They will take some of the requests they receive and ask for the information via the FoIA procedures and then track the progress of the requests. This seemed to me to be a valuable exercise in testing out how well FoIA will work in practice, enabling people to hold the government to account for its promises regarding FoIA.
I’ve received comments from a friend that were very critical of this action (and by implication my support for it). To paraphrase, I was asked if I’d prefer that the security agencies waste time dealing with phoney FoIA requests or if I thought their time was better spent on protecting UK citizens.
I would argue in response that making FoIA requests for the purpose seeing how well FoIA works in practice is an entirely legitimate exercise, so long as it is done with care and they don’t flood the govt with frivolous requests.
If they were to carefully choose a handful of requests on the basis of there being a clear public interest in the release of the information, and no strong overriding objections (e.g. no clear reason to invoke the exemptions) then I would argue both that the exercise is a legitimate means of highlighting how well FoIA works in practice and that the burden on the departments processing the requests would be minimal. I hope and expect Spy.org.uk to do this.
If on the other hand they simply submitted every suggested request without regards to whether the information is already available elsewhere, whether the exemptions would clearly apply and whether the information requested is of real public interest, then I’d agree that would involve a waste of the government’s time and resources in processing the requests. I do not support such an exercise.
Note that any FoIA request, valid or otherwise, that is processed by the security services will take time and resources away from their core duties of protecting the country. This point along with the nature of the work they do is, I presume, the prime reason why Section 23 of the FoIA provides an absolute exemption for information supplied by, or relating to, bodies dealing with security matters (see also Section 2 on the effect of the exemptions). GCHQ, MI5 et al are all explicitly listed as being such bodies.
Of course some processing may need to be done by the security services for the purposes of determining whether the information requested is information that is supplied by or related to the security services. However ISTM that only a small fraction of the likely requests would involve the security services and the exemption will minimise the burden imposed by the remainder.
I’d add that the government has had 4 years since FoIA went through parliament in order to ensure that the security services receive the extra resources they may need to process FoIA requests.
It seems to me obvious that campaigners like spy.org.uk would mount exercises to test the FoIA out to see if, in practice, it delivers on the governments promises related to FoIA and that this is a legitimate exercise so long as it doesn’t amount to an attempt to flood the govt with requests. Given that and the 4 year implementation period, failure of the government to adequately resource the security agencies and other departments to deal with FoIA requests would seem to me to be a failure of the government to implement the Act properly and responsibility would lie squarely with the government, not those making the requests.