Long-standing policy of requiring four fields for any given email search struck down

Represented by National Security Counselors, MuckRock’s lawsuit over the Central Intelligence Agency’s CREST database continues to yield dividends. The most recent win: A ruling that the CIA can’t require you to know both who sent and received an email when requesting electronic records.

The CIA’s practice was unusual: The Agency, which still does not accept emailed requests citing security risks dozens of other agencies are able to overcome, maintained that it could only search for emails if four criteria were provided.

Those criteria were ‘to’ and ‘from’ recipients, time frame, and subject.

When taken to court, the CIA admitted that it could, indeed, search for email with less information but still required those four categories when new requests were filed.

On February 28, 2018, U.S. District Judge Ketanji Brown Jackson issued a ruling that found this policy — which the CIA disputed even existed despite the agency’s own letters stating the policy— was a violation of FOIA.

“This isn’t the first victory in this case, and it might not even be the greatest, since it’s hard to top the public release of CREST, but it might be the most far-reaching, since it benefits all requesters for CIA email records everywhere, as well as sending a clear signal to the CIA that these sorts of kneejerk categorical policies are bad FOIA,” said Kel McClanahan, executive director of National Security Counselors who represented MuckRock in the case pro bono.

But even after four years of litigation, the fight is not quite over yet and more important documents are still at stake.

“We’re still waiting on the entirety of CIA’s internal regulatory database,” noted McClanahan, “which will be a treasure trove for scholars and researchers who want to know what rules CIA applies to itself that the public doesn’t know about.”

Read the full ruling below.

Image via Spyculture.com