[A “complete” response from DHS to a FOIA request, with “no deletions”. Click image for larger version.]

A Freedom of Information Act request we made to the Department of Homeland Security hasn’t told us much about what we asked about, but has given us an object lesson in how the DHS practices “transparency”.

An August 2015 document posted on the DHS.gov website revealed that the DHS is systematically collecting data on how many people have been denied access to Federal facilities because they were unable or unwilling to show ID credentials deemed to “comply” with the REAL-ID Act:

Your agency should also have a process for recording the number of encounters of individuals presenting driver’s licenses from noncompliant states for purpose of accessing Federal facilities. This data should be sent monthly to DHS (OSIIS@hq.dhs.gov) for collection no later than the tenth day of each month. DHS will use this data to evaluate the impact of REAL ID enforcement on the public. See Appendix E for a sample report template.

In January of 2016, we submitted a FOIA request to the DHS to the DHS for these reports.  Five months later, after repeated follow-up inquiries, we finally received this mockery of a “response”. It was dated in May, but we didn’t receive it until June, because it was sent to a mis-typed email address and our repeated email and voicemail messages requesting information on the status of the request were ignored. Our request was submitted by email, so it’s not clear why the address on the response was retyped rather than being sent as a “reply” to our message.  But that’s the least of the problems with the DHS response to our request.

Part of our request was for, “all records of or pertaining to individuals presenting driver’s licenses that are or were not considered compliant, or from states or territories that are or were not considered compliant, with the REAL-ID Act of 2005, for purpose of accessing Federal facilities and/or passing through checkpoints at airports or elsewhere, including any records of the numbers of such individuals, statistical or descriptive records pertaining to such incidents, email messages pertaining to such incidents or reports, and any instructions regarding handling and/or reporting of such incidents.”

Our request included, “any responsive records of the DHS or any DHS component agency identifiable as having, or likely to have, responsive records, including any email messages or other communications within the DHS and any of its components or between the DHS or DHS components and other agencies, departments, contractors, … or other parties…. in the original electronic form in which they are held on workstations, servers, and/or backup, archival, or other storage media or devices, as complete bitwise digital copies of the original email message files, spreadsheet files, word processor document files, PDF files, or other electronic files, including any file names, file headers, embedded metadata, file system information, and all other file content.”

A second part of our request was for records related to the legal justification, if any, for denial of access to buildings or denial of transportation. There’s no indication that the FOIA office conducted any search at all for these records, but in any case, none were produced. It’s hard to believe that there are no records of any discussion within DHS of its leagal authority for its actions — and if that’s really true, it’s a profound indictment of the agency’s unconcern for the law.

The response to our request should have included both the email messages received at “OSIIS@hq.dhs.gov” (including any files attached to those messages) and any reports derived from them.  Instead, the DHS apparently created (or limited itself to) a cursory high-level summary of the reports, excluding any of the email messages or other source data.  This report appears to have been a spreadsheet or word processor table, but it wasn’t provided to us in that format. Instead, it was viewed in a spreadsheet or word processor application, and captured as screen or “page-view” images. Each image was then edited to redact almost all of its content as “nonresponsive”, as shown in the image above — despite our request for “complete” files, which by its plain terms made anything contained in the same file “responsive” to our request. The edited images were then pasted into a new PDF file.

What part of  our request for “complete bitwise digital copies of the original … files” didn’t they understand?

The PDF file of redacted images of portions of the data in the report summary spreadsheet or table was then sent to the wrong email address — not the one in the request, and from which the request had been received — with a lying cover letter claiming that, “The documents are enclosed in their entirety; DHS has claimed no deletions or exemptions.” These “documents” (actually digital files) obviously weren’t enclosed in their entirety, but with most of their content whited out.

No, DHS hadn’t “claimed” any deletions or exemptions — the agency simply made deletions without any basis in FOIA exemptions or any other portion of the law, which provides that records must be provided “in any form or format requested by the person if the record is readily reproducible by the agency in that form or format.” It is beyond argument that digital files are readily reproducible as bitwise copies.

All of these shenanigans are, sadly, representative of what we have found to be standard operating procedure throughout the DHS, even when they aren’t exhibiting actual malice toward particularly disfavored FOIA requesters like us.

We’ve followed up with the DHS FOIA office. They’ve claimed, implausibly, that they thought we only wanted the high-level reports and not the email messages or other supporting data (“all records … pertaining to…”) that we explicitly requested. They have provided no explanation or excuse for their elaborate and illegal multi-step munging and file-substitution process and failure to produce copies of, or allow access to, the records in their original form, or for their false claim of “no deletions” from their almost entirely redacted release.  They have, however, agreed to take a “second look” before we have to file a formal administrative appeal.