"Records Requested: I request any information the NSA has on malware transmitted through USB firmware. I request this for personal, noncommercial purposes, particularly for securing my own personal computer. I authorize fees up to $20." request #78716A. I did suggest that they search the research directorate. On Thu, Dec 18, 2014 at 2:41 PM, doug <douglasrankine2001@xxxxxxxxxxx> wrote: > > Hi Ryan, > That proposition may...or may not be true... :-) . However, be as it > may, they are saying that your request is "overly broad" and therefore has > too wide an ambit to be answered without a lot of effort. They therefore > require your help in narrowing it down so that they can answer it. They are > trying to be helpful by providing a couple of hyperlinks. Take a look at > them and if they are not helpful or provide some guidance, them may I > suggest that you re-frame the question and re-submit it. Sorry, but I am > not familiar with the question, what is it that you wish them to provide an > answer to? > ATB > Dougie. > > > On 18/12/14 22:22, Ryan Carboni wrote: > > > Common Americans are no longer considered worth protecting as part of > national security. > ----------- > > > Mr. Carboni, > Thank you for providing the information below. We have conducted an > initial search within the organization that is most likely to hold records. > That organization advised that the request, as worded, is overly broad. > Querying any of our organizations would likely result in the same > response. The phrase “malware transmitted through USB firmware” is overly > broad, such that any of our internal organizations would not be able to > determine which files to search or be able to conduct a search with a > reasonable amount of effort. Terms such as “malware” or “firmware” may turn > up in any number of NSA records and most likely would not be related to > securing home networks. Furthermore, added search without a clarification > of context and specific records sought, would incur significant fees which > would be passed on to you as an “all other” requester. > > A large facet of the NSA/CSS mission is to protect National Security > (i.e. government, DoD, Industry partners) information systems. In doing > so, this Agency provides guidance on Information Assurance security > solutions to our Industry and Government customers regarding risk, > vulnerabilities, mitigations, and threats. While it is not part of our > mission to provide guidance on securing home networks, we may occasionally > post information on our website as you may recall from our letter. Our > Information Assurance Directorate (IAD) has provided some information to > the public that may be of interest to you. Here are some additional links > that you may peruse: > > https://www.nsa.gov/ia/mitigation_guidance/index.shtml > > https://www.nsa.gov/public_info/press_room/2014/nsa_seal_scam_alert.shtml > (this is a recent article the does provides a link regarding malware) > https://www.nsa.gov/ia/index.shtml The last paragraph provides a video > link under “IAD's Latest Security Guide Helps Customers Protect Home > Networks,” and there is also a fact sheet titled “Best Practices for > Keeping Your Home Network Secure.” Since the information you appear to be > requesting (protecting home networks) does not fall under the purview of > NSA/CSS missions, continued search of our files would not be productive. > Your request will be administratively closed as an improper FOIA. If, > after reviewing the information on our website, you wish to submit a FOIA > request on similar topic(s), please provide enough detail to allow for an > accurate and focused search. > > Regards, > > Cindy B > NSA/CSS FOIA Requester Service Center > > (301)688-6527 > > >