The emerging FOIA scandal at NIH should provoke White House and Congressional oversight - and then reforms
Good morning from shady upstate New York, where I've retreated from the heat and humidity of DC to celebrate Father's Day with my Dad and then his 80th birthday. Alex Howard here, with another civic text. As a reminder, if you find these newsletters interesting, useful, or insightful, I hope you'll upgrade to a paid membership and share them widely with your networks. You can always find me at alex@governing.digital with comments, feedback, questions, or other concerns.
Today, I want to square the circle about finishing my term as a member of the United States Freedom of Information Act (FOIA) Advisory Committee at the U.S. National Archives and Records Administration (NARA). If you're wondering why FOIA has gotten more focus of late in these pixels and pages, wonder no more: I've been thinking a lot about public records, public information, public access, and public integrity because of this experience. I promise I'll shift topics around other civic texts in the summer ahead, but bear with me for a couple more rounds.
I attended the final public meeting of the 2022-2024 term of the U.S. Freedom of Information Act Advisory Committee last week, which you can already watch online because NARA livestreams them on YouTube: https://www.youtube.com/watch?v=WCJhpkaa2ww
As with every meeting this term, this one was virtual. (As I expressed multiple times in public and private over the past year, I hope that the committee shifts to hybrid meetings in the next term, as there is value to forming relationships in-person and holding dialogues at NARA that I don't see on Zoom.)
Our public business was relatively straightforward for this meeting: consider and vote on the final draft report of the committee, which was a synthesis of the implementation subcommittee final report, modernization subcommittee final report, and resources subcommittee final report. After brief discussion and review of suggested edits, we approved the report unanimously, which means it will join the previous 4 reports online.
Our recommendations to improve the administration of the FOIA will be posted to the dashboard NARA maintains – if the Archivist of the United States approves them, as I hope she will. I'll share more about the specific recommendations the subcommittees I sat on made and why agencies and Congress adopting and implementing them would make a difference to public access to public information in a future newsletter.
What I want to focus on today is the public comment I made after our vote, the responses to it from other committee members, and the response of the Justice Department. (I've transcribed and cleaned up the statement, but if you wish to watch or listen to me and the responses, jump ahead to minute 44 in the public meeting.)
The first part of the comment referred to the subject of the last edition of Civic Texts, where I took the position that the U.S. government should not require biometric authentication and a Social Security number to make FOIA requests. (I edited and condensed the following.)
As you may recall, the Internal Revenue Service (IRS) introduced biometric authentication last year at the IRS. My understanding that the Treasury Department did because first party requestors need to identify themselves in order to get records about themselves. As far as I know, this is the sole example in the FOIA where people need to identify themselves in order to request records under the Privacy Act. And in this that particular case, it makes a lot of sense for an agency that receives a lot of first party requests to move in this direction.
However, if the same method of authentication is now being applied to anybody who wishes to use the online system at the IRS, there's a problem. There’s nothing in the FOA statute that requires people provide biometric information and a government ID, much less a Social Security. The agencies in question are now providing enhanced opportunities for people who are involved in electronics, including securely corresponding with agencies, checking the status of their request, and accessing the documents.
I hope that the next of this committee engages with how first party requests and the authentication requirements that exist now should be balanced against the public’s right to make requests, view documents, and interact with agency personnel without having to provide a government issued ID and Social Security number to a private service. I hope that future iterations of the committee, the Chief FOIA Officers Council, and Congress all take a serious look at how and when identify verification is added to any aspect of FOIA administration.
The second comment addressed an apparent pattern and practice of avoiding FOIA, combined with records destruction, at the National Institutes of Health.As Gbemende E. Johnson – a University of Georgia political science professor who also served on the FOIA Advisory Committee with me – told Fedscoop, “incidents of improper record preservation would suggest at the very least that additional training and reminders of the legal obligations of [the Federal Records Act] and FOIA are necessary.” (Again, I've edited the transcript slightly.)
I hope that we see a future FOIA advisory committee takes a hard look at how and where patterns and practices of the FOIA that, unfortunately, we have seen in the growing scandal at the National Institute of Health. It’s become clear that there is, unfortunately, a context in which we had officials – including the then-head of the NIH and Dr. David Morens – had a pattern of not just trying to evade FOIA by intentionally misspelling terms, but actually moving public business on private email systems – and perhaps even working with the then-FOIA public liaison to evade FOIA and destroy records.
I raised this issue to the Archivist of the United States last Monday, with hopes that there would be accountability. I hope that the National Archives itself conducts and investigates, working with inspectors general and, if they find that there has been unauthorized dispositions or evasions of FOIA, that those involved they are referred, if it’s appropriate, to the Department of Justice.
I hope that the FOIA community in government sees this not as a reason to pull back, but to reengage and double down to ensure that that the public does not come away from this with the impression that it is the position of the US government that this behavior is OK!
I don’t believe that to be the case, given my experience with the members of this committee, but I have seen no strong statements from the White House, Office of Management and Budget, from the National Archives or from the Department of Justice, specifically the Office of Information Policy, stating that people who will try to destroy records to evade the FOIA or moved public business entity systems will face sanction. That is the missing element I have seen for FOIA in our country: The lack of enforcement for civil servants and officials who choose to actually evade this transparency law.
I appreciate the opportunity to make this comment, as someone who is a representative of the requestor community. I feel it’s important for our committee to be discussing the reality of FOIA as it is experienced outside of government. I encourage everyone inside to make strong statements to state that this kind of behavior would not be tolerated that their agency. I am hopeful that the incredible recommendations and commitment to public integrity displayed by committee members will result also in substantive change. My sense is that if we don’t see more public recriminations that the impression of abuse of power in this context will be set as an alternative fact.
Other members of the committee then offered a variety of responses to my concerns.
Gorka Garcia-Malene, chief FOIA officer for the National Institutes of Health, defended the agency:
"While I can’t speak to the case that is in the public eye, what I can share with you is that in my experience, NIH and its employees comply with both the letter and the spirit of the Freedom of Information Act and its related policies. I can also tell you that the program I manage remains absolutely committed to complying with all laws and policies, and that we continue to work tirelessly to deliver the highest FOIA standards to requesters, and I hope that comes across."
Jason Baron, a former NARA litigation counsel and current professor at the University of Maryland, seconded much of what I said about the NIH controversy, which he described to Fedscoop as a "shocking disregard for the public’s right to access records under FOIA, as well as government recordkeeping in general." Baron went on:
"I do want to point out to the committee, and to others, that there is an existing statute – 44 U.S. Code § 2911, disclosure requirement for official business conducted using official electronic messaging accounts. Since 2014, the Federal Records Act has required that offices or employees of executive agencies may not create or send a record using a non-official electronic messaging account unless the officer or employee copies an official .gov system, or forwards a complete copy of the record to a.gov system. Subscription B of 2911 talks about adverse actions, the intentional violation of subsection A, may result in inappropriate supervisor are taking some kind of – a basis for disciplinary reaction under various law. There is law on the books. I would trust that NIH will be looking at taking appropriate actions, in conjunction with NARA. NARA always opens, in my experience of 13 years as director of litigation of NARA, well aware of controversy like this, and would absolutely initiate an investigation, working with inspectors general and if necessary, with DoJ."
Michael Heisse, the FOIA public liaison at the U.S. Equal Employment Opportunity Commission related his hope that future advisory committees would look at the resources issue, shared his concerns about the prospect of rapid-fire FOIA requests generated with artificial intelligence, and then responded to my concerns about a pattern and practice of evading the FOIA by a FOIA public liaison by suggesting "to the extend that there's abuse on the government side, I would respectfully submit that there's abuse on the requestor side as well."
I found that last bit of pushback both surprising, and inappropriate, as you can likely gather if you watch or read the following:
"I am disappointed that – in the response to documented reports of records laws evasion and a pattern and practice of an agency's FOIA public liaison helping people to evade FOIA – the reactions is to the point the finger at requestors. The problem that we faced right now is not AI or bots, but it is that the federal government is woefully under capacity to make progress against the backlogs because Congress has neither appropriated funding to improve the capacity, that the stance of the government lawyers has often been against disclosure, and that, unfortunately, we’ve seen a void in leadership from two successive administrations with respect to oversight of the FOIA. There was once again no hearing for Sunshine Week.
It is not the problem that the requestor community is asking for information under the law. The problem is that our government is not resourcing and leading to meet the demand. We have seen that the State Department eliminated the backlog for passport applications through these efforts Resources. We have seen NARA eliminate a backlog for people requesting veterans records through the smart technology and capacity. We have seen dedication to capacity building for different services, but we have not seen it for the FOIA.
I agree that the prospective of automated requests made by synthetic persona is a concern. We’ve seen public regulatory dockets flooded with inauthentic comments made under fake names or fraudulent use of American identities. One of the approaches to addressing that is to think about how and where fiction could be added to the process by the addition of identity verification. I think we need to be really careful about, as the community, for the ability to uphold our rights."
In retrospect, I was disappointed that neither the federal FOIA ombudsman – AKA the Office of Government Information Services (OGIS) at NARA nor the Director of the Office of Information Policy (OIP) at the DoJ did not take the opportunity to condemn the pattern and practice of outrageous conduct around FOIA and public records documented by Congress, that another member of the committee responded to my intervention by suggesting requesters were abusing FOIA.
I was pleased to find that the OIP did answer my question at the OpenGovWeek virtual forum, when I asked "what commitments will the DOJ make to uphold the law, including sanctions for records destruction?" While I didn't recall receiving an answer contemporaneously, the General Services Administration's Open Government Secretariat posted on in the log of the Q&A:
"The Department of Justice remains steadfast in its commitment to encouraging government-wide compliance with the FOIA. OIP reviews agency compliance with the FOIA and provides agencies with guidance and training. The Federal Records Act requires federal agencies to notify the Archivist of the United States of the unlawful destruction of records. See 44 U.S.C. § 3106; 36 CFR Part 1230. The National Archives & Records Administration maintains a program for handling unauthorized disposition cases and can, where appropriate, contact the Department of Justice for assistance. See Unauthorized Disposition of Federal Records, National Archives & Records Administration, available at https://www.archives.gov/records- mgmt/resources/unauthorizeddispositionoffederalrecords. Consistent with Department of Justice policy, the Department does not comment on confirm or deny the existence of investigations. Justice Manual § 1-7.410, available at https: //www.justice.gov/jm/jm-1-7000-media-relations."
As a magic eightball might say, the future is cloudy!
But if this is how the Department of Health and Human Services has been dealing with FOIA, then the HHS Office of Inspector General should clearly investigate, if it's not already. NIH should then be held up by The Justice Department, the White House, and NARA as an example of what not to do to uphold the public’s rights to know and access information — perhaps after investigations conclude.
What should happen next?
-the Senate and House should schedule the oversight hearings on FOIA & open government that they didn't convene during Sunshine Week.
–President Biden, U.S. Attorney General Garland, and AOTUS Shogan should issue government-wide memoranda emphasizing that FOIA is the responsibility of all officials and civil servants, reflecting their obligations to be good stewards of the public records they hold in trust for all Americans
-The White House Office of Management and Budget should announce a goal to eliminate the FOIA backlog by the end of 2025, as the State Department did for the passport application backlog, & reinstitute the cross-agency priority goal for FOIA President Obama ordered
-Congress should appropriate more funds for FOIA and enact comprehensive reforms to the law that not only modernize its administration but transform public access to public knowledge. I favor the institutional reforms suggested by law professor Margaret Kwoka, whose research has been invaluable for understanding who is using the FOIA and for what: establishing an independent information commission, like other countries, instead of relying on judicial review.
What will happen next? TBD!
Despite my hopes, this administration has shown limited interest in improving FOIA & restoring open government as a principle, program, or policy after the most corrupt administration in U.S. history made a mockery of transparency and accountability.
Even if that changes, this Congress (and the next!) should be providing rigorous, ongoing oversight of FOIA, and resources to address capacity and modernization in response to growing demand, and considering reforms to strengthen the statute and institutions entrusted with administering it.
(Whew! If you made it this far, thank you for reading. I promise to focus on non-FOIA matters later this week. )
