By Lauren Harper
The author is a staff member of the National Security Archive, the publisher of FreedomInfo.org, which published this report March 14.
The Defense Intelligence Agency (DIA), the Department of the Treasury’s Comptroller, and the Nuclear Regulatory Commission (NRC) are among a handful of agencies that have already admitted they will not meet the December 31, 2016, deadline for electronic management of official government email – like Hillary Clinton’s – in their mandatory, annual self-assessment report to the National Archives and Records Administration (NARA).
One in six agencies did not even bother to turn in their own self-assessments, which were due by January 29, 2016, according to a new Email Alert released today by the National Security Archive at www.nsarchive.org to mark Sunshine Week.
The questions in the self-assessments – formally called Senior Agency Official reports – are simple: “Is your agency going to meet current NARA and Office of Management and Budget guidance and manage all email electronically by the end of 2016? What steps has your agency taken, and what steps will it continue to take, to meet this goal?”
WHAT WERE AGENCIES ASKED?
Is your agency going to meet the Directive goal to manage all email records in an accessible electronic format by December 31, 2016? (Directive Goal 1.2)
Yes ____ No _____
Provide a list of actions your agency, components, or bureaus have taken to meet this goal. Include specific information on your progress regarding:
- establishing formally approved email policies,
- use of any automated systems for capturing email,
- providing access / retrievability of your email,
- establishing disposition practices for agency email (either destroy in agency or transfer to NARA), and
- possible implementation of the Capstone approach for applicable agency
Provide a list of the actions your agency, components, or bureaus plan to take in 2016 to meet this goal.
The Department of State, the Department of Defense, and the Department of Energy all turned in their reports over a month late, and the Department of Homeland Security is among those agencies that have not turned it in at all, in a clear signal that some of the government’s largest agencies are still straggling to prioritize saving official email.
“Too many agencies somehow missed Hillary Clinton’s email wake-up call,” said National Security Archive director Tom Blanton, author of the 1995 book White House E-mail. “One sixth of agencies didn’t turn in their homework this year on saving email, and three shamelessly confessed they won’t meet the key deadline despite more than three years advance notice.”
Fifty years after the Freedom of Information Act was signed into law to improve transparency and make records public, and 23 years after the landmark National Security Archive lawsuit established emails as government records, one-sixth of the agencies (18 out of 113) have failed to turn in their reports on whether or not they will meet their records management responsibilities – as of Sunday March 13, the beginning of Sunshine Week.
Those that did turn in their work get mixed reviews.
The DIA, Treasury, and NRC all admitted they would not meet the deadline, despite having almost four years notice from OMB and NARA – their joint “Managing Government Records Directive” on August 24, 2012, to fulfill President Obama’s November 28, 2011, “Managing Government Records” memorandum. Other government entities, like the U.S. Commission of Fine Arts, elected not to answer the question at all.
The overwhelming majority of respondents who reported that they will meet the December 2016 deadline did indicate that they have either already adopted, or plan to adopt, an email preservation program NARA initiated called “Capstone.” The new tool allows for the systematic transfer to NARA of email accounts scheduled as permanent based on the email owner’s work or position at an agency. (Capstone has many advantages, not least a simplified scheduling procedure, but the real test will be in how it is implemented in 2017 and beyond.)
Useful responses came from agencies like the Department of Agriculture, which provided a detailed analysis of how its use of ProofPoint, a private industry cybersecurity platform, meets the government’s email archiving and Capstone requirements. NARA and the Social Security Administration, which thoroughly explains why Microsoft Exchange 2013 is the best choice for its Capstone email preservation, also submitted encouraging self-assessments.
Other agencies were more vague about how they will meet the email requirements. The Overseas Private Investment Corporation said little besides that it had established an approved email policy, and the U.S. Election Assistance Commission noted that most of its progress was “pending.”
Components of the Executive Office of the President, including the Office of Management and Budget and the Office of Science and Technology Policy, are among the departments and agencies that will not adopt Capstone, while the Central Intelligence Agency, the Peace Corps, and the Federal Trade Commission are among those that are still considering Capstone, yet are insisting that they will meet the deadline.
Until December 31, NARA trusts agencies, on their own, to determine and preserve emails they have “deemed appropriate for preservation,” often by employing a “print and file” physical archiving process for digital records. (To date, only one percent of government email addresses are saved digitally by Capstone, and at the State Department, the inspector general looking into the Hillary Clinton email matter found that only 0.006 percent of department email had been captured by e-archiving systems before 2015.)
To get agencies to take email preservation seriously – or even to respond to NARA’s guidance so the nation’s record keepers can post the responses – further steps are needed in 2016. Useful ways to get agency attention include:
* a stern reminder from OMB and NARA that self-assessments are mandatory,
* a Government Accountability Office survey of agency email preservation, and
* congressional hearings showcasing the email savers along with the laggards.
Tom Blanton says that “Too many agencies somehow missed Hillary Clinton’s email wake-up call.”
Agency inspectors general should also take a page from the ongoing Hillary Clinton email saga and ensure that their agencies are following best practices. Likewise, the Federal Chief Information Officer Council (winner of the National Security Archive’s Rosemary Award for worst open government performance in both 2015 and 2010 for never addressing the government’s “lifetime failure” of saving its email electronically) needs to make this a priority once and for all.
A recent OpenTheGovernment.org (OTG) report also takes aim at the government’s lackluster commitment to preserving email. The report notes that initial concerns that the December 31, 2016, deadline for email management was too far off have been “replaced for civil society with a concern that agencies are not on track to meet the 2016 deadlines.” Today’s National Security Archive Email Alert reinforces this concern and raises the question how one in six agencies are still lagging given the congressional and media firestorm over Hillary Clinton’s email practices.
The former secretary of state’s use of personal email while conducting government business is only the latest of a long line of red flags for federal information managers. The government’s failure to preserve its emails dates all the way back to January 1989 – beginning with an attempt by the outgoing Reagan White House to destroy its email backup tapes. This destruction was only thwarted by the National Security Archive’s lawsuit, which first established emails as federal records.
The National Security Archive continued the litigation against Presidents George H.W. Bush and Bill Clinton, winning e-archiving for email at the White House, but losing the attempt to bring agencies up to the same standard. NARA and federal agencies stuck to an absurd “print and file” policy until the 2012 OMB/NARA notice set the December 2016 deadline.
Along the way, the Archive had to sue the George W. Bush administration in 2007 seeking the recovery and preservation of more than 5 million White House email messages that were apparently deleted from White House computers between March 2003 and October 2005. Citizens for Responsibility and Ethics in Washington (CREW) subsequently joined this suit and with the Archive negotiated a settlement with the Obama administration that included the recovery of as many as 22 million Bush-43-era emails that were previously missing or misfiled, along with ensuring e–archiving of the Obama White House’s emails.
As a result of two decades of National Security Archive litigation, several hundred thousand White House emails survive from the Reagan presidency, nearly a half million from the Bush-41 term, 32 million from Clinton, and an estimated 220 million from Bush-43.
While strides have been made to preserve White House emails, many agency FOIA regulations – even those that are recently updated – are ambiguous, if not outright silent, on the status of emails as records, likely contributing to poor agency retention practices. A sampling of recently-updated agency FOIA regulations shows some differences in agency requirements. While some agencies such as the Environmental Protection Agency are expected to make “reasonable efforts to locate and retrieve information from records maintained in electronic form or format,” others, such as the Department of the Interior, will only “make reasonable efforts to search for the requested records in electronic form or format.” Even then, there is an exception “when these efforts would significantly interfere with the operation of the bureau’s automated information system.” None of these FOIA regulations explicitly discuss email records.
Any common, government-wide core FOIA regulations should unambiguously mention email and electronic email management. Civil society groups published model FOIA regulations in 2014 when the Obama administration adopted the National Security Archive’s recommendation for a government-wide update of FOIA regs, now a specific commitment of the National Action Plan in the Open Government Partnership process. The Department of Justice’s Office of Information Policy has been coordinating an interagency process for such regs, but nearly two years later, not even a template has emerged from DoJ. Suitably explicit protocols would go a long way toward preventing agencies from deleting email records that should be saved, also saving agencies from the well-earned public relations headache the Department of State is currently experiencing.
“It’s promising that so many agencies have adopted, or plan to adopt, Capstone. Trouble is, we won’t know if the plans have legs until they are up and running on January 1, 2017,” said the Archive’s communications director, Lauren Harper, who led the Archive’s analysis of agency reporting and agency regulations.
Support for this Email Alert, part of an ongoing exploration of the government’s troublesome email management practices, was generously provided by the CS Fund/Warsh-Mott Legacy and the Open Society Foundations. Support for previous FOIA Audits and Open Government Surveys was also provided by the John S. and James L. Knight Foundation.
Filed under: Latest Features