freshidea - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

FBI accused of avoiding FOIA requests in the name of security

A lawsuit against the Department of Justice claims the FBI is using outdated technology in order to avoid fulfilling FOIA requests.

A new lawsuit against the Department of Justice claims the FBI has been actively crippling its database systems to exploit a loophole in FOIA request regulations and to avoid supplying information.

Ryan Shapiro, a Ph.D. candidate at MIT and research affiliate at Harvard's Berkman Klein Center for Internet and Society, filed the lawsuit alleging the FBI has purposely failed to fulfill FOIA requests by using an outdated and badly designed search system. Shapiro charged that the FBI has intentionally used an ineffective search method, and then claimed it cannot find the information he has requested.

"When it comes to FOIA, the FBI is simply not operating in good faith. Since the passage of the Freedom of Information Act (FOIA), the FBI has viewed efforts to force bureau compliance with FOIA as a security threat," Shapiro said. "Over the years, the FBI has established countless means by which to avoid compliance with FOIA. One of the chief means by which the FBI accomplishes this is to search for records in such a way that the search routinely fails by design."

According to Shapiro, the FBI is taking advantage of a loophole in FOIA rules.

"The FOIA statute doesn't require an agency to locate requested records. Rather, it requires an agency to conduct a search 'reasonably calculated' to locate the records," Shapiro said. "By utilizing deliberately deficient FOIA search methodologies, the FBI superficially appears to be in compliance with FOIA without having to actually locate, and, therefore, potentially release, many records."

The Central Records System (CRS) database holding the FBI records cannot be searched, so the FBI must instead search a mirror of the database, called the Automated Case Support (ACS) system, which has three possible methods for searching. Shapiro claimed the FBI does not use full-text search methods and instead intentionally uses what he called the worst method of search, UNI (Universal Index), which, he said, has been designed to fail.

Operation Mosaic

UNI is an index of search terms within the CRS. Shapiro said this is extremely problematic as a search tool, because in order for a record to show up in the UNI, the proper search term has to have been indexed. These terms are indexed by an FBI agent who goes through a report "with a marker, and you draw a line under every term you want indexed." Shapiro said it is up to the individual agent to decide what is important enough to be indexed, and only "a few key things" will be indexed within a document.

"Not only is it arbitrary, but it's also very inconsistent. So, I have multiple examples of the same document sent by headquarters and two different FBI field offices, and this document gets indexed by different people and the indexing is totally different," Shapiro said. "Even FBI RIDS [Record/Information Dissemination Section] section chief David M. Hardy himself concedes in court declarations that the indexing of records by the FBI essential to UNI searches is characterized by a largely discretionary and even arbitrary set of practices not designed for the purpose of effectively locating records responsive to FOIA requests."

Shapiro said this failure of the database indexing was proven with his research into Operation Mosaic, which Shapiro described as "an FBI program to try and limit the FBI's obligations under FOIA, [and] to grant the FBI functional immunity from the Freedom of Information Act."

"In 1974, when FOIA was amended to apply to the FBI and the other intelligence agencies for the first time, all of the intelligence agencies freaked out and tried to do anything they could to kill FOIA, or to exempt themselves from it. And the other agencies had a lot better success than the FBI did," Shapiro told SearchSecurity, adding, to this day, the National Security Agency has no obligation to comply with FOIA requests. "By the late 70s, the FBI realized they had lost the efforts to statutorily exempt themselves from FOIA, and so they were looking for ways to appear to be in compliance of the act, but get to avoid compliance."

Operation Mosaic was an early effort to accomplish this, and Shapiro said the operation is unlikely to be indexed by UNI because it is not the subject of an investigation, a victim or suspected perpetrator of a crime. As such, despite Shapiro having copies of FBI documents pertaining to Operation Mosaic, he was not able to obtain more via FOIA requests because the FBI claimed a search of its database returned no results, which is what prompted the latest lawsuit by Shapiro against the DOJ.

As recently as December 2014, Hardy, the FBI RIDS chief, contended in court proceedings pertaining to another lawsuit by Shapiro that full-text searches are too difficult to perform in response to FOIA requests.

"Full-text searches are considered an extraordinary measure that is unduly burdensome and not reasonably likely to locate responsive records. In fact, in RIDS' experience, full-text searches generally return a significant number of 'hits' that are random and incomplete references," Hardy said, claiming the act of sifting through these hits results in "a significant use of time and resources that yield no additional responsive information" for FOIA requests. "As such, the ACS index search of the CRS is the key to locating information."

Shapiro said this assertion is "absurd on its face."

"The FBI's assertion is akin to suggesting that a search of a limited and arbitrarily produced card catalog at a vast library is as likely to locate book pages containing a specified search term as a full-text search of database containing digitized versions of all the books in that library," Shapiro said.

The FBI would not comment specifically on its systems or on any pending litigation, but a spokesperson noted there is a more modern database system that has been in use since 2012.

"Sentinel is the FBI's case management system and was implemented FBI-wide on July 1, 2012," an FBI spokesperson told SearchSecurity. "The Sentinel case management system builds on the Automated Case Management System and shares its operational purpose; Sentinel provides a modern portal to locate information within FBI records."

Shapiro said this statement by the FBI should be read "hyper-literally," and no implications should be gleaned from it.

"The FBI makes no statement one way or another as to whether FBI is using ACS instead of Sentinel for FOIA search purposes, regardless of what FBI might be doing for non-FOIA search purposes," Shapiro told SearchSecurity. "There is no question FBI is still relying upon ACS for FOIA search purposes. Ask FBI this question directly. They will not tell you, otherwise."

The FBI has not responded to follow-up questions as of this publication.

Next Steps

Learn how a surge in FOIA requests creates business for open records software companies.

Find out how Universal Credit documents show government projects should be open and transparent.

Get info on how the U.K. government failed on its election transparency pledge.

Dig Deeper on Government information security management

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

What do you think about how the FBI is alleged to handle FOIA requests?
There's something more than a bit ironic that the organization known for prying into everyone's private information is balking at disclosing the information it knows. Can the FBI really believe that everyone will willingly enter the future without the safeguards the FOIA was designed to provide...? Wait. Of course they do. The FBI's job is always to keep us all safe and honest. Now it seems  it's our job to keep the FBI honest so we can really be safe. Like I said, ironic....

There is so much bloat within the Federal Government that the system of Checks and Balances is no longer functional. 

The Executive Branch has so many departments and so many employees that Congress cannot possibly oversee their duties in relation to it all. 

Seeing this sort of collusion between groups that are supposed to be watching out for OUR freedoms is sickening.  Now it is The Government vs. The People.  I would love to know the true cost of the resources used by our Federal Government when attempting to evade oversight by the Public - resources that are taken from US.  This constant effort to avoid compliance with the law IS BREAKING THE LAW!  How are we supposed to trust that the FBI (as well as the other TLA's) is looking out for OUR interests?  We cannot.

You can scratch the surface of any Cabinet Department and find corruption, scandal, and a complete unwillingness to comply with any sort of oversight.  It seems that our leaders no longer stay within their Constitutionally mandated boundaries.

Doesn't surprise me. The government always seems to be lacking in the information and security area. Maybe this was intentional, like a loophole but at this point we are guessing as to the real reason.