Sep 18 2017

TSA says it doesn’t know how to copy files

We’ve gotten used to delays, obstruction, and slander from TSA privacy and Freedom Of Information Act (FOIA) officers. Sometimes it’s hard to tell whether these result from incompetence, under-staffing, lack of diligence, mendacity, malice, or some combination of these and/or other factors.

The latest in these TSA FOIA follies is a letter we got last week from the TSA’s FOIA appeal officer, saying that the TSA doesn’t know how to copy computer files, and doesn’t know the names of any of the files on their computers or any other filesystem information or metadata about those files:

You assert that TSA should be able to reproduce digital files as bitwise copies. TSA does not maintain records in bitwise format nor can we produce records in such a format. Additionally,… the file or filesystem data or metadata from the raw format of the records are not available.

Where does this nonsense come from? Do the officials making these statements really believe them, or expect us to?

Four years ago, we requested the TSA’s records related to the kangaroo-court administrative proceedings against “Naked American HeroJohn Brennan.

Because the law prohibits “interference” with “screening”, but no law or regulation defines “interference” or “screening”, the only way for travelers to know what they are or aren’t required or forbidden to do or say at TSA checkpoints is to study the administrative records of fines imposed on people such as Mr. Brennan.

We recorded and posted audio of the administrative hearing in Mr. Brennan’s case, but we also wanted to be able to be able to post the TSA’s complaint and other records showing what actions by travelers the TSA thinks should be subject to administrative fine. So we asked for the complete administrative record.

As we pointed out in our appeal of the TSA’s incomplete, munged, and years-late response to our request:

Since the 1996 FOIA amendments, the FOIA statute has required that, “In making any record available to a person under this paragraph, an agency shall provide the record in any form or format requested by the person if the record is readily reproducible by the agency in that form or format.” (5 U.S.C. § 552(f)(2), effective March 31, 1997)….

During the many years that this request was pending, we repeatedly informed the succession of TSA staff to whom it was assigned that we wished to receive access to any copies of all responsive records in their original form.

In one e-mail message to the FOIA analyst we had been told was processing this request, and to the FOIA Officer, for example, we wrote, “I reiterate our previous request to you and to … the FOIA Officer that access to and copies of all non-exempt records responsive to any of our pending requests, including these, be provided in electronic form, *and* that records held in electronic form be produced in the exact form in which they are held, i.e. as bitwise digital copies of the responsive electronic records, including all metadata, as found on agency (or contractor) servers, workstations, backup or archival tapes, or other digital storage devices or media. This applies to electronic records held in the form of e-mail message or mailbox files, spreadsheet files, word processing document files, ‘portable document format’ (PDF) files, or any other digital format.”

We also noted that the responsive records included all file content and filesystem metadata for the responsive files, including

  1. The filename of each responsive digital record, as it was found on an agency or contractor workstation, server, storage device, or media.
  2. The size of each such file in bytes, KB, MB, or GB.
  3. The workstation, server, storage device, or media on which the file was found, and the path to the file in the filesystem on which it was found.
  4. The file date(s) as recorded in the file and/or in that filesystem.

Eventually the TSA sent us a CD of PDF files of page-view images of some of the data containing the responsive files. But that wasn’t what we had asked for. As we explained in our appeal:

The TSA appears to have gone through an elaborate multi-step munging process to create new and less-useful derivative files which it has substituted — without explanation or excuse or any claim of legal justification — for the original records.

First the responsive records — which appear to have consisted originally of some combination of text or word processor files and spreadsheet, database, and/or word-processing document tables — were viewed in an application program, and images of page views are captured. Then those images were redacted with some sort of image editing software. Finally the redacted images were pasted into newly-created PDF files. It’s impossible to tell which pages of the PDFs correspond to which original files.

The files (typically ASCII text files) in which e-mail messages are sent, received, and stored include, for example, extensive header data, including complete address data (“Jane.Doe@agency.department.gov”), while the “default” view in many e-mail clients shows only a “friendly” name (“Jane Doe”) and hides most of the headers. Most e-mail clients, and any text editor, can display the full headers and raw “message source” data. But the TSA FOIA office has chosen to generate or use more limited messages views.

Independently of the per se violation of the statutory requirement to produce responsive records in the requested format, this process results in de facto redaction and withholding of those portions of the informational content of the responsive records that aren’t included in the “page-view” images.

No exemption was claimed as a basis for these unlawful de facto redactions….

No information whatsoever was provided as to the names or other file or other filesystem data associated with the responsive digital records in agency filesystems. This data was explicitly requested, and would in any case be included in the request for records “pertaining to” otherwise responsive records.

So we filed an administrative appeal within the TSA:

The TSA has claimed that its standard procedures for processing responsive records and redacting exempt portions involve converting all text or other digital files to image files, and embedding them in new PDFs.

But this is irrelevant to the statutory obligation of the agency. The statute requires the production of a record in the requested format “if the record is readily reproducible by the agency in that form or format.” (emphasis added) There can be no plausible argument that the TSA is not readily able to reproduce digital files as bitwise copies.

The requirement to produce records in any format in which they can readily be reproduced predates the TSA’s existence. The TSA has had ample opportunity to develop procedures and acquire and learn how to use tools to enable it to comply – and if it has not chosen to do so, that is no excuse for noncompliance with FOIA requirements.

The argument that an agency can deliberately choose, for more than 20 years, not to acquire or learn how to use readily-available software (including free, open-source software) capable of editing and reproducing file formats such as the ASCI text files in which e-mail is sent, received, and stored, and can use its own (self-imposed) lack of implementation or lack of knowledge of how to use such software as an excuse not to disclose records or portions of records maintained in those formats, would create a loophole which would swallow FOIA for those categories of information.

In a denying our administrative appeal, the TSA merely repeated the same claim it had made before:

The TSA FOIA office uses a DHS web-based application to manage the… processing and production of responsive records. This system processes all records in a PDF format. Therefore, the records are only reproducible by the TSA in a PDF format.

Why does the TSA think they can get away with these preposterous claims? The answer is, sadly, simple: Because most people whose rights are violated, including violations by Federal agencies that don’t comply with FOIA, can’t afford to sue the government.

Other agencies have been ordered by the courts to produce records in native digital formats, including filesystem data and metadata. But nobody has sued the TSA yet on this exact issue. Until someone does, the TSA will continue to ignore this law. If any FOIA attorneys reading this are interested in litigating this issue for us, please get in touch.

 

One thought on “TSA says it doesn’t know how to copy files

Leave a Reply

Your email address will not be published. Required fields are marked *