DHS email metadata (United States Customs and Border Protection)

Dear United States Customs and Border Protection:

This letter is a formal Freedom of Information Act request for the following records.

A. Email metadata

1. For every:

a. email sent to or from any
i. Internet domain name owned or operated by or for United States Customs and Border Protection, or
ii. intranet domain name owned or operated by or for United States Customs and Border Protection;

b. including all subdomains thereof;

c. stored on any Government-accessible server, in electronic format,
i. at the time this request was made, or
ii. at the time the search on this request was made;

2. please provide:

a. the full email header section; but
b. no part of the body section.

3. The records responsive to this request should, generally speaking, be stored on the server(s) specified in the MX and/or SPF record(s) of the domain name.

4. The records should be provided
a. in a standard, open, machine-processable, bulk, database format, such as MySQL dump or properly structured CSV,
b. in ASCII, UTF-8 or UTF-16 encoding,
c. via electronic transfer, as described below.

# Clarifying and technical elaboration

General:

This request is intended to consist entirely of email metadata (i.e. the header section), not email contents proper (i.e. the body section), and therefore to raise only minimal (if any) withholding issues under 5 USC 552(b)(5), (b)(6), or (b)(7).

It is intended to not require any per-record or per-address review. It may require bulk filtering, which I am open to negotiating, as discussed below.

Even so, this request likely encompasses millions or billions of records, and on the order of gigabytes or terabytes of data. It is intended for computer processing, using standard "big data" tools and environments. It should be processed directly at the level of email servers, not individual clients.

Element 1:

"To" includes CC and BCC.

"Internet domain name" means any domain that IS resolved by Google's public DNS server (IP address 8.8.8.8), e.g. *.com, *.gov, *.org, *.net, *.us, & *.mil.

"Intranet domain name" means any domain that is NOT resolved by Google's public DNS server (IP address 8.8.8.8), e.g. *.dcn. These are typically routed via intranet, VPN, or similar methods.

Domain names that are jointly owned or operated by United States Customs and Border Protection and any other entity are to be included unless otherwise agreed to.

The term "or" means logical "or", not discretionary "or". I.e. you must include each variation described, not pick which one(s) you prefer.

Please note that A.2.a requires that you immediately act to preserve responsive data from routine deletion.

If any part of this element this is an issue for you, please describe
a. the categories of domain names of concern,
b. representative examples of each category,
c. the reasoning for your concern (e.g. why you would find it difficult to enumerate all domain names encompassed), and
d. a proposal for narrowing that would address your concern.

Element 2:

The "header section" of an email is defined (most recently) in RFC 5322, § 2. See <https://tools.ietf.org/html/rfc5322#section-2>.

The "body section" includes any MIME body part header within a multipart construct, but not MIME header fields that occur within the header section. See RFC 2045 § 3, <https://tools.ietf.org/html/rfc2045#section-3>. The latter should be provided (per A.2.a), the former not (A.2.b).

If any part of this element is an issue for you, please describe
a. the header fields of concern,
b. categories of concerns for each header field,
c. representative examples of each category,
d. the reasoning for your concern, and
e. a proposal for bulk filtering that would address your concern without substantially redacting non-withholdable information.

"Bulk filtering" means a regular expression substitution, in standard egrep/sed/awk format, which can be done on the entire set of data (e.g. in MySQL) without requiring any per-item human review. (Human review may be needed to spot check samples, to ensure that it is coded correctly — but not to review each resulting record.)

Element 3:

This request should be processed on the actual servers that store the email, using server- / email- administrator level tools.

This request should NOT be processed using an ordinary email client such as Microsoft Outlook, which is not capable of bulk email header processing for all email on an entire domain name.

For instance, according to public DNS records, emails to @dhs.gov or @hq.dhs.gov are processed by, and likely stored on, the following servers respectively:

$ dig mx dhs.gov +short
10 dhs-gov.mail.protection.outlook.com.

$ dig mx hq.dhs.gov +short
10 rlymd-mail-a-03.verizonbusiness.com.
10 rlymd-mail-a-01.verizonbusiness.com.
10 rlymd-mail-a-04.verizonbusiness.com.
10 sacca-mail-a-01.verizonbusiness.com.
10 sacca-mail-a-02.verizonbusiness.com.
10 sacca-mail-a-04.verizonbusiness.com.
10 rlymd-mail-a-02.verizonbusiness.com.
10 sacca-mail-a-03.verizonbusiness.com.

Likewise, emails from @dhs.gov or @hq.dhs.gov addresses are processed by, and likely stored on, the following servers respectively:

a) @dhs.gov

$ dig txt dhs.gov +short | grep spf
"v=spf1 ip4:216.128.251.155 ip4:128.129.88.18 ip4:216.81.91.184 ip4:216.81.85.157 include:spf.protection.outlook.com -all"

(Note that the directly referenced IPs are owned by CGI group; the indirect [outlook.com] IPs are owned by Microsoft.)

$ dig txt spf.protection.outlook.com +short | grep spf
"v=spf1 ip4:207.46.100.0/24 ip4:207.46.163.0/24 ip4:65.55.169.0/24 ip4:157.56.110.0/23 ip4:157.55.234.0/24 ip4:213.199.154.0/24 ip4:213.199.180.128/26 ip4:52.100.0.0/14 include:spfa.protection.outlook.com -all"

$ dig txt spfa.protection.outlook.com +short | grep spf
"v=spf1 ip4:157.56.112.0/24 ip4:207.46.51.64/26 ip4:64.4.22.64/26 ip4:40.92.0.0/14 ip4:40.107.0.0/17 ip4:40.107.128.0/17 ip4:134.170.140.0/24 include:spfb.protection.outlook.com ip6:2001:489a:2202::/48 -all"

$ dig txt spfb.protection.outlook.com +short | grep spf
"v=spf1 ip6:2a01:111:f400::/48 ip4:23.103.128.0/19 ip4:23.103.198.0/23 ip4:65.55.88.0/24 ip4:104.47.0.0/17 ip4:23.103.200.0/21 ip4:23.103.208.0/21 ip4:23.103.191.0/24 ip4:216.32.180.0/23 ip4:94.245.120.64/26 -all"

b) @hq.dhs.gov

$ dig txt hq.dhs.gov +short | grep spf
"v=spf1 ip4:216.81.91.184 ip4:216.81.85.157 ip4:216.128.251.155 ip4:128.129.88.18 ip4:208.73.191.37 ip4:208.73.184.44 mx -all"

(Note that this SPF record includes IPs owned by both DHS and CGI Group.)

For domain names without SPF records, please consider the emails that are processed by, and likely stored on, whatever outgoing email servers (e.g. SMTP) that are normally used by the agency.

Please note that MX and SPF records may have changed over time. Their current settings may not encompass all responsive email, especially if e.g. some email was not moved over during a change of service providers.

If some records are stored in a difficult to access location, such as undifferentiated full disk ("tape") backups, please explain the details so that we can negotiate a narrowing of this request to those records which are readily accessible.

You need not consider "forged" emails, which purport to be from a domain name but are sent from a server not authorized to do so.

Element 4:

If the upload methods provided below are not sufficient, I can provide the resources for transfer and storage using any robust, standard method (e.g. rsync). If your back-end storage is in Google Cloud Storage, Amazon S3, or similar service, or on machine(s) capable of SSH or SCP, I can provide for suitable direct back-end transfer. I can work with both pull (I access your server) and push (you send to my server) methods.

Please let me know your storage provider and formats, so that we can negotiate a direct server-to-server or provider-side transfer method that is cheap and lossless.

###
All content after this line is part of my standard template.
###

# Prioritization

Please prioritize, in order:
1. the items & subitems above, in the order listed
2. within each item or subitem, most recent records first.

# Additional requests

I also request:

B. all records relating to the fulfillment of this request, such as FOIA logs, documentation of searches, referral emails, etc.

This part of the request is to be processed only after you have completed processing all of the above parts. This part does not request that you create any new record; rather, it requests the records that you will have created in processing the above parts, and will therefore exist before you conduct the search for this part. See McGehee v. CIA, 697 F. 2d 1095, 1100-05 (D.C. Cir. 1983) (agency must use time-of-search cut-off date, not time-of-request).

C. all records relating to any complaint(s), FOIA request(s)/appeal(s), and/or Privacy Act request(s)/appeal(s) made by me. This includes, but is not limited to:
1. all records relating to the processing my previous requests, complaints, etc;
2. all records containing the terms my name, email address(es), and other contact or identifying information, listed below my signature; and
3. all records containing any of my complaint, request or appeal identifiers.

Parts (B) and (C) must be processed only after you have processed the items above that line, i.e. such that at the time of the search, the records described will have already been created at the time you conduct the search. Part (C) must be processed after part (B) is completed.

Parts (B) and (C) may overlap with similar prior requests. However, the cut-off date is, at earliest, the date that you complete search on all of the above items. If you wish to administratively merge this request with a prior similar request, I consent on condition that you extend the cut-off date for the prior request, and provide rolling updates. Otherwise, you must treat this as a new request.

For all responsive records, I also request:

D.
1. all parts of the record (i.e. no portion of a record with some responsive portion may be considered "non-responsive");
2. all versions of the record, whether or not currently in use;
3. all record metadata, such as dates on which they were drafted, passed, went into effect, withdrawn, or similar events; person(s) / office(s) responsible; authors; IDs; revision numbers; etc.;
4. a detailed index of all claims of exemption/privilege, regardless of whether the record is claimed to be exempt in whole or in part;
access to inspect the record directly, in its native electronic format; and
5. if any classification applies, mandatory declassification review (MDR) under E.O. 13526, and the result of the MDR, including any declassified records.

Items in part (D) should be prioritized at the same level as the record they apply to.

# Timing

For all requests above, the "cut-off date" is, at the earliest, the date that you conduct the search.

The priority order listed above is only for items that may take extra time to respond to, and must not be taken as blocking response to an otherwise lower priority item that could be released more quickly than a higher priority item that is pending time-intensive search or review.

# FOIA IA notice

Please note that this request is made after the enactment of Public Law No. 114-185, S. 337 (114th), the FOIA Improvement Act of 2016 (FOIA IA). The revised statute, as specified in the FOIA IA, applies to this request. FOIA IA § 6.

In particular, please note that:
1. you must provide electronic format documents, §§ 552(a)(2) (undesignated preceding text), 552(a)(2)(E) (undesignated following text), 552(a)(3)(B), and 552(a)(3)(C);
2. you may not specify an appeal duration less than 90 days, § 552(a)(6)(C)(A)(i)(III)(aa);
3. you may not withhold any record unless "the agency reasonably foresees that disclosure would harm an interest protected by an exemption described in subsection (b), or disclosure is prohibited by law", § 552(a)(8)(A)(i);
4. you must segregate and partially release records where possible, §§ 552(a)(8)(A)(ii) and 552(b) (undesignated matter following (b)(9)); and
5. you may not claim deliberative process exemption for records more than 25 years old, § 552(b)(5).

# "Record" defined

For the purposes of this request, except as otherwise specified, "record" means any agreement, appendix, application, assessment, attachment, checklist, circular, contract, correspondence (including but not limited to email), data management plan, documentation of search parameters, email, email attachment, form, guide, handbook, index of records, information consent agreement, information sharing agreement, instruction, interpretation, kit, management instruction, manual, memorandum, memorandum of understanding, notice, notification, opinion, order, plan, policy, policy statement, processing note, publication, recording, referral, report, request certification form, request detail report, response, rule, script, standard operating procedure, submission, talking point, training document, video, or related record described, regardless of publication status.

# Anti-duplication exclusion

This request specifically excludes providing me with new copies of any records which have been already provided to me or published online for free (e.g. on the agency's online "reading room"), in full or identically to the form that would be provided to me under this request (i.e. with exactly the same format, redactions, and claimed exemptions).

This is only an exclusion on providing records under this request that are identical to those already provided to me or available online, and only if I am or have already been provided a link to the online version (if "available online").

This exclusion is only intended to limit unnecessary duplication or provision, not to limit what records are responsive to this request, nor to permit failure to disclose the location of a responsive record available online. If this exclusion would in any way increase the cost or duration to respond to this request, it is to be ignored to the extent it does so.

This request is to be treated as separate from all others that I have filed.

# Forwarding; multi-agency / multi-component records

Please forward this request to the FOIA office of every agency component and subcomponent that may have responsive records for independent processing, with a copy to me.

This request includes any records held jointly by your agency in conjunction with any other agency and/or department, in interagency and/or interdepartmental systems of records, or by other agencies or third parties (including contractors) acting pursuant any agreement with your agency.

# Minimal redaction

Please note that the FOIA requires you to service the maximum extent of my request that can be done via e.g. partial redaction of exempt material. If you believe some portions of a record to be exempt because it contains Sensitive Security Information (SSI, 49 CFR 15 & 1520) or classified information (18 USC 798), please provide a version of the record redacted to the minimum extent necessary to remove exempt information (e.g. per 49 CFR 1520.15), along with adequate information to describe the reason for each specific exemption.

# Estimates and rolling updates

In order to help tailor my request, please provide an upfront estimate of the time and cost it will take to complete this request, broken down any significant factors that would affect cost to service, number of records in each category, and your estimate of how many records in the category are likely to be exempt.

Please provide me with incremental updates, with updated estimates for fulfillment of the remainder, rather than having the entirety of the request be blocked until fully completed.

# No new records; electronic & original format

This request does not ask you to create new records.

If you determine that a response would require creating a new record that you do not want to create, please first contact me by email with an explanation of what records you have that would most closely match the information requested and might be acceptable substitutes, so that we can reasonably tailor the request.

In particular, I specifically request that you do not create new documents in response to this request that are modifications of a digital record, such as page-view images, print views, scans, or the like. No such creation or substitution is authorized by FOIA or the Privacy Act.

However, if the same or similar records are held in both electronic and paper formats, this request includes both the paper and electronic versions. The paper version and the digital version are distinct records, and each may contain distinct information such as handwritten or other markings on the paper copy and embedded metadata in the electronic version.

I specifically request both the original, electronic format record, and (if it contains any additional markings) the paper record.

To the extent that the native electronic format is proprietary or otherwise not in format accessible by widely available, open source software, I also request
1. an export of the proprietary format into a standard, open format, as described below, and
2. all proprietary software necessary to use and understand the original, proprietary format records.

# Rehab Act § 508 compliance

Please note that I am partially blind, use screen readers (such as VoiceOver and TalkBack), and need to process documents using computer code (which requires machine-readable data).

In accordance with 5 USC 552(a)(3)(B & C) (E-FOIA), Rehabilitation Act § 508, and FOIA IA, I demand that you respond using original, native format, electronic, machine-processable, accessible, open, and well structured records to the maximum extent possible — for both the content of your response, and any communications about the request (such as response letters).

This means, e.g.:
1. native, original format records rather than PDFs or other conversions (see note above re providing both native electronic records and scans of paper records, if both exist);
2. individual files per distinct source record (e.g. one .msg file per email), named clearly using the record's identifier, title, and date, rather than a single file containing multiple concatenated records;
3. records compliant with the Rehabilitation Act § 508, 36 CFR 1194.22, USAB ATBCB-2015-0002, and I​SO 14289­-1;
4. fully digital text records rather than scans, rasterizations, or OCR;
5. complete electronic records, as held on any computer (including phones, servers, backup servers, mail servers, workstations, etc.), including all headers and attachments, fully expanded e-mail addresses, full addresses for address "aliases", full lists for "distribution list" aliases, all embedded and external metadata, complete bitwise digital copies of the original file, all file headers, and all other file content;
6. blackout rather than whiteout redactions, with every redaction marked with all exemption(s) claimed for that redaction;
7. digital redactions rather than black marker or rasterization;
8. lists and structured data as machine-processable spreadsheets (e.g. CSV, SQL, XSL) rather than word documents (e.g. DOC, PDF, TXT, RTF) or partial printouts (e.g. PDF),
9. open format records (e.g. PDF, AVI, MPG) rather than proprietary format records (e.g. WordPerfect, Microsoft Advanced Systems Format (ASF)) (note above re providing both original, proprietary format records and open format records);
10. scans rather than paper copies;
11. digital audio/video files rather than physical tapes;
12. upload to your Electronic Reading Room (or other publicly accessible server) rather than personal transfer (for all items other than the item requesting records related to me or my requests);
13. email or (S)FTP file transfer rather than CD;
14. email correspondence rather than physical mail; etc.

# Compression, passwords, and uploading large files

Multiple files may be sent in a combined, compressed form using standard ZIP, TAR, GZIP, BZIP2, and/or RAR formats, or sent as separate files, at your discretion.

Do not use any password on any files, including ZIP files etc., unless a password was present in the original, native format (in which case, leave it unaltered, and send me the password).

If there are any files you prefer not to transfer by email (e.g. if they are >10MB), please upload them to me via the link listed below my signature. Doing so is secure, completely free to you, and I will be notified of the upload.

# No physical "duplication"; inspection & direct access

Please note that this request does not request that you physically "duplicate" records, as I do not want you to create any paper or other physical copy for me — I only want electronic versions (or scans, for records that are not fully available in electronic form). As such, I expect there to be no duplication related costs.

Furthermore, I specifically request access for inspection of the records, including direct electronic access, in native format, to any electronic records.

# No fees agreed to; non-commercial status; journalistic & public interest waiver

I am not currently willing to pay for servicing this request. I may be willing to pay if it is necessary; please send a detailed explanation of the costs and their statutory justification, and service the maximum extent of the request that can be done for free in the meantime.

This request is a qualified request for journalistic, public interest purposes. As such, I request fully waived fees, including both public interest fee waiver and journalistic fee waiver.

1. Fiat Fiendum, Inc. (FF) is a 501(c)(3) nonprofit organization, organized for charitable, educational, scientific, and/or literary purposes.

This request is a part of FF's bona fide educational and scientific purpose activities, which are public interest purposes as a matter of law.

2. FF's actions in matters such as this request are non-commercial. My personal interest in the records is also non-commercial.

3. Both Fiat Fiendum as an organization, and I as an individual, are representatives of the news media and entitled to waiver of all search fees.

4. I intend and am able to host and publish all received records online to the general public at no charge, as well to publish highlights, analyses, summaries, commentaries, and other creative, original journalistic and scientific work about responsive records through multiple online publications, as part of Fiat Fiendum's work.

5. The records requested are of significant public interest, entitled to waiver of all duplication fees, since
a. they are requested for 501(c)(3) public interest purposes;
b. as above, I both am able and intend to disseminate the files widely;
c. they would contribute greatly to the public understanding of the operations & activities of your agency, in that they are records that directly describe agency operations & activities, as well as the issues and matters described at the top of this letter;
d. they are not currently readily available; and
e. they are likely to be requested by others.

6. As mentioned above, I am explicitly not asking for any physical duplication, but rather direct server-to-server file transfer or email (or posting on your website). FOIA authorizes "duplication" fees strictly limited to your agency's actual costs, and mandates that your agency use the cheapest available requested methods. I consider the actual costs for server-to-server file transfer to be reasonably estimated by, e.g., Amazon S3's pricing (https://aws.amazon.com/s3/pricing/).

7. I request that, pending fee waiver determination or appeal, you proceed with this request as if it were in the "other non-commercial requester" category.

# Requester

This request is made on behalf of both myself, Sai (in personal capacity) and Fiat Fiendum, Inc. (in official capacity).

Please note that “Sai” is my full legal name.

# Request tracking numbers and estimated completion date

Upon receipt, and in every followup response, please state your tracking number(s) for this request, as well as your specific estimated completion date. 5 USC 552(a)(7).

# Communication about this request and method for responding

If you have any questions or updates about this request, please contact me by email, using only the MuckRock email address from which this request was sent. Please do not send responses to my personal or organizational email addresses unless I specifically request you to do so.

Please ensure that all of your responses comply with § 508 of the Rehabilitation Act, 36 CFR 1194.22, and UESB NPRM ATBCB-2015-0002.
In particular, please make all correspondence pursuant to this request — including notification and responsive records — by email, with native electronic format records, as specified in the request. I do not authorize you to send anything to me by physical mail unless I specifically state otherwise.

Do not respond using ZixCorp "Secure Mail" or any other method that "expires" records from being available. Use only actual email and direct attachments, or upload using the link below, unless I explicitly request otherwise.

# "Reasonable description" and tailoring

Please note that a request need only be "reasonably described" in the sense that you understand what is requested and where you can find it. A request is not improper merely because of the amount of responsive records. I will not agree to a limitation premised on this request asking for voluminous records. However, I may agree to a limitation premised on the difficulty of finding particular records or categories thereof, the quality of records available, paper vs electronic format, or similar issues.

If you believe that any of the requested items are not reasonably described, that they would be overly burdensome to fulfill, or that you need any further information, please be specific about what you consider vague.

Please include in any response about "reasonably described", or any request for narrowing, specific questions I can answer that would clarify matters for you; specific descriptions of what parts of the request more or less burdensome (and why) that could serve as the basis for negotiating a narrower request; and any indexes, finding guides, record categories, record storage practices, likely places that responsive records may be located, or similar information that would allow me to understand your concerns and better tailor the request.

Sincerely,
Sai
President, Fiat Fiendum, Inc.

Fiat Fiendum is a 501(c)(3) tax-exempt corporation devoted to public interest journalism, government transparency and accountability, individuals' civil rights, and related issues.

Upload link and physical mail address are below. (Again, do not physically mail responsive records without my explicit request; send all responses electronically.)