Elec. Privacy Info. Ctr. v. Nat'l Sec. Agency

• Decision Date: 07 July 2011
• Docket Number: Civil Action No. 10–0196 (BAH).
• Citation: 795 F.Supp.2d 85
• Parties: ELECTRONIC PRIVACY INFORMATION CENTER, Plaintiff,v.NATIONAL SECURITY AGENCY, et al., Defendants.
• Court: U.S. District Court — District of Columbia

795 F.Supp.2d 85

ELECTRONIC PRIVACY INFORMATION CENTER, Plaintiff,

v.NATIONAL SECURITY AGENCY, et al., Defendants.

Civil Action No. 10–0196 (BAH).

United States District Court, District of Columbia.

July 7, 2011.

John Arthur Verdi, Washington, DC, for Plaintiff.Joshua Ilan Wilkenfeld, U.S. Department of Justice, Washington, DC, for Defendants.

MEMORANDUM OPINION

BERYL A. HOWELL, District Judge.

Pending before the Court is the partial motion to dismiss by the National Security Agency (“NSA”) and the National Security Council (“NSC”) two of the four claims in the Complaint. These claims stem from a Freedom of Information Act (“FOIA”) request that the plaintiff, Electronic Privacy Information Center (“EPIC”), filed with the NSA seeking information related to the Comprehensive National Cybersecurity Initiative, a multi-agency federal initiative to ensure the security of the nation's online infrastructure. In this case, the NSA referred part of the plaintiff's FOIA request to the NSC since a responsive document in the NSA's possession had originated with the NSC. The plaintiff brought this lawsuit against both the NSA and NSC to compel the production of documents responsive to its FOIA request. The plaintiff believes that releasing the documents it seeks “would provide the opportunity for meaningful public participation in the development of new security measures that may have a significant impact on civil liberties, such as privacy.” Def.'s Partial Mot. to Dismiss (“Defs.' Mot.”), Ex. A at 2–3 (Plaintiff's FOIA Appeal). The defendants now seek to dismiss the plaintiff's claims in Count III, which alleges that the NSC “failed to disclose responsive agency records in its possession in response to the referral by the NSA,” Compl. ¶ 66, and in Count IV, which alleges that the NSA violated the Administrative Procedure Act when it referred the FOIA request to the NSC. Id. ¶ 72. For the reasons discussed below, the Court will grant the partial motion to dismiss.¹

I. BACKGROUND

On June 25, 2009, Plaintiff EPIC submitted a FOIA request to the NSA seeking documents related to the Comprehensive National Cybersecurity Initiative (“CNCI”), an initiative established by former President George W. Bush that outlines federal cyber-security goals. Id. ¶¶ 6, 10, 15.

The plaintiff is a not-for-profit public interest research organization that reviews federal activities and policies to determine their possible impact on civil liberties and privacy interests. Id. ¶ 3. The NSA is an agency within the Department of Defense that is responsible for shielding our nation's coded communications from interception by foreign governments and for secretly intercepting intelligence communications from foreign nations. See Founding Church of Scientology of Wash., D.C., Inc. v. NSA, 610 F.2d 824, 825 (D.C.Cir.1979); Larson v. Dep't of State, No. 02–01937, 2005 WL 3276303, at *17 (D.D.C. Aug. 10, 2005), aff'd, 565 F.3d 857 (D.C.Cir.2009).

President Bush established the CNCI on January 8, 2008 by issuing National Security Presidential Directive 54 (“NSPD 54”), also known as Homeland Security Presidential Directive 23. Id. ¶¶ 6, 8. The contents of NSPD 54 have not been released to the public. Id. ¶ 7. The CNCI, as described by the Senate Committee on Homeland Security and Governmental Affairs, is a “multi-agency, multi-year plan that lays out twelve steps to securing the federal government's cyber networks.” Id. ¶¶ 9–10. The CNCI was formed “to improve how the federal government protects sensitive information from hackers and nation states trying to break into agency networks.” Defs.' Mot., Ex. A at 1–2.

On June 25, 2009, the plaintiff submitted a written FOIA request to the NSA that, in its entirety, sought the following documents:

a. The text of the National Security Presidential Directive 54 otherwise referred to as Homeland Security Presidential Directive 23;

b. The full text, including previously unreported sections, of the Comprehensive National Cybersecurity Initiative, as well as any executing protocols distributed to the agencies in charge of its implementation; and

c. Any privacy policies related to either the Directive, the Initiative, including but not limited to, contracts or other documents describing privacy policies for information shared with private contractors to facilitate the Comprehensive National Cybersecurity Initiative.

Compl. ¶ 15. The plaintiff also requested an expedited response to its request. Id. ¶ 16. The expedited processing request was initially denied on July 1, 2009, but was granted on August 12, 2009, after the plaintiff filed an administrative appeal. Id. ¶¶ 22, 29.

The NSA responded to the plaintiff's request on August 14, 2009 and produced two redacted documents that had been previously released under FOIA, although the Complaint does not indicate whether the plaintiff was the previous recipient of the documents. Id. ¶ 33. On October 26, 2009, the NSA informed the plaintiff that its request had been processed further and that three records responsive to the request had been located. Id. ¶¶ 36–38. The NSA withheld two of the three records in their entirety, claiming that these two records were exempt from release pursuant to various statutory exemptions to FOIA's disclosure requirements. Id. ¶¶ 39–41. The plaintiff's Complaint indicates the NSA did not provide a factual basis for its determinations that the claimed FOIA exemptions were applicable to the withheld documents. Id. As for the third record responsive to the plaintiff's request, the NSA indicated that this record did not originate with the NSA, but rather with the NSC, and that the record had therefore been referred to the NSC for “review and direct response to [EPIC].” Id. ¶ 42. The NSC is a presidential advisory group composed of the President, Vice–President, Secretary of State, Secretary of Defense, and other cabinet-level officials, including the National Security Advisor, that advises the President of the United States on national security and foreign policy issues. Armstrong v. Exec. Office of the President, 90 F.3d 553, 556 (D.C.Cir.1996); 50 U.S.C. § 402(a).

The plaintiff filed a written administrative appeal to the NSA on November 24, 2009, contesting the NSA's failure to disclose the records that were found responsive to the FOIA request. Id. ¶¶ 43–47. The NSA acknowledged receipt of the appeal on December 18, 2009 and predicted a decision on the plaintiff's appeal “within the next nine months.” Id. ¶¶ 48–50. As of February 4, 2010, the date this case was filed, the plaintiff had not received any communication from the NSC regarding the FOIA request. Id. ¶ 51.

The plaintiff brought this case to compel the defendants NSA and NSC to produce “all responsive agency records” and to order the NSA to file a Vaughn index that identifies each withheld document, states the NSA's claimed statutory exemption as to each withheld document, and explains why each withheld document is exempt from disclosure. Compl., Requested Relief, ¶¶ A–B. In Count I of the Complaint, the plaintiff alleges that the NSA violated FOIA by failing to comply with statutory deadlines regarding its administrative appeal. Id. ¶¶ 52–57. In Count II, the plaintiff alleges that the NSA failed to disclose responsive agency records through (1) withholding records that are not exempt, (2) withholding nonexempt portions of records that are reasonably segregable from exempt portions, and (3) improperly referring a portion of the plaintiff's FOIA request to the NSC. Id. ¶¶ 58–63. In Count III, which is directed against the NSC, the plaintiff alleges that the NSC violated FOIA by failing to disclose responsive agency records in its possession in response to the referral by the NSA. Id. ¶¶ 64–68. Lastly, in Count IV, the plaintiff alleges that the NSA's referral of the FOIA request to the NSC violated the Administrative Procedure Act (“APA”), 5 U.S.C. § 500 et seq. Id. ¶ 70.

On March 25, 2010, the defendants filed a partial motion to dismiss Counts III and IV pursuant to Rule 12(b)(6) of the Federal Rules of Civil Procedure. Defs.' Mot. at 1.² The defendants argue that since the NSC is not an entity subject to FOIA's disclosure requirements, the Court should dismiss the plaintiff's claims against the NSC (i.e., Count III). Mem. in Supp. of Defs.' Partial Mot. to Dismiss (“Defs.' Mem.”) at 1–2. The defendants further argue that the Court should dismiss Count IV, the plaintiff's APA claim against the NSA, because FOIA provides an adequate alternative remedy for the relief sought in the plaintiff's APA claim. Id. at 2. The defendants' partial motion to dismiss is presently before the Court.³

II. DISCUSSIONA. Standard of Review

Congress enacted FOIA to promote transparency across the government. See 5 U.S.C. § 552; Quick v. U.S. Dep't of Commerce, Nat'l Inst. of Standards & Tech., 775 F.Supp.2d 174, 179 (D.D.C.2011) (citing Stern v. FBI, 737 F.2d 84, 88 (D.C.Cir.1984)). The Supreme Court has explained that FOIA is “a means for citizens to know ‘what their Government is up to.’ This phrase should not be dismissed as a convenient formalism. It defines a structural necessity in a real democracy.” Nat'l Archives & Records Admin. v. Favish, 541 U.S. 157, 171–172, 124 S.Ct. 1570, 158 L.Ed.2d 319 (2004) (internal citations omitted). “The basic purpose of FOIA is to ensure an informed citizenry, vital to the functioning of a democratic society, needed to check against corruption and to hold the governors accountable to the governed.” NLRB v. Robbins Tire & Rubber Co., 437 U.S. 214, 242, 98 S.Ct. 2311, 57 L.Ed.2d 159 (1978). The strong interest in transparency must be tempered, however, by the “legitimate governmental and private interests [that] could be harmed by release of certain types of information.” United Techs. Corp. v. U.S. Dep't of Defense, 601 F.3d 557, 559 (D.C.Cir.2010); see also Critical Mass Energy Project v. Nuclear Regulatory Comm'n, 975 F.2d 871, 872 (D.C.Cir.199...