Gone in an Instant: How Instant Messaging Threatens the Freedom of Information Act

New Report: Federal Agencies Violating Federal Law,  
Not Preserving Instant Messaging Records

Arlington, VA (March 16, 2020)Cause of Action Institute (“CoA Institute”) and Americans for Prosperity Foundation (“AFPF”) today released an investigative reportGone in an Instant: How Instant Messaging Threatens the Freedom of Information ActThe report reveals how numerous federal agencies are violating federal records law and guidance from the National Archives by not preserving instant messaging (“IM”) records. Like email in the 1990s, IM’s increasing integration into the workplace is changing the way people do business. In 2014, Congress amended the Federal Records Act to specifically require that electronic messages be retained. Agencies’ failure to preserve records created on IM platforms (Slack, Teams, Hangouts, etc.), which are prevalent in the workplace, threatens to undermine the Freedom of Information Act (“FOIA”) and put much of the federal government in the dark.  

The report scored IMrecordsmanagement practices of more than two dozen agencies and only four received passing scores: Federal Communications Commission, Council of the Inspectors General on Integrity and Efficiency, Department of Agriculture, and National Aeronautics and Space Administration. Nine agencies received a middling grade of needs improvement and thirteen agencies received a “poor” gradeFourteen agencies did not produce records in response to the investigation and were not graded.  

AFPF Chief Policy Counsel and CoA Institute Executive Director James Valvo issued the following statement: 

Retaining government records in a searchable system is fundamental to transparency, allowing journalists, citizen watchdogs, and the general public to oversee what their government is doingWith the use of instantmessaging platforms in the workplace, it is troubling that only four agencies have acceptable policies to preserve records, as required by the Federal Records ActThis report should serve as a wakeup call for Congress and federal agencies to take decisive action to ensure agencies are complying with federal law. 

Key Findings from the Report: 

  • Thirteen of the sixteen agencies that produced their IM policies do not preserve instant messages as a matter of policy—a violation of federal law and NARA guidance. For example: 
  • The General Services Agency declared in a memo that the instant messaging platform it uses, Google Hangouts, “would not be considered a system of record. Therefore, GSA-IT should set the History feature to off for the GSA.gov domain. 
  • The Department of Labor’s records management program, dated 2017, contains a single sentence regarding IM policy: “NOTE: At this time DOL has determined Instant Messaging will not be used to create records.” 
  • Only three agencies produced records reflecting policies to automatically preserve IMs, a commonly available feature on most instant-messaging platforms. 
  • Of the twenty agencies that produced their policies for employee use of IM, thirteen allow its use but prohibit employees from creating or sending an official record through IM and three ban IM use altogether. Prohibiting IM use to conduct business is unrealistic and contrary to NARA guidance. 
  • Many agencies have not incorporated the 2014 Presidential and Federal Records Act Amendments and subsequent NARA guidance into their records management policies. 
  • Agencies are shirking their responsibility to manage IM records by prohibiting the use of instant messaging or erroneously claiming instant messages are insignificant and do not need be saved. 
  • Only ten of the twenty-five agencies that responded to our FOIA requests could produce records of instant messages. 

Read the full report HERE. 

# # # 

Media Contact: briggs@standtogether.org 

About Americans for Prosperity Foundation 

Americans for Prosperity Foundation is a 501(c)(3) nonprofit organization committed to educating and training Americans to be courageous advocates for the ideas, principles, and policies of a free and open society. 

 

About Cause of Action Institute 

Cause of Action Institute is a 501(c)(3) nonprofit, nonpartisan government oversight organization that uses investigative, legal, and communications tools to educate the public on how government accountability, transparency, the rule of law, and principled enforcement of the separation of powers protects liberty and economic opportunity. 

Records Show How Former FBI Director James Comey Misled the DOJ Inspector General About His Personal Email Use

Cause of Action Institute (CoA Institute) has obtained a second batch of former FBI Director James Comey and former FBI Chief of Staff James Rybicki’s emails sent or received on their personal, non-official email accounts to conduct agency business. The FBI’s latest records production is the second of four rolling productions. The FBI reviewed 518 pages of emails and released 439 pages to CoA Institute. Once again, these emails undermine Director Comey’s statements concerning the types of matters he discussed while using his personal email to conduct official business.

Last month, CoA Institute published the first set of records received as part of our FOIA lawsuit. Contrary to Director Comey’s representations to the DOJ that he never used his personal email account for “sensitive work,” the first batch of emails we obtained revealed otherwise. Those records included emails withheld in full and others redacted in part under the FOIA’s law enforcement exemption, which exempts from public disclosure certain sensitive information created or compiled for law enforcement purposes.

This new second batch of emails tells much of the same story. For example, the redactions in the completely redacted email below cite 3 bases for the application of the law enforcement exemption (b7A, C, & E). These exemptions pertain to information that, if released, could (A) interfere with law enforcement proceedings, (C) constitute an invasion of personal privacy, or (E) disclose law enforcement techniques and thereby risk circumvention of the law. In other words, the FBI determined that the work Director Comey conducted on his personal account was so sensitive in nature that it justified redaction under Exemption 7 of the FOIA to prevent disclosure to the public.

As explained in the FBI’s cover letter accompanying the production to CoA Institute, the FBI is only providing emails that Director Comey and his Chief of Staff forwarded or copied to their official FBI email accounts: “The FBI conducted email searches for any communications to or from James Rybicki’s and James Comey’s personal email accounts, located within Rybicki’s and Comey’s FBI email accounts.”  This follows from Director Comey’s claims that all FBI-related work he conducted on Gmail was forwarded to an official FBI account. As Director Comey told the DOJ Inspector General:

“I was always making sure that the work got forwarded to the government account to either my own account or Rybicki, so I wasn’t worried from a record-keeping perspective was, because there will always be a copy of it in the FBI system.”

But if Director Comey misrepresented the nature of the work he conducted on his personal email account, a plausible concern arises as to whether Director Comey thoroughly searched and forwarded all work related emails from his personal account to his government account This is why using private email accounts for government business is so problematic: The agency—and ultimately the public—must rely on the very people who are violating the rules by using personal email accounts to forward their work-related emails to official government accounts. If they forget or choose not to copy an official account, there is little chance the agency will ever search for and recover the federal records created or received on those personal accounts. And that means those records cannot be produced to the public under the FOIA.  The use of non-official accounts to conduct agency business, whatever the reasoning, imperils transparency, accountability, and good government, and it undermines trust.

You can view and download the documents here:

Part 1 (411 pages)

Part 2 (30 pages)

FBI Cover Letter

Kevin Schmidt is Director of Investigations for Cause of Action Institute. You can follow him on Twitter @KevinSchmidt8

Thomas Kimbrell is an Investigative Analyst at Cause of Action Institute.

____________________________________________________________

Media ContactMatt Frendewey, matt.frendewey@causeofaction.org | 202-699-2018

Cause of Action Institute Launches Investigation into Agency Use of Instant Messaging Applications

The number of communications devices and platforms has mushroomed in recent years, making communication both quicker and easier. Naturally, these technologies have been incorporated into business and government. The use of instant messaging applications (“IM”) for business communications has become so common that most enterprise software includes IM functionality (for example, Google Hangouts, Skype for Business instant messaging, Slack, etc.).

In response to these developments, the Federal Records Act (“FRA”) was amended in 2014 to codify a new definition of electronic messages.  The FRA now states that electronic messages include “electronic mail and other electronic messaging systems that are used for purposes of communicating between individuals” 44 U.S.C. § 2911. Electronic communications sent or received in the course of agency business—regardless of the method of message delivery—are therefore federal records and must be properly captured, retained, and stored such that they can be searched and reproduced upon request. National Archives and Records Administration (“NARA”) Bulletin 2015-02, “Guidance on Managing Electronic Messages,” makes this explicitly clear.

Unfortunately, recent events have highlighted the failure of federal agencies to properly capture, retain, and store electronic messages, including:

  • five months of missing, and then recovered, text messages between the FBI’s Peter Strzok and Lisa Page related to their official duties,
  • 2016 EPA Inspector General investigation into the use of encrypted text messages,
  • CFPB using encrypted messaging apps, the so-called “Dumbledore’s Army”,
  • IRS not retaining communications through their internal instant messaging system due to a memorandum of understanding with the Treasury Employees Union, and
  • NOAA’s questionable use of Google Hangouts.

It appears incidents of federal agencies neglecting and/or intentionally failing to properly capture, retain, and store electronic messages that are federal records are not isolated or exceptional. In light of this, CoA Institute has launched a broad inquiry into federal agencies’ efforts to implement the 2014 FRA amendments and NARA Bulletin 2015-02. Last week, CoA Institute sent FOIA requests to nearly forty agencies seeking records:

  • regarding policies on the use, retention, and management of electronic (instant) messages;
  • related to implementation of or compliance with NARA Bulletin 2015-02;
  • reflecting the electronic messaging systems installed on agency devices; and
  • reflecting whether the agency has enabled automatic electronic message archiving, indexing, and eDiscovery features on instant messaging platforms in use.

The FRA and Freedom of Information Act are essential to government transparency and accountability and they must be enforced even when—or especially when—government regulations, policies, and practices lag behind the implementation of new technologies. With respect to instant messages, the federal government’s characteristic bureaucratic torpidity bears potentially far-reaching implications for proper oversight of the federal government. With this investigation, CoA Institute seeks to discover whether (and where) government neglect or exploitation of new technologies threatens transparency and accountability.

 

Thomas Kimbrell is a research fellow at Cause of Action Institute.