NSA's INFOSEC Product Endorsement File

Heather Akers-Healy filed this request with the National Security Agency of the United States of America.
Tracking #




From: Heather Akers-Healy

To Whom It May Concern:

This is a request under the Freedom of Information Act. I hereby request the following records:

Copies of the INFOSEC Product Endorsement File from the last 5 years, if available. This file is mentioned in the recently declassified Information Assurance Records Disposition Schedule dated October 29, 2013 (p.10) and is associated with the CCEP program.

I also request that, if appropriate, fees be waived as I am making this request in the public interest, and as a member of the news media. I am a trained paralegal with a background in legal research and contract analysis. I have established a project at MuckRock looking into the activities of the NSA and other intelligence agencies. Despite the short time I have been making and publishing requests through MuckRock, this project has garnered international media attention and was written up in Forbes. (http://www.forbes.com/sites/runasandvik/2013/11/26/illuminating-the-united-states-billion-dollar-intelligence-budget-project-spylighter-documents-surveillance-technology-used-by-the-nsa/) The Forbes article was covered in several other media outlets, and even reported in Spanish. (http://www.desdeabajo.info/actualidad/internacional/item/23165-spylighter-documenta-la-compra-de-tecnolog%C3%ADa-de-vigilancia-masiva-por-parte-de-la-nsa.html) I have an ongoing relationship with Runa Sandvik, a well-known journalist and technologist who wrote the article at Forbes.

I have also written at other media outlets about documents received from previous FOIA requests (http://www.occupy.com/article/why-we-need-whistleblowers).

All documents released to MuckRock are published on the MuckRock website. The documents are not merely posted, but analyzed by journalists at MuckRock and media outlets around the world. MuckRock has over 1,000 active users and tens of thousands of readers. An incomplete list of outlets reporting news broken at MuckRock can be found here:

My first successful request to the NSA for contracts with Vupen was widely reported. There was significant interest in the fact that the NSA was purchasing exploits services from a foreign contractor. A few examples of press regarding that release are below:

Threatpost: http://threatpost.com/nsa-bought-exploit-service-from-vupen-contract-shows

Gawker: http://gawker.com/nsa-paid-french-hackers-for-software-exploits-1341604032

The Register: http://www.theregister.co.uk/2013/09/17/nsa_vupen/

Information Week: http://www.informationweek.com/security/government/nsa-contracted-with-zero-day-vendor-vupe/240161389
Computing: http://www.computing.co.uk/ctg/news/2295155/nsa-bought-zero-day-vulnerabilities-from-security-company-vupenSlate:http://www.slate.com/blogs/future_tense/2013/09/17/nsa_paid_french_hacker_company_vupen_for_software_exploits.html

RT: http://rt.com/usa/nsa-vupen-exploit-hack-978/
Mashable: http://mashable.com/2013/09/17/nsa-french-hacking-tools-vupen/
The Hacker News: http://thehackernews.com/2013/09/nsa-bought-hacking-tools-from-vupen.html
The Daily Dot: http://www.dailydot.com/politics/nsa-malware-vupen/
Spiegel: http://www.spiegel.de/netzwelt/netzpolitik/nsa-kauft-infos-ueber-sicherheitsluecken-von-vupen-a-922765.html

The information sought does contribute to the public understanding and is in the public interest. With the publishing of the Snowden materials and the surrounding media coverage, the past few months have demonstrated a significant increase in the public’s interest in the activities of the NSA and other intelligence agencies. It benefits the public to understand how our money is being spent, and the relationship of agencies to their private commercial contractors.

In the event that fees cannot be waived, I would be grateful if you would inform me of the total charges in advance of fulfilling my request. I would prefer the request filled electronically, by e-mail attachment if available or CD-ROM if not.

Thank you in advance for your anticipated cooperation in this matter. I look forward to receiving your response to this request within 20 business days, as the statute requires.


Heather Akers-Healy

From: MuckRock.com

To Whom It May Concern:

I wanted to follow up on the following Freedom of Information request, copied below, and originally submitted on April 29, 2014. Please let me know when I can expect to receive a response, or if further clarification is needed.

Thank you for your help.

From: National Security Agency

The request has been rejected as being too vague, burdensome or otherwise unprocessable.

From: Heather Akers-Healy

NSA/CSS FOIA Appeal Authority (DJ4)
National Security Agency
9800 Savage Road STE 6248
Ft. George G. Meade, MD 20755-6248

July 7, 2014

To Whom it May Concern:

This is an appeal under the Freedom of Information Act.

On April 29, 2014 I requested documents under the Freedom of Information Act. My request was assigned the following identification number: 77721. On June 6, 2014, I received a rejection of my request in a letter signed by Pamela Phillips. I appeal the rejection of my request.

Thank you.

From: National Security Agency

A letter stating that the request appeal has been rejected.