Copyright 2022 All Rights Reserved.

August 7, 2022

IL Attorney General Redacted Public Contracts With CrowdStrike And Others –

By John Kraft & Kirk Allen

On September 27, 2021

SPRINGFIELD, IL. (ECWd) –

While attempting to figure out the costs of the network hack from April 2021 (here is our initial report) on the Illinois Attorney General’s computers and servers, we requested meeting minutes of the open public meetings, only to find them either redacted or not provided. We also requested the recordings of the open public meetings, only to find them not provided (except for one meeting) because the AG wanted to redact them (those issues in this article).

After we sued the AG, they unredacted two of the meeting minutes at their next meeting, but have not unredacted the remainder, and they haven’t produced the remaining recordings either.

Next, we took a different approach to obtain the information.

Knowing that Section 1(c) of the Illinois Constitution and Sections 3(b) and 4 of the State Records Act both require “Reports and records of the obligation, receipt and use of public funds . . . are public records available for inspection by the public” (with very few exceptions), we submitted a Freedom of Information Act request for the contracts approved by or passed through the Procurement Policy Control Board of the Attorney General.

To our surprise, some of the responsive records were redacted. The redactions were within the contracts for software and services, and in our opinion, should have been provided unredacted – especially since the exact same information is available to the public on the vendor’s website.

Here are a couple examples – (See pics of comparison examples of Page 18 and Page 19 discussed below):

  • In the CROWD STRIKE Statement of Work agreement, the AG’s office redacted pages 3, 4, 6, 8, 9, 18, 19, 28, 29, 31, and 32.
  • Much of the redacted information appears to be public information and found on the CrowdStrike website (here)
  • On page 18 of the SOW, the AG redacted what appears to be the words “correlative and/or contextual data, and/or detections“:
    • EXAMPLE, on page 18 of the SOW, are their redactions under “CrowdStrike Data” which appears to be exactly the same as the paragraph on CrowdStrike’s own webpage:  https://www.crowdstrike.com/terms-conditions/
    • “CrowdStrike Data” shall mean the data generated by the CrowdStrike Offerings, including but not limited to, correlative and/or contextual data, and/or detections. For the avoidance of doubt, CrowdStrike Data does not include Customer Data.
  • On page 19 of the SOW, the AG redacted what appears to be the words “Falcon OverWatch” and “Falcon Complete Team“:
    • EXAMPLE, on page 19 is their redactions under “Product-Related Services” which appears to be exactly the same as the paragraph on CrowdStrike’s own webpage:  https://www.crowdstrike.com/terms-conditions/
    • “Product-Related Services” means, collectively, (i) Falcon OverWatch, (ii) Falcon Complete Team, (iii) the technical support services for certain Products provided by CrowdStrike, (iv) training, and (v) any other CrowdStrike services provided or sold with Products. Product-Related Services do not include Professional Services.

Other redactions are also found on the vendor’s webpage, but the point is, we cannot write about these contracts and state with certainty that the Attorney General’s office purchased Falcon OverWatch and Falcon Complete Team, because it is redacted in the documents provided to us under FOIA – even though we believe we know what is lingering under those redactions.

Now we must decide whether to sue them under FOIA again, or ignore the redactions – and we have made it a policy to not ignore unreasonable redactions. These are public records and should have been provided.

SHARE THIS

Share on facebook
Share on twitter
Share on print

RELATED

4 Comments
  • Dave
    Posted at 18:59h, 27 September

    Speaking of contracts. Our governor stomps on the Illinois state constitution’s Bill of Rights again, Pritzker is nothing short of a dictator. The governor has no lawful authority to suspend the Illinois Bill of Rights. Article one, section two of the Illinois constitution states:

    SECTION 2. DUE PROCESS AND EQUAL PROTECTION
    No person shall be deprived of life, liberty or property
    WITHOUT due process of law nor be denied the equal protection
    of the laws. ~ (Source: Illinois Constitution

    SECTION 16. EX POST FACTO LAWS AND IMPAIRING CONTRACTS
    No ex post facto law, or law impairing the obligation of
    contracts or making an irrevocable grant of special
    privileges or immunities, shall be passed.
    (Source: Illinois Constitution.)

    Our attorney general needs to rein in Pritzker

    • Pete
      Posted at 17:33h, 28 September

      The illegality is out of control!
      The criminals are getting away with everything!

  • Dave
    Posted at 19:01h, 27 September

    My above comment pertains to the unlawful Illinois’ eviction moratorium

  • PK
    Posted at 00:53h, 28 September

    Nifty workaround!

    With this news, I was reminded to check on the status of the AG’s on-line consumer complaint portal. Woohoo…it appears to be active/working again!

    If the matter can’t be ignored, try the AG’s on-line consumer complaint portal. The article here is already describing the nature of the problem/complaint in detail. Also, the complaint could be submitted by either the ECWd’s; or for being more apropos, an individual member of the public.

    The AG’s office divisions are many, So, if nothing else, such a complaint might just turn a few office heads.

$