Freedom of Information Request: Azure OpenAI Service usage at the Department of Defense
It is a clone of this request.
| Submitted | Sept. 6, 2024 |
| Est. Completion | None |
MuckRock users can file, duplicate, track, and share public records requests like this one. Learn more.
Communications
From: Kyle Wiggers
To Whom It May Concern:
Pursuant to the Freedom of Information Act, I hereby request the following records:
Public reports show that Microsoft's Azure cloud platform powers the Department of Defense's (DoD's) cloud computing efforts, specifically its Joint Warfighting Cloud Capability (JWCC) effort. (https://www.microsoft.com/en-us/federal/JWCC.aspx & https://azure.microsoft.com/en-us/explore/global-infrastructure/government). The Azure OpenAI Service, a managed service provided in partnership with OpenAI, is available to Azure cloud customers.
I am requesting:
1) All instructional materials, presentation materials (including PowerPoint files, prepared remarks and slide formats) and other guidance about usage of the Azure OpenAI Service produced by the DoD.
2) A copy of any use policies, standard operating procedures, data retention policies, legal opinions, warrants, non-disclosure agreements, liability waivers, insurance agreements, letters of interest, usage policies or informal agreements between the DoD and Microsoft regarding the Azure OpenAI Service. Please include any of the above between government agencies and Microsoft as well as OpenAI.
3) A copy of any funding opportunity announcements, grant applications and grantor status/ progress reports, reports to legislative bodies, annual reports that mention the Azure OpenAI Service, as well as audit records, including but not limited to security audits of the software, misuse reports and reports to oversight bodies.
4) Any digital communications including but not limited to emails and text messages as well as documents (including but not limited to PDF, word processing, spreadsheets and slide documents) that mention the Azure OpenAI Service (including all attachments) between the DoD and Microsoft as well as OpenAI.
5) Any case reports in which the Azure OpenAI Service was disconnected, shut down or changed in some way due to privacy or security concerns.
6) Any digital communications (including but not limited to emails and text messages) between the DoD and Microsoft (@microsoft.com), OpenAI (@openai.com) or their representatives.
To help narrow the extent of the responsive documents, please limit searches to: April 15, 2024 through the time this request is processed. Please delivery these documents on a rolling basis as responsive documents are found.
The requested documents will be made available to the general public, and this request is not being made for commercial purposes.
In the event that there are fees, I would be grateful if you would inform me of the total charges in advance of fulfilling my request. I would prefer the request filled electronically, by e-mail attachment if available or CD-ROM if not.
Thank you in advance for your anticipated cooperation in this matter. I look forward to receiving your response to this request within 20 business days, as the statute requires.
Sincerely,
Kyle Wiggers
From: Kyle Wiggers
I'm following up on the request.
From: Kyle Wiggers
I'm following up on the request.
From: Defense Information Systems Agency
Good Morning-
I am forwarding this email to the proper group.
Please assist.
V/R
Ms. Jamie Herrera
DISA, Office of the General Counsel
Management Support Specialist
(301)225-6100 GC Main Line
(301)225-6119 Direct line
CONFIDENTIALITY NOTICE On Behalf Of OGC: This email is intended only for the
personal and confidential use of the recipient(s) designated above. It may
contain an attorney-client communication or represent attorney work product
and therefore is legally privileged. If you are not the intended recipient of
the communication (or an agent responsible for delivering it to the intended
recipient), you are hereby notified that any review, disclosure or use of the
information contained herein is STRICTLY PROHIBITED. Any disclosure requires
authorization of the Defense Information Systems Agency Office of the General
Counsel. //
-
image001
From: Kyle Wiggers
I'm following up.
From: Defense Information Systems Agency
I am writing to apologize for the delay in responding to your follow-up inquiry regarding your FOIA request , Unfortunately, due to a technical issue with our FOIA transaction system, your follow-up inquiry was not properly processed, resulting in an unacceptable delay.
Please accept our sincerest apologies for the inconvenience this has caused. We understand the importance of timely and efficient responses to FOIA requests, and we regret that we have fallen short of this standard in your case.
Looking through your FOIA request i like to bring up that The Chief Digital and Artificial Intelligence Office (CDAO) is a part of the U.S. Department of Defense (DoD) and is a separate organization from the Defense Information Systems Agency (DISA).
The CDAO was established in 2022 as a direct reporting office to the Secretary of Defense, with the goal of accelerating the adoption of digital and artificial intelligence (AI) technologies across the DoD.
I feel as if CDAO would be a better organization regarding these records you are requesting.
Please let me know what you think
From: Kyle Wiggers
Please refer me to CDAO. Thank you.
From: Kyle Wiggers
I'm following up.
From: Defense Information Systems Agency
Good afternoon,
Regarding this request, you sent this request to the CADO FOIA office back on Aug/08/2024, They then closed it out on Sep/05/2024 given it FOIA case number 24-F-2076
Regarding the FOIA request its important to know There is no central FOIA processing point for records for the entire Department of Defense (DoD). FOIA processing is decentralized and delegated to those officials of the Military Departments and various DoD Components who generate and/or maintain the records being sought or reviewed.
With that being said we are going to work this from DISA side as best as we can.
Regarding your questions:
1) DISA has DISA specific guidance about AI and how it shouldn’t be used to process CUI or more sensitive data, we do not provide DOD wide guidance.
2) the request is so broad we recommend that you perfect your request to a more narrowed scope in providing a specific timeframe, topic, agency/office
3) the request is so broad we recommend that you perfect your request to a more narrowed scope in providing a specific timeframe, topic, agency/office as DISA does not do
grants.
4) the request is so broad we recommend that you perfect your request to a more narrowed scope in providing a specific timeframe, topic, agency/office
5) the request is so broad we recommend that you perfect your request to a more narrowed scope in providing a specific timeframe, topic, agency/office with It being more of a question to Microsoft, which doesn’t fall under FOIA
6) This is so broad it requires querying each Component and Service to answer it fully as written, and every individual would have to be queried.
From: Defense Information Systems Agency
Good afternoon,
Regarding this request, you sent this request to the CADO FOIA office back on Aug/08/2024, They then closed it out on Sep/05/2024 given it FOIA case number 24-F-2076
Regarding the FOIA request its important to know There is no central FOIA processing point for records for the entire Department of Defense (DoD). FOIA processing is decentralized and delegated to those officials of the Military Departments and various DoD Components who generate and/or maintain the records being sought or reviewed.
With that being said we are going to work this from DISA side as best as we can.
Regarding your questions:
1) DISA has DISA specific guidance about AI and how it shouldn’t be used to process CUI or more sensitive data, we do not provide DOD wide guidance.
2) the request is so broad we recommend that you perfect your request to a more narrowed scope in providing a specific timeframe, topic, agency/office
3) the request is so broad we recommend that you perfect your request to a more narrowed scope in providing a specific timeframe, topic, agency/office as DISA does not do
grants.
4) the request is so broad we recommend that you perfect your request to a more narrowed scope in providing a specific timeframe, topic, agency/office
5) the request is so broad we recommend that you perfect your request to a more narrowed scope in providing a specific timeframe, topic, agency/office with It being more of a question to Microsoft, which doesn’t fall under FOIA
6) This is so broad it requires querying each Component and Service to answer it fully as written, and every individual would have to be queried.
From: Defense Information Systems Agency
Good morning,
Please provide a response regarding the above statement as we are unable to process the FOIA without changes being made.
If a response is not provided by 01/09/2024 we will close this FOIA
If you have questions please feel free to reach out.
From: Kyle Wiggers
Apologies for the delay.
Thank you for your response and for clarifying the challenges in processing my initial FOIA request. Based on your feedback, I have refined my request to ensure it is specific, actionable, and focused on DISA-related records. I hope this updated request will facilitate a more efficient and productive search for the relevant documents.
Refined Request
Instructional and Presentation Materials
Please provide any instructional or presentation materials (e.g., PowerPoint slides, prepared remarks, internal memos, or training materials) created or used by DISA or its subordinate components between April 15, 2024, and December 31, 2024, specifically addressing the Azure OpenAI Service.
Policy and Agreement Documents
Provide copies of DISA-specific policies, agreements, or procedures related to Azure OpenAI Service usage, such as:
- Non-disclosure agreements (NDAs),
- Liability waivers,
- Internal guidelines, directives, or standard operating procedures concerning AI tools.
Audit and Security Reports
Supply any audit reports, security reviews, incident documentation, or misuse reports explicitly referencing the Azure OpenAI Service, created between April 15, 2024, and December 31, 2024.
Digital Communications
Provide digital communications (e.g., emails, text messages) exchanged between DISA personnel and representatives of Microsoft (@microsoft.com) or OpenAI (@openai.com) from April 15, 2024, to December 31, 2024. Limit the scope to discussions specifically involving:
- Security protocols,
- Compliance requirements, or
- Operational integration of the Azure OpenAI Service.
Case Reports
Provide case reports or documentation detailing incidents where the Azure OpenAI Service was disconnected, modified, or restricted due to privacy or security concerns. Limit the scope to incidents occurring between April 15, 2024, and December 31, 2024.
Additional Information
I trust this revised scope addresses your concerns about the breadth of my initial request. By narrowing the focus to DISA-specific records and specifying a timeframe, I aim to facilitate processing.
Thank you for your previous guidance and for your efforts in addressing this request. Should you require further clarification or additional refinements, please do not hesitate to reach out. I appreciate your time and assistance.
From: Muckrock Staff
To Whom It May Concern:
I wanted to follow up on the following Freedom of Information Act request, copied below, and originally submitted on Sept. 6, 2024. Please let me know when I can expect to receive a response.
Thanks for your help, and let me know if further clarification is needed.
From: Defense Information Systems Agency
Policy and Agreement Documents
Provide copies of DISA-specific policies, agreements, or procedures related to Azure OpenAI Service usage, such as:
- Non-disclosure agreements (NDAs), (will not be able to provide)
- Liability waivers, (will not be able to provide)
- Internal guidelines, directives, or standard operating procedures concerning AI tools. (if guidances is out there i will be able to find)
Audit and Security Reports
Supply any audit reports, security reviews, incident documentation, or misuse reports explicitly referencing the Azure OpenAI Service, created between April 15, 2024, and December 31, 2024.
(While I'm not certain the information will be available through this method, it's worth pursuing. I will reach out to the POC to inquire about the possibility and explore whether they have any relevant data or insights.)
Digital Communications
Provide digital communications (e.g., emails, text messages) exchanged between DISA personnel and representatives of Microsoft (@microsoft.com) or OpenAI (@openai.com) from April 15, 2024, to December 31, 2024. Limit the scope to discussions specifically involving:
(Instead of searching across all DISA employees, which would be overly broad and inefficient, a more targeted approach would be to identify the specific organizations responsible for the information in question. Focusing the search within those organizations will significantly reduce the scope and yield more relevant results, leading to a faster and more effective information retrieval process.)
Case Reports
Provide case reports or documentation detailing incidents where the Azure OpenAI Service was disconnected, modified, or restricted due to privacy or security concerns. Limit the scope to incidents occurring between April 15, 2024, and December 31, 2024.
(While I'm not certain the information will be available through this method, it's worth pursuing. I will reach out to the POC to inquire about the possibility and explore whether they have any relevant data or insights.)
Please let me know if this is acceptable.
From: Muckrock Staff
To Whom It May Concern:
I wanted to follow up on the following Freedom of Information Act request, copied below, and originally submitted on Sept. 6, 2024. Please let me know when I can expect to receive a response.
Thanks for your help, and let me know if further clarification is needed.
From: Kyle Wiggers
This is acceptable, thank you.
From: Defense Information Systems Agency
Forwarding to the proper FOIA email address.
V/R
Jamie Herrera
Administrative Support Specialist
EA-SES Ms. Lia Wentworth -GC
Office of the General Counsel (J0)
DISA
6910 Cooper Ave.
Fort Meade, MD 20755
Phone: 301-255-6100
Email: <mailto:jamie.l.herrera6.civ@mail.mil%20> jamie.l.herrera6.civ@mail.mil
Visit us at <https://disa.mil/> DISA.mil & check us out on social media!
<https://linkedin.com/company/DISADOD> <https://x.com/DISADOD> <https://facebook.com/DISADOD> <https://youtube.com/@DISADOD>
CONFIDENTIALITY NOTICE - PRIVILEGED COMMUNICATION
This email may contain an attorney-client communication or attorney work product and is legally privileged. If you are not the intended recipient of the communication (or an agent responsible for delivering it to the intended recipient), you are hereby notified that any review, disclosure or use of the information contained herein is STRICTLY PROHIBITED. Any disclosure requires authorization of the Defense Information Systems Agency Office of the General Counsel.
From: Defense Information Systems Agency
Forwarding to the proper FOIA email address.
V/R
Jamie Herrera
Administrative Support Specialist
EA-SES Ms. Lia Wentworth -GC
Office of the General Counsel (J0)
DISA
6910 Cooper Ave.
Fort Meade, MD 20755
Phone: 301-255-6100
Email: <mailto:jamie.l.herrera6.civ@mail.mil%20> jamie.l.herrera6.civ@mail.mil
Visit us at <https://disa.mil/> DISA.mil & check us out on social media!
<https://linkedin.com/company/DISADOD> <https://x.com/DISADOD> <https://facebook.com/DISADOD> <https://youtube.com/@DISADOD>
CONFIDENTIALITY NOTICE - PRIVILEGED COMMUNICATION
This email may contain an attorney-client communication or attorney work product and is legally privileged. If you are not the intended recipient of the communication (or an agent responsible for delivering it to the intended recipient), you are hereby notified that any review, disclosure or use of the information contained herein is STRICTLY PROHIBITED. Any disclosure requires authorization of the Defense Information Systems Agency Office of the General Counsel.
From: Defense Information Systems Agency
Good morning,
This email provides an update on your request for information concerning the Defense Information Systems Agency (DISA) Joint Warfighting Cloud Capability (JWCC) offerings with Microsoft, specifically regarding the Azure OpenAI Service.
Our comprehensive search across relevant JWCC records yielded the following:
Policy and Agreement Documents: No internal guidelines, directives, or Standard Operating Procedures (SOPs) concerning AI tools, specifically referencing the Azure OpenAI Service, were identified.
Audit and Security Reports: No audit reports, security reviews, incident documentation, or misuse reports explicitly mentioning the Azure OpenAI Service, created between April 15, 2024, and December 31, 2024, were located.
Case Reports: No case reports or documentation detailing incidents where the Azure OpenAI Service was disconnected, modified, or restricted due to privacy or security concerns between April 15, 2024, and December 31, 2024, were found.
We did identify one potential avenue of inquiry within the Risk Management Executive and Authorizing office. However, we anticipate that any information retrievable from this source would likely be limited to publicly available information regarding the capabilities and security posture of the Azure OpenAI Service. We are prepared to pursue this avenue should you deem it necessary, but we wanted to advise you of the expected outcome.
As previously discussed, the Chief Digital and Artificial Intelligence Office (CDAO) holds primary responsibility for overseeing Department of Defense (DoD) AI programs, guidelines, and related aspects. Therefore, we believe the CDAO is the most appropriate entity to fulfill your request comprehensively. We recommend directing your inquiry to the CDAO for the most relevant and complete information
Please do not hesitate to contact us if you have any further questions. Please provide a response if you wish us to gothrough with the email search.
From: Kyle Wiggers
Thank you.
From: Defense Information Systems Agency
Could you please proivde a response if you wish us to gothrough with the email search. we anticipate that any information retrievable from this source would likely be limited to publicly available information regarding the capabilities and security posture of the Azure OpenAI Service.
If not we will send a formal clossing letter.
Thank you.