Department of Labor email metadata

To Whom It May Concern:

Pursuant to the Freedom of Information Act, I hereby request the following records:

A. Email metadata

1. For every:

a. email sent to or from any
i. Internet domain name owned or operated by or for Department of Labor, or
ii. intranet domain name owned or operated by or for Department of Labor;

b. including all subdomains thereof;

c. stored on any Government-accessible server, in electronic format,
i. at the time this request was made, or
ii. at the time the search on this request was made;

2. please provide:

a. the full email header section; but
b. no part of the body section.

3. The records responsive to this request should, generally speaking, be stored on the server(s) specified in the MX and/or SPF record(s) of the domain name.

4. The records should be provided
a. in a standard, open, machine-processable, bulk, database format, such as MySQL dump or properly structured CSV,
b. in ASCII, UTF-8 or UTF-16 encoding,
c. via electronic transfer

# Clarifying and technical elaboration

General:

This request is intended to consist entirely of email metadata (i.e. the header section), not email contents proper (i.e. the body section), and therefore to raise only minimal (if any) withholding issues under 5 USC 552(b)(5), (b)(6), or (b)(7).

It is intended to not require any per-record or per-address review. It may require bulk filtering, which I am open to negotiating.

Even so, this request likely encompasses millions or billions of records, and on the order of gigabytes or terabytes of data. It is intended for computer processing, using standard "big data" tools and environments. It should be processed directly at the level of email servers, not individual clients.

Element 1:

"To" includes CC and BCC.

"Internet domain name" means any domain that IS resolved by Google's public DNS server (IP address 8.8.8.8), e.g. *.com, *.gov, *.org, *.net, *.us, & *.mil.

"Intranet domain name" means any domain that is NOT resolved by Google's public DNS server (IP address 8.8.8.8), e.g. *.dcn. These are typically routed via intranet, VPN, or similar methods.

Domain names that are jointly owned or operated by Department of Homeland Security and any other entity are to be included unless otherwise agreed to.

The term "or" means logical "or", not discretionary "or". I.e. you must include each variation described, not pick which one(s) you prefer.

Please note that A.2.a requires that you immediately act to preserve responsive data from routine deletion.

If any part of this element this is an issue for you, please describe
a. the categories of domain names of concern,
b. representative examples of each category,
c. the reasoning for your concern (e.g. why you would find it difficult to enumerate all domain names encompassed), and
d. a proposal for narrowing that would address your concern.

Element 2:

The "header section" of an email is defined (most recently) in RFC 5322, § 2. See <https://tools.ietf.org/html/rfc5322#section-2>.

The "body section" includes any MIME body part header within a multipart construct, but not MIME header fields that occur within the header section. See RFC 2045 § 3, <https://tools.ietf.org/html/rfc2045#section-3>. The latter should be provided (per A.2.a), the former not (A.2.b).

If any part of this element is an issue for you, please describe
a. the header fields of concern,
b. categories of concerns for each header field,
c. representative examples of each category,
d. the reasoning for your concern, and
e. a proposal for bulk filtering that would address your concern without substantially redacting non-withholdable information.

"Bulk filtering" means a regular expression substitution, in standard egrep/sed/awk format, which can be done on the entire set of data (e.g. in MySQL) without requiring any per-item human review. (Human review may be needed to spot check samples, to ensure that it is coded correctly — but not to review each resulting record.)

Element 3:

This request should be processed on the actual servers that store the email, using server- / email- administrator level tools.

This request should NOT be processed using an ordinary email client such as Microsoft Outlook, which is not capable of bulk email header processing for all email on an entire domain name.

For instance, according to public DNS records, emails to @dol.gov are processed by, and likely stored on, the following servers respectively:

100 stl-mta-dmz-01-pub.dol.gov.
100 stl-mta-dmz-02-pub.dol.gov.
50 sil-mta-dmz-01-pub.dol.gov.
50 sil-mta-dmz-02-pub.dol.gov.
75 mail-ironport1.dol.gov.
75 mail-ironport3.dol.gov.

Likewise, emails from @dol.gov or addresses are processed by, and likely stored on, the following servers respectively:

ns05.dol.gov.
ns06.dol.gov.
ns1.dol.gov.
ns2.dol.gov.
stlns08.dol.gov.

"5utT/F1eHYxWAA/b5lPn9hm5i7J6vK5X1muo1bi5csbi5UZ/9nF0sLG/OCOY34ixKaf/9Y6pfgfGFLWGb2iBMw=="
"8573-A2D1-A4EF-C907-5E3C-D644-6768-6016"
"MS=ms88082879"
"jm1QbIy0MJmuRAx4Fmxzi186kWpB/NZcWxAnB7cdXDqYdPVBNYF4PiOd1q6h0aCEs7nZWJ8c7tvargkXEsWfCQ=="
"v=spf1 mx include:spf.protection.outlook.com -all

(Note that the directly referenced IPs are owned by CGI group; the indirect [outlook.com] IPs are owned by Microsoft.)

"5utT/F1eHYxWAA/b5lPn9hm5i7J6vK5X1muo1bi5csbi5UZ/9nF0sLG/OCOY34ixKaf/9Y6pfgfGFLWGb2iBMw=="
"8573-A2D1-A4EF-C907-5E3C-D644-6768-6016"
"MS=ms88082879"
"jm1QbIy0MJmuRAx4Fmxzi186kWpB/NZcWxAnB7cdXDqYdPVBNYF4PiOd1q6h0aCEs7nZWJ8c7tvargkXEsWfCQ=="
"v=spf1 mx include:spf.protection.outlook.com -all

(Note that this SPF record includes IPs owned by both DHS and CGI Group.)

For domain names without SPF records, please consider the emails that are processed by, and likely stored on, whatever outgoing email servers (e.g. SMTP) that are normally used by the agency.

Please note that MX and SPF records may have changed over time. Their current settings may not encompass all responsive email, especially if e.g. some email was not moved over during a change of service providers.

If some records are stored in a difficult to access location, such as undifferentiated full disk ("tape") backups, please explain the details so that we can negotiate a narrowing of this request to those records which are readily accessible.

You need not consider "forged" emails, which purport to be from a domain name but are sent from a server not authorized to do so.

# Prioritization

Please prioritize, in order:
1. the items & subitems above, in the order listed
2. within each item or subitem, most recent records first.

The requested documents will be made available to the general public, and this request is not being made for commercial purposes.

In the event that there are fees, I would be grateful if you would inform me of the total charges in advance of fulfilling my request. I would prefer the request filled electronically, by e-mail attachment if available or CD-ROM if not.

Thank you in advance for your anticipated cooperation in this matter. I look forward to receiving your response to this request within 20 business days, as the statute requires.

Sincerely,

John Ricker

Hi,

I wanted to follow up on this request. I realize the shutdown likely caused you to develop a backlog of requests I just wanted to check on this.

Thanks,

John Ricker

I’d like to follow up on my request submitted January 2nd if this year. Due to the lack of any reply including any fees or invoice I assume that the requested information will be released for free shortly. Thank you,

John Ricker.

Hello,

I submitted this request January 2019. I have received no reply. This is a constructive denial of my request. I am asking for IMMEDIATE release of all requested records.

Thank you,
John Ricker

To Whom It May Concern:

I wanted to follow up on the following Freedom of Information Act request, copied below, and originally submitted on January 4, 2019. Please let me know when I can expect to receive a response.

Thanks for your help, and let me know if further clarification is needed.