My First FOIA

At a workshop on cross-device tracking held by the Federal Trade Commission (FTC) last fall, the Center for Democracy and Technology presented information about a company based in India, SilverPush, that had developed technology for embedding ultrasonic tones in TV broadcasts, as well as toolkits for detecting these tones in mobile (Android/iOS) applications. As discussed previously, several others and I analyzed the use of audio beacons for cross-device behavioral tracking by this and other products.

This past March, the FTC sent a number of warning letters to developers whose apps in the Google Play store were found to be using the SilverPush toolkit. I subsequently spoke with Kristin Cohen of the FTC, asking for the names of the apps and developers who received the letters; she declined to provide them but acknowledged that they would likely be provided in response to a Freedom of Information Act (FOIA) request.

I spent some time looking into the procedure for filing a FOIA. The easiest for me to do this was to use a service, MuckRock, to file the request on my behalf. For a fee of $20, MuckRock will file 4 FOIA requests for you, and collect and make available the results. On June 2, I paid my $20 and sent in my request. MuckRock kept me well informed via email about the status of my request.

My request was as follows:

• Names and contact information for the app developers receiving the warning letters regarding use of SilverPush audio beacon technology that were announced by FTC on March 17, 2016
• Any information on how those developers were identified

On June 24, MuckRock sent me an update that my request had been answered (apparently the answer came on June 15). I received two PDFs, the first being a cover letter from the FTC explaining what they are and aren’t responding to, and the second being PDF copies of the warning letters themselves. None of the provided documents had been redacted.

While their response to the first part of my request had been very complete, I was disappointed in the lack of response to the second part of the request. I was informed that that part of the response (126 pages in all) were “deliberative and pre-decisional” and therefore exempt from disclosure. I had thought that part of the purpose of FOIA was to provide transparency about the decision process within the federal government. In any case, I was primarily trying to find out the technical means that were used to identify the apps that contained this toolkit. I will discuss the substance of the information received from the FOIA in a subsequent blog post.

If any readers have experience with FOIA and opinions on whether I should appeal the exemption, please let me know via the comments or contact me directly.

Overall, this experience with the FOIA process has been very positive. The response from the government was surprisingly fast, and the information provided was responsive to my request. But while it was easy for me to submit the request, it took significant resources for the government to respond. FOIA is a powerful tool, but I would hate to see my government resources being used to respond to a lot of frivolous requests. Use it responsibly.