The Triangulation Model
We do not rely on leaks, rumors, or press releases. We rely on the "Collision of Records"—where the Agency's claims contradict its own data.
How We Prove It
Modern government is too vast to audit manually. The CFA utilizes an algorithmic approach to oversight. We ingest disparate datasets to cross-reference Legal Authority against Operational Reality. This methodology is not novel—it is the logical extension of constitutional oversight powers and statutory transparency requirements.
The First Amendment guarantees the freedom of the press and the right to petition the government for redress. The Supreme Court recognized in Department of Justice v. Reporters Committee (1989) that the Freedom of Information Act (5 U.S.C. § 552) exists to "shed light on an agency's performance of its statutory duties." Article I, Section 8 grants Congress the power of oversight—the authority to investigate how the executive branch spends appropriated funds and executes the laws. The Administrative Procedure Act (5 U.S.C. § 551 et seq.) requires agencies to publish their rules and provide public notice, creating a legal framework for transparency.
When the Procurement Data shows a purchase (Reality) that the Privacy Impact Assessment does not cover (Authority), we flag a Statutory Violation. This is not interpretation—it is arithmetic. The Privacy Act of 1974 (5 U.S.C. § 552a) requires agencies to publish System of Records Notices (SORNs) before collecting personally identifiable information. The E-Government Act of 2002 (44 U.S.C. § 3501 note) mandates Privacy Impact Assessments (PIAs) for systems that collect, maintain, or disseminate information. The Digital Accountability and Transparency Act (DATA Act) requires agencies to publish spending data in standardized formats. When these datasets contradict each other, we have identified a violation of law.
The Supreme Court affirmed in Nixon v. Administrator of General Services (1977) that "the public has a right to every man's evidence" and that executive privilege is not absolute. In Forsham v. Harris (1980), the Court clarified what constitutes "agency records" subject to disclosure. These precedents establish that government data, when it exists, belongs to the public. Our algorithmic approach simply scales this principle to the digital age.
1. The Authority
WHAT THEY MUST DO
We index the "Rules of the Road." All government action must be authorized by law. Article I, Section 8 of the Constitution grants Congress the power to make laws, and Article II, Section 3 requires the President to "take Care that the Laws be faithfully executed." The Administrative Procedure Act (5 U.S.C. § 551 et seq.) requires agencies to follow formal rulemaking procedures when creating binding regulations.
- U.S. Code & CFR: The Statutes. The United States Code is the official compilation of federal laws. The Code of Federal Regulations (CFR) contains the rules and regulations promulgated by federal agencies. Both have the force of law.
- Federal Register: SORNs & Rulemaking. The Federal Register Act (44 U.S.C. § 1501 et seq.) requires agencies to publish proposed and final rules, System of Records Notices (SORNs), and other official notices. The Federal Register is the official record of government action.
- OMB Memos: Executive mandates. Office of Management and Budget (OMB) circulars and memoranda implement statutory requirements and establish government-wide policies. OMB Circular A-11 governs capital planning, while OMB Circular A-130 establishes information management policies.
2. The Claim
WHAT THEY SAY THEY DO
We scrape the "Compliance Paperwork." Agencies are required by law to document their activities. The E-Government Act of 2002 (44 U.S.C. § 3501 note) mandates Privacy Impact Assessments (PIAs) for systems that collect, maintain, or disseminate information. The Clinger-Cohen Act (40 U.S.C. § 1401 et seq.) requires agencies to submit Exhibit 300s (Capital Asset Plans) for major IT investments. The Government Performance and Results Act (GPRA) and its modernization, the Government Performance and Results Modernization Act (GPRAMA), require agencies to publish strategic plans and performance reports.
- PIAs: Privacy Impact Assessments. Required by the E-Government Act of 2002 and OMB Memorandum M-03-22. Agencies must assess privacy risks before deploying systems that collect personally identifiable information.
- Exhibit 300s: Capital Planning. Required by OMB Circular A-11 and the Clinger-Cohen Act. Agencies must justify major IT investments, including cost, schedule, and performance metrics.
- Strategic Plans: Public goals. Required by the Government Performance and Results Modernization Act (GPRAMA). Agencies must publish strategic plans every four years and annual performance reports.
3. The Reality
WHAT THEY ACTUALLY DO
We analyze the "Exhaust Data." Government operations generate digital records that cannot be easily falsified. The Federal Funding Accountability and Transparency Act (FFATA) and the Digital Accountability and Transparency Act (DATA Act) require agencies to publish spending data in standardized formats. The Federal Acquisition Regulation (FAR) mandates that all federal procurements be recorded in the Federal Procurement Data System (FPDS). The Competition in Contracting Act (CICA) requires public notice of contract opportunities and awards.
- FPDS-NG / SAM.gov: Spending logs. The Federal Procurement Data System—Next Generation (FPDS-NG) is required by the Federal Property and Administrative Services Act and FAR Part 4. The System for Award Management (SAM.gov) consolidates federal procurement systems and is required by the Federal Acquisition Streamlining Act.
- FedRAMP Marketplace: Cloud inventory. The Federal Risk and Authorization Management Program (FedRAMP) implements OMB Memorandum M-19-03 and FISMA requirements. Agencies must use FedRAMP-authorized cloud services, and all authorizations are published in the FedRAMP Marketplace.
- Job Postings: Hiring intent. Federal job postings on USAJOBS.gov reveal agency priorities, technical requirements, and operational capabilities. These postings are public records that reflect actual agency activities, not aspirational goals.
The FOIA Factory
Public data has gaps. When our Triangulation Model identifies a "Missing Artifact" (e.g., a System is live but has no ATO date), we trigger a targeted Freedom of Information Act (FOIA) request. The Freedom of Information Act (5 U.S.C. § 552), enacted in 1966 and strengthened by amendments in 1974, 1996 (E-FOIA), and 2016 (FOIA Improvement Act), establishes the public's right to access government records. The Act's purpose, as stated in its text, is to ensure "an informed citizenry" that can "check against corruption and hold the governors accountable to the governed."
The FOIA Improvement Act of 2016 established a "presumption of openness," requiring agencies to release information unless they can demonstrate that disclosure would cause specific, identifiable harm. The Supreme Court ruled in Department of Justice v. Reporters Committee (1989) that FOIA's purpose is to "shed light on an agency's performance of its statutory duties." In National Archives and Records Administration v. Favish (2004), the Court clarified the privacy exemption, and in Milner v. Department of the Navy (2011), it narrowed the scope of certain exemptions, reinforcing the presumption of disclosure.
We do not send generic "fishing expeditions." We request specific document control numbers, citing the statutory requirement that triggered the document's creation. This precision makes our requests harder to deny and faster to process. When an agency claims an exemption, we challenge it by demonstrating that the public interest in disclosure outweighs any asserted harm, as required by the FOIA Improvement Act of 2016.
Historical examples demonstrate FOIA's power. The Pentagon Papers were obtained through FOIA requests. Watergate investigations relied on public records. The Church Committee's revelations about intelligence agency abuses were enabled by transparency laws. We continue this tradition, using FOIA not as a last resort, but as a systematic tool for verification.
The Legal Foundation of Data Access
The CFA's methodology is grounded in constitutional and statutory law. The First Amendment guarantees the freedom of the press and the right to petition the government—rights that are meaningless without access to information. The public trust doctrine holds that government information belongs to the people, not to the agencies that create it. The Supreme Court recognized this principle in Nixon v. Administrator of General Services (1977), ruling that executive privilege is not absolute and that the public has a right to access government records.
The statutory framework for transparency is comprehensive. The Freedom of Information Act (5 U.S.C. § 552) establishes the right to access agency records. The Privacy Act of 1974 (5 U.S.C. § 552a) requires agencies to publish System of Records Notices (SORNs) and limits data collection to what is specified in those notices. The Administrative Procedure Act (5 U.S.C. § 551 et seq.) requires agencies to publish proposed and final rules, providing public notice and opportunity for comment. The Digital Accountability and Transparency Act (DATA Act) mandates that agencies publish spending data in standardized, machine-readable formats.
These laws create a legal obligation for agencies to be transparent. When agencies fail to comply, they violate the law. Our methodology simply automates the process of identifying these violations by comparing what the law requires against what agencies actually do.
Historical Precedents for Verification
The CFA's triangulation methodology builds on established oversight techniques. The Government Accountability Office (GAO) has used comparative analysis for decades, comparing agency claims against procurement records, budget documents, and performance data. Congressional oversight investigations have long relied on the "paper trail"—following documents from authorization to execution to verify compliance. Inspector General audits use similar techniques, comparing agency statements against operational records.
The Truman Committee (1941-1948) exemplified this approach. Senator Harry Truman did not accept the War Department's reports at face value. He visited construction sites, examined contracts, and compared spending records against physical evidence. His committee saved billions by identifying waste and corruption through systematic verification. The Church Committee (1975-1976) used document analysis to uncover decades of illegal surveillance, comparing agency denials against internal records and whistleblower testimony.
Modern oversight bodies continue this tradition. The GAO's audit methodologies involve comparing agency claims against procurement data, budget documents, and performance metrics. Congressional investigations use document requests, subpoenas, and public records to verify agency statements. Inspector Generals conduct audits that compare agency policies against operational reality. The CFA applies these same principles at scale, using algorithms to process the vast volume of digital records that modern government generates.
The Algorithmic Mandate
Modern government operates at a scale that makes manual oversight impossible. The federal government spends over $4 trillion annually, manages millions of contracts, and operates thousands of information systems. No human auditor can review all of this data. But algorithms can. The Government Performance and Results Act (GPRA) and the Government Performance and Results Modernization Act (GPRAMA) require agencies to publish performance data. The Evidence-Based Policymaking Act mandates that agencies use data to inform decisions. These laws create a legal framework for algorithmic oversight.
Our algorithmic approach is not a replacement for human judgment—it is a tool that enables human auditors to focus on the most significant violations. By automatically comparing legal requirements against operational data, we identify discrepancies that warrant investigation. This is not surveillance; it is verification. We are not creating new requirements; we are enforcing existing laws. The Freedom of Information Act, the Privacy Act, the Administrative Procedure Act, and dozens of other transparency statutes already require agencies to publish this information. We simply analyze what they have already published.
Technology enables enforcement of existing laws. The Digital Accountability and Transparency Act (DATA Act) requires agencies to publish spending data in standardized formats precisely so that it can be analyzed algorithmically. The E-Government Act of 2002 mandates that agencies publish information online, making it accessible to automated analysis. The Paperwork Reduction Act (44 U.S.C. § 3501 et seq.) requires agencies to minimize paperwork burdens, but it also requires them to publish the information they do collect. We use this published information to verify compliance with the law.
The algorithmic mandate is not about replacing human oversight—it is about scaling oversight to match the scale of modern government. The Constitution requires that government be accountable to the people. The statutes require that government be transparent. Technology enables us to enforce these requirements at the speed and scale that modern government demands.