Hi Ryan,From what I can see, Cindy B has given you an adequate answer...I would reply exactly the same. Remember, with bureaucrats, they want it easy, they want to be seen as doing something, anything to get them off the hook. They have found your question vague, outside of their parameters. If you want more, you will have to offer to pay more. You have found their answers inadequate. Have a think about how you can make your request more specific, she has asked you to "clarify the context and ask for specific records" what malware for instance...can you point her nose to any particular records... and are you sure that the research directorate is the right place to direct the question?
One of the things I learned long ago, when dealing with the bureaucracy, is that they are a machine, like a big windmill driven by wheels and one has to learn how to match ones teeth with their cogs, in terms of size and timing so that when it spins round, your request is picked up, taken along the line to the right department and returned to you down the line all refined and tickety boo; then one gets the proper reply...if not the right one...or the one you want... :-) .
ATB Dougie. On 18/12/14 22:47, Ryan Carboni wrote:
"Records Requested: I request any information the NSA has on malware transmitted through USB firmware.I request this for personal, noncommercial purposes, particularly for securing my own personal computer.I authorize fees up to $20." request #78716A. I did suggest that they search the research directorate.On Thu, Dec 18, 2014 at 2:41 PM, doug <douglasrankine2001@xxxxxxxxxxx <mailto:douglasrankine2001@xxxxxxxxxxx>> wrote:Hi Ryan, That proposition may...or may not be true... :-) . However, be as it may, they are saying that your request is "overly broad" and therefore has too wide an ambit to be answered without a lot of effort. They therefore require your help in narrowing it down so that they can answer it. They are trying to be helpful by providing a couple of hyperlinks. Take a look at them and if they are not helpful or provide some guidance, them may I suggest that you re-frame the question and re-submit it. Sorry, but I am not familiar with the question, what is it that you wish them to provide an answer to? ATB Dougie. On 18/12/14 22:22, Ryan Carboni wrote:Common Americans are no longer considered worth protecting as part of national security. ----------- Mr. Carboni, Thank you for providing the information below. We have conducted an initial search within the organization that is most likely to hold records. That organization advised that the request, as worded, is overly broad. Querying any of our organizations would likely result in the same response. The phrase “malware transmitted through USB firmware” is overly broad, such that any of our internal organizations would not be able to determine which files to search or be able to conduct a search with a reasonable amount of effort. Terms such as “malware” or “firmware” may turn up in any number of NSA records and most likely would not be related to securing home networks. Furthermore, added search without a clarification of context and specific records sought, would incur significant fees which would be passed on to you as an “all other” requester. A large facet of the NSA/CSS mission is to protect National Security (i.e. government, DoD, Industry partners) information systems. In doing so, this Agency provides guidance on Information Assurance security solutions to our Industry and Government customers regarding risk, vulnerabilities, mitigations, and threats. While it is not part of our mission to provide guidance on securing home networks, we may occasionally post information on our website as you may recall from our letter. Our Information Assurance Directorate (IAD) has providedsome information to the public that may be of interest to you. Here are some additional links that you may peruse:https://www.nsa.gov/ia/mitigation_guidance/index.shtml https://www.nsa.gov/public_info/press_room/2014/nsa_seal_scam_alert.shtml (this is a recent article the does provides a link regarding malware) https://www.nsa.gov/ia/index.shtml The last paragraph provides a video link under “IAD's Latest Security Guide Helps Customers Protect Home Networks,” and there is also a fact sheet titled “Best Practices for Keeping Your Home Network Secure.” Since the information you appear to be requesting (protecting home networks) does not fall under the purview of NSA/CSS missions, continued search of our files would not be productive. Your request will be administratively closed as an improper FOIA. If, after reviewing the information on our website, you wish to submit a FOIA request on similar topic(s), please provide enough detail to allow for an accurate and focused search. Regards, Cindy B NSA/CSS FOIA Requester Service Center (301)688-6527 <tel:%28301%29688-6527>