A FOIA audit seeks to get a comprehensive understanding of how a public body manages records requests. Representative Darrell Issa (R-California) has started an audit of federal FOIA handling, motivated in part by the gap he sees between the inaugural statement by the President on the importance of FOIA and the reports that the Homeland Security Department routed FOIA requests to political appointees for review before releasing records.

Records of who has made a FOIA request are public, as are the records that an agency uses to process those requests. Some public bodies are inefficient at best and obstructive at worst at processing public records requests. One way to assess this, and to gain some better understanding of government at work, is to conduct an audit of a FOIA system, requesting the logs and correspondence associated with request handling.

FOIA audit

The strategy in a FOIA audit is to prepare a single request and to send it to many agencies simultaneously. Your analysis will look for responses to the query and compare the results.

A FOIA audit is often constructed as a journalism school exercise, with a resulting "transparency score," some summary result based on how well the organizations respond. Typically, an audit asks for records, which should be easy and routine to get, such that if you get any resistance or pushback from the agency in response you have found something noteworthy.

The Society of Professional Journalists FOI Toolkit describes how to organize an audit, with special care to the sorts of tracking and record keeping you need to do to make certain that the audit is done fairly. Many audits are structured as elaborate exercises with journalists going incognito into public offices to test the in-person response of clerks to requests.

The great failing of most audits is the lack of follow-up in the form of appeals for records denied or for results delayed. Generating 150 request letters and waiting for results will not be reflective of the real responsiveness of organizations; to do it right, you need the resources to file 50 appeal letters and the credible threat of at least 1 FOIA lawsuit.

FOIA log analysis

The strategy in a FOIA log analysis is to ask for a summary of all requests received and responded to by an organization over 1 year. Once you get these records, you compile them into some kind of database, which lends itself to analysis, and you stare at the results until you find some patterns.

FOIA logs are routinely retrieved by reporters who are covering an agency in a competitive environment to get a sense for all of the stories their competition is working on, the topics of interest to those organizations and the names and identities of people who are covering their same beats. FOIA requests are themselves public records, and by watching the log files routinely you get some insight into newsworthy information.

A FOIA log request looks for condensed summary materials, such as a spreadsheet used by a clerk to track the whole system or a report generated for the regular review of open cases. In an ideal world, it compresses all of the relevant parts of a request letter into a single record with fields structured so that you can look at the system as a whole.

Regular study of a FOIA log can drastically reduce your costs to get information. By waiting until some other organization has already paid for the costs of searching for and redacting public records, your subsequent FOIA request can ask for a duplicate of records already released. Though you won't be the first to know about details dug up by others, you can be the second to know at a fraction of the cost.

If you are lucky, the log is already in a digital format. Small federal agencies appear to be more routinely capable of publishing this information. In some small municipal governments, your request for a log might return a stack of letters rather than a single spreadsheet.

The National Freedom of Information Council's Guide, FOIA the FOIAs, notes the practice and gives some guidelines.

Study of oldest FOIA requests

A strategy to look at FOIA request delays is to study the oldest requests in a system. Dig into the requests that have lingered in the agency's work queues for the longest time, and see what might be going on to create extended delays.

The story line can unearth deliberate obstruction, bureaucratic delays, the complexity of the redaction process or the high costs of FOIA that lead people who are making requests to give up on their requests because the costs are too high. Your search for unfilled requests looks for places where tracking systems have failed, or where internal appeals on controversial topics have been dragged out for an extended period of time.

A sample audit comes from the National Security Archive, which is hosted at George Washington Unviersity. Their 2006 audit report begins as follows:

Washington D.C., March 12, 2006 — The oldest Freedom of Information requests still pending in the U.S. government date back to 1989, before the fall of the Berlin Wall, according to the Freedom of Information Audit released today by the National Security Archive at the George Washington University.

A typical failing discovered in an audit of old requests is the discovery of complex queries that could be answered more quickly by splitting them apart and simplifying them. Every complicated request has a simpler request hiding inside. By narrowing the scope of the request and identifying portions of it, which might be simpler to answer, you can create a new FOIA request that should come back more quickly.

Follow the money

The follow the money strategy just looks at the costs of the FOIA enterprise, to identify the internal expenses of the government in handling FOIA requests. You'll be looking for both the fees that people pay for their requests as well as the internal costs inside the organization for fulfilling them, including litigation costs.

This can be a difficult story to tell in small organizations where there are individuals who wear many hats. It should be straightforward to track income, if it's handled in a single flow of money. 

Accounting records may be a straightforward way to gain insight into the process. For example, the City of Ann Arbor revenue budget performance report (.pdf) has details for six months of City of Ann Arbor FOIA revenues coming through the clerk's office. If you look in this report for the line item for the City Clerk (015), Administration (1000), Revenue (0000) and FOIA Charges (4115), you will find that a total of $1,392.17 has been collected for FOIA requests over the last 6 months of 2010.

Track exceptions

Identify the unusual portions of the FOIA trail and dig further into them. Requests that are appealed are interesting, and requests that turn into lawsuits are more interesting. The most expensive requests, the requests that take the longest to fulfill and the ones that cost the most to redact are all signals that there's something there.

The exceptional cases generate a paper trail in the form of correspondence, letters to the agency and responses from it to discuss the situation. By reading these you can sort through the ones that are well written and cogent vs. the ones that have angry, paranoid rants mixed in. The language in these requests can be useful in preparing your own.

As an example, this FOIA appeal by Matt Hampel documents a successful appeal of the redaction of a request for purchase card records from the City of Ann Arbor. The records were originally returned with card holder names redacted for privacy reasons; the appeal successfully argued that the names of individuals making official purchases for the city should be a matter of public record, especially because more than $100,000 of funds were to be accounted for.

If you are a congressman

Rep. Darrell Issa (R-California), the new head of the House Oversight Committee, has been in the news regarding his request for FOIA records from federal agencies. His request contains some portion of all of the FOIA audit and analysis strategies described above.

Issa has made the same request to each of the 180 agencies, which is a textbook strategy to measure and audit compliance. You should be able to learn a lot simply by looking at how quickly organizations get back to you on your initial request, and the nature of any extension response.

Issa has asked for FOIA logs, which are routinely prepared by a lot of organizations. That should be an easy way to get a lot of data quickly.

Issa has asked for information about exceptional cases, including correspondence relating to FOIA requests that are delayed more than 45 days. If you know that for some federal agencies many requests are routinely delayed, you might expect that this could generate voluminous correspondence to sort through. If there is information within this set of correspondence that has not yet been redacted to protect personal information, that might take some extraordinary amount of time to review across the entire government.

Issa has asked for information about FOIA lawsuit settlements, including details of judgements against the government in cases. This is an excellent way to see just how exceptionally wrong things can go and to assess which agencies routinely have requests that lead to legal conflict.

Comprehensive and thorough, or absurdly overbroad?

Governments have a term of art for describing these sweeping requests. If your request is rejected because it is absurdly overbroad, it means that it asks for vastly more information than can reasonably be expected to be returned in a reasonable amount of time. My column o January 29, 2010 ("Dealing with FOIA abuse and restrictions on FOIA access") looks at some cases where political conflict has caused someone to use the Freedom of Information Act laws as a weapon to harass, bully, or intimidate staff with overly frequent, poorly written and badly timed FOIA requests.

If you or I were to send these same 180 letters, we'd get back some amount of results in the due course of time. There would be some delays, and likely lengthy ones, and we'd be likely to get back a letter with an estimate of the costs involved in fulfilling the request that would slow us down. Congressional Democrats note that the FOIA backlog details requested by Issa amount to over 200,000 cases, and that this single sweeping request could swamp agencies that are already hard pressed to prepare answers on time.

The difference between an absurdly overbroad request for records and a comprehensive audit of government practices is in part a matter of perspective. If your request is well formed, complete and thorough, it may also be so sweeping as to be prohibitively expensive to fulfill. There are many audit tools that don't require a full-scale congressional investigation to pull off, and they can unearth all matter of useful information.

Edward Vielmetti writes the FOIA Friday column for AnnArbor.com. Reach him at edwardvielmetti@annarbor.com.