CoA Institute Calls on Department of Agriculture to Revise Problematic FOIA Rule

Cause of Action Institute (“CoA Institute”) submitted a comment today to the Department of Agriculture (“USDA”) concerning the agency’s publication of a deficient rule that proposes revisions to the agency’s Freedom of Information Act (“FOIA”) regulations.  CoA Institute explained that USDA’s FOIA rule fails to provide a definition of a “representative of the news media” that conforms with statutory and judicial authorities.  The proposed regulations also could cause confusion by directing agency staff to consult outdated fee guidance published by the White House Office of Management and Budget (“OMB”).

News Media Fee Category

USDA’s proposed regulations improperly retain the so-called “organized and operated” standard in the definition of a “representative of the news media.”  This is an important deficiency because the “organized and operated” standard has been used in the past to deny news media requester status to nascent media groups and government watchdog organizations like CoA Institute.  Indeed, CoA Institute took another agency—the Federal Trade Commission—to court, and argued its case all to the way to the D.C. Circuit, just to get the agency to acknowledge that its similar retention of the “organized and operated” standard was unlawful and led to improperly denying CoA Institute a fee reduction.  The D.C. Circuit eventually issued a landmark decision in CoA Institute’s favor to clarify proper fee category definitions and their application in FOIA cases.

Congress amended the FOIA to provide a straightforward and comprehensive definition of a “representative of the news media.”  USDA—and all other agencies—should not attempt to modify that definition or introduce additional hurdles for news media requesters.

OMB Fee Guidelines

USDA’s FOIA rule also proposes to retain references to the OMB’s 1987 FOIA fee guidelines, which are the genesis of the “organized and operated” standard.  Specifically, USDA would like its disclosure officials to estimate fees in accordance with the OMB fee guidelines.  But those guidelines are outdated and unreliable.  Over the past thirty years, Congress has amended the FOIA on numerous occasions, courts have developed overriding FOIA jurisprudence, and technology has evolved in significant ways.  Yet OMB has made no effort to revisit its fee guidance.  That guidance should not be used as a reference point for the proper administration of the FOIA.

In 2016, the FOIA Advisory Committee and the Archivist of the United States called on OMB to update the fee guidelines.  CoA Institute even filed a petition for rulemaking on this issue.  Last November, we filed a lawsuit to compel the agency to provide a response to that petition.  Until OMB acts to revise its fee guidelines, USDA should not direct its staff to consult them in any way as authoritative.

Other Agencies Have Followed CoA Institute’s Advice

CoA Institute has succeeded in convincing a number of other agencies to abandon the OMB’s “organized and operated” standard in favor of a proper definition of “representative of the news media” in line with the FOIA statute and controlling case law.  Those agencies include, among others, the Consumer Product Safety Commission, Office of the Special Counsel, Department of Defense, U.S. Agency for International Development, and Department of Homeland Security.  We hope that USDA similarly will revisit its FOIA rule and eliminate the “organized and operated” standard in lieu of a proper definition of a news media requester.

Ryan Mulvey is Counsel at Cause of Action Institute

Senate finally confirms President Trump’s nominee for Intelligence Community watchdog

Last week, the Senate finally approved the nomination of former Department of Justice attorney Michael Atkinson to be Inspector General of the Intelligence Community.  We commended President Trump on his decision to name Mr. Atkinson as a watchdog back in November 2017.  According to one source, part of the long delay in the confirmation process was due to Senate negotiations with the Director of National Intelligence over the firing of Dan Meyer, the Intelligence Community’s whistleblower ombudsman.  Yet it is still a sad reflection of the current political climate that Mr. Atkinson’s nomination was pending for roughly six months.

As I have argued previously, one of the most troubling aspects of President Obama’s legacy was his failure to nominate permanent Inspectors General (“IGs”) at many agencies across the federal government.  Without presidentially-appointed, Senate-confirmed leadership, there is always a real danger that IG offices will lack the necessary commitment to transparency and accountability in government.  Indeed, Senator Ron Johnson has argued that “acting” IGs—who are typically career civil servants—risk being “not truly independent [because] they can be removed by the agency at any time; they are only temporary and do not drive office policy; and they are at greater risk of compromising their work to appease the agency or the president.”

When President Obama left office, twelve agencies lacked an IG.  During his first year in office, President Trump steadily moved to remedy this dearth of leadership, but the pace of new nominations slowed at the end of last year, and much more now needs to be done.  According to the Project on Government Oversight, which has been tracking IG vacancies since the Obama Administration, there are currently nine agencies without a permanent watchdog, six of which must be appointed by the White House.  This includes vacancies at major Cabinet-level agencies, including the Department of Defense, the Department of Energy, and the Department of Housing and Urban Development.  The Department of the Interior, sadly, continues to lack a permanent IG since the previous watchdog left office 3,374 days ago.

Of course, not all the blame should be placed on the inaction or slow decision-making of President Trump.  Aside from Mr. Atkinson’s recent confirmation, another four presidential nominations have been pending in the Senate for an average of 236 days.  When the White House has moved to fill these watchdog vacancies, the Senate should prioritize its consideration and the confirmation process.  Many Executive Branch agencies have substantial budgets, and presidentially-appointed IGs provide a vital internal check on waste, fraud, and abuse.

Ryan P. Mulvey is Counsel at Cause of Action Institute.

New Records Reveal the FAA Has Been Tracking FOIA Media Requesters

The Freedom of Information Act (“FOIA”) was introduced to ensure public access to records of the Executive Branch.  Unfortunately, agency FOIA processes have long suffered from politicization at the hands of bureaucrats and political appointees who hope to frustrate the disclosure of embarrassing or newsworthy documents.  A recent report about enhanced “vetting” of FOIA requests at the Environmental Protection Agency (“EPA”), for example, demonstrates the tenacity of those who govern—regardless of their political affiliation—to keep secrets from the concerned public.  Similarly, earlier this year, Cause of Action Institute (“CoA Institute”) revealed how the National Oceanic and Atmospheric Administration expanded its “sensitive review” procedures by putting records requests from attorneys, and requests concerning the Trump Administration’s transition period, into special processing categories.  Now, newly disclosed records from the Federal Aviation Administration (“FAA”) demonstrate how that agency has made concerted efforts to keep tabs on news media requesters.

The FAA’s FOIA “Media Reports”

“Sensitive review” refers to the practice of giving certain FOIA requests extra scrutiny, usually because the records at issue are politically damaging, embarrassing, or otherwise newsworthy.  Politicization can come in different forms.  Sometimes sensitive review entails an agency’s public affairs team or communications specialists being kept informed of new requests or outgoing productions of records.  In other instances, it involves political appointees supervising searches or making redaction decisions.  In all cases, sensitive review delays, and sometimes prevents, the disclosure of records that the public has a right to view.

According to records obtained by former CoA Institute attorney Allan Blutstein, the FAA’s sensitive review process includes a “tracking system” for requests submitted by representatives of the news media.  News media requesters automatically receive a fee reduction under the FOIA and presumptively satisfy some of the requirements for expedited processing. This preferential treatment is meant to recognize the vital role of the media in a participatory democracy.  The intentional targeting of media requesters within a framework for sensitive review, therefore, is especially concerning.

The following screenshot from one of the FAA’s “Media Request” charts shows just how the agency tracks pending requests.  Each line includes a description of the records at issue and each request’s processing “status,” such as whether a search has been conducted or responsive records are under review.

Although approximately half of the requests recorded in the FAA chart (100 of 184) were submitted during the Trump Administration, the remainder date from as early as April 2009.  Not only does this reveal an unacceptable backlog at the FAA, but it suggests that the practice of targeting media requesters for special scrutiny or “tracking” may have originated with the Obama White House.  CoA Institute warned in early 2014 that FOIA processes across the government were being clogged up by political intervention because of news media requesters seeking the disclosure of records about embarrassing scandals.  It appears that the FAA’s current practice reflects the politicization that was covertly emphasized by the Obama Administration.

(A complete copy of the FAA tracking chart is available here.  FOIA requests highlighted in blue have not yet been assigned to a FOIA officer, while requests in yellow are, in most cases, pending legal, business or supervisor review.  An agency-created summary of the highlighted FOIA cases is available here.)

As a representative of the news media, CoA Institute itself was subject to the FAA’s tracking regime.  Three of our pending requests, dating from early 2012 and 2013, were flagged.  One of those three requests has not even been assigned to a disclosure officer for processing, despite the fact that it was submitted to the FAA almost five years ago.

The version of the FAA’s “Media Request” tracking table obtained by CoA Institute, which is dated April 26, 2018, was circulated amongst several officials within the FAA’s Office of Communications (“AOC”) and the Department of Transportation’s Office of the Secretary (“OST”).  The cover email also includes a batch of incoming record requests.  All of this suggests that a key group at the FAA is responsible for managing the sensitive review process and keeping key officials within the Administration knowledgeable about ongoing FOIA affairs.

A complete copy of this email is available here.  To the extent we have been able to identify the individuals involved, we believe they hold the following positions within the FAA’s FOIA Office, Office of Communications, or the Office of the Secretary of Transportation:

  • Kimberly McCormick – FOIA Management Specialist
  • Kathy Ray – Departmental FOIA Officer, Department of Transportation
  • Laura Brown – Deputy Assistant Administrator for Public Affairs
  • Gary Kolb – Chief of Staff, Communications Division
  • Greg Martin – Assistant Administrator for Communications
  • Elisabeth Smeda – Senior Advisor to the Acting Administrator
  • Collen Donovan – Senior Advisor to the Deputy Administrator
  • Carlos Alfaro – Director, Information and Technology
  • Geraldine Gour – Manager, Administrative Services for the Aircraft Certification Service
  • Duke Taylor – Manager, FOIA Program
  • Louis Fuss – Senior FOIA Management Specialist
  • Laurie Karnay – FOIA Management Specialist
  • Susan McLean – FOIA Management Specialist
  • Delphine Ndi – FOIA Analyst

A collection of the incoming FOIA requests attached to the email is available here.  Those requests were submitted by various reporters from Mother Jones, ABC, NBC, Fox10 News of Mobile, various local newspapers, and ProPublica.

The Problem of FOIA Politicization

Unfortunately, there is nothing unlawful about an agency keeping separate “tracking” notes on FOIA requests submitted by members of the media.  Nor is there anything unlawful in an agency keeping its communications officials, or even other parts of the Executive Branch, aware of incoming requests or outgoing records that could elicit media coverage or public inquiries.  But the sort of intentional tracking and obvious backlog that has become standard procedure at the FAA is unacceptable and clearly violates the spirit of the FOIA.  The fact that requests from the beginning of 2009 are still pending is inexcusable.  The real danger of politicization at the FAA should be self-evident.  When an agency is committed to treating media requesters in a special way, the tendency will always be to delay and obstruct disclosure, thus impairing FOIA rights and inhibiting the proper functioning of a critical media.

Ever since President Trump took office, the transparency community—including CoA Institute—has raised valid concerns about the White House’s coordinated effort to stifle transparency, both in the context of FOIA and with respect to congressional inquiries and oversight requests.  This is an unfortunate development, and CoA Institute remains committed to fighting for open government.  But insofar as the current Administration questions the value of President Obama’s legacy, it should commit itself to greater transparency.  The Washington Post described the Obama Administration as one of the “most secretive,” “most elusive,” and “most punitive toward whistleblowers and leakers who want to bring light to wrongdoing they have observed from inside powerful institutions.”  The Trump Administration should endeavor to do better.  No one should fear the disinfecting power of sunlight, and the federal government is always in need of some cleaning.

Ryan P. Mulvey is Counsel at Cause of Action Institute

Politics Clouding Criticism of the EPA’s Heightened Sensitive Review FOIA Procedures

Last week, a report from Politico revealed that the Environmental Protection Agency (“EPA”) maintains a burdensome “sensitive review” process for Freedom of Information Act (“FOIA”) requests concerning Administrator Scott Pruitt’s activities.  According to internal sources, officials within the Office of the Administrator have “reviewed documents collected for most or all FOIA requests regarding [Pruitt’s] activities[.]”  The Politico report further claims that this “high-level vetting” has increased, as compared with the policies and practices introduced during the Obama years.  “This does look like the most burdensome review process that I’ve seen documented,” argued Nate Jones from National Security Archive.

It is true that the Trump Administration has enhanced sensitive review processes at the EPA.  Other agencies have witnessed a similar expansion of sensitive review, as Cause of Action Institute’s investigation of the National Oceanic and Atmospheric Administration demonstrates.  But it would be a mistake—as I argued last December—to think that the Obama White House was any better at avoiding FOIA politicization.  The EPA has a long and terrible track record for anti-transparency behavior.  Consider the agency’s blatant weaponization of fee waivers.  According to data compiled by the Competitive Enterprise Institute, and reported by Reason and The Washington Examiner, the Obama EPA regularly denied public interest fee waivers to organizations critical of the agency’s regulatory activities and the White House’s policy agenda.  By contrast, left-leaning groups nearly always (92% of the time) received fee waivers.

In addition to this viewpoint discrimination, the EPA suffered other transparency scandals.  Former Administrator Lisa Jackson infamously used a fictional alter ego—“Richard Windsor”—to conduct agency business on an undisclosed government email account.  And the EPA “misplaced” over 5,000 text messages sent or received by former Administrator Gina McCarthy and other top officials.  The Obama-era EPA also tolerated the widespread use of personal email accounts by high-ranking bureaucrats, a practice that significantly frustrated public access to agency records and proved to foreshadow or parallel other FOIA scandals at the White House Office of Science and Technology Policy, the Department of Defense, and Department of Homeland Security, the Internal Revenue Service, and, most famously, the State Department.  It is noteworthy that, in March of 2015, The Guardian—hardly a right-leaning paper—could seriously ponder: “Is the EPA having a transparency crisis?

The history speaks for itself: the EPA under Scott Pruitt is not a new or unique threat to transparent government.  The litany of FOIA abuses at the EPA and other agencies under both Presidents Obama and Trump demonstrate that we should fight the tendency to view the problem of FOIA politicization through a partisan lens.  “Sensitive review” matured as a practice in the Obama Administration, and is continuing under President Trump, but there are institutional motivations for any and all bureaucrats, regardless of party affiliation, to frustrate the disclosure of records, particularly if they are embarrassing or raise the specter of media attention.

According to EPA Inspector General reports published in August 2015 and January 2011, the EPA’s FOIA regulations allow political appointees—including the Chief FOIA Officer and authorized disclosure official in the Office of the Administrator—to participate in approving requests and redacting records.  Is it any wonder that an agency follows its own long-established rules for processing requests it deems “sensitive”?  So long as the law gives the agency an opportunity to violate the spirit of the FOIA, the agency will take advantage of that discretion, even if it means violating statutory timelines for responding to requesters.

When Administrator Pruitt directed his staff to involve itself with the disclosure of records, he continued a tradition of obstructing the public’s right to access government information.  He deserves the criticism he has received.  But focusing on Administrator Pruitt’s (or President Trump’s) regulatory agenda, or his personal views on hot-button topics like global warming, obscures the underlying problem and makes it more difficult to reach consensus on how to address the real issues.  The FOIA and implementing regulations, for one, need to prohibit “sensitive review,” or at least provide serious restrictions on its implementation.  And guidance from the Department of Justice should address the troubling aspects that sensitive review can present.  This should be part of a solution that everyone who believes in transparency can accept.

Ryan P. Mulvey is Counsel at Cause of Action Institute

Litigation Update: Cause of Action v. Department of Justice and the House Financial Services Committee’s Attempt to Undermine the FOIA

In July 2017, Cause of Action Institute (“CoA Institute”) sued the Department of Justice (“DOJ”) after the agency refused to produce records under the Freedom of Information Act (“FOIA”) that would have revealed whether the Office of Information Policy (“OIP”) or Office of Legislative Affairs (“OLA”) were involved in implementing a controversial directive from the U.S. House of Representatives Committee on Financial Services.  CoA Institute’s FOIA request, which was filed in May 2017, followed reports that Jeb Hensarling, Chairman of the Financial Services Committee, directed twelve agencies—including, the Department of the Treasury and eleven other entities—to treat all records exchanged with the Committee as “congressional records” not subject to the FOIA.

As a result of litigation, DOJ identified sixteen pages of responsive records.  Eleven pages, which represent communications between an “unidentified Executive Branch agency” and DOJ, were withheld in full.  One additional record—an email between the Office of the White House Counsel and OIP—was partially redacted, but an attachment—a copy of Chairman Hensarling’s letter—was withheld in full.  DOJ defended its treatment of these records by invoking the attorney-client and deliberative process privileges.

Last Friday, CoA Institute moved for summary judgment, rebutting DOJ’s claims and arguing that the agency could not use the attorney-client and deliberative process privileges.  With respect to the White House email and attachment, DOJ failed to establish that an attorney-client relationship existed between the White House Counsel and OIP.  Assuming the requisite relationship did exist, the email still neither revealed private confidences nor solicited legal advice.  It also did not reflect a deliberative or consultative process.  Instead, the email was a literal “FYI”—the sort of informational notice that courts regularly compel agencies to disclose:

DOJ also wrongly withheld the email attachment—a copy of Chairman Hensarling’s letter—because the letter is already in the public domain and, in any case, does not reveal confidential information pertaining to the White House or DOJ.

Communications with the “unidentified Executive Branch agency” similarly cannot be exempt under the attorney-client and deliberative process privileges.  Although these records may contain legal advice on responding to Chairman Hensarling’s directive, they were shared outside of the Office of Legal Counsel, which is the DOJ component responsible for providing legal opinions to the White House and the rest of the Executive Branch.  To maintain attorney-client confidentiality, an agency must not circulate privileged material beyond those officials tasked with providing (or receiving) legal counsel.  Here, by involving OLA, which functions as DOJ’s congressional affairs office and does not serve as an “attorney” to other agencies, the “unidentified” agency waived any expectation of confidentiality.  Finally, DOJ misused the deliberative process privilege because it failed to explain how these inter-agency communications reflected DOJ’s recommendations or opinions or were otherwise non-factual.

Importantly, DOJ also failed to meet its burden under the new “foreseeable harm” standard.  Congress introduced this standard with the FOIA Improvement Act of 2016 to codify the so-called “presumption of openness,” which discouraged the mere “technical” application of exemptions.  The FOIA, as amended, now requires an agency, such as DOJ, to explain how specific records can reasonably be foreseen to harm agency interests.  DOJ failed to provide a satisfactory argument in this case and did not even mention its obligations under the new standard.

* * *

The public deserves to know how, and to what extent, DOJ was involved in formulating and implementing Chairman Hensarling’s anti-transparency policy.  Because Congress is not itself subject to the FOIA, a request for records that have been exchanged with the legislative branch presents unique difficulties.  Nevertheless, the law requires that Congress manifest a clear intent to maintain control over specific records to keep them out of reach of public disclosure.  As I have argued previously, Chairman Hensarling’s directive is ineffective in this respect.  The mere fact that an agency possesses a record that relates to Congress, was created by Congress, or was transmitted to Congress, does not, by itself, render it a “congressional record.”  Any deviation from this acknowledged standard for defining a “congressional record” would frustrate the FOIA and impede transparent government.

The real-world implications of these sorts of congressional anti-transparency efforts are hardly imaginary or speculative.  The House Financial Services Committee has already intervened in a FOIA lawsuit to enforce its directive.  (That lawsuit is still ongoing.)  And CoA Institute is involved with a lawsuit against the Internal Revenue Service that involves a similarly overbroad effort by the Joint Committee on Taxation to sweep a range of agency records outside the scope of the FOIA.  CoA Institute has twice joined with other good government groups to express concern over these developments (here and here).  We are hopeful that the courts will put a stop to Congress’s games, and ensure public access to vital records revealing the interaction of the administrative state with the federal legislature.

CoA Institute’s brief is available here.

Ryan Mulvey is Counsel at Cause of Action Institute

CoA Institute Calls for EPA Watchdog Investigation into the Use of Unauthorized Electronic Messaging and Web-Based Email Apps on Agency Devices

Washington, D.C. – Cause of Action Institute (“CoA Institute”) wrote yesterday to the Environmental Protection Agency (“EPA”) Office of Inspector General (“OIG”) to request an investigation into the unauthorized use of electronic messaging and web-based email applications on agency-furnished and taxpayer-funded mobile devices, including iPhones and iPads. CoA Institute’s request follows the recent release under the Freedom of Information Act (“FOIA”) of a contractor-generated report that proves EPA employees installed at least sixteen different messaging applications, including Facebook Messenger and Google Hangouts, in contravention of official agency policy.  EPA employees also installed personal email programs, such as AOL and Yahoo Mail, on their government phones.  The OIG previously examined the use of two other encrypted messaging applications, “Signal” and “WhatsApp,” after CoA Institute opened its own investigation into allegations concerning the possible avoidance of records management laws.

 Cause of Action Institute Counsel Ryan Mulvey: “The newest details concerning the range of applications that EPA employees installed on their taxpayer-funded phones and tablets raise serious concerns.  Beyond the fact that many of these applications should never have been found on a government phone because of their personal nature, the presence of sixteen different electronic messaging applications raises doubts about the EPA’s compliance with record preservation rules.  All work-related communications created or received on a personal email account, or an electronic messaging program like Facebook Messenger, should have been preserved for disclosure to the public.  The EPA Inspector General must examine this matter and consider what steps the agency should take to rectify any deficiencies in meeting its record preservation obligations.”

Shortly after President Trump took office, Politico reported that a small group of EPA employees were using an encrypted messaging application, called “Signal,” to discuss ways to prevent incoming political appointees from implementing the new Administration’s policy agenda.  CoA Institute opened an investigation and, over the past year, has slowly pieced together details about the Signal scandal.

In response to its first FOIA lawsuit, the EPA acknowledged that there was an “open law enforcement” investigation.  Then, records released to CoA Institute revealed how an EPA contractor “scanned” most agency-furnished devices for the different applications that had been installed by employees.  That scan, which was requested “orally” by the OIG, was conducted with a software tool known as “Mobile Device Management,” or “MDM.”  As part CoA Institute’s second FOIA lawsuit, the EPA disclosed the contractor-generated report, as well as other documents.  A summary of the report, which consists of a list running ninety-six pages long, identifies all of the applications installed on most agency-furnished devices.

In addition to Signal and WhatsApp, at least another sixteen applications with electronic messaging capabilities were used by EPA employees, along with three email programs.  To the extent the OIG was unaware of these other messaging applications, further inquiries are necessary, as the use of these applications raise issues relating to federal records management.  Moreover, although the OIG has reported that the EPA disabled the ability of many iPhone and iPad users to download the “Apple Store app,” and thus to install unauthorized applications, it is unknown whether all unapproved messaging applications have been deleted or, alternatively, whether adequate procedures have been put in place so that the EPA can meet its recordkeeping obligations.

CoA Institute’s April 11, 2018 letter to the EPA Inspector General is available HERE.

For information regarding this press release, please contact Nichole Wilson: Nichole.wilson@causeofaction.org

Investigation Update: EPA Employees Used a Range of Messaging Apps and Other Non-Work-Related Programs on Agency-Issued Mobile Devices

Shortly after President Trump took office, Politico reported that a small group of career employees at the Environmental Protection Agency (“EPA”) were using an encrypted messaging application, called “Signal,” to discuss ways to prevent incoming political appointees from implementing the Trump Administration’s policy agenda.  The use of Signal at the EPA mirrored reports about the use of other electronic messaging platforms across the government.

Records recently released to CoA Institute under the Freedom of Information Act (“FOIA”) now confirm that a number of EPA employees installed Signal, WhatsApp, and at least sixteen other messaging applications on their agency-furnished devices.  These records also reveal that EPA employees installed a panoply of other applications—including email, sports betting, dating, and entertainment applications—that raise questions about the use of government-issued and taxpayer-funded mobile devices for personal purposes.

CoA Institute’s Investigation of Messaging Apps at the EPA

Cause of Action Institute (“CoA Institute”) opened its investigation into the use of Signal because we were concerned that the application might be used to conceal internal agency communications from oversight and to avoid EPA obligations under the FOIA and the Federal Records Act (“FRA”).  We were not alone in our suspicions.  After the House Committee on Science, Space, and Technology’s requested that the EPA Inspector General analyze the allegations reported in the press, the National Archives and Records Administration (“NARA”) opened its own inquiry into the potential violation of federal records management laws.  That inquiry remains open.

Over the past year we have slowly pieced together details about the Signal scandal.  In response to our first FOIA lawsuit, the EPA acknowledged that there was an “open law enforcement” investigation.  Although the EPA initially claimed that many records would be withheld in full, it changed its position and released records that corroborated the alarming facts reported by the media.  But, as we have explained, the records also revealed much more.  Among other things, they confirmed that CoA Institute’s original FOIA request, as reported by the Washington Times, was the actual impetus for the EPA Inspector General’s (“IG”) investigation.  As Assistant Inspector General Patrick Sullivan noted at the time:

The records also confirmed that an EPA contractor “scanned” most agency-furnished devices for the different applications that had been installed by employees.  This scan, which was requested by the IG, was conducted with a software tool known as “Mobile Device Management,” or “MDM.”  As part CoA Institute’s second FOIA lawsuit, the EPA disclosed that contractor-generated report, as well as other documents.

The EPA IG’s Investigatory Conclusions on Signal

The EPA IG memorialized its findings about the Signal scandal in a series of investigatory memoranda.  The watchdog determined that Signal was not used to “purposefully circumvent the applicable Federal record retention rules.”  Nevertheless, it concluded that two employees—one in the Office of the Inspector General and the other in the Office of the Science Advisor—violated agency policy by downloading the unapproved application, as revealed by a summary of a subset of the MDM report.

In each instance, the IG interviewed the offending employee and consulted the Department of Justice before concluding that no “discernable crime” had been committed.  The employee in the Office of Inspector General had downloaded Signal “to see if there was a suitable law enforcement purpose for the application.”

The employee in the Office of the Science Advisor denied having the application on his or her device, but consented to an examination of the phone.  Although Signal “did not appear to be currently installed,” there was no final explanation for how the application originally found its way onto the phone.  The IG opined that it could have happened due to unintentional synching with a personal Apple account.

But Maybe the Problem Was Never Signal . . .

As exonerating as the IG’s conclusion may be, the story does not end there.  While investigating the use of Signal, the EPA and the IG also discovered that fifty-eight employees violated official policy by downloading another encrypted messaging app, named “WhatsApp.”

The IG similarly determined that federal records laws had not been violated based on voluntary interviews of the fifty-eight employees, but this finding is somewhat contradicted by the admission of two employees that they used WhatsApp for “official EPA work.”

When all fifty-eight employees were polled on their “motivation and intent” for downloading WhatsApp, the clear majority cited a “lack of clarity” in the agency’s policy for not installing unapproved applications.  More than half also suggested that they had downloaded WhatsApp for “the purpose of keeping in touch with family/friends domestically or overseas.”

A Potentially Serious Deficiency in the EPA IG’s Inquiry

When the EPA scanned the contents of most mobile devices during the Signal investigation, it also produced a summary of all the applications installed on agency-furnished devices, along with an “install count” for each program.  The list runs ninety-six pages long and its contents are shocking.

To begin with, although the Signal scandal originally concerned the use of that single program, and was later expanded to include WhatsApp, the complete MDM report, which was released to CoA Institute, indicates that at least another sixteen applications with electronic messaging capabilities were being used by EPA employees.  These applications—many of which are likely unapproved and raise the exact same FOIA and FRA concerns as Signal and WhatsApp—include:

AIM (1 phone)
BlackBerry Messenger (3 phones)
Facebook Messenger (227 phones)
Google Hangouts (27 phones)
GroupMe (10 phones)
Jabber (27 phones)
KakaoTalk (3 phones)
Kik (1 phone)
LINE (1 phone)
Skype (58 phones)
Slack (7 phones)
Snapchat (25 phones)
Telegram (1 phone)
Viber (19 phones)
WeChat (2 phones)
WickrMe (1 phone)

Why did the EPA IG fail to investigate these other applications, some of which are capable of encrypted messaging?  Perhaps because the EPA’s Office of Environmental Information never handed over the full MDM report.  This is suggested by two records.

First, the EPA admitted to CoA Institute that it prepared two attachments (here and here) containing subsets of data from the MDM report, namely, those data that revealed the number and identifies of users with Signal or WhatsApp installed on their phones.

Second, the transmission of only the two summaries is suggested by the email referenced above, which also was disclosed to CoA Institute.  An IT team leader, Greg Zurla, sent the heads of the Office of Environmental Information, Steven Fine and Harvey Simon, the data about Signal and WhatsApp, but nothing else.  The IG’s final investigatory memoranda likewise reflect a targeted investigation into Signal and WhatsApp, with no mention of a broader dataset that could expose the unapproved use of similar encrypted messaging applications.

To the extent the IG was not—or still is not—aware of so many other messaging applications, then further inquiries need to be made.  Whether these platforms were used for personal or work-related purposes, they are problematic and raise issues relating to federal records management.  Moreover, although the IG has suggested that the EPA disabled the ability of some iPhone and iPad users to download the “Apple Store app,” and thus to install unauthorized applications, it is unknown whether all unapproved messaging applications have been deleted or, alternatively, whether adequate procedures have been put in place so that the EPA can meet all recordkeeping obligations.

The Use of Government Property for Personal Use is Deeply Troubling

The results of the IG investigation raise other troubling questions.  Why should a government employee be able to justify his installation of an unapproved, and legally problematic, application on agency-furnished hardware by claiming that he wanted to use it for personal purposes?  Should taxpayers pay for EPA employees to use government data plans to communicate with “family and friends”?

The full MDM report disturbingly reveals the sheer number of non-work-related applications that EPA employees installed.  Some of these, such as web-based email programs, raise records management issues that have plagued other agencies like the Department of Homeland Security.  The applications can be grouped into a number of categories.  Here is a sampling:

  • Web-Based Email
    AOL (16 phones)
    Gmail (129 phones)
    Yahoo Mail (56 phones)
  • Social Media
    Facebook (466 phones)
    Instagram (162 phones)
    LinkedIn (117 phones)
    Pinterest (75 phones)
    Reddit (20 phones)
    Twitter (310 phones)
  • Dating
    Coffee Meets Bagel (1 phone)
    OK Cupid (1 phone)
  • Personal Banking and Finance
    AmEx (11 phones)
    Barclaycard (6 phones)
    Bank of America (29 phones)
    CitiMobile (10 phones)
    Wells Fargo (24 phones)
    Navy Federal (11 phones)
    PayPal (10 phones)
  • Entertainment and Sports Betting
    Angry Birds (14 phones)
    Blackjack (5 phones)
    Candy Crush (32 phones)
    Draft Kings (1 phone)
    Duolingo (10 phones)
    ESPN (60 phones)
    Fandango (15 phones)
    HBO (15 phones)
    Netflix (73 phones)
    Pokémon GO (7 phones)
    Shazam (22 phones)
    SiriusXM (19 phones)
    Spotify (71 phones)
    YouTube (237 phones)
  • Shopping
    Amazon (56 phones)
    eBay (16 phones)
  • Religious
    Bible apps (22 phones)
    Catholic TV (1 phone)
  • Political
    Boycott Trump (1 phone)

Again, this is a non-exhaustive list.  The full list can be accessed here.

Based on the EPA’s list of approved “Terms of Service” agreements, it appears that most of these applications were never authorized for work-related business.  To the extent they were used for personal purposes, the EPA should take its workforce to task for abusing the privilege of a government-furnished and taxpayer-funded phone.

Although the IG reports that the EPA has disabled the Apple Store on newer models of the iPhone and iPad, we hope the agency makes serious efforts to remove these troubling applications from all makes and models of the hardware furnished to employees.  Simply stated, the EPA does not exist so its bureaucrats can spend the day watching Netflix, browsing eBay, or swiping right on a dating application.

Ryan P. Mulvey is Counsel at Cause of Action Institute.