Agility Public Warehousing Company K.S.C. v. National Security Agency

UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA AGILITY PUBLIC WAREHOUSING COMPANY K.S.C., Plaintiff, Civil Action No. (BAH) 14-0946 v. Judge Beryl A. Howell NATIONAL SECURITY AGENCY, Defendant. MEMORANDUM OPINION The plaintiff, Agility Public Warehousing Company K.S.C., brings suit against the National Security Agency (“NSA”), pursuant to the Freedom of Information Act (“FOIA”), 5 U.S.C. § 552. As part of its FOIA request, the plaintiff sought “all [of the] email, letter, telephonic, or other communications” of the plaintiff in the NSA’s possession. See Compl. ¶ 11, ECF No. 1. Relying on information leaked to the media regarding various classified NSA communication collection programs, the plaintiff argues that the NSA “indiscriminately collect[s] millions of telephone and email communications” from U.S. citizens and therefore maintains records of the plaintiff’s historical communications. See Pl.’s Mem. Supp. Cross-Mot. Summ. J. (“Pl.’s Mem.”) at 1, ECF No. 19-1. The NSA, however, issued a “Glomar” response— neither confirming nor denying the existence of records responsive to the plaintiff’s request. The plaintiff challenges the NSA’s provision of a “Glomar” response regarding the requested documents as well as the adequacy of the NSA’s search efforts for certain other requested documents. Now pending before the Court are the parties’ cross motions for summary judgment. For the reasons stated below, the NSA’s motion for summary judgment is granted and the plaintiff’s cross-motion for summary judgment is denied. 1 I. BACKGROUND A. The Plaintiff’s FOIA Request The plaintiff is a Kuwaiti logistics company that provided food to U.S. troops stationed in Iraq, Kuwait, Qatar, and Jordan from 2003 through 2010, as part of a series of contracts with the Defense Logistics Agency. Compl. ¶ 3. On November 9, 2009, the plaintiff was indicted in the Northern District of Georgia on charges of conspiracy to defraud the United States in violation of 18 U.S.C. § 371, major fraud against the United States in violation of 18 U.S.C. § 1031, and wire fraud in violation of 18 U.S.C. § 1343, stemming from the plaintiff’s provision of goods under these contracts. The charges remain pending. See United States v. The Public Warehousing Co., K.S.C., No. 1:09-CR-490 (N.D. Ga. 2009). The plaintiff was also sued in that same court for violations of the False Claims Act, 31 U.S.C. 3729 et seq., which violations likewise stem from the plaintiff’s provision of goods to U.S. soldiers. See United States ex rel. Kamal Mustafa Al-Sultan v. The Public Warehousing Company, K.S.C., No. 1:05-CV-2968 (N.D. Ga. 2005).1 In defending against these civil and criminal charges, the plaintiff “makes extensive use of email and telephone communications” to communicate from Kuwait with its U.S.-based attorneys at Skadden, Arps, Slate, Meagher & Flom LLP (“Skadden”). Decl. of Emily L. Aviad ¶ 9 (“Pl.’s Aviad Decl.”), ECF No. 19-3. Skadden was a “customer of Verizon Business Network Services from 2010 through the first quarter of 2014.” 2 See Suppl. Decl. of Emily L. Aviad ¶ 2 (“Pl.’s Aviad Suppl. Decl.”), ECF No. 26-1. On December 19, 2013, the plaintiff submitted a FOIA request to the NSA seeking seven categories of documents: (1) “all email, letter, telephonic, or other communications” by the 1 The civil case has been administratively closed pending an order from the Kuwaiti High Court of Appeals regarding whether the plaintiff was properly served as a defendant in that case. See Public Warehousing Company, No. 1:05-CV-2968 (N.D. Ga. 2005). 2 The plaintiff has not specified whether Verizon Business Network Services provided both telephonic and internet services, only that it was a customer. See Pl.’s Aviad Suppl. Decl ¶ 2. 2 plaintiff; (2) the name of any U.S. or foreign communications provider that intercepted the plaintiff’s communications; (3) documents relating to two contracts between the plaintiff and Defense Supply Center Philadelphia; (4) documents relating to the two lawsuits brought against the plaintiff in the Northern District of Georgia; (5) all communications between the NSA and any other investigative or law enforcement agency regarding the plaintiff; (6) documents pertaining to meetings among employees or contractors of any of the Department of Justice, the Office of the Director of National Intelligence, and the NSA regarding the plaintiff; and (7) documents pertaining to meetings between employees or contractors of the NSA and employees or contractors of the Federal Bureau of Investigation, the Central Intelligence Agency, the Department of Defense, and the Department of Homeland Security, relating to the plaintiff. Compl. ¶ 11. Although the plaintiff and the NSA exchanged communications clarifying the scope of the plaintiff’s FOIA request, the NSA never provided a response to the plaintiff prior to this litigation. Id. at ¶¶ 14–16. As a result, the plaintiff appealed to the NSA’s FOIA Appeal Authority based on the NSA’s constructive denial of its FOIA request. Id. The NSA indicated that processing of the plaintiff’s appeal would be based on a “first-in, first-out” policy, but over the course of two months, the NSA never responded to the plaintiff. Id. at ¶¶ 17–19; Decl. of David J. Sherman (“NSA’s Sherman Decl.”) at ¶ 24, ECF No. 18-2. As a result, the plaintiff filed the instant action. See generally Compl. After the initiation of litigation, the Chief of NSA’s FOIA/Privacy Act Office provided the plaintiff with a letter purporting to be a final response to the plaintiff’s FOIA request. See NSA’s Sherman Decl. ¶ 25. The NSA noted that, to the extent the plaintiff sought records concerning the contracts and lawsuits mentioned in the plaintiff’s FOIA request, the NSA had 3 conducted a thorough search and was unable to locate any responsive records. Id. ¶ 27. As detailed in two declarations, the NSA tasked “its Office of General Counsel, its acquisition organization, and its logistics organization” to conduct the relevant searches. Id. The NSA queried the records of the relevant organizations using variations of the plaintiff’s name as specified in the plaintiff’s FOIA request—Agility Public Warehousing Company, Agility, and the Public Warehousing Company—and the numbers for the relevant contracts. Supplemental Decl. of David J. Sherman (“NSA’s Suppl. Sherman Decl.”) at ¶ 3, ECF No. 23-1. The NSA’s filing systems contained memoranda, meeting minutes, reports, manuals, and other documents. NSA’s Sherman Decl. ¶ 27. Within the Office of General Counsel, attorneys searched their Microsoft Outlook email accounts while administrative personnel and paralegals searched the organization’s litigation filings systems. Id. The NSA also searched the “contracting management information system database,” which is maintained in support of the NSA’s contracting activity. Id. In addition, the NSA’s response informed the plaintiff that, to the extent the plaintiff’s FOIA request called for intelligence information, the NSA could not confirm or deny the existence of any such records as their existence or non-existence is protected by FOIA Exemptions 1 and 3. See id. ¶ 26. The NSA’s “foreign intelligence mission includes the responsibility to collect, process, analyze, produce and disseminate signals intelligence (‘SIGINT’) information, of which communications intelligence (‘COMINT’) is a significant subset, for foreign intelligence and counterintelligence purposes to support national and departmental missions to include the conduct of military operations.” Id. ¶ 5. In light of its mission, the NSA determined that “[a]cknowledging the existence or non-existence of responsive records on particular individuals or organizations subject to surveillance would provide . . . 4 adversaries with critical information about the capabilities and limitations” of the NSA and its operations. Id. ¶ 33. Likewise, “[c]onfirmation by NSA that a specific person’s or organization’s activities are not of foreign intelligence interest or that NSA is unsuccessful in collecting foreign intelligence information on their activities” would undermine the NSA’s mission and permit adversaries to “accumulate information and draw conclusions about NSA’s technical capabilities, sources, and methods.” Id. As a result, the disclosure of such information “could reasonably be expected to cause exceptionally grave and irreparable damage to the national security by providing . . . adversaries a road map that instructs them on which communication modes or personnel remain safe or are successfully defeating NSA’s capabilities.” Id. ¶34. Moreover, disclosure of such information would permit adversaries to change their communications behavior or otherwise “alert targets that their existing means of communications are potentially safe.” Id. Accordingly, the NSA did not confirm the existence or non-existence of any such records. B. The NSA’s Metadata Program Almost seven months before the plaintiff filed the FOIA request at issue, a United Kingdom-based newspaper, The Guardian, published, on June 6, 2013, an article claiming that the “National Security Agency is currently collecting the telephone records of millions of US customers of Verizon, . . . under a top secret court order issued in April.” See Ex. 3, Pl.’s Aviad Decl. (Glenn Greenwald, NSA collecting phone records of millions of Verizon customers daily, The Guardian, June 6, 2013). The Guardian attached to the article a then-classified Foreign Intelligence Surveillance Court (“FISC”) “Secondary Order,” dated April 25, 2013, which it had obtained from a former U.S. government contractor, Edward Snowden. Id.; see also Ex. 4, Pl.’s Aviad Decl. (In re Application of the FBI for an Order Requiring the Prod. of Tangible Things 5 From Verizon Bus. Network Servs., Inc., ex rel. MCI Commc'n Servs., Inc., d/b/a Verizon Bus. Servs. (“Secondary Order”), No. BR 13–80 (F.I.S.C. Apr. 25, 2013)). The FISC Secondary Order required Verizon Business Network Services to provide “on an ongoing daily basis . . . all call detail records or ‘telephony metadata’ created by Verizon for communications (i) between the United States and abroad; or (ii) wholly within the United States, including local telephone calls.” Secondary Order at 2. Telephony metadata includes, inter alia, the originating and terminating telephone number along with the time and duration of the call. 3 Telephony metadata “does not include the substantive content of any communication . . . or the name, address, or financial information of a subscriber or customer.” Id. In the aftermath of The Guardian’s disclosure, the government began to release details regarding the telephony metadata program along with declassified and redacted copies of other FISC orders. See Ex. 11, Pl.’s Aviad Decl. (Press Release, DNI Clapper Declassifies Intelligence Community Documents Regarding Collection Under Section 501 of the Foreign Intelligence Surveillance Act (FISA), Nov. 18, 2013). These disclosures reveal that since at least May 2006, the FBI has sought orders from the FISC authorizing the bulk collection of telephony metadata from U.S. telecommunications providers pursuant to Section 215 of the USA PATRIOT Act, 50 U.S.C. § 1861. See In re Application of the Fed. Bureau of Investigation for an Order Requiring the Production of Tangible Things from [Redacted], No. BR 06–05, at 2 (F.I.S.C. May 24, 2006); see also Ex. 7, Pl.’s Aviad Decl. (Declaration of Teresa H. Shea, Signals Intelligence Director, NSA (“NSA’s Shea Decl.”), Smith v. Obama, No. 13-cv-0257 (D. Idaho Jan. 24, 2013), ECF No. 15-2). 3 Telephony metadata also includes other “session-identifying information,” such as the “International Mobile Subscriber Identity (IMSI) number, International Mobile station Equipment Identity (IMEI) number . . . trunk identifier, [and] telephone calling card numbers . . . .” Secondary Order at 2. 6 Section 215 authorizes the FBI to “make an application for an order requiring the production of any tangible things (including books, records, papers, documents, and other items) for an investigation to obtain foreign intelligence information concerning a United States person or to protect against international terrorism or clandestine intelligence activities . . . .” 50 U.S.C. § 1861. Under the program, the FBI seeks orders from the FISC “directing certain telecommunications service providers to produce all business records created by them (known as call detail records)” for a designated period of time. NSA’s Shea Decl. ¶ 14. “FISC orders must be renewed every 90 days, and the program has therefore been renewed 41 times since May 2006.” Am. Civil Liberties Union v. Clapper, 785 F.3d 787, 796 (2d Cir. 2015). Once the information is obtained from the telecommunications service providers, the “NSA . . . stores and analyzes this information . . . and refers to the FBI information about communications . . . that the NSA concludes have counterterrorism value, typically information about communications between known or suspected terrorist operatives and persons located within the U.S.” NSA’s Shea Decl. ¶ 16. Once collected from the telecommunications provider and stored in a secure database, strict procedures govern the NSA’s access to and use of the collected telephony metadata. See In re Application of the FBI for an Order Requiring the Prod. of Tangible Things From [REDACTED ], No. BR 13–80, 2013 WL 5460137 (F.I.S.C. Apr. 25, 2013) (“Primary Order”). The government is only permitted to access the collected telephony metadata for the purposes set forth in the Primary Order, which includes “purposes of obtaining foreign intelligence information” and technical maintenance. See Primary Order at 2–3; NSA Shea Decl. ¶ 18. The NSA may access the collected telephony metadata only by searching with a telephone number or other “identifier,” that is associated with a foreign terrorist organization. NSA’s Shea Decl. ¶ 20– 7 21; Primary Order at 2–4. Before an identifier may be used, one of twenty-two designated officials must determine that a “reasonable articulable suspicion” exists that the identifier is associated with an international terrorist organization subject to an FBI investigation. NSA Shea Decl. ¶ 21; Primary Order at 2–3. Where the identifier is reasonably believed to be used by a U.S. person, such reasonable articulable suspicion may not be based solely upon protected First Amendment activities. NSA’s Shea Decl. ¶ 21; Primary Order at 2. The reasonable articulable suspicion requirement was intended to prevent the generalized browsing of data. NSA’s Shea Decl. ¶ 20. The NSA must destroy all metadata no later than five years after the initial collection. NSA’s Shea Decl. ¶ 31; Primary Order at 4. Before information pertaining to any U.S. person may be disseminated outside the NSA, certain high-level officials “must determine that the information identifying the U.S. person is in fact related to counterterrorism information and that it is necessary to understand the counterterrorism information or assess its importance.” Primary Order at 3. The NSA may also share the results from searches of the metadata with the Executive Branch in order to permit the Executive Branch to determine if such “information contains exculpatory or impeachment information or is otherwise discoverable in legal proceedings” or to “facilitate their lawful oversight functions.” Primary Order at 3. Almost immediately following these revelations, individuals and public interest groups filed numerous lawsuits throughout the country challenging the constitutional and statutory basis for the program. See, e.g., Clapper, 785 F.3d 787; Smith v. Obama, 24 F. Supp. 3d 1005 (D. Idaho 2014), No. 14–35555 (9th Cir. argued Dec. 8, 2014); Klayman v. Obama, 957 F. Supp. 2d 1 (D.D.C. 2013), No. 14–5004 (D.C. Cir. argued Nov. 4, 2014); Schuchardt v. Obama, 14-705 (W.D. Pa.); Paul v. Obama, 14-0262 (D.D.C.); First Unitarian Church of Los Angeles v. Nat’l 8 Sec. Agency, 13-3287 (N.D. Cal.). Additionally, in at least one other instance, a plaintiff has sought records under FOIA that it believed to be in the possession of the NSA based on this bulk collection of metadata. See Competitive Enter. Inst. v. Nat’l Sec. Agency, No. 14-975, 2015 WL 151465, at *1 (D.D.C. Jan. 13, 2015). C. Other Data Collection Programs In addition to the NSA’s telephony metadata program, the NSA’s involvement in at least three other classified programs concerning the bulk collection of communications are implicated by the plaintiff’s claim. Under the Pen Register and Trap and Trace (“PR/TT”) program, the government sought FISC orders permitting the collection from service providers of certain electronic communications metadata, including the “to,” “from,” and “cc” lines of an email, along with the time and date of an email. See Ex. 11, Pl.’s Aviad Decl (Press Release, Office of the Director of National Intelligence, DNI Clapper Declassifies Additional Intelligence Community Documents Regarding Collection Under Section 501 of the Foreign Intelligence Surveillance Act, Nov. 18, 2013). Once collected, the information was stored in a secured database. Id. The maintenance and searching of the collected database records was subject to strict requirements similar to those set forth for the NSA’s telephony metadata program. Id. The NSA has not acknowledged a partnership with any specific telecommunications provider regarding the PR/TT program and the program has since been discontinued. See id. Similarly, media reports have also discussed what have been referred to as the NSA’s PRISM collection and the “upstream collection” program. Under the PRISM program, the NSA acquired electronic communications, including e-mails, directly from “compelled U.S.-based providers,” such as Google, Apple, and Facebook. See Ex. 8, Pl.’s Aviad Decl. (Declassified Declaration of Frances J. Fleisch, NSA (“NSA’s Fleisch Decl.”), at ¶ 38, Jewel v. Nat’l Sec. 9 Agency, No. 08-CV-04373 (N.D. Cal. May 5, 2014), ECF No. 227); Ex. 12, Pl.’s Aviad Decl. (Glenn Greenwald & Ewan MacAskill, NSA Prism Program Taps into User Data of Apple, Google, and Others, The Guardian, June 7, 2013). In the separate “upstream collection” program, “the NSA collects electronic communications with the compelled assistance of electronic communication service providers as they transit Internet ‘backbone’ facilities within the United States.” NSA’s Fleisch Decl. ¶ 38; see [Redacted] Mem. Op., 2011 WL 10945618, at *9 (FISC Oct. 3, 2011). Between these two programs, the NSA “acquires more than two hundred fifty million Internet communications each year.” [Redacted] Mem. Op., 2011 WL 10945618, at *9. Like the PR/TT program, the NSA has not acknowledged the identity of any service providers participating in either the PRISM or the upstream collection programs. See Pl.’s Mem. at 24 (“[T]he NSA has not specifically named any telecommunications or Internet service providers participating in its bulk electronic communications collections programs . . . .”). II. LEGAL STANDARD Congress enacted the FOIA as a means “to open agency action to the light of public scrutiny.” Am. Civil Liberties Union v. U.S. Dep’t of Justice, 750 F.3d 927, 929 (D.C. Cir. 2014) (quoting Dep’t of Air Force v. Rose, 425 U.S. 352, 361 (1976)). Disclosure is the “‘basic policy’” of the Act. Citizens for Responsibility & Ethics in Washington v. U.S. Dep’t of Justice (CREW), 746 F.3d 1082, 1088 (D.C. Cir. 2014) (quoting Dep’t of Interior v. Klamath Water Users Protective Ass’n, 532 U.S. 1, 8 (2001). At the same time, the statute represents a “balance [of] the public’s interest in governmental transparency against legitimate governmental and private interests that could be harmed by release of certain types of information.” United Techs. Corp. v. U.S. Dep’t of Def., 601 F.3d 557, 559 (D.C. Cir. 2010) (internal quotation marks and 10 citations omitted). Reflecting that balance, the FOIA contains nine exemptions set forth in 5 U.S.C. § 552(b), which “are explicitly made exclusive and must be narrowly construed.” Milner v. U.S. Dep’t of Navy, 562 U.S. 562, 565 (2011) (internal quotations and citations omitted) (citing FBI v. Abramson, 456 U.S. 615, 630 (1982)); see CREW, 746 F.3d at 1088; Pub. Citizen, Inc. v. Ofc. of Mgmt. and Budget, 598 F.3d 865, 869 (D.C. Cir. 2010). “[T]hese limited exemptions do not obscure the basic policy that disclosure, not secrecy, is the dominant objective of the Act.” Am. Civil Liberties Union v. U.S. Dep’t of Justice (ACLU/DOJ), 655 F.3d 1, 5 (D.C. Cir. 2011) (quoting Nat’l Ass’n of Home Builders v. Norton, 309 F.3d 26, 32 (D.C. Cir. 2002)). The agency invoking an exemption to the FOIA “bears the burden of showing that a claimed exemption applies.” Elec. Frontier Found. v. U.S. Dep’t of Justice, 739 F.3d 1, 7 (D.C. Cir. 2014); see also CREW, 746 F.3d at 1088; Loving v. U.S. Dep’t of Def., 550 F.3d 32, 37 (D.C. Cir. 2008); Assassination Archives & Research Ctr. v. CIA, 334 F.3d 55, 57 (D.C. Cir. 2003). In order to carry this burden, an agency must submit sufficiently detailed affidavits or declarations, a Vaughn index of the withheld documents, or both, to demonstrate that the government has analyzed carefully any material withheld, to enable the court to fulfill its duty of ruling on the applicability of the exemption, and to enable the adversary system to operate by giving the requester as much information as possible, on the basis of which he can present his case to the trial court. See DeBrew v. Atwood, No. 12-5361, 2015 WL 3949421, at *2 (D.C. Cir. June 30, 2015); see also CREW, 746 F.3d at 1088 (“The agency may carry that burden by submitting affidavits that ‘describe the justifications for nondisclosure with reasonably specific detail, demonstrate that the information withheld logically falls within the claimed exemption, and are not controverted by either contrary evidence in the record nor by evidence of agency bad faith.’” (quoting Larson v. U.S. Dep’t of State, 565 F.3d 857, 862 (D.C. Cir. 2009)); Oglesby v. 11 U.S. Dep’t of the Army, 79 F.3d 1172, 1176 (D.C. Cir. 1996) (“The description and explanation the agency offers should reveal as much detail as possible as to the nature of the document, without actually disclosing information that deserves protection . . . [which] serves the purpose of providing the requestor with a realistic opportunity to challenge the agency’s decision.”). The FOIA provides federal courts with the power to “enjoin the agency from withholding agency records and to order the production of any agency records improperly withheld from the complainant.” 5 U.S.C. § 552(a)(4)(B). Moreover, a district court has an “affirmative duty” to consider whether the agency has produced all segregable, non-exempt information. Elliott v. U.S. Dep’t of Agric., 596 F.3d 842, 851 (D.C. Cir. 2010) (referring to court’s “affirmative duty to consider the segregability issue sua sponte” (quoting Morley v. CIA, 508 F.3d 1108, 1123 (D.C. Cir. 2007))); Stolt-Nielsen Transp. Grp. Ltd. v. United States, 534 F.3d 728, 733-735 (D.C. Cir. 2008) (“‘[B]efore approving the application of a FOIA exemption, the district court must make specific findings of segregability regarding the documents to be withheld.’” (quoting Sussman v. U.S. Marshals Serv., 494 F.3d 1106, 1116 (D.C. Cir. 2007))); see also 5 U.S.C. § 552(b) (“Any reasonably segregable portion of a record shall be provided to any person requesting such record after deletion of the portions which are exempt under this subsection.”). Summary judgment is appropriate when “there is no genuine dispute as to any material fact.” Fed. R. Civ. P. 56. “In FOIA cases, ‘[s]ummary judgment may be granted on the basis of agency affidavits if they contain reasonable specificity of detail rather than merely conclusory statements, and if they are not called into question by contradictory evidence in the record or by evidence of agency bad faith.’” Judicial Watch, Inc. v. U.S. Secret Serv., 726 F.3d 208, at 215 (D.C. Cir. 2013) (quoting Consumer Fed’n of Am. v. U.S. Dep’t of Agric., 455 F.3d 283, 287 (D.C. Cir. 2006) and Gallant v. NLRB, 26 F.3d 168, 171 (D.C. Cir. 1994)). “Ultimately, an 12 agency’s justification for invoking a FOIA exemption is sufficient if it appears ‘logical’ or ‘plausible.’” Judicial Watch, Inc. v. U.S. Dep’t of Def., 715 F.3d 937, 941 (D.C. Cir. 2013) (quoting Am. Civil Liberties Union v. U.S. Dep’t of Def. (ACLU/DOD), 628 F.3d 612, 619 (D.C. Cir. 2011)); Larson v. U.S. Dep’t of State, 565 F.3d 857, 862 (D.C. Cir. 2009) (quoting Wolf v. CIA, 473 F.3d 370, 374-75 (D.C. Cir. 2007)). III. DISCUSSION In the present case, “to the extent [the] plaintiff’s [FOIA] request sought surveillance or other intelligence records, or communications about such records,” the NSA issued the plaintiff a so-called “Glomar” response, which neither confirmed nor denied the existence of records relevant to the plaintiff’s request. 4 Mem. Supp. Def.’s Mot. Summ. J. (“Def.’s Mem.”). at 1, ECF No. 18-1. The Glomar response covered all documents sought by the plaintiff, except for those documents “concerning the government contracts and criminal and civil lawsuits specified by and involving plaintiff, or communications concerning those contracts and court cases.” 5 Id. With respect to the plaintiff’s request for documents concerning lawsuits and contracts, the NSA searched for but found no responsive documents. The plaintiff challenges both the NSA’s Glomar response and the adequacy of the NSA’s search for responsive documents. Each of those challenges is addressed separately below. 4 Glomar responses are “named for the Hughes Glomar Explorer, a ship used in a classified Central Intelligence Agency project ‘to raise a sunken Soviet submarine from the floor of the Pacific Ocean to recover the missiles, codes, and communications equipment onboard for analysis by United States military and intelligence experts.’” Roth v. U.S. Dep’t of Justice, 642 F.3d 1161, 1171 (D.C. Cir. 2011) (quoting Phillippi v. CIA, 655 F.2d 1325, 1327 (D.C.Cir.1981)). 5 As noted above, such materials refer primarily to categories 3 and 4 of the plaintiff’s request, which sought documents relating to two contracts between the plaintiff and Defense Supply Center Philadelphia and documents relating to the two lawsuits brought against the plaintiff in the Northern District of Georgia. Compl. ¶ 11. 13 A. The NSA’s Glomar Response A Glomar response is “an exception to the general rule that agencies must acknowledge the existence of information responsive to a FOIA request and provide specific, non-conclusory justifications for withholding that information.” Roth v. U.S. Dep’t of Justice, 642 F.3d 1161, 1178 (D.C. Cir. 2011). Thus, a Glomar response allows an agency to respond to a FOIA request by neither confirming nor denying the existence of any records responsive to the request, on the grounds that “confirming or denying the existence of records would itself ‘cause harm cognizable under a[ ] FOIA exception.’” Id. (quoting Wolf, 473 F.3d at 374). In issuing a Glomar response, the agency bears the burden of showing that the mere acknowledgement of whether it possesses or does not possess the requested records is protected from disclosure under a FOIA exemption. See Wolf, 473 F.3d at 374. To determine whether the acknowledgement of the existence or non-existence of agency records “fits a FOIA exemption, courts apply the general exemption review standards established in non-Glomar cases.” Wolf, 473 F.3d at 374 (citing Gardels v. CIA, 689 F.2d 1100, 1103–05 (D.C. Cir. 1982)); see also Am. Civil Liberties Union v. CIA (ACLU/CIA), 710 F.3d 422, 426 (D.C. Cir. 2013). A Glomar response may be challenged in two distinct but related ways. A plaintiff may challenge the agency’s assertion that confirming or denying the existence of any records would result in a cognizable harm under a FOIA exemption. See, e.g., People for the Ethical Treatment of Animals v. Nat’l Institutes of Health, 745 F.3d 535, 540 (D.C. Cir. 2014); Elec. Privacy Info. Ctr. v. Nat’l Sec. Agency (EPIC/NSA), 678 F.3d 926, 932 (D.C. Cir. 2012); Roth, 642 F.3d at 1172. Alternatively, or in addition, a plaintiff may demonstrate that the agency has “officially acknowledged” the existence of a requested record previously. See, e.g., ACLU/CIA, 710 F.3d at 427 (“[T]he plaintiff can overcome a Glomar response by showing that the agency has already 14 disclosed the fact of the existence (or nonexistence) of responsive records, since that is the purportedly exempt information that a Glomar response is designed to protect.”); Moore v. CIA, 666 F.3d 1330, 1333 (D.C. Cir. 2011) (“Moore does not challenge the CIA’s reliance on exemptions (b)(1) and (b)(3) . . . . [but instead], Moore argues that the CIA has officially acknowledged that it maintains information responsive to Moore's FOIA request . . . .”); Wolf, 473 F.3d at 378 (“Although the CIA properly invoked Exemptions 1 and 3, Wolf asserts that the Agency waived both of them by officially acknowledging the existence of records . . . .”). The official acknowledgment doctrine recognizes that, in certain circumstances, the agency may have waived its right to claim a FOIA exemption over the existence or non-existence of the records. See ACLU/CIA, 710 F.3d at 426 (“[W]hen an agency has officially acknowledged otherwise exempt information through prior disclosure, the agency has waived its right to claim an exemption with respect to that information.”). The plaintiff asserts both bases to overcome the NSA’s Glomar response. See Pl.’s Mem. at 27 (“Even if the Court were to find that the information that [the plaintiff] seeks is properly protected under the exemptions (which it is not), . . . the NSA’s official acknowledgements over the last 18 months regarding its bulk collection programs . . . override even valid exemption claims.”). The Court first addresses the propriety of the NSA’s invocation of Exemptions 1 and 3 for its Glomar response before turning to the plaintiff’s argument that the NSA has officially acknowledged the requested records. 1. The NSA Properly Invoked Exemptions 1 and 3. The NSA grounds its Glomar response in Exemptions 1 and 3 of the FOIA statute. See Def.’s Mem. at 9. Although the plaintiff expressly challenges the propriety of the NSA’s 15 invocation of Exemptions 1 and 3 for purposes of its Glomar response, the plaintiff devotes only two brief paragraphs of the more than 55 pages of briefing to this argument, and for good reason. “In reviewing an agency’s Glomar response, this Court exercises caution when the information requested ‘implicat[es] national security, a uniquely executive purview.’” EPIC/NSA, 678 F.3d at 931 (quoting Ctr. for Nat’l Sec. Studies v. U.S. Dep’t of Justice, 331 F.3d 918, 926–27 (D.C. Cir. 2003)). “[A]n agency’s justification for invoking a FOIA exemption is sufficient if it appears ‘logical’ or ‘plausible.’” Wolf, 473 F.3d at 374–75 (internal citations omitted). In the present case, the NSA invokes both Exemption 1 and Exemption 3 to support its Glomar response. Exemption 1 covers “matters ‘specifically authorized under criteria established by an Executive order to be kept secret in the interest of national defense or foreign policy and . . . in fact properly classified pursuant to such Executive order.’” Larson v. U.S. Dep’t of State, 565 F.3d 857, 861 (D.C. Cir. 2009) (quoting 5 U.S.C. § 552(b)(1)). Exemption 3 covers “matters ‘specifically exempted from disclosure by statute,’ provided that such statute leaves no discretion on disclosure or ‘establishes particular criteria for withholding or refers to particular types of matters to be withheld.’” Id. (quoting 5 U.S.C. § 552(b)(3)). “[I]n the FOIA context, [the D.C. Circuit has] consistently deferred to executive affidavits predicting harm to the national security, and . . . found it unwise to undertake searching judicial review.” Ctr. for Nat’l Sec. Studies, 331 F.3d at 927. Exemption 1 protects from disclosure records that are “(A) specifically authorized under criteria established by an Executive order to be kept secret in the interest of national defense or foreign policy, and (B) are in fact properly classified pursuant to such an Executive order.” 5 U.S.C. § 552(b)(1); see Milner v. U.S. Dep’t of Navy, 562 U.S. 562, 580 (2011) (noting that among the “tools at hand to shield national security information and other sensitive materials,” 16 the government has “[m]ost notably, Exemption 1 of FOIA [which] prevents access to classified documents.”). Thus, an agency attempting to withhold information under Exemption 1 must show that the information has been classified in compliance with the classification procedures set forth in the relevant executive order and that only information conforming to the executive order’s substantive criteria for classification has been withheld. See Judicial Watch, 715 F.3d at 941 (discussing “substantive and procedural criteria for classification”); Lesar v. Dep’t of Justice, 636 F.2d 472, 483 (D.C. Cir. 1980) (“To be classified properly, a document must be classified in accordance with the procedural criteria of the governing Executive Order as well as its substantive terms.”)). In this case, the NSA has sufficiently established that the existence or non-existence of responsive records is classified under Executive Order (“E.O.”) 13,526. This E.O. sets forth four requirements for the classification of national security information: (1) an original classification authority must classify the information; (2) the U.S. Government must own, produce, or control the information; (3) the information must be within at least one of eight protected categories enumerated in section 1.4 of the E.O.; and (4) the original classification authority must determine that the unauthorized disclosure of the information reasonably could be expected to result in a specified level of damage to the national security, and the classification authority is able to identify or describe the damage. See E.O. 13526 § 1.1(a). The NSA avers that “[a]cknowledgement of the existence or non-existence of intelligence information referencing Plaintiff would reveal information that is currently and properly classified as set forth in Section 1.4(c) of E.O 13,526,” which covers “intelligence sources [or] methods.” NSA Sherman Decl. ¶ 31. Specifically, “[a]cknowledging the existence or non- existence of responsive records on particular individuals or organizations subject to surveillance 17 would provide . . . adversaries with critical information about the capabilities and limitations of the NSA . . . .” NSA’s Sherman Decl. ¶ 33. As set forth in the NSA’s declaration, “[c]onfirmation by NSA that a specific person’s or organization’s activities are not of foreign intelligence interest or that NSA is unsuccessful in collecting foreign intelligence information on their activities” would undermine the NSA’s mission and permit adversaries to “accumulate information and draw conclusions about NSA’s technical capabilities, sources, and methods.” Id. Such information would permit adversaries to change their communications behavior or otherwise “alert targets that their existing means of communications are potentially safe.” Id. ¶ 34. As a result, disclosure “could reasonably be expected to cause exceptionally grave and irreparable damage to the national security by providing . . . adversaries a road map that instructions them on which communication modes or personnel remain safe or are successfully defeating NSA’s capabilities.” Id. The plaintiff challenges whether the acknowledgment of the existence or non-existence of the requested records would implicate intelligence sources and methods and would otherwise cause national harm. According to the plaintiff, “the bulk data collection programs under which the NSA obtained the information [the plaintiff] seeks sweep up not just the communications data of individuals that the NSA has specifically targeted, but rather, the data of millions of people whose communications cross the United States border, whether those people are targets of the NSA or not.”6 Pl.’s Mem. at 27. As a result, “the mere fact that the NSA possesses information regarding [the plaintiff’s] communications would not reveal anything about [the plaintiff’s] status as a target, thus keeping the NSA’s ‘intelligence sources and methods’ intact.” Id. In other words, because the NSA collects everything, disclosure would reveal nothing. 6 The plaintiff does not challenge that the materials were classified by an individual with classification authority or that the NSA controls the materials. See Pl.’s Mem. at 26–27. 18 A variant of the plaintiff’s argument was considered and rejected in Competitive Enterprise Institute v. National Security Agency, 2015 WL 151465, at *10, a case that also considered the NSA’s issuance of a Glomar response in the context of documents allegedly maintained as a result of the bulk collection of telephony metadata. In Competitive Enterprise Institute, the Court expressly rejected the argument “that because the agency has admitted collecting the records in bulk, it would not reveal important intelligence information to acknowledge that EPA officials’ calls were swept up in the collection.” Id. The court reasoned that “were the agency required to confirm or deny the existence of records for specific individuals, it would begin to sketch the contours of the program, including, for example, which providers turn over data and whether the data for those providers is complete.” Id. Indeed, the D.C. Circuit has cautioned, “‘the fact that some information resides in the public domain does not eliminate the possibility that further disclosures can cause harm to intelligence sources, methods and operations.’” ACLU/DOD, 628 F.3d at 625 (quoting Fitzgibbon v. CIA, 911 F.2d 755, 766 (D.C. Cir. 1990)). “Minor details of intelligence information may reveal more information than their apparent insignificance suggests because, ‘much like a piece of jigsaw puzzle, [each detail] may aid in piecing together other bits of information even when the individual piece is not of obvious importance in itself.’” Larson, 565 F.3d at 864 (quoting Gardels, 689 F.2d at 1106). Just as in Competitive Enterprise Institute, the Court finds the NSA’s explanation regarding the classification and potential national harm to be both “logical” and “plausible.” See Competitive Enter. Inst., 2015 WL 151465, at *10. Accordingly, the NSA has invoked Exemption 1 properly in support of its Glomar response. The NSA’s invocation of Exemption 3 is likewise proper. The NSA invokes a recognized withholding statute, Section 102A(i)(1) of the National Security Act of 1947, in 19 support of its Glomar response. See ACLU/DOD, 628 F.3d at 619. Section 102A(i)(1) protects “intelligence sources and methods from unauthorized disclosure.” 50 U.S.C. § 3024. The plaintiff’s challenges to Exemption 3 mirror the arguments made in opposition to Exemption 1. Since the Court has found the plaintiff's argument on that score to be unpersuasive, the plaintiff's Exemption 3 argument is similarly unavailing. 7 2. The NSA Officially Acknowledged a Limited Subset of Records. The central dispute between the parties concerns whether the NSA has previously acknowledged the existence of the records requested by the plaintiff, thereby waiving its right to claim an exemption regarding the existence vel non of any responsive records. The plaintiff claims that the NSA has made “multiple official disclosures that it collects a broad and voluminous scope of the telephone and electronic communications data of Americans through a series of programs with the compelled assistance of some of the largest U.S. telecommunications and internet service providers.” Pl.’s Mem. at 20. In light of these disclosures, the plaintiff argues that the NSA has waived its right to issue a Glomar response to the plaintiff’s FOIA 7 The NSA also relies on two additional statutory provisions as support for withholding under Exemption 3: (1) Section 6 of the National Security Act of 1959 (codified at 50 U.S.C. § 3605), which provides that “[n]othing in this Act or any other law . . . shall be construed to require the disclosure of the organization or any function of the National Security Agency, or any information with respect to the activities thereof . . .”; and (2) a criminal statute, 18 U.S.C. § 798, which prohibits a person from knowingly and willfully disclosing “any classified information . . . concerning the communication intelligence activities of the United States . . . or . . . obtained by the processes of communication intelligence from the communications of any foreign government, knowing the same to have been obtained by such processes.” Both statutes qualify as Exemption 3 statutes. See Larson, 565 F.3d at 868; Linder v. NSA, 94 F.3d 693, 698 (D.C. Cir. 1996). The NSA argues that, with respect to Section 6 of the National Security Act, revealing the existence of the requested records would “disclose information with respect to [NSA] activities, since any information about an intercepted communication concerns an NSA activity,” Linder, 94 F.3d at 696 (quoting Hayden v. NSA, 608 F.2d 1381, 1389 (D.C. Cir. 1979)), and that, with respect to 18 U.S.C. § 798, acknowledging the existence of the requested records would disclose classified information “concerning the communication intelligence activities of the United States,” see Larson, 565 F.3d at 868 (quoting 18 U.S.C. § 798). See Def.’s Mem. at 14–17. The Court need not opine about the sufficiency of these alternative bases, since Section 102A(i)(1) of the National Security Act provides ample support for the propriety of the NSA’s invocation of Exemption 3. 20 request, which encompassed “all email, letter, telephonic, or other communications” by the plaintiff. Id. at 18–28. The D.C. Circuit has recognized that if “the agency has officially acknowledged the existence of [a] record, the agency can no longer use a Glomar response, and instead must either: (1) disclose the record to the requester or (2) establish that its contents are exempt from disclosure and that such exemption has not been waived.” Moore, 666 F.3d at 1333 (citations omitted); see also Marino v. DEA, 685 F.3d 1076, 1081 (D.C. Cir. 2012) (“[I]n the context of a Glomar response, the public domain exception is triggered when ‘the prior disclosure establishes the existence (or not) of records responsive to the FOIA request,’ regardless whether the contents of the records have been disclosed.” (quoting Wolf, 473 F.3d at 379)). Even so, “[a] strict test applies to claims of official disclosure.” Moore, 666 F.3d at 1333 (alteration in original) (internal quotation marks omitted). “[I]n order to overcome an agency’s Glomar response based on an official acknowledgement, the requesting plaintiff must pinpoint an agency record that both matches the plaintiff’s request and has been publicly and officially acknowledged by the agency.” Id. (emphasis added). An agency’s official acknowledgment must meet three criteria: First, the information requested must be as specific as the information previously released. Second, the information requested must match the information previously disclosed . . . . Third, . . . the information requested must already have been made public through an official and documented disclosure. Fitzgibbon, 911 F.2d at 765; see also Moore, 666 F.3d at 1333; ACLU/DOD, 628 F.3d at 620– 21; Wolf, 473 F.3d at 378. The plaintiff “bears the burden of pointing to ‘specific information in the public domain that appears to duplicate that being withheld.’” EPIC/NSA, 678 F.3d at 933 (quoting Wolf, 473 F.3d at 378). The plaintiff may not, however, point to mere media speculation. See id. at 933 n.5 (“[T]he national media are not capable of waiving NSA’s 21 statutory authority to protect information related to its functions and activities.”); Competitive Enter. Inst., 2015 WL 151465, at *10 (“[S]peculation by the press—no matter how widespread—and disclosures in the press from unnamed sources are not sufficient to waive an agency’s right to withhold information under FOIA.”). 8 In the present case, the plaintiff points to the NSA’s public acknowledgements regarding its various bulk data collection programs—the telephony metadata program, the PR/TT program, the PRISM program, and the upstream collection program—to argue that the NSA has waived its right to issue a Glomar response. As explained below, the Court finds that the NSA has officially acknowledged the collection of certain telephony metadata from Verizon Business Network Services from April 25, 2013 through July 19, 2013, but has not otherwise officially acknowledged its possession of any other records sought by the plaintiff. a) Telephony Metadata Program The plaintiff has compiled multiple documents concerning the NSA’s telephony metadata program, of which the NSA has acknowledged two publically released FISC orders detailing the program. Specifically, the plaintiff notes that the publically acknowledged FISC Secondary Order directed Verizon Business Network Services to provide to the NSA “on an ongoing daily basis . . . all call detail records or ‘telephony metadata’ created by Verizon for communications (i) between the United States and abroad; or (ii) wholly within the United States, including local telephone calls.” Secondary Order at 2. The Secondary Order was limited to a 90-day period between April 25, 2013 and July 19, 2013, and included the originating and terminating 8 Nor may a statement by an anonymous agency insider be deemed an “official acknowledgement” because an anonymous leak is presumptively an unofficial and unsanctioned act. See ACLU/DOD, 628 F.3d at 621–22 (“‘[I]t is one thing for a reporter or author to speculate or guess that a thing may be so or even, quoting undisclosed sources, to say that it is so; it is quite another thing for one in a position to know of it officially to say that it is so.’” (quoting Alfred A Knopf, Inc. v. Colby, 509 F.2d 1362, 1370 (4th Cir. 1975))); Afshar v. U.S. Dep’t of State, 702 F.2d 1125, 1130–31 (D.C. Cir. 1983) (distinguishing between “official acknowledgement” of information and “[u]nofficial leaks and public surmise”). 22 telephone number along with the time and duration of the call. The plaintiff further contends that the NSA has conceded in public disclosures that the program has been in existence since at least May 2006 and that the NSA has admitted that as of January 3, 2014, “at least 15 different FISC judges have entered a total of 36 orders authorizing NSA’s bulk collection of telephony metadata.” Reply Supp. Pl.’s Cross Mot. Summ. J. (“Pl.’s Reply”) at 9, ECF No. 26 (citing NSA’s Shea Decl. ¶¶ 13-14). Taken together, the plaintiff argues that it communicated regularly with its legal counsel, a Verizon Business Network Services subscriber, and therefore, “based on the NSA’s own admissions, some of [the plaintiff’s] privileged communications with its counsel were almost certainly collected.” 9 Pl.’s Reply at 9. Moreover, while the Secondary Order was limited to the period between April 25, 2013 and July 19, 2013, the plaintiff argues that the NSA “has made sufficient public acknowledgements of the recurring, ever-renewing nature of these orders that the existence of prior or subsequent orders is virtually certain.” 10 Pl.’s Reply at 9. Thus, the plaintiff argues, at a minimum, the NSA has acknowledged the existence of records relating to its communications sent through Verizon Business Network Services between April 25, 2013 and July 19, 2013, and, at a maximum, has acknowledged the existence of records 9 Throughout its briefing the plaintiff makes much of the fact that the NSA may have intercepted privileged communications between the plaintiff and its counsel. Regardless of the propriety of such interceptions, FOIA is not the appropriate vehicle to vindicate discovery abuses or otherwise conduct discovery. See Williams & Connolly v. SEC, 662 F.3d 1240, 1245 (D.C. Cir. 2011) (“FOIA is . . . [not] an appropriate means to vindicate discovery abuses . . . .”); see also NLRB v. Sears, Roebuck & Co., 421 U.S. 132, 144 n. 10 (1975) (“The Act is fundamentally designed to inform the public about agency action and not to benefit private litigants.”); Renegotiation Bd. v. Bannercraft Clothing Co., Inc., 415 U.S. 1, 24 (1974) (“Discovery for litigation purposes is not an expressly indicated purpose of the Act.”); Neary v. Fed. Deposit Ins. Corp., No. 14-1167, 2015 WL 2375395, at *4 (D.D.C. May 19, 2015) (“’FOIA was not intended to be a discovery tool for civil plaintiffs.’” (internal quotations omitted)); Johnson v. U.S. Dep’t of Justice, 755 F. Supp. 2, 5 (D.D.C.1991) (“FOIA is not a discovery statute.”). 10 To showcase the potential breadth of the captured information, the plaintiff points to a draft NSA Inspector General Report from 2009, which indicates that the NSA “could gain access to approximately 81% of the international calls into and out of the United States through three corporate partners: COMPANY A had access to 39%, COMPANY B 28%, and COMPANY C 14%.” Pl.’s Mem. at 7. Although the draft report does not identify the three companies, the plaintiff notes that, as of 1999, MCI/Worldcom (now Verizon) was one of the three largest telecommunications providers. See id. (citing Common Carrier Bureau, FCC, 1999 International Telecommunications Data (Dec. 2000)). 23 relating to communications sent through Verizon Business Network Services and other providers since at least May 2006. See Pl.’s Reply at 9. As noted previously, another decision in this District considered the propriety of an NSA Glomar response in light of the NSA’s public statements regarding the bulk collection of telephony metadata. In Competitive Enterprise Institute, the plaintiff cited many of the same documents relied upon by the plaintiff in the present case: public statements by agency officials; an administration white paper; declarations of agency officials; newspaper reports; court opinions; and the Primary and Secondary Orders. See 2015 WL 151465, at *7–*10. After examining the statements, the court concluded that the “the sources . . . do not give any indication that the government collects metadata for all U.S. phone customers or even the subset of all Verizon Wireless users. As such, they do not show that the government has the specific records they seek.” Id. at *5 (emphasis in original). The court’s analysis turned on whether the NSA had acknowledged the participation of a service provider in the collection program. The plaintiff seeks to distinguish Competitive Enterprise Institute by noting that while the plaintiff in Competitive Enterprise Institute sought records relating to Verizon Wireless, the plaintiff in the present case has sought records pertaining to Verizon Business Networks Services, an acknowledged participant in the program. See Pl.’s Supp Aviad. Decl. ¶ 2. The plaintiff is correct, but only with respect to those documents obtained as a result of the officially acknowledged Secondary Order, i.e., the telephony metadata collected from Verizon Business Network Services between April 25, 2013 and July 19, 2013. 11 11 Although the Secondary Order reflects only that the government sought such records from Verizon Business Network Services, the NSA has subsequently confirmed in public declarations that Verizon Business Network Services produced records and participated in the program. See NSA’s Fleish Decl. ¶ 71 (“[T]he United States has not confirmed or denied the past or current participation of any specific provider in the telephony metadata program apart from the participation of VBNS for the approximately 90 day duration of the now-expired April 25, 2013 FISC Order.”). 24 With respect to other telephone service providers and other periods of time, the plaintiff has not pointed to any disclosures documenting the specific telephone service providers that participated in the program and during what periods of time. Such imprecision will not suffice to overcome the NSA’s Glomar response. The D.C. Circuit has expressly directed courts to apply the “official acknowledgement” exception “strictly,” such that the “official acknowledgement” only extends to the specific records that are acknowledged by the agency. See Moore, 666 F.3d at 1333; Wolf, 473 F.3d at 378–79. Indeed, this Circuit requires that a plaintiff “pinpoint an agency record that both matches the plaintiff’s request and has been publicly and officially acknowledged by the agency.” Moore, 666 F.3d at 1333 (emphasis added). The plaintiff has been unable to pinpoint specific disclosures regarding the participation of other telephone service providers in the NSA’s telephony metadata program, a circumstance present in other cases where courts have determined that the NSA did not officially acknowledge any additional participants in the telephony metadata program. See Elec. Frontier Found. v. U.S. Dep’t of Justice, No. 11- CV-5221, 2014 WL 3945646, at *5-7 (N.D. Cal. Aug. 11, 2014) (rejecting argument that the identity of participants in the telephony metadata program “has lost its exempt character because the providers’ names have been officially acknowledged.”); Competitive Enterprise Institute, 2015 WL 151465, at *11. Rather than pinpoint specific acknowledged disclosures, the plaintiff instead makes a series of logical deductions based on the nature of the telephony metadata program and general media speculation regarding the scope of the program to claim that the NSA has acknowledged other participants in the telephony metadata program. See Pl.’s Mem. at 7 (discussing implication of “Federal Communications Commission (FCC) report” discussing AT&T, Verizon, and Sprint as the nation’s “three largest international telephone call providers”), id. at 8 n.6 25 (“[T]he NSA’s draft report strongly suggests that AT&T and Verizon have assisted the NSA in collecting both telephonic and email communications in the past); id. at 22–25. Logical deductions may not substitute for official acknowledgements, however. See Valfells v. CIA, 717 F. Supp. 2d 110, 117 (D.D.C. 2010) (“Logical deductions are not, however, official acknowledgments.”), aff’d sub nom. Moore v. CIA, 666 F.3d 1330 (D.C. Cir. 2011). The plaintiff’s further reliance on ACLU v. CIA, 710 F.3d 422, 428–29 (D.C. Cir. 2013), is inapposite. In ACLU, the D.C. Circuit addressed the ACLU’s FOIA request for documents relating to drone strikes. The D.C. Circuit rejected the CIA’s Glomar response because the CIA “proffered no reason to believe that disclosing whether it has any documents at all about drone strikes will reveal whether the Agency itself—as opposed to some other U.S. entity such as the Defense Department—operates drones.” ACLU/CIA, 710 F.3d at 428–29. Instead, the CIA’s acknowledgment of its possession of documents relating to drones would reveal only that the CIA maintained an intelligence interest in drones. Id. at 428. In light of official acknowledgments by the CIA and the President, the Court concluded that it was neither “logical or plausible” for the CIA to contend that confirming the CIA’s interest in drones would reveal information not already publically acknowledged. Id. Similarly, in the present case, the NSA officially acknowledged the collection of telephony metadata information from Verizon Business Network Services, making it neither logical nor plausible for the NSA to deny this fact now. The NSA’s acknowledgement of its possession of telephony metadata from Verizon Business Network Services would reveal no new information not already in the public domain. This is not the case, however, with respect to telephony metadata records from other time periods or other service providers. See EPIC/NSA, 678 F.3d at 933 (“EPIC has failed to meet its burden because its blanket request for ‘[a]ll records of communication between NSA and Google concerning 26 Gmail’ covers a substantially broader swath of information than what NSA has voluntarily published on its website.”); Students Against Genocide v. U.S. Dep’t of State, 50 F.Supp.2d 20, 25 (D.D.C. 1999) (“[T]here is certainly no ‘cat out of the bag’ philosophy underlying FOIA so that any public discussion of protected information dissipates the protection which would otherwise shield the information sought.”). The NSA has not acknowledged any additional participants in the telephony metadata program or acknowledged receiving metadata from Verizon Business Network Services for any period outside of April 25, 2013 to July 19, 2013. To require the NSA to acknowledge the existence or non-existence of materials beyond that limited period would require the NSA to acknowledge information that has not otherwise been publically disclosed. The plaintiff has been unable to pinpoint an official acknowledgment by the NSA of the specific records sought by the plaintiff beyond those records encompassed by the Secondary Order and relating to Verizon Business Network Services. Moore, 666 F.3d at 1333 (“[I]n order to overcome an agency’s Glomar response based on an official acknowledgment, the requesting plaintiff must pinpoint an agency record that both matches the plaintiff’s request and has been publicly and officially acknowledged by the agency.”). Accordingly, the Court finds that the NSA’s Glomar response was improper insofar as the NSA has previously acknowledged that it collected telephony metadata from Verizon Business Network Services between April 25, 2013 and July 19, 2013, and proper as to all other time periods and service providers. b) Other Electronic Communications Although the plaintiff compiled a robust record detailing the public disclosures of the NSA’s telephony metadata program, the plaintiff has made no such showing regarding any of the other electronic communications programs—the PR/TT program, the PRISM program, and the 27 upstream collection program. 12 Indeed, to the contrary, the plaintiff concedes that the NSA has not acknowledged a service provider with respect to the bulk collection of electronic communications. See Pl.’s Mem. at 24 (conceding that the NSA “has not specifically named any telecommunications or Internet service providers participating in its bulk electronic communications collections programs.”). Nonetheless, the plaintiff claims that other official acknowledgements are sufficient to override the NSA’s Glomar response because the NSA has acknowledged “the broad scope of electronic communications collected through its programs.” Id. at 25. Yet, for the reasons stated above, speculation by the plaintiff regarding the scope of the programs at issue will not suffice to overcome the NSA’s Glomar response. See Competitive Enter. Inst., 2015 WL 151465, at *9 (upholding Glomar response where plaintiff could “not name the specific companies that have produced this data to the government”). As a result, the plaintiff has failed in its burden to overcome the NSA’s Glomar response with respect to all other electronic communications programs. B. Improper Withholding Although the NSA’s Glomar response was improper with respect to certain Verizon Business Network Services documents, this finding does not end the inquiry into the NSA’s FOIA response. The NSA makes the alternative argument that even if its Glomar response was improper as to the limited set of documents relating to Verizon Business Network Services, the terms of the Primary Order and Secondary Order do not permit the NSA to disclose any records to the plaintiff. See Mem. Further Supp. Def.’s Mot. Summ. J. (“Def.’s Reply”) at 13–15, ECF No. 23. 12 To the extent the NSA has made any acknowledgment regarding the records obtained during the course of the PR/TT program, the NSA has stated that all records obtained through the program have been destroyed. See NSA Fleisch Decl. ¶ 76 n.32 (“On December 7, 2011, the NSA completed the destruction of all PR/TT metadata collected under the authorization of the FISC from the agency’s repositories.”). 28 FOIA confers jurisdiction on the district court to compel an agency to release requested records only if those records are “improperly withheld.” Morgan, 923 F.2d at 196 (internal quotation marks omitted). An improper withholding does not occur, and the FOIA does not apply, when documents are withheld pursuant to a court order specifically enjoining their release. In such circumstances, the agency “simply [has] no discretion . . . to exercise” and, thus, “has made no effort to avoid disclosure.” GTE Sylvania, Inc. v. Consumers Union of U.S., Inc., 445 U.S. 375, 386 (1980). As the D.C. Circuit explained in Morgan, “respect for the judicial process requires the agency to honor the injunction . . . . ” 923 F.2d at 197 (citing GTE Sylvania, Inc., 445 U.S. at 386–87). Although GTE Sylvania dealt with the situation of a court-ordered injunction, its core holding has not been so limited. Rather, where a court order circumscribes an agency’s ability to produce documents such that the agency has “no discretion” to release the documents, the agency’s failure to release documents will not be deemed improper. See, e.g., GTE Sylvania, 445 U.S. at 386 (injunction); Morgan, 923 F.2d at 197 (sealing order); Judicial Watch, Inc. v. U.S. Dep’t of Justice, 65 F. Supp.3d 50, 52 (D.D.C. Local Civil Rule 84.9); Wagar v. U.S. Dep’t of Justice, 846 F.2d 1040, 1046-47 (6th Cir. 1988) (consent order); see also Senate of Commw. of P.R. v. U.S. Dep’t of Justice, No. 84-1829, 1993 WL 364696, at *6 (D.D.C. Aug. 24, 1993) (“The Supreme Court has held that records covered by an injunction, protective order, or held under court seal are not subject to disclosure under FOIA.” (internal citations omitted)). Ultimately, “the proper test for determining whether an agency improperly withholds records [subject to a court order] is whether the [order], like an injunction, prohibits the agency from disclosing the records.” Morgan, 923 F.2d at 197 (emphasis in original). The agency bears the burden of demonstrating that the responsive records are not subject to disclosure under the terms of a court order. Id. at 198. Merely stating that responsive records are subject to a court 29 order or other restriction is insufficient to demonstrate that “the court issued the [order] with the intent to prohibit the agency from disclosing the records,” as required under the Morgan standard. See Morgan, 923 F.2d at 198 (“If the [agency] obtains a clarifying order stating that the [order] prohibits disclosure, the [agency] is obviously entitled to summary judgment.”); see also Awan v. U.S. Dep’t of Justice, 10 F. Supp. 3d 96, 107 (D.D.C 2014) (finding “that the defendants have not established the Southern District's sealing order as a proper basis for withholding the over decade old material witness warrant affidavit under the FOIA” where defendants lacked clarifying order), vacated 46 F. Supp. 3d 90, 92 (D.D.C. 2014) (concluding “that the government’s withholding of the material witness warrant affidavit in compliance with the sealing order does not constitute an improper withholding under the FOIA” after the government obtained clarifying order); Concepcion v. FBI, 699 F.Supp.2d 106, 111–114 (D.D.C. 2010); Senate of Commw. of P.R, 1993 WL 364696, at *6–7, (D.D.C. Aug. 24, 1993). The agency may satisfy its burden under Morgan by referring to (1) the order itself; (2) extrinsic evidence, such as papers filed with the court that provide the rationale for the sealing; (3) orders of the same court in similar cases that explain the purpose of the order; or (4) the court’s general rules of procedures governing the order. Morgan, 923 F.2d at 198; Concepcion, 699 F.Supp.2d at 111. Upon finding that an order prohibits the agency from releasing the records, the agency is entitled to summary judgment on its withholding of the records. Morgan, 923 F.2d at 198. A review of the Morgan factors reveals that the NSA has no discretion to disclose the requested documents and its withholding in the present case was proper. The text of the Primary Order makes plain the NSA’s lack of discretion to access and disclose to the plaintiff the requested metadata. Indeed, the Primary Order permits the agency to access metadata records only in certain defined circumstances. Specifically, the Primary Order 30 “prohibit[s]” the government “from accessing business record metadata acquired pursuant to this Court’s orders in the above-captioned docket and its predecessors . . . for any purpose except as described herein.” Primary Order at 2 (emphasis added). The Primary Order designates two purposes. First, certain authorized technical personnel “may access the . . . metadata for purposes of obtaining foreign intelligence information.” Id. Second, “technical personnel may access the . . . metadata to perform those processes needed to make it usable for intelligence analysis.” Id. Neither scenario affords the NSA the discretion to access the metadata for purposes of complying with the plaintiff’s FOIA request. Although the Primary Order does not make specific reference to FOIA, the Primary Order is clear that the metadata may not be accessed “for any purpose except as” permitted by the Primary Order. Given the context of the Primary Order, the broad language regarding “any purpose” is sufficient to encompass FOIA. Such strict limitations regarding access to the collected metadata make abundant sense. In permitting the NSA to collect large amounts of personal information regarding U.S. citizens, the FISC was careful to put limitations on its access and use. The metadata may be accessed only for certain limited purposes (foreign intelligence) and only in certain limited ways (using specially approved searches). To permit FOIA plaintiffs (and thereby the public at large) access to all of the collected metadata would be to undermine the careful architecture erected by the FISC and enshrined in the Primary Order. Likewise, the Primary Order restricts the subsequent dissemination of metadata information. Before the NSA may disseminate information pertaining to any U.S. person, certain high-level officials “must determine that the information identifying the U.S. person is in fact related to counterterrorism information and that it is necessary to understand the counterterrorism information or assess its importance.” Primary Order at 3. To be sure, the 31 Primary Order does contemplate disclosure of the accessed metadata beyond the NSA in certain limited scenarios, including disclosure to the Executive Branch in order to (1) “enable them to determine whether the information contains exculpatory or impeachment information or is otherwise discoverable in legal proceedings” and (2) “facilitate their lawful oversight functions.” Id. While such language might ordinarily weigh against the NSA in the Morgan analysis, the Primary Order’s relative flexibility on disclosure is of less importance in the present case. As discussed, the NSA is forbidden under the terms of the Primary Order from accessing the collected telephony metadata in order to respond to the plaintiff’s FOIA request. In other words, the only responsive telephony metadata records that the Primary Order might permit the NSA to disseminate concern telephony metadata records previously accessed as a result of an authorized search as part of an ongoing investigation. Consequently, the NSA “would only have communications in its searchable intelligence files of entities that are related to foreign intelligence investigations” because those were the only searches that would have been previously authorized under the Primary Order. Def.’s Reply at 9. Yet the existence or non- existence of such records as they relate to the plaintiff has never been acknowledged by the NSA. The records are therefore properly covered by the NSA’s Glomar response and no disclosure is required. Both the limitations upon the Court’s holding and the peculiar circumstances of this case require highlighting. The instant case presents multiple competing interests all of significant public concern: personal privacy; national security; and transparency in government, along with the related concern of ensuring agency accountability. Under the plaintiff’s theory on the applicability of the FOIA in this case, the telephony metadata records (and any email communications) held in databases by the NSA could potentially be searched and accessed by 32 any person through the timely submission of a FOIA request. 13 Fortunately, the FISC orders at issue carefully balanced the competing interests: The materials obtained pursuant to the telephony metadata program may be accessed only in the most limited fashion, and not for purposes of the FOIA. Given the plain language in the Primary Order and the general context of the telephony metadata program, the Court will not require the NSA to seek clarification from the FISC regarding whether the Primary Order contemplates prohibiting disclosure under the FOIA. Rather, as the Primary Order makes clear, the NSA is not permitted to access the requested materials for purposes of complying with a FOIA request. As a result, the NSA’s failure to comply with the plaintiff’s request was not “improper” and the NSA will not be required to disclose the requested documents to the plaintiff. C. Defendant’s Search As noted, the NSA did not issue a Glomar response as to the entirety of the plaintiff’s FOIA request. Rather, the NSA conducted a search for documents relating to the non- intelligence records sought by the plaintiff, i.e., the plaintiff’s request for documents relating to its business contracts and pending civil and criminal cases. The NSA’s search yielded no results and the plaintiff correspondingly challenges the adequacy of the NSA’s search for responsive records. “The court applies a reasonableness test to determine the adequacy of a search methodology.” Morley, 508 F.3d at 1114 (internal quotations and citations omitted) “[T]he adequacy of a FOIA search is generally determined not by the fruits of the search, but by the appropriateness of the methods used to carry out the search.” Iturralde v. Comptroller of 13 The plaintiff’s theory also would raise the analytically “fraught” issue of when the querying of a database constitutes the creation of a new record not subject to FOIA. See Nat’l Sec. Counselors v. C.I.A., 960 F. Supp. 2d 101, 160 n.28 (D.D.C. 2013). This issue was not formally framed by the parties and does not require resolution here. 33 Currency, 315 F.3d 311, 315 (D.C. Cir. 2003). “An agency may establish the adequacy of its search by submitting reasonably detailed, nonconclusory affidavits describing its efforts.” Baker & Hostetler LLP v. U.S. Dep’t of Commerce, 473 F.3d 312, 318 (D.C. Cir. 2006). “‘Agency affidavits are accorded a presumption of good faith, which cannot be rebutted by purely speculative claims about the existence and discoverability of other documents.’” DeBrew, 2015 WL 3949421, at *2 (quoting SafeCard Servs., Inc. v. SEC, 926 F.2d 1197, 1200 (D.C. Cir. 1991)). Agency affidavits should identify the terms search and explain how the search was conducted. See Morley, 508 F.3d at 1122 (citing Oglesby v. U.S. Dep’t of Army, 920 F.2d 57, 68 (D.C. Cir. 1990)). The agency must submit, “[a] reasonably detailed affidavit, setting forth the search terms and the type of search performed . . . is necessary to afford a FOIA requester an opportunity to challenge the adequacy of the search and to allow the district court to determine if the search was adequate in order to grant summary judgment.” Debrew, 2015 WL 3949424, at *2 (quoting Oglesby, 920 F.2d at 68). Only where “a review of the record raises substantial doubt, particularly in view of ‘well defined requests and positive indications of overlooked materials,’” is summary judgment inappropriate. Iturralde, 315 F.3d at 314 (quoting Valencia– Lucena v. U.S. Coast Guard, 180 F.3d 321, 326 (D.C. Cir. 1999)). In the end, “[t]o prevail on summary judgment, the ‘agency must show beyond material doubt . . . that it has conducted a search reasonably calculated to uncover all relevant documents.’” Elliott v. U.S. Dep’t of Agric., 596 F.3d 842, 851 (D.C. Cir. 2010) (quoting Weisberg v. U.S. Dep’t of Justice, 705 F.2d 1344, 1351 (D.C. Cir. 1983)). The NSA presents two affidavits from the NSA’s Associate Director for Policy and Records in support of its search for records in the present case. The NSA tasked “its Office of 34 General Counsel, its acquisition organization, and its logistics organization” to conduct the relevant searches. NSA’s Sherman Decl. ¶ 27. These organizations were chosen as they were deemed to be the organizations “that would possess records responsive to the Plaintiff’s FOIA request, if any such records existed,” as only those organizations maintained contract and litigation-related records. Id. The NSA determined that “[n]o other non-intelligence organization within the NSA would have such records” and that “if any non-intelligence related information response to the Plaintiff’s FOIA request existed at the NSA, it would have been located by these three organizations in their respective filing system based on the search methodology” employed. NSA’s Suppl. Sherman Decl. ¶¶ 2, 4. The NSA queried the records of the relevant organizations using three variants of the plaintiff’s name and the numbers for the relevant contract. The records databases contained memoranda, meeting minutes, reports, manuals, and other documents. NSA’s Sherman Decl. ¶ 27. Within the Office of General Counsel, attorneys also searched their Microsoft Outlook email accounts while administrative personnel and paralegals searched the organization’s litigation filings systems. Id. The NSA also searched the “contracting management information system database,” which is maintained in support of the NSA’s contracting activity. Id. No responsive records were found as a result of any of these searches. The plaintiff objects to the adequacy of the NSA’s search, challenging both the scope of the search and the search terms employed. Neither objection withstands scrutiny. First, the plaintiff attacks the NSA’s decision to limit its search of records to those contained in the Office of General Counsel, the acquisitions organization, and the logistics organization. The plaintiff argues that “[b]ecause those organizations only handle matters on behalf of the NSA, there was no reason for them to possess documents regarding contracts and lawsuits that did not involve 35 the Agency.” Pl.’s Mem. at 30. The plaintiff misconstrues the nature of the NSA’s search. The NSA searched these organizations because “[n]o other non-intelligence organization within the NSA would have [contract or litigation related records] because these other organizations would only have records of individuals and organizations . . . that have some affiliation with the NSA.” NSA’s Suppl. Sherman Decl. ¶ 2 (emphasis added). The fact that these organizations were unlikely to maintain the requested contracting and litigation records reflects not on the NSA’s choice of organizations to search but on the nature of the plaintiff’s FOIA request: the plaintiff sought records concerning a company with which the NSA neither engaged in contracts nor contract litigation. Second, the plaintiff attacks the use of search terms employed by the NSA. The NSA used three variations of the plaintiff’s name and the contract numbers for its search. 14 The plaintiff posits that the NSA should have used alternative search terms to yield responsive documents. Specifically the plaintiff suggests that the NSA should have included “PWC” as a search term, along with the legal case numbers for the relevant litigation. Pl.’s Reply at 16–17. Although the parties did agree regarding the scope of one of the plaintiff’s requested categories of information, the parties did not discuss, and the plaintiff did not suggest, the use of any specific search terms. See NSA’s Sherman Decl. ¶ 19. “In general, the adequacy of a search is ‘determined not by the fruits of the search, but by the appropriateness of [its] methods.’” Hodge v. FBI, 703 F.3d 575, 579 (D.C. Cir. 2013) (quoting Iturralde, 315 F.3d at 315). “[T]here is no bright-line rule requiring agencies to use the search terms proposed” by a plaintiff. Physicians for Human Rights v. U.S. Dep’t of Def., 675 14 The plaintiff argues that the NSA failed to identify its search terms because it did not use quotation marks to designate the search terms identified in its declaration. See Pl.’s Reply at 15. The Court declines the plaintiff’s invitation to impose a quotation marks requirement on the NSA as context reveals the terms in question to be the search terms employed by the NSA. 36 F. Supp. 2d 149, 164 (D.D.C. 2009). Federal agencies have discretion in crafting a list of search terms that “they believe[ ] to be reasonably tailored to uncover documents responsive to the FOIA request.” Id. Where the search terms are reasonably calculated to lead to responsive documents, the Court should not “micro manage” the agency’s search. See Johnson v. Executive Office for U.S. Attorneys, 310 F.3d 771, 776 (D.C. Cir. 2002) (“FOIA, requiring as it does both systemic and case-specific exercises of discretion and administrative judgment and expertise, is hardly an area in which the courts should attempt to micro manage the executive branch.”); Liberation Newspaper v. U.S. Dep’t of State, No. 13-0836, 2015 WL 709197, at *6 (D.D.C. Feb. 19, 2015) (“Where the agency’s search terms are reasonable, the Court will not second guess the agency regarding whether other search terms might have been superior.”). The plaintiff’s insistence on its own preferred search terms does not undermine the reasonableness of the NSA’s search terms. Moreover, the plaintiff’s terms are not without their own criticism. Indeed, the plaintiff proffers no explanation for how the inclusion of legal case numbers would be likely to yield responsive documents when the NSA already searched by the plaintiff’s name. Moreover, while the NSA could have also used an abbreviation of the plaintiff’s name as a search term, an abbreviation in a record typically follows after the full name is used, and the search terms used employed both full and shortened versions of the plaintiff’s name. In short, the plaintiff offers only speculation as to the results of an alternative search, but speculation as to the potential results of a different search does not necessarily undermine the adequacy of the agency’s actual search. Although the NSA could have used additional variations of the plaintiff’s name or the legal case numbers, the NSA’s search terms were reasonably calculated to lead to responsive documents. 37 Through two declarations by the NSA’s Associate Director for Policy and Records, the NSA identified the records systems searched, the rationale for searching those records systems, the search terms employed, and averred that all files likely to contain responsive materials were searched. The plaintiff has presented no grounds for upsetting the presumption of regularity afforded to these declarations, and the Court finds that the declarations are reasonably detailed and the NSA’s search was reasonably calculated to lead to responsive documents. 15 IV. CONCLUSION For the foregoing reasons, the NSA’s Motion for Summary Judgment is granted and the plaintiff’s Cross-Motion for Summary Judgment or, in the Alternative, for Limited Discovery is denied. An appropriate Order accompanies this Memorandum Opinion. Digitally signed by Hon. Beryl A. Howell, United States District Court Judge, U.S. District Court for the District of Columbia DN: cn=Hon. Beryl A. Howell, United Date: July 10, 2015 States District Court Judge, U.S. District Court for the District of Columbia, o, ou, email=Howell_Chambers@dcd.uscourts. gov, c=US __________________________ Date: 2015.07.10 15:26:42 -04'00' BERYL A. HOWELL United States District Judge 15 Since the Court finds that both the declarations and the search itself were adequate, the plaintiff’s alternative request for limited discovery regarding the NSA’s search, see Pl.’s Mem. at 33, is denied. 38