A lot of that still happens, just instead of "terrorism", it's "crime". FOIA requests for locations of camera, alpr, and other massively used and unaudited surveillance equipment are routinely denied because it will "allow criminals to circumvent". It's all silly and benchmark moving.
Yes, used to. 15 years ago trying to publish research on critical infrastructure vulnerabilities would get you a visit from the FBI (ask me how I know). Now you get invited to DC to present it in person and your remediation suggestions are taken seriously.
...that still doesn't mean they've stopped as a practice, on the whole, or through other intimidation methods. Hell, I'd argue that its current and subtle manifestation is more harmful on-the-whole than it used to be. Like, sure, the DHS voluntarily releases information, but that's discretionary and at their will. Eg, I sued the Chicago for database columns and table names after they argued it would be a security risk -- DHS gives that info about their own systems voluntarily. And that's even with case law from an ICE lawsuit that says schemas are exempt.
A lot of that still happens, just instead of "terrorism", it's "crime". FOIA requests for locations of camera, alpr, and other massively used and unaudited surveillance equipment are routinely denied because it will "allow criminals to circumvent". It's all silly and benchmark moving.