home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Software Vault: The Gold Collection
/
Software Vault - The Gold Collection (American Databankers) (1993).ISO
/
cdr12
/
lnn0107.zip
/
LNN1.007
Wrap
Text File
|
1993-05-21
|
71KB
|
1,412 lines
▒▒▄ ▒▒▒▒▒▒▄ ▒▒▒▒▒▒▄ ▒▒▒▒▒▒▄ ▒▒▄ ▒▒▒▄▄ ▒▒▄ ▒▒▒▒▒▒▄ ▒▒▒▒▒▒▄
▒▒█ ▒▒█▀▀▀▀ ▒▒█▀▀▀▀ ▒▒█▀▒▒█ ▒▒█ ▒▒█▒▒█▒▒█ ▒▒█▀▀▀▀ ▀▒▒█▀▀
▒▒█ ▒▒▒▒▒▄ ▒▒█▒▒▒▄ ▒▒▒▒▒▒█ ▒▒█ ▒▒█ ▀▒▒▒█ ▒▒▒▒▒▄ ▒▒█
▒▒█ ▒▒█▀▀▀ ▒▒█ ▒▒█ ▒▒█ ▒▒█ ▒▒█ ▒▒█ ▒▒█ ▒▒█▀▀▀ ▒▒█
▒▒▒▒▒▒▄ ▒▒▒▒▒▒▄ ▒▒▒▒▒▒█ ▒▒█ ▒▒█ ▒▒▒▒▒▒▄ ▒▒█ ▒▒█ ▒▒▒▒▒▒▄ ▒▒█
▀▀▀▀▀▀ ▀▀▀▀▀▀ ▀▀▀▀▀▀ ▀▀ ▀▀ ▀▀▀▀▀▀ ▀▀ ▀▀ ▀▀▀▀▀▀ ▀▀
▒▒▒▄▄ ▒▒▄ ▒▒▒▒▒▒▄ ▒▒▄ ▒▒▄ ▒▒▒▒▒▒▄
▒▒█▒▒█▒▒█ ▒▒█▀▀▀▀ ▒▒█ ▒▒█ ▒▒█▀▀▀▀
▒▒█ ▀▒▒▒█ ▒▒▒▒▒▄ ▒▒█ ▒▒█ ▒▒▒▒▒▒▄
▒▒█ ▒▒█ ▒▒█▀▀▀ ▒▒█▒▒▄▒▒█ ▀▀▀▒▒█
▒▒█ ▒▒█ ▒▒▒▒▒▒▄ ▀▒▒▒▒█▀▀ ▒▒▒▒▒▒█
▀▀ ▀▀ ▀▀▀▀▀▀ ▀▀▀▀ ▀▀▀▀▀▀
Legal Net Newsletter
Volume 1, Issue 7 -- May 21, 1993
Legal Net Newsletter is dedicated to providing information
on the legal issues of computing and networking in the 1990's
and into the future.
The information contained in this newsletter is not to be
misconstrued as a bona fide legal document, nor is it to be taken
as an advocacy forum for topics discussed and presented herein.
The information contained within this newsletter has been
collected from several governmental institutions, computer
professionals and third party sources. Opinion and ideological
excerpts have been collected from many sources with prior approval.
"Legal Net News", "Legal Net Newsletter"
and the Legal Net News logo are
Copyright (c) 1993 Paul Ferguson -- All rights reserved.
This newsletter may be freely copied and distributed in its entirety.
Singular items contained within this newsletter may also be
freely copied and distributed, with the exception of
individual copyrighted items which appear with
the prior approval of the originating author.
Legal Net News can be found at the following locations:
Publicly Accessible BBS's
-------------------------
The SENTRY Net BBS Arlington Software Exchange
Centreville, Virginia USA Arlington, Virginia USA
+1-703-815-3244 +1-703-532-7143
To 9,600 bps To 9,600 bps
The Internet
------------
tstc.edu (161.109.128.2) Directory: /pub/legal-net-news
Login as ANONYMOUS and use your net ID (for example: fergp@sytex.com)
as the password. Or send e-mail to
postmaster@tstc.edu
E-mail submissions, comments and editorials to: fergp@sytex.com
- --
In this issue -
o Whit Diffie's Testimony Before the House Subcommittee on Science
o CPSR Fights Crypto Secrecy
o Requesting information under the Freedom of Information Act (FOIA)
- --
<extracted from RISKS Digest 14.61>
Date: Thu, 13 May 1993 at 14h15
From: whitfield.diffie@eng.sun.com
Subject: Testimony to Boucher's House Science Subcommittee, 11 May 1993
The Impact of a Secret Cryptographic Standard
on Encryption, Privacy, Law Enforcement
and Technology
Whitfield Diffie
Sun Microsystems
11 May 1993
I'd like to begin by expressing my thanks to Congressman Boucher, the
other members of the committee, and the committee staff for giving us the
opportunity to appear before the committee and express our views.
On Friday, the 16th of April, a sweeping new proposal for both the
promotion and control of cryptography was made public on the front page of the
New York Times and in press releases from the White House and other
organizations.
This proposal was to adopt a new cryptographic system as a federal
standard, but at the same time to keep the system's functioning secret. The
standard would call for the use of a tamper resistant chip, called Clipper,
and embody a `back door' that will allow the government to decrypt the traffic
for law enforcement and national security purposes.
So far, available information about the chip is minimal and to some extent
contradictory, but the essence appears to be this: When a Clipper chip
prepares to encrypt a message, it generates a short preliminary signal rather
candidly entitled the Law Enforcement Exploitation Field. Before another
Clipper chip will decrypt the message, this signal must be fed into it. The
Law Enforcement Exploitation Field or LEEF is tied to the key in use and the
two must match for decryption to be successful. The LEEF in turn, when
decrypted by a government held key that is unique to the chip, will reveal the
key used to encrypt the message.
The effect is very much like that of the little keyhole in the back of the
combination locks used on the lockers of school children. The children open
the locks with the combinations, which is supposed to keep the other children
out, but the teachers can always look in the lockers by using the key.
In the month that has elapsed since the announcement, we have studied the
Clipper chip proposal as carefully as the available information permits. We
conclude that such a proposal is at best premature and at worst will have a
damaging effect on both business security and civil rights without making any
improvement in law enforcement.
To give you some idea of the importance of the issues this raises, I'd
like to suggest that you think about what are the most essential security
mechanisms in your daily life and work. I believe you will realize that the
most important things any of you ever do by way of security have nothing to do
with guards, fences, badges, or safes. Far and away the most important
element of your security is that you recognize your family, your friends, and
your colleagues. Probably second to that is that you sign your signature,
which provides the people to whom you give letters, checks, or documents, with
a way of proving to third parties that you have said or promised something.
Finally you engage in private conversations, saying things to your loved ones,
your friends, or your staff that you do not wish to be overheard by anyone
else.
These three mechanisms lean heavily on the physical: face to face contact
between people or the exchange of written messages. At this moment in
history, however, we are transferring our medium of social interaction from
the physical to the electronic at a pace limited only by the development of
our technology. Many of us spend half the day on the telephone talking to
people we may visit in person at most a few times a year and the other half
exchanging electronic mail with people we never meet in person.
Communication security has traditionally been seen as an arcane security
technology of real concern only to the military and perhaps the banks and oil
companies. Viewed in light of the observations above, however, it is revealed
as nothing less than the transplantation of fundamental social mechanisms from
the world of face to face meetings and pen and ink communication into a world
of electronic mail, video conferences, electronic funds transfers, electronic
data interchange, and, in the not too distant future, digital money and
electronic voting.
No right of private conversation was enumerated in the constitution. I
don't suppose it occurred to anyone at the time that it could be prevented.
Now, however, we are on the verge of a world in which electronic communication
is both so good and so inexpensive that intimate business and personal
relationships will flourish between parties who can at most occasionally
afford the luxury of traveling to visit each other. If we do not accept the
right of these people to protect the privacy of their communication, we take a
long step in the direction of a world in which privacy will belong only to the
rich.
The import of this is clear: The decisions we make about communication
security today will determine the kind of society we live in tomorrow.
The objective of the administration's proposal can be simply
stated:
They want to provide a high level of security to their
friends, while being sure that the equipment cannot be
used to prevent them from spying on their enemies.
Within a command society like the military, a mechanism of this sort that
allows soldiers' communications to be protected from the enemy, but not
necessarily from the Inspector General, is an entirely natural objective. Its
imposition on a free society, however, is quite another matter.
Let us begin by examining the monitoring requirement and ask both whether
it is essential to future law enforcement and what measures would be required
to make it work as planned.
Eavesdropping, as its name reminds us, is not a new phenomenon. But in
spite of the fact that police and spies have been doing it for a long time, it
has acquired a whole new dimension since the invention of the telegraph.
Prior to electronic communication, it was a hit or miss affair. Postal
services as we know them today are a fairly new phenomenon and messages were
carried by a variety of couriers, travelers, and merchants. Sensitive
messages in particular, did not necessarily go by standardized channels. Paul
Revere, who is generally remembered for only one short ride, was the American
Revolution's courier, traveling routinely from Boston to Philadelphia with his
saddle bags full of political broadsides.
Even when a letter was intercepted, opened, and read, there was no
guarantee, despite some people's great skill with flaps and seals, that the
victim would not notice the intrusion.
The development of the telephone, telegraph, and radio have given the
spies a systematic way of intercepting messages. The telephone provides a
means of communication so effective and convenient that even people who are
aware of the danger routinely put aside their caution and use it to convey
sensitive information. Digital switching has helped eavesdroppers immensely
in automating their activities and made it possible for them to do their
listening a long way from the target with negligible chance of detection.
Police work was not born with the invention of wiretapping and at present
the significance of wiretaps as an investigative tool is quite limited. Even
if their phone calls were perfectly secure, criminals would still be
vulnerable to bugs in their offices, body wires on agents, betrayal by
co-conspirators who saw a brighter future in cooperating with the police, and
ordinary forensic inquiry.
Moreover, cryptography, even without intentional back doors, will no more
guarantee that a criminal's communications are secure than the Enigma
guaranteed that German communications were secure in World War II.
Traditionally, the richest source of success in communications intelligence is
the ubiquity of busts: failures to use the equipment correctly.
Even if the best cryptographic equipment we know how to build is available
to them, criminal communications will only be secure to the degree that the
criminals energetically pursue that goal. The question thus becomes, ``If
criminals energetically pursue secure communications, will a government
standard with a built in inspection port, stop them.
It goes without saying that unless unapproved cryptography is outlawed,
and probably even if it is, users bent on not having their communications read
by the state will implement their own encryption. If this requires them to
forgo a broad variety of approved products, it will be an expensive route
taken only by the dedicated, but this sacrifice does not appear to be
necessary.
The law enforcement function of the Clipper system, as it has been
described, is not difficult to bypass. Users who have faith in the secret
Skipjack algorithm and merely want to protect themselves from compromise via
the Law Enforcement Exploitation Field, need only encrypt that one item at the
start of transmission. In many systems, this would require very small changes
to supporting programs already present. This makes it likely that if Clipper
chips become as freely available as has been suggested, many products will
employ them in ways that defeat a major objective of the plan.
What then is the alternative? In order to guarantee that the government
can always read Clipper traffic when it feels the need, the construction of
equipment will have to be carefully controlled to prevent non-conforming
implementations. A major incentive that has been cited for industry to
implement products using the new standard is that these will be required for
communication with the government. If this strategy is successful, it is a
club that few manufacturers will be able to resist. The program therefore
threatens to bring communications manufacturers under an all encompassing
regulatory regime.
It is noteworthy that such a regime already exists to govern the
manufacture of equipment designed to protect `unclassified but sensitive'
government information, the application for which Clipper is to be mandated.
The program, called the Type II Commercial COMSEC Endorsement Program,
requires facility clearances, memoranda of agreement with NSA, and access to
secret `Functional Security Requirements Specifications.' Under this program
member companies submit designs to NSA and refine them in an iterative process
before they are approved for manufacture.
The rationale for this onerous procedure has always been, and with much
justification, that even though these manufacturers build equipment around
approved tamper resistant modules analogous to the Clipper chip, the equipment
must be carefully vetted to assure that it provides adequate security. One
requirement that would likely be imposed on conforming Clipper applications is
that they offer no alternative or additional encryption mechanisms.
Beyond the damaging effects that such regulation would have on innovation
in the communications and computer industries, we must also consider the fact
that the public cryptographic community has been the principal source of
innovation in cryptography. Despite NSA's undocumented claim to have
discovered public key cryptography, evidence suggests that, although they may
have been aware of the mathematics, they entirely failed to understand the
significance. The fact that public key is now widely used in government as
well as commercial cryptographic equipment is a consequence of the public
community being there to show the way.
Farsightedness continues to characterize public research in cryptography,
with steady progress toward acceptable schemes for digital money, electronic
voting, distributed contract negotiation, and other elements of the computer
mediated infrastructure of the future.
Even in the absence of a draconian regulatory framework, the effect of a
secret standard, available only in a tamper resistant chip, will be a profound
increase in the prices of many computing devices. Cryptography is often
embodied in microcode, mingled on chips with other functions, or implemented
in dedicated, but standard, microprocessors at a tiny fraction of the tens of
dollars per chip that Clipper is predicted to cost.
What will be the effect of giving one or a small number of companies a
monopoly on tamper resistant parts? Will there come a time, as occurred with
DES, when NSA wants the standard changed even though industry still finds it
adequate for many applications? If that occurs will industry have any
recourse but to do what it is told? And who will pay for the conversion?
One of the little noticed aspects of this proposal is the arrival of
tamper resistant chips in the commercial arena. Is this tamper resistant part
merely the precursor to many? Will the open competition to improve
semiconductor computing that has characterized the past twenty-years give way
to an era of trade secrecy? Is it perhaps tamper resistance technology rather
than cryptography that should be regulated?
Recent years have seen a succession of technological developments that
diminish the privacy available to the individual. Cameras watch us in the
stores, x-ray machines search us at the airport, magnetometers look to see
that we are not stealing from the merchants, and databases record our actions
and transactions. Among the gems of this invasion is the British Rafter
technology that enables observers to determine what station a radio or TV is
receiving. Except for the continuing but ineffectual controversy surrounding
databases, these technologies flourish without so much as talk of regulation.
Cryptography is perhaps alone in its promise to give us more privacy
rather than less, but here we are told that we should forgo this technical
benefit and accept a solution in which the government will retain the power to
intercept our ever more valuable and intimate communications and will allow
that power to be limited only by policy.
In discussion of the FBI's Digital Telephony Proposal --- which would have
required communication providers, at great expense to themselves, to build
eavesdropping into their switches --- it was continually emphasized that
wiretaps were an exceptional investigative measure only authorized when other
measures had failed. Absent was any sense that were the country to make the
proposed quarter billion dollar inventment in intercept equipment, courts
could hardly fail to accept the police argument that a wiretap would save the
people thousands of dollars over other options. As Don Cotter, at one time
director of Sandia National Laboratories, said in respect to military
strategy: ``Hardware makes policy.''
Law, technology, and economics are three central elements of society that
must all be kept in harmony if freedom is to be secure. An essential element
of that freedom is the right to privacy, a right that cannot be expected to
stand against unremitting technological attack. Where technology has the
capacity to support individual rights, we must enlist that support rather than
rejecting it on the grounds that rights can be abused by criminals. If we put
the desires of the police ahead of the rights of the citizens often enough, we
will shortly find that we are living in police state. We must instead assure
that the rights recognized by law are supported rather than undermined by
technology.
At NSA they believe in something they call `security in depth.' Their
most valuable secret may lie encrypted on a tamper resistant chip, inside a
safe, within a locked office, in a guarded building, surrounded by barbed
wire, on a military base. I submit to you that the most valuable secret in
the world is the secret of democracy; that technology and policy should go
hand in hand in guarding that secret; that it must be protected by security in
depth.
Recommendations
There is a crying need for improved security in American communication and
computing equipment and the Administration is largely correct when it blames
the problem on a lack of standards. One essential standard that is missing is
a more secure conventional algorithm to replace DES, an area of cryptography
in which NSA's expertise is probably second to none.
I urge the committee to take what is good in the
Administration's proposal and reject what is bad. \begdis
o The Skipjack algorithm and every other aspect of this proposal
should be made public, not only to expose them to public
scrutiny but to guarantee that once made available as
standards they will not be prematurely withdrawn.
Configuration control techniques pioneered by the public
community can be used to verify that some pieces of equipment
conform to government standards stricter than the commercial
where that is appropriate.
o I likewise urge the committee to recognize that the right
to private conversation must not be sacrificed as we move
into a telecommunicated world and reject the Law Enforcement
Exploitation Function and the draconian regulation that would
necessarily come with it.
o I further urge the committee to press the Administration
to accept the need for a sound international security
technology appropriate to the increasingly international
character of the world's economy.
- --
From: Dave Banisar <Banisar@washofc.cpsr.org>
Subject: CPSR Fights Crypto Secrecy (long)
Organization: CPSR, Civil Liberties and Computing Project
Date: Tue, 18 May 1993 21:49:02 GMT
Computer Professionals for Social Responsibility (CPSR) today
filed its brief in federal district court in Washington, DC,
challenging the NSA classification of information concerning
the development of the digital signature standard (DSS). An
abbreviated version of CPSR's brief is reprinted below. All
footnotes and certain citations have been omitted.
For information concerning CPSR's litigation activities, contact:
David Sobel, CPSR Legal Counsel <dsobel@washofc.cpsr.org>
For information concerning CPSR generally, contact:
<cpsr@csli.stanford.edu>
=============================================================
UNITED STATES DISTRICT COURT
FOR THE DISTRICT OF COLUMBIA
COMPUTER PROFESSIONALS FOR )
SOCIAL RESPONSIBILITY, )
)
Plaintiff, )
)
v. ) C.A. 92-0972-RCL
)
NATIONAL INSTITUTE OF STANDARDS )
AND TECHNOLOGY, et al., )
)
Defendants. )
____________________________________)
PLAINTIFF'S MEMORANDUM IN OPPOSITION TO
DEFENDANT'S MOTION FOR SUMMARY JUDGMENT AND IN SUPPORT OF
PLAINTIFF'S CROSS-MOTION FOR PARTIAL SUMMARY JUDGMENT
Plaintiff filed this action on April 22, 1992, seeking the
disclosure of documents withheld by defendants under the Freedom
of Information Act ("FOIA"), 5 U.S.C. Sec. 552. Defendants were
granted a stay in proceedings to allow the National Security
Agency ("NSA") to review the disputed documents. Now defendants
-- largely on behalf of NSA -- have moved for summary judgment and
asked the Court to sustain their withholding of a substantial
portion of the requested information. Plaintiff opposes the
government's motion and cross-moves for partial summary judgment.
Background
In August 1991, plaintiff submitted a FOIA request to
defendant National Institute of Standards and Technology ("NIST"),
seeking copies of "all documentation and research materials" used
or developed by NIST during its selection of a proposed digital
signature standard.
The Digital Signature Standard
A digital signature is the result of a cryptographic process.
It provides a means of authenticating the integrity of
electronically transmitted data and the identity of the sender,
much as a hand-written signature verifies the authenticity of a
paper record. On August 30, 1991, NIST announced its selection of
a proposed digital signature standard ("DSS") that would be
"applicable to all federal departments and agencies for the
protection of unclassified information," and would be "intended
for use in electronic mail, electronic funds transfer, electronic
data interchange, software distribution, data storage, and other
applications which require data integrity assurance and data
origin authentication." 56 Fed. Reg. 42981 (August 30, 1991).
In its Federal Register notice, NIST stated that it had
selected the DSS after evaluating several alternatives and that
the agency had "followed the mandate contained in section 2 of the
Computer Security Act of 1987 that NIST develop standards and
guidelines to ' ... assure the cost-effective security and privacy
of sensitive information in Federal systems.'"
The reference to the Computer Security Act, P.L. 100-235, was
significant because, in enacting the statute, Congress sought to
vest civilian computer security authority in NIST and to limit the
role of NSA. The legislation was passed in reaction to National
Security Decision Directive ("NSDD") 145, which President Reagan
issued in 1984. The Presidential directive sought to grant NSA
new powers to issue policies and develop standards for "the
safeguarding of not only classified information, but also other
information in the civilian agencies and private sector." H. Rep.
No. 153 (Part 2), 100th Cong., 1st Sess. 6 (1987).
Concerns About NSA's Role
The House Report on the Computer Security Act notes that NSDD
145 "raised considerable concern within the private sector and the
Congress." Id. One of the principal objections to the directive
was that
it gave NSA the authority to use its considerable
foreign intelligence expertise within this country.
This is particularly troubling since NSA was not created
by Congress, but by a secret presidential directive and
it has, on occasion, improperly targeted American
citizens for surveillance.
Id. at 6-7; see also The National Security Agency and Fourth
Amendment Rights, Hearings Before the Senate Select Committee to
Study Governmental Operations with Respect to Intelligence
Activities, 94th Cong., 1st Sess. 2 (1975) (Congress has a
"particular obligation to examine the NSA, in light of its
tremendous potential for abuse. ... The danger lies in the ability
of NSA to turn its awesome technology against domestic
communications") (Statement of Sen. Church).
When Congress enacted the Computer Security Act, it also
expressed particular concern that NSA, a secretive military
intelligence agency, would improperly limit public access to
information concerning civilian computer security activities.
H. Rep. No. 153 (Part 2), 100th Cong., 1st Sess. 21 (1987). The
House Report notes that NSA's
natural tendency to restrict and even deny access to
information that it deems important would disqualify
that agency from being put in charge of the protection
of non-national security information in the view of many
officials in the civilian agencies and the private
sector.
Id.
To alleviate these concerns, Congress granted sole authority
to the National Bureau of Standards (now NIST) to establish
technical standards for civilian computer security. During
Congress' consideration of the legislation, "NSA opposed its
passage and asserted that NSA should be in control of this
nation's computer standards program." Id. at 7. Congress
forthrightly rejected NSA's position, noting that
[t]he proposals would have charged NSA with the task of
developing "technical guidelines," and forced [NIST] to
use these guidelines in issuing standards.
Since work on technical security standards
represents virtually all of the research effort being
done today, NSA would take over virtually the entire
computer standards [program] from [NIST]. [NIST], in
effect, would on the surface be given the responsibility
for the computer standards program with little to say
about most of the program -- the technical guidelines
developed by NSA.
This would jeopardize the entire Federal standards
program.
Id. at 25-26.
NIST's Response to Plaintiff's FOIA Request
Since the enactment of the Computer Security Act, plaintiff
has sought to monitor the agencies' compliance with its
provisions. In keeping with those efforts, plaintiff requested
relevant information from NIST concerning its development of the
DSS -- the agency's first proposed computer security standard
since passage of the legislation.
In response to plaintiff's FOIA request, defendant NIST
initially withheld all responsive documents. The agency claimed
that the material was "advisory and predecisional in nature," and
that "some of the materials pertain to pending patent
applications." NIST made no reference to NSA or any other agency,
despite Commerce Department regulations providing for the prompt
referral of documents to other interested agencies and
notification to the requester of such referral.
Plaintiff appealed NIST's decision to defendant Department of
Commerce on October 1, 1991, but did not receive a determination
of the appeal until June 22, 1992 -- two months after the filing
of this action. For the first time, defendants acknowledged that
documents responsive to plaintiff's request originated at, or
related to, the National Security Agency. Then, in support of
their motion to stay proceedings, defendants revealed that the
vast majority of responsive documents fell within the disclosure
authority of NSA; 142 pages were within NIST's jurisdiction while
1,138 pages were under the control of NSA.
NSA's Role in Developing the DSS
As the foregoing demonstrates, defendants initially sought to
conceal NSA's involvement in developing the proposed DSS. The
Federal Register announcement of the proposed standard made no
mention of NSA, and the fact that the vast majority of relevant
documents was under the control of NSA was not disclosed until
after the initiation of this litigation. On April 22, 1993 (the
day defendants filed their summary judgment motion), NIST released
to plaintiff a number of documents that provide more insight into
the role NSA played in the development process.
The documents -- released in heavily redacted form at NSA's
behest -- suggest that NSA dictated the selection of the digital
signature standard in contravention of Congress' clear intent, as
described above. For instance, a document dated March 26, 1990,
states that NSA provided NIST with two documents during an inter-
agency working group meeting.
The first, classified CONFIDENTIAL, contained NSA's
proposal to NIST containing a cryptographic algorithm
and a hashing function which can be used as bases for an
unclassified standard for digital signatures used by the
U.S. Government. ...
The second document, classified TOP SECRET CODEWORD, was
a position paper which discussed reasons for the
selection of the algorithms identified in the first
document. This document is available at NSA for review
by properly cleared senior NIST officials.
This material suggests that the development process may have
become precisely what Congress sought to avoid when it rejected
NSA's legislative proposal that "[NIST], in effect, would on the
surface be given the responsibility for the computer standards
program with little to say about most of the program -- the
technical guidelines developed by NSA." H. Rep. No. 153 (Part 2),
100th Cong., 1st Sess. 26 (1987).
There is substantial public interest in the emerging issues
surrounding civilian cryptography, generally, and in these
documents, specifically. The New York Times recently reported on
the information plaintiff has obtained through this litigation and
highlighted the issue of whether NSA is acting in compliance with
the Computer Security Act. Markoff, U.S. as Big Brother of
Computer Age, New York Times, May 6, 1993, at D1. See also
Directive Issued to Create New Classification Order, Access
Reports, May 12, 1993, at 1-3 ("the records released to CPSR tend
to make the case that the NSA has continued to play a dominant
role [in civilian computer security]"). As we discuss below, the
public interest in this material likely has a direct (and
improper) bearing upon defendants' reluctance to disclose it.
ARGUMENT
As the Supreme Court has recognized, "[t]he basic purpose of
[the] FOIA is to ensure an informed citizenry, vital to the
functioning of a democratic society, needed to check against
corruption and to hold the governors accountable to the governed."
NLRB v. Robbins Tire & Rubber Co., 437 U.S. 214, 242 (1978). More
recently, the Court emphasized that "[o]fficial information that
sheds light on an agency's performance of its statutory duties
falls squarely within that statutory purpose." Department of
Justice v. Reporters Committee for Freedom of the Press, 489 U.S.
749, 773 (1989). The basic principles underlying the FOIA are
clearly implicated here, where the disputed documents shed light
upon an inter-agency relationship Congress expressly sought to
regulate through the Computer Security Act.
I. EXEMPTION 1 HAS BEEN IMPROPERLY ASSERTED IN THIS CASE
Defendants seek to withhold "NSA information" contained in 14
documents under Exemption 1 on the ground that the material is
"properly classified" under the substantive standards of Executive
Order ("EO") 12356. The exemption applies to records that are
"specifically authorized under criteria established by an
Executive order to be kept secret in the interest of national
defense or foreign policy and ... are in fact properly classified
pursuant to such Executive order." 5 U.S.C. Sec. 552(b)(1).
Defendants bear the burden of demonstrating that the information
is "in fact properly classified pursuant to" both procedural and
substantive criteria contained in the Executive Order. Goldberg
v. Department of State, 818 F.2d 71, 77 (D.C. Cir. 1987); Lesar v.
Department of Justice, 636 F.2d 472, 483 (D.C. Cir. 1980).
Under the facts of this case, the Court must determine
whether it is "proper" for information to be classified under
circumstances in which Congress expressly intended that it would
not be. As plaintiff has shown, one of Congress' primary reasons
for placing civilian computer security authority with NIST was its
belief that NSA's "natural tendency to restrict and even deny
access to information that it deems important would disqualify
that agency from being put in charge of the protection of non-
national security information." H. Rep. No. 153 (Part 2), 100th
Cong., 1st Sess. 21 (1987). The evil Congress sought to prevent
-- the classification of information relating to the development
of civilian security standards -- has occurred in this case. Such
a direct contravention of congressional intent cannot be deemed
"proper" within the meaning of Exemption 1.
The propriety of the classification under the express terms
of EO 12356 is also highly questionable in this case. The Order
provides that "[i]n no case shall information be classified in
order to conceal violations of law ... [or] to prevent embarrass-
ment to a person, organization or agency ...." EO 12356, 3 C.F.R.
166 (1983), reprinted in 50 U.S.C. Sec. 401 note (1988), at Sec.
1.6(a). This prohibition is clearly relevant here, where the
withheld material relates to an inter-agency relationship that:
1) NSA opposed during congressional consideration
of the Computer Security Act;
2) Congress established over the objection of NSA,
rejecting proposals that NIST only be given
authority "on the surface" for security
standards; and
3) has generated public interest amid indications
that NSA might, in fact, be acting as the de
facto final authority on civilian computer
security standards.
Under such circumstances, the Court cannot foreclose the
possibility that relevant information has been classified and
withheld from disclosure for the improper purpose of "conceal[ing]
violations of law ... [or] to prevent embarrassment." Indeed, as
the record demonstrates, information concerning NSA's role in the
development of the DSS has been only grudgingly (and belatedly)
disclosed as this proceeding has unfolded.
II. EXEMPTION 3 HAS BEEN IMPROPERLY INVOKED IN THIS CASE
The Court's analysis of defendants' claims under Exemption 3
will necessarily be similar to its analysis of the Exemption 1
claims. Defendants once again cite "national security" concerns
and seek to withhold the same 14 documents that are classified.
Again, the Court must consider the propriety of secrecy claims
growing out of an activity that Congress expressly intended would
be open to public scrutiny.
First, defendants invoke Section 6 of Public Law No. 86-36,
50 U.S.C. Sec. 402 note, to withhold information that pertains to
"NSA's INFOSEC-related capabilities, the features of certain
algorithms considered for use in the digital signature standard
evaluation process, ... and the specific national security
considerations that were implicated by the DSS evaluation
process." Def. Mem. at 13 (footnote omitted).
While Section 6 does qualify as a "statute" within the
meaning of Exemption 3, its application is not as sweeping as
defendants suggest. In Hayden v. National Security Agency, 608
F.2d 1381, 1389 (D.C. Cir. 1979), the D.C. Circuit held that only
where a particular NSA "function or activity is authorized by
statute and not otherwise unlawful" will "NSA materials integrally
related to that function or activity fall within Public Law No.
86-36 and Exemption 3." (emphasis added). Thus, like EO 12356's
prohibition against the classification of information to conceal
violations of law, application of Section 6 requires the Court to
consider the propriety of the "function" or "activity" that is
being protected.
The fact that Section 6 authorizes NSA to exercise discretion
in withholding or disclosing information in no way negates the
Court's obligation to review the agency's determination de novo.
"Congress made no provision in FOIA for a lower standard of review
in [Exemption 3] cases; instead, review was expressly made de novo
under all the exemptions in [the Act]." Long v. Internal Revenue
Service, 742 F.2d 1173, 1182 (9th Cir. 1984). Such review "better
serve[s] the congressional purpose of assuring that any particular
nondisclosure decision was the product of legislative rather than
executive judgment." Id.
Defendants also invoke 18 U.S.C. Sec. 798, a criminal statute
prohibiting the disclosure of "any classified information"
concerning cryptography. Once again, in applying this provision,
the Court must consider whether the material is properly
classified under the terms of the Executive Order. Seeking to
avoid such scrutiny, defendants assert that "[u]nder Sec. 798, the
propriety of the classification is irrelevant." Def. Mem. at 16
n.12, citing United States v. Boyce, 594 F.2d 1246, 1251 (9th
Cir.), cert. denied, 444 U.S. 855 (1979). Boyce, however involved
a criminal prosecution and does not stand for the proposition that
the statute bars disclosure under FOIA if the Court finds that the
material is not properly classified.
In short, application of both Public Law No. 86-36 and 18
U.S.C. Sec. 798 requires consideration of the underlying NSA
activity at issue in this case (development of the digital
signature standard) and a determination of whether that activity
is proper under the Computer Security Act.
* * *
[Material relating to other exemption claims deleted]
* * *
CONCLUSION
For the foregoing reasons, defendants' motion for summary
judgment should be denied and plaintiff's motion for partial
summary judgment should be granted.
- --
FOIA FILES KIT - INSTRUCTIONS
USING THE FREEDOM OF INFORMATION ACT
REVISED EDITION
Fund for Open Information and Accountability, Inc.
339 Lafayette Street, New York, NY 10012
(212) 477-3188
INSTRUCTIONS
The Freedom of Information Act entitles you to request any
record maintained by a federal Executive branch agency. The
agency must release the requested material unless it falls into
one of nine exempt categories, such as "national security,"
"privacy," "confidential source" and the like, in which case the
agency may but is not compelled to refuse to disclose the
records.
This kit contains all the material needed to make FOIA
requests for records on an individual, an organization or on a
particular subject matter or event.
HOW TO MAKE A COMPLETE REQUEST
Step 1: Select the appropriate sample letter. Fill in the
blanks in the body of the letter. Read the directions printed to
the right of each letter in conjunction with the following
instructions:
For organizational files: In the first blank space insert
the full and formal name of the organization whose files you are
requesting. In the second blank space insert any other names,
acronyms or shortened forms by which the organization is or has
ever been known or referred to by itself or others. If some of
the organization's work is conducted by sub-groups such as clubs,
committees, special programs or through coalitions known by other
names, these should be listed.
For individual files: Insert the person's full name in the
first blank space and any variations in spelling, nicknames, stage
names, marriage names, titles and the like in the second blank
space. Unlike other requests, the signatures of an individual
requesting her/his own file must be notarized.
For subject matter or event files: In the first blank space
state the formal title of the subject matter or event including
relevant dates and locations. In the second blank space provide
the names of individuals or group sponsors or participants and/or
any other information that would assist the agency in locating
the material you are requesting.
Step 2: The completed sample letter may be removed,
photocopies and mailed as is or retyped on your own stationary.
Be sure to keep a copy of each letter.
Step 3: Addressing the letters: Consult list of agency
addresses.
FBI: A complete request requires a minimum of two letters.
Sen done letter to FBI Headquarters and separate letter to each
FBI field office nearest the location of the individual, the
organization or the subject matter/event. Consider the location
of residences, schools, work and other activities.
INS: Send a request letter to each district office nearest
the location of the individual, the organization or the subject
matter/event.
Address each letter to the FOIA/PA office of the appropriate
agency. Be sure to make clearly on the envelope: ATTENTION--FOIA
REQUEST.
FEE WAIVER
You will notice that the sample letters include a request
for fee waiver. Many agencies automatically waive fees if a
request results in the release of only a small number of
documents, e.g. 250 pages or less. Under the Act, you are
entitled to a waiver of all search and copy fees associated with
your request if the release of the information would primarily
benefit the general public. However, in January 1983, the Justice
Department issued a memo to all federal agencies listing five
criteria which requesters must meet before they are deemed
entitled to a fee waiver. Under these criteria, a requester must
show that the material sought to be released is already the
subject of "genuine public interest" and "meaningfully
contributes to the public development or understanding of the
subject"; and that she/he has the qualifications to understand
and evaluate the materials and the ability to interpret and
disseminate the information to th public and is not motivated by
any "personal interest." Finally, if the requested information is
already "in the public domain," such as in the agency's reading
room, no fee waiver will be granted.
You should always request a waiver of fees if you believe
the information you are seeking will benefit the public. If your
request for a waiver is denied, you should appeal that denial,
citing the ways in which your request meets the standards set out
above.
MONITORING THE PROGRESS OF YOUR REQUEST
Customarily, you will receive a letter from each agency
within 10 days stating that your request has been received and is
being processed. You may be asked to be patient and told that
requests are handled cafeteria style. You have no alternative but
to be somewhat patient. but there is no reason to be complacent
and simply sit and wait.
A good strategy is to telephone the FOIA office in each
agency after about a month if nothing of substance has been
received. Ask for a progress report. The name of the person you
talk with and the gist of the conversation should be recorded.
try to take notes during the conversation focusing especially on
what is said by the agency official. Write down all the details
you can recall after the call is completed. Continue to call
every 4 to 6 weeks.
Good record keeping helps avoid time-consuming and
frustrating confusion. A looseleaf notebook with a section
devoted to each request simplifies this task. Intervening
correspondence to and from the agency can be inserted between the
notes on phone calls so that all relevant material will be at
hand for the various tasks: phone consultations, writing the
newsletter, correspondence, articles, preparation for media
appearances, congressional testimony or litigation, if that
course is adopted.
HOW TO MAKE SURE YOU GET EVERYTHING YOU ARE ENTITLED TO ...
AND WHAT TO DO IF YOU DO NOT
After each agency has searched and processed your request,
you will receive a letter that announces the outcome, encloses
the released documents, if any, and explains where to direct an
appeal if any material has been withheld. There are four possible
outcomes:
1. Request granted in full: This response indicates that
the agency has released all records pertinent to your request,
with no exclusions or withholdings. The documents may be enclosed
or, if bulky, may be mailed under separate cover. This is a very
rare outcome.
Next Step: Check documents for completeness (see
instructions below).
2. Requested granted in part and denied in part: This
response indicates that the agency is releasing some material but
has withheld some documents entirely or excised some passages
from the documents released. The released documents may be
enclosed or, if bulky, mailed under separate cover.
Next step: Check documents released for completeness (see
instructions below) and make an administrative appeal of denials
or incompleteness (see instructions below).
3. Request denied in full: This response indicates that
the agency is asserting that all material in its files pertaining
to your request falls under one or the nine FOIA exemptions.
These are categories of information that the agency may, at its
discretion, refuse to release.
Next step: Make an administrative appeal (see instructions
below). Since FOIA exemptions are not mandatory, even a complete
denial of your request can and should be appeals.
4. No records: This response will state that a search of
the agency's files indicates that it has no records corresponding
to those you requested.
Next step: Check your original request to be sure you have
not overlooked anything. If you receive documents from other
agencies, review them for indications that there is material in
the files of the agency claiming it has none. For example, look
for correspondence, or references to correspondence, to or from
that agency. If you determine that there are reasonable grounds,
file an administrative appeal (see instructions below).
HOW TO CHECK FOR COMPLETENESS
Step 1: Before reading the documents, turn them over and
number the back of each page sequentially. The packet may contain
documents from the agency's headquarters as well as several field
office files. Separate the documents into their respective office
packets. Each of these offices will have assigned the
investigation a separate file number. Try to find the numbering
system. Usually the lower right hand corner of the first page
carries a hand-written file and document number. For instance, an
FBI document might be marked "100-7142-22". This would indicate
that it is the 22nd document in the 7142nd file in the 100
classification. As you inspect the documents, make a list of
these file numbers and which office they represent. In this way
you will be able to determine which office created and which
office received the document you have in your hand. Often there
is a block stamp affixed with the name of the office from whose
files this copy was retrieved. the "To/From" heading on a
document may also give you corresponding file numbers and will
help you puzzle out the origin of the document.
When you have finally identified each document's file and
serial number and separated the documents into their proper
office batches, make a list of all the serial numbers in each
batch to see if there any any missing numbers. If there are
missing serial numbers and some documents have been withheld, try
to determine if the missing numbers might reasonably correspond
to the withheld documents. If not, the release may be incomplete
and an administrative appeal should be made.
Step 2: Read all the document released to you. Keep a list
of all document referred to the text--letters, memos, teletypes,
reports, etc. Each of these "referred to" documents should turn
up in the packet released to you. If any are not in the packet,
it is possible they may be among those document withheld; a
direct inquiry should be made. In an administrative appeal, ask
that each of these "referred to" documents be produced or that
the agency state plainly that they are among those withheld. Of
course, the totals of unproduced vs. withheld must be within
reasons; that is, if the total number of unproduced documents you
find referred to the text of the documents produced exceeds the
total number of documents withheld, the agency cannot claim that
all the referred to documents are accounted for by the withheld
category. You will soon get the hand of making logical
conclusions from discrepancies in the totals and missing document
numbers.
Another thing to look for when reading the released
documents if the names of persons or agencies to whom the
document has been disseminated. the lower left-hand corner is a
common location for the typed list of agencies or offices to whom
the document has been directed. In addition, there may be
additional distribution recorded by hand, there or elsewhere on
the cover page. There are published glossaries for some agencies
that will help in deciphering these notations when they are not
clear. Contact FOIA, Inc., if you need assistance in deciphering
the text.
Finally, any other file numbers that appear on the document
should be noted, particularly in the subject of the file is of
interest and is one you have not requested. You may want to make
an additional request for some of these files.
HOW TO MAKE AN ADMINISTRATIVE APPEAL
Under the FOIA, a dissatisfied requester has the right of
administrative appeal. the name and address of the proper appeal
office will be given to you by each agency in its final response
letter.
This kit contains a sample appeal letter with suggesting for
adapting it to various circumstances. However, you need not make
such an elaborate appeal; in fact, you need not offer any reasons
at all but rather simply write a letter to the appeals unit
stating that "this letter constitutes an appeal of the agency's
decision." Of course, if you have identified some real
discrepancies, you will want to set them for fully, but even if
you have not found any, you may simply ask that the release be
reviewed.
If you are still dissatisfied after the administrative
appeal process, the FOIA gives you the right to bring a lawsuit
in federal district court on an expedited basis.
SAMPLE FBI REQUEST LETTER
Date:
To: FOIA/PA Unit
Federal Bureau of Investigation
This is a request under the Freedom of Information Act.
I request a complete and thorough search of all filing
systems and locations for all records maintained by your agency
pertaining to and/or captioned: ______
_____________________________________________________
[describe records desired and/or insert full and
_____________________________________________________
formal name]
_____________________________________________________
_____________________________________________________
including, without limitations, files and documents captioned, or
whose captions include
_____________________________________________________
[insert changes in name, commonly used names,
_____________________________________________________
acronyms, sub-groups, and the like]
_____________________________________________________
_____________________________________________________
This request specifically includes "main" files and "see
references," including, but not limited to numbered and lettered
sub files, "DO NOT FILE" files, and control files. I also request
a search of the ELSUR Index,a nd the COINTELPRO Index. I request
that all records be produced with the administrative pages.
I wish to be sent copies of "see reference" cards,
abstracts, search slips, including search slips used to process
this request, file covers, multiple copies of the same documents
if they appear in a file, and tapes of any electronic
surveillances.
I wish to make it clear that I want all records in you
office "identifiable with my request," even though reports on
those records have been sent to Headquarters and even though
there may be duplication between the two sets of files.
I do not want just "interim" documents. I want all documents as
they appear in the "main" files and "see references" of all units of
your agency.
If documents are denied in whole or in part, please specify
which exemption(s) is(are) claimed for each passage or whole
document denied. Please provide a complete itemized inventory and
a detailed factual justification of total or partial denial of
documents. Give the number of pages in each document and the
total number of pages pertaining to this request. For
"classified" material denied please include the following
information: the classification (confidential, secret or top
secret); identity of the classifier; date or event for automatic
de-classification, classification review, or down-grading; if
applicable, identity of official authorizing extension of
automatic de-classification or review; and if applicable, the
reason for extended classification.
I request that excised material be "blacked out" rather
than "whited out" or cut out and that the remaining non-exempt
portions of documents will be released as provided under the
Freedom of Information Act.
Please send a memo (copy to me) to the appropriate units in
your office to assure that no records related to this request are
destroyed. Please advise of any destruction of records and
include the date of and authority for such destruction.
As I expect to appeal any denials, please specify the office
and address to which an appeal should be directed.
I believe my request qualifies for a waiver of fees since
the release of the requested information would primarily benefit
the general public and be "in the public interest."
I can be reached at the phone listed below. Please call
rather than write if there are any questions or if you need
additional information from me.
I expect a response to this request within ten (10) working
days, as provided for in the Freedom of Information Act.
Sincerely,
name: _______________________________________________
address: ____________________________________________
____________________________________________
telephone: __________________________________________
signature: __________________________________________
SAMPLE AGENCY REQUEST LETTER
DATE:
TO: FOIA/PA Unit
This is a request under the Freedom of Information Act.
I request a complete and thorough search of all filing
systems and locations for all records maintained by your agency
pertaining to and/or captioned
______________________________________________________
[describe records desired and/or insert full and
______________________________________________________
formal name]
______________________________________________________
______________________________________________________
including, without limitation, files and documents captioned, or
whose captions include:
______________________________________________________
[insert changes in name, commonly used names,
______________________________________________________
acronyms, sub-groups and the like]
______________________________________________________
______________________________________________________
I also request all "see references" to these names, a search
of the ELSUR Index or any similar technique for locating records
of electronic surveillance.
This request is also a request for any corresponding files
in INS Headquarters or regional offices.
Please place any "missing" files pertaining to this request
on "special locate" and advise that you have done this.
If documents are denied in part or whole, please specify
which exemption(s) is(are) claimed for each passage or whole
document denied. Please provide a complete itemized inventory and
detailed factual justification of total or partial denial of
documents. Specify the number of pates in each document and th
total number of pages pertaining to this request. For classified
material denied, please include the following information: the
classification rating (confidential, secret, or top secret);
identify the classifier; date or event for automatic
de-classification, classification review or downgrading; if
applicable, identify the official authorizing extension of
automatic de-classification or review; and, if applicable, give the
reason for extended classification.
I request that excised material be "blacked out" rather than
"whited out" or cut out. I expect, as provided by the Freedom of
Information Act, that the remaining non-exempt portions of
documents will be released.
Please send a memo (copy to me) to the appropriate units in
your office or agency to assure that no records related to this
request are destroyed. Please advise of any destruction of
records and include the date of and authority for such
destruction.
As I expect to appeal any denials, please specify the office
and address to which an appeal should be directed.
I believe my request qualifies for a waiver of fees since
the release of the requested information would primarily benefit
the general public and be "in the public interest."
I can be reached at the phone listed below. Please call
rather than write if there are any questions or if you need
additional information from me.
I expect a response to this request within ten (10) working
days, as provided for in the Freedom of Information Act.
Sincerely,
name: _______________________________________________
address: ____________________________________________
____________________________________________
telephone: (___)_______________________________________
signature: __________________________________________
SAMPLE ADMINISTRATIVE APPEAL LETTER
Date:
To: FOIA/PA Appeals Office
RE: Request number [Add this if the agency has given your request
a number]
This is an appeal pursuant to subsection (a)(6) of the
Freedom of Information Act as amended (5U.S.C. 552).
On [date], I received a letter from [name of official] of
your agency denying my request for [describe briefly the
information you are after]. This reply indicated that an appeal
letter could be sent to you. I am enclosing a copy of my exchange
of correspondence with your agency so that you can see exactly
what files I have requested and the insubstantial grounds on
which my request has been denied.
[Optional paragraph, to be used if the agency has withheld
all or nearly all the material which has been requested]:
You will note that your agency has withheld the entire (or
nearly the entire) document (or file, or report, or whatever)
that I requested. Since the FOIA provides that "any reasonably
secregable portion of a record shall be provided to any person
requesting such record after deletion of the portions which are
exempt," I believe that your agency has not complied with the
FOIA. I believe that there must be (additional) secregable
portions which do not fall within FOIA exemptions and which must
be released.
[Optional paragraph, to be used in the agency has used the
(b)(1) exemption for national security, to withhold information]
Your agency has used the (b)(1) exemption to withhold
information [I question whether files relating to events that
took place over twenty years ago could realistically harm the
national security.] [Because I am familiar with my own activities
during the period in question, and know that none of these
activities in any way posed a significant threat to the national
security, I question the designation of my files or portions of
my file as classified and exempt from disclosure because of
national security considerations.]
[Sample optional argument to be used if the exemption which
is claimed does not seem to make sense; you should cite as many
specific instances as you care to of items withheld from the
documents that you have received. We provide two examples which
you might want to adapt to your own case.]
"On the memo dated _____________ the second paragraph
withheld under the (b)(1) exemption appears to be describing a
conversation at an open meeting. If this is the case, it is
impossible that the substance of this conversation could be
properly classified." Or, "The memo dated _____ refers to a
meeting which I attended, but a substantial portion is deleted
because of the (b)(6) and (b)(7)(c) exemptions for unwarranted
invasions of personal privacy. Since I already know who attended
this meeting, no privacy interest is served by the withholding."
I trust that upon examination of my request, you will
conclude that the records I requested are not properly covered by
exemption(s) [here repeat the exemptions which the agency's
denial letter claimed applied to your request] of the amended
FOIA, and that you will overrule the decision to withhold the
information.
[Use if an itemized inventory is not supplied originally]
If you choose instead to continue to withhold some or all of
the material which was denied in my initial request to your
agency, I ask that you give me an index of such material,
together with the justification for the denial of each item which
is still withheld.
As provided in the Act, I will expect to receive a reply to
this administrative appeal letter within twenty working days.
If you deny this appeal and do not adequately explain why
the material withheld is properly exempt, I intend to initial a
lawsuit to compel its disclosure. [You can say that you intend to
sue, if that is your present inclination; you may still decide
ultimately not to file suit.]
Sincerely yours,
name: ____________________________________________
address: ____________________________________________
____________________________________________
signature: ___________________________________________
[Mark clearly on envelope: Attention: Freedom of Information
Appeals]
FBI ADDRESSES AND PHONE NUMBERS
FBI Headquarters, J. Edgar Hoover Bldg, Washington, D.C., 20535,
202-324-5520 (FOI/PA Unit)
Field Offices
Albany, NY 12207, U.S. Post Office and Courthouse, 518-465-7551
Albuquerque, NM 87101, Federal Office Bldg., 505-247-1555
Alexandria, VA 22314, 300 N. Lee St., 703-683-2681
Anchorage, AK 99510, Federal bldg., 907-272-6414
Atlanta, GA 30303, 275 Peachtree St. NE, 404-521-3900
Baltimore, MD 21207, 7142 Ambassador Rd., 301-265-8080
Birmingham, AL 35203, Room 1400, 2121 Bldg. 205-252-7705
Boston, MA 02203, J.F. Kennedy Federal Office Bldg., 617-742-5533
Buffalo, NY 14202, 111 W. Huron St., 716-856-7800
Butte, MT 59701, U.S. Courthouse and Federal Bldg., 406-792-2304
Charlotte, NC 28202, Jefferson Standard Life Bldg., 704-372-5485
Chicago, IL 60604, Everett McKinley Dirksen Bldg., 312-431-1333
Cincinnati, OH 45202, 400 U.S. Post Office & Crthse Bldg., 513-421-4310
Cleveland, OH 44199, Federal Office Bldg., 216-522-1401
Columbia, SC 29201, 1529 Hampton St., 803-254-3011
Dallas TX 75201, 1810 Commerce St., 214-741-1851
Denver, CO 80202, Federal Office Bldg., 303-629-7171
Detroit, MI 48226, 477 Michigan Ave., 313-965-2323
El Paso, TX 79901, 202 U.S. Courthouse Bldg., 915-533-7451
Honolulu, HI 96850, 300 Ala Moana Blvd., 808-521-1411
Houston, TX 77002, 6015 Fed. Bldg and U.S.Courthouse, 713-224-1511
Indianapolis, IN 46202, 575 N. Pennsylvania St., 317-639-3301
Jackson, MS 39205, Unifirst Federal and Loan Bldg., 601-948-5000
Jacksonville, FL 32211, 7820 Arlington Expressway, 904-721-1211
Kansas City, MO 64106, 300 U.S. Courthouse Bldg., 816-221-6100
Knoxville, TN 37919, 1111 Northshore Dr., 615-588-8571
Las Vegas, NV 89101, Federal Office Bldg., 702-385-1281
Little Rock, AR 72201, 215 U.S Post Office Bldg., 501-372-7211
Los Angeles, CA 90024, 11000 Wilshire Blvd, 213-272-6161
Louisville, KY 40202, Federal Bldg., 502-583-3941
Memphis, TN 38103, Clifford Davis Federal bldg., 901-525-7373
Miami, FL 33137, 3801 Biscayne Blvd., 305-573-3333
Milwaukee, WI 53202, Federal Bldg and U.S. Courthouse, 414-276-4681
Minneapolis, MN 55401, 392 Federal Bldg., 612-339-7846
Mobile, AL 36602, Federal Bldg., 205-438-3675
Newark, NJ 07101, Gateway I, Market St., 201-622-5613
New Haven, CT 06510, 170 Orange St., 203-777-6311
New Orleans, LA 70113, 701 Loyola Ave., 504-522-4671
New York, NY 10007, 26 Federal Plaza, 212-553-2700
Norfolk, VA, 23502, 870 N. Military Hwy., 804-461-2121
Oklahoma City, OK 73118, 50 Penn Pl. NW, 405-842-7471
Omaha, NB 68102, 215 N. 17th St., 402-348-1210
Philadelphia, PA 19106, Federal Office Bldg., 215-629-0800
Phoenix, AZ 85004, 2721 N. central Ave., 602-279-5511
Pittsburgh, PA 15222, Federal Office Bldg., 412-471-2000
Portland, OR 97201, Crown Plaza Bldg., 503-224-4181
Richmond, VA 23220, 200 W. Grace St., 804-644-2531
Sacramento, CA 95825, Federal Bldg., 916-481-9110
St. Louis, MO 63103, 2704 Federal Bldg., 314-241-5357
Salt Lake City, UT 84138, Federal Bldg., 801-355-7521
San Diego, CA 92188, Federal Office Bldg., 619-231-1122
San Francisco, CA 94102, 450 Golden Gate Ave., 415-552-2155
San Juan, PR 00918 U.S. Courthouse and Fed. Bldg., 809-754-6000
Savannah, GA 31405, 5401 Paulson St., 912-354-9911
Seattle, WA 98174, 915 2nd Ave., 206-622-0460
Springfield, IL 62702, 535 W. Jefferson St., 217-522-9675
Tampa, FL 33602, Federal Office Bldg., 813-228-7661
Washington, DC 20535, 9th and Pennsylvania Ave. NW, 202-324-3000
FEDERAL AGENCIES (SELECTED ADDRESSES)
Central Intelligence Agency
Information and Privacy Coordinator
Central Intelligence Agency
Washington, D.C. 20505
202-351-5659
Civil Service Commission
Appropriate Bureau (Bureau of Personnel Investigation,
Bureau of Personnel Information Systems, etc.)
Civil Service Commission
1900 E Street, N.W.
Washington, D.C. 20415
202-632-4431
Commission on Civil Rights
General Counsel, U.S. Commission on Civil Rights
1121 Vermont Ave., N.W. Room 600
Washington, D.C. 20415
202-254-6610
Consumer Product Safety Commission
Office of the Secretary
Consumer Product Safety Commission
1111 18th St., N.W.
Washington, D.C. 20207
202-624-7700
Department of Defense/Dept. of Air Force
Freedom of Information Manager
Headquarters, USAF/DADF
Washington, D.C. 20330-5025
202-697-3467
[A quick addendum to my post on alt.privacy yesterday. After making a
few phone calls, I found that these are the correct addresses to send
requests for information under the Freedom of Information Act (FOIA):
Central Intelligence Agency:
Mr. John H. Wright
Information and Privacy Coordinator
Central Intelligence Agency
Washington, DC 20505
Federal Bureau of Investigation:
Federal Bureau of INVESTIGATION
J. Edgar Hoover Building
9th and Pennsylvania Avenue, N.W.,
Washington, DC 20535
ATTN: FOIA/PA Section
National Security Agency:
Director, NSA/CSS
9800 Savage Road
Fort George G. Meade, Maryland 20755-6000
ATTN: FOIA/N5
For those who live in The Commonwealth of Virginia, this is the
address of the Richmond field office:
Federal Bureau of Investigation
111 Greencourt Road
Richmond, Virginia 23228
ATTN: FOIA/PA Section
- PF]
- --
End of Legal Net News, v1i7