FOIA request: Cybersecurity Act of 2015 report (DOD)

To Whom It May Concern:

This letter constitutes a request under the Freedom of Information Act (“FOIA”), 5 U.S.C. § 552, by independent journalist Joshua Eaton.

A. Request for disclosure

Under Section 406 of the Cybersecurity Act of 2015, the office of the inspector general for any federal agency that operates a national security system or a computer system containing personally identifiable information must submit a report to Congress by Aug. 14, 2016, outlining those systems' access controls and other security measures.

I seek disclosure of any and all such reports and/or audits prepared, received, transmitted, collected and/or maintained by your agency between Dec. 1, 2015, and the date your office processes this request, inclusive.

B. Request for limitation of processing fees

I request a limitation of processing fees pursuant to 5 U.S.C. § 552(a)(4)(A)(ii)(II) (“fees shall be limited to reasonable standard charges for document duplication when records are not sought for commercial use and the request is made by ... a representative of the news media”). I fit within this statutory exemption. Fees associated with the processing of this request should, therefore, be limited accordingly.

I am a full-time, professional journalist who regularly contributes to The Christian Science Monitor and Teen Vogue. My reporting has also appeared at The Washington Post, The Boston Globe, Al Jazeera America, and PRI's "The World." While I am a freelancer, my status as a regular contributor to The Christian Science Monitor and Teen Vogue, and my professional relationship with editors at a number of other publications, represent a solid basis for expecting publication. A complete list of my publications and my full résumé are available online at https://joshuaeaton.net.

The requested documents will be made available to the general public, and this request is not being made for commercial purposes.

In the event that processing fees cannot be limited, I am willing to pay up to $25. Please inform me of the anticipated total charges in advance of fulfilling my request.

C. Request for fee waiver

I additionally request a waiver of all costs pursuant to 5 U.S.C. § 552(a)(4)(A)(iii) (“Documents shall be furnished without any charge ... if disclosure of the information is in the public interest because it is likely to contribute significantly to public understanding of the operations or activities of the government and is not primarily in the commercial interest of the requester”).

Disclosure in this case meets the statutory criteria, and a fee waiver would fulfill Congress’s legislative intent in amending FOIA. See Judicial Watch, Inc. v. Rossotti, 326 F.3d 1309, 1312 (D.C. Cir. 2003) (“Congress amended FOIA to ensure that it be ‘liberally construed in favor of waivers for noncommercial requesters.’”).

Disclosure of the requested information is in the public interest. This request will further public understanding of government conduct — specifically, the government's efforts to secure federal computer systems containing personally identifiable information belonging to government employees, contractors, and citizens. Given the widespread damage caused by recent data breaches at both government agencies and private companies, understanding these efforts is of vital public interest.

Moreover, disclosure of the requested information will aid public understanding of federal agencies' compliance with the Cybersecurity Act of 2015. Congress passed this law in response to major data breaches at several federal government agencies. Understanding its implementation by federal agencies is, therefore, crucial to the public’s interest in understanding the consequences of this important legislation.

As a “representative of the news media,” supra Section B, I am well-situated to disseminate the information I gain from this request to the general public. Because I meet the test for a fee waiver, fees associated with responding to my FOIA requests should be – and regularly are – waived.

The requested documents will be made available to the general public, and this request is not being made for commercial purposes.

In the event that fees cannot be waived, I am willing to pay up to $25. Please inform me of the anticipated total charges in advance of fulfilling my request.

D. Miscellany

Pursuant to applicable regulations and statute, I expect the determination of this request for records within 20 days of your receipt of this request. See 5 U.S.C. § 552(a)(6)(A)(i).

If this request is denied, in whole or in part, please justify all deletions by reference to specific exemptions to FOIA. Your agency must also release all segregable portions of otherwise exempt material. I reserve the right to appeal any decision to withhold any information in whole or in part, to deny the request to limit processing fees, and/or to deny the request for a fee waiver.

I would prefer the request filled electronically, by email attachment if available or CD-ROM if not.

Thank you for your time and attention.

Sincerely,
Joshua Eaton

Dear DODIG FOIA Team,

I'm writing in response to your email dated Aug. 18, 2016, copied below. In that email, you requested my personal contact information. You can reach me directly at 706-540-6651 or at this email address.

Thank you for your time and attention.

Sincerely,
Joshua Eaton

Dear DOD IG FOIA Team,

My request is quite narrow. It is my understanding that Section 406 of the Cybersecurity Act of 2015 required the Department of Defense Office of the Inspector General to submit a report and/or audit to Congress by Aug. 14, 2016, outlining DOD's cybersecurity measures. I seek disclosure of that report and/or audit and any of its supplements or appendices.

Please let me know if this adequately describes the records I seek, and if I can answer any other questions.

Sincerely,
Joshua Eaton

Hi,

Thanks so much for your help with this request! I really appreciate it.

Sincerely,
Joshua Eaton