we also police agency behavior under the FOIA, submit regulatory comments on proposed FOIA regulations, and use strategic litigation to bring agencies into compliance with the FOIA and the Federal Records Act.[1]

Today, I would like to address two important topics: the proposed policy of Release to One, Release to All and agencies updating their regulations to reflect statutory changes in the FOIA.

Release to One, Release to All

In July 2016, the country celebrated the 50th anniversary of the FOIA.  Congress marked the occasion by passing the FOIA Improvement Act of 2016.[2]  In conjunction with signing the bill into law, President Obama announced a series of policies to implement the bill and build on the goal of increasing government transparency.[3]  One of those policy initiatives was to learn from the Department of Justice Office of Information Policy’s (“OIP”) Release to One, Release to All pilot program and to work toward all agencies posting their FOIA productions online.

President Obama wrote that this “concept would ensure that all citizens—not just those making a request—have access to information released under FOIA.”[4]

[The President then] direct[ed] the newly established Chief FOIA Officers Council to consider the lessons learned from the DOJ pilot program and work to develop a Federal Government policy establishing a “release to one is a release to all” presumptive standard for Federal agencies when releasing records under FOIA.  The Chief FOIA Officers Council [was directed to] examine issues critical to this policy’s implementation, including assessing the impact on investigative journalism efforts, as well as how best to address technological and resource challenges.[5]

President Obama established a “January 1, 2017 [deadline for] the Chief FOIA Officers Council [to] work with the Office of Management and Budget (‘OMB’) to provide further guidance” on this policy.[6]

On August 10, 2016, in a round of pre-publication comments, CoA Institute submitted comments to OMB and OIP that broadly supported the Release to One, Release to All policy and identified areas where explicit guidance language was necessary to prevent abuse of discretion or agency-avoidance behavior.[7]  We support the policy “because when an agency produces records under FOIA, it has reviewed those records for release to the public and not just the requester.  Proactive disclosure of records may reduce the need for use of FOIA to access information in the first place and thus lessen the burden on FOIA offices throughout the federal government.”[8]  Congress has long recognized that frequently requested records should be proactively disclosed by agencies.  In the FOIA Improvement Act of 2016, Congress directed that once a record has been requested and released three times, the agency must post the record in its electronic reading room.[9]  Release to One, Release to All simply takes this idea one step further and would have agencies release information to the public after the first FOIA request and production.

CoA Institute is concerned that too many exceptions to the Release to One, Release to All policy could undermine the policy’s goal.  Namely, in our comments, we highlighted that an exemption for content that is “inappropriate” could be abused “to protect the agency mission, agency head, administration generally, or the president from the political fallout of an embarrassing release.”[10]  CoA Institute has been investigating the role political interference plays in the release of information through FOIA,[11] and we urged OIP not to allow such considerations to taint a Release to One, Release to All policy.  As part of this project, we recently profiled the National Oceanic and Atmospheric Administration’s practice of applying so-called “sensitive review” procedures to “high visibility” FOIA requests.[12]

We also commented on several others issues as well, including: agency compliance the readability requirements of Section 508 of the Rehabilitation Act, the posting of auxiliary information along with produced documents (such as final determination letters), and recognizing the need for a short delay between releasing information to the requester and making information publicly available in order to safeguard incentives for requesters—particularly news organizations—to make requests in the first place.

In December 2016, OIP issued a request for comment in the Federal Register, seeking input on its draft guidance.[13]  The comment period closed on December 23, 2016.  President Obama’s January 1, 2017 deadline has come and gone; and, more than a year later, neither OMB nor OIP has finalized the guidance or implemented the policy.  OIP also has refused to respond to multiple requests for updates on its process of either finalizing or abandoning the policy.  Frustrated by this lack of action, in October 2017, CoA Institute joined with the Sunlight Foundation and filed a petition for rulemaking with OIP and OMB asking those agencies to finalize the Release to One, Release to All policy.[14]  We have not received a response.

Release to One, Release to All remains an important opportunity for the government to both increase the amount of government information in the public sphere and also potentially ease the burden on FOIA offices.  It is both ironic and unfortunate that the agencies tasked with implementing a transparency policy are being opaque about their plans with regard to the policy.  I urge this Committee to press OIP and OMB to finalize and implement Release to One, Release to All.

Agency FOIA Regulations

The FOIA Improvement Act of 2016 required agencies to update their FOIA regulations within 180 days of enactment to reflect the statutory changes.[15]  As often happens, most agencies missed this deadline but, as a whole, agencies have made moderate and steady progress in updating their regulations.

There are approximately 120 agencies subject to the FOIA.[16]  Although most agencies have their own regulations, some share regulations with another agency; and some entities within an agency, such as an office of inspector general, may have FOIA regulations separate from a parent agency.[17]  Therefore, there does not appear to be an exact count of how many FOIA regulations need to be updated with each statutory amendment.  According to FOIA Advisor, a website that tracks FOIA news and regulatory developments, since the passage of the FOIA Improvement Act of 2016, approximately sixty-three agencies, or about half, have either proposed or finalized updates to their FOIA regulations.

CoA Institute has been paying particular attention to this process because many agencies still maintain an anachronistic definition of a “representative of the news media,” a category of FOIA requester that is able to access records at a reduced cost.  Congress defined the term more than a decade ago in the Open Government Act of 2007.[18]  We were embroiled in litigation over this issue when the Federal Trade Commission used the outdated standard that an entity must be “organized and operated” to publish or broadcast news to deny CoA Institute access to records by claiming we did not qualify for reduced fees and demanding we pay a large sum in order to access records.  Unfortunately, agencies sometimes try to use fees and fee definitions to deny requesters access to records.  In 2015, CoA Institute secured an opinion from the U.S. Court of Appeals for the District of Columbia Circuit holding that the “organized and operated” standard has no place in FOIA administration and that agencies must use Congress’s statutory definition.[19]

Following that decision, CoA Institute has been submitting regulatory comments to agencies when they propose or finalize new FOIA regulations in an attempt to bring those agencies’ regulations in line with the 2007 Act and binding jurisprudence.  Over the past few years, we have submitted twenty-four regulatory comments, many focused on agencies’ improper fee definitions.

Relatedly, OMB maintains a three-decades-old guidance document—which the FOIA requires agencies to follow—directing agencies to use the “organized and operated” standard.[20]  CoA Institute is currently in litigation with OMB over a petition for rulemaking we submitted urging OMB to update its guidance and conform to the statute.[21]  When CoA Institute filed that petition, the improper “organized and operated” standard appeared in the Code of Federal Regulations more than seventy times, including in the FOIA regulations of eleven cabinet-level agencies.[22]  While we have been successful in convincing several agencies to conform to the statute,[23] the improper definition of a representative of the news media still appears in dozens of agency FOIA regulations and in OMB’s guidance.

CoA Institute will continue to monitor agency regulatory updates and urge them to bring their regulations into harmony with the FOIA statute.  I urge you to raise this issue with OMB and encourage them to update their guidance document.

Conclusion

I want to thank you again for the opportunity to submit this written statement for the record.  I look forward to continuing to work with you to secure the public’s right to access documents concerning the public’s business.

 

A PDF file of the testimony is available here.

[1] See, e.g., Judicial Watch, Inc. v. Kerry, 844 F.3d 952 (D.C. Cir. 2016) (securing decision as co-plaintiff that agency Federal Records Act obligations are not moot so long as agency can still recover records that have been unlawfully removed from the government); Cause of Action v. Fed. Trade Comm’n, 799 F.3d 1108 (D.C. Cir. 2015) (securing decision on proper definition of a “representative of the news media” under FOIA’s fee provisions).

[2] FOIA Improvement Act of 2016, Pub. L. No. 114-185, 130 Stat. 538 (2016).

[3] Press Release, The White House, Fact Sheet: New Steps Toward Ensuring Openness and Transparency in Government (June 30, 2016), available at http://bit.ly/2xSReOa.

[4] Id.

[5] Id.

[6] Id.

[7] Letter from James Valvo, Cause of Action Inst., to Hon. Shaun L. S. Donovan, Dir., Office of Mgmt. & Budget, White House, & Melanie Ann Pustay, Dir., Office of Info. Policy, Dep’t of Justice (Aug. 10, 2016) [hereinafter CoA Institute Release to One, Release to All Comment], available at http://coainst.org/2lej2GH.

[8] Id. at 2.

[9] FOIA Improvement Act of 2016 § 2(a); 5 U.S.C. § 552(a)(2)(D)(ii)(II).

[10] CoA Institute Release to One, Release to All Comment at 2.

[11] See Cause of Action Inst., Grading the Government: How the White House Targets Document Requesters (Mar. 18, 2014), available at http://coainst.org/2FpsnBr; Cause of Action Inst., White House FOIA Obstruction, http://bit.ly/2r0hBub (last visited Mar. 12, 2018).

[12] Ryan Mulvey, NOAA Records Demonstrate Expansion of Sensitive Review FOIA Procedures, Cause of Action Inst. (Mar. 12, 2018), http://coainst.org/2tFnLp5.

[13] Dep’t of Justice, Request for Public Comment on Draft “Release to One, Release to All” Presumption, 81 Fed. Reg. 89023 (Dec. 9, 2016); see Draft Mem. for the Heads of Departments & Agencies, “Release to One, Release to All” Presumption:  Achieving Greater Transparency by Making More Information Available Online, from Office of Info. Policy, Dep’t of Justice (undated).

[14] See Letter from Alex Howard, Deputy Dir., Sunlight Found. & James Valvo, CoA Inst., to Hon. Mick Mulvaney, Dir., Office of Mgmt. & Budget, White House, & Melanie Ann Pustay, Dir., Office of Info. Policy, Dep’t of Justice (Oct. 31, 2017), available at http://coainst.org/2I6Xkf6.

[15] FOIA Improvement Act of 2016 § 3(a).

[16] See FOIA.gov, Where to Make a FOIA Request, Full List of Agencies, https://www.foia.gov/report-makerequest.html (last visited Mar. 12, 2018) (listing agency FOIA contacts).

[17] See, e.g., 7 C.F.R. pt. 2620 (Department of Agriculture Office of Inspector General maintaining separate FOIA regulations).

[18] See Openness Promotes Effectiveness in our National Government Act of 2007 § 3, Pub. L. No. 110-175, 121 Stat. 2524, 2525 (2007).

[19] See Cause of Action, 799 F.3d at 1119.

[20] See Office of Mgmt. & Budget, Uniform Freedom of Information Act Fee Schedule and Guidelines, 52 Fed. Reg. 10012 (Mar. 27, 1987); 5 U.S.C. § 552(a)(4)(A)(i) (Agency fee schedules “shall conform to the guidelines which shall be promulgated . . . by the Director of [OMB] and which shall provide for a uniform schedule of fees for all agencies.”).

[21] See Cause of Action Inst. v. White House Office of Mgmt. & Budget, No. 17-2310 (D.D.C. filed Nov. 2, 2017).

[22] See Letter from James Valvo, CoA Inst. to, Hon. Shaun L.S. Donovan, Dir., Office of Mgmt. & Budget, at 4 (June 2, 2016) (listing agencies), available at http://coainst.org/2D64Raw.

[23] See Ryan Mulvey, CoA Institute Criticizes the Presido Trust on Flawed FOIA Rule, Cause of Action Inst., Mar. 6, 2018, http://coainst.org/2FolU9M (detailing successful regulatory comments to “among others, the Consumer Product Safety Commission, Office of the Special Counsel, Department of Defense, U.S. Agency for International Development, and Department of Homeland Security”).