Competitive Enterprise Institute v. United States National Security Agency

UNITED STATES DISTRICT COURT
FOR THE DISTRICT OF COLUMBIA

COMPETITIVE ENTERPRISE
INSTITUTE, et al.,

Plaintiffs,

v. Civil Action No. 14-975 (JEB)

NATIONAL SECURITY AGENCY,

Defendant.

MEMORANDUM OPINION

Over the past several years, Plaintiffs Competitive Enterprise Institute, Energy &

Environmental Legal Institute, and Free Market Environmental Law Clinic have filed numerous

Freedom of Information Act requests with the Environmental Protection Agency, seeking to

obtain information about EPA officials’ phone calls, e-mails, and text messages. Apparently

dissatisfied with this more traditional approach, Plaintiffs now attempt a novel and inventive

gambit to obtain these records – they demand them from the National Security Agency. After

all, doesn’t the NSA have everyone’s phone, e-mail, and text-message records?

Relying on information leaked in June 2013 about an NSA program that collects vast

troves of “metadata” about Americans’ phone communications, Plaintiffs submitted FOIA

requests to the NSA for records relating to two EPA officials’ Verizon Wireless accounts. The

NSA, however, issued a so-called “Glomar response” – i.e., refusing to confirm or deny that it

has responsive records – because it believes that disclosing whether it has records (or not) could

1
compromise national-security efforts. The agency now moves for summary judgment on the

ground that it has no further obligations to Plaintiffs under FOIA.

Plaintiffs do not contest that a Glomar response is generally appropriate in an NSA case

like this. Instead, their principal argument is that the NSA has waived its right to issue such a

response by its previous official acknowledgment that it has the records they seek. Plaintiffs,

however, fail to point this Court to anything concrete showing that the NSA has actually

admitted this fact. The Court, consequently, will grant the agency’s Motion for Summary

Judgment.

I. Background

A. FOIA Requests to the EPA

Plaintiffs are non-profit organizations “dedicated to advancing responsible regulation,”

particularly “economically sustainable environmental policy.” Compl., ¶¶ 12-14. In pursuit of

their missions, each operates a “transparency initiative” that seeks to obtain “public records”

about energy and environmental policy. Id. Plaintiffs have, accordingly, filed numerous FOIA

requests with the EPA. Among other things, they have sought phone, e-mail, and text-message

records for high-ranking EPA officials, including Lisa P. Jackson and Gina McCarthy, the

former and current Administrator at the EPA. See, e.g., Compl. in Competitive Enterprise

Institute v. EPA, No. 13-779 (D.D.C. dismissed Sept. 13, 2013). They believe that EPA officials

have hidden their work by using unofficial methods of communications. See Competitive

Enterprise Institute v. EPA, 12 F. Supp. 3d 100, 106 (D.D.C. 2014) (CEI I).

In response to some requests, Plaintiffs have received voluminous records for Jackson

and McCarthy’s communications. See, e.g., id. (noting EPA had produced over 10,000 records

in response to request for emails from Jackson’s secondary e-mail accounts); Competitive

2
Enterprise Institute v. EPA, No. 13-1532, 2014 WL 4359191, at *4 (D.D.C. Sept. 4, 2014) (CEI

II) (noting CEI had received a document containing metadata for 5,392 text messages McCarthy

sent or received on an EPA-issued device). The EPA’s responses to other requests, however,

have been less to Plaintiffs’ liking. For instance, after CEI requested Jackson and McCarthy’s

text messages, the EPA allegedly informed the organization that it did not have any responsive

records and that it may not even have a duty to preserve text messages. See Compl., ¶¶ 3-5 in

CEI II, 2014 WL 4359191. CEI is currently challenging the EPA’s compliance with federal

record-keeping laws in another court in this jurisdiction. See id., ¶ 1.

As a result of Plaintiffs’ and others’ efforts, the EPA has come under significant fire in

recent years for its record-keeping practices and transparency. See, e.g., Senate Environment

and Public Works Comm., Minority Report, A Call for Sunshine: EPA’s FOIA and Federal

Records Failures Uncovered (Sept. 9, 2013), available at http://goo.gl/KmtqJT. It has, for

instance, been accused of “haphazard[ly]” maintaining federal records and withholding

information that could embarrass the agency. Id. at 1. Likely out of concern that the EPA has

not responded to their requests adequately and in good faith, Plaintiffs have now trained their

sights on a different target.

B. NSA’s Metadata Program 1

Since at least May 2006, the NSA has obtained bulk “telephony metadata” from U.S.

telecommunications service providers to use in counterterrorism investigations. See Declaration

of Teresa H. Shea, Director of Signals Intelligence, NSA, ¶ 13 in Klayman v. Obama, No. 13-

851 (D.D.C. 2013), ECF No. 25-4 (Shea Klayman Decl.); see also In re Application of the Fed.

Bureau of Investigation for an Order Requiring the Production of Tangible Things from

1
The discussion of this program is based entirely on publicly available documents and materials submitted by the
parties.

3
[Redacted], No. BR 06-05, at 2 (F.I.S.C. May 24, 2006). According to the NSA, the “metadata”

includes general information about phone calls, such as the numbers of incoming and outgoing

calls and the times calls are placed, but it does not include anything about the calls’ contents or

the parties’ identities. See Shea Klayman Decl., ¶ 7. The agency has obtained this data – at least

since 2006 – pursuant to orders of the Foreign Intelligence Surveillance Court. Id., ¶ 13. That

court concluded that the bulk collection of U.S. persons’ metadata is permitted under the

“business records” provision in Section 215 of the USA Patriot Act. Id., ¶ 14. The FISC orders

thus only require companies to turn over whatever metadata they already create and maintain in

the regular course of business. Id., ¶ 18.

Once the data is turned over to the government, there are strict limitations on its use. For

instance, NSA analysts cannot simply browse the database, but must use “identifiers,” such as

telephone numbers, to run targeted queries. See id., ¶¶ 17, 19. The FISC orders, furthermore,

delineate very narrow circumstances under which the NSA can disseminate information derived

from this data outside of the agency. See, e.g., Shea Klayman Decl., ¶ 28; Opp., Declaration of

Hans Bader, Exh. 2 (Primary Order, In re Application of the [FBI] for an Order Requiring the

Production of Tangible Things from [Redacted], No. BR 13-80 (F.I.S.C. Apr. 25, 2013)) (FISC

Primary Order, April 25, 2013).

While the Section 215 metadata-collection program dates back to 2006, it was concealed

from the public for years. Then, in early June 2013, Edward Snowden, a former government

contractor, leaked an April 25, 2013, FISC Order requiring Verizon Business Network Services

to provide the NSA with “telephony metadata” for the following 90 days. See Glenn Greenwald,

NSA Collecting Phone Records of Millions of Verizon Customers Daily, The Guardian, June 5,

2013, available at www.theguardian.com/world/2013/jun/06/nsa-phone-records-verizon-court-

4
order; Bader Decl., Exh. 1 (Secondary Order, In re Application of the [FBI] for an Order

Requiring the Production of Tangible Things from Verizon Business Network Services, Inc. on

Behalf of MCI Communication Services, Inc. d/b/a Verizon Business Services, No. BR 13-80

(F.I.S.C. Apr. 25, 2013)) (FISC Secondary Order, April 25, 2013); see also Klayman, 957 F.

Supp. 2d at 14. In the weeks and months that followed, the government declassified redacted

versions of Section 215 FISC orders and some documents about the program. See, e.g., Shawn

Turner, DNI Clapper Declassifies and Releases Telephone Metadata Collection Documents (July

31, 2014), available at www.dni.gov/index.php/newsroom/press-releases/191-press-releases-

2013/908-dni-clapper-declassifies-and-releases-telephone-metadata-collection-documents.

The leaks and subsequent government disclosures have set off a series of legal

challenges. Several courts have already been called upon to address the legality of the NSA’s

collecting and analyzing U.S. citizens’ metadata in bulk. See, e.g., Am. Civil Liberties Union v.

Clapper, 959 F. Supp. 2d 724 (S.D.N.Y. 2013); Klayman, 957 F. Supp. 2d 1; Smith v. Obama,

No. 13-257, 2014 WL 2506421 (D. Idaho June 3, 2014). This case, however, presents an

entirely different question – that is, whether FOIA requires the NSA to disclose the existence (or

nonexistence) of metadata records for specific individuals or accounts.

C. The Present Litigation

This case stems from two FOIA requests that Plaintiffs submitted to the NSA following

the Snowden leaks. The first, submitted by E&E Legal – known at the time as the American

Tradition Institute – and Free Market on August 16, 2013, requested:

[C]opies of all metadata (duration and time of the communication,
sender and recipient, etc.) from Verizon voice and/or data accounts
in NSA’s possession for the phone/PDA/text/instant message
and/or email account(s) held by Lisa P. Jackson. To properly
identify the individual at issue in this matter, one such email

5
 account associated with Ms. Jackson’s Verizon account and which
was used to conduct public business is LisaPJackson@Verizon.net.

Mot., Declaration of David J. Sherman, Exh. E (FOIA Request, Aug. 16, 2013) at 2. The

second, submitted by CEI on December 16, 2013, sought:

[C]opies of 1) all text message data, and 2) particularly all
metadata (date, duration and time of the communication, sender
and recipient, etc.) of text messaging activity using Verizon voice
and/or data accounts in NSA’s possession for the
phone/PDA/text/instant message account(s) associated with the
number (202) 596-0247, a number assigned by Verizon to the U.S.
Environmental Protection Agency (note: for most or all of the
relevant period this account was held in the name of “F.
Rusincovith/Eon 8344” but provided over the time period relevant
to this request to then-Assistant Administrator for Air and
Radiation, and now-Administrator, Regina “Gina” McCarthy).

Responsive records will be for billing periods ending, and/or will
be dated, during the period from July 1, 2009 through April 2011
(inclusive), at which time EPA switched providers for these
relevant offices, from Verizon to AT&T.

Sherman Decl., Exh. A (FOIA Request, Dec. 16, 2013) at 2. In answer to both requests, the

NSA issued “Glomar responses,” informing Plaintiffs that it could neither confirm nor deny the

existence of responsive records. See Def.’s Statement of Material Facts, ¶ 3. The agency

explained in its letters to Plaintiffs that, while its Section 215 metadata program had been

publicly acknowledged, “details about [the program] remain classified and/or protected from

release by statutes,” and that providing “[a]ny positive or negative response on a request-by-

request basis would allow our adversaries to accumulate information and draw conclusions about

NSA’s technical capabilities, sources, and methods.” Sherman Decl., Exh. B (Letter from

Pamela N. Phillips, Chief, FOIA/PA Office, NSA to Christopher C. Horner, CEI, Dec. 20, 2013)

at 2; Exh. F (Letter from Phillips to Brittany Madni, Free Market, Aug. 23, 2013) at 2. Plaintiffs

administratively appealed these decisions, but the agency upheld them, again explaining that

6
revealing such information could be detrimental to national-security efforts. See Sherman Decl.,

Exh. D (CEI Appeal Denial); Exh. H (Free Market Appeal Denial). They subsequently filed this

suit to compel the agency to produce responsive records, and the NSA now moves for summary

judgment.

Before moving on, a brief aside is in order. In a recent FOIA case against the EPA, this

Court warned CEI about its excessive and distracting use of footnotes. See CEI I, 12 F. Supp. 3d

at 108. CEI had filed a 44-page opposition containing 114 footnotes, many of which were

lengthy and substantive. See id. The Court stated then that it “trust[ed] . . . it w[ould] not

receive its like in the future.” See id. Unfortunately, those words appear to have struck stony

ground. While CEI’s use of footnotes in this case is not quite so egregious, Plaintiffs’ inclusion

of 51 substantial footnotes in a 28-page brief again imposes on the reader’s patience. Additional

briefs like this will, in the future, result in the striking of pleadings and the imposition of explicit

limits on footnotes.

II. Legal Standard

Summary judgment may be granted if “the movant shows that there is no genuine dispute

as to any material fact and the movant is entitled to judgment as a matter of law.” Fed. R. Civ. P.

56(a); see also Anderson v. Liberty Lobby, Inc., 477 U.S. 242, 247-48 (1986); Holcomb v.

Powell, 433 F.3d 889, 895 (D.C. Cir. 2006). A fact is “material” if it is capable of affecting the

substantive outcome of the litigation. See Liberty Lobby, 477 U.S. at 248; Holcomb, 433 F.3d at

895. A dispute is “genuine” if the evidence is such that a reasonable jury could return a verdict

for the nonmoving party.” See Scott v. Harris, 550 U.S. 372, 380 (2007); Liberty Lobby, 477

U.S. at 248; Holcomb, 433 F.3d at 895. “A party asserting that a fact cannot be or is genuinely

disputed must support the assertion” by “citing to particular parts of materials in the record” or

7
“showing that the materials cited do not establish the absence or presence of a genuine dispute,

or that an adverse party cannot produce admissible evidence to support the fact.” Fed. R. Civ. P.

56(c)(1). The moving party bears the burden of demonstrating the absence of a genuine issue of

material fact. See Celotex Corp. v. Catrett, 477 U.S. 317, 323 (1986).

FOIA cases typically and appropriately are decided on motions for summary judgment.

See Brayton v. Office of U.S. Trade Rep., 641 F.3d 521, 527 (D.C. Cir. 2011). In FOIA cases,

the agency bears the ultimate burden of proof. See Dep’t of Justice v. Tax Analysts, 492 U.S.

136, 142 n.3 (1989). The Court may grant summary judgment based solely on information

provided in an agency’s affidavits or declarations when they describe “the documents and the

justifications for nondisclosure with reasonably specific detail, demonstrate that the information

withheld logically falls within the claimed exemption, and are not controverted by either contrary

evidence in the record nor by evidence of agency bad faith.” Military Audit Project v. Casey,

656 F.2d 724, 738 (D.C. Cir. 1981).

III. Analysis

A. Glomar Response

Congress enacted FOIA “to pierce the veil of administrative secrecy and to open agency

action to the light of public scrutiny.” Dep’t of Air Force v. Rose, 425 U.S. 352, 361 (1976)

(citation omitted). Consistent with this purpose, the statute provides that “each agency, upon any

request for records which (i) reasonably describes such records and (ii) is made in accordance

with published rules . . . shall make the records promptly available to any person,” 5 U.S.C. §

552(a)(3)(A), unless the records fall within one of nine narrowly construed exemptions. See 5

U.S.C. § 552(b); Rose, 425 U.S. at 361. When an agency withholds documents or parts of

8
documents, it typically must explain what it is withholding and the statutory exemptions that

apply. See Vaughn v. Rosen, 484 F.2d 820, 825-28 (D.C. Cir. 1973).

In certain circumstances, however, an agency may refuse to confirm or deny that it has

relevant records. See, e.g., Wolf v. CIA, 473 F.3d 370, 374 (D.C. Cir. 2007). This is called a

“Glomar response,” in reference to the CIA’s refusal to confirm or deny whether it had records

about the Hughes Glomar Explorer, a ship later revealed to have been involved in a Cold War

mission. See Phillippi v. CIA, 546 F.2d 1009, 1011 (D.C. Cir. 1976); Am. Civil Liberties Union

v. CIA, 710 F.3d 422, 426 n.1 (D.C. Cir. 2013) (ACLU). Glomar responses are appropriate

when disclosing the existence (or nonexistence) of responsive records would itself “cause harm

cognizable under [a] FOIA exception.” See Wolf, 473 F.3d at 374 (quoting Gardels v. CIA, 689

F.2d 1100, 1103 (D.C. Cir. 1982)) (internal quotation marks omitted).

In such instances, the Government must show that the mere fact of whether it has (or

does not have) relevant records is protected from disclosure under an exemption. See Wolf, 473

F.3d at 374 (citations omitted). It must do so on the public record, “explaining in as much detail

as is possible” why it cannot provide a definitive response. Phillippi, 546 F.2d at 1013; see also,

e.g., Elec. Privacy Info. Ctr. v. NSA, 678 F.3d 926, 931 (D.C. Cir. 2012) (EPIC). Courts

considering Glomar responses apply the exemption standards developed in non-Glomar cases to

determine whether the information is properly withheld. See Wolf, 473 F.3d at 374 (citing

Gardels, 689 F.2d at 1103-05). Importantly, when a Glomar response touches upon issues of

national security – “a uniquely executive purview” – courts must give agency decisions

substantial deference. EPIC, 678 F.3d at 931 (quoting Ctr. for Nat’l Sec. Studies v. Dep’t of

Justice, 331 F.3d 918, 926-27 (D.C. Cir. 2003)) (internal quotation marks omitted).

9
 In this case, the NSA based its Glomar responses on FOIA Exemption 1 (which covers

materials classified by Executive Order) and Exemption 3 (which covers materials specifically

protected from disclosure by statute). Because Plaintiffs do not contest that this information falls

within the scope of Exemption 3, see Opp.; Pl.’s Statement of Disputed Facts at 7, this Opinion

need not address whether the information would also fall within the ambit of Exemption 1. See

Larson v. Dep’t of State, 565 F.3d 857, 862-63 (D.C. Cir. 2009) (“[C]ourts may uphold agency

action under one exemption without considering the applicability of the other.”). Instead, this

Opinion focuses on Plaintiffs’ principal contention that the NSA has waived its right to issue a

Glomar response by officially acknowledging the existence of the records Plaintiffs seek.

It is well established that “when an agency has officially acknowledged otherwise exempt

information through prior disclosure, the agency . . . waive[s] its right to claim an exemption

with respect to that information.” See ACLU, 710 F.3d at 426.

[A]n official acknowledgment must meet three criteria:

First, the information requested must be as specific as the
information previously released. Second, the information
requested must match the information previously disclosed.
. . . Third, . . . the information requested must already have
been made public through an official and documented
disclosure.

Wolf, 473 F.3d at 378 (quoting Fitzgibbon v. CIA, 911 F.2d 755, 765 (D.C. Cir. 1990)). The

burden is on plaintiffs claiming that information has been acknowledged to “point[] to specific

information in the public domain that appears to duplicate that being withheld.” ACLU, 710

F.3d at 427 (quoting Wolf, 473 F.3d at 378) (quotation marks omitted). “In the Glomar context,

the ‘specific information’ at issue is not the contents of a particular record, but rather ‘the

existence vel non’ of any records responsive to the FOIA request.” Id. (quoting Wolf, 473 F.3d

10
at 379). Plaintiffs in this case must therefore point to specific information in the public domain

establishing that the NSA has metadata records for Jackson and McCarthy’s accounts.

This they have not done. To begin, they fail to point to any source suggesting that the

government engages in the widespread collection of Americans’ e-mail and text-message

records, making the agency’s Glomar response appropriate at least with respect to those.

Second, on the issue of phone records, the sources that they provide do not give any indication

that the government collects metadata for all U.S. phone customers or even the subset of all

Verizon Wireless users. As such, they do not show that the government has the specific records

they seek. Third, although general information about the program has been released, Plaintiffs

are simply incorrect that there can be no further harm from acknowledging the existence of the

requested records. Finally, the present case is also readily distinguishable from those in which

courts have rejected agencies’ Glomar responses. The Court will elaborate on each of these

issues in turn.

B. E-mail and Text Records

Despite their FOIA requests for e-mail and text records, Plaintiffs do not point to any

evidence showing that the NSA actually collects this information on a widespread basis. Their

Opposition, in fact, never mentions e-mails and provides only a brief discussion of text-message

metadata. That discussion focuses solely on the fact that phone companies collect and retain this

information in the course of providing services. See Opp. at 20-21. Plaintiffs’ underlying

assumption seems to be that providers must turn over to the NSA all of the data that they

possess, regardless of form.

But an unfounded assumption cannot overcome an agency’s right to assert a Glomar

response, and none of the sources that Plaintiffs cite in their discussion of text messages gives

11
any indication that the government collects this information in bulk from companies. See Opp.

at 20-21 and accompanying footnotes. Even if the sources did suggest such collection, however,

it is difficult to see how these particular sources – which include a law-review article, an ACLU

publication, a newspaper article, and a declaration from a computer-science professor – could

constitute official acknowledgments of that fact. See, e.g., Am. Civil Liberties Union v. Dep’t of

Defense, 628 F.3d 612, 621 (D.C. Cir. 2011) (“[W]e are hard pressed to understand the ACLU’s

contention that the release of [a leaked Red Cross Report,] a nongovernmental document by a

nonofficial source can constitute a disclosure affecting the applicability of the FOIA

exemptions.”).

The sources Plaintiffs cite that do acknowledge the government’s collection of metadata

discuss only the collection of “telephony metadata.” Those sources consistently define

“telephony metadata” as details about phone calls, not texts or e-mails. See, e.g., Administration

White Paper: Bulk Collection of Telephony Metadata Under Section 215 of the USA Patriot Act

2 (Aug. 9, 2013) (White Paper), available at http://perma.cc/8RJN-EDB7 (“The term ‘metadata’

as used here refers to data collected under the program that is about telephone calls.”) (emphasis

added); Declaration of Teresa H. Shea, Director of Signals Intelligence, NSA, ¶¶ 7, 14 in

Clapper, No. 13-3994, ECF No. 63 (Shea Clapper Decl.) (explaining that, under the program,

telecommunications service providers turn over “call detail records”); see also FISC Secondary

Order, April 25, 2013. Particularly in the national-security context, this Court should not be in

the business of guessing whether information about text messages falls under the heading of

“telephony metadata.”

Regardless, then, of whether the NSA has officially acknowledged the existence of

metadata for Jackson and McCarthy’s phone calls, the Court will not require the agency to

12
confirm or deny the existence of records regarding their e-mails or texts. This disposes of the

Glomar issue with respect to Plaintiffs’ second request, which sought “copies of 1) all text

message data, and 2) particularly all metadata . . . of text messaging activity . . . for the

phone/PDA/text/instant message account(s) associated with the number [provided to

McCarthy].” FOIA Request, Dec. 16, 2013, at 2. It also disposes of a large part of the first

request, which sought “copies of all metadata . . . from Verizon voice and/or data accounts in

NSA’s possession for the phone/PDA/text/instant message and/or email account(s) held by Lisa

P. Jackson.” FOIA Request, Aug. 16, 2013, at 2. Since the latter request, however, also

encompasses metadata associated with Jackson’s phone calls, the Court will now turn to whether

a Glomar response for those records is also appropriate.

C. Phone Records

Plaintiffs, unsurprisingly, do not point to any statements from the NSA – or anyone else

for that matter – that explicitly acknowledge that the agency has obtained Jackson’s telephony-

metadata records. Instead, they emphasize that the program involves the collection of metadata

for most, if not all, Americans and Verizon customers, and that the metadata related to Jackson’s

Verizon Wireless account must have been “swept up” in this collection. See Opp. at 21. As

evidence, they provide citations to statements of the NSA, other government agencies and

officials, federal courts, and the press. The Court will address these categories separately.

1. NSA statements

Plaintiffs cite two NSA-issued documents in support of their claim that the agency has

waived its right to issue a Glomar response. The first is an agency document, available on its

website, that describes generally certain of the NSA’s activities. See NSA, The National

Security Agency: Missions, Authorities, Oversight and Partnerships (Aug. 9, 2013), available at

13
http://www.nsa.gov/public_info/_files/speeches_testimonies/ 2013_08_ 09_the_nsa_story.pdf.

The second is a declaration that the agency submitted in one of the cases challenging the

program’s legality. See Shea Clapper Decl. These documents undoubtedly fall within the

category of “official” disclosures, so the only question is whether they acknowledge the

collection of the specific information still at issue – i.e., phone records for Jackson.

While the Court agrees with Plaintiffs’ assertion that these documents show that the NSA

engages in the “bulk” collection of telephony metadata, see Opp. at 8, the problem is that “bulk”

does not mean universal. These documents, in other words, in no way suggest that the NSA

collects metadata records for all phone customers in the U.S. For instance, one states only that

“specified U.S. telecommunications providers are compelled by court order to provide NSA with

information about telephone calls to, from, or within the U.S.” The National Security Agency:

Missions, Authorities, Oversight and Partnerships at 5 (emphasis added). The other

acknowledges only that “[p]ursuant to Section 215, the FBI obtains orders from the FISC

directing certain telecommunications service providers to produce all business records created by

them . . . that contain information about communications between telephone numbers.” Shea

Clapper Decl., ¶ 14 (emphasis added). There is no indication that all companies – and thus all

phone customers – are included. Indeed, while the documents state that certain companies must

provide this data, they do not say which ones. As a result, they also do not acknowledge that the

government has Verizon Wireless records, including the ones at issue here. See, e.g., Afshar v.

Dep’t of State, 702 F.2d 1125, 1133 (D.C. Cir. 1983) (holding release of information that

“provide[s] only the most general outline” of an intelligence effort does not waive right to

withhold documents giving “a far more precise idea” of that effort because withheld information

14
must have “already been specifically revealed to the public”) (quoting Lamont v. Dep’t of

Justice, 475 F. Supp. 761, 772 (S.D.N.Y. 1979)) (internal quotation marks omitted).

The Court also finds it worth noting here that the agency has consistently represented that

it does not collect metadata records for all U.S.-based phone customers. See, e.g., Declaration of

Major General Gregg C. Potter, Military Deputy Director for Signals Intelligence, NSA, ¶ 4 in

Schuchardt v. Obama, No. 14-0705 (W.D. Pa. filed June 6, 2014), ECF No. 14-1 (“Although

there has been speculation that the NSA, under the bulk telephony metadata program, acquires

metadata relating to all telephone calls to, from, or within the United States, that is not the

case.”) (emphasis added); id. (“[A]s the FISC observed in a decision last year, the program has

never captured information on all (or virtually all) calls made and/or received in the U.S.”). The

NSA has, therefore, not made admissions that would waive its right to assert a Glomar response

here.

2. Statements of other government agencies and officials

Plaintiffs next point to statements and reports from other government agencies and

officials. In general, an agency may withhold information “despite the prior disclosure of

another, unrelated agency.” ACLU, 710 F.3d at 429 n.7; see also, e.g., Frugone v. CIA, 169 F.3d

772 (D.C. Cir. 1999) (allowing CIA to issue Glomar response for requester’s personnel file

despite Office of Personnel Management’s acknowledgment of his employment relationship with

CIA). “That rule does not apply, however, where the disclosures are made by an authorized

representative of the agency’s parent.” ACLU, 710 F.3d at 429 n.7. In ACLU, the Circuit thus

held that “[a] disclosure made by the President, or by his counterterrorism advisor acting as

‘instructed’ by the President, falls on the ‘parent agency’ side of that line,” and could waive the

CIA’s ability to issue a Glomar response. Id.

15
 Based on this caselaw, the NSA concedes that the President’s statement and an

administration white paper that Plaintiffs cite are attributable to the NSA. This concession,

however, does not get Plaintiffs very far. The President’s statement acknowledged only that “the

intelligence community . . . is looking at phone numbers and durations of calls.” President

Barack Obama, Statement at the Fairmont Hotel, San Jose, Cal. (June 7, 2013), available at

www.whitehouse.gov/the-press-office/2013/06/07/statement-president. It did not say that the

intelligence community was looking at this information for everyone, or even for specific

subgroups. The white paper, similarly, did not admit to the universal collection of Americans’

phone records. In fact, it begins with the statement that “the Federal Bureau of Investigation

(FBI) obtains court orders directing certain telecommunications service providers to produce

telephony metadata in bulk” – not all such providers. White Paper at 1 (emphasis added). As

with the NSA’s documents, it too does not name the companies that have produced data.

Turning next to the other government-issued documents Plaintiffs cite – namely,

materials from the Director of National Intelligence (DNI), the Privacy and Civil Liberties

Oversight Board (PCLOB), and the President’s Review Group on Intelligence and

Communications Technologies (PRGICT) – the NSA argues that these should not be imputed to

itself. See Reply at 4 n.4. It is not readily apparent, though, whether these fall on the “unrelated

agency” or “parent agency” side of the line. The NSA’s own website, for instance, states that the

DNI is the “the head of the Intelligence Community,” which includes the NSA. See Frequently

Asked Questions about NSA, https://www.nsa.gov/about/faqs/about_nsa.shtml# about6 (last

visited Jan. 12, 2015). Thankfully, the Court need not decipher organizational charts to resolve

this issue because none of the materials provides the sort of definitive acknowledgment that

Plaintiffs claim.

16
 Beginning with the DNI statement that they cite, the Court finds that it at most indicates

that the NSA’s metadata collection “is broad in scope.” See James R. Clapper, DNI Statement

on Recent Unauthorized Disclosures of Classified Information (June 6, 2013), available at

http://www.dni.gov/index.php/newsroom/press-releases/191-press-releases-2013/868-dni-

statement-on-recent-unauthorized-disclosures-of-classified-information. Next, Plaintiffs’

citations to the PCLOB Report demonstrate merely that “records are collected in bulk,” that

“certain telephone companies” are required to turn over records, and that the program results in

the collection of “call detail records for a large volume of telephone communications.” Privacy

and Civil Liberties Oversight Board, Report on the Telephone Records Program Conducted

Under Section 215 of the USA PATRIOT Act and on the Operations of the Foreign Intelligence

Surveillance Court 10, 22 (Jan. 23, 2014), available at http://www.eff.org/files/2014/

01/23/final_ report_1-23-14.pdf.

Last, with regard to the PRGCIT report, Plaintiffs – as they do numerous times

throughout their brief and statement of facts – leave out a key word from the quote they provide

to make the document appear more helpful to them than it really is. Specifically, in their

Opposition, Plaintiffs quote the report as saying “service providers must turn over to the

government on an ongoing basis call records for every telephone call.” Opp. at 7. This might

seem to imply that all service providers are included, but Plaintiffs conveniently omitted the

word “specified” from the beginning of the quote. See President’s Review Group on Intelligence

and Communications Technologies, Liberty and Security in a Changing World 97 (Dec. 12,

2013), available at www.whitehouse.gov/ sites/default/files/docs/2013-12-

12_rg_final_report.pdf). This document thus also fails to establish that all data is collected. And

once again, the materials do not name the specific companies that have produced this data to the

17
government, so they also do not establish that Verizon Wireless customers’ metadata has been

collected. Even if these sources fall on the “parent agency” side of the line, therefore, none

amounts to an official acknowledgment that the NSA has the metadata records that Plaintiffs

seek.

3. Court opinions

Plaintiffs next rely on several court opinions, but these also do not demonstrate that the

agency has waived its right to issue a Glomar response. For instance, Plaintiffs pluck several

quotes from Klayman that suggest that the court explicitly found that the NSA has collected

records for all “Verizon” customers. See Opp. at 9 n.18, 11-12, 19-21, 25. To put those quotes

in context, the court there stated only that it believed the plaintiffs had standing to sue because

there was “strong evidence that, as Verizon customers, their telephony metadata ha[d] been

collected.” Klayman, 957 F. Supp. 2d at 26. The court assumed that because Verizon Wireless

was the “single largest wireless carrier in the United States,” and because the benefit of the

metadata program derives from the government’s ability to analyze significant numbers of calls,

the government must have collected this data from the plaintiffs’ phone company. Id. at 27.

This analysis, however, was based on inferences and assumptions – not an official and actual

acknowledgement by someone in a position to know whether this is true. Indeed, the NSA has

maintained throughout that litigation that it does not collect call records for all U.S. callers, and it

also has not admitted to collecting the information for all “Verizon” customers. See id. at 27;

Response and Reply Brief for Government Appellants/Cross-Appellees, Klayman v. Obama, No.

14-5004 (D.C. Cir. oral argument Nov. 4, 2014) (asserting that plaintiffs “offer only unsupported

speculation that metadata about their calls must have been provided” to NSA). While relying on

“strong evidence” may be acceptable in a standing analysis, it does not suffice under the official-

18
acknowledgement doctrine. See, e.g., Valfells v. CIA, 717 F. Supp. 2d 110, 117 (D.D.C. 2010)

(“Logical deductions are not . . . official acknowledgments.”), aff’d sub nom. Moore v. CIA, 666

F.3d 1330 (D.C. Cir. 2011); Afshar, 702 F.2d at 1133 (finding that even CIA-reviewed books

were not “official and documented disclosure[s]”).

Clapper, another case Plaintiffs cite, more strongly pronounced that “the Government

[has] acknowledged that since May 2006, it has collected this information for substantially every

telephone call in the United States.” 959 F. Supp. 2d at 734. But this dog doesn’t hunt either. In

support of this conclusion, the court cited only the administration white paper and Shea

declaration discussed above. See id. Because this Court has already looked at those documents

and determined that they do not contain sufficiently specific acknowledgements, it will not rely

on Clapper’s broad-brush statement summarizing them.

Moving on, Plaintiffs cite two redacted, declassified orders from the FISC. See FISC

Primary Order, April 25, 2013; FISC Secondary Order, April 25, 2013. The Primary Order is

clearly directed at specified companies, but the names of those companies are redacted and

remain classified. See FISC Primary Order, April 25, 2013, at 3. It therefore does not offer any

clues as to the records that the NSA actually possesses. The Secondary Order is more specific

and is actually the closest Plaintiffs come to providing this Court with evidence of a specific

acknowledgement that the NSA has particular records. That order, however, was directed to

Verizon Business Network Services, Inc., not Verizon Wireless. See FISC Secondary Order,

April 25, 2013. The two are not one and the same. See, e.g., United States ex rel. Shea v.

Verizon Bus. Network Servs., Inc., 904 F. Supp. 2d 28, 30 (D.D.C. 2012). It thus has no bearing

on whether metadata for Verizon Wireless accounts, such as Jackson’s, has ever been produced

to the NSA. See Clapper, 959 F. Supp. 2d at 735 (noting that April 25, 2013, Secondary Order

19
from the FISC “does not cover calls placed on Verizon Wireless’s network”) (emphasis added);

Danny Yadron & Evan Perez, T-Mobile, Verizon Wireless Shielded from NSA Sweep, Wall St.

J., June 14, 2013 (reporting shortly after revelation that Verizon Business Network Services was

required to turn over metadata that Verizon Wireless was not among the companies required to

produce records “in part because of their foreign ownership ties”).

4. Newspaper articles

Finally, Plaintiffs cite numerous press accounts to argue that “[t]he press, too, has

recognized that the NSA’s bulk collection of telephony metadata, including the Verizon ‘cell

phone’ metadata at issue in this case, as [sic] a publicly-disclosed fact acknowledged by the NSA

and the Obama administration.” Opp. at 14-16, 25 and accompanying footnotes. But

speculation by the press – no matter how widespread – and disclosures in the press from

unnamed sources are not sufficient to waive an agency’s right to withhold information under

FOIA. As the D.C. Circuit noted in Fitzgibbon, “It is one thing for a reporter or author to

speculate or guess that a thing may be so or even, quoting undisclosed sources, to say that it is

so; it is quite another thing for one in a position to know of it officially to say that it is so.” 911

F.2d at 765 (quoting Alfred A. Knopf, Inc. v. Colby, 509 F.2d 1362, 1370 (4th Cir. 1975))

(internal quotation marks omitted); see also EPIC, 678 F.3d at 933 n.5 (“[T]he national media are

not capable of waiving NSA’s statutory authority to protect information related to its functions

and activities.”); Afshar, 702 F.2d at 1130-31, 1133 (explaining that “[u]nofficial leaks and

public surmise can often be ignored by foreign governments,” while official acknowledgments

cannot be, and finding that books by former CIA officials were not “official and documented

disclosure[s]”). This means, for example, that reported statements of “senior administration

official[s]” are insufficient to waive the agency’s right to claim an exemption. See Opp. at 16

20
(quoting Aaron Blake, Administration: NSA Phone Record Collection Vital to Fighting

Terrorism, Wash. Post, June 6, 2013).

Yet even if the Court could rely exclusively on the media, Plaintiffs would still be out of

luck; news accounts of the program have provided anything but a clear picture of its scope. In

fact, several articles by leading newspapers acknowledge that the NSA does not collect this data

for even a majority of people, and that it is not known publicly whether Verizon Wireless records

are collected. See, e.g., Ellen Nakashima, NSA Is Collecting Less than 30 Percent of U.S. Call

Data, Officials Say, Wash. Post, Feb. 7, 2014 (“according to current and former U.S. officials,”

by summer 2013, NSA was collecting less than 30 percent of all Americans’ call records

“because of an inability to keep pace with the explosion in cellphone use”); Charlie Savage &

Edward Wyatt, U.S. Is Secretly Collecting Records of Verizon Calls, N.Y. Times, June 5, 2013

(noting leaked FISC Order applied only to Verizon Business Network Services and it was “not

clear whether similar orders ha[d] gone to other parts of Verizon, like its residential or cellphone

services”). In any event, none of the articles Plaintiffs cite constitutes an official

acknowledgment that the NSA has the specific records they requested.

D. Harm From Requiring Further Disclosures

Next, Plaintiffs claim that even if the NSA does not collect this data for everyone, the

existence of the program is so well known that the agency cannot withhold further details about

it. They also assert a variant of this argument – namely, that because the agency has admitted

collecting the records in bulk, it would not reveal important intelligence information to

acknowledge that EPA officials’ calls were swept up in the collection. But this Circuit has

repeatedly recognized that “[t]he fact that some ‘information resides in the public domain does

not eliminate the possibility that further disclosures can cause harm to intelligence sources,

21
methods and operations.” Students Against Genocide v. Dep’t of State, 257 F.3d 828, 835 (D.C.

Cir. 2001) (quoting Fitzgibbon, 911 F.2d at 766) (internal quotation marks omitted); Afshar, 702

F.2d at 1132-33.

Here, the agency’s description of the potential harm from further disclosures is both

logical and plausible. See Students Against Genocide, 257 F.3d at 837. As the NSA’s

declaration in this case explained, “[A]cknowledging the existence or non-existence of

responsive records on particular individuals or organizations subject to surveillance would

provide our adversaries with critical information about the capabilities and/or limitations of the

NSA, such as the types of communications that may be susceptible to NSA detection.” Sherman

Decl., ¶ 24. These responses, collectively, could provide “a road map” for those who wish to

evade detection by informing them “which communications modes or personnel remain safe or

are successfully defeating NSA’s capabilities.” Id., ¶ 25. In essence, were the agency required

to confirm or deny the existence of records for specific individuals, it would begin to sketch the

contours of the program, including, for example, which providers turn over data and whether the

data for those providers is complete. See Elec. Frontier Foundation v. Dep’t of Justice, No. 11-

5221, 2014 WL 3945646, at *7 (N.D. Cal. Aug. 11, 2014) (“The inherent risks to national

security and government investigations of identifying the specific telecommunications carriers is

not mitigated by the government’s declassification of general information about the call record

collection program.”); Larson, 565 F.3d at 864 (“Minor details of intelligence information may

reveal more information than their apparent insignificance suggests because, much like a piece of

jigsaw puzzle, each detail may aid in piecing together other bits of information even when the

individual piece is not of obvious importance in itself.”) (quoting Gardels, 689 F.2d at 1106)

(alterations and internal quotation marks omitted)).

22
 In sum, public knowledge about the general contours of the program does not vitiate the

NSA’s Glomar response here.

E. Past Glomar Cases

In the end, this case stands in stark contrast to previous cases Plaintiffs cite in this Circuit

that have found an agency waived its right to issue a Glomar response by officially

acknowledging information. For instance, in Wolf, the Court considered a plaintiff’s FOIA

request for CIA records pertaining to a deceased Colombian politician. See 473 F.3d at 372.

Although the Circuit found that whether the agency had such records (or not) would ordinarily

qualify for withholding under Exemptions 1 and 3, see id. at 375-378, it determined that the

CIA’s Glomar response was unjustified with respect to certain documents because an agency

official had explicitly referenced them when he testified before Congress. See id. at 379. As a

result, it was absolutely clear that the agency had those records. See id. By contrast, Plaintiffs

here have failed to point to any clear indication that the NSA has the requested records for

Jackson and McCarthy.

This case is also markedly different from National Security Archive v. CIA, No. 99-1160,

slip op. (D.D.C. July 31, 2000). There, in response to a request for biographies of certain Eastern

European heads of state, the CIA had refused to confirm or deny whether it possessed relevant

records. Id. at 2. The court found the response inappropriate in light of the CIA’s

acknowledgment that it maintained biographies on all heads of state. Id. at 16. The court said

the situation was akin to the CIA saying that it held a full deck of cards, while denying that it

held specific cards. Id. at 17. Here, however, the NSA has not admitted that it holds a full deck

of cards. Nor has it admitted that it holds all of the cards of particular suits, such as all of the

metadata records for Verizon Wireless accounts. Requiring it to confirm or deny the existence of

23
specific cards would, therefore, reveal which cards it has and which it is missing. Because of the

potential consequences that additional disclosures could have on national security, the Court will

not require the agency to tip its hand any further.

IV. Conclusion

For the foregoing reasons, the Court will grant the NSA’s Motion for Summary

Judgment. A contemporaneous Order will so state.

/s/ James E. Boasberg
JAMES E. BOASBERG
United States District Judge

Date: January 13, 2015

24