                            UNITED STATES DISTRICT COURT
                            FOR THE DISTRICT OF COLUMBIA


 WYNSHIP W. HILLIER,

                        Plaintiff,

        v.                                                 Civil Action No. 16-cv-1836 (DLF)

 CENTRAL INTELLIGENCE AGENCY, et al.,

                        Defendants.


                                     MEMORANDUM OPINION

       Pro se plaintiff Wynship Hillier invokes the Privacy Act of 1974, 5 U.S.C. § 552a, to

identify records about him at the Department of Homeland Security (DHS), United States

Department of State, and Central Intelligence Agency (CIA) (collectively the “defendants”).

Hillier claims these agencies have records confirming that he is “the target of a sophisticated

campaign” designed to render him an “involuntary psychiatric outpatient” and to convince him,

and others, that he suffers from “psychiatric disorders.” 2d Am. Compl. ¶ 4, Dkt. 33.

Dissatisfied by the agencies’ failure to produce any records, Hillier filed this lawsuit. Before the

Court are the defendants’ Motion for Summary Judgment, Dkt. 40, Hillier’s Motion for Partial

Summary Judgment Against Defendant United States Department of Homeland Security, Dkt.

41, and Hillier’s Cross-motion for Partial Summary Judgment Against the Central Intelligence

Agency and United States Department of State, Dkt. 48. For the reasons that follow, the Court

will grant in part and deny in part the defendant’s motion and deny Hillier’s motions.
I.     BACKGROUND

       For the past six years, Wynship Hillier has sought records that he believes DHS,

Department of State, and CIA possess. His quest began in early 2012 1 when he sent letters to

these agencies asking whether certain record systems contained records about him. See Defs.’

Statement of Facts ¶¶ 3, 6, 17, 29, Dkt. 40-1; Pl.’s Statement of Genuine Issues ¶¶ 3, 6, 17, 29,

Dkt. 45. 2 Each agency processed Hillier’s requests under both the Privacy Act, 5 U.S.C. § 552a,

and the Freedom of Information Act (FOIA), 5 U.S.C. §552. But none of the agencies provided

records to Hillier because (1) none were found, (2) the relevant record systems were statutorily

exempt from the Privacy Act and FOIA, or (3) the CIA could neither confirm nor deny the

existence of records that might reveal a classified relationship with the agency. Defs.’ Statement

of Facts ¶¶ 3, 6, 19, 29. Hillier exhausted his administrative remedies and commenced this

lawsuit on September 12, 2016. See 2d Am. Compl. Exs. 1–54; Defs.’ Statement of Facts

¶¶ 9, 31.


1
  It appears that Hillier initially submitted a Privacy Act request to the CIA by a letter dated
February 4, 2009. 2d Am. Compl. Ex. 3. The CIA responded on March 13, 2009 by notifying
Hillier that it would not process his request until he provided certain identifying information
required by regulation. 2d Am. Compl. Ex. 4 (citing 32 C.F.R. § 1901.13). There is no evidence
that Hillier provided the required information, but he later submitted another Privacy Act request
via a letter dated January 6, 2011 (the record is clear that the letter should have been dated
January 6, 2012, not 2011). See Defs.’ Statement of Material Facts ¶ 29 n.1; Pl’s. Statement of
Genuine Issues ¶ 29.

Separately, the record also reflects that a January 19, 2012 letter the plaintiff addressed to the
Department of State was not received until much later when “a copy of the . . . letter was
attached to subsequent correspondence between Plaintiff and [the agency].” Defs.’ Statement of
Material Facts ¶ 17; Pl’s. Statement of Genuine Issues ¶ 17.
2
  Hillier does not dispute the facts this opinion cites from the defendants’ statement of material
facts. Compare Pl.’s Statement of Genuine Issues, Dkt. 45, with Defs.’ Statement of Facts, Dkt.
40-1. Accordingly, for convenience, the Court omits parallel citations to Hillier’s statement of
genuine issues, Dkt. 45. To be clear, Hillier disputes other facts contained in the defendants’
statement of material facts that are not cited here.

                                                 2
       Since then, Hillier has zealously prosecuted his lawsuit. In addition to securing leave to

amend his complaint three times, he submitted over 1,300 pages of argument and evidence. See

Dkts. 15–18, 20, 22, 26, 31, 33–35, 38, 39, 41–43, 45, 46, 48, 49, 52–56, 59, 61, 64. 65.

       When the defendants moved for summary judgment on August 24, 2017, see Dkt. 40,

Hillier countered on September 7, 2017 with a motion for partial summary judgment against

DHS, see Dkt. 41. He also filed an opposition to the defendants’ motion for summary judgment,

a motion to compel discovery, a motion to participate in hearings by telephone or televideo, see

Dkts. 42, 43, 45, and, on October 17, 2017, he filed a cross-motion for partial summary judgment

against the CIA and Department of State, see Dkt. 48.

       About a week after this case was reassigned to the undersigned judge on December 5,

2017, Hillier moved for leave to file a surreply to the defendants’ motion for summary judgment,

see Dkt. 52, which the Court granted. Several weeks later, Hillier filed a 454-page request

asking the Court to take judicial notice of facts that he argued were contained in Federal Register

notices and proposed rules, Executive Orders and memoranda, federal statistical reports

published on agency websites, a telephone directory posted on a government website, a page

from a government website, other court records, dictionaries, law review articles, workday

calculations, and legislative reports and documents. Pl’s. Req. for Judicial Notice at 1, 35, 54,

65, 85, 87, 90, 92, 95, 96, Dkt. 54.

       On February 23, 2018, Hillier moved to amend his motion for partial summary judgment

against DHS, cross-motion for partial summary judgment against the CIA and Department of

State, motion to compel discovery, and opposition to the defendants’ motion for summary

judgment. Mot. to Amend at 1, Dkt. 55. In support, Hillier submitted 464 pages of exhibits. Id.

Exs. 71–166, Dkt. 55-1. He followed that with a March 19, 2018 motion seeking reconsideration



                                                 3
of the May 31, 2017 minute order issued by the judge who was previously assigned to this case.

Mot. for Recons. at 1, Dkt. 59. That minute order prohibited Hillier from further amending his

complaint “absent a showing of exceedingly good cause.” Minute Order of May 31, 2017.

       The competing motions for summary judgment are addressed in this memorandum

opinion. Hillier’s other pending motions are addressed in the accompanying order.

II.    LEGAL STANDARDS

       Rule 56 of the Federal Rules of Civil Procedure mandates that “[t]he court shall grant

summary judgment if the movant shows that there is no genuine dispute as to any material fact”

and, viewing the evidence in the light most favorable to the nonmoving party, “the movant is

entitled to judgment as a matter of law.” Fed. R. Civ. P. 56(a); see also Paige v. Drug Enf’t

Admin., 665 F.3d 1355, 1358 (D.C. Cir. 2012). “A dispute is ‘genuine’ if the evidence is such

that a reasonable jury could return a verdict for the nonmoving party.” Paige, 665 F.3d at 1358.

A fact is material if it “might affect the outcome of the suit under the governing law.” Anderson

v. Liberty Lobby, Inc., 477 U.S. 242, 248 (1986).

        Hillier invokes the Privacy Act to secure notice of records about him. The Privacy Act

mandates that “[e]ach agency that maintains a system of records shall . . . upon request by any

individual to gain access to his record or to any information pertaining to him which is contained

in the system, permit him . . . to review the record and have a copy made of all or any portion

thereof in a form comprehensible to him.” 5 U.S.C. § 552a(d)(1). The Privacy Act also allows

individuals to request notice that an agency’s system of records contains information about them.

See 5 U.S.C. §§ 552a(e)(4)(G), (f)(1).

       The defendants treat Hillier’s requests as though he is also seeking records under FOIA.

Defs.’ Statement of Material Facts ¶¶ 3, 6, 19, 29. FOIA provides that “each agency, upon any



                                                4
request for records which (i) reasonably describes such records and (ii) is made in accordance

with published rules stating the time, place, fees (if any), and procedures to be followed, shall

make the records promptly available to any person.” 5 U.S.C. § 552(a)(3)(A).

       The Privacy Act and FOIA are structurally similar. Londrigan v. FBI, 670 F.2d 1164,

1169 (D.C. Cir. 1981). Both provide a requester with access to federal agency records about the

requester and create a private cause of action when an agency fails to comply with a valid

request. 3 See 5 U.S.C. §§ 552a(d)(1), (g)(1) (Privacy Act); 5 U.S.C. §§ 552(a)(3)(A), (a)(4)(B)

(FOIA).

       Under both the Privacy Act and FOIA, an agency must conduct an adequate and

reasonable search for relevant records. See Chambers v. U.S. Dep’t of Interior, 568 F.3d 998,

1003 (D.C. Cir. 2009) (stating that “the Privacy Act, like FOIA, requires” that a search “be

reasonably calculated to uncover all relevant documents” (internal quotation marks omitted)). In

this Circuit, courts apply the same standard under both statutes to determine the adequacy of a

search. 4 See id.; Hill v. U.S. Air Force, 795 F.2d 1067, 1069 (D.C. Cir. 1986) (per curiam)

(affirming search’s adequacy under Privacy Act for the same reasons the search was affirmed

under FOIA). Thus, “[i]n a suit seeking agency documents—whether under the Privacy Act or

the FOIA—at the summary judgment stage, where the agency has the burden to show that it


3
  Unlike FOIA, however, the Privacy Act “does not have disclosure as its primary goal. Rather,
the main purpose of the Privacy Act’s disclosure requirement is to allow individuals on whom
information is being compiled and retrieved the opportunity to review the information and
request that the agency correct any inaccuracies.” Henke v. U.S. Dep’t of Commerce, 83 F.3d
1453, 1456–57 (D.C. Cir. 1996).
4
  Hillier contends that FOIA is not relevant in this case. Pl.’s Opp’n Br. at 5–8, Dkt. 45. But
FOIA caselaw is relevant here because, as noted, the agencies treated his requests as seeking
records pursuant to the FOIA and the Privacy Act, and courts apply the same standards to
determine the adequacy of an agency’s search under both statutes. See, e.g., Chambers, 568 F.3d
at 1003; Ellis v. DOJ, 110 F. Supp. 3d 99, 107 (D.D.C. 2015).

                                                 5
acted in accordance with the statute, the court may rely on a reasonably detailed affidavit, setting

forth the search terms and the type of search performed, and averring that all files likely to

contain responsive materials (if such records exist) were searched.” Chambers, 568 F.3d at 1003

(internal alteration and quotation marks omitted). The agency’s affidavit is “accorded a

presumption of good faith, which cannot be rebutted by ‘purely speculative claims about the

existence and discoverability of other documents.’” SafeCard Servs., Inc. v. SEC, 926 F.2d

1197, 1200 (D.C. Cir. 1991) (quoting Ground Saucer Watch, Inc. v. CIA, 692 F.2d 770, 771

(D.C.Cir.1981)).

       If agency searches reveal records responsive to a Privacy Act or FOIA request, an agency

may withhold access to the records if the statutes exempt them from disclosure. See 5 U.S.C.

§§ 552a(j)(2), (k)(2), 552(b). Although the Privacy Act and FOIA “substantially overlap,” the

statutes “are not completely coextensive; each provides or limits access to material not opened or

closed by the other.” Greentree, 674 F.2d at 78. The Privacy Act and FOIA “seek[] in different

ways to respond to the potential excesses of government,” and “[e]ach, therefore, has its own

functions and limitations.” Id. at 76. Accordingly, “[t]he two acts explicitly state that access to

records under each is available without regard to exemptions under the other.” Id. This means

that, when both statutes are at play, an agency seeking to withhold records must “demonstrate

that the documents fall within some exemption under each Act.” Martin v. Office of Special

Counsel, Merit Sys. Prot. Bd., 819 F.2d 1181, 1184 (D.C. Cir. 1987). “If a FOIA exemption

covers the documents, but a Privacy Act exemption does not, the documents must be released

under the Privacy Act; if a Privacy Act exemption but not a FOIA exemption applies, the

documents must be released under FOIA.” Id.




                                                  6
III.   ANALYSIS

       The defendants move for summary judgment under Rule 56 on the ground that their

searches were adequate but they found no nonexempt records to disclose to Hillier. Defs.’ Mot.

for Summ. J. at 1. Hillier opposes the defendants’ motion and champions his cross-motion for

summary judgment, which he contends must prevail because the agencies’ declarations

(1) contain statements contradicted by the record, (2) call into question the adequacy of the

searches, (3) pose evidentiary deficiencies, and (4) fail to address Hillier’s allegations of bad

faith. See Pl.’s Opp’n Br. at 1 (attached as Ex. 64 to Pl.’s Opp’n to Defs.’ Mot.), Dkt. 45. The

Court assesses the parties’ motions by considering each of Hillier’s Privacy Act requests and the

agencies’ corresponding searches and responses.

       A. Hillier’s Privacy Act Request to the CIA

       Hillier began his pursuit of federal agency records by sending a January 6, 2012 Privacy

Act request to the CIA. Shiner Decl. Ex. B at 1. Hillier’s request stated:

       I believe that I may have been identified as a person of intelligence interest by your
       agency, as I appear to be under surveillance, I appear to be the continual target of a
       number of behaviors intended to provoke, threaten, intimidate, distress, and harass
       me, and I continue to be a target for acts of battery.

Id. Hillier further stated that, “[d]ue to my education and subsequent work in operations

research, it is also possible that your agency has record[s] of me as a potential vendor or

consultant, and that fact has led to my identification as a person of intelligence interest to this or

another agency.” Id. Hiller requested notice of records about him in the following systems:

(1) CIA-22, Personnel Security Records; (2) CIA-24, Polygraph Records; (3) CIA-26, Office of

General Counsel Records; (4) CIA-32, Office of the Deputy Director of Central Intelligence for

Community Management Records; (5) CIA-33, National Intelligence Council Records; (6) CIA-




                                                   7
35, Directorate of Science & Technology Private Sector Contact Information; (7) CIA-37,

Directorate of Operation Records; (8) CIA-38, Academic and Business Contact Records;

(9) CIA-40, Research System Records; and (10) CIA-41, Intelligence Analysis Records. Hillier

identified himself by his full legal name, another name he used from 1990-91, his date and place

of birth, his social security number, his citizenship status, and his then-current and previous

residential addresses. Shiner Decl. Ex. B at 2.

               1. The CIA’s Response

       The CIA’s response to Hillier’s Privacy Act request is described in Antoinette B. Shiner’s

declaration. Shiner is a senior CIA official with Top Secret classification authority. Shiner Decl.

¶ 2, Dkt. 40-4. Shiner serves as the Information Review Officer for the CIA’s Litigation

Information Review Office. Id. ¶ 1. She is also a designated Records Validation Officer, which

means she is “authorized to testify or execute affidavits regarding CIA records and records

searches for litigation matters involving CIA information.” Id. ¶¶ 3, 5.

       The CIA sent Hillier a March 5, 2012 letter stating that his request would be processed as

both a Privacy Act request and a FOIA request. 5 Id. ¶ 7. The CIA first focused on unclassified

records that “reveal an open or acknowledged relationship” between Hillier and the CIA. Id.

¶ 11. The CIA therefore confined its initial search to publicly released records about Hillier but

found none. Id. ¶ 12.

       “[B]ased on this search, and analysis of the subject matter of the request,” the CIA

determined that the “Directorate of Support (DS) and the Director’s Area (DIR) were the

directorates most likely to maintain records responsive to the request because they were the most



5
 The CIA also directed Hillier to contact the Office of the Director of National Intelligence
(ODNI) to request records from the CIA-33 system because the ODNI maintains that system. Id.

                                                  8
likely to maintain records that reflect an overt relationship between Mr. Hillier and the CIA.” Id.

According to Shiner, “[t]here were no additional locations that would reasonably likely . . .

maintain the records sought in this case.” Id. The CIA ultimately “identified the specific

databases that were reasonably likely to maintain responsive records,” id., and conducted

searches of all offices that manage the systems of records Hillier identified, id. ¶ 12 n.6. 6 The

CIA’s searches “us[ed] all variations of [Hillier’s] name and biographical identifiers that he

provided: ‘W Hillier,’ ‘Hillier (with DOB/SSN),’ ‘M Rainsong,’ and ‘Rainsong (with

DOB/SSN),’ ‘Wynship West Hillier,’ ‘Mabon Clearwater Rainsong,’ and ‘Hillier.’” Id. ¶ 13.

But the CIA again located no records about Hillier. Id. ¶ 13.

       For classified records, the CIA provided a so-called “Glomar response” 7 that neither

confirmed nor denied the existence of records about Hillier pursuant to FOIA exemptions 1 and

3 and Privacy Act exemptions (j)(1) and (k)(1). FOIA exemption 1 protects from disclosure

“matters that are . . . specifically authorized under criteria established by an Executive order to

be kept secret in the interest of national defense or foreign policy and (B) are in fact properly

classified pursuant to such Executive order.” 5 U.S.C. § 552(b)(1). As Shiner explained,

Executive Order 13256 “is the operative executive order that governs classification,” Shiner



6
  Shiner’s declaration states that the “Director’s Area” is a “cluster of offices under the Director
of the CIA, such as the Office of General Counsel, the Office of Public Affairs and the Office of
the Inspector General.” Shiner Decl. ¶ 12 n.5. The database searches at that directorate therefore
covered multiple offices.
7
 “The Glomar response takes its name from the CIA’s refusal to confirm or deny the existence
of records about the Hughes Glomar Explorer, a ship used in a classified CIA project to raise a
sunken Soviet submarine from the floor of the Pacific Ocean to recover the missiles, codes, and
communications equipment onboard for analysis by United States military and intelligence
experts.” People for the Ethical Treatment of Animals v. Nat’l Insts. of Health, Dep’t of Health
& Human Servs., 745 F.3d 535, 540 (D.C. Cir. 2014) (internal quotation and alteration marks
omitted).

                                                  9
Decl. ¶ 14, and it provides that, “in response to a request for information under the Freedom of

Information Act, the Presidential Records Act, the Privacy Act of 1974, or the mandatory review

provisions of this order: (a) An agency may refuse to confirm or deny the existence or

nonexistence of requested records whenever the fact of their existence or nonexistence is itself

classified under this order or its predecessors,” EO 13256 § 3.6(a). By a delegation of authority

under Executive Order 13256, Shiner is authorized to make classification decisions and

“determined that the fact of the existence vel non of the requested records is currently and

properly classified.” Shiner Decl. ¶ 15.

       Because FOIA exemption 1 requires the CIA to describe the national security damage

that could result from revealing whether classified records exist about Hillier, id. ¶ 23, Shiner

explained that confirming the existence or nonexistence of records about Hillier could reveal

intelligence sources or methods and intelligence activities, including covert actions, as defined in

Executive Order 13256. See id. ¶¶ 17, 18, 19. Shiner stated that a response to Hillier’s Privacy

Act request could “jeopardize the clandestine nature of the Agency’s intelligence activities or

otherwise reveal previously undisclosed information about CIA sources, capabilities, authorities,

interests, relationships with domestic or foreign entities, strengths, weaknesses, and/or

resources.” Id. ¶ 18.

       Shiner further stated that intelligence gathering is a primary function of the CIA that

depends on human sources and targets. Id. ¶ 19. According to Shiner, human sources will

furnish information only with confidence that the CIA will protect them from public disclosure.

Id. She emphasized that CIA confirmation of a human source may lead targets to retaliate

against the source or his family and friends. Id. Disclosure of human sources also “places in

jeopardy every individual with whom the individual has had contact.” Id. “Thus, the



                                                 10
indiscretion of one source in a chain of intelligence sources can damage an entire spectrum of

sources.” Id. For these reasons, Shiner concluded that confirming or denying the existence of

records about someone “reasonably could be expected to cause serious damage to U.S. national

security by indicating whether or not CIA maintained any human intelligence sources related to

an interest in the subject of the request.” Id. And she explained why consistent use of a Glomar

response is necessary even when the CIA has no records about a requester:

        To be credible and effective, the CIA must use the Glomar response consistently in
        all cases where the existence or nonexistence of records responsive to a FOIA
        request is a classified fact, including instances in which the CIA does not possess
        records responsive to a particular request. If the CIA were to invoke a Glomar
        response only when it actually possessed responsive records, the Glomar response
        would be interpreted as an admission that responsive records exist. This practice
        would reveal the very information that the CIA must protect in the interest of
        national security.

Id. ¶ 20.

        Shiner asserted that a Glomar response was also proper under FOIA exemption 3, which

protects information exempted by statute when the statute (1) requires withholding the

information from the public in a manner that leaves no discretion on the issue or (2) establishes

particular criteria for withholding or refers to particular types of matters to be withheld. Id.

¶¶ 21, 23; see also 5 U.S.C. § 552(b)(3). The National Security Act of 1947, as amended,

mandates that the Director of National Intelligence protect intelligence sources and methods

from unauthorized disclosure and thereby requires the information to be withheld without

discretion. Shiner Decl. ¶ 22; see also 50 U.S.C. § 3024(i)(1). In accordance with that Act and

provisions of Executive Order 12333, and under the direction of the Director of National

Intelligence, “the CIA is authorized to protect CIA sources and methods from unauthorized

disclosure.” Shiner Decl. ¶ 22. As Shiner explained with respect to FOIA exemption 1, the

existence or nonexistence of records indicating a classified connection between Hillier and the


                                                 11
CIA could reveal information about intelligence sources and methods. Id. ¶ 18, 19. And the

National Security Act protects such information from unauthorized disclosure. Id. ¶ 22. Shiner

therefore stated that “the fact of the existence or nonexistence of records that would reflect a

classified connection to the CIA is exempt from disclosure under FOIA exemption [3] pursuant

to the National Security Act.” Id. ¶ 23.

       Shiner also concluded that the existence or nonexistence of records about Hillier was

protected from disclosure by Privacy Act exemptions (j)(1) and (k)(1). Id. ¶¶ 24, 25, 26, 27.

Exemption (j)(1) authorizes the Director of the CIA to promulgate regulations that exempt

systems of records from the Privacy Act’s access and amendment provisions. 5 U.S.C.

§ 552a(d). Shiner Decl. ¶ 24; see also 5 U.S.C. § 552a(j)(1). The Director of the CIA did so in

32 C.F.R. § 1901.62(d)(1), which exempts from the Privacy Act’s access provisions parts of CIA

systems of records “that consist of, pertain to, or would otherwise reveal intelligence sources and

methods.” Shiner Decl. ¶ 24 (citing the regulation). As Shiner explained with respect to FOIA

exemptions 1 and 3, the existence or nonexistence of a classified connection between the CIA

and Hillier “implicates intelligence sources and methods.” Id. ¶ 24.

       Privacy Act exemption (k)(1) authorizes the Director of the CIA to promulgate rules that

exempt agency systems of records from the access provision of the Privacy Act if the system is

subject to FOIA exemption 1. Id. ¶ 26 (citing 5 U.S.C. § 552a(k)(1)). As already discussed,

FOIA exemption 1 protects from disclosure information that is properly classified under an

executive order. 5 U.S.C. § 552(b)(1). Shiner asserted that the existence or nonexistence of a

classified connection between the CIA and Hillier “can reasonably be expected to cause serious

damage to U.S. national security” so it “is currently and properly classified under Executive




                                                 12
Order 13526 and is, therefore, exempt from disclosure under Privacy Act exemption (k)(1).”

Shiner Decl. ¶ 26.

        Because the existence or nonexistence of classified responsive records about Hillier “is

itself a properly classified fact and . . . is intertwined with intelligence activities, sources, and

methods,” Shiner determined that “this fact is, and must remain, classified and protected by

statute.” Id. ¶ 28. Shiner therefore concluded that “the only appropriate response is for the CIA

to neither confirm nor deny the existence or nonexistence of the requested records under FOIA

exemptions [1 and 3] and Privacy Act exemptions (j)(1) and (k)(1).” Id.

                2. Adequacy of the CIA’s Search and Propriety of Withholdings

        To secure summary judgment under the Privacy Act and FOIA, the CIA “must show that

it made a good faith effort to conduct a search for the requested records, using methods which

can be reasonably expected to produce the information requested.” Reporters Comm. for

Freedom of Press v. FBI, 877 F.3d 399, 402 (D.C. Cir. 2017) (quoting Oglesby v. U.S. Dep’t of

Army, 920 F.2d 57, 68 (D.C. Cir. 1990)). “[T]he issue to be resolved is not whether there might

exist any other documents possibly responsive to the request, but rather whether the search for

those documents was adequate.” Weisberg v. DOJ, 745 F.2d 1476, 1485 (D.C. Cir. 1984). “The

adequacy of the search, in turn, is judged by a standard of reasonableness and depends, not

surprisingly, upon the facts of each case.” Id. The question is whether the CIA’s search was

“reasonably calculated to discover the requested documents, not whether it actually uncovered

every document extant.” SafeCard, 926 F.2d at 1201.

        “A reasonably detailed affidavit, setting forth the search terms and the type of search

performed, and averring that all files likely to contain responsive materials (if such records exist)

were searched” is necessary for an agency to prevail on summary judgment. Oglesby, 920 F.2d

at 68. Agency declarations should also specify who performed the search, Steinberg v. DOJ, 23
                                                   13
F.3d 548, 552 (D.C. Cir. 1994), and “reflect [a] systematic approach to document location,”

Weisberg v. DOJ, 627 F.2d 365, 371 (D.C. Cir. 1980).

       The Shiner declaration satisfies the standards of both the Privacy Act and FOIA by

properly describing a systematic approach to the CIA’s search that first focused on publicly

released records and then turned to unclassified documents that the agency might possess. The

declaration explains that the CIA rationally determined that the Directorate of Support and the

Director’s Area were the only locations likely to have responsive records based on the results of

the search of publicly-released records and the substance of Hillier’s request. The declaration

states that the CIA identified specific databases that were reasonably likely to contain responsive

records and searched those databases using search terms consisting of the personal identifiers

Hillier presented in his Privacy Act request. The Court therefore finds that the CIA’s Shiner

declaration describes an adequate search conducted in good faith that was reasonably calculated

to discover Hillier’s requested documents. See Reporters Comm. for Freedom of Press, 877 F.3d

at 402; Oglesby, 920 F.2d at 68.

       Hillier challenges the CIA’s search by first arguing that the Shiner declaration was not

based on personal knowledge. See Pl.’s Opp’n Br. at 25–26. But Shiner states in her declaration

that “I make the following statements based upon my personal knowledge and information made

available to me in my official capacity.” Shiner Decl. ¶ 6. In this Circuit, a declarant may

satisfy the personal knowledge requirement by “attest[ing] to his personal knowledge of the

procedures used in handling [a FOIA or Privacy Act] request and his familiarity with the

documents in question.” Barnard v. Dep’t of Homeland Sec., 598 F. Supp. 2d 1, 19 (D.D.C.

2009) (internal quotation marks omitted). Shiner’s declaration makes clear that she is familiar

with the procedures relating to the Privacy Act and FOIA requirements, as well as the records



                                                14
Hillier requested. Shiner states that she: (1) worked in the review-and-release field for 18 years

in various official capacities that involved responsibility for classification and release

determinations, Shiner Decl. ¶ 2; (2) is a senior CIA official who holds original classification

authority to the Top Secret level, id. ¶ 3; (3) is responsible for litigation information and public

requests for information under the Privacy Act and FOIA, id. ¶ 4; (4) is a Records Validation

Officer authorized to testify about CIA records and searches, id. ¶ 5; and (5) “[t]hrough the

exercise of [her] official duties, [she] ha[s] become familiar with this civil action and the

underlying FOIA request,” id. ¶ 6. These statements suffice to satisfy the personal knowledge

requirement. See Barnard, 598 F. Supp. at 19.

       Hillier also claims that Shiner’s declaration fails to identify who conducted and

supervised the searches or when the searches were performed. Pl.’s Opp’n Br. at 25–26. But

Shiner’s declaration, which must be accorded a presumption of good faith, see SafeCard Servs.,

Inc., 926 F.2d at 1200, identified who conducted the searches by stating that the CIA Information

and Privacy Coordinator received and processed Hillier’s request, Shiner Decl. ¶ 7, and the “CIA

employees who performed the necessary searches have access to pertinent records, are qualified

to search those records and regularly search those records in the course of their professional

duties,” id. ¶ 11. With respect to these employees’ names, “[t]he FOIA does not require the

disclosure of the names or information about agency staff involved in processing FOIA

requests.” Kidder v. FBI, 517 F. Supp. 2d 17, 24 (D.D.C. 2007). Indeed, this court previously

rejected as “frivolous” a requester’s contention that an agency should reveal the names of

employees who conducted searches. Harrison v. Fed. Bureau of Prisons, 611 F. Supp. 2d 54, 65

(D.D.C. 2009) (noting that personal identifying information about agency searchers would be

exempt from disclosure under FOIA exemption 6 if recorded).



                                                  15
       Hillier cites no authority for the proposition that failing to identify the actual date on

which an agency conducts a search defeats the adequacy of the search or the presumption of

good faith attached to an agency declaration. See Pl.’s Opp’n Br. at 25–26. And Hillier’s claim

that Shiner did not supervise the searches is unavailing. Id. at 26. Shiner’s declaration states that

she is responsible for the classification review of CIA documents and information that are the

subject of court proceedings or Privacy Act and FOIA requests, and, as a Records Validation

Officer, she is authorized to testify or execute affidavits about CIA records searches. See Shiner

Decl. ¶¶ 4, 5. Shiner’s representations show that, through her authorities and position as a

Records Validation Officer for CIA records searches, id. ¶ 5, she had a managerial (and thus

supervisory) role with respect to the searches conducted here.

       Hillier further argues that the CIA’s searches were incomplete because “entire systems of

records of which plaintiff requested search were apparently never touched.” Pl.’s Opp’n Br. at

29–30. But “there are some limits on what an agency must do to satisfy its FOIA obligations.”

Nation Magazine, Wash. Bureau v. U.S. Customs Serv., 71 F.3d 885, 891 (D.C. Cir. 1995).

“There is no requirement that an agency search every record system.” Oglesby, 920 F.2d at 68.

“Although an agency may not ignore a request to search specific record systems when a request

reaches the agency before it has completed its search, a search is generally adequate where the

agency has sufficiently explained its search process and why the specified record systems are not

reasonably likely to contain responsive records.” Mobley v. CIA, 806 F.3d 568, 582 (D.C. Cir.

2015). “Further, a request for an agency to search a particular record system—without more—

does not invariably constitute a ‘lead’ that an agency must pursue.” Id. “After all, a FOIA

requester’s detailed search instructions cannot dictate the reasonableness of the scope of an

agency’s FOIA search.” Nolen v. DOJ, 146 F. Supp. 3d 89, 98 (D.D.C. 2015).



                                                 16
       Ultimately, the question is whether the agency’s search was reasonable based on the

facts, Mobley, 806 F.3d at 580, not “whether any further documents might conceivably exist,”

Truitt v. Dep’t of State, 897 F.2d 540, 542 (D.C. Cir. 1990). Here, the CIA determined that the

“Directorate of Support (DS) and the Director’s Area (DIR) were the directorates most likely to

maintain records responsive to the request because they were most likely to maintain records that

reflect an overt relationship between Mr. Hillier and the CIA.” Shiner Decl. ¶ 12. “[T]he

Agency identified the specific databases that were reasonably likely to maintain responsive

records,” and “[t]here were no additional locations that would [be] reasonably likely to maintain

the records sought in this case.” Id. All of the circumstances described in the Shiner declaration

demonstrate that the CIA made a good faith effort to conduct a search for Hillier’s requested

records, using methods that can reasonably be expected to produce the requested information.

See Oglesby, 920 F.2d at 68. The Court therefore holds that the CIA’s search was reasonable

and adequate. See Truitt, 897 F.2d at 542.

               3. The CIA’s Glomar Response

       Hillier contends that it was improper for the CIA to provide a Glomar response to his

request. Pl.’s Opp’n Br. at 25, 33–44. A “Glomar response . . . is proper if the fact of the

existence or nonexistence of agency records falls within a FOIA [or Privacy Act] exemption.”

Wolf v. CIA, 473 F.3d 370, 374 (D.C. Cir. 2007). “In determining whether the existence of

agency records vel non fits a FOIA exemption, courts apply the general exemption review

standards established in non-Glomar cases.” Id. If a Glomar response is justified, “the agency

need not conduct any search for responsive documents or perform any analysis to identify

segregable portions of such documents.” People for the Ethical Treatment of Animals, 745 F.3d

535 at 540. And “[c]ourts can grant summary judgment upholding a Glomar response based on

agency affidavits explaining the basis for the response.” Id. As described, the Shiner declaration
                                                17
provides a detailed justification for the CIA’s Glomar response. Shiner explained the legal bases

for the response and how it complied with exemptions (j)(1) and (k)(1) of the Privacy Act and

exemptions 1 and 3 of FOIA. Shiner Decl. ¶¶ 13–27.

       Hillier’s claim that the Glomar response was improper because the CIA misapplied its

regulations also is not persuasive. See Pl.’s Opp’n Br. at 18. Hillier’s argument appears to rest

on two premises: first, that he sought notice of records—not access to them; and second, that the

standard for invoking a Glomar response under the notice provisions of the applicable agency

regulations, see 32 C.F.R. § 1901.62(c), is higher than that for the access provision, see 32

C.F.R. § 1901.62(d)(1). Id. at 19–25. Even assuming that Hillier is right, Shiner’s declaration

demonstrates how confirming the existence of records about Hillier could jeopardize intelligence

sources and methods, see Shiner Decl. ¶¶ 18, 19, and would therefore satisfy any heightened

standard potentially applicable to a request for notice. The CIA’s Glomar response is amply

supported by Shiner’s declaration. See People for the Ethical Treatment of Animals, 745 F.3d at

540.

       B. Hillier’s Privacy Act Requests to DHS

       Hillier next sent a January 11, 2012 letter to the Disclosure Officer at the Office of

Intelligence and Analysis in DHS asking for notice of non-exempt records about him in a record

system he identified as “DHS/IA-001 (Office of Intelligence and Analysis Enterprise Records

System).” Sepeta Decl. Ex. A at 1, Dkt. 40-2. Hillier’s letter requested that the agency “please

search record categories A, B, C, D, E, F, G, H, and I, as listed on 73 FR 28132.” Id. Hillier

noted that records about him “may have been compiled at any time from 1983 to the present”

and he added that he worked for two defense department contractors in the mid-1980s. Id. He

also stated: “I may have been mistakenly identified as a terrorist, as people have suggested this

much to me, I appear to be under surveillance, I appear to be the continual target of a number of
                                                18
behaviors intended to provoke, threaten, intimidate, distress, and harass me, and I continue to be

a target for continuing incidents of battery, and am currently disabled as the result of one such

incident.” Id. Hillier then identified himself by his full legal name, an alternate name he used

from 1990–91, his date and place of birth, his social security number, his citizenship status, and

both his then-current and a prior residential address. Id.

       The next day, January 12, 2012, Hillier sent a similar letter to the Chief Privacy Officer

and Chief Freedom of Information Act Officer at DHS. Id. Ex. D at 1. In this second letter,

Hillier requested any non-exempt records about him located in the following two record systems:

       •   DHS/ALL-30 “Department of Homeland Security (DHS)/ALL-030 Use
           of the Terrorist Screening Database (TSDB) System of Records”
           (record categories: identifying information and other available
           identifying particulars including audit records containing such,
           references to and/or information from other government law
           enforcement and intelligence databases or other relevant databases
           containing such).

       •   DHS/ALL-031 “Information Sharing Environment (ISE) Suspicious
           Activity Reporting (SAR) Initiative System of Records” (record
           categories: attachments, contact information for submitters of ISE-
           SARs, driver license, follow-up action, location, location address,
           location coordinates, observer, owning organization, other identifier,
           passport, person, person name, physical descriptors, physical feature,
           ISE-SAR submission, sensitive information details, source
           organization, suspicious activity report, submitting organization,
           suspicious activity, target, vehicle, and related ISE-SAR).

Id. Hillier stated that “[DHS] may have a record about me because I may have been mistakenly

identified as a known or suspected terrorist.” Id. Hillier provided the same identifying

information that he submitted in his first letter to the agency, with the exception of his social

security number, which he omits. Id. at 2. He added a California driver’s license number and a

passport number. Id. He also indicated that records might be in the possession of the following

DHS components: Headquarters; Directorate for National Protection and Programs; Directorate

for Science and Technology; Office of Policy; Office of Health Affairs; Office of Intelligence
                                                 19
and Analysis; Office of Operations Coordination and Planning; Federal Law Enforcement

Training Center; Domestic Nuclear Detection Office; United States Coast Guard; Federal

Emergency Management Agency; and the United States Secret Service. Id.

               1. DHS’s Response

       Arthur R. Sepeta’s declaration describes DHS’s searches and response to Hillier’s

Privacy Act requests. As the Chief of the Privacy and Intelligence Oversight Branch at Office of

Intelligence and Analysis, Sepeta has “direct oversight” of the FOIA and Privacy Act policies,

procedures, and litigation involving Office of Intelligence and Analysis records. Sepeta Decl.

¶ 1. Sepeta states that DHS treated Hillier’s requests as requests under both the Privacy Act and

FOIA consistent with the agency’s policy and “to provide the greatest degree of access

authorized.” Id. ¶ 9. The defendants emphasize that, as a result, DHS “searched a broader

universe of records than those in the system of records that Plaintiff identified in his request.”

Defs.’ Reply at 5, Dkt. 47. As Sepeta explains, “[t]he Privacy Act’s right of access is limited to

records in a system of records, whereas FOIA searches encompass a much broader scope of

records.” Sepeta Decl. ¶ 9.

                       a. DHS’s Search of Record System DHS/IA-001

       According to Sepeta, Hillier’s January 11, 2012 request seeking notice of records about

him in the DHS/IA-001 record system was referred to the Office of Intelligence and Analysis

and assigned the tracking number 12-OIA-0030. Id. ¶¶ 10, 21. DHS/IA-001 is an Enterprise

Records System that contains all records over which the Office of Intelligence and Analysis

exercises control. Id. ¶ 22. The Office of Intelligence and Analysis searched the DHS/IA-001

record system using Hillier’s name, the alternate name he identified, his date and place of birth,

both his present and prior residential addresses, and the last four digits of his social security

number. Id. ¶ 22. The search encompassed “the Production Management Branch, the State and

                                                  20
Local Program Office, Enterprise Mission Support Division, and the Analysis and Production

Office.” Id. ¶ 22.

       On February 29, 2012, the Office of Intelligence and Analysis advised Hillier by letter

that no responsive records were found during the search of the DHS/IA-001 record system. Id.

¶ 11 & Ex. C at 1, Dkt. 40-2. The Office of Intelligence and Analysis also confirmed that no

records existed before January 24, 2003, the date DHS was created. Id. Ex. C at 1.

                      b. DHS’s Search of Record System DHS/ALL-30

       DHS’s Privacy Office processed Hillier’s second request seeking notice of records about

him in the record system identified as DHS/ALL-30 (Use of the Terrorist Screening Database

Systems of Records). 8 Id. ¶ 13 & Ex. E at 1, Dkt. 40-2. In a March 19, 2012 letter, the Privacy

Office explained to Hillier that, even if records about him exist in the DHS/ALL-30 record

system, he had no right to access the records because they are exempt under both the Privacy Act

and FOIA. Id. Ex. E at 1–2.

       Addressing the Privacy Act first, the Privacy Office stated that the records in DHS/ALL-

30 are exempt from the Act because the Terrorist Screening Database is part of a Federal Bureau

of Investigation (FBI) record system that the FBI has exempted from certain provisions of the

Act. Id. Ex. E at 1. According to the Privacy Office, the FBI exempted the Terrorist Screening

Database from 5 U.S.C. § 552a(d), which is the Privacy Act provision that provides access

rights. Id. Because DHS gets Terrorist Screening Database information from the FBI’s Terrorist

Screening Center, the FBI’s exemption “carries over when the TSDB information is transferred

to the Department.” Id.



8
 The record does not reflect that DHS assigned a tracking number to this request. See Id. ¶¶ 12–
13; id. Ex. E.

                                               21
       The Privacy Office further explained that DHS’s record systems that receive the FBI’s

Terrorist Screening Database information through the Watch List Service are also exempt under

the Privacy Act, including the Privacy Act provision providing access to records. Id. (citing 5

U.S.C. §§ 552a(d), (j)(2), (k)(1), (k)(2), and 76 Fed. Reg. 81787). Information from the Terrorist

Screening Database “is categorized as Sensitive Security Information (‘SSI’) under 49 U.S.C.

§114(r), and the implementing regulation found at 49 CFR part 1520.” Id. Citing 49 C.F.R.

§§ 1520.9(a)(2) and 1520.15(a), the Privacy Office stated that “[r]ecords containing SSI are not

available for public inspection or copying, nor can they be released to anyone who does not have

an official need to know.” Id. The Privacy Office therefore concluded that Hillier “has no right

to access or amend the records contained in these systems” and denied his request under the

Privacy Act. Id.

       The Privacy Office reached a similar result under FOIA, concluding that any records

responsive to Hillier’s request for records in DHS/ALL-30 are exempt from disclosure under

FOIA exemption 3 because they constitute Sensitive Security Information exempt by a statute,

49 U.S.C. § 114(r), Sepeta Decl. Ex. E at 2, which prohibits the disclosure of qualifying

information that is “obtained or developed in carrying out security under authority of the

Aviation and Transportation Security Act,” 49 U.S.C. § 114(r)(1). Thus, the Privacy Office

provided a Glomar response and neither confirmed nor denied the existence of records that might

reveal Hillier’s status in the Terrorist Screening Database. Sepeta Decl. Ex. E at 2.

       The Privacy Office further concluded that any such records were also subject to FOIA

exemption 7(E), 5 U.S.C. § 552(b)(7)(E). Id. Exemption 7(E) protects law enforcement

information that “would disclose techniques and procedures for law enforcement investigations




                                                22
or prosecutions, or would disclose guidelines for law enforcement investigations or prosecutions

if such disclosure could reasonably be expected to risk circumvention of the law.” 5 U.S.C.

§ 552(b)(7)(E). Accordingly, the Privacy Office denied Hillier’s request for notice of records

relating to him based on FOIA exemptions 3 and 7(E). Sepeta Decl. Ex. E at 2.

                       c. DHS’s Search of Record System DHS/ALL-031

       Hillier’s third request asking for notice of records about him located in the DHS/ALL-

031 system was referred to the Office of Intelligence and Analysis where it was assigned

tracking number 12-OIA-0040. Sepeta Decl. ¶ 13. The Sepeta declaration and exhibits indicate

that the records in DHS/ALL-031 are a subset of the records contained in DHS/IA-001, which,

as noted, is a comprehensive record system that contains all records over which the Office of

Intelligence and Analysis exercises control. Id. ¶¶ 14, 22 & Ex. F at 1 (stating that DHS/IA-001

“includes . . . ISE . . . and Suspicious Activity Reporting (SAR)”). As a result, the Office of

Intelligence and Analysis’s search of DHS/IA-001 using Hillier’s full name, alternative name,

birth date, birth place, and current and prior residential addresses also covered records in

DHS/ALL-031. Id. ¶ 21.

       Sepeta’s declaration states that the Office of Intelligence and Analysis’s April 4, 2012

letter to Hillier served as its final response to Hillier’s request about DHS/ALL-031. Id. ¶ 14.

The April 4, 2012 letter, however, refers to DHS/ALL-030 rather than to DHS/ALL-031, which

appears to be a typographical error. 9 Id. Ex. F at 1, Dkt. 40-2. Perhaps this is why, after Hillier


9
  The confusion about whether DHS/ALL-031 was adequately searched can be attributed to this
apparent typographical error in the Privacy Office’s April 4, 2012 letter to Hillier. See Sepeta
Decl. Ex. F at 1. DHS/ALL-031 is consistently characterized in Sepeta’s declaration and
exhibits, as well as in Hillier’s January 12, 2012 Privacy Act request, as an “Information Sharing
Environment and Suspicious Activity Reporting System.” Id. ¶¶ 12, 22, Ex. D at 1, Ex. E at 2,
Ex. H at 1; see also id Ex. E at 2 (“As it relates to your access for records in the DHS/All-031,
Information Sharing Environment (ISE) Suspicious Activity Reporting (SAR) Initiative System
of Records . . . . I am referring your request to the FOIA Officer for OI&A . . . .”). Although the
                                                 23
pursued an administrative appeal on April 20, 2012, id. ¶ 15, the United States Coast Guard

Office of the Chief Administrative Law Judge 10 remanded the matter back to the Office of

Intelligence and Analysis on February 12, 2013, stating that “the record does not reflect whether

the proper database was searched or otherwise accounted for in the Final Response,” id. Ex. G at

2, Dkt. 40-2.

       The Sepeta declaration reveals that on May 8, 2012—after Hillier filed his administrative

appeal on April 20, 2012 but before it was remanded on February 12, 2013—the Office of

Intelligence and Analysis conducted a search of computers and share drives belonging to

personnel within the Production Management Branch of the Office of Intelligence and

Analysis. 11 Id. ¶ 23. The Office of Intelligence and Analysis conducted the search using the

personal identifiers Hillier provided in his January 12, 2012 letter. Id. The Office of Intelligence

and Analysis limited the search to the Production and Management Branch of the Office of


Privacy Office’s April 4, 2012, letter refers to DHS/ALL-030 rather than to DHS/ALL-031, it
characterizes the system as the “Information Sharing Environment and Suspicious Activity
Reporting system,” id. Ex. F at 1, thereby indicating that it is intended to be DHS/ALL-031. In
contrast, the DHS/ALL-030 system is consistently characterized as “Use of the Terrorist
Screening Database System of Records.” Id. ¶ 12, Ex. D at 1, Ex. E at 1. Moreover, Hillier’s
request for records in the DHS/ALL-031 record system is the only request that was referred to
the Office of Intelligence and Analysis on March 19, 2012. Thus, the record indicates that the
reference to DHS/ALL-030 in the April 4, 2012 letter to Hillier is a typographical error, although
DHS has never said so.
10
  By contract, the United States Coast Guard Office of the Chief Administrative Law Judge
reviews FOIA appeals for the DHS General Counsel. See id. Ex. G at 2.
11
  Although the Sepeta declaration never expressly states whether that search involved the
DHS/ALL-031 record system, the declaration cites the tracking number that applied to the
DHS/ALL-031 record system. Sepeta Decl. ¶ 16. Moreover, on remand, the Office of
Intelligence and Analysis reported on November 26, 2013 that it “searched all component level
SAR [Suspicious Activity Reporting] files, and other source material without result.” Id. ¶ 18,
Ex. H at 2, Dkt. 40-2. As noted, this search must have involved the DHS/ALL-031 record
system given that system’s characterization in the Privacy Office’s March 19, 2012 letter as a
“suspicious activity reporting” system. Id. Ex. E at 1.

                                                24
Intelligence and Analysis because that branch was responsible for keeping finished intelligence

products and the search would have identified responsive documents created between the time of

the first and second searches. Id. Because the Office of Intelligence and Analysis discovered no

responsive records during the second search, “there was no need to further expand the search to

other offices.” Id. DHS denied Hillier’s administrative appeal on July 9, 2015. Id. ¶ 19.

       2. Adequacy of DHS’s Searches

       Hillier does not challenge DHS’s searches of DHS/IA-001 or DHS/ALL-030. But he

does contest DHS’s search of DHS/ALL-031 because it was limited to the Office of Intelligence

and Analysis—only one of DHS’s twelve components. See Pl.’s Br. In Support of Mot. for

Partial Summ. J. at 10, Dkt. 41; Pl.’s Opp’n Br. at 9. 12

       Although an agency is not required to search every record system, Oglesby, 920 F.2d at

68, it cannot ignore requests to search specific systems that are received before it completes its

searches, Mobley, 806 F.3d at 582. If an agency elects not to search specific systems that a

requester has identified, controlling precedent makes clear that the agency must “sufficiently

explain[] . . . why the specified record systems are not reasonably likely to contain responsive

records.” Mobley, 806 F.3d at 582. The Sepeta declaration lacks sufficient detail to meet this

standard. As a result, the Court is unable to conclude whether DHS’s search was adequate.

       Hillier’s Privacy Act request to DHS seeking notice of records in DHS/ALL-031

identified the following 12 components where Hillier believed records could be found:

Headquarters; Directorate for National Protection and Programs; Directorate for Science and

Technology; Office of Policy; Office of Health Affairs; Office of Intelligence and Analysis;



12
   Because the arguments raised in Hillier’s other motions are similar to those raised in his
opposition to the defendants’ motion for summary judgment, from this point forward the Court
cites to his opposition to the defendants’ motion for summary judgment.
                                                 25
Office of Operations Coordination and Planning; Federal Law Enforcement Training Center;

Domestic Nuclear Detection Office; United States Coast Guard; Federal Emergency

Management Agency; and the United States Secret Service. Sepeta Decl. Ex. D at 2. The Sepeta

declaration states that the Office of Intelligence and Analysis searched for records “over which

[it] maintained control,” id. ¶ 23, but never mentions whether the other 11 components might

have responsive records or their records are under the Office of Intelligence and Analysis’s

“control.” If DHS determined that the Office of Intelligence and Analysis was the only DHS

component that had a record system reasonably likely to contain responsive records, the Sepeta

declaration should say so. See Mobley, 806 F.3d at 582.

       It is also unclear whether the Office of Intelligence and Analysis’s search of the

DHS/ALL-031 system was limited to only its own suspicious activity reports or whether it

included the suspicious activity reports of other DHS components. The Sepeta declaration’s

exhibits indicate that the Office of Intelligence and Analysis’s search might not have been so

limited. As the Office of Intelligence and Analysis FOIA Officer explained in a November 26,

2013 letter responding to the remand of Hillier’s administrative appeal:

       [S]everal operational components within DHS regularly observe or otherwise
       encounter suspicious activities while executing their authorized missions and
       performing operational duties. Components document those observations or
       encounters in SARs. DHS I&A is one of the DHS components that routinely
       collects and formats information into SARs. These documents are stored locally,
       which means that all contributors, including DHS components, exercise control
       over their own reports and they are not available in the absence of a specific query.
       And because each contributor maintains control over its own information, when a
       record from a contributor is located, the contributor has sole authority to determine
       whether it can be released outside NSI participants.

       As a contributor to this system of records, DHS I&A has authority over only its
       own SARs. Nevertheless, DHS I&A searched all component level SAR files, and
       other source material without result. To the extent that Mr. Hillier wants a search
       of SARs contributed by other NSI participants, he must make separate requests.



                                                26
Sepeta Decl. Ex. H at 2, Dkt. 47-1 (emphasis added) (quotation marks omitted). This letter

suggests that the Office of Intelligence and Analysis conducted a search of all DHS (i.e.,

component level) suspicious activity reports, not just the Office of Intelligence and Analysis’s

reports. 13 Neither the Sepeta declaration nor the defendants’ legal briefs make this argument,

however, so the Court is left to believe this might not be the case.

       This lack of clarity is compounded by the fact that, as already discussed, the Office of

Intelligence and Analysis’s April 4, 2012 letter to Hillier that purports to be DHS’s final

response to Hillier’s request about DHS/ALL-031 makes reference to DHS/ALL-030 rather than

to DHS/ALL-031. The Court presumes that this is an error but it would be helpful if the Sepeta

declaration said so one way or the other.

       Because the Sepeta declaration fails to state whether DHS determined that the Office of

Intelligence and Analysis was the only component with a record system that was reasonably

likely to contain records responsive to Hillier’s request, the declaration lacks sufficient detail for

the Court to determine whether DHS’s search was adequate. The Court will therefore deny

without prejudice the defendants’ motion for summary judgment with respect to the search

conducted by DHS.

       Hillier’s other challenges to the search of DHS/ALL-031 are not compelling. Hillier

questions whether the DHS/ALL-031 record system was properly characterized as “under the


13
   Additionally, it appears that Hillier was required to submit separate Privacy Act requests to
search suspicious activity reports contributed by other participants in the Nationwide Suspicious
Activity Reporting Initiative. See Sepeta Decl. Ex. H at 2 (stating “[t]o the extent that Mr.
Hillier wants a search of SARs contributed by other NSI participants, he must make separate
requests”). The record does not reflect that he ever did that, although it is unclear whether that is
required for the 11 components Hillier identified or only applies to other agencies that participate
in the Nationwide Suspicious Activity Reporting Initiative.




                                                  27
purview” of the Office of Intelligence and Analysis as the Privacy Office stated in the March 19,

2012 letter to Hillier. Pl.’s Opp’n Br. at 9. Wrapped into this argument is Hillier’s dispute about

Sepeta’s citation of 6 C.F.R. § 5.4 as the basis for referring his DHS/ALL-031 request to the

Office of Intelligence and Analysis. Id. That regulation states that “the component that first

receives a request for a record and maintains that record is the component responsible for

responding to the request” unless the request was misdirected to that component or a component

determines the records originated at another component or the information was provided by

another component or is of substantial interest to another component. 6 C.F.R. §§ 5.4(a), (c), (d).

These points culminate with Hillier alleging that the FOIA Program Specialist who signed the

March 19, 2012 letter to Hillier was “lying” about the agency’s rationale for referring Hillier’s

DHS/ALL-031 request to the Office of Intelligence and Analysis. Pl.’s Opp’n Br. at 13–14.

       It was reasonable for the Privacy Office’s FOIA Program Specialist to determine that

DHS/ALL-031 “falls under the purview of the DHS Office of Intelligence and Analysis,” Sepeta

Decl. Ex. E at 2, given that the DHS/ALL-031 system is a subset of DHS/IA-001, a

comprehensive record system over which the Office of Intelligence and Analysis has control, see

id. ¶ 22. Furthermore, 6 C.F.R. § 5.4(a) makes clear that a component that first receives a

request for records is responsible for responding to the request if it “maintains that record.”

There is no evidence that DHS’s Privacy Office “maintains” records in DHS/ALL-031, in which

case it was appropriate for that component to forward the request to a component that did

maintain such records. Notably too, 6 C.F.R. § 5.4 provides that if a component determines that

it maintains responsive records that contain information of substantial interest to another

component, then “[t]he component may refer the responsibility for responding to the request or

portion of the request to the component . . . best able to determine whether to disclose the



                                                 28
relevant records.” 6 C.F.R. § 5.4(d)(3). The regulation goes on to state that “[o]rdinarily, the

component . . . that created or initially acquired the record will be presumed to be best able to

make the disclosure determination.” Id. Hillier offered the Court no reason to think that DHS’s

Privacy Office erred by referring his request to search DHS/ALL-031 to the Office of

Intelligence and Analysis given that there is no evidence that the Privacy Office maintains any

records in that system.

       C. Hillier’s Department of State Privacy Act Request

       Hillier’s final attempt to identify records about him was initiated by a January 19, 2012

Privacy Act request sent to the Department of State Director of Foreign Affairs Document and

Reference Center. 2d Am. Compl. Ex. 34 at 1; Stein Decl. ¶ 4, Dkt. 40-3. In that letter, Hillier

asks the Department of State to check whether it possesses any non-exempt records about Hillier

in the STATE-06 “Coordinator for the Combatting of Terrorism Records” (all record categories)

record system. 2d Am. Compl. Ex. 34 at 1; Stein Decl. ¶ 4, Dkt. 40-3. Hillier states that he

“believes that the Department of State may have records about [him] because [he] [was] an

American Citizen involved in terrorist incidents.” 2d Am. Compl. Ex. 34 at 1. Hillier supplies

the Department of State with his full legal name, another name he used in the past, his date and

place of birth, his social security number, and his then-current mailing address. Id. at 2. 14




14
   It appears from the record that Hillier’s January 19, 2012 letter to the Department of State was
returned to him, Stein Decl. ¶ 4, but at some point Hillier began corresponding with the
Department of State’s Office of Information Programs and Services. The Office of Information
Programs and Services later received Hillier’s request for STATE-06 records as an attachment to
subsequent correspondence with him. Id.




                                                 29
                 1. The Department of State’s Response

       The Department of State submits Eric F. Stein’s declaration describing the agency’s

response to Hillier’s Privacy Act request. Stein is the Department of State’s Director of the

Office of Information Programs and Services and the official responsible for responding to

records requests under the Privacy Act and FOIA. Stein Decl. ¶ 1, Dkt. 40-3. According to

Stein, the Department of State processes Privacy Act requests under both the Privacy Act and

FOIA. Id. ¶ 6.

       Stein states that he reviewed Hillier’s Privacy Act request and determined that the Bureau

of Counterterrorism and Countering Violent Extremism was the Department of State component

likely to have responsive documents “because [Hillier’s] request specifically referred to STATE-

06, and [the Bureau of Counterterrorism and Countering Violent Extremism] is the Department

component that would maintain any records described in STATE-06, ‘Coordinator for the

Combatting of Terrorism Records.’” Id. ¶ 9. Stein also determined that the Department of

State’s Retired Record Inventory Management System, “a searchable database that automates the

processing of records retired to the Records Service Center” was reasonably likely to have

responsive records. Id. Stein “concluded that no other offices or records systems were

reasonably likely to maintain documents responsive to [Hillier’s] request related to STATE-06.”

Id.

       According to Stein, the Bureau of Counterterrorism and Countering Violent Extremism

Director of the Office of Regional Affairs determined that the only bureau components

reasonably likely to have responsive records were the Office of South and Central Asia and the

Near East, and the Office of Africa, Europe, the Americas, and Asia. Id. ¶ 11. Stein explains

that these two offices “work on counterterrorism policy in individual countries, and all [bureau]
                                                30
records that reference an American involved with terrorist activities would pass through these

offices.” Id. In addition, “[a]ny American who had joined a terrorist organization or been

kidnapped by terrorists would also have had the attention of the office leadership in these two

offices.” Id.

       Three officials knowledgeable about Hillier’s Privacy Act request and the record systems

in these two offices searched both the unclassified and classified electronic files for records

relating to Hillier. Id. ¶ 12. The official who was a Program Analyst for the Office of Africa,

Europe, the Americas, and Asia “searched the unclassified and classified shared drives (a

collection of folders stored on a local network) used by both [the Office of South and Central

Asia and the Near East and the Office of Africa, Europe, the Americas, and Asia] to maintain

their electronic records, including archived emails stored in .pst files, using the following names

and other identifying information provided by Plaintiff: ‘Wynship Hillier,’ ‘Wynship West

Hillier,’ ‘Mabon Rainsong,’ ‘Mabon Clearwater Rainsong,’ and Mr. Hillier’s Social Security

number.” Id. In addition, the Deputy Office Director of the Office of South and Central Asia

and the Near East and the Office Director for the Office of Africa, Europe, the Americas, and

Asia “searched their unclassified and classified email records and individual drives using the

search terms: ‘Wynship Hillier,’ ‘Wynship West Hillier,’ ‘Mabon Rainsong,’ ‘Mabon Clearwater

Rainsong,’ and Mr. Hillier’s Social Security number.” Id. Stein states that “[n]o date

restrictions were applied to these searches,” id., and no responsive records were found, id. ¶ 13.

Stein further explains that “[a]ll files are maintained electronically, so a search of these record

systems would have located any responsive records.” Id. ¶ 12.

       Addressing the Retired Records Inventory Management System, Stein describes the

system as a “searchable database that automates the processing of records retired to the Records



                                                  31
Service Center and tracks the status of all boxes received” at the center. Id. ¶ 14. Stein states

that both the full text and the metadata of records in the “retired file manifests” are searchable.

Id. He explains that “retired file manifests serve as an index of the contents of retired paper files

and are used to direct a researcher to particular file folders or documents in retired file boxes.”

Id. Stein notes, however, that “[o]n occasion, manifests do not contain sufficient detail to

indicate the exact contents maintained under a given subject, so once a potentially responsive

box is located, the entire contents of the box must be searched manually.” Id.

       According to Stein, an Office of Information Programs and Services Information

Specialist who was knowledgeable about FOIA and the Retired Records Inventory Management

System searched the system using the terms “counterterrorism” or “CT.” Id. ¶ 15. The search

covered the time period from January 1, 2007 through the date of the search. Id. The 2007 date

was derived from Hillier’s statement that he was involved in terrorist incidents since 2007. Id.

The Office of Information Programs and Services “determined that these search terms would

locate any records during the time frame that were covered by STATE-06.” Id. Stein states that

the search located “[n]o retired file manifests for CT for the relevant time period.” Id. The

Information Specialist also searched all the system records using the terms “Hillier,” “Wynship,”

or “Rainsong,” but “[n]o relevant retired file manifests indicating the existence of records

regarding [Hillier] were located.” Id.

       By letter dated January 13, 2017, the Office of Information Programs and Services

advised Hillier that professional employees in the Department of State’s Bureau of

Counterterrorism and Countering Violent Extremism who are familiar with the content and

organization of the agency’s non-exempt records conducted a thorough search of records in

STATE-06 and found no records about him. Id. Ex. 1.



                                                 32
               2. Adequacy of the Department of State’s Searches

        Stein’s declaration explains the scope of the Department of State’s search, which was

defined by Hillier’s request for records about him in the STATE-06 system. Stein identifies the

methodology deployed to identify the record systems reasonably likely to have responsive

records and the timeframe that was applied. The declaration also identifies who performed the

searches, the search terms that were used, and the type of searches that were performed. See

Steinberg, 23 F.3d at 552.

       Hillier raises a series of objections to the Stein declaration, Pl.’s Opp’n Br. at 3–5, 16–18,

none of which the Court finds convincing. First, Hillier contends that the declaration is deficient

because it does not state that it was based on personal knowledge. But Hillier is mistaken. The

first paragraph of the declaration states “I make the following statements based upon my

personal knowledge, including information furnished to me in the course of my official duties.”

Stein Decl. ¶ 1. Stein also states that he is “familiar with the efforts of Department personnel to

process the Privacy Act request” and “in charge of coordinating the agency’s search efforts with

respect to [Hillier’s] request.” Id. Stein’s declaration therefore demonstrates his personal

knowledge of the procedures used in handling requests and his familiarity with the documents in

question. See Barnard, 598 F. Supp. 2d at 19.

       Second, Hillier claims that the Stein declaration is deficient because the Director of the

Office of Regional Affairs relied on hearsay to determine that only the Office of South and

Central Asia and the Near East and the Office of Africa, Europe, the Americas and Asia were

reasonably likely to maintain responsive records. But “courts in this jurisdiction have long held

that [agency] declarants may rely on ‘information they have obtained in the course of their

official duties.’” Canning v. U.S. Dep’t of State, 134 F. Supp. 3d 490, 510 (D.D.C. 2015)

(quoting Barnard, 598 F. Supp. 2d at 19); Cucci v. DEA, 871 F. Supp. 508, 513 (D.D.C. 1994);
                                                 33
Inst. for Policy Studies v. CIA, 885 F. Supp. 2d 120, 133 (D.D.C. 2012)). Thus, “declarations

that contain hearsay in recounting searches for documents are generally acceptable.” Gov’t

Accountability Project v. DOJ, 852 F. Supp. 2d 14, 23 (D.D.C. 2012) (internal quotation and

alteration marks omitted).

       Third, Hillier claims that the Stein declaration does not adequately explain why the

Office of South and Central Asia and the Near East and the Office of Africa, Europe, the

Americas and Asia were the only components that were likely to have responsive records. The

Court disagrees. Stein explained that the Office of Information Programs and Services

determined that CT was the component that maintains records in STATE-06, the system Hillier

requested be searched. Stein Decl. ¶¶ 4, 9. The Director of Regional Affairs in CT further

determined that the Office of South and Central Asia and the Near East and the Office of Africa,

Europe, the Americas and Asia were the “only CT components reasonably likely to maintain

responsive records” because “all CT records that reference an American involved with terrorist

activities would pass through these offices.” Id. ¶ 11. As noted, Hillier identified himself as

someone believed to be involved in terrorist incidents. 2d Am. Compl. Ex. 34 at 1. Thus, it was

reasonable for the agency to conduct searches in systems used by the components through which

all records referencing Americans involved with terrorism would pass.

       Fourth, Hillier argues that Stein’s declaration is defective because paragraph 10 of the

declaration states that CT maintains records about American citizens involved in terrorist

incidents overseas or who have been captured by a terrorist organization. According to Hillier,

that statement is inconsistent with a Department of State publication that indicates that the

system of records includes American citizens involved in terrorist incidents “vel non.” Pl.’s

Opp’n Br. at 17. Hillier also claims that Stein’s statement that all STATE-06 records are



                                                34
electronic, Stein Decl. ¶ 12, conflicts with a more than 40-year-old (1977) Department of State

System of Records Notice (SORN) that states “Storage: Hard copy,” see Pl.’s Opp’n Br. at 17

(quoting 42 Fed. Reg. 49702). Neither of these alleged inconsistencies, however, create a

genuine issue of material fact because they are irrelevant to the question of whether the

Department of State conducted a search reasonably calculated to uncover Hillier’s requested

records. See Anderson, 477 U.S. at 248 (“Only disputes over facts that might affect the outcome

of the suit under the governing law will properly preclude the entry of summary judgment.

Factual disputes that are irrelevant or unnecessary will not be counted.”).

       Finally, Hillier argues that the Department of State acted in bad faith by delaying its

responses to his requests. It is well established, however, that “delays in responding to a FOIA

request are rarely, if ever, grounds for discrediting later affidavits by the agency.” Iturralde v.

Comptroller of Currency, 315 F.3d 311, 315 (D.C. Cir. 2003). 15 The delays alleged here do not

undermine the Stein declaration. Because the declaration is sufficiently detailed to conclude that

the Department of State made a good faith effort to search for the records Hillier requests using

methods that can reasonably be expected to produce the information requested, the Court finds

that the agency’s searches were adequate. See Oglesby, 920 F.2d at 68.

                                          CONCLUSION

       For the foregoing reasons, defendants’ Motion for Summary Judgment, Dkt. 40, will be

granted in part with respect to the CIA and Department of State and denied in part without

prejudice with respect to DHS. Hillier’s Motion for Partial Summary Judgment Against




15
  Hillier originally made allegations of bad faith against the CIA, see Pl.’s Opp’n Br. at 45–46,
but appears to have abandoned those allegations, see Pl.’s Am. Opp’n Br. at 45-46 (attached as
Ex. 85 to Pl.’s Mot. to Amend, Dkt. 55). Regardless, the Court would reject any such challenge
for the reasons stated here.
                                                 35
Defendant United States Department of Homeland Security, Dkt. 41, will be denied without

prejudice because, without more detail about whether DHS determined that the Office of

Intelligence and Analysis was the only component with a record system that was reasonably

likely to contain responsive records, the Court is unable to conclude one way or the other

whether the search was reasonable, in which case neither party can prevail at this juncture. The

Court will deny Hillier’s Cross-Motion for Partial Summary Judgment Against the Central

Intelligence Agency and United States Department of State, Dkt. 48, because the Court holds

that the searches conducted by those agencies were reasonable and the CIA’s Glomar response

was compliant with both the Privacy Act and FOIA. Hillier ably raised numerous arguments

throughout the litigation of his Privacy Act requests and his remaining motions are addressed in

the accompanying order.



                                                     _________________________
                                                     DABNEY L. FRIEDRICH
                                                     United States District Judge

September 12, 2018




                                               36
