Page 1 / 21
Immediate evidence preservation demand and FOIA / Privacy Act request re. TSA/DHS records To: TSA, DHS, and SEA Sent: Jan. 17, 2016 VIA EMAIL to:
SEA Title VI officer Sharon Swingle Jeremy Simon Mark Nebeker Michael Shih TSA FOIA/PA office DHS FOIA/PA office
[email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]
This letter is a formal FOIA and Privacy Act request for the following records. Furthermore, this is an evidence preservation demand. You (i.e. the agencies [incl. SEA], personnel named above and below, and all agency employees having access to or involvement in the following records) are hereby demanded to preserve all evidence relating to the above, particularly including the records listed below. Please note your obligations regarding preservation of ESI and other records, discussed in part below. If you fail to obey these obligations, you may be subject to sanctions for spoliation of evidence, which I will not hesitate to pursue. I prefer to have your cooperation, but will not be deterred by its lack. If necessary, I will pursue judicial options to compel you to do so, as well as sanctions for spoliation. Please confirm to me by email, by within 7 days of the "sent" date above, exactly what steps you have taken to preserve evidence as discussed in this letter. Please carefully read the FOIA, Privacy Act, and ESI preservation instructions below. While this request does ask for a voluminous amount of records, they are nevertheless "reasonably described" in accordance with the FOIA & Privacy Act. See e.g. DOJ FOIA Update, Vol. IV, No. 3, January 1, 1983. 1. SEA incident Background: on Dec. 31, 2015, I went through a TSA checkpoint at SEA in a wheelchair. My civil rights were violated by TSA STSO Abdi and TSM Cho, in that I was unreasonably interrogated about my medical conditions, I was mandated to go through AIT (despite clearly saying that I was neither willing nor able), and my bags were returned to me, as STSO Abdi
Page 2 / 21 refused to allow me to go through the checkpoint. I am very easily visually identified by the wheelchair, widebrimmed beige hat, large beige backpack (hung on the wheelchair), dark brown carrier bag, and white walking sticks and folded guide cane. My own video of the incident is available here: https://www.youtube.com/playlist?list=PLfijmJ80Ezeu3x32zXtCuQ_d7qunfBFdI a. all records related to the SEA incident, including i. all video from that day covering myself, STSO Abdi, and/or TSM Cho ii. all reports related to the incident, including any TSA Incident Report iii. all notes, correspondence, communications, etc relating to the incident by any parties, witnesses, etc iv. all history of complaints against STSO Abdi and/or TSM Cho v. all history of similar complaints any TSA, against any TSA, Logan police, and/or Logan Airport agent vi. all records of my xray baggage screening and ETD / EDS / LCS screening, such as any records recorded by the machine, surveillance tapes capturing images of the machine's monitors, manual or automated notes on its clearance status, and any other communications or records of any form that would indicate its results, whether anything looked suspicious on the machine (and if yes, what), etc. 2. Complaints a. all complaints, claims, reports, or similar records ("complaints") made pursuant to i. 49 CFR 1503.201 ii. 49 CFR 1503.801 iii. 49 CFR 1503.3 iv. Rehabilitation Act, ADA and/or 6 CFR 15.70 v. Federal Tort Claims Act (FTCA) vi. any other formal or informal mechanism for making complaints about DHS, including any component agency or agent thereof, including but not limited to: 1. Twitter @AskTSA 2. https://www.tsa.gov/contactcenter/form/complaints 3. tsa
[email protected] 4. 5712271921 5. TSA Contact Center 6. Civil Rights / Civil Liberties complaint form b. all resulting records, including: i. those relating to individual complaints, such as complaints, claims, reports, responses, sanctions, FTCA offer or denial letters, administrative appeals, litigation, nonresponse (including any FTCA claim not approved or denied within 6 months), etc.
Page 3 / 21 ii.
those relating to multiple complaints, such as analyses or reports of agency performance, periodic reviews, databases used for processing complaints, etc.
3. TSA policies and procedures This subpart requests all records described below, including all related records (e.g. supporting tables, guides, memoranda, etc.). a. Consolidated User Guide (CUG), both as defined in 49 CFR 1560.3 and any related or predating regulation b. Standard Operating Procedure (SOP), including: i. Checkpoint Screening SOP ii. Screening Management SOP iii. Checked Baggage SOP iv. Advanced Imaging Technology (AIT) v. Whole Body Imaging (WBI) vi. Playbook SOP vii. Colorimetric SOP viii. Stand Off Detection ix. Visible Intermodal Prevention and Response (VIPR) x. Bomb Appraisal Officer (BAO) xi. Screening of Passengers by Observation Technique (SPOT) c. Emergency Amendment (EA) d. Management Directive (MD) e. Operations Directive (OD) f. Security Directive (SD) g. Information Circular (IC) h. air marshal directive (e.g. FLD, FLT) i. security program (e.g. Model Security Program, Aircraft Operator Standard Security Program, Domestic Security Integration Program, Twelve Five Standard Security Program, Air Carrier International Security Procedure) j. air transportation security agreement k. Electronic Baggage Screening Program (EBSP) l. Air Cargo Security Technology Program (ACSTP) m. Advanced Surveillance Program (ASP) n. Security Technology Integrated Program (STIP) o. Passenger Screening Program (PSP) p. Office of Law Enforcement (OLE) / Federal Air Marshal Service (FAMS) q. American Federation of Government Employees (AFGE) / Transportation Trades Department (TTD) contracts / agreements / MOUs / etc with TSA r. opinions or memoranda issued by TSA Office of Chief Counsel s. REALID Act related policy and procedure records and correspondence
Page 4 / 21 t. Threat Assessment u. Privacy Impact Assessment (PIA) v. Travel Alert w. Information Sharing Environment (ISE) x. Functional Standard (FS) y. Suspicious Activity Report (SAR) z. "no fly", "selectee", and any similar list aa. 49 CFR 1540.107 and/or 1560.105 bb. policy, agreements, contracts, etc. regarding lines at TSA checkpoints before the travel document checker (TDC) cc. Handbook dd. Guide ee. Letter ff. Bulletin gg. Memorandum hh. Table 4. BDO and SPOT a. all records relating to: i. Behavior Detection and Analysis (BDA) ii. Behavior Detection Officers (BDO), including Expert BDOs (EBDO) iii. Screening of Passengers by Observation Technique (SPOT) b. this subpart includes all: i. training materials ii. policies and/or procedures iii. studies 5. TSA training a. all records used in training any TSA agent or contractor who interacts with the public in any way (including TSO, LTSO, STSO, TSM, BDO, EBDO, FAM, DAFSD, DFSD, AFSD, FSD, etc.), including i. controlled substances in carryon luggage, checked luggage, and/or on a person ii. potentially criminal activity other than actual weapons, explosives, or incendiary devices (WEI), such as imitation WEI, large amounts of cash, credit card theft, human trafficking, immigration violations, smuggling, etc. iii. screening of liquids in excess of 3.4 oz 1. screening medical liquids 2. amount of medical liquids considered "necessary" or "reasonable" See e.g.: https://www.tsa.gov/data/guide/Liquids.html http://blog.tsa.gov/2014/09/tsatraveltipstravelingwith.html http://blog.tsa.gov/2013/09/tsatraveltipstuesdaytravelingwith.html
Page 5 / 21 http://www.dhs.gov/howdoi/learnwhaticanbringplane iv. v. vi. vii. viii. ix.
Transportation Suspicious Incident Report (TSIR) TSO In The Know BDOs In Motion OSO "Frontline" TSA Disability Branch materials all other training related records
6. Patdown a. all records of TSA patdown techniques, including its effectiveness, failures, failures, exceptions, training, etc See e.g. Corbett v. TSA , AR vol. 4A, No. 1215893RR (11th Cir., filed June 24, 2013), at AR 002224002262, 002649002654, 002659002669, and 002960002966. b. all records of any policy or procedure involving a right to "opt out" of AIT screening in favor of patdown, or a denial of "opt out" or mandated AIT screening See e.g. TSA PIA032(d), published Dec. 18, 2015. c. all records of any policy or procedure involving private screening at the direction or insistence of TSA (as opposed to any private screening merely offered by TSA and entirely within the discretion of a passenger to require or prohibit, with no negative consequences whatsoever) 7. AIT & WBI ("AIT machine") and ETD, ETP, EDS, Puffer & LCS ("ETD machine") (both, "machine") a. all contracts (or similar record, e.g. memorandum of understanding, statement of work, request for proposals, etc.) to which any company providing, maintaining, testing, or otherwise directly involved in machines is a party b. all records giving specifications for machines This is to include both the actual capabilities of the machine, and its configuration settings. An adequate response will specify what the machines can detect, and how they are configured. You may not claim that a machine is not "capable" of doing something that it is merely not "configured" to do. For instance, an AIT machine may have a "test mode" in which it is capable of displaying or storing pictures of the scan it takes, even if in ordinary use it only displays ATRstyle images or is configured to not save images or scan data. It is thus capable of storing body scans, but may or may not be configured to do so for certain users. See e.g. OIG1586 p. 6; Feb. 24, 2010 letter from Gale D. Rossides to Bennie G. Thompson. For instance, an ETD machine like the IONSCAN 500DT has advertised specifications stating
Page 6 / 21 that it detects "RDX, PETN, NG, TNT, HMX, TATP and others" and "Cocaine, Heroin, Amphetamine, Methamphetamine, MDA, THC and others", but can be set to modes "Explosives/Narcotics simultaneous, Explosives only, Narcotics only". It is thus capable of detecting cocaine, and may or may not be configured to do so for certain users. See: http://www.novatex.lt/index.php?page=narkotiniusprogstamujuircheminiumedziaguaptikimas c. testing and multimachine records i. all records documenting safety, effectiveness, throughput, or any other test or parameter of a machine ii. all records that document more than one machine, e.g. test results for a checkpoint iii. all records that document predeployment testing iv. false positive and false negative acceptance thresholds, testing results, etc d. electronic database records, whether or not they are machinerelated i. all Field Data Reporting System (FDRS) records ii. all Performance And Results Information System (PARIS) records iii. all records kept in any similar electronic database e. all communications with any nonTSA agency (e.g. FDA) regarding machines 8. GAO & OIG a. all correspondence between any DHS employee and any GAO employee b. all correspondence between any nonOIG DHS employee and any OIG employee 9. Media correspondence a. all correspondence with any media organization, journalist, or similar person b. all advertising contracts to which TSA is a party, including job advertisements c. all comments submitted to blog.tsa.gov, or to any site reviewing TSA (e.g. Yelp), that were not published (including being reported, deleted, flagged, "not recommended" etc.) — both at the time of search and at the time of this request See e.g. Carly Fiorina's "not recommended" Aug. 18, 2015 review, and Lisa Simeone's Jan. 15, 2016 review, at TSA Arlington's Yelp page: http://www.yelp.com/not_recommended_reviews/transportationsecurityadministrationarlington 2 10. DEA/TSA relationship a. all records describing, discussing, or otherwise documenting any financial, confidential source, or other relationship between the Drug Enforcement Agency (or any other nonTSA law enforcement agency) and/or its employee(s), and the TSA and/or its employee(s)
Page 7 / 21 i. See: https://oig.justice.gov/reports/2016/f160107b.pdf b. all correspondence between any TSA employee and any DEA employee c. all correspondence from/to any TSA employee referring to the OIG report above 11. CHIP, RIOT, CCSS, and CCTV a. all records about: i. Centralized Hostile Intent Project (CHIP) ii. Rapid Information Overlay Technology (RIOT) iii. closed circuit television (CCTV) iv. consolidated camera surveillance system (CCSS) b. any record referred to in DHS/S&T/PIA029 §§1.3, 2.4, 3.4, 4.1, 6.1, 6.2, 6.4, 6.5, & 8.1 c. this subpart excludes C CTV video , except to include all video: i. used for training ii. disseminated within DHS (including within any subcomponent, e.g. DHS/TSA/OCRL/DMD) iii. reviewed as part of processing any complaint or investigation iv. reviewed for SSI v. responsive to any previous FOIA / PA request 12. Records about my complaints, requests, litigation, etc. a. my "complaint file" b. any of my FOIA and/or Privacy Act requests c. my lawsuits ( Sai v. Neffenger, No. 152356, 158042 1st Cir; Sai v. TSA et al., No. 1:15cv13308 D. MA.; Sai v. TSA et al. , No. 152526 1st Cir; Sai v. DHS et al , No. 1:14cv01876 D.D.C.; Sai v. TSA , No. 1:14cv00403 D.D.C.; Sai v. USPS , No. 141005 D.C. Cir, No. 14646 SCOTUS) 13. Travel records about me a. all records about me (see identifiers below and below signature) related to or held in any of the following: i. Automated Targeting System (ATS) ii. Advance Passenger Information System (APIS) iii. Border Crossing Information System (BCIS) iv. U.S. Customs and Border Protection TECS v. NonFederal Entity Data System (NEDS) vi. Terrorist Screening Database (TSDB) vii. Electronic System for Travel Authorization (ESTA) viii. Nonimmigrant Information System (NIIS) ix. Passenger Name Record (PNR) x. travel itinerary information xi. any system mentioned in any TSA, DHS, CBP, or INS System of Records Notice (SORN)
Page 8 / 21 xii. any "no fly" or "watch" list xiii. risk assessments xiv. all data ingested into any of the above systems of records b. this subpart includes : i. indices of records ii. identifiers for me, records, and record systems iii. detail pages iv. secondary (etc) inspection records v. notes vi. face records vii. history viii. coupon records ix. records held jointly with any other agency or department x. information about me in records of other people xi. records from any form of travel, from and to any location in the world 14. FOIA & Privacy Act processing a. every record relating to FOIA or Privacy Act processing policies, practices, or procedures by DHS , any DHS component or subcomponent , or any contractor thereof involved in FOIA/PA processing . i. This includes, but is not limited to, records related to the processing of redactions, referrals, notifications, waivers, reports, approval, review, etc. ii. This further includes all correspondence between any FOIA or Privacy Act office staff and "front office" (e.g. Office of the Chief of Staff, Office of the Secretary, analogous component offices, etc.) or White House staff. "Correspondence" is to be interpreted broadly, to include e.g. interagency, intraagency, Congressional, White House, etc. correspondence regardless of medium or direction (to/from). b. every FOIA or Privacy Act request previously made by anyone other than myself, (including requests referred by another agency), and every related record, including: i. request ii. correspondence to or from the requester iii. administrative closure / NRD / etc letters iv. denial / approval letters v. final determination letters vi. Glomar response vii. any other response viii. appeal and appeal response ix. search / processing records x. disclosed records xi. status reports
Page 9 / 21 xii.
spreadsheets of active FOIA/PA requests
15. Internal websites a. all records located on any of the following websites, including any subdomains (e.g. team.ishare.tsa.dhs.gov) and any non"website" services (e.g. FTP, SSH, etc): i. tsa.gov ii. tsa.dhs.gov iii. email.tsa.dhs.gov iv. extranet.tsa.dhs.gov v. hraccessassessment.tsa.dhs.gov vi. ishare.tsa.dhs.gov vii. pfdps.tsa.dhs.gov viii. topweb.tsa.dhs.gov ix. dhsonline.dhs.gov x. tsaweb.tsa.dot.gov xi. tsa.hrservices.accenture.com xii. all other internal or external websites that are operated in part or whole for the benefit of TSA 16. Electronic record systems a. the full electronic content of every system of records mentioned in any System Of Records Notice (SORN) or Privacy Impact Assessment (PIA) that is maintained in any electronic database i. as stated below, this is to be provided in native database format I also request: 17. every record relating to the fulfillment of this request 18. every record relating to any complaint(s), FOIA request(s)/appeal(s), and/or Privacy Act request(s)/appeal(s) made by me (including, but not limited to, all records containing the terms "Sai", "saizai", "saizai.com", "s.ai", my contact information and other identifiers below, and/or any of my complaint, request or appeal identifiers). For your convenience, the following is a partial list of my complaint / request identifiers to be included: 2013TSFO00239 2013TSFO00485 2013TSFO01088 2013TSFO01096 2013TSFO01179 2013TSPA00339 2013TSPA00368 2014HQAP0082
2014TSFO00534 2014TSPA00188 2014TSPA00189 2014TSPA00485 2015HQAP00489 2015HQAP00082 2015HQFO00489 2015TSFO00229
2015TSFO00240 2015TSFO00241 2015TSFO00243 2015TSFO00251 2015TSFO00259 2015TSFO00336 2015TSLI00004 2016TSPA00009
TSA130397 TSA130414 TSA130424 TSA130488 TSA130494 20150252 20150268 2013050603513
Page 10 / 21 2014HQFO00679 2014TSFO00464 2014TSFO00488 2014TSFO00489 2014TSFO00533
2015TSFO00230 2015TSFO00232 2015TSFO00234 2015TSFO00238 2015TSFO00239
2016TSPA00010 CBP2014039056 NRC2014089425 TSA130345 TSA130375
2013050203487 20150304211D2
For all responsive records , I also request: 1. all parts of the record (i.e. no portion of a record with some responsive portion may be considered "nonresponsive" ); 2. all versions of the record , whether or not currently in use; 3. all record metadata , such as dates on which they were drafted, passed, went into effect, withdrawn, or similar events; person(s) / office(s) responsible; authors; IDs; revision numbers; etc.; 4. a detailed index of all claims of exemption/privilege , regardless of whether the record is claimed to be exempt in whole or in part; 5. access to inspect the record directly , in its native electronic format; and 6. if any classification applies, mandatory declassification review (MDR) under E.O. 13526 , and the result of the MDR, including any declassified records. Please prioritize , in order: 1. the items & subitems above, in the order listed 2. within each item or subitem, most recent records first However : 1. items under the "for all responsive records" section are to be prioritized at the same level as the record they apply to, and 2. this priority order is only for items that may take extra time to respond to, and must not be taken as blocking response to an otherwise lower priority item that could be released more quickly than a higher priority item that is pending timeintensive search or review. For the purposes of this request, except as otherwise specified, " record " means any agreement, appendix, application, assessment, attachment, checklist, circular, contract, correspondence (including but not limited to email), data management plan, documentation of search parameters, email, email attachment, form, guide, handbook, index of records, information consent agreement, information sharing agreement, instruction, interpretation, kit, management instruction, manual, memorandum, memorandum of understanding, notice, notification, opinion, order, plan, policy, policy statement, processing note, publication, recording, referral, report, request certification form, request detail report, response, rule, script, standard operating procedure, submission, talking point, training document, video, or related record described, regardless of publication status.
Page 11 / 21 This request specifically excludes providing me with new copies of any records which have been already provided to me or published online for free (e.g. on the agency's online "reading room"), in full or identically to the form that would be provided to me under this request (i.e. with exactly the same format, redactions, and claimed exemptions). This is only an exclusion on providing records under this request that are identical to those already provided to me or available online, and only if I am or have already been provided a link to the online version (if "available online") . This exclusion is only intended to limit unnecessary duplication or provision, not to limit what records are responsive to this request, nor to permit failure to disclose the location of a responsive record available online. If this exclusion would in any way increase the cost or duration to respond to this request, it is to be ignored to the extent it does so. This request is to be treated as separate from all others that I have filed. Please forward this request to the FOIA office of every agency component and subcomponent that may have responsive records for independent processing , with a copy to me. This request includes any records held jointly by your agency in conjunction with any other agency and/or department, in interagency and/or interdepartmental systems of records, or by other agencies or third parties (including contractors) acting pursuant any agreement with your agency. This specifically includes records held by or relating to third party screeners , such as Covenant Aviation Security, where it would otherwise be held by or relate to TSA employees. With the possible exception of the index of records claimed to be exempt or privileged, this request does not ask you to create new records . If you determine that a response would require creating a new record that you do not want to create, please first contact me by email with an explanation of what records you have that would most closely match the information requested and might be acceptable substitutes, so that we can reasonably tailor the request. In particular, I specifically request that you do not create new documents in response to this request that are modifications of a digital record , such as pageview images, print views, scans, or the like. No such creation or substitution is authorized by FOIA or the Privacy Act. However, if the same or similar records are held in both electronic and paper formats, this request includes both the paper and electronic versions. The paper version and the digital version are distinct records, and each may contain distinct information such as handwritten or other markings on the paper copy and embedded metadata in the electronic version. Please note that the FOIA requires you to service the maximum extent of my request that can
Page 12 / 21 be done via e.g. partial redaction of exempt material . If you believe some portions of a record to be exempt because it contains Sensitive Security Information (SSI, 49 CFR 15 & 1520 ) or classified information ( 18 USC 798 ), please provide a version of the record redacted to the minimum extent necessary to remove exempt information (e.g. per 49 CFR 1520.15 ), along with adequate information to describe the reason for each specific exemption . In order to help tailor my request, please provide an upfront estimate of the time and cost it will take to complete this request , broken down any significant factors that would affect cost to service, number of records in each category, and your estimate of how many records in the category are likely to be exempt. Please provide me with incremental updates , with updated estimates for fulfillment of the remainder, rather than having the entirety of the request be blocked until fully completed. In accordance with 5 USC 552(a)(3)(B & C) (EFOIA) and Rehabilitation Act § 508, please respond to this request in using native format , electronic, machineprocessable, accessible, open, and well structured records to the maximum extent possible. 5 USC 552(a)(3)(B, C). This means, e.g., ● ●
● ● ●
● ● ● ● ● ● ●
●
native format records rather than PDFs or other conversions, individual files per distinct source record (e.g. one .msg file per email), named clearly using the record's identifier, title, and date, rather than a single file containing multiple concatenated records, records compliant with the Rehabilitation Act § 508 , 36 CFR 1194.22 , USAB ATBCB20150002 , and I SO 14289 1 , fully digital text records rather than scans or rasterizations, complete electronic records , as held on any computer (including phones, servers, backup servers, mail servers, workstations, etc.), including all headers and attachments, fully expanded email addresses, full addresses for address "aliases", full lists for "distribution list" aliases, all embedded and external metadata, complete bitwise digital copies of the original file, all file headers, and all other file content; blackout rather than whiteout redactions, with every redaction marked with all exemption(s) claimed for that redaction , digital redactions rather than black marker or rasterization, lists and structured data as machineprocessable spreadsheets (e.g. CSV, SQL, XSL) rather than word documents (e.g. DOC, PDF, TXT, RTF) or partial printouts (e.g. PDF), open format records (e.g. PDF, AVI, MPG) rather than proprietary format records (e.g. WordPerfect, Microsoft Advanced Systems Format (ASF)), scans rather than paper copies, digital audio/video files rather than physical tapes, upload to your Electronic Reading Room (or other publicly accessible server) rather than personal transfer (for all items other than the item requesting records related to me or my requests), email or (S)FTP file transfer rather than CD,
Page 13 / 21 ●
email correspondence rather than physical mail, etc.
Multiple files may be sent in a combined, compressed form using standard ZIP, TAR, GZIP, BZIP2, and/or RAR formats, or sent as separate files, at your discretion. However, do NOT use a password on any files, including ZIP files etc., without first sending me the password. If there are any files you prefer not to transfer by email (e.g. if they are >10MB), please upload them to me via Dropbox at this link : https://www.dropbox.com/request/kbR4D5SjIrVxm1eE4uHn Doing so is secure (HTTPS), completely free to you, and the files uploaded will go to me directly, with notification to me by email from Dropbox. Please note that this request does not request that you physically "duplicate" records , as I do not want you to create any paper or other physical copy for me — I only want electronic versions (or scans, for records that are not fully available in electronic form). As such, I expect there to be no duplication related costs. Furthermore, I specifically request access for inspection of the records, including direct electronic access, in native format, to any electronic records. I am not currently willing to pay for servicing this request. I may be willing to pay if it is necessary; please send a detailed explanation of the costs and their statutory justification, and service the maximum extent of the request that can be done for free in the meantime. This request is a qualified request for journalistic, public interest purposes (entitling me to fully waived fees). As such, I request public interest fee waiver and journalistic fee waiver. 1. I have no commercial interest in these records. 2. I am a representative of the news media and entitled to waiver of all search fees. I intend and am able to host and publish all received records online to the general public at no charge, as well to publish highlights, analyses, summaries, commentaries, and other creative, original journalistic work about responsive records through multiple online publications, such as ttps://plus.google.com/+saizai, and https://twitter.com/saizai, http://s.ai/foia (among others). I have previously made journalistic publication, extraction, commentary, and analysis based on my FOIA/PA requests, e.g. relating to TSA, DHS, DOJ, and USPS activities, which have gotten widespread public interest, attention, and comment, and resulted in secondary journalistic publications based on my original work. This includes publications such as The New York Times, Forbes, Bloomberg/BNA, ABC News/Fusion, RT America News, RightThisMinute, and BoingBoing. I intend to do the same with this request.
Page 14 / 21 3. The records are of significant public interest , entitled to waiver of all duplication fees, since a. as above, I both am able and intend to disseminate the files widely; b. they would contribute greatly to the public understanding of the operations & activities of your agency, in that they are records that directly describe agency operations & activities; c. they are not currently readily available; and d. they are likely to be requested by others. 4. As mentioned above, I am explicitly not asking for any physical duplication, but rather direct servertoserver file transfer or email (or posting on your website). The FOIA authorizes duplication fees strictly limited to your agency's actual costs, and mandates that your agency use the cheapest available requested methods . I consider the actual costs for servertoserver file transfer to be reasonably estimated by, e.g., Amazon S3's pricing ( https://aws.amazon.com/s3/pricing/ ). I request that, pending fee waiver determination or appeal, you proceed with this request as if it were in the "other noncommercial requester" category . If you have any questions or updates about this request, please contact me by email. Please ensure that all of your responses comply with § 508 of the Rehabilitation Act, 36 CFR 1194.22, and UESB NPRM ATBCB20150002. In particular, please make all correspondence pursuant to this request — including notification and responsive records — by email, with native electronic format records , as specified in the request. I do not authorize you to send anything to me by physical mail unless I specifically state otherwise. My email address is sufficient for all response to this request, and I can provide you with free means of electronic transfer for records too large to email. Do not respond using ZixCorp "Secure Mail" or any other method that "expires" records from being available. Use only actual email and direct attachments, unless I explicitly request otherwise. Please let me know your tracking number(s) for this request upon receipt, as well as your estimated completion date. 5 USC 552(a)(7). If you believe that any of the requested items are not reasonably described, or that you need any further information regarding my qualification for fee waivers, please be specific about what you consider vague and what questions I can answer that would clarify them . Sincerely, Sai Phone: +1 510 394 4724 Email:
[email protected] Physical mail: 500 Westover Dr. #4514, Sanford, NC 27330
Page 15 / 21 NOTE: Do not physically mail responsive records without my explicit request. Send all records in native electronic form, as described above. P.S. Please note that "Sai" is my full name. NOTE: FOLLOWING BLOCK OF TEXT IS PRIVACY ACT CONFIDENTIAL PII
Privacy Act statement I swear, under penalty of perjury, that my full legal name is Sai; I was born ; I am a US citizen; and my current contact information is as stated above. Further, my passport numbers are to be considered part of my identifiers for search purposes. The SEA incident took place .
These
Sworn today (the date listed at the top of this request), in accordance with 28 U.S. Code § 1746, Sai
Page 16 / 21
ESI preservation ESI you may use to support claims or defenses in this case Adequate preservation of ESI requires more than simply refraining from efforts to destroy or dispose of such evidence. You must also intervene to prevent loss due to routine operations and employ proper techniques and protocols suited to protection of ESI. Be advised that sources of ESI are altered and erased by continued use of your computers and other devices. Booting a drive, examining its contents or running any application will irretrievably alter the evidence it contains and may constitute unlawful spoliation of evidence. Consequently, alteration and erasure may result from your failure to act diligently and responsibly to prevent loss or corruption of ESI. Nothing in this demand for preservation of ESI should be understood to diminish your concurrent obligation to preserve document, tangible things and other potentially relevant evidence. Electronically stored information This information preservation demand concerns both physical and electronic information. You should anticipate that much of the information subject to disclosure or responsive to discovery in this matter is stored on your current and former computer systems and other media and devices (including personal digital assistants, voicemessaging systems, online repositories and cell phones). Electronically stored information (hereinafter “ESI”) should be afforded the broadest possible definition and includes (by way of example and not as an exclusive list) potentially relevant information, such as: ● ● ● ● ● ● ●
communications (e.g., email, voice mail, instant messaging); documents (e.g., Word documents and drafts); spreadsheets and tables (e.g., Excel worksheets); image and facsimile files (e.g., .PDF, .TIFF, .JPG, .GIF images); sound and/or video recordings (e.g., .WAV, .MP3, .AVI, and .MOV files); databases (e.g., Access, Oracle, SQL Server data, SAP); back up and archival files (e.g., Zip, .GHO, tapes, etc); etc.
ESI resides not only in areas of electronic, magnetic and optical storage media reasonably accessible to you, but also in areas you may deem not reasonably accessible. You are obliged to preserve potentially relevant evidence from both these sources of ESI, even if you do not anticipate producing such ESI. The demand that you preserve both accessible and inaccessible ESI is reasonable and
Page 17 / 21 necessary. Pursuant to amendments to the Federal Rules of Civil Procedure that have been approved by the United States Supreme Court (eff. 12/1/06), you must identify all sources of ESI you decline to produce and demonstrate to the court why such sources are not reasonably accessible. For good cause shown, the court may then order production of the ESI, even if it finds that it is not reasonably accessible. Accordingly, even ESI that you deem reasonably inaccessible must be preserved in the interim so as not to deprive the Plaintiff's right to secure the evidence or the Court of its right to adjudicate the issue. Preservation Requires Immediate Intervention You must act immediately to preserve potentially relevant ESI including, without limitation, information with the earlier of a Created or Last Modified date on or after [DATE] through the date of this demand and concerning: Suspension of Routine Destruction You are directed to immediately initiate a litigation hold for potentially relevant ESI, documents and tangible things, and to act diligently and in good faith to secure and audit compliance with such litigation hold. You are further directed to immediately identify and modify or suspend features of your information systems and devices that, in routine operation, operate to cause the loss of potentially relevant ESI. Examples of such features and operations include: ● ● ● ● ● ● ● ● ●
Purging the contents of email repositories by age, capacity or other criteria; Using data or media wiping, disposal, erasure or encryption utilities or devices Overwriting, erasing, destroying or discarding back up media; Reassigning, reimaging or disposing of systems, servers, devices or media; Running antivirus or other programs effecting wholesale metadata alteration; Releasing or purging online storage repositories; Using metadata stripper utilities; Disabling server or IM logging; and, Executing drive or file defragmentation or compression programs.
Guard Against Deletion You should anticipate that your employees, officers or others may seek to hide, destroy or alter ESI and act to prevent or guard against such actions. Especially where company machines have been used for Internet access or personal communications, you should anticipate that users may seek to delete or destroy information they regard as personal, confidential or embarrassing and, in so doing, may also delete or destroy potentially relevant ESI. This concern is not one unique to you or your employees and officers. It’s simply an event that occurs with such regularity in electronic discovery efforts that any custodian of ESI and their counsel are obliged to anticipate and guard against its occurrence.
Page 18 / 21 Preservation by Imaging You should take affirmative steps to prevent anyone with access to your data, systems and archives from seeking to modify, destroy or hide electronic evidence on network or local hard drives (such as by deleting or overwriting files, using data shredding and overwriting applications, defragmentation, reimaging or replacing drives, encryption, compression, steganography or the like). With respect to local hard drives, one way to protect existing data on local hard drives is by the creation and authentication of a forensically qualified image of all sectors of the drive. Such a forensically qualified duplicate may also be called a bitstream image or clone of the drive. Be advised that a conventional back up of a hard drive is not a forensically qualified image because it only captures active, unlocked data files and fails to preserve forensically significant data that may exist in such areas as unallocated space, slack space and the swap file. With respect to the hard drives and storage devices of each of the persons named below and of each person acting in the capacity or holding the job title named below, as well as each other person likely to have information pertaining to the instant action on their computer hard drive(s), demand is made that you immediately obtain, authenticate and preserve forensically qualified images of the hard drives in any computer system (including portable and home computers) used by that person during the period described above, as well as recording and preserving the system time and date of each such computer. Once obtained, each such forensically qualified image should be labeled to identify the date of acquisition, the person or entity acquiring the image and the system and medium from which it was obtained. Each such image should be preserved without alteration. Preservation in Native Form You should anticipate that certain ESI, including but not limited to spreadsheets and databases, will be sought in the form or forms in which it is ordinarily maintained. Accordingly, you should preserve ESI in such native forms, and you should not select methods to preserve ESI that remove or degrade the ability to search your ESI by electronic means or make it difficult or burdensome to access or use the information efficiently in the litigation. You should additionally refrain from actions that shift ESI from reasonably accessible media and forms to less accessible media and forms if the effect of such actions is to make such ESI not reasonably accessible Metadata You should further anticipate the need to disclose and produce system and application metadata and act to preserve it. System metadata is information describing the history and characteristics of other ESI. This information is typically associated with tracking or managing an electronic file and often includes data reflecting a file’s name, size, custodian, location and dates
Page 19 / 21 of creation and last modification or access. Application metadata is information automatically included or embedded in electronic files but which may not be apparent to a user, including deleted content, draft language, commentary, collaboration and distribution data and dates of creation and printing. Be advised that metadata may be overwritten or corrupted by careless handling or improper steps to preserve ESI. For electronic mail, metadata includes all header routing data and Base 64 encoded attachment data, in addition to the To, From, Subject, Received Date, CC and BCC fields. Servers With respect to servers like those used to manage electronic mail (e.g., Microsoft Exchange, Lotus Domino) or network storage (often called a user’s “network share”), the complete contents of each user’s network share and email account should be preserved. There are several ways to preserve the contents of a server depending upon, e.g., its RAID configuration and whether it can be downed or must be online 24/7. If you question whether the preservation method you pursue is one that I will accept as sufficient, please email me to discuss it. Home Systems, Laptops, Online Accounts and Other ESI Venues Though I expect that you will act swiftly to preserve data on office workstations and servers, you should also determine if any home or portable systems may contain potentially relevant data. To the extent that officers, board members or employees have sent or received potentially relevant emails or created or reviewed potentially relevant documents away from the office, you must preserve the contents of systems, devices and media used for these purposes (including not only potentially relevant data from portable and home computers, but also from portable thumb drives, CDR disks and the user’s PDA, smart phone, voice mailbox or other forms of ESI storage.). Similarly, if employees, officers or board members used online or browserbased email accounts or services (such as AOL, Gmail, Yahoo Mail or the like) to send or receive potentially relevant messages and attachments, the contents of these account mailboxes (including Sent, Deleted and Archived Message folders) should be preserved. Ancillary Preservation You must preserve documents and other tangible items that may be required to access, interpret or search potentially relevant ESI, including logs, control sheets, specifications, indices, naming protocols, file lists, network diagrams, flow charts, instruction sheets, data entry forms, abbreviation keys, user ID and password rosters or the like. You must preserve any passwords, keys or other authenticators required to access encrypted files or run applications, along with the installation disks, user manuals and license keys for applications required to access the ESI. You must preserve any cabling, drivers and hardware, other than a standard 3.5” floppy disk drive or standard CD or DVD optical disk drive, if needed to access or interpret media on which
Page 20 / 21 ESI is stored. This includes tape drives, bar code readers, Zip drives and other legacy or proprietary devices. Paper Preservation of ESI is Inadequate As hard copies do not preserve electronic searchability or metadata, they are not an adequate substitute for, or cumulative of, electronically stored versions. If information exists in both electronic and paper forms, you should preserve both forms. Agents, Attorneys and Third Parties Your preservation obligation extends beyond ESI in your care, possession or custody and includes ESI in the custody of others that is subject to your direction or control. Accordingly, you must notify any current or former agent, attorney, employee, custodian or contractor in possession of potentially relevant ESI to preserve such ESI to the full extent of your obligation to do so, and you must take reasonable steps to secure their compliance. System Sequestration or Forensically Sound Imaging I suggest that, with respect to the named personnel above, removing their ESI systems, media and devices from service and properly sequestering and protecting them may be an appropriate and costeffective preservation step. In the event you deem it impractical to sequester systems, media and devices, I believe that the breadth of preservation required, coupled with the modest number of systems implicated, dictates that forensically sound imaging of the systems, media and devices is expedient and cost effective. As I anticipate the need for forensic examination of one or more of the systems and the presence of relevant evidence in forensically accessible areas of the drives, I demand that you employ forensically sound ESI preservation methods. Failure to use such methods poses a significant threat of spoliation and data loss. By “forensically sound,” I mean duplication, for purposes of preservation, of all data stored on the evidence media while employing a proper chain of custody and using tools and methods that make no changes to the evidence and support authentication of the duplicate as a true and complete bitforbit image of the original. A forensically sound preservation method guards against changes to metadata evidence and preserves all parts of the electronic evidence, including in the socalled “unallocated clusters,” holding deleted files. Preservation Protocols I would like to work with you to agree upon an acceptable protocol for forensically sound preservation and can supply a suitable protocol, if you will furnish an inventory of the systems and media to be preserved. Else, if you will promptly disclose the preservation protocol you intend to employ, perhaps I can identify any points of disagreement and resolve them. A successful and compliant ESI preservation effort requires expertise. If you do not currently have
Page 21 / 21 such expertise at your disposal, I urge you to engage the services of an expert in electronic evidence and computer forensics. Perhaps our respective experts can work cooperatively to secure a balance between evidence preservation and burden that’s fair to both sides and acceptable to the Court. Do Not Delay Preservation I’m available to discuss reasonable preservation steps; however, you should not defer preservation steps pending such discussions if ESI may be lost or corrupted as a consequence of delay. Should your failure to preserve potentially relevant evidence result in the corruption, loss or delay in production of evidence to which I am entitled, such failure would constitute spoliation of evidence, and I will not hesitate to seek sanctions. Confirmation of Compliance Please confirm by the date above that you have taken the steps outlined in this letter to preserve ESI and tangible documents potentially relevant to this action. If you have not undertaken the steps outlined above, or have taken other actions, please describe what you have done to preserve potentially relevant evidence.