FOIA request: Cybersecurity Act of 2015 report (USPS)

Joshua Eaton filed this request with the USPS Inspector General of the United States of America.
Est. Completion None
No Responsive Documents


From: Joshua Eaton

To Whom It May Concern:

This letter constitutes a request under the Freedom of Information Act (“FOIA”), 5 U.S.C. §§ 552, by independent journalist Joshua Eaton.

A. Request for disclosure

Under Section 406 of the Cybersecurity Act of 2015, the office of the inspector general for any federal agency that operates a national security system or a computer system containing personally identifiable information must submit a report to Congress by Aug. 14, 2016, outlining those systems' access controls and other security measures.

I seek disclosure of any and all such reports and/or audits prepared, received, transmitted, collected and/or maintained by your agency between Dec. 1, 2015, and the date your office processes this request, inclusive.

B. Request for limitation of processing fees

I request a limitation of processing fees pursuant to 5 U.S.C. § 552(a)(4)(A)(ii)(II) (“fees shall be limited to reasonable standard charges for document duplication when records are not sought for commercial use and the request is made by ... a representative of the news media”). I fit within this statutory exemption. Fees associated with the processing of this request should, therefore, be limited accordingly.

I am a full-time, professional journalist who regularly contributes to The Christian Science Monitor and Teen Vogue. My reporting has also appeared at The Washington Post, The Boston Globe, Al Jazeera America, and PRI's "The World." While I am a freelancer, my status as a regular contributor to The Christian Science Monitor and Teen Vogue, and my professional relationship with editors at a number of other publications, represent a solid basis for expecting publication. A complete list of my publications and my full résumé are available online at

The requested documents will be made available to the general public, and this request is not being made for commercial purposes.

In the event that processing fees cannot be limited, I am willing to pay up to $25. Please inform me of the anticipated total charges in advance of fulfilling my request.

C. Request for fee waiver

I additionally request a waiver of all costs pursuant to 5 U.S.C. § 552(a)(4)(A)(iii) (“Documents shall be furnished without any charge ... if disclosure of the information is in the public interest because it is likely to contribute significantly to public understanding of the operations or activities of the government and is not primarily in the commercial interest of the requester”).

Disclosure in this case meets the statutory criteria, and a fee waiver would fulfill Congress’s legislative intent in amending FOIA. See Judicial Watch, Inc. v. Rossotti, 326 F.3d 1309, 1312 (D.C. Cir. 2003) (“Congress amended FOIA to ensure that it be ‘liberally construed in favor of waivers for noncommercial requesters.’”).

Disclosure of the requested information is in the public interest. This request will further public understanding of government conduct — specifically, the government's efforts to secure federal computer systems containing personally identifiable information belonging to government employees, contractors, and citizens. Given the widespread damage caused by recent data breaches at both government agencies and private companies, understanding these efforts is of vital public interest.

Moreover, disclosure of the requested information will aid public understanding of federal agencies' compliance with the Cybersecurity Act of 2015. Congress passed this law in response to major data breaches at several federal government agencies. Understanding its implementation by federal agencies is, therefore, crucial to the public’s interest in understanding the consequences of this important legislation.

As a “representative of the news media,” supra Section B, I am well-situated to disseminate the information I gain from this request to the general public. Because I meet the test for a fee waiver, fees associated with responding to my FOIA requests should be – and regularly are – waived.

The requested documents will be made available to the general public, and this request is not being made for commercial purposes.

In the event that fees cannot be waived, I am willing to pay up to $25. Please inform me of the anticipated total charges in advance of fulfilling my request.

D. Miscellany

Pursuant to applicable regulations and statute, I expect the determination of this request for records within 20 days of your receipt of this request. See 5 U.S.C. § 552(a)(6)(A)(i).

If this request is denied, in whole or in part, please justify all deletions by reference to specific exemptions to FOIA. Your agency must also release all segregable portions of otherwise exempt material. I reserve the right to appeal any decision to withhold any information in whole or in part, to deny the request to limit processing fees, and/or to deny the request for a fee waiver.

I would prefer the request filled electronically, by email attachment if available or CD-ROM if not.

Thank you for your time and attention.

Joshua Eaton

From: Kikel, Kathy

August 23, 2016

Mr. Joshua Eaton via email<>

RE: FOIA No. 2016-IGFP-00423

Dear Mr. Eaton:

This responds to your August 14 Freedom of Information Act (FOIA) request to the Office of Inspector General (OIG) for any and all reports and/or audits prepared, received, transmitted, collected, and/or maintained by the OIG in accordance with the Cyber Information Sharing Act of 2015 (CISA) between December 1, 2015, and today’s date.

The OIG’s Office of General Counsel reviewed CISA and concluded that it does not apply to the Postal Service or the OIG. CISA defines “agency” as “any executive department, military department, Government corporation, Government controlled corporation, or other establishment in the executive branch of the Government (including the Executive Office of the President), or any independent regulatory agency.” 44 U.S.C. § 3502(1).

“Covered agency” Inspectors General are directed to submit CISA implementation reports and privacy impact data to Congress. The Postal Service is not a covered agency, and thus, the OIG is not required to collect or submit that information to Congress. A search of our Office of Audit database found no records voluntarily created in response to CISA.

While CISA’s definition of “agency” does not include the Postal Service, the Postal Regulatory Commission is an “independent agency” under the Act’s definition. Accordingly, you may wish to direct a copy of your request to the Postal Regulatory Commission, if you have not already done so, as it may be a repository for additional records, if any exist. Please contact their FOIA office at:

PRC FOIA and Privacy Act Information
901 New York Avenue, NW
Suite 200
Washington, DC 20268

Inasmuch as the OIG has no responsive records, we consider our work on your request complete and I am closing your file in this office.


Kathy Kikel

Government Information Analyst


There are no files associated with this request.