                             UNITED STATES DISTRICT COURT
                             FOR THE DISTRICT OF COLUMBIA

 AGILITY PUBLIC WAREHOUSING
 COMPANY K.S.C.,

                        Plaintiff,                          Civil Action No. (BAH) 14-0946

                        v.                                  Judge Beryl A. Howell

 NATIONAL SECURITY AGENCY,

                        Defendant.


                                     MEMORANDUM OPINION

       The plaintiff, Agility Public Warehousing Company K.S.C., brings suit against the

National Security Agency (“NSA”), pursuant to the Freedom of Information Act (“FOIA”), 5

U.S.C. § 552. As part of its FOIA request, the plaintiff sought “all [of the] email, letter,

telephonic, or other communications” of the plaintiff in the NSA’s possession. See Compl. ¶ 11,

ECF No. 1. Relying on information leaked to the media regarding various classified NSA

communication collection programs, the plaintiff argues that the NSA “indiscriminately

collect[s] millions of telephone and email communications” from U.S. citizens and therefore

maintains records of the plaintiff’s historical communications. See Pl.’s Mem. Supp. Cross-Mot.

Summ. J. (“Pl.’s Mem.”) at 1, ECF No. 19-1. The NSA, however, issued a “Glomar” response—

neither confirming nor denying the existence of records responsive to the plaintiff’s request.

       The plaintiff challenges the NSA’s provision of a “Glomar” response regarding the

requested documents as well as the adequacy of the NSA’s search efforts for certain other

requested documents. Now pending before the Court are the parties’ cross motions for summary

judgment. For the reasons stated below, the NSA’s motion for summary judgment is granted and

the plaintiff’s cross-motion for summary judgment is denied.
                                                  1
I.      BACKGROUND

        A.       The Plaintiff’s FOIA Request

        The plaintiff is a Kuwaiti logistics company that provided food to U.S. troops stationed in

Iraq, Kuwait, Qatar, and Jordan from 2003 through 2010, as part of a series of contracts with the

Defense Logistics Agency. Compl. ¶ 3. On November 9, 2009, the plaintiff was indicted in the

Northern District of Georgia on charges of conspiracy to defraud the United States in violation of

18 U.S.C. § 371, major fraud against the United States in violation of 18 U.S.C. § 1031, and wire

fraud in violation of 18 U.S.C. § 1343, stemming from the plaintiff’s provision of goods under

these contracts. The charges remain pending. See United States v. The Public Warehousing Co.,

K.S.C., No. 1:09-CR-490 (N.D. Ga. 2009). The plaintiff was also sued in that same court for

violations of the False Claims Act, 31 U.S.C. 3729 et seq., which violations likewise stem from the

plaintiff’s provision of goods to U.S. soldiers. See United States ex rel. Kamal Mustafa Al-Sultan v.

The Public Warehousing Company, K.S.C., No. 1:05-CV-2968 (N.D. Ga. 2005).1 In defending

against these civil and criminal charges, the plaintiff “makes extensive use of email and telephone

communications” to communicate from Kuwait with its U.S.-based attorneys at Skadden, Arps,

Slate, Meagher & Flom LLP (“Skadden”). Decl. of Emily L. Aviad ¶ 9 (“Pl.’s Aviad Decl.”), ECF

No. 19-3. Skadden was a “customer of Verizon Business Network Services from 2010 through the

first quarter of 2014.” 2 See Suppl. Decl. of Emily L. Aviad ¶ 2 (“Pl.’s Aviad Suppl. Decl.”), ECF

No. 26-1.

        On December 19, 2013, the plaintiff submitted a FOIA request to the NSA seeking seven

categories of documents: (1) “all email, letter, telephonic, or other communications” by the


1
  The civil case has been administratively closed pending an order from the Kuwaiti High Court of Appeals
regarding whether the plaintiff was properly served as a defendant in that case. See Public Warehousing Company,
No. 1:05-CV-2968 (N.D. Ga. 2005).
2
  The plaintiff has not specified whether Verizon Business Network Services provided both telephonic and internet
services, only that it was a customer. See Pl.’s Aviad Suppl. Decl ¶ 2.

                                                        2
plaintiff; (2) the name of any U.S. or foreign communications provider that intercepted the

plaintiff’s communications; (3) documents relating to two contracts between the plaintiff and

Defense Supply Center Philadelphia; (4) documents relating to the two lawsuits brought against

the plaintiff in the Northern District of Georgia; (5) all communications between the NSA and

any other investigative or law enforcement agency regarding the plaintiff; (6) documents

pertaining to meetings among employees or contractors of any of the Department of Justice, the

Office of the Director of National Intelligence, and the NSA regarding the plaintiff; and (7)

documents pertaining to meetings between employees or contractors of the NSA and employees

or contractors of the Federal Bureau of Investigation, the Central Intelligence Agency, the

Department of Defense, and the Department of Homeland Security, relating to the plaintiff.

Compl. ¶ 11.

       Although the plaintiff and the NSA exchanged communications clarifying the scope of

the plaintiff’s FOIA request, the NSA never provided a response to the plaintiff prior to this

litigation. Id. at ¶¶ 14–16. As a result, the plaintiff appealed to the NSA’s FOIA Appeal

Authority based on the NSA’s constructive denial of its FOIA request. Id. The NSA indicated

that processing of the plaintiff’s appeal would be based on a “first-in, first-out” policy, but over

the course of two months, the NSA never responded to the plaintiff. Id. at ¶¶ 17–19; Decl. of

David J. Sherman (“NSA’s Sherman Decl.”) at ¶ 24, ECF No. 18-2. As a result, the plaintiff

filed the instant action. See generally Compl.

       After the initiation of litigation, the Chief of NSA’s FOIA/Privacy Act Office provided

the plaintiff with a letter purporting to be a final response to the plaintiff’s FOIA request. See

NSA’s Sherman Decl. ¶ 25. The NSA noted that, to the extent the plaintiff sought records

concerning the contracts and lawsuits mentioned in the plaintiff’s FOIA request, the NSA had



                                                  3
conducted a thorough search and was unable to locate any responsive records. Id. ¶ 27. As

detailed in two declarations, the NSA tasked “its Office of General Counsel, its acquisition

organization, and its logistics organization” to conduct the relevant searches. Id. The NSA

queried the records of the relevant organizations using variations of the plaintiff’s name as

specified in the plaintiff’s FOIA request—Agility Public Warehousing Company, Agility, and

the Public Warehousing Company—and the numbers for the relevant contracts. Supplemental

Decl. of David J. Sherman (“NSA’s Suppl. Sherman Decl.”) at ¶ 3, ECF No. 23-1. The NSA’s

filing systems contained memoranda, meeting minutes, reports, manuals, and other documents.

NSA’s Sherman Decl. ¶ 27. Within the Office of General Counsel, attorneys searched their

Microsoft Outlook email accounts while administrative personnel and paralegals searched the

organization’s litigation filings systems. Id. The NSA also searched the “contracting

management information system database,” which is maintained in support of the NSA’s

contracting activity. Id.

       In addition, the NSA’s response informed the plaintiff that, to the extent the plaintiff’s

FOIA request called for intelligence information, the NSA could not confirm or deny the

existence of any such records as their existence or non-existence is protected by FOIA

Exemptions 1 and 3. See id. ¶ 26. The NSA’s “foreign intelligence mission includes the

responsibility to collect, process, analyze, produce and disseminate signals intelligence

(‘SIGINT’) information, of which communications intelligence (‘COMINT’) is a significant

subset, for foreign intelligence and counterintelligence purposes to support national and

departmental missions to include the conduct of military operations.” Id. ¶ 5. In light of its

mission, the NSA determined that “[a]cknowledging the existence or non-existence of responsive

records on particular individuals or organizations subject to surveillance would provide . . .



                                                 4
adversaries with critical information about the capabilities and limitations” of the NSA and its

operations. Id. ¶ 33. Likewise, “[c]onfirmation by NSA that a specific person’s or

organization’s activities are not of foreign intelligence interest or that NSA is unsuccessful in

collecting foreign intelligence information on their activities” would undermine the NSA’s

mission and permit adversaries to “accumulate information and draw conclusions about NSA’s

technical capabilities, sources, and methods.” Id. As a result, the disclosure of such information

“could reasonably be expected to cause exceptionally grave and irreparable damage to the

national security by providing . . . adversaries a road map that instructs them on which

communication modes or personnel remain safe or are successfully defeating NSA’s

capabilities.” Id. ¶34. Moreover, disclosure of such information would permit adversaries to

change their communications behavior or otherwise “alert targets that their existing means of

communications are potentially safe.” Id. Accordingly, the NSA did not confirm the existence

or non-existence of any such records.

       B.      The NSA’s Metadata Program

       Almost seven months before the plaintiff filed the FOIA request at issue, a United

Kingdom-based newspaper, The Guardian, published, on June 6, 2013, an article claiming that

the “National Security Agency is currently collecting the telephone records of millions of US

customers of Verizon, . . . under a top secret court order issued in April.” See Ex. 3, Pl.’s Aviad

Decl. (Glenn Greenwald, NSA collecting phone records of millions of Verizon customers daily,

The Guardian, June 6, 2013). The Guardian attached to the article a then-classified Foreign

Intelligence Surveillance Court (“FISC”) “Secondary Order,” dated April 25, 2013, which it had

obtained from a former U.S. government contractor, Edward Snowden. Id.; see also Ex. 4, Pl.’s

Aviad Decl. (In re Application of the FBI for an Order Requiring the Prod. of Tangible Things



                                                  5
From Verizon Bus. Network Servs., Inc., ex rel. MCI Commc'n Servs., Inc., d/b/a Verizon Bus.

Servs. (“Secondary Order”), No. BR 13–80 (F.I.S.C. Apr. 25, 2013)). The FISC Secondary

Order required Verizon Business Network Services to provide “on an ongoing daily basis . . . all

call detail records or ‘telephony metadata’ created by Verizon for communications (i) between

the United States and abroad; or (ii) wholly within the United States, including local telephone

calls.” Secondary Order at 2. Telephony metadata includes, inter alia, the originating and

terminating telephone number along with the time and duration of the call. 3 Telephony metadata

“does not include the substantive content of any communication . . . or the name, address, or

financial information of a subscriber or customer.” Id.

        In the aftermath of The Guardian’s disclosure, the government began to release details

regarding the telephony metadata program along with declassified and redacted copies of other

FISC orders. See Ex. 11, Pl.’s Aviad Decl. (Press Release, DNI Clapper Declassifies

Intelligence Community Documents Regarding Collection Under Section 501 of the Foreign

Intelligence Surveillance Act (FISA), Nov. 18, 2013). These disclosures reveal that since at least

May 2006, the FBI has sought orders from the FISC authorizing the bulk collection of telephony

metadata from U.S. telecommunications providers pursuant to Section 215 of the USA

PATRIOT Act, 50 U.S.C. § 1861. See In re Application of the Fed. Bureau of Investigation for

an Order Requiring the Production of Tangible Things from [Redacted], No. BR 06–05, at 2

(F.I.S.C. May 24, 2006); see also Ex. 7, Pl.’s Aviad Decl. (Declaration of Teresa H. Shea,

Signals Intelligence Director, NSA (“NSA’s Shea Decl.”), Smith v. Obama, No. 13-cv-0257 (D.

Idaho Jan. 24, 2013), ECF No. 15-2).



3
  Telephony metadata also includes other “session-identifying information,” such as the “International Mobile
Subscriber Identity (IMSI) number, International Mobile station Equipment Identity (IMEI) number . . . trunk
identifier, [and] telephone calling card numbers . . . .” Secondary Order at 2.

                                                         6
        Section 215 authorizes the FBI to “make an application for an order requiring the

production of any tangible things (including books, records, papers, documents, and other items)

for an investigation to obtain foreign intelligence information concerning a United States person

or to protect against international terrorism or clandestine intelligence activities . . . .” 50 U.S.C.

§ 1861. Under the program, the FBI seeks orders from the FISC “directing certain

telecommunications service providers to produce all business records created by them (known as

call detail records)” for a designated period of time. NSA’s Shea Decl. ¶ 14. “FISC orders must

be renewed every 90 days, and the program has therefore been renewed 41 times since May

2006.” Am. Civil Liberties Union v. Clapper, 785 F.3d 787, 796 (2d Cir. 2015). Once the

information is obtained from the telecommunications service providers, the “NSA . . . stores and

analyzes this information . . . and refers to the FBI information about communications . . . that

the NSA concludes have counterterrorism value, typically information about communications

between known or suspected terrorist operatives and persons located within the U.S.” NSA’s

Shea Decl. ¶ 16.

        Once collected from the telecommunications provider and stored in a secure database,

strict procedures govern the NSA’s access to and use of the collected telephony metadata.          See

In re Application of the FBI for an Order Requiring the Prod. of Tangible Things From

[REDACTED ], No. BR 13–80, 2013 WL 5460137 (F.I.S.C. Apr. 25, 2013) (“Primary Order”).

The government is only permitted to access the collected telephony metadata for the purposes set

forth in the Primary Order, which includes “purposes of obtaining foreign intelligence

information” and technical maintenance. See Primary Order at 2–3; NSA Shea Decl. ¶ 18. The

NSA may access the collected telephony metadata only by searching with a telephone number or

other “identifier,” that is associated with a foreign terrorist organization. NSA’s Shea Decl. ¶ 20–



                                                   7
21; Primary Order at 2–4. Before an identifier may be used, one of twenty-two designated

officials must determine that a “reasonable articulable suspicion” exists that the identifier is

associated with an international terrorist organization subject to an FBI investigation. NSA Shea

Decl. ¶ 21; Primary Order at 2–3. Where the identifier is reasonably believed to be used by a

U.S. person, such reasonable articulable suspicion may not be based solely upon protected First

Amendment activities. NSA’s Shea Decl. ¶ 21; Primary Order at 2. The reasonable articulable

suspicion requirement was intended to prevent the generalized browsing of data. NSA’s Shea

Decl. ¶ 20. The NSA must destroy all metadata no later than five years after the initial

collection. NSA’s Shea Decl. ¶ 31; Primary Order at 4.

       Before information pertaining to any U.S. person may be disseminated outside the NSA,

certain high-level officials “must determine that the information identifying the U.S. person is in

fact related to counterterrorism information and that it is necessary to understand the

counterterrorism information or assess its importance.” Primary Order at 3. The NSA may also

share the results from searches of the metadata with the Executive Branch in order to permit the

Executive Branch to determine if such “information contains exculpatory or impeachment

information or is otherwise discoverable in legal proceedings” or to “facilitate their lawful

oversight functions.” Primary Order at 3.

       Almost immediately following these revelations, individuals and public interest groups

filed numerous lawsuits throughout the country challenging the constitutional and statutory basis

for the program. See, e.g., Clapper, 785 F.3d 787; Smith v. Obama, 24 F. Supp. 3d 1005 (D.

Idaho 2014), No. 14–35555 (9th Cir. argued Dec. 8, 2014); Klayman v. Obama, 957 F. Supp. 2d

1 (D.D.C. 2013), No. 14–5004 (D.C. Cir. argued Nov. 4, 2014); Schuchardt v. Obama, 14-705

(W.D. Pa.); Paul v. Obama, 14-0262 (D.D.C.); First Unitarian Church of Los Angeles v. Nat’l



                                                  8
Sec. Agency, 13-3287 (N.D. Cal.). Additionally, in at least one other instance, a plaintiff has

sought records under FOIA that it believed to be in the possession of the NSA based on this bulk

collection of metadata. See Competitive Enter. Inst. v. Nat’l Sec. Agency, No. 14-975, 2015 WL

151465, at *1 (D.D.C. Jan. 13, 2015).

       C.      Other Data Collection Programs

       In addition to the NSA’s telephony metadata program, the NSA’s involvement in at least

three other classified programs concerning the bulk collection of communications are implicated

by the plaintiff’s claim. Under the Pen Register and Trap and Trace (“PR/TT”) program, the

government sought FISC orders permitting the collection from service providers of certain

electronic communications metadata, including the “to,” “from,” and “cc” lines of an email,

along with the time and date of an email. See Ex. 11, Pl.’s Aviad Decl (Press Release, Office of

the Director of National Intelligence, DNI Clapper Declassifies Additional Intelligence

Community Documents Regarding Collection Under Section 501 of the Foreign Intelligence

Surveillance Act, Nov. 18, 2013). Once collected, the information was stored in a secured

database. Id. The maintenance and searching of the collected database records was subject to

strict requirements similar to those set forth for the NSA’s telephony metadata program. Id. The

NSA has not acknowledged a partnership with any specific telecommunications provider

regarding the PR/TT program and the program has since been discontinued. See id.

       Similarly, media reports have also discussed what have been referred to as the NSA’s

PRISM collection and the “upstream collection” program. Under the PRISM program, the NSA

acquired electronic communications, including e-mails, directly from “compelled U.S.-based

providers,” such as Google, Apple, and Facebook. See Ex. 8, Pl.’s Aviad Decl. (Declassified

Declaration of Frances J. Fleisch, NSA (“NSA’s Fleisch Decl.”), at ¶ 38, Jewel v. Nat’l Sec.



                                                 9
Agency, No. 08-CV-04373 (N.D. Cal. May 5, 2014), ECF No. 227); Ex. 12, Pl.’s Aviad Decl.

(Glenn Greenwald & Ewan MacAskill, NSA Prism Program Taps into User Data of Apple,

Google, and Others, The Guardian, June 7, 2013). In the separate “upstream collection”

program, “the NSA collects electronic communications with the compelled assistance of

electronic communication service providers as they transit Internet ‘backbone’ facilities within

the United States.” NSA’s Fleisch Decl. ¶ 38; see [Redacted] Mem. Op., 2011 WL 10945618, at

*9 (FISC Oct. 3, 2011). Between these two programs, the NSA “acquires more than two

hundred fifty million Internet communications each year.” [Redacted] Mem. Op., 2011 WL

10945618, at *9. Like the PR/TT program, the NSA has not acknowledged the identity of any

service providers participating in either the PRISM or the upstream collection programs. See

Pl.’s Mem. at 24 (“[T]he NSA has not specifically named any telecommunications or Internet

service providers participating in its bulk electronic communications collections

programs . . . .”).

II.     LEGAL STANDARD

        Congress enacted the FOIA as a means “to open agency action to the light of public

scrutiny.” Am. Civil Liberties Union v. U.S. Dep’t of Justice, 750 F.3d 927, 929 (D.C. Cir. 2014)

(quoting Dep’t of Air Force v. Rose, 425 U.S. 352, 361 (1976)). Disclosure is the “‘basic

policy’” of the Act. Citizens for Responsibility & Ethics in Washington v. U.S. Dep’t of Justice

(CREW), 746 F.3d 1082, 1088 (D.C. Cir. 2014) (quoting Dep’t of Interior v. Klamath Water

Users Protective Ass’n, 532 U.S. 1, 8 (2001). At the same time, the statute represents a “balance

[of] the public’s interest in governmental transparency against legitimate governmental and

private interests that could be harmed by release of certain types of information.” United Techs.

Corp. v. U.S. Dep’t of Def., 601 F.3d 557, 559 (D.C. Cir. 2010) (internal quotation marks and



                                                10
citations omitted). Reflecting that balance, the FOIA contains nine exemptions set forth in 5

U.S.C. § 552(b), which “are explicitly made exclusive and must be narrowly construed.” Milner

v. U.S. Dep’t of Navy, 562 U.S. 562, 565 (2011) (internal quotations and citations omitted)

(citing FBI v. Abramson, 456 U.S. 615, 630 (1982)); see CREW, 746 F.3d at 1088; Pub. Citizen,

Inc. v. Ofc. of Mgmt. and Budget, 598 F.3d 865, 869 (D.C. Cir. 2010). “[T]hese limited

exemptions do not obscure the basic policy that disclosure, not secrecy, is the dominant objective

of the Act.” Am. Civil Liberties Union v. U.S. Dep’t of Justice (ACLU/DOJ), 655 F.3d 1, 5 (D.C.

Cir. 2011) (quoting Nat’l Ass’n of Home Builders v. Norton, 309 F.3d 26, 32 (D.C. Cir. 2002)).

       The agency invoking an exemption to the FOIA “bears the burden of showing that a

claimed exemption applies.” Elec. Frontier Found. v. U.S. Dep’t of Justice, 739 F.3d 1, 7 (D.C.

Cir. 2014); see also CREW, 746 F.3d at 1088; Loving v. U.S. Dep’t of Def., 550 F.3d 32, 37

(D.C. Cir. 2008); Assassination Archives & Research Ctr. v. CIA, 334 F.3d 55, 57 (D.C. Cir.

2003). In order to carry this burden, an agency must submit sufficiently detailed affidavits or

declarations, a Vaughn index of the withheld documents, or both, to demonstrate that the

government has analyzed carefully any material withheld, to enable the court to fulfill its duty of

ruling on the applicability of the exemption, and to enable the adversary system to operate by

giving the requester as much information as possible, on the basis of which he can present his

case to the trial court. See DeBrew v. Atwood, No. 12-5361, 2015 WL 3949421, at *2 (D.C. Cir.

June 30, 2015); see also CREW, 746 F.3d at 1088 (“The agency may carry that burden by

submitting affidavits that ‘describe the justifications for nondisclosure with reasonably specific

detail, demonstrate that the information withheld logically falls within the claimed exemption,

and are not controverted by either contrary evidence in the record nor by evidence of agency bad

faith.’” (quoting Larson v. U.S. Dep’t of State, 565 F.3d 857, 862 (D.C. Cir. 2009)); Oglesby v.



                                                11
U.S. Dep’t of the Army, 79 F.3d 1172, 1176 (D.C. Cir. 1996) (“The description and explanation

the agency offers should reveal as much detail as possible as to the nature of the document,

without actually disclosing information that deserves protection . . . [which] serves the purpose

of providing the requestor with a realistic opportunity to challenge the agency’s decision.”).

       The FOIA provides federal courts with the power to “enjoin the agency from withholding

agency records and to order the production of any agency records improperly withheld from the

complainant.” 5 U.S.C. § 552(a)(4)(B). Moreover, a district court has an “affirmative duty” to

consider whether the agency has produced all segregable, non-exempt information. Elliott v.

U.S. Dep’t of Agric., 596 F.3d 842, 851 (D.C. Cir. 2010) (referring to court’s “affirmative duty to

consider the segregability issue sua sponte” (quoting Morley v. CIA, 508 F.3d 1108, 1123 (D.C.

Cir. 2007))); Stolt-Nielsen Transp. Grp. Ltd. v. United States, 534 F.3d 728, 733-735 (D.C. Cir.

2008) (“‘[B]efore approving the application of a FOIA exemption, the district court must make

specific findings of segregability regarding the documents to be withheld.’” (quoting Sussman v.

U.S. Marshals Serv., 494 F.3d 1106, 1116 (D.C. Cir. 2007))); see also 5 U.S.C. § 552(b) (“Any

reasonably segregable portion of a record shall be provided to any person requesting such record

after deletion of the portions which are exempt under this subsection.”).

       Summary judgment is appropriate when “there is no genuine dispute as to any material

fact.” Fed. R. Civ. P. 56. “In FOIA cases, ‘[s]ummary judgment may be granted on the basis of

agency affidavits if they contain reasonable specificity of detail rather than merely conclusory

statements, and if they are not called into question by contradictory evidence in the record or by

evidence of agency bad faith.’” Judicial Watch, Inc. v. U.S. Secret Serv., 726 F.3d 208, at 215

(D.C. Cir. 2013) (quoting Consumer Fed’n of Am. v. U.S. Dep’t of Agric., 455 F.3d 283, 287

(D.C. Cir. 2006) and Gallant v. NLRB, 26 F.3d 168, 171 (D.C. Cir. 1994)). “Ultimately, an



                                                12
agency’s justification for invoking a FOIA exemption is sufficient if it appears ‘logical’ or

‘plausible.’” Judicial Watch, Inc. v. U.S. Dep’t of Def., 715 F.3d 937, 941 (D.C. Cir. 2013)

(quoting Am. Civil Liberties Union v. U.S. Dep’t of Def. (ACLU/DOD), 628 F.3d 612, 619 (D.C.

Cir. 2011)); Larson v. U.S. Dep’t of State, 565 F.3d 857, 862 (D.C. Cir. 2009) (quoting Wolf v.

CIA, 473 F.3d 370, 374-75 (D.C. Cir. 2007)).

III.    DISCUSSION

        In the present case, “to the extent [the] plaintiff’s [FOIA] request sought surveillance or

other intelligence records, or communications about such records,” the NSA issued the plaintiff a

so-called “Glomar” response, which neither confirmed nor denied the existence of records

relevant to the plaintiff’s request. 4 Mem. Supp. Def.’s Mot. Summ. J. (“Def.’s Mem.”). at 1,

ECF No. 18-1. The Glomar response covered all documents sought by the plaintiff, except for

those documents “concerning the government contracts and criminal and civil lawsuits specified

by and involving plaintiff, or communications concerning those contracts and court cases.” 5 Id.

With respect to the plaintiff’s request for documents concerning lawsuits and contracts, the NSA

searched for but found no responsive documents. The plaintiff challenges both the NSA’s

Glomar response and the adequacy of the NSA’s search for responsive documents. Each of those

challenges is addressed separately below.




4
  Glomar responses are “named for the Hughes Glomar Explorer, a ship used in a classified Central Intelligence
Agency project ‘to raise a sunken Soviet submarine from the floor of the Pacific Ocean to recover the missiles,
codes, and communications equipment onboard for analysis by United States military and intelligence experts.’”
Roth v. U.S. Dep’t of Justice, 642 F.3d 1161, 1171 (D.C. Cir. 2011) (quoting Phillippi v. CIA, 655 F.2d 1325, 1327
(D.C.Cir.1981)).
5
  As noted above, such materials refer primarily to categories 3 and 4 of the plaintiff’s request, which sought
documents relating to two contracts between the plaintiff and Defense Supply Center Philadelphia and documents
relating to the two lawsuits brought against the plaintiff in the Northern District of Georgia. Compl. ¶ 11.

                                                        13
       A.      The NSA’s Glomar Response

       A Glomar response is “an exception to the general rule that agencies must acknowledge

the existence of information responsive to a FOIA request and provide specific, non-conclusory

justifications for withholding that information.” Roth v. U.S. Dep’t of Justice, 642 F.3d 1161,

1178 (D.C. Cir. 2011). Thus, a Glomar response allows an agency to respond to a FOIA request

by neither confirming nor denying the existence of any records responsive to the request, on the

grounds that “confirming or denying the existence of records would itself ‘cause harm

cognizable under a[ ] FOIA exception.’” Id. (quoting Wolf, 473 F.3d at 374). In issuing a

Glomar response, the agency bears the burden of showing that the mere acknowledgement of

whether it possesses or does not possess the requested records is protected from disclosure under

a FOIA exemption. See Wolf, 473 F.3d at 374. To determine whether the acknowledgement of

the existence or non-existence of agency records “fits a FOIA exemption, courts apply the

general exemption review standards established in non-Glomar cases.” Wolf, 473 F.3d at 374

(citing Gardels v. CIA, 689 F.2d 1100, 1103–05 (D.C. Cir. 1982)); see also Am. Civil Liberties

Union v. CIA (ACLU/CIA), 710 F.3d 422, 426 (D.C. Cir. 2013).

       A Glomar response may be challenged in two distinct but related ways. A plaintiff may

challenge the agency’s assertion that confirming or denying the existence of any records would

result in a cognizable harm under a FOIA exemption. See, e.g., People for the Ethical Treatment

of Animals v. Nat’l Institutes of Health, 745 F.3d 535, 540 (D.C. Cir. 2014); Elec. Privacy Info.

Ctr. v. Nat’l Sec. Agency (EPIC/NSA), 678 F.3d 926, 932 (D.C. Cir. 2012); Roth, 642 F.3d at

1172. Alternatively, or in addition, a plaintiff may demonstrate that the agency has “officially

acknowledged” the existence of a requested record previously. See, e.g., ACLU/CIA, 710 F.3d at

427 (“[T]he plaintiff can overcome a Glomar response by showing that the agency has already



                                                14
disclosed the fact of the existence (or nonexistence) of responsive records, since that is the

purportedly exempt information that a Glomar response is designed to protect.”); Moore v. CIA,

666 F.3d 1330, 1333 (D.C. Cir. 2011) (“Moore does not challenge the CIA’s reliance on

exemptions (b)(1) and (b)(3) . . . . [but instead], Moore argues that the CIA has officially

acknowledged that it maintains information responsive to Moore's FOIA request . . . .”); Wolf,

473 F.3d at 378 (“Although the CIA properly invoked Exemptions 1 and 3, Wolf asserts that the

Agency waived both of them by officially acknowledging the existence of records . . . .”). The

official acknowledgment doctrine recognizes that, in certain circumstances, the agency may have

waived its right to claim a FOIA exemption over the existence or non-existence of the records.

See ACLU/CIA, 710 F.3d at 426 (“[W]hen an agency has officially acknowledged otherwise

exempt information through prior disclosure, the agency has waived its right to claim an

exemption with respect to that information.”).

       The plaintiff asserts both bases to overcome the NSA’s Glomar response. See Pl.’s Mem.

at 27 (“Even if the Court were to find that the information that [the plaintiff] seeks is properly

protected under the exemptions (which it is not), . . . the NSA’s official acknowledgements over

the last 18 months regarding its bulk collection programs . . . override even valid exemption

claims.”). The Court first addresses the propriety of the NSA’s invocation of Exemptions 1 and

3 for its Glomar response before turning to the plaintiff’s argument that the NSA has officially

acknowledged the requested records.

               1.      The NSA Properly Invoked Exemptions 1 and 3.

       The NSA grounds its Glomar response in Exemptions 1 and 3 of the FOIA statute. See

Def.’s Mem. at 9. Although the plaintiff expressly challenges the propriety of the NSA’s




                                                 15
invocation of Exemptions 1 and 3 for purposes of its Glomar response, the plaintiff devotes only

two brief paragraphs of the more than 55 pages of briefing to this argument, and for good reason.

       “In reviewing an agency’s Glomar response, this Court exercises caution when the

information requested ‘implicat[es] national security, a uniquely executive purview.’”

EPIC/NSA, 678 F.3d at 931 (quoting Ctr. for Nat’l Sec. Studies v. U.S. Dep’t of Justice, 331 F.3d

918, 926–27 (D.C. Cir. 2003)). “[A]n agency’s justification for invoking a FOIA exemption is

sufficient if it appears ‘logical’ or ‘plausible.’” Wolf, 473 F.3d at 374–75 (internal citations

omitted). In the present case, the NSA invokes both Exemption 1 and Exemption 3 to support its

Glomar response. Exemption 1 covers “matters ‘specifically authorized under criteria

established by an Executive order to be kept secret in the interest of national defense or foreign

policy and . . . in fact properly classified pursuant to such Executive order.’” Larson v. U.S.

Dep’t of State, 565 F.3d 857, 861 (D.C. Cir. 2009) (quoting 5 U.S.C. § 552(b)(1)). Exemption 3

covers “matters ‘specifically exempted from disclosure by statute,’ provided that such statute

leaves no discretion on disclosure or ‘establishes particular criteria for withholding or refers to

particular types of matters to be withheld.’” Id. (quoting 5 U.S.C. § 552(b)(3)). “[I]n the FOIA

context, [the D.C. Circuit has] consistently deferred to executive affidavits predicting harm to the

national security, and . . . found it unwise to undertake searching judicial review.” Ctr. for Nat’l

Sec. Studies, 331 F.3d at 927.

       Exemption 1 protects from disclosure records that are “(A) specifically authorized under

criteria established by an Executive order to be kept secret in the interest of national defense or

foreign policy, and (B) are in fact properly classified pursuant to such an Executive order.” 5

U.S.C. § 552(b)(1); see Milner v. U.S. Dep’t of Navy, 562 U.S. 562, 580 (2011) (noting that

among the “tools at hand to shield national security information and other sensitive materials,”



                                                  16
the government has “[m]ost notably, Exemption 1 of FOIA [which] prevents access to classified

documents.”). Thus, an agency attempting to withhold information under Exemption 1 must

show that the information has been classified in compliance with the classification procedures set

forth in the relevant executive order and that only information conforming to the executive

order’s substantive criteria for classification has been withheld. See Judicial Watch, 715 F.3d at

941 (discussing “substantive and procedural criteria for classification”); Lesar v. Dep’t of

Justice, 636 F.2d 472, 483 (D.C. Cir. 1980) (“To be classified properly, a document must be

classified in accordance with the procedural criteria of the governing Executive Order as well as

its substantive terms.”)).

       In this case, the NSA has sufficiently established that the existence or non-existence of

responsive records is classified under Executive Order (“E.O.”) 13,526. This E.O. sets forth four

requirements for the classification of national security information: (1) an original classification

authority must classify the information; (2) the U.S. Government must own, produce, or control

the information; (3) the information must be within at least one of eight protected categories

enumerated in section 1.4 of the E.O.; and (4) the original classification authority must determine

that the unauthorized disclosure of the information reasonably could be expected to result in a

specified level of damage to the national security, and the classification authority is able to

identify or describe the damage. See E.O. 13526 § 1.1(a).

       The NSA avers that “[a]cknowledgement of the existence or non-existence of intelligence

information referencing Plaintiff would reveal information that is currently and properly

classified as set forth in Section 1.4(c) of E.O 13,526,” which covers “intelligence sources [or]

methods.” NSA Sherman Decl. ¶ 31. Specifically, “[a]cknowledging the existence or non-

existence of responsive records on particular individuals or organizations subject to surveillance



                                                 17
would provide . . . adversaries with critical information about the capabilities and limitations of

the NSA . . . .” NSA’s Sherman Decl. ¶ 33. As set forth in the NSA’s declaration,

“[c]onfirmation by NSA that a specific person’s or organization’s activities are not of foreign

intelligence interest or that NSA is unsuccessful in collecting foreign intelligence information on

their activities” would undermine the NSA’s mission and permit adversaries to “accumulate

information and draw conclusions about NSA’s technical capabilities, sources, and methods.”

Id. Such information would permit adversaries to change their communications behavior or

otherwise “alert targets that their existing means of communications are potentially safe.” Id. ¶

34. As a result, disclosure “could reasonably be expected to cause exceptionally grave and

irreparable damage to the national security by providing . . . adversaries a road map that

instructions them on which communication modes or personnel remain safe or are successfully

defeating NSA’s capabilities.” Id.

         The plaintiff challenges whether the acknowledgment of the existence or non-existence

of the requested records would implicate intelligence sources and methods and would otherwise

cause national harm. According to the plaintiff, “the bulk data collection programs under which

the NSA obtained the information [the plaintiff] seeks sweep up not just the communications

data of individuals that the NSA has specifically targeted, but rather, the data of millions of

people whose communications cross the United States border, whether those people are targets

of the NSA or not.”6 Pl.’s Mem. at 27. As a result, “the mere fact that the NSA possesses

information regarding [the plaintiff’s] communications would not reveal anything about [the

plaintiff’s] status as a target, thus keeping the NSA’s ‘intelligence sources and methods’ intact.”

Id. In other words, because the NSA collects everything, disclosure would reveal nothing.


6
  The plaintiff does not challenge that the materials were classified by an individual with classification authority or
that the NSA controls the materials. See Pl.’s Mem. at 26–27.

                                                           18
       A variant of the plaintiff’s argument was considered and rejected in Competitive

Enterprise Institute v. National Security Agency, 2015 WL 151465, at *10, a case that also

considered the NSA’s issuance of a Glomar response in the context of documents allegedly

maintained as a result of the bulk collection of telephony metadata. In Competitive Enterprise

Institute, the Court expressly rejected the argument “that because the agency has admitted

collecting the records in bulk, it would not reveal important intelligence information to

acknowledge that EPA officials’ calls were swept up in the collection.” Id. The court reasoned

that “were the agency required to confirm or deny the existence of records for specific

individuals, it would begin to sketch the contours of the program, including, for example, which

providers turn over data and whether the data for those providers is complete.” Id. Indeed, the

D.C. Circuit has cautioned, “‘the fact that some information resides in the public domain does

not eliminate the possibility that further disclosures can cause harm to intelligence sources,

methods and operations.’” ACLU/DOD, 628 F.3d at 625 (quoting Fitzgibbon v. CIA, 911 F.2d

755, 766 (D.C. Cir. 1990)). “Minor details of intelligence information may reveal more

information than their apparent insignificance suggests because, ‘much like a piece of jigsaw

puzzle, [each detail] may aid in piecing together other bits of information even when the

individual piece is not of obvious importance in itself.’” Larson, 565 F.3d at 864 (quoting

Gardels, 689 F.2d at 1106). Just as in Competitive Enterprise Institute, the Court finds the

NSA’s explanation regarding the classification and potential national harm to be both “logical”

and “plausible.” See Competitive Enter. Inst., 2015 WL 151465, at *10. Accordingly, the NSA

has invoked Exemption 1 properly in support of its Glomar response.

       The NSA’s invocation of Exemption 3 is likewise proper. The NSA invokes a

recognized withholding statute, Section 102A(i)(1) of the National Security Act of 1947, in



                                                 19
support of its Glomar response. See ACLU/DOD, 628 F.3d at 619. Section 102A(i)(1) protects

“intelligence sources and methods from unauthorized disclosure.” 50 U.S.C. § 3024. The

plaintiff’s challenges to Exemption 3 mirror the arguments made in opposition to Exemption 1.

Since the Court has found the plaintiff's argument on that score to be unpersuasive, the plaintiff's

Exemption 3 argument is similarly unavailing. 7

                  2.       The NSA Officially Acknowledged a Limited Subset of Records.

         The central dispute between the parties concerns whether the NSA has previously

acknowledged the existence of the records requested by the plaintiff, thereby waiving its right to

claim an exemption regarding the existence vel non of any responsive records. The plaintiff

claims that the NSA has made “multiple official disclosures that it collects a broad and

voluminous scope of the telephone and electronic communications data of Americans through a

series of programs with the compelled assistance of some of the largest U.S. telecommunications

and internet service providers.” Pl.’s Mem. at 20. In light of these disclosures, the plaintiff

argues that the NSA has waived its right to issue a Glomar response to the plaintiff’s FOIA




7
  The NSA also relies on two additional statutory provisions as support for withholding under Exemption 3: (1)
Section 6 of the National Security Act of 1959 (codified at 50 U.S.C. § 3605), which provides that “[n]othing in this
Act or any other law . . . shall be construed to require the disclosure of the organization or any function of the
National Security Agency, or any information with respect to the activities thereof . . .”; and (2) a criminal statute,
18 U.S.C. § 798, which prohibits a person from knowingly and willfully disclosing “any classified information . . .
concerning the communication intelligence activities of the United States . . . or . . . obtained by the processes of
communication intelligence from the communications of any foreign government, knowing the same to have been
obtained by such processes.” Both statutes qualify as Exemption 3 statutes. See Larson, 565 F.3d at 868; Linder v.
NSA, 94 F.3d 693, 698 (D.C. Cir. 1996). The NSA argues that, with respect to Section 6 of the National Security
Act, revealing the existence of the requested records would “disclose information with respect to [NSA] activities,
since any information about an intercepted communication concerns an NSA activity,” Linder, 94 F.3d at 696
(quoting Hayden v. NSA, 608 F.2d 1381, 1389 (D.C. Cir. 1979)), and that, with respect to 18 U.S.C. § 798,
acknowledging the existence of the requested records would disclose classified information “concerning the
communication intelligence activities of the United States,” see Larson, 565 F.3d at 868 (quoting 18 U.S.C. § 798).
See Def.’s Mem. at 14–17. The Court need not opine about the sufficiency of these alternative bases, since Section
102A(i)(1) of the National Security Act provides ample support for the propriety of the NSA’s invocation of
Exemption 3.

                                                          20
request, which encompassed “all email, letter, telephonic, or other communications” by the

plaintiff. Id. at 18–28.

       The D.C. Circuit has recognized that if “the agency has officially acknowledged the

existence of [a] record, the agency can no longer use a Glomar response, and instead must either:

(1) disclose the record to the requester or (2) establish that its contents are exempt from

disclosure and that such exemption has not been waived.” Moore, 666 F.3d at 1333 (citations

omitted); see also Marino v. DEA, 685 F.3d 1076, 1081 (D.C. Cir. 2012) (“[I]n the context of a

Glomar response, the public domain exception is triggered when ‘the prior disclosure establishes

the existence (or not) of records responsive to the FOIA request,’ regardless whether the contents

of the records have been disclosed.” (quoting Wolf, 473 F.3d at 379)). Even so, “[a] strict test

applies to claims of official disclosure.” Moore, 666 F.3d at 1333 (alteration in original)

(internal quotation marks omitted). “[I]n order to overcome an agency’s Glomar response based

on an official acknowledgement, the requesting plaintiff must pinpoint an agency record that

both matches the plaintiff’s request and has been publicly and officially acknowledged by the

agency.” Id. (emphasis added).

       An agency’s official acknowledgment must meet three criteria:

       First, the information requested must be as specific as the information previously
       released. Second, the information requested must match the information
       previously disclosed . . . . Third, . . . the information requested must already have
       been made public through an official and documented disclosure.

Fitzgibbon, 911 F.2d at 765; see also Moore, 666 F.3d at 1333; ACLU/DOD, 628 F.3d at 620–

21; Wolf, 473 F.3d at 378. The plaintiff “bears the burden of pointing to ‘specific information in

the public domain that appears to duplicate that being withheld.’” EPIC/NSA, 678 F.3d at 933

(quoting Wolf, 473 F.3d at 378). The plaintiff may not, however, point to mere media

speculation. See id. at 933 n.5 (“[T]he national media are not capable of waiving NSA’s


                                                 21
statutory authority to protect information related to its functions and activities.”); Competitive

Enter. Inst., 2015 WL 151465, at *10 (“[S]peculation by the press—no matter how

widespread—and disclosures in the press from unnamed sources are not sufficient to waive an

agency’s right to withhold information under FOIA.”). 8

         In the present case, the plaintiff points to the NSA’s public acknowledgements regarding

its various bulk data collection programs—the telephony metadata program, the PR/TT program,

the PRISM program, and the upstream collection program—to argue that the NSA has waived its

right to issue a Glomar response. As explained below, the Court finds that the NSA has

officially acknowledged the collection of certain telephony metadata from Verizon Business

Network Services from April 25, 2013 through July 19, 2013, but has not otherwise officially

acknowledged its possession of any other records sought by the plaintiff.

                             a)        Telephony Metadata Program

         The plaintiff has compiled multiple documents concerning the NSA’s telephony metadata

program, of which the NSA has acknowledged two publically released FISC orders detailing the

program. Specifically, the plaintiff notes that the publically acknowledged FISC Secondary

Order directed Verizon Business Network Services to provide to the NSA “on an ongoing daily

basis . . . all call detail records or ‘telephony metadata’ created by Verizon for communications

(i) between the United States and abroad; or (ii) wholly within the United States, including local

telephone calls.” Secondary Order at 2. The Secondary Order was limited to a 90-day period

between April 25, 2013 and July 19, 2013, and included the originating and terminating


8
  Nor may a statement by an anonymous agency insider be deemed an “official acknowledgement” because an
anonymous leak is presumptively an unofficial and unsanctioned act. See ACLU/DOD, 628 F.3d at 621–22 (“‘[I]t is
one thing for a reporter or author to speculate or guess that a thing may be so or even, quoting undisclosed sources,
to say that it is so; it is quite another thing for one in a position to know of it officially to say that it is so.’” (quoting
Alfred A Knopf, Inc. v. Colby, 509 F.2d 1362, 1370 (4th Cir. 1975))); Afshar v. U.S. Dep’t of State, 702 F.2d 1125,
1130–31 (D.C. Cir. 1983) (distinguishing between “official acknowledgement” of information and “[u]nofficial
leaks and public surmise”).

                                                              22
telephone number along with the time and duration of the call. The plaintiff further contends

that the NSA has conceded in public disclosures that the program has been in existence since at

least May 2006 and that the NSA has admitted that as of January 3, 2014, “at least 15 different

FISC judges have entered a total of 36 orders authorizing NSA’s bulk collection of telephony

metadata.” Reply Supp. Pl.’s Cross Mot. Summ. J. (“Pl.’s Reply”) at 9, ECF No. 26 (citing

NSA’s Shea Decl. ¶¶ 13-14). Taken together, the plaintiff argues that it communicated regularly

with its legal counsel, a Verizon Business Network Services subscriber, and therefore, “based on

the NSA’s own admissions, some of [the plaintiff’s] privileged communications with its counsel

were almost certainly collected.” 9 Pl.’s Reply at 9. Moreover, while the Secondary Order was

limited to the period between April 25, 2013 and July 19, 2013, the plaintiff argues that the NSA

“has made sufficient public acknowledgements of the recurring, ever-renewing nature of these

orders that the existence of prior or subsequent orders is virtually certain.” 10 Pl.’s Reply at 9.

Thus, the plaintiff argues, at a minimum, the NSA has acknowledged the existence of records

relating to its communications sent through Verizon Business Network Services between April

25, 2013 and July 19, 2013, and, at a maximum, has acknowledged the existence of records




9
  Throughout its briefing the plaintiff makes much of the fact that the NSA may have intercepted privileged
communications between the plaintiff and its counsel. Regardless of the propriety of such interceptions, FOIA is not
the appropriate vehicle to vindicate discovery abuses or otherwise conduct discovery. See Williams & Connolly v.
SEC, 662 F.3d 1240, 1245 (D.C. Cir. 2011) (“FOIA is . . . [not] an appropriate means to vindicate discovery abuses .
. . .”); see also NLRB v. Sears, Roebuck & Co., 421 U.S. 132, 144 n. 10 (1975) (“The Act is fundamentally designed
to inform the public about agency action and not to benefit private litigants.”); Renegotiation Bd. v. Bannercraft
Clothing Co., Inc., 415 U.S. 1, 24 (1974) (“Discovery for litigation purposes is not an expressly indicated purpose of
the Act.”); Neary v. Fed. Deposit Ins. Corp., No. 14-1167, 2015 WL 2375395, at *4 (D.D.C. May 19, 2015)
(“’FOIA was not intended to be a discovery tool for civil plaintiffs.’” (internal quotations omitted)); Johnson v. U.S.
Dep’t of Justice, 755 F. Supp. 2, 5 (D.D.C.1991) (“FOIA is not a discovery statute.”).
10
     To showcase the potential breadth of the captured information, the plaintiff points to a draft NSA Inspector
General Report from 2009, which indicates that the NSA “could gain access to approximately 81% of the
international calls into and out of the United States through three corporate partners: COMPANY A had access to
39%, COMPANY B 28%, and COMPANY C 14%.” Pl.’s Mem. at 7. Although the draft report does not identify
the three companies, the plaintiff notes that, as of 1999, MCI/Worldcom (now Verizon) was one of the three largest
telecommunications providers. See id. (citing Common Carrier Bureau, FCC, 1999 International
Telecommunications Data (Dec. 2000)).

                                                         23
relating to communications sent through Verizon Business Network Services and other providers

since at least May 2006. See Pl.’s Reply at 9.

        As noted previously, another decision in this District considered the propriety of an NSA

Glomar response in light of the NSA’s public statements regarding the bulk collection of

telephony metadata. In Competitive Enterprise Institute, the plaintiff cited many of the same

documents relied upon by the plaintiff in the present case: public statements by agency officials;

an administration white paper; declarations of agency officials; newspaper reports; court

opinions; and the Primary and Secondary Orders. See 2015 WL 151465, at *7–*10. After

examining the statements, the court concluded that the “the sources . . . do not give any

indication that the government collects metadata for all U.S. phone customers or even the subset

of all Verizon Wireless users. As such, they do not show that the government has the specific

records they seek.” Id. at *5 (emphasis in original). The court’s analysis turned on whether the

NSA had acknowledged the participation of a service provider in the collection program. The

plaintiff seeks to distinguish Competitive Enterprise Institute by noting that while the plaintiff in

Competitive Enterprise Institute sought records relating to Verizon Wireless, the plaintiff in the

present case has sought records pertaining to Verizon Business Networks Services, an

acknowledged participant in the program. See Pl.’s Supp Aviad. Decl. ¶ 2. The plaintiff is

correct, but only with respect to those documents obtained as a result of the officially

acknowledged Secondary Order, i.e., the telephony metadata collected from Verizon Business

Network Services between April 25, 2013 and July 19, 2013. 11



11
   Although the Secondary Order reflects only that the government sought such records from Verizon Business
Network Services, the NSA has subsequently confirmed in public declarations that Verizon Business Network
Services produced records and participated in the program. See NSA’s Fleish Decl. ¶ 71 (“[T]he United States has
not confirmed or denied the past or current participation of any specific provider in the telephony metadata program
apart from the participation of VBNS for the approximately 90 day duration of the now-expired April 25, 2013 FISC
Order.”).

                                                        24
       With respect to other telephone service providers and other periods of time, the plaintiff

has not pointed to any disclosures documenting the specific telephone service providers that

participated in the program and during what periods of time. Such imprecision will not suffice to

overcome the NSA’s Glomar response. The D.C. Circuit has expressly directed courts to apply

the “official acknowledgement” exception “strictly,” such that the “official acknowledgement”

only extends to the specific records that are acknowledged by the agency. See Moore, 666 F.3d

at 1333; Wolf, 473 F.3d at 378–79. Indeed, this Circuit requires that a plaintiff “pinpoint an

agency record that both matches the plaintiff’s request and has been publicly and officially

acknowledged by the agency.” Moore, 666 F.3d at 1333 (emphasis added). The plaintiff has

been unable to pinpoint specific disclosures regarding the participation of other telephone service

providers in the NSA’s telephony metadata program, a circumstance present in other cases where

courts have determined that the NSA did not officially acknowledge any additional participants

in the telephony metadata program. See Elec. Frontier Found. v. U.S. Dep’t of Justice, No. 11-

CV-5221, 2014 WL 3945646, at *5-7 (N.D. Cal. Aug. 11, 2014) (rejecting argument that the

identity of participants in the telephony metadata program “has lost its exempt character because

the providers’ names have been officially acknowledged.”); Competitive Enterprise Institute,

2015 WL 151465, at *11.

       Rather than pinpoint specific acknowledged disclosures, the plaintiff instead makes a

series of logical deductions based on the nature of the telephony metadata program and general

media speculation regarding the scope of the program to claim that the NSA has acknowledged

other participants in the telephony metadata program. See Pl.’s Mem. at 7 (discussing

implication of “Federal Communications Commission (FCC) report” discussing AT&T, Verizon,

and Sprint as the nation’s “three largest international telephone call providers”), id. at 8 n.6



                                                  25
(“[T]he NSA’s draft report strongly suggests that AT&T and Verizon have assisted the NSA in

collecting both telephonic and email communications in the past); id. at 22–25. Logical

deductions may not substitute for official acknowledgements, however. See Valfells v. CIA, 717

F. Supp. 2d 110, 117 (D.D.C. 2010) (“Logical deductions are not, however, official

acknowledgments.”), aff’d sub nom. Moore v. CIA, 666 F.3d 1330 (D.C. Cir. 2011).

       The plaintiff’s further reliance on ACLU v. CIA, 710 F.3d 422, 428–29 (D.C. Cir. 2013),

is inapposite. In ACLU, the D.C. Circuit addressed the ACLU’s FOIA request for documents

relating to drone strikes. The D.C. Circuit rejected the CIA’s Glomar response because the CIA

“proffered no reason to believe that disclosing whether it has any documents at all about drone

strikes will reveal whether the Agency itself—as opposed to some other U.S. entity such as the

Defense Department—operates drones.” ACLU/CIA, 710 F.3d at 428–29. Instead, the CIA’s

acknowledgment of its possession of documents relating to drones would reveal only that the

CIA maintained an intelligence interest in drones. Id. at 428. In light of official

acknowledgments by the CIA and the President, the Court concluded that it was neither “logical

or plausible” for the CIA to contend that confirming the CIA’s interest in drones would reveal

information not already publically acknowledged. Id. Similarly, in the present case, the NSA

officially acknowledged the collection of telephony metadata information from Verizon Business

Network Services, making it neither logical nor plausible for the NSA to deny this fact now. The

NSA’s acknowledgement of its possession of telephony metadata from Verizon Business

Network Services would reveal no new information not already in the public domain. This is not

the case, however, with respect to telephony metadata records from other time periods or other

service providers. See EPIC/NSA, 678 F.3d at 933 (“EPIC has failed to meet its burden because

its blanket request for ‘[a]ll records of communication between NSA and Google concerning



                                                 26
Gmail’ covers a substantially broader swath of information than what NSA has voluntarily

published on its website.”); Students Against Genocide v. U.S. Dep’t of State, 50 F.Supp.2d 20,

25 (D.D.C. 1999) (“[T]here is certainly no ‘cat out of the bag’ philosophy underlying FOIA so

that any public discussion of protected information dissipates the protection which would

otherwise shield the information sought.”). The NSA has not acknowledged any additional

participants in the telephony metadata program or acknowledged receiving metadata from

Verizon Business Network Services for any period outside of April 25, 2013 to July 19, 2013.

To require the NSA to acknowledge the existence or non-existence of materials beyond that

limited period would require the NSA to acknowledge information that has not otherwise been

publically disclosed.

        The plaintiff has been unable to pinpoint an official acknowledgment by the NSA of the

specific records sought by the plaintiff beyond those records encompassed by the Secondary

Order and relating to Verizon Business Network Services. Moore, 666 F.3d at 1333 (“[I]n order

to overcome an agency’s Glomar response based on an official acknowledgment, the requesting

plaintiff must pinpoint an agency record that both matches the plaintiff’s request and has been

publicly and officially acknowledged by the agency.”). Accordingly, the Court finds that the

NSA’s Glomar response was improper insofar as the NSA has previously acknowledged that it

collected telephony metadata from Verizon Business Network Services between April 25, 2013

and July 19, 2013, and proper as to all other time periods and service providers.

                        b)    Other Electronic Communications

       Although the plaintiff compiled a robust record detailing the public disclosures of the

NSA’s telephony metadata program, the plaintiff has made no such showing regarding any of the

other electronic communications programs—the PR/TT program, the PRISM program, and the



                                                27
upstream collection program. 12 Indeed, to the contrary, the plaintiff concedes that the NSA has

not acknowledged a service provider with respect to the bulk collection of electronic

communications. See Pl.’s Mem. at 24 (conceding that the NSA “has not specifically named any

telecommunications or Internet service providers participating in its bulk electronic

communications collections programs.”). Nonetheless, the plaintiff claims that other official

acknowledgements are sufficient to override the NSA’s Glomar response because the NSA has

acknowledged “the broad scope of electronic communications collected through its programs.”

Id. at 25. Yet, for the reasons stated above, speculation by the plaintiff regarding the scope of the

programs at issue will not suffice to overcome the NSA’s Glomar response. See Competitive

Enter. Inst., 2015 WL 151465, at *9 (upholding Glomar response where plaintiff could “not

name the specific companies that have produced this data to the government”). As a result, the

plaintiff has failed in its burden to overcome the NSA’s Glomar response with respect to all other

electronic communications programs.

          B.     Improper Withholding

          Although the NSA’s Glomar response was improper with respect to certain Verizon

Business Network Services documents, this finding does not end the inquiry into the NSA’s

FOIA response. The NSA makes the alternative argument that even if its Glomar response was

improper as to the limited set of documents relating to Verizon Business Network Services, the

terms of the Primary Order and Secondary Order do not permit the NSA to disclose any records

to the plaintiff. See Mem. Further Supp. Def.’s Mot. Summ. J. (“Def.’s Reply”) at 13–15, ECF

No. 23.


12
  To the extent the NSA has made any acknowledgment regarding the records obtained during the course of the
PR/TT program, the NSA has stated that all records obtained through the program have been destroyed. See NSA
Fleisch Decl. ¶ 76 n.32 (“On December 7, 2011, the NSA completed the destruction of all PR/TT metadata collected
under the authorization of the FISC from the agency’s repositories.”).

                                                      28
       FOIA confers jurisdiction on the district court to compel an agency to release requested

records only if those records are “improperly withheld.” Morgan, 923 F.2d at 196 (internal

quotation marks omitted). An improper withholding does not occur, and the FOIA does not

apply, when documents are withheld pursuant to a court order specifically enjoining their

release. In such circumstances, the agency “simply [has] no discretion . . . to exercise” and, thus,

“has made no effort to avoid disclosure.” GTE Sylvania, Inc. v. Consumers Union of U.S., Inc.,

445 U.S. 375, 386 (1980). As the D.C. Circuit explained in Morgan, “respect for the judicial

process requires the agency to honor the injunction . . . . ” 923 F.2d at 197 (citing GTE Sylvania,

Inc., 445 U.S. at 386–87). Although GTE Sylvania dealt with the situation of a court-ordered

injunction, its core holding has not been so limited. Rather, where a court order circumscribes an

agency’s ability to produce documents such that the agency has “no discretion” to release the

documents, the agency’s failure to release documents will not be deemed improper. See, e.g.,

GTE Sylvania, 445 U.S. at 386 (injunction); Morgan, 923 F.2d at 197 (sealing order); Judicial

Watch, Inc. v. U.S. Dep’t of Justice, 65 F. Supp.3d 50, 52 (D.D.C. Local Civil Rule 84.9); Wagar

v. U.S. Dep’t of Justice, 846 F.2d 1040, 1046-47 (6th Cir. 1988) (consent order); see also Senate

of Commw. of P.R. v. U.S. Dep’t of Justice, No. 84-1829, 1993 WL 364696, at *6 (D.D.C. Aug.

24, 1993) (“The Supreme Court has held that records covered by an injunction, protective order,

or held under court seal are not subject to disclosure under FOIA.” (internal citations omitted)).

       Ultimately, “the proper test for determining whether an agency improperly withholds

records [subject to a court order] is whether the [order], like an injunction, prohibits the agency

from disclosing the records.” Morgan, 923 F.2d at 197 (emphasis in original). The agency bears

the burden of demonstrating that the responsive records are not subject to disclosure under the

terms of a court order. Id. at 198. Merely stating that responsive records are subject to a court



                                                 29
order or other restriction is insufficient to demonstrate that “the court issued the [order] with the

intent to prohibit the agency from disclosing the records,” as required under the Morgan

standard. See Morgan, 923 F.2d at 198 (“If the [agency] obtains a clarifying order stating that the

[order] prohibits disclosure, the [agency] is obviously entitled to summary judgment.”); see also

Awan v. U.S. Dep’t of Justice, 10 F. Supp. 3d 96, 107 (D.D.C 2014) (finding “that the defendants

have not established the Southern District's sealing order as a proper basis for withholding the

over decade old material witness warrant affidavit under the FOIA” where defendants lacked

clarifying order), vacated 46 F. Supp. 3d 90, 92 (D.D.C. 2014) (concluding “that the

government’s withholding of the material witness warrant affidavit in compliance with the

sealing order does not constitute an improper withholding under the FOIA” after the government

obtained clarifying order); Concepcion v. FBI, 699 F.Supp.2d 106, 111–114 (D.D.C. 2010);

Senate of Commw. of P.R, 1993 WL 364696, at *6–7, (D.D.C. Aug. 24, 1993).

       The agency may satisfy its burden under Morgan by referring to (1) the order itself; (2)

extrinsic evidence, such as papers filed with the court that provide the rationale for the sealing;

(3) orders of the same court in similar cases that explain the purpose of the order; or (4) the

court’s general rules of procedures governing the order. Morgan, 923 F.2d at 198; Concepcion,

699 F.Supp.2d at 111. Upon finding that an order prohibits the agency from releasing the

records, the agency is entitled to summary judgment on its withholding of the records. Morgan,

923 F.2d at 198. A review of the Morgan factors reveals that the NSA has no discretion to

disclose the requested documents and its withholding in the present case was proper.

       The text of the Primary Order makes plain the NSA’s lack of discretion to access and

disclose to the plaintiff the requested metadata. Indeed, the Primary Order permits the agency to

access metadata records only in certain defined circumstances. Specifically, the Primary Order



                                                 30
“prohibit[s]” the government “from accessing business record metadata acquired pursuant to this

Court’s orders in the above-captioned docket and its predecessors . . . for any purpose except as

described herein.” Primary Order at 2 (emphasis added). The Primary Order designates two

purposes. First, certain authorized technical personnel “may access the . . . metadata for purposes

of obtaining foreign intelligence information.” Id. Second, “technical personnel may access the

. . . metadata to perform those processes needed to make it usable for intelligence analysis.” Id.

Neither scenario affords the NSA the discretion to access the metadata for purposes of

complying with the plaintiff’s FOIA request.

       Although the Primary Order does not make specific reference to FOIA, the Primary

Order is clear that the metadata may not be accessed “for any purpose except as” permitted by

the Primary Order. Given the context of the Primary Order, the broad language regarding “any

purpose” is sufficient to encompass FOIA. Such strict limitations regarding access to the

collected metadata make abundant sense. In permitting the NSA to collect large amounts of

personal information regarding U.S. citizens, the FISC was careful to put limitations on its

access and use. The metadata may be accessed only for certain limited purposes (foreign

intelligence) and only in certain limited ways (using specially approved searches). To permit

FOIA plaintiffs (and thereby the public at large) access to all of the collected metadata would be

to undermine the careful architecture erected by the FISC and enshrined in the Primary Order.

        Likewise, the Primary Order restricts the subsequent dissemination of metadata

information. Before the NSA may disseminate information pertaining to any U.S. person,

certain high-level officials “must determine that the information identifying the U.S. person is in

fact related to counterterrorism information and that it is necessary to understand the

counterterrorism information or assess its importance.” Primary Order at 3. To be sure, the



                                                31
Primary Order does contemplate disclosure of the accessed metadata beyond the NSA in certain

limited scenarios, including disclosure to the Executive Branch in order to (1) “enable them to

determine whether the information contains exculpatory or impeachment information or is

otherwise discoverable in legal proceedings” and (2) “facilitate their lawful oversight functions.”

Id. While such language might ordinarily weigh against the NSA in the Morgan analysis, the

Primary Order’s relative flexibility on disclosure is of less importance in the present case. As

discussed, the NSA is forbidden under the terms of the Primary Order from accessing the

collected telephony metadata in order to respond to the plaintiff’s FOIA request. In other words,

the only responsive telephony metadata records that the Primary Order might permit the NSA to

disseminate concern telephony metadata records previously accessed as a result of an authorized

search as part of an ongoing investigation. Consequently, the NSA “would only have

communications in its searchable intelligence files of entities that are related to foreign

intelligence investigations” because those were the only searches that would have been

previously authorized under the Primary Order. Def.’s Reply at 9. Yet the existence or non-

existence of such records as they relate to the plaintiff has never been acknowledged by the

NSA. The records are therefore properly covered by the NSA’s Glomar response and no

disclosure is required.

       Both the limitations upon the Court’s holding and the peculiar circumstances of this case

require highlighting. The instant case presents multiple competing interests all of significant

public concern: personal privacy; national security; and transparency in government, along with

the related concern of ensuring agency accountability. Under the plaintiff’s theory on the

applicability of the FOIA in this case, the telephony metadata records (and any email

communications) held in databases by the NSA could potentially be searched and accessed by



                                                 32
any person through the timely submission of a FOIA request. 13 Fortunately, the FISC orders at

issue carefully balanced the competing interests: The materials obtained pursuant to the

telephony metadata program may be accessed only in the most limited fashion, and not for

purposes of the FOIA. Given the plain language in the Primary Order and the general context of

the telephony metadata program, the Court will not require the NSA to seek clarification from

the FISC regarding whether the Primary Order contemplates prohibiting disclosure under the

FOIA. Rather, as the Primary Order makes clear, the NSA is not permitted to access the

requested materials for purposes of complying with a FOIA request. As a result, the NSA’s

failure to comply with the plaintiff’s request was not “improper” and the NSA will not be

required to disclose the requested documents to the plaintiff.

         C.       Defendant’s Search

         As noted, the NSA did not issue a Glomar response as to the entirety of the plaintiff’s

FOIA request. Rather, the NSA conducted a search for documents relating to the non-

intelligence records sought by the plaintiff, i.e., the plaintiff’s request for documents relating to

its business contracts and pending civil and criminal cases. The NSA’s search yielded no results

and the plaintiff correspondingly challenges the adequacy of the NSA’s search for responsive

records.

         “The court applies a reasonableness test to determine the adequacy of a search

methodology.” Morley, 508 F.3d at 1114 (internal quotations and citations omitted) “[T]he

adequacy of a FOIA search is generally determined not by the fruits of the search, but by the

appropriateness of the methods used to carry out the search.” Iturralde v. Comptroller of


13
  The plaintiff’s theory also would raise the analytically “fraught” issue of when the querying of a database
constitutes the creation of a new record not subject to FOIA. See Nat’l Sec. Counselors v. C.I.A., 960 F. Supp. 2d
101, 160 n.28 (D.D.C. 2013). This issue was not formally framed by the parties and does not require resolution
here.

                                                         33
Currency, 315 F.3d 311, 315 (D.C. Cir. 2003). “An agency may establish the adequacy of its

search by submitting reasonably detailed, nonconclusory affidavits describing its efforts.” Baker

& Hostetler LLP v. U.S. Dep’t of Commerce, 473 F.3d 312, 318 (D.C. Cir. 2006). “‘Agency

affidavits are accorded a presumption of good faith, which cannot be rebutted by purely

speculative claims about the existence and discoverability of other documents.’” DeBrew, 2015

WL 3949421, at *2 (quoting SafeCard Servs., Inc. v. SEC, 926 F.2d 1197, 1200 (D.C. Cir.

1991)).

          Agency affidavits should identify the terms search and explain how the search was

conducted. See Morley, 508 F.3d at 1122 (citing Oglesby v. U.S. Dep’t of Army, 920 F.2d 57, 68

(D.C. Cir. 1990)). The agency must submit, “[a] reasonably detailed affidavit, setting forth the

search terms and the type of search performed . . . is necessary to afford a FOIA requester an

opportunity to challenge the adequacy of the search and to allow the district court to determine if

the search was adequate in order to grant summary judgment.” Debrew, 2015 WL 3949424, at

*2 (quoting Oglesby, 920 F.2d at 68). Only where “a review of the record raises substantial

doubt, particularly in view of ‘well defined requests and positive indications of overlooked

materials,’” is summary judgment inappropriate. Iturralde, 315 F.3d at 314 (quoting Valencia–

Lucena v. U.S. Coast Guard, 180 F.3d 321, 326 (D.C. Cir. 1999)). In the end, “[t]o prevail on

summary judgment, the ‘agency must show beyond material doubt . . . that it has conducted a

search reasonably calculated to uncover all relevant documents.’” Elliott v. U.S. Dep’t of Agric.,

596 F.3d 842, 851 (D.C. Cir. 2010) (quoting Weisberg v. U.S. Dep’t of Justice, 705 F.2d 1344,

1351 (D.C. Cir. 1983)).

          The NSA presents two affidavits from the NSA’s Associate Director for Policy and

Records in support of its search for records in the present case. The NSA tasked “its Office of



                                                 34
General Counsel, its acquisition organization, and its logistics organization” to conduct the

relevant searches. NSA’s Sherman Decl. ¶ 27. These organizations were chosen as they were

deemed to be the organizations “that would possess records responsive to the Plaintiff’s FOIA

request, if any such records existed,” as only those organizations maintained contract and

litigation-related records. Id. The NSA determined that “[n]o other non-intelligence

organization within the NSA would have such records” and that “if any non-intelligence related

information response to the Plaintiff’s FOIA request existed at the NSA, it would have been

located by these three organizations in their respective filing system based on the search

methodology” employed. NSA’s Suppl. Sherman Decl. ¶¶ 2, 4. The NSA queried the records

of the relevant organizations using three variants of the plaintiff’s name and the numbers for the

relevant contract. The records databases contained memoranda, meeting minutes, reports,

manuals, and other documents. NSA’s Sherman Decl. ¶ 27. Within the Office of General

Counsel, attorneys also searched their Microsoft Outlook email accounts while administrative

personnel and paralegals searched the organization’s litigation filings systems. Id. The NSA

also searched the “contracting management information system database,” which is maintained

in support of the NSA’s contracting activity. Id. No responsive records were found as a result of

any of these searches.

       The plaintiff objects to the adequacy of the NSA’s search, challenging both the scope of

the search and the search terms employed. Neither objection withstands scrutiny. First, the

plaintiff attacks the NSA’s decision to limit its search of records to those contained in the Office

of General Counsel, the acquisitions organization, and the logistics organization. The plaintiff

argues that “[b]ecause those organizations only handle matters on behalf of the NSA, there was

no reason for them to possess documents regarding contracts and lawsuits that did not involve



                                                 35
the Agency.” Pl.’s Mem. at 30. The plaintiff misconstrues the nature of the NSA’s search. The

NSA searched these organizations because “[n]o other non-intelligence organization within the

NSA would have [contract or litigation related records] because these other organizations would

only have records of individuals and organizations . . . that have some affiliation with the NSA.”

NSA’s Suppl. Sherman Decl. ¶ 2 (emphasis added). The fact that these organizations were

unlikely to maintain the requested contracting and litigation records reflects not on the NSA’s

choice of organizations to search but on the nature of the plaintiff’s FOIA request: the plaintiff

sought records concerning a company with which the NSA neither engaged in contracts nor

contract litigation.

         Second, the plaintiff attacks the use of search terms employed by the NSA. The NSA

used three variations of the plaintiff’s name and the contract numbers for its search. 14 The

plaintiff posits that the NSA should have used alternative search terms to yield responsive

documents. Specifically the plaintiff suggests that the NSA should have included “PWC” as a

search term, along with the legal case numbers for the relevant litigation. Pl.’s Reply at 16–17.

Although the parties did agree regarding the scope of one of the plaintiff’s requested categories

of information, the parties did not discuss, and the plaintiff did not suggest, the use of any

specific search terms. See NSA’s Sherman Decl. ¶ 19.

         “In general, the adequacy of a search is ‘determined not by the fruits of the search, but by

the appropriateness of [its] methods.’” Hodge v. FBI, 703 F.3d 575, 579 (D.C. Cir. 2013)

(quoting Iturralde, 315 F.3d at 315). “[T]here is no bright-line rule requiring agencies to use the

search terms proposed” by a plaintiff. Physicians for Human Rights v. U.S. Dep’t of Def., 675


14
  The plaintiff argues that the NSA failed to identify its search terms because it did not use quotation marks to
designate the search terms identified in its declaration. See Pl.’s Reply at 15. The Court declines the plaintiff’s
invitation to impose a quotation marks requirement on the NSA as context reveals the terms in question to be the
search terms employed by the NSA.

                                                          36
F. Supp. 2d 149, 164 (D.D.C. 2009). Federal agencies have discretion in crafting a list of search

terms that “they believe[ ] to be reasonably tailored to uncover documents responsive to the

FOIA request.” Id. Where the search terms are reasonably calculated to lead to responsive

documents, the Court should not “micro manage” the agency’s search. See Johnson v. Executive

Office for U.S. Attorneys, 310 F.3d 771, 776 (D.C. Cir. 2002) (“FOIA, requiring as it does both

systemic and case-specific exercises of discretion and administrative judgment and expertise, is

hardly an area in which the courts should attempt to micro manage the executive branch.”);

Liberation Newspaper v. U.S. Dep’t of State, No. 13-0836, 2015 WL 709197, at *6 (D.D.C. Feb.

19, 2015) (“Where the agency’s search terms are reasonable, the Court will not second guess the

agency regarding whether other search terms might have been superior.”).

       The plaintiff’s insistence on its own preferred search terms does not undermine the

reasonableness of the NSA’s search terms. Moreover, the plaintiff’s terms are not without their

own criticism. Indeed, the plaintiff proffers no explanation for how the inclusion of legal case

numbers would be likely to yield responsive documents when the NSA already searched by the

plaintiff’s name. Moreover, while the NSA could have also used an abbreviation of the

plaintiff’s name as a search term, an abbreviation in a record typically follows after the full name

is used, and the search terms used employed both full and shortened versions of the plaintiff’s

name. In short, the plaintiff offers only speculation as to the results of an alternative search, but

speculation as to the potential results of a different search does not necessarily undermine the

adequacy of the agency’s actual search. Although the NSA could have used additional variations

of the plaintiff’s name or the legal case numbers, the NSA’s search terms were reasonably

calculated to lead to responsive documents.




                                                  37
         Through two declarations by the NSA’s Associate Director for Policy and Records, the

NSA identified the records systems searched, the rationale for searching those records systems,

the search terms employed, and averred that all files likely to contain responsive materials were

searched. The plaintiff has presented no grounds for upsetting the presumption of regularity

afforded to these declarations, and the Court finds that the declarations are reasonably detailed

and the NSA’s search was reasonably calculated to lead to responsive documents. 15

IV.      CONCLUSION

         For the foregoing reasons, the NSA’s Motion for Summary Judgment is granted and the

plaintiff’s Cross-Motion for Summary Judgment or, in the Alternative, for Limited Discovery is

denied. An appropriate Order accompanies this Memorandum Opinion.

                                                                                       Digitally signed by Hon. Beryl A. Howell,
                                                                                       United States District Court Judge, U.S.
                                                                                       District Court for the District of Columbia
                                                                                       DN: cn=Hon. Beryl A. Howell, United
         Date: July 10, 2015                                                           States District Court Judge, U.S. District
                                                                                       Court for the District of Columbia, o, ou,
                                                                                       email=Howell_Chambers@dcd.uscourts.
                                                                                       gov, c=US
                                                                 __________________________
                                                                                       Date: 2015.07.10 15:26:42 -04'00'


                                                                 BERYL A. HOWELL
                                                                 United States District Judge




15
  Since the Court finds that both the declarations and the search itself were adequate, the plaintiff’s alternative
request for limited discovery regarding the NSA’s search, see Pl.’s Mem. at 33, is denied.

                                                           38
