To Whom It May Concern:
Pursuant to the Freedom of Information Act, I hereby request the following records:
I hereby request copies of records in the possession of {Agency} (including all relevant subcomponents and offices) concerning the development, evaluation, use, procurement, or employment of surveillance tools, methods, or programs designed to identify, de-anonymize, monitor, track, or attribute users of privacy-enhancing technologies (PETs) and related platforms. This request covers records from January 1, 2010 to the present.
Scope of Technologies and Subjects:
This request seeks records related to efforts involving the following technologies, tools, and systems:
Mix networks and anonymizing routing systems, including but not limited to the Nym network and Loopix mixnet design.
The Tor anonymity network and I2P (Invisible Internet Project).
Veilid and similar emerging privacy networks and peer-to-peer privacy platforms.
Virtual Private Networks (VPNs), including surveillance of VPN traffic, monitoring of VPN exit nodes, upstream internet service provider data collection related to VPN operation, and intermediary or collusion efforts involving upstream network providers.
Encrypted DNS resolvers and services using DNS-over-HTTPS (DoH) or DNS-over-TLS (DoT).
Encrypted or privacy-focused search services, including DuckDuckGo, Startpage, and open-source meta-search platforms such as Searx/SearxNG.
Secure or decentralized messaging platforms and protocols, such as the Matrix communications protocol (used by clients like Element), SimpleX Chat, and other platforms commonly used for private communications.
Surveillance of IXPs, backbone networks, and upstream/downstream providers insofar as data collection or monitoring is used to analyze, identify, or correlate traffic for the categories above.
Privacy-preserving cryptocurrency systems and tools, including:
Cryptocurrency mixers and anonymity tools such as Tornado Cash, Wasabi Wallet, Samourai Wallet, CoinJoin implementations, and similar services designed to obfuscate blockchain transaction trails.
Analytics, forensics, or de-anonymization efforts applied to cryptocurrency transactions and blockchain networks, including internal programs, external vendor collaborations, or analytic platforms used to trace, attribute, or correlate cryptocurrency activity.
Surveillance, monitoring, or disruption of decentralized exchanges (DEXs), peer-to-peer trading platforms, self-hosted or unhosted wallets, and decentralized financial systems insofar as these efforts are associated with privacy or anonymity.
This request concerns records about the tools, programs, projects, policies, and methods themselves and not records of individual investigations or case files where privacy tools were merely used by subjects. Where responsive records are mixed with individual investigation materials, I request release of non-case-specific material with appropriate redactions.
Types of Records Requested:
Responsive material includes, but is not limited to, the following categories:
Internal or interagency policies, directives, memoranda, guidance documents, manuals, or standard operating procedures that describe stance, protocols, rules, or governance regarding the above technologies.
Technical documentation, evaluations, reports, research studies, pilot project documentation, vulnerability analyses, traffic analysis techniques, de-anonymization research, or capability assessments relating to identifying, attributing, or defeating privacy protections in these tools.
Training materials, presentations, slides, handbooks, briefings, or instructor notes provided to agency personnel discussing techniques, capabilities, methods, or lawful use of tools for surveillance or attribution of the technologies listed above.
Procurement and contracting records, including requests for proposals, solicitations, purchase orders, agreements, contract modifications, vendor bids or quotes, invoices or summaries, deliverables lists, and communications with private vendors or contractors relating to products or services intended to monitor, infiltrate, analyze, or de-anonymize these technologies.
Legal memoranda, opinions, assessments, or compliance analyses (including materials from the Office of General Counsel, Department of Justice, or other legal units) evaluating the legal authority, limitations, privacy impact assessments, Fourth Amendment considerations, or statutory constraints for agency surveillance activities involving these systems.
Internal communications and correspondence, including emails, meeting minutes, memoranda, chat logs, or notes between agency personnel, external researchers, contractors, academic partners, vendors, or other government entities discussing the development, evaluation, use, procurement, performance, capabilities, results, concerns, or initiatives aimed at the surveillance, monitoring, correlation, tracking, de-anonymization, or attribution of these technologies.
Please interpret “records” broadly to include all formats (paper, electronic, video, audio, databases, spreadsheets, chat logs, calendars, readouts, architecture diagrams, or similar).
Search and Compliance Request:
Conduct a thorough search of all offices, divisions, laboratories, research groups, contracting/procurement systems, training systems, legal units, technical development units, intelligence/cyber units, and any other repositories likely to contain responsive material. If parts of this request are more easily searchable than others, I am willing to accept rolling productions of records.
If responsive records have been destroyed, transferred, lost, or are otherwise unavailable, please provide any records that describe the disposition, destruction schedules, retention policies, or transfers of such records.
If records are classified or contain sensitive information, please provide all reasonably segregable non-exempt portions as required by FOIA and specify the exemption(s) relied upon for any redactions or withholdings.
Format and Delivery:
I request that responsive records be provided in electronic format (PDF or native digital formats) via email or secure download link. If files are too large for email, please inform me so we can arrange alternative delivery. Do not send redundant paper copies for records that already exist digitally.
Exemptions and Segregability:
I acknowledge that some materials may be exempt from disclosure under FOIA exemptions (e.g., Exemptions 1, 3, 7(E), etc.). Please apply redactions only where necessary and release all reasonably segregable non-exempt material. For withheld records, please provide a detailed justification specifying the particular exemption(s) and the legal basis for each withholding.
If you determine that the existence or non-existence of records is itself sensitive, and you are contemplating a “neither confirm nor deny” response (Glomar), please contact me to discuss narrowing or clarifying the request to facilitate a lawful search and partial disclosure where possible.
The requested documents will be made available to the general public, and this request is not being made for commercial purposes.
In the event that there are fees, I would be grateful if you would inform me of the total charges in advance of fulfilling my request. I would prefer the request filled electronically, by e-mail attachment if available or CD-ROM if not.
Thank you in advance for your anticipated cooperation in this matter. I look forward to receiving your response to this request within 20 business days, as the statute requires.
