NSA INFOSEC Special Test File

Heather Akers-Healy filed this request with the National Security Agency of the United States of America.
Tracking #




From: Heather Akers-Healy

To Whom It May Concern:

This is a request under the Freedom of Information Act. I hereby request the following records:

Copies of the INFOSEC Special Test File from the last 5 years, if available. This file is mentioned in the recently released Information Assurance Records Disposition Schedule dated October 29, 2013 (p.32). If there are issues with releasing the whole of the file, I am seeking in particular the documents relating to contract data and correspondence.

I also request that, if appropriate, fees be waived as I am making this request in the public interest, and as a member of the news media. I am a trained paralegal with a background in legal research and contract analysis. I have established a project at MuckRock looking into the activities of the NSA and other intelligence agencies. Despite the short time I have been making and publishing requests through MuckRock, this project has garnered international media attention and was written up in Forbes. (http://www.forbes.com/sites/runasandvik/2013/11/26/illuminating-the-united-states-billion-dollar-intelligence-budget-project-spylighter-documents-surveillance-technology-used-by-the-nsa/) The Forbes article was covered in several other media outlets, and even reported in Spanish. (http://www.desdeabajo.info/actualidad/internacional/item/23165-spylighter-documenta-la-compra-de-tecnolog%C3%ADa-de-vigilancia-masiva-por-parte-de-la-nsa.html) I have an ongoing relationship with Runa Sandvik, a well-known journalist and technologist who wrote the article at Forbes.

I have also written at other media outlets about documents received from previous FOIA requests (http://www.occupy.com/article/why-we-need-whistleblowers).

All documents released to MuckRock are published on the MuckRock website. The documents are not merely posted, but analyzed by journalists at MuckRock and media outlets around the world. MuckRock has over 1,000 active users and tens of thousands of readers. An incomplete list of outlets reporting news broken at MuckRock can be found here:

My first successful request to the NSA for contracts with Vupen was widely reported. There was significant interest in the fact that the NSA was purchasing exploits services from a foreign contractor. A few examples of press regarding that release are below:

Threatpost: http://threatpost.com/nsa-bought-exploit-service-from-vupen-contract-shows

Gawker: http://gawker.com/nsa-paid-french-hackers-for-software-exploits-1341604032

The Register: http://www.theregister.co.uk/2013/09/17/nsa_vupen/

Information Week: http://www.informationweek.com/security/government/nsa-contracted-with-zero-day-vendor-vupe/240161389

Computing: http://www.computing.co.uk/ctg/news/2295155/nsa-bought-zero-day-vulnerabilities-from-security-company-vupen

RT: http://rt.com/usa/nsa-vupen-exploit-hack-978/
Mashable: http://mashable.com/2013/09/17/nsa-french-hacking-tools-vupen/

The Hacker News: http://thehackernews.com/2013/09/nsa-bought-hacking-tools-from-vupen.html
The Daily Dot: http://www.dailydot.com/politics/nsa-malware-vupen/

Spiegel: http://www.spiegel.de/netzwelt/netzpolitik/nsa-kauft-infos-ueber-sicherheitsluecken-von-vupen-a-922765.html

The information sought does contribute to the public understanding and is in the public interest. With the publishing of the Snowden materials and the surrounding media coverage, the past few months have demonstrated a significant increase in the public’s interest in the activities of the NSA and other intelligence agencies. It benefits the public to understand how our money is being spent, and the relationship of agencies to their private commercial contractors.

In the event that fees cannot be waived, I would be grateful if you would inform me of the total charges in advance of fulfilling my request. I would prefer the request filled electronically, by e-mail attachment if available or CD-ROM if not.

Thank you in advance for your anticipated cooperation in this matter. I look forward to receiving your response to this request within 20 business days, as the statute requires.


Heather Akers-Healy

From: foiarsc, foiarsc

Hello Heather,

You recently submitted (2) FOIA requests for "INFOSEC" files related to the Records Disposition Schedules (RDS) that we posted on www.NSA.gov<http://www.NSA.gov>. Both cases are currently on-hold until we hear back from you.

Please contact me at your earliest convenience so that we can discuss these requests, and I can explain a bit more about the RDS documents.

Cindy Blacker
Initial Processing Chief

From: Heather Akers-Healy

This followup response is in regards to two FOIA requests I submitted on April 29, 2014. As I stated in those requests I am seeking everything contained in INFOSEC Special Test File 428-02 and everything contained in the INFOSEC Product Endorsement file 405-04. It's my understanding from a phone conversation with Cindy Blacker that these files may not be physical files but instead a filing and disposition designation. If this is the case I would like to request all documents marked as either 428-02 or 405-04.

I would like to remind the NSA of my repeated requests for a fee waiver as I am part of the media, I'm making these requests in the public interest, and I plan to write about the documents I receive. A more complete request for a waiver is attached to each of the FOIA requests referenced above.

Thank you,
Heather Akers-Healy

From: foiarsc, foiarsc

Good Morning Heather,

Thank you for following up on your two requests submitted for "INFOSEC files". You are correct, the subject of your requests does not pertain to physical files, but instead a filing and disposition designation. As I stated in our phone conversation, files that are "marked" with an INFOSEC series number, or any disposition schedule, are not searchable by the RDS designator. My apologies in advance if I was not clear in our conversation. As stated in the RDS documents on our website, an RDS is a list of record types (or file series) with information on proper retention and/or destruction. The series number is not a physical label for a record, it is method to provide guidance. The record series numbers do not designate the office or organization that created the records, nor does it indicate where the document may be "today." It is merely a designation based on what the document pertains to, in general, not where it's filed.

We will be mailing our formal response to these two requests, along with the two requests you recently submitted for other RDS reports.

Cindy Blacker
NSA/CSS FOIA Requester Service Center

From: National Security Agency

The request has been rejected as being too vague, burdensome or otherwise unprocessable.

From: Heather Akers-Healy

NSA/CSS FOIA Appeal Authority (DJ4)
National Security Agency
9800 Savage Road STE 6248
Ft. George G. Meade, MD 20755-6248

July 7, 2014

To Whom it May Concern:

This is an appeal under the Freedom of Information Act.

On April 29, 2014 I requested documents under the Freedom of Information Act. My request was assigned the following identification number: 77722. On June 6, 2014, I received a rejection of my request in a letter signed by Pamela Phillips. I appeal the rejection of my request.

Thank you.

From: National Security Agency

A letter stating that the request appeal has been rejected.