Go FOIA and multiply: Why the BAH contracts are just the start

Go FOIA and multiply: Why the BAH contracts are just the start

Even the DEA’s redacted Booz Allen contracts can be a goldmine

Written by
Edited by Shawn Musgrave

When we started our investigation of Booz Allen Hamilton, Edward Snowden’s former employer, back in March, MuckRock started with the basics: we asked more than 50 federal agencies for their contracts with the mega-contractor. And we’ve gotten thousands of pages back, more than we could possibly review ourselves.

As part of our call for MuckRock users to help pick apart the BAH documents, we figured it would be useful to give a better idea of just how we tackle reams of contracts.

The Drug Enforcement Agency, for example, released more than 400 pages of its contracts with Booz Allen Hamilton. Now, DEA’s Booz Allen Hamilton contracts in the last five years are heavily redacted and provide minimal insight into what exactly the agency is paying BAH to do. But MuckRock doesn’t take this as a dead-end. With a bit more sleuthing and the proper analytical mindset, even these blacked-out contracts can spawn further well-targeted inquiries.

Contracts often make particularly good starting points for more pointed requesting because they contain form language and descriptions of standard procedures, as well as reporting requirements for both parties. Below are some examples of how these simple, formulaic documents can illuminate the murky world of federal contracting, as well as guide some intriguing follow-up requests.

The agreement between the DEA and Booz Allen Hamilton (and, seemingly, all contractors with the agency) stipulates that if a contractor becomes aware of a data breach, they must immediately alert a Department of Justice contracting officer, or else call the DOJ’s emergency computer team if the breach occurs outside normal business hours.

Data security breach agreement

So MuckRock sent FOIAs to the DEA and DOJ in search of any data breach reports from BAH and all other contractors to the DOJ Computer Emergency Readiness Team since January 1, 2012.

And so it goes: from this standard contract reporting requirement, we already know something about contractors’ data security protocols, and have created two new FOIA requests to dig up more details.

The DEA’s Booz Allen Hamilton files include another key reporting requirement. Contractors are responsible for submitting weekly and quarterly progress reports throughout the contract period. DEA was kind enough to include a blank copy of the standard weekly report form.

DEA contractor weekly report

MuckRock filed two additional requests, one specific and one general, based off this information. We asked for copies of the weekly and quarterly reports filed by Booz Allen Hamilton for one specific contract involving work with the DEA’s El Paso Regional Intelligence Center, which was named in one of the more interesting contracts, and then for all weekly and quarterly reports filed with the DEA by Booz Allen Hamilton in the last five years.

If the broader request is delayed by backlogs or lengthy processing times, the targeted request may provide us with documents more quickly.

We’re still working through the DEA’s Booz Allen contracts, and hope these two examples have given a better idea of what we’re looking for. Let us know what you find!

Image via BoozAllen.com