[cryptome] Re: Fwd: 78716A

  • From: doug <douglasrankine2001@xxxxxxxxxxx>
  • To: cryptome@xxxxxxxxxxxxx
  • Date: Thu, 18 Dec 2014 23:21:29 +0000

Hi Ryan,
From what I can see, Cindy B has given you an adequate answer...I would reply exactly the same. Remember, with bureaucrats, they want it easy, they want to be seen as doing something, anything to get them off the hook. They have found your question vague, outside of their parameters. If you want more, you will have to offer to pay more. You have found their answers inadequate. Have a think about how you can make your request more specific, she has asked you to "clarify the context and ask for specific records" what malware for instance...can you point her nose to any particular records... and are you sure that the research directorate is the right place to direct the question?

One of the things I learned long ago, when dealing with the bureaucracy, is that they are a machine, like a big windmill driven by wheels and one has to learn how to match ones teeth with their cogs, in terms of size and timing so that when it spins round, your request is picked up, taken along the line to the right department and returned to you down the line all refined and tickety boo; then one gets the proper reply...if not the right one...or the one you want... :-) .

On 18/12/14 22:47, Ryan Carboni wrote:
"Records Requested: I request any information the NSA has on malware transmitted through USB firmware.

I request this for personal, noncommercial purposes, particularly for securing my own personal computer.

I authorize fees up to $20." request #78716A. I did suggest that they search the research directorate.

On Thu, Dec 18, 2014 at 2:41 PM, doug <douglasrankine2001@xxxxxxxxxxx <mailto:douglasrankine2001@xxxxxxxxxxx>> wrote:

    Hi Ryan,
    That proposition may...or may not be true... :-) .  However, be as
    it may, they are saying that your request is "overly broad" and
    therefore has too wide an ambit to be answered without a lot of
    effort.  They therefore require your help in narrowing it down so
    that they can answer it. They are trying to be helpful by
    providing a couple of hyperlinks.  Take a look at them and if they
    are not helpful or provide some guidance, them  may I suggest that
    you re-frame the question and re-submit it. Sorry, but I am not
    familiar with the question, what is it that you wish them to
    provide an answer to?

    On 18/12/14 22:22, Ryan Carboni wrote:

    Common Americans are no longer considered worth protecting as
    part of national security.

    Mr. Carboni,

          Thank you for providing the information below.  We have
          conducted an initial search within the organization that is
          most likely to hold records. That organization advised that
          the request, as worded, is overly broad.  Querying any of
          our organizations would likely result in the same
          response.  The phrase “malware transmitted through USB
          firmware” is overly broad, such that any of our internal
          organizations would not be able to determine which files to
          search or be able to conduct a search with a reasonable
          amount of effort. Terms such as “malware” or “firmware” may
          turn up in any number of NSA records and most likely would
          not be related to securing home networks. Furthermore,
          added search without a clarification of context and
          specific records sought, would incur significant fees which
          would be passed on to you as an “all other” requester.

      A large facet of the NSA/CSS mission is to protect National
    Security (i.e. government, DoD, Industry partners) information
    systems.  In doing so, this Agency provides guidance on
    Information Assurance security solutions to our Industry and
    Government customers regarding risk, vulnerabilities,
    mitigations, and threats.  While it is not part of our mission to
    provide guidance on securing home networks, we may occasionally
    post information on our website as you may recall from our
    letter. Our Information Assurance Directorate (IAD) has provided
some information to the public that may be of interest to you. Here are some additional links that you may peruse:


    (this is a recent article the does provides a link regarding

          https://www.nsa.gov/ia/index.shtml The last paragraph
          provides a video link under “IAD's Latest Security Guide
          Helps Customers Protect Home Networks,” and there is also a
          fact sheet titled “Best Practices for Keeping Your Home
          Network Secure.”

          Since the information you appear to be requesting
          (protecting home networks) does not fall under the purview
          of NSA/CSS missions, continued search of our files would
          not be productive.  Your request will be administratively
          closed as an improper FOIA.  If, after reviewing the
          information on our website, you wish to submit a FOIA
          request on similar topic(s), please provide enough detail
          to allow for an accurate and focused search.


    Cindy B
    NSA/CSS FOIA Requester Service Center

    (301)688-6527 <tel:%28301%29688-6527>

Other related posts: