Documents
Department of Defense Project Maven FOIA Determination
Mar. 25, 2019
DETERMINATION OF THE CHIEF NIANAGEINIENT OFFICER
Under the authority delegated to me by the Secretary of Defense, I have determined that
the following information is exempt from disclosure under Exemption 3 of the Freedom of
Information Act (5 U.S.C . 552(b)(3)) because it meets the requirements for exemption trader
10
Project Maven infrastructure, technical, and program information.
Digitally signed by
RS AN SA HERSHMAN.LISA.W.154450564
.W.1544505641 lit-11320135118 13:4?24
$51101
Lisa W. Hershman
Acting Chief Management Officer
Date: December 18, 2018
DETERMINATION OF THE CHIEF NIANAGEINIENT OFFICER
Under the authority delegated to me by the Secretary of Defense, I have determined that
the following information is exempt from disclosure under Exemption 3 of the Freedom of
Information Act (5 U.S.C . 552(b)(3)) because it meets the requirements for exemption trader
10
Project Maven infrastructure, technical, and program information.
Digitally signed by
RS AN SA HERSHMAN.LISA.W.154450564
.W.1544505641 lit-11320135118 13:4?24
$51101
Lisa W. Hershman
Acting Chief Management Officer
Date: December 18, 2018
STATEMENT OF THE BASIS FOR THE DETERMINATION BY
THE CHIEF MANAGEMENT OFFICER
In accordance with 10 U.S.C. 130e, I reviewed information regarding Department of
Defense arti?cial intelligence information associated with Project Maven. I have
determined that this information qualifies as critical infrastructure security information as
defined by 10 U.S.C. l30e(f) because it pertains to the capabilities and limitations of critical
defense applications making use of Project Maven?s artificial intelligence technology.
Gaining this information about Project Maven, individually or in the aggregate, would
enable an adversary to identify capabilities and vulnerabilities in the Department?s approach to
artificial intelligence development and implementation. This would further provide an adversary
with the information necessary to disrupt, destroy, or damage technology, military
operations, facilities, and endanger the lives of personnel.
Project Maven infrastructure information includes artificial intelligence training data, raw
data sources, data labeling software and procedures, network management, algorithm
development, algorithm test and evaluation, ontology, data, cloud computing, transfer
learning data sources, software tools, software frameworks, hardware components, testing,
accreditation, integration, user interfaces, and retraining of Project Maven algorithm-based
technology.
Project Maven technical information includes research and engineering data, engineering
drawings, and associated lists, specifications, standards, process sheets, manuals, technical
reports, technical orders, catalog-item identi?cations, data sets, studies and analyses and related
information, and computer software executable code and source code.
Project Maven program information includes information detailing the presence,
capability, intent, readiness, timing, relative relative weaknesses, performance metrics,
location, and method of development, testing, and employment of Project Maven algorithm-
based technology.
I considered the public interest in the disclosure of Project Maven sensitive information
and weighed this against the risk of harm that might result if it were to be disclosed. Although
there is value in the public release of this information, because the risk of harm that would
reasonably result from its disclosure is extremely significant, 1 have determined that the public
interest does not outweigh its protection. Therefore, it should be exempt from disclosure.
STATEMENT OF THE BASIS FOR THE DETERMINATION BY
THE CHIEF MANAGEMENT OFFICER
In accordance with 10 U.S.C. 130e, I reviewed information regarding Department of
Defense arti?cial intelligence information associated with Project Maven. I have
determined that this information qualifies as critical infrastructure security information as
defined by 10 U.S.C. l30e(f) because it pertains to the capabilities and limitations of critical
defense applications making use of Project Maven?s artificial intelligence technology.
Gaining this information about Project Maven, individually or in the aggregate, would
enable an adversary to identify capabilities and vulnerabilities in the Department?s approach to
artificial intelligence development and implementation. This would further provide an adversary
with the information necessary to disrupt, destroy, or damage technology, military
operations, facilities, and endanger the lives of personnel.
Project Maven infrastructure information includes artificial intelligence training data, raw
data sources, data labeling software and procedures, network management, algorithm
development, algorithm test and evaluation, ontology, data, cloud computing, transfer
learning data sources, software tools, software frameworks, hardware components, testing,
accreditation, integration, user interfaces, and retraining of Project Maven algorithm-based
technology.
Project Maven technical information includes research and engineering data, engineering
drawings, and associated lists, specifications, standards, process sheets, manuals, technical
reports, technical orders, catalog-item identi?cations, data sets, studies and analyses and related
information, and computer software executable code and source code.
Project Maven program information includes information detailing the presence,
capability, intent, readiness, timing, relative relative weaknesses, performance metrics,
location, and method of development, testing, and employment of Project Maven algorithm-
based technology.
I considered the public interest in the disclosure of Project Maven sensitive information
and weighed this against the risk of harm that might result if it were to be disclosed. Although
there is value in the public release of this information, because the risk of harm that would
reasonably result from its disclosure is extremely significant, 1 have determined that the public
interest does not outweigh its protection. Therefore, it should be exempt from disclosure.