Agencies Struggling to Respond to FOIA Requests for Email

Washington, DC, March 8, 2018 – Two out of five federal agencies claimed that they were either unable or not required to respond to a targeted Freedom of Information Act (FOIA) request for agency emails submitted by the National Security Archive. The responses to the Archive’s FOIA request – detailed in the FOIA Audit released today to mark Sunshine Week – show that a year after agencies were required to manage email electronically, FOIA requesters are often not seeing the benefit of any improved email management.

The Archive’s Audit team filed the same FOIA request with all 100 federal agency FOIA offices that are required to submit an annual FOIA report to the Department of Justice’s Office of Information Policy. The request sought all emails received from January 20, 2017, through April 28, 2017, from any Republican National Committee domain, including but not limited to rnchq.org. The Archive wanted to see which agencies were receiving emails from rnchq.org email accounts in light of reporting that prominent members of President Trump’s administration were inappropriately using their RNC email accounts rather than their White House addresses.

The responses to our FOIA requests were scattershot. Some agencies promptly responded to our request, others sought clarification before doing so, and many have yet to respond. But too large a percentage of agencies inappropriately denied our request by saying that they could not search emails agency-wide and/or required specific email addresses in order to conduct a search, which is often an impossible data point for FOIA requesters to isolate when seeking information.

All of the search issues agencies cited to avoid responding to our FOIA request have tangible solutions, most obviously for FOIA offices to communicate with their IT departments to see if a search is possible before denying a FOIA request.

Audit Lowlights

Sixty-six agencies acknowledged our request, which was submitted on April 28, 2017. Thirty-three – including the State Department, the Department of Transportation, the Department of Agriculture, the Department of the Interior, and the Director of National Intelligence – have yet to do so. One agency – the Consumer Product Safety Commission – recently sent us a ‘still interested’ letter.
Of the 66 agencies that responded, 17 – including the Department of Commerce, the Federal Reserve Board, the FBI, the Department of Homeland Security, Immigration and Customs Enforcement, and the Drug Enforcement Administration – argued that either the request was too broad and would impose an undue burden to process, or that their agency was unable to search email without knowing who the sender or recipient was. The Broadcasting Board of Governors balked that the request was a “fishing expedition” that would require the FOIA office to search thousands of individual email accounts.
Nearly one in ten agencies that responded to our FOIA improperly gave us an appeal deadline of fewer than 90 days. The 90-day deadline was set in stone by the FOIA Improvement Act of 2016.
Three agencies did not include any language in their denial concerning the Office of Government Information Services (also required by the new FOIA amendments), and two of the three – the Institute of Museum and Library Services and the Federal Open Market Committee – did not advise us of our appeal rights at all.

Appeals Prompt Agencies to Conduct Email Searches

The Archive’s Audit team appealed the agency denials, noting that the Justice Department’s Guide to the FOIA chapter on Procedural Requirements clearly states that, “With regard to electronic database searches, the FOIA requires agencies to make ‘reasonable efforts’ to search for requested records in electronic form or format ‘except when such efforts would significantly interfere with the operation of the agency's automated information system.’ The statute expressly defines the term ‘search’ as ‘to review, manually or by automated means, agency records for the purpose of locating those records which are responsive to a request."

Case law also supports a requesters’ right to ask for emails and puts the burden on agency FOIA offices to consult with IT personnel if the FOIA office itself was unclear how best to conduct the search.[1] Additionally, a recent FOIA lawsuit brought by MuckRock against the CIA found that the agency “can’t require you to know both who sent and received an email when requesting electronic records.”

The Archive’s arguments on appeal frequently prompted agencies who claimed that the search we sought was overly broad and an undue burden to talk to IT experts at their agency – who were able to quickly and easily conduct the search.

For example, it was only after we appealed an egregious response from the Federal Reserve Board that the FOIA office discussed its search capabilities with its IT department. In this instance, the Federal Reserve’s Margaret McCloskey Shanks noted: “Additional facts that were not known at the time of my earlier determination have come to my attention during the pendency of your appeal. In particular, after additional consultation, Board IT staff advised that they are able to conduct the type of search of Board employees’ email messages described in your revised FOIA request.” An appeal to the Federal Financial Institutions Examination Council produced a similar response: after the agency discussed the FOIA request with an IT expert, a search was quickly conducted.

Audit Highlights

There was some good news among the myriad denials.

Several agencies responded to our request promptly – like the Department of Labor. Others, including the Small Business Administration and the Nuclear Regulatory Commission – were very proactive in seeking clarification regarding our request and searching for the records once they were confident they understood what we were asking for. Others, like the U.S. National Archives, the Department of Energy, and the Corporation for National and Community Service, asked if we would like to have them conduct a search for records from an additional RNC domain – gop.com – as part of our request.

Four agencies – the U.S. National Archives, the Federal Election Commission, the Overseas Private Investment Corporation and the Federal Mine Safety and Health Review Commission – all released responsive documents. The FEC’s response was most interesting – a comment from a gop.com email address on a regulation concerning party contribution limits.

Search Solutions

There are concrete solutions to improve an agency’s search for email in response to FOIA requests, and many are outlined by the FOIA Federal Advisory Committee’s Search subcommittee in a detailed set of recommendations.

One way for all FOIA shops to improve how they respond to requests for emails is to communicate with agency technology experts and ensure that IT resources are being best utilized to help FOIA offices comply with the law. This was the most obvious solution to many of the Archive’s FOIA appeals.
A more fundamental improvement identified by the subcommittee is to “ensure that FOIA compliance is required when purchasing future email systems and consider the efficiency and ease of software’s ability to search email in response to FOIA requests when making purchasing decisions. One positive example of this was presented by FOIA Advisory Committee Chair Alina Semo at the July 2017 meeting. She explained that the Office of Government Information Services and the US National Archives use the Gmail email service, ‘so for me when I have to do a search for FOIA, the search functionality in Gmail is great.’ Other agencies must follow NARA’s example and adopt email platforms that take into account record retrieval and FOIA requirements when procuring email platforms.”
Finally, several agencies struggled with our FOIA request because many agencies allow non-FOIA officials to search their own emails without supervision in response to requests. This is both time-consuming and allows for the possibility that the employee may delete records or not provide the requested information. To best avoid this, central FOIA offices should be empowered with the technology and authority to conduct agency-wide email searches.

"It's shocking that one-third of federal departments and agencies couldn't respond to a straight-forward FOIA request in 11 months," said the National Security Archive's Executive Director Tom Blanton. "Either they can't search emails or their FOIA offices are incompetent." The Archive's Communications Director Lauren Harper added, “FOIA requesters shouldn’t have to file an appeal and be intimately familiar with DOJ guidance and case law for an agency to process a request correctly.” She went on to note that, “a FOIA shop should think to consult its IT department before telling a requester ‘no, sorry, no way we can search for that.’”

The National Security Archive has conducted 17 FOIA Audits since 2002. Modeled after the California Sunshine Survey and subsequent state "FOI Audits," the Archive's FOIA Audits use open-government laws to test whether or not agencies are obeying those same laws. Recommendations from previous Archive FOIA Audits have led directly to laws and executive orders which have: set explicit customer service guidelines, mandated FOIA backlog reduction, assigned individualized FOIA tracking numbers, forced agencies to report the average number of days needed to process requests, and revealed the (often embarrassing) ages of the oldest pending FOIA requests. The surveys include:

Note

[1] See Albino v. USPS, No. 01-C-563-C, 2002 WL 32345674, at *7 (W.D. Wis. May 20, 2002) “declaring a search for responsive e-mail messages spanning five years to be inadequate because agency ‘did not enlist the help of information technology personnel . . . [who] . . . would have access to e-mail message archives’ possibly containing requested records.