Introduction:

Seven months ago, I came down with COVID during the holidays. I had no symptoms, but suddenly I found myself with extra time. 

I began submitting FOIA’s, searching for information I was curious about. 

Now in late June, I still have not had a federal FOIA processed despite submitting over 100 FOIA’s to the:

FBI

DOJ

DNI

DHS

State Department

DARPA

US Cyber Command

Army Cyber Command

Air Force

Navy

Various OIG offices

I have had far more success with state entities, having all of my FOIA’s processed at:

Georgia Tech

University of Michigan

University of California

State AG - Arizona

State AG - Illinois

State AG - Georgia

What is clear to me is that massive reforms are needed. Having served in the Marine Corps, I was aware of a certain inefficiency within government operations, but what I have experienced is beyond frustrating. 

Reform 1: Consolidate all FOIA processing

Let’s take a real life example. Through FOIA’s I obtained, I learned that the FBI and DOJ routinely push out taskings to DARPA for cyber related investigations, and that DARPA in turn will engage 3rd party contractors from private industry to assist in those investigations. I also learned that these 3rd party contractors are awarded cyber attribution related grants through DARPA and provide their work product to the FBI/DOJ proactively. 

This was interesting to me, and I wanted to learn more about it. 

So I wanted to submit FOIA’s. This meant I needed to FOIA the FBI, DOJ, DARPA, Georgia Tech, the Navy and the Air Force (who were authorizing the contracts awarded to the 3rd party contractors). 

Here is a copy of one of the contract headers, obtained through FOIA from Georgia Tech:

Starting with the Air Force, they have their own FOIA system requiring a unique login:

Even attempting to login for the purposes of this letter, I could not recall my password. When attempting to reset it, I received this email:

After logging in, the first question posed is which of 23 service centers to select:

After filling out the FOIA, it asks for a records search location from a list of hundreds. 

The “Air Force Research Laboratory” noted on the contract is not on the list. What is a requester to do? Take a shot in the dark? 

Moving to the Navy, FOIAs are a little better. The Navy is an option on FOIAonline.gov, yet we need to create another account. 

Moving to the FBI, there are at least 2 links available.

The first appears to be an outdated link which allows us to submit FOIA’s, but the system will not generate any electronic acknowledgements if used:

A requester would likely prefer option #2

The system generates an authorization to the user’s email to allow them to submit a FOIA. 

Moving to the Department of Justice, there is another system available through FOIA.gov, with multiple portals by sub-division of the DOJ:

Or, we can submit a FOIA through email or mail.

Moving to DARPA, it’s another portal requiring a login.

Once logged in, the FOIA itself does not require any locations or subagency selections. 

Finally, Georgia Tech maintains a single email address for all Open Records requests in accordance with Georgia State law. 

To summarize thus far, it should be obvious this is an unwieldy number of logins to remember, some of the systems require specifics that a typical requester would struggle to identify, and for 1 subject, we have been forced to submit 6 different FOIA’s. 

How much easier would it be to have a single, centralized FOIA system for the entire federal government? If a user believes a request is relevant to multiple agencies, they should be able to select it within the same module. 

Any subagencies or locations should be selected by the processors, an average citizen is not going to have a clue which location of hundreds in the Air Force to select, or which subagency in the Air Force to select. 

The Department of Homeland Security and other federal agencies similarly have many subagencies we are required to choose from.

Reform 2: Transparency

Where are the documents? What is happening? 

These are the most common two questions of requesters, especially as months begin to roll by.

Worse, there is no system to drive accountability because every decision and delay is done behind closed doors and outside of view. 

The new FOIA system should have a tracking history. A requester should know the representative the request is with and what it is waiting on at all times. Any actions done in pursuit of the FOIA, i.e. “searched email box of XXXX” should be added by the processors. 

Interested parties to include Congress, staffers, non-profit organizations and interested parties should be able to search pending FOIA’s for subjects of interest. They should be able to add their body of knowledge to the request and, subject to the requester's permission, add recommendations for getting the most information relevant to a topic (adding another agency for example). 

If a request has been on someone’s desk for 6 months without action, the requester or an interested party should be able to see that and send an email demanding the reason why. 

Here is another real life example. A colleague of mine submitted a FOIA 2.5 years ago with the State Department for 3-5 pages of notes identified in an IG report. He is still waiting. 

He was told as late as February 2022 the records would be available in April 2022. The date in April rolled around, and sure enough, no records. No communication from the State Department on it. 

After reaching out to them, he was told the request was delayed until the end of June. For 3-5 pages of notes that were unambiguously identified in the original request. 

Transparency can help drive accountability. With a centralized system and tracking history available to the public, I don’t believe for a second it would be over 2.5 years and counting for this type of request. 

Reform 3: Declassification and GLOMAR

There is not much of a system in place to request declassification of documents in connection with FOIA’s. Appeals can be submitted, mandatory declassification reviews can be submitted, but the requester is always disadvantaged. Is the government over-classifying documents to hide embarrassment or is there a legitimate national security interest? 

The requester will never know. 

There must be an integrated declassification system built into the new FOIA system. Subject to the requester having a security clearance, they should be able to review the documents in question themselves. 

Absent that, an interested party who does have a clearance should be able to volunteer (or the requester should be able to hire counsel) to represent their interests in a hearing. This would necessitate the creation of a review panel. 

In this hearing, the government should be forced to defend the classification of the documents. The advocate of the requester should be able to review the documents and argue the opposing side. There should be a transcript of the hearing, and a publicly available summary of the hearing, to the extent possible. 

GLOMAR responses are antithetical to a free society. They should be disallowed, and the government should confirm the existence of all requested files in their possession. If the government believes there is a national security interest, they should be required to defend that in a hearing, as noted above. 

Once a topic has been settled by this review panel, relevant requests can be denied for a period up to 2 years before hearings are granted again. Safeguards may be necessary so that nuanced requests are not blanket-denied under the broad definition of “relevant.”

Conclusion

There is always much discussion on funding. I sincerely believe these 3 reforms will cut dramatically the costs incurred by reducing second and third requests, appeal requests, requests for status updates, and more. 

With the transparency of the new system, it should be much easier to gauge funding needs. Analysis of waiting times by processors, reviewers, and more will be possible and this in turn will allow Congress to drive funds to needed areas.