Gone in an Instant: How Instant Messaging Threatens the Freedom of Information Act

New Report: Federal Agencies Violating Federal Law,  
Not Preserving Instant Messaging Records

Arlington, VA (March 16, 2020)Cause of Action Institute (“CoA Institute”) and Americans for Prosperity Foundation (“AFPF”) today released an investigative reportGone in an Instant: How Instant Messaging Threatens the Freedom of Information ActThe report reveals how numerous federal agencies are violating federal records law and guidance from the National Archives by not preserving instant messaging (“IM”) records. Like email in the 1990s, IM’s increasing integration into the workplace is changing the way people do business. In 2014, Congress amended the Federal Records Act to specifically require that electronic messages be retained. Agencies’ failure to preserve records created on IM platforms (Slack, Teams, Hangouts, etc.), which are prevalent in the workplace, threatens to undermine the Freedom of Information Act (“FOIA”) and put much of the federal government in the dark.  

The report scored IMrecordsmanagement practices of more than two dozen agencies and only four received passing scores: Federal Communications Commission, Council of the Inspectors General on Integrity and Efficiency, Department of Agriculture, and National Aeronautics and Space Administration. Nine agencies received a middling grade of needs improvement and thirteen agencies received a “poor” gradeFourteen agencies did not produce records in response to the investigation and were not graded.  

AFPF Chief Policy Counsel and CoA Institute Executive Director James Valvo issued the following statement: 

Retaining government records in a searchable system is fundamental to transparency, allowing journalists, citizen watchdogs, and the general public to oversee what their government is doingWith the use of instantmessaging platforms in the workplace, it is troubling that only four agencies have acceptable policies to preserve records, as required by the Federal Records ActThis report should serve as a wakeup call for Congress and federal agencies to take decisive action to ensure agencies are complying with federal law. 

Key Findings from the Report: 

  • Thirteen of the sixteen agencies that produced their IM policies do not preserve instant messages as a matter of policy—a violation of federal law and NARA guidance. For example: 
  • The General Services Agency declared in a memo that the instant messaging platform it uses, Google Hangouts, “would not be considered a system of record. Therefore, GSA-IT should set the History feature to off for the GSA.gov domain. 
  • The Department of Labor’s records management program, dated 2017, contains a single sentence regarding IM policy: “NOTE: At this time DOL has determined Instant Messaging will not be used to create records.” 
  • Only three agencies produced records reflecting policies to automatically preserve IMs, a commonly available feature on most instant-messaging platforms. 
  • Of the twenty agencies that produced their policies for employee use of IM, thirteen allow its use but prohibit employees from creating or sending an official record through IM and three ban IM use altogether. Prohibiting IM use to conduct business is unrealistic and contrary to NARA guidance. 
  • Many agencies have not incorporated the 2014 Presidential and Federal Records Act Amendments and subsequent NARA guidance into their records management policies. 
  • Agencies are shirking their responsibility to manage IM records by prohibiting the use of instant messaging or erroneously claiming instant messages are insignificant and do not need be saved. 
  • Only ten of the twenty-five agencies that responded to our FOIA requests could produce records of instant messages. 

Read the full report HERE. 

# # # 

Media Contact: briggs@standtogether.org 

About Americans for Prosperity Foundation 

Americans for Prosperity Foundation is a 501(c)(3) nonprofit organization committed to educating and training Americans to be courageous advocates for the ideas, principles, and policies of a free and open society. 

 

About Cause of Action Institute 

Cause of Action Institute is a 501(c)(3) nonprofit, nonpartisan government oversight organization that uses investigative, legal, and communications tools to educate the public on how government accountability, transparency, the rule of law, and principled enforcement of the separation of powers protects liberty and economic opportunity. 

Cause of Action Institute Secures Rare Preservation Order in Fight to Obtain DOJ Records Created on Personal Email Account

Government official caught using personal email to conduct official business ordered to maintain copies of all records in Gmail account

Washington, D.C. (April 26, 2019) – Cause of Action Institute (CoA Institute), a nonpartisan government watchdog organization, today announced it had secured a rare federal court order requiring a former U.S. Department of Justice (DOJ) employee to preserve the contents of her personal email account, which had been used to conduct official agency business. Those records may be subject to later release.

Ryan Mulvey, counsel for CoA Institute, issued the following statement:

“Government transparency is a fundamental necessity in a free and open society. The use of personal devices to conduct official business remains a serious concern, resulting in records being lost, unsecured, or improperly destroyed. In some cases, personal email accounts are used to avoid disclosure altogether. This court order is an important reminder to all government employees to avoid using personal email and devices and adhere to all relevant agency rules and government transparency statutes. It also is a warning to agencies to ensure that they meet their record-keeping obligations.”

U.S. District Court Judge Amit Mehta granted Cause of Action’s motion, ordering the U.S. Department of Justice to require a former employee, Sarah Isgur Flores, not to delete any emails stored in her personal Gmail account, and to store copies of the account’s contents onto a thumb drive or other storage device, including all emails in archived or deleted folders. The Court also ordered Ms. Flores to maintain the emails until further instructed, and gave the U.S. Department of Justice until May 2, 2019 to provide notice of its compliance with the preservation order. Although the issuance of such a preservation order is rather rare, it is the latest example in a developing trend. Federal courts have become increasingly concerned about the use of personal email to conduct agency business, and they are taking serious the possible loss or destruction of government records that may be subject to the Freedom of Information Act (FOIA) and other federal records management statutes, including the Federal Records Act.

Background

In 2017, media reports indicated that Sarah Isgur Flores, then-spokeswoman for Attorney General Jeff Sessions, used her personal email to issue official statements on behalf of the government. Due to concerns that this sort of behavior could harm the public’s access to official records, and in light of past instances of personal email having been used as a way to conceal public information, Cause of Action Institute filed a FOIA request for Ms. Flores official work-related emails sent or received through her personal devices or accounts. After waiting more than 18 months for a response, CoA Institute sued DOJ to force the disclosure of the Flores records.

On September 27, 2018, DOJ responded, “As is evident from the enclosed records, Ms. Flores forwarded emails sent to her personal account to her official Department of Justice email account, including through an automatic forward. As such, all of these emails were located pursuant to our search of Ms. Flores’ official Department of Justice email account.”

However, within the 112 pages produced by DOJ, the original email issued by Ms. Flores, as reported by members of the press, was missing. Despite raising this issue with DOJ, the government insisted the 112 pages were a full-and-complete record. As a result, and after learning of Ms. Flores’s departure from public service, CoA Institute filed a motion, urging the court to compel DOJ and Ms. Flores to preserve all relevant records.

Late on Thursday, April 25, the Court granted CoA Institute’s motion in full, compelling the government to coordinate with Ms. Flores to preserve her personal email account and maintain copies pending further court proceedings.

-30-

CoA Institutes’s Motion for Preservation Order

Federal Court’s Order for Preservation of Records 

Related Stories:

 

 

 

Politics Clouding Criticism of the EPA’s Heightened Sensitive Review FOIA Procedures

Last week, a report from Politico revealed that the Environmental Protection Agency (“EPA”) maintains a burdensome “sensitive review” process for Freedom of Information Act (“FOIA”) requests concerning Administrator Scott Pruitt’s activities.  According to internal sources, officials within the Office of the Administrator have “reviewed documents collected for most or all FOIA requests regarding [Pruitt’s] activities[.]”  The Politico report further claims that this “high-level vetting” has increased, as compared with the policies and practices introduced during the Obama years.  “This does look like the most burdensome review process that I’ve seen documented,” argued Nate Jones from National Security Archive.

It is true that the Trump Administration has enhanced sensitive review processes at the EPA.  Other agencies have witnessed a similar expansion of sensitive review, as Cause of Action Institute’s investigation of the National Oceanic and Atmospheric Administration demonstrates.  But it would be a mistake—as I argued last December—to think that the Obama White House was any better at avoiding FOIA politicization.  The EPA has a long and terrible track record for anti-transparency behavior.  Consider the agency’s blatant weaponization of fee waivers.  According to data compiled by the Competitive Enterprise Institute, and reported by Reason and The Washington Examiner, the Obama EPA regularly denied public interest fee waivers to organizations critical of the agency’s regulatory activities and the White House’s policy agenda.  By contrast, left-leaning groups nearly always (92% of the time) received fee waivers.

In addition to this viewpoint discrimination, the EPA suffered other transparency scandals.  Former Administrator Lisa Jackson infamously used a fictional alter ego—“Richard Windsor”—to conduct agency business on an undisclosed government email account.  And the EPA “misplaced” over 5,000 text messages sent or received by former Administrator Gina McCarthy and other top officials.  The Obama-era EPA also tolerated the widespread use of personal email accounts by high-ranking bureaucrats, a practice that significantly frustrated public access to agency records and proved to foreshadow or parallel other FOIA scandals at the White House Office of Science and Technology Policy, the Department of Defense, and Department of Homeland Security, the Internal Revenue Service, and, most famously, the State Department.  It is noteworthy that, in March of 2015, The Guardian—hardly a right-leaning paper—could seriously ponder: “Is the EPA having a transparency crisis?

The history speaks for itself: the EPA under Scott Pruitt is not a new or unique threat to transparent government.  The litany of FOIA abuses at the EPA and other agencies under both Presidents Obama and Trump demonstrate that we should fight the tendency to view the problem of FOIA politicization through a partisan lens.  “Sensitive review” matured as a practice in the Obama Administration, and is continuing under President Trump, but there are institutional motivations for any and all bureaucrats, regardless of party affiliation, to frustrate the disclosure of records, particularly if they are embarrassing or raise the specter of media attention.

According to EPA Inspector General reports published in August 2015 and January 2011, the EPA’s FOIA regulations allow political appointees—including the Chief FOIA Officer and authorized disclosure official in the Office of the Administrator—to participate in approving requests and redacting records.  Is it any wonder that an agency follows its own long-established rules for processing requests it deems “sensitive”?  So long as the law gives the agency an opportunity to violate the spirit of the FOIA, the agency will take advantage of that discretion, even if it means violating statutory timelines for responding to requesters.

When Administrator Pruitt directed his staff to involve itself with the disclosure of records, he continued a tradition of obstructing the public’s right to access government information.  He deserves the criticism he has received.  But focusing on Administrator Pruitt’s (or President Trump’s) regulatory agenda, or his personal views on hot-button topics like global warming, obscures the underlying problem and makes it more difficult to reach consensus on how to address the real issues.  The FOIA and implementing regulations, for one, need to prohibit “sensitive review,” or at least provide serious restrictions on its implementation.  And guidance from the Department of Justice should address the troubling aspects that sensitive review can present.  This should be part of a solution that everyone who believes in transparency can accept.

Ryan P. Mulvey is Counsel at Cause of Action Institute

CoA Institute Calls for EPA Watchdog Investigation into the Use of Unauthorized Electronic Messaging and Web-Based Email Apps on Agency Devices

Washington, D.C. – Cause of Action Institute (“CoA Institute”) wrote yesterday to the Environmental Protection Agency (“EPA”) Office of Inspector General (“OIG”) to request an investigation into the unauthorized use of electronic messaging and web-based email applications on agency-furnished and taxpayer-funded mobile devices, including iPhones and iPads. CoA Institute’s request follows the recent release under the Freedom of Information Act (“FOIA”) of a contractor-generated report that proves EPA employees installed at least sixteen different messaging applications, including Facebook Messenger and Google Hangouts, in contravention of official agency policy.  EPA employees also installed personal email programs, such as AOL and Yahoo Mail, on their government phones.  The OIG previously examined the use of two other encrypted messaging applications, “Signal” and “WhatsApp,” after CoA Institute opened its own investigation into allegations concerning the possible avoidance of records management laws.

 Cause of Action Institute Counsel Ryan Mulvey: “The newest details concerning the range of applications that EPA employees installed on their taxpayer-funded phones and tablets raise serious concerns.  Beyond the fact that many of these applications should never have been found on a government phone because of their personal nature, the presence of sixteen different electronic messaging applications raises doubts about the EPA’s compliance with record preservation rules.  All work-related communications created or received on a personal email account, or an electronic messaging program like Facebook Messenger, should have been preserved for disclosure to the public.  The EPA Inspector General must examine this matter and consider what steps the agency should take to rectify any deficiencies in meeting its record preservation obligations.”

Shortly after President Trump took office, Politico reported that a small group of EPA employees were using an encrypted messaging application, called “Signal,” to discuss ways to prevent incoming political appointees from implementing the new Administration’s policy agenda.  CoA Institute opened an investigation and, over the past year, has slowly pieced together details about the Signal scandal.

In response to its first FOIA lawsuit, the EPA acknowledged that there was an “open law enforcement” investigation.  Then, records released to CoA Institute revealed how an EPA contractor “scanned” most agency-furnished devices for the different applications that had been installed by employees.  That scan, which was requested “orally” by the OIG, was conducted with a software tool known as “Mobile Device Management,” or “MDM.”  As part CoA Institute’s second FOIA lawsuit, the EPA disclosed the contractor-generated report, as well as other documents.  A summary of the report, which consists of a list running ninety-six pages long, identifies all of the applications installed on most agency-furnished devices.

In addition to Signal and WhatsApp, at least another sixteen applications with electronic messaging capabilities were used by EPA employees, along with three email programs.  To the extent the OIG was unaware of these other messaging applications, further inquiries are necessary, as the use of these applications raise issues relating to federal records management.  Moreover, although the OIG has reported that the EPA disabled the ability of many iPhone and iPad users to download the “Apple Store app,” and thus to install unauthorized applications, it is unknown whether all unapproved messaging applications have been deleted or, alternatively, whether adequate procedures have been put in place so that the EPA can meet its recordkeeping obligations.

CoA Institute’s April 11, 2018 letter to the EPA Inspector General is available HERE.

For information regarding this press release, please contact Nichole Wilson: Nichole.wilson@causeofaction.org

Cause of Action Institute Launches Investigation into Agency Use of Instant Messaging Applications

The number of communications devices and platforms has mushroomed in recent years, making communication both quicker and easier. Naturally, these technologies have been incorporated into business and government. The use of instant messaging applications (“IM”) for business communications has become so common that most enterprise software includes IM functionality (for example, Google Hangouts, Skype for Business instant messaging, Slack, etc.).

In response to these developments, the Federal Records Act (“FRA”) was amended in 2014 to codify a new definition of electronic messages.  The FRA now states that electronic messages include “electronic mail and other electronic messaging systems that are used for purposes of communicating between individuals” 44 U.S.C. § 2911. Electronic communications sent or received in the course of agency business—regardless of the method of message delivery—are therefore federal records and must be properly captured, retained, and stored such that they can be searched and reproduced upon request. National Archives and Records Administration (“NARA”) Bulletin 2015-02, “Guidance on Managing Electronic Messages,” makes this explicitly clear.

Unfortunately, recent events have highlighted the failure of federal agencies to properly capture, retain, and store electronic messages, including:

  • five months of missing, and then recovered, text messages between the FBI’s Peter Strzok and Lisa Page related to their official duties,
  • 2016 EPA Inspector General investigation into the use of encrypted text messages,
  • CFPB using encrypted messaging apps, the so-called “Dumbledore’s Army”,
  • IRS not retaining communications through their internal instant messaging system due to a memorandum of understanding with the Treasury Employees Union, and
  • NOAA’s questionable use of Google Hangouts.

It appears incidents of federal agencies neglecting and/or intentionally failing to properly capture, retain, and store electronic messages that are federal records are not isolated or exceptional. In light of this, CoA Institute has launched a broad inquiry into federal agencies’ efforts to implement the 2014 FRA amendments and NARA Bulletin 2015-02. Last week, CoA Institute sent FOIA requests to nearly forty agencies seeking records:

  • regarding policies on the use, retention, and management of electronic (instant) messages;
  • related to implementation of or compliance with NARA Bulletin 2015-02;
  • reflecting the electronic messaging systems installed on agency devices; and
  • reflecting whether the agency has enabled automatic electronic message archiving, indexing, and eDiscovery features on instant messaging platforms in use.

The FRA and Freedom of Information Act are essential to government transparency and accountability and they must be enforced even when—or especially when—government regulations, policies, and practices lag behind the implementation of new technologies. With respect to instant messages, the federal government’s characteristic bureaucratic torpidity bears potentially far-reaching implications for proper oversight of the federal government. With this investigation, CoA Institute seeks to discover whether (and where) government neglect or exploitation of new technologies threatens transparency and accountability.

 

Thomas Kimbrell is a research fellow at Cause of Action Institute.