United States District Court, D. Columbia.
[Copyrighted Material Omitted]
[Copyrighted Material Omitted]
[Copyrighted Material Omitted]
For AGILITY PUBLIC WAREHOUSING COMPANY K.S.C., also known as AGILITY, also known as PUBLIC WAREHOUSING COMPANY, Plaintiff: Kristin N. Tahler, LEAD ATTORNEYS, PRO HAC VICE, QUINN EMANUEL URQUHART & SULLIVAN LLP, Los Angeles, CA; Matthew E. Sloan, Richard Marmaro, LEAD ATTORNEYS, PRO HAC VICE, David Brandon Leland, SKADDEN, ARPS, SLATE, MEAGHER & FLOM LLP, Los Angeles, CA.
For NATIONAL SECURITY AGENCY, Defendant: Steven Y. Bressler, LEAD ATTORNEY, U.S. DEPARTMENT OF JUSTICE, Washington, DC.
BERYL A. HOWELL, United States District Judge.
The plaintiff, Agility Public Warehousing Company K.S.C., brings suit against the National Security Agency (" NSA" ), pursuant to the Freedom of Information Act (" FOIA" ), 5 U.S.C. § 552. As part of its FOIA request, the plaintiff sought " all [of the] email, letter, telephonic, or other communications" of the plaintiff in the NSA's possession. See Compl. ¶ 11, ECF No. 1. Relying on information leaked to the media regarding various classified NSA communication collection programs, the plaintiff argues that the NSA " indiscriminately collect[s] millions of telephone and email communications" from U.S. citizens and therefore maintains records of the plaintiff's historical communications. See Pl.'s Mem. Supp. Cross-Mot. Summ. J. (" Pl.'s Mem." ) at 1, ECF No. 19-1. The NSA, however, issued a " Glomar" response--neither confirming nor denying the existence of records responsive to the plaintiff's request.
The plaintiff challenges the NSA's provision of a " Glomar" response regarding the requested documents as well as the adequacy of the NSA's search efforts for certain other requested documents. Now pending before the Court are the parties' cross motions for summary judgment. For the reasons stated below, the NSA's motion for summary judgment is granted and the plaintiff's cross-motion for summary judgment is denied.
A. The Plaintiff's FOIA Request
The plaintiff is a Kuwaiti logistics company that provided food to U.S. troops
stationed in Iraq, Kuwait, Qatar, and Jordan from 2003 through 2010, as part of a series of contracts with the Defense Logistics Agency. Compl. ¶ 3. On November 9, 2009, the plaintiff was indicted in the Northern District of Georgia on charges of conspiracy to defraud the United States in violation of 18 U.S.C. § 371, major fraud against the United States in violation of 18 U.S.C. § 1031, and wire fraud in violation of 18 U.S.C. § 1343, stemming from the plaintiff's provision of goods under these contracts. The charges remain pending. See United States v. The Public Warehousing Co., K.S.C., No. 1:09-CR-490 (N.D.Ga. 2009). The plaintiff was also sued in that same court for violations of the False Claims Act, 31 U.S.C. 3729 et seq., which violations likewise stem from the plaintiff's provision of goods to U.S. soldiers. See United States ex rel. Kamal Mustafa Al-Sultan v. The Public Warehousing Company, K.S.C., No. 1:05-CV-2968 (N.D.Ga. 2005). In defending against these civil and criminal charges, the plaintiff " makes extensive use of email and telephone communications" to communicate from Kuwait with its U.S.-based attorneys at Skadden, Arps, Slate, Meagher & Flom LLP (" Skadden" ). Decl. of Emily L. Aviad ¶ 9 (" Pl.'s Aviad Decl." ), ECF No. 19-3. Skadden was a " customer of Verizon Business Network Services from 2010 through the first quarter of 2014."  See Suppl. Decl. of Emily L. Aviad ¶ 2 (" Pl.'s Aviad Suppl. Decl." ), ECF No. 26-1.
On December 19, 2013, the plaintiff submitted a FOIA request to the NSA seeking seven categories of documents: (1) " all email, letter, telephonic, or other communications" by the plaintiff; (2) the name of any U.S. or foreign communications provider that intercepted the plaintiff's communications; (3) documents relating to two contracts between the plaintiff and Defense Supply Center Philadelphia; (4) documents relating to the two lawsuits brought against the plaintiff in the Northern District of Georgia; (5) all communications between the NSA and any other investigative or law enforcement agency regarding the plaintiff; (6) documents pertaining to meetings among employees or contractors of any of the Department of Justice, the Office of the Director of National Intelligence, and the NSA regarding the plaintiff; and (7) documents pertaining to meetings between employees or contractors of the NSA and employees or contractors of the Federal Bureau of Investigation, the Central Intelligence Agency, the Department of Defense, and the Department of Homeland Security, relating to the plaintiff. Compl. ¶ 11.
Although the plaintiff and the NSA exchanged communications clarifying the scope of the plaintiff's FOIA request, the NSA never provided a response to the plaintiff prior to this litigation. Id. at ¶ ¶ 14-16. As a result, the plaintiff appealed to the NSA's FOIA Appeal Authority based on the NSA's constructive denial of its FOIA request. Id. The NSA indicated that processing of the plaintiff's appeal would be based on a " first-in, first-out" policy, but over the course of two months, the NSA never responded to the plaintiff. Id. at ¶ ¶ 17-19; Decl. of David J. Sherman (" NSA's Sherman Decl." ) at ¶ 24, ECF No.
18-2. As a result, the plaintiff filed the instant action. See generally Compl.
After the initiation of litigation, the Chief of NSA's FOIA/Privacy Act Office provided the plaintiff with a letter purporting to be a final response to the plaintiff's FOIA request. See NSA's Sherman Decl. ¶ 25. The NSA noted that, to the extent the plaintiff sought records concerning the contracts and lawsuits mentioned in the plaintiff's FOIA request, the NSA had conducted a thorough search and was unable to locate any responsive records. Id. ¶ 27. As detailed in two declarations, the NSA tasked " its Office of General Counsel, its acquisition organization, and its logistics organization" to conduct the relevant searches. Id. The NSA queried the records of the relevant organizations using variations of the plaintiff's name as specified in the plaintiff's FOIA request--Agility Public Warehousing Company, Agility, and the Public Warehousing Company--and the numbers for the relevant contracts. Supplemental Decl. of David J. Sherman (" NSA's Suppl. Sherman Decl." ) at ¶ 3, ECF No. 23-1. The NSA's filing systems contained memoranda, meeting minutes, reports, manuals, and other documents. NSA's Sherman Decl. ¶ 27. Within the Office of General Counsel, attorneys searched their Microsoft Outlook email accounts while administrative personnel and paralegals searched the organization's litigation filings systems. Id. The NSA also searched the " contracting management information system database," which is maintained in support of the NSA's contracting activity. Id.
In addition, the NSA's response informed the plaintiff that, to the extent the plaintiff's FOIA request called for intelligence information, the NSA could not confirm or deny the existence of any such records as their existence or non-existence is protected by FOIA Exemptions 1 and 3. See id. ¶ 26. The NSA's " foreign intelligence mission includes the responsibility to collect, process, analyze, produce and disseminate signals intelligence ('SIGINT') information, of which communications intelligence ('COMINT') is a significant subset, for foreign intelligence and counterintelligence purposes to support national and departmental missions to include the conduct of military operations." Id. ¶ 5. In light of its mission, the NSA determined that " [a]cknowledging the existence or non-existence of responsive records on particular individuals or organizations subject to surveillance would provide . . . adversaries with critical information about the capabilities and limitations" of the NSA and its operations. Id. ¶ 33. Likewise, " [c]onfirmation by NSA that a specific person's or organization's activities are not of foreign intelligence interest or that NSA is unsuccessful in collecting foreign intelligence information on their activities" would undermine the NSA's mission and permit adversaries to " accumulate information and draw conclusions about NSA's technical capabilities, sources, and methods." Id. As a result, the disclosure of such information " could reasonably be expected to cause exceptionally grave and irreparable damage to the national security by providing . . . adversaries a road map that instructs them on which communication modes or personnel remain safe or are successfully defeating NSA's capabilities." Id. ¶ 34. Moreover, disclosure of such information would permit adversaries to change their communications behavior or otherwise " alert targets that their existing means of communications are potentially safe." Id. Accordingly, the NSA did not confirm the existence or non-existence of any such records.
B. The NSA's Metadata Program
Almost seven months before the plaintiff filed the FOIA request at issue, a United
Kingdom-based newspaper, The Guardian, published, on June 6, 2013, an article claiming that the " National Security Agency is currently collecting the telephone records of millions of U.S. customers of Verizon, . . . under a top secret court order issued in April." See Ex. 3, Pl.'s Aviad Decl. (Glenn Greenwald, NSA collecting phone records of millions of Verizon customers daily, The Guardian, June 6, 2013). The Guardian attached to the article a then-classified Foreign Intelligence Surveillance Court (" FISC" ) " Secondary Order," dated April 25, 2013, which it had obtained from a former U.S. government contractor, Edward Snowden. Id.; see also Ex. 4, Pl.'s Aviad Decl. ( In re Application of the FBI for an Order Requiring the Prod. of Tangible Things From Verizon Bus. Network Servs., Inc., ex rel. MCI Commc'n Servs., Inc., d/b/a Verizon Bus. Servs. (" Secondary Order" ), No. B.R. 13-80 (F.I.S.C. Apr. 25, 2013)). The FISC Secondary Order required Verizon Business Network Services to provide " on an ongoing daily basis . . . all call detail records or 'telephony metadata' created by Verizon for communications (i) between the United States and abroad; or (ii) wholly within the United States, including local telephone calls." Secondary Order at 2. Telephony metadata includes, inter alia, the originating and terminating telephone number along with the time and duration of the call. Telephony metadata " does not include the substantive content of any communication . . . or the name, address, or financial information of a subscriber or customer." Id.
In the aftermath of The Guardian's disclosure, the government began to release details regarding the telephony metadata program along with declassified and redacted copies of other FISC orders. See Ex. 11, Pl.'s Aviad Decl. (Press Release, DNI Clapper Declassifies Intelligence Community Documents Regarding Collection Under Section 501 of the Foreign Intelligence Surveillance Act (FISA), Nov. 18, 2013). These disclosures reveal that since at least May 2006, the FBI has sought orders from the FISC authorizing the bulk collection of telephony metadata from U.S. telecommunications providers pursuant to Section 215 of the USA PATRIOT Act, 50 U.S.C. § 1861. See In re Application of the Fed. Bureau of Investigation for an Order Requiring the Production of Tangible Things from [Redacted], No. B.R. 06-05, at 2 (F.I.S.C. May 24, 2006); see also Ex. 7, Pl.'s Aviad Decl. (Declaration of Teresa H. Shea, Signals Intelligence Director, NSA (" NSA's Shea Decl." ), Smith v. Obama, No. 13-cv-0257 (D. Idaho Jan. 24, 2013), ECF No. 15-2).
Section 215 authorizes the FBI to " make an application for an order requiring the production of any tangible things (including books, records, papers, documents, and other items) for an investigation to obtain foreign intelligence information concerning a United States person or to protect against international terrorism or clandestine intelligence activities . . . ." 50 U.S.C. § 1861. Under the program, the FBI seeks orders from the FISC " directing certain telecommunications service providers to produce all business records created by them (known as call detail records)" for a designated period of time. NSA's Shea Decl. ¶ 14. " FISC orders must be renewed every 90 days, and the program has therefore been renewed 41 times since May 2006." ACLU v. Clapper,
785 F.3d 787, 796 (2d Cir. 2015). Once the information is obtained from the telecommunications service providers, the " NSA . . . stores and analyzes this information . . . and refers to the FBI information about communications . . . that the NSA concludes have counterterrorism value, typically information about communications between known or suspected terrorist operatives and persons located within the U.S." NSA's Shea Decl. ¶ 16.
Once collected from the telecommunications provider and stored in a secure database, strict procedures govern the NSA's access to and use of the collected telephony metadata. See In re Application of the FBI for an Order Requiring the Prod. of Tangible Things From [ REDACTED ], No. B.R. 13-80, 2013 WL 5460137 (F.I.S.C. Apr. 25, 2013) (" Primary Order" ). The government is only permitted to access the collected telephony metadata for the purposes set forth in the Primary Order, which includes " purposes of obtaining foreign intelligence information" and technical maintenance. See Primary Order at 2-3; NSA Shea Decl. ¶ 18. The NSA may access the collected telephony metadata only by searching with a telephone number or other " identifier," that is associated with a foreign terrorist organization. NSA's Shea Decl. ¶ 20-21; Primary Order at 2-4. Before an identifier may be used, one of twenty-two designated officials must determine that a " reasonable articulable suspicion" exists that the identifier is associated with an international terrorist organization subject to an FBI investigation. NSA Shea Decl. ¶ 21; Primary Order at 2-3. Where the identifier is reasonably believed to be used by a U.S. person, such reasonable articulable suspicion may not be based solely upon protected First Amendment activities. NSA's Shea Decl. ¶ 21; Primary Order at 2. The reasonable articulable suspicion requirement was intended to prevent the generalized browsing of data. NSA's Shea Decl. ¶ 20. The NSA must destroy all metadata no later than five years after the initial collection. NSA's Shea Decl. ¶ 31; Primary Order at 4.
Before information pertaining to any U.S. person may be disseminated outside the NSA, certain high-level officials " must determine that the information identifying the U.S. person is in fact related to counterterrorism information and that it is necessary to understand the counterterrorism information or assess its importance." Primary Order at 3. The NSA may also share the results from searches of the metadata with the Executive Branch in order to permit the Executive Branch to determine if such " information contains exculpatory or impeachment information or is otherwise discoverable in legal proceedings" or to " facilitate their lawful oversight functions." Primary Order at 3.
Almost immediately following these revelations, individuals and public interest groups filed numerous lawsuits throughout the country challenging the constitutional and statutory basis for the program. See, e.g., Clapper, 785 F.3d 787; Smith v. Obama, 24 F.Supp.3d 1005 (D. Idaho 2014), No. 14-35555 (9th Cir. argued Dec. 8, 2014); Klayman v. Obama, 957 F.Supp.2d 1 (D.D.C. 2013), No. 14-5004 (D.C. Cir. argued Nov. 4, 2014); Schuchardt v. Obama, 14-705 (W.D. Pa.); Paul v. Obama, 14-0262 (D.D.C.); First Unitarian Church of Los Angeles v. Nat'l Sec. Agency, 13-3287 (N.D. Cal.). Additionally, in at least one other instance, a plaintiff has sought records under FOIA that it believed to be in the possession of the NSA based on this bulk collection of metadata. See Competitive Enter. Inst. v. NSA, No. 14-975, 78 F.Supp.3d 45, 2015 WL 151465, at *1 (D.D.C. Jan. 13, 2015).
C. Other Data Collection Programs
In addition to the NSA's telephony metadata program, the NSA's involvement in at least three other classified programs concerning the bulk collection of communications are implicated by the plaintiff's claim. Under the Pen Register and Trap and Trace (" PR/TT" ) program, the government sought FISC orders permitting the collection from service providers of certain electronic communications metadata, including the " to," " from," and " cc" lines of an email, along with the time and date of an email. See Ex. 11, Pl.'s Aviad Decl (Press Release, Office of the Director of National Intelligence, DNI Clapper Declassifies Additional Intelligence Community Documents Regarding Collection Under Section 501 of the Foreign Intelligence Surveillance Act, Nov. 18, 2013). Once collected, the information was stored in a secured database. Id. The maintenance and searching of the collected database records was subject to strict requirements similar to those set forth for the NSA's telephony metadata program. Id. The NSA has not acknowledged a partnership with any specific telecommunications provider regarding the PR/TT program and the program has since been discontinued. See id.
Similarly, media reports have also discussed what have been referred to as the NSA's PRISM collection and the " upstream collection" program. Under the PRISM program, the NSA acquired electronic communications, including e-mails, directly from " compelled U.S.-based providers," such as Google, Apple, and Facebook. See Ex. 8, Pl.'s Aviad Decl. (Declassified Declaration of Frances J. Fleisch, NSA (" NSA's Fleisch Decl." ), at ¶ 38, Jewel v. Nat'l Sec. Agency, No. 08-CV-04373 (N.D. Cal. May 5, 2014), ECF No. 227); Ex. 12, Pl.'s Aviad Decl. (Glenn Greenwald & Ewan MacAskill, NSA Prism Program Taps into User Data of Apple, Google, and Others, The Guardian, June 7, 2013). In the separate " upstream collection" program, " the NSA collects electronic communications with the compelled assistance of electronic communication service providers as they transit Internet 'backbone' facilities within the United States." NSA's Fleisch Decl. ¶ 38; see [Redacted] Mem. Op., 2011 WL 10945618, at *9 (FISC Oct. 3, 2011). Between these two programs, the NSA " acquires more than two hundred fifty million Internet communications each year." [Redacted] Mem. Op., 2011 WL 10945618, at *9. Like the PR/TT program, the NSA has not acknowledged the identity of any service providers ...