The National Security Archive has conducted four previous audits
of federal government FOIA administration. For each audit, the
Archive submitted FOIA requests to federal agencies requesting
policies or data for analysis and cross-agency comparison. The
Archive set out to conduct this audit in the same manner. After
submitting 46 FOIA requests to the largest agencies and components
regarding their policies for posting information in their electronic
reading rooms, and another 46 requests for policies on the length
of time the agencies maintain the records in their reading rooms,
the Archive received an overwhelming number of "no records"
responses and concluded that most agencies do not have policies
in place for populating and maintaining their electronic reading
rooms. The Archive then designed a comprehensive methodology
to review each agency's Web site and assess compliance with
E-FOIA based on that review.
This government-wide review of E-FOIA compliance covered 149
agencies and agency components. The list includes each independent
agency that is subject to FOIA and submitted an Improvement
Plan to the Department of Justice under the FOIA Executive Order
13,392. (Note 47) Of those agencies with decentralized
FOIA processing, the review separately included their components
(bureaus, offices, divisions, or other sub-agencies) that receive
more than 500 FOIA requests per year, based on FY2005 data reported
in their FOIA annual reports. (Note 48)
The design of agency FOIA sites is as varied as the number
of agencies and components. In part, this may be because the
statute does not mandate a particular structure or format that
agencies must use when making available required information
and guidance. Thus, to produce the most accurate results regarding
agency compliance, we developed a set of uniform standards for
reviewing the agency and component Web sites, based on authoritative
interpretations of the statute.
The review focused on three key areas: basic elements of a
good FOIA Web site, guidance or a handbook for FOIA requesters,
and the online availability of specific records and categories
of records. Reviewers additionally made a subjective assessment
of each site based on the data gathered and their overall impression
and experience as to the organization and usability of the site.
The reviewers first looked at the basic Web site elements.
These included features of the agency Web site generally, such
as the presence of a FOIA link on the agency's home page; whether
the agency maintained a FOIA Web page; if the site could be
searched; for decentralized agencies, if the components and
agencies linked to each other; and if there was a designated
"electronic reading room." Reviewers looked specifically
for these words. In many cases, agencies had the functional
equivalent of a reading room, but called it something else (i.e.
Document Center or Popular FOIAs). In these cases, reviewers
took note of the designation but still did not consider the
agency to have an "electronic reading room."
Reviewers then assessed whether agencies made available certain
critical FOIA guidance information. The statute requires agencies
to have a handbook with this information, but many agencies
do not have a single document or Web page explicitly entitled
"handbook." In these cases, the reviewer noted what
individual pieces of information were available on the site
and where they were located. Reviewers considered compilations
of general guidance to be handbooks. Frequently, they were entitled
"Reference Guide" or something similar.
Specifically, reviewers checked handbooks or sites for a variety
of FOIA guidance information, including: contact information
for sending requests; fee waiver and fee status information;
an explanation of FOIA exemptions and reply time; guidelines
for requesting expedited processing; and administrative and
judicial appeal rights and details. The 1996 amendments to FOIA
require a major information systems index, and OMB mandates
that agency guidance also include a link to the "agency's
Government Information Locator Service presence." Agencies
were found to be in compliance with this broad requirement only
if they had an index and descriptions, which might include but
was not limited to a link to GILS. Because of the vague nature
of this requirement, we found compliance when an agency site
contained a page labeled "major information system"
index or description and the page contained a list describing
various types of records, files, and/or databases retained by
the agency-because we were unable to determine with certainty
whether the records described actually fall within the definition
of "major information systems" promulgated by OMB.
The final area reviewers assessed was whether agencies made
available on their Web sites certain categories of documents
required by E-FOIA. These categories include: agency final opinions
and orders, statements of policy and interpretations, administrative
staff manuals, frequently requested records previously released,
annual FOIA reports, and the agency's current FOIA regulations.
This was the most challenging area because many electronic reading
room documents are not organized by category or even clearly
marked as to the nature of each record. In many cases, they
are presented in a long, randomized list of available materials
that a user must sift through to find a single record.
When the records posted on the FOIA site were not organized
by category, the reviewers looked to see whether they could
identify some records, for example by their title, which clearly
fell into one of these required categories. If some documents
were labeled as agency policy statements, for example, we concluded
that the agency had satisfied this requirement. If records in
a required category were not posted or linked from the FOIA
site but are available in another location on the larger agency
Web site, we found the agency in compliance only when the link
to the records could be located on the FOIA site and was unambiguous-for
example, a link on the reading room to "Adjudications"
and leading directly to a database of all agency opinions and
orders. The agency was found to be not in compliance, however,
if finding the required records necessitated additional searching-for
example, where a user must click through several pages to reach
the link for "Opinions and Orders" or use a site search
engine to find the type of documents being sought. This conclusion
logically follows from the structure of the statute: the FOIA
statute requires agencies to affirmatively disclose certain
types of records so that individuals would not have to request
them. In order to fully satisfy the statute, members of the
public must be able to locate the disclosed materials, for example
from a central FOIA Web page, or else the provision would be
practically without force.
For frequently requested records, if a heading or introductory
description on the FOIA site stated that the records consisted
of frequently requested records under (a)(2)(D), we concluded
that the agency had complied. If a list of various records was
posted but not identified, we concluded that the agency had
not complied because, in essence, we were unable to determine
compliance: the agency has made some records available, but
we do not know whether they are frequently requested FOIA documents
or other materials that the agency has proactively disclosed.
An inherent shortcoming of this type of review is that we had
no way to determine whether an agency has posted all of the
records of a particular type that it retains. Some of the reviewed
agencies or components that receive a small number of FOIA requests
may never receive multiple requests for the same record. Even
though they may have no "frequently requested records"
to post, they would have received a non-compliant rating in
that category because we had no way of proving the negative
(unless the agency specifically noted on its site that it did
not possess any records in a particular category, in which case
we found them in compliance).
After conducting this comprehensive examination, reviewers
made subjective determinations regarding the site's content,
usability, structure and navigation, visual appearance, and
overall experience. They considered whether documents were posted
in PDF format, which retains the original integrity of a document
and is easily accessible to most users, and if links to free
viewers were available. Reviewers also noted whether broken
links were prevalent on the site or if there were other indications
that the site was not up-to-date or regularly updated. Finally,
reviewers considered several factors related to the ease of
use of each site, namely whether the menus and navigation structure
made moving around the site simple and straightforward and whether
the site had a professional, modern look that made information
readable and accessible. This information is not reported in
our appendices as qualitative data, but rather is reflected
in our general assessments and recommendations about how agencies
should structure their FOIA sites to best serve the public under
Section - Bibliography ->
47. Agency FOIA Improvement Plans under E.O. 13,392, can be
accessed at http://www.usdoj.gov/oip/agency_improvement.html.
48. Some agencies do not report component
data. For several of those, including Department of Commerce
(DOC) and DOI, we inquired with the agency to obtain the data.
For several others, the component data was not available. For
DOD, the reviews cover the four major service branches (Air
Force, Army, Navy, and Marine Corps) and the two major military
intelligence agencies (Defense Intelligence Agency and National
Security Agency). Data also was not available for NASA. However,
in its recent FOIA Improvement Plan, NASA indicated
its intention to combine the Web sites of all of its components
into a single, E-FOIA compliant Web portal, and apparently has
done so as of the beginning of 2006. See http://www.hq.nasa.gov/office/pao/FOIA/EO13392.pdf.
We therefore opted only to review the main NASA site for current