Opinion
Civil Action No. 16-cv-1836 (DLF)
09-12-2018
MEMORANDUM OPINION
Pro se plaintiff Wynship Hillier invokes the Privacy Act of 1974, 5 U.S.C. § 552a, to identify records about him at the Department of Homeland Security (DHS), United States Department of State, and Central Intelligence Agency (CIA) (collectively the "defendants"). Hillier claims these agencies have records confirming that he is "the target of a sophisticated campaign" designed to render him an "involuntary psychiatric outpatient" and to convince him, and others, that he suffers from "psychiatric disorders." 2d Am. Compl. ¶ 4, Dkt. 33. Dissatisfied by the agencies' failure to produce any records, Hillier filed this lawsuit. Before the Court are the defendants' Motion for Summary Judgment, Dkt. 40, Hillier's Motion for Partial Summary Judgment Against Defendant United States Department of Homeland Security, Dkt. 41, and Hillier's Cross-motion for Partial Summary Judgment Against the Central Intelligence Agency and United States Department of State, Dkt. 48. For the reasons that follow, the Court will grant in part and deny in part the defendant's motion and deny Hillier's motions.
I. BACKGROUND
For the past six years, Wynship Hillier has sought records that he believes DHS, Department of State, and CIA possess. His quest began in early 2012 when he sent letters to these agencies asking whether certain record systems contained records about him. See Defs.' Statement of Facts ¶¶ 3, 6, 17, 29, Dkt. 40-1; Pl.'s Statement of Genuine Issues ¶¶ 3, 6, 17, 29, Dkt. 45. Each agency processed Hillier's requests under both the Privacy Act, 5 U.S.C. § 552a, and the Freedom of Information Act (FOIA), 5 U.S.C. §552. But none of the agencies provided records to Hillier because (1) none were found, (2) the relevant record systems were statutorily exempt from the Privacy Act and FOIA, or (3) the CIA could neither confirm nor deny the existence of records that might reveal a classified relationship with the agency. Defs.' Statement of Facts ¶¶ 3, 6, 19, 29. Hillier exhausted his administrative remedies and commenced this lawsuit on September 12, 2016. See 2d Am. Compl. Exs. 1-54; Defs.' Statement of Facts ¶¶ 9, 31.
It appears that Hillier initially submitted a Privacy Act request to the CIA by a letter dated February 4, 2009. 2d Am. Compl. Ex. 3. The CIA responded on March 13, 2009 by notifying Hillier that it would not process his request until he provided certain identifying information required by regulation. 2d Am. Compl. Ex. 4 (citing 32 C.F.R. § 1901.13). There is no evidence that Hillier provided the required information, but he later submitted another Privacy Act request via a letter dated January 6, 2011 (the record is clear that the letter should have been dated January 6, 2012, not 2011). See Defs.' Statement of Material Facts ¶ 29 n.1; Pl's. Statement of Genuine Issues ¶ 29. Separately, the record also reflects that a January 19, 2012 letter the plaintiff addressed to the Department of State was not received until much later when "a copy of the . . . letter was attached to subsequent correspondence between Plaintiff and [the agency]." Defs.' Statement of Material Facts ¶ 17; Pl's. Statement of Genuine Issues ¶ 17.
Hillier does not dispute the facts this opinion cites from the defendants' statement of material facts. Compare Pl.'s Statement of Genuine Issues, Dkt. 45, with Defs.' Statement of Facts, Dkt. 40-1. Accordingly, for convenience, the Court omits parallel citations to Hillier's statement of genuine issues, Dkt. 45. To be clear, Hillier disputes other facts contained in the defendants' statement of material facts that are not cited here.
Since then, Hillier has zealously prosecuted his lawsuit. In addition to securing leave to amend his complaint three times, he submitted over 1,300 pages of argument and evidence. See Dkts. 15-18, 20, 22, 26, 31, 33-35, 38, 39, 41-43, 45, 46, 48, 49, 52-56, 59, 61, 64. 65.
When the defendants moved for summary judgment on August 24, 2017, see Dkt. 40, Hillier countered on September 7, 2017 with a motion for partial summary judgment against DHS, see Dkt. 41. He also filed an opposition to the defendants' motion for summary judgment, a motion to compel discovery, a motion to participate in hearings by telephone or televideo, see Dkts. 42, 43, 45, and, on October 17, 2017, he filed a cross-motion for partial summary judgment against the CIA and Department of State, see Dkt. 48.
About a week after this case was reassigned to the undersigned judge on December 5, 2017, Hillier moved for leave to file a surreply to the defendants' motion for summary judgment, see Dkt. 52, which the Court granted. Several weeks later, Hillier filed a 454-page request asking the Court to take judicial notice of facts that he argued were contained in Federal Register notices and proposed rules, Executive Orders and memoranda, federal statistical reports published on agency websites, a telephone directory posted on a government website, a page from a government website, other court records, dictionaries, law review articles, workday calculations, and legislative reports and documents. Pl's. Req. for Judicial Notice at 1, 35, 54, 65, 85, 87, 90, 92, 95, 96, Dkt. 54.
On February 23, 2018, Hillier moved to amend his motion for partial summary judgment against DHS, cross-motion for partial summary judgment against the CIA and Department of State, motion to compel discovery, and opposition to the defendants' motion for summary judgment. Mot. to Amend at 1, Dkt. 55. In support, Hillier submitted 464 pages of exhibits. Id. Exs. 71-166, Dkt. 55-1. He followed that with a March 19, 2018 motion seeking reconsideration of the May 31, 2017 minute order issued by the judge who was previously assigned to this case. Mot. for Recons. at 1, Dkt. 59. That minute order prohibited Hillier from further amending his complaint "absent a showing of exceedingly good cause." Minute Order of May 31, 2017.
The competing motions for summary judgment are addressed in this memorandum opinion. Hillier's other pending motions are addressed in the accompanying order.
II. LEGAL STANDARDS
Rule 56 of the Federal Rules of Civil Procedure mandates that "[t]he court shall grant summary judgment if the movant shows that there is no genuine dispute as to any material fact" and, viewing the evidence in the light most favorable to the nonmoving party, "the movant is entitled to judgment as a matter of law." Fed. R. Civ. P. 56(a); see also Paige v. Drug Enf't Admin., 665 F.3d 1355, 1358 (D.C. Cir. 2012). "A dispute is 'genuine' if the evidence is such that a reasonable jury could return a verdict for the nonmoving party." Paige, 665 F.3d at 1358. A fact is material if it "might affect the outcome of the suit under the governing law." Anderson v. Liberty Lobby, Inc., 477 U.S. 242, 248 (1986).
Hillier invokes the Privacy Act to secure notice of records about him. The Privacy Act mandates that "[e]ach agency that maintains a system of records shall . . . upon request by any individual to gain access to his record or to any information pertaining to him which is contained in the system, permit him . . . to review the record and have a copy made of all or any portion thereof in a form comprehensible to him." 5 U.S.C. § 552a(d)(1). The Privacy Act also allows individuals to request notice that an agency's system of records contains information about them. See 5 U.S.C. §§ 552a(e)(4)(G), (f)(1).
The defendants treat Hillier's requests as though he is also seeking records under FOIA. Defs.' Statement of Material Facts ¶¶ 3, 6, 19, 29. FOIA provides that "each agency, upon any request for records which (i) reasonably describes such records and (ii) is made in accordance with published rules stating the time, place, fees (if any), and procedures to be followed, shall make the records promptly available to any person." 5 U.S.C. § 552(a)(3)(A).
The Privacy Act and FOIA are structurally similar. Londrigan v. FBI, 670 F.2d 1164, 1169 (D.C. Cir. 1981). Both provide a requester with access to federal agency records about the requester and create a private cause of action when an agency fails to comply with a valid request. See 5 U.S.C. §§ 552a(d)(1), (g)(1) (Privacy Act); 5 U.S.C. §§ 552(a)(3)(A), (a)(4)(B) (FOIA).
Unlike FOIA, however, the Privacy Act "does not have disclosure as its primary goal. Rather, the main purpose of the Privacy Act's disclosure requirement is to allow individuals on whom information is being compiled and retrieved the opportunity to review the information and request that the agency correct any inaccuracies." Henke v. U.S. Dep't of Commerce, 83 F.3d 1453, 1456-57 (D.C. Cir. 1996).
Under both the Privacy Act and FOIA, an agency must conduct an adequate and reasonable search for relevant records. See Chambers v. U.S. Dep't of Interior, 568 F.3d 998, 1003 (D.C. Cir. 2009) (stating that "the Privacy Act, like FOIA, requires" that a search "be reasonably calculated to uncover all relevant documents" (internal quotation marks omitted)). In this Circuit, courts apply the same standard under both statutes to determine the adequacy of a search. See id.; Hill v. U.S. Air Force, 795 F.2d 1067, 1069 (D.C. Cir. 1986) (per curiam) (affirming search's adequacy under Privacy Act for the same reasons the search was affirmed under FOIA). Thus, "[i]n a suit seeking agency documents—whether under the Privacy Act or the FOIA—at the summary judgment stage, where the agency has the burden to show that it acted in accordance with the statute, the court may rely on a reasonably detailed affidavit, setting forth the search terms and the type of search performed, and averring that all files likely to contain responsive materials (if such records exist) were searched." Chambers, 568 F.3d at 1003 (internal alteration and quotation marks omitted). The agency's affidavit is "accorded a presumption of good faith, which cannot be rebutted by 'purely speculative claims about the existence and discoverability of other documents.'" SafeCard Servs., Inc. v. SEC, 926 F.2d 1197, 1200 (D.C. Cir. 1991) (quoting Ground Saucer Watch, Inc. v. CIA, 692 F.2d 770, 771 (D.C.Cir.1981)).
Hillier contends that FOIA is not relevant in this case. Pl.'s Opp'n Br. at 5-8, Dkt. 45. But FOIA caselaw is relevant here because, as noted, the agencies treated his requests as seeking records pursuant to the FOIA and the Privacy Act, and courts apply the same standards to determine the adequacy of an agency's search under both statutes. See, e.g., Chambers, 568 F.3d at 1003; Ellis v. DOJ, 110 F. Supp. 3d 99, 107 (D.D.C. 2015).
If agency searches reveal records responsive to a Privacy Act or FOIA request, an agency may withhold access to the records if the statutes exempt them from disclosure. See 5 U.S.C. §§ 552a(j)(2), (k)(2), 552(b). Although the Privacy Act and FOIA "substantially overlap," the statutes "are not completely coextensive; each provides or limits access to material not opened or closed by the other." Greentree, 674 F.2d at 78. The Privacy Act and FOIA "seek[] in different ways to respond to the potential excesses of government," and "[e]ach, therefore, has its own functions and limitations." Id. at 76. Accordingly, "[t]he two acts explicitly state that access to records under each is available without regard to exemptions under the other." Id. This means that, when both statutes are at play, an agency seeking to withhold records must "demonstrate that the documents fall within some exemption under each Act." Martin v. Office of Special Counsel, Merit Sys. Prot. Bd., 819 F.2d 1181, 1184 (D.C. Cir. 1987). "If a FOIA exemption covers the documents, but a Privacy Act exemption does not, the documents must be released under the Privacy Act; if a Privacy Act exemption but not a FOIA exemption applies, the documents must be released under FOIA." Id.
III. ANALYSIS
The defendants move for summary judgment under Rule 56 on the ground that their searches were adequate but they found no nonexempt records to disclose to Hillier. Defs.' Mot. for Summ. J. at 1. Hillier opposes the defendants' motion and champions his cross-motion for summary judgment, which he contends must prevail because the agencies' declarations (1) contain statements contradicted by the record, (2) call into question the adequacy of the searches, (3) pose evidentiary deficiencies, and (4) fail to address Hillier's allegations of bad faith. See Pl.'s Opp'n Br. at 1 (attached as Ex. 64 to Pl.'s Opp'n to Defs.' Mot.), Dkt. 45. The Court assesses the parties' motions by considering each of Hillier's Privacy Act requests and the agencies' corresponding searches and responses.
A. Hillier's Privacy Act Request to the CIA
Hillier began his pursuit of federal agency records by sending a January 6, 2012 Privacy Act request to the CIA. Shiner Decl. Ex. B at 1. Hillier's request stated:
I believe that I may have been identified as a person of intelligence interest by your agency, as I appear to be under surveillance, I appear to be the continual target of a number of behaviors intended to provoke, threaten, intimidate, distress, and harass me, and I continue to be a target for acts of battery.Id. Hillier further stated that, "[d]ue to my education and subsequent work in operations research, it is also possible that your agency has record[s] of me as a potential vendor or consultant, and that fact has led to my identification as a person of intelligence interest to this or another agency." Id. Hiller requested notice of records about him in the following systems: (1) CIA-22, Personnel Security Records; (2) CIA-24, Polygraph Records; (3) CIA-26, Office of General Counsel Records; (4) CIA-32, Office of the Deputy Director of Central Intelligence for Community Management Records; (5) CIA-33, National Intelligence Council Records; (6) CIA- 35, Directorate of Science & Technology Private Sector Contact Information; (7) CIA-37, Directorate of Operation Records; (8) CIA-38, Academic and Business Contact Records; (9) CIA-40, Research System Records; and (10) CIA-41, Intelligence Analysis Records. Hillier identified himself by his full legal name, another name he used from 1990-91, his date and place of birth, his social security number, his citizenship status, and his then-current and previous residential addresses. Shiner Decl. Ex. B at 2.
1. The CIA's Response
The CIA's response to Hillier's Privacy Act request is described in Antoinette B. Shiner's declaration. Shiner is a senior CIA official with Top Secret classification authority. Shiner Decl. ¶ 2, Dkt. 40-4. Shiner serves as the Information Review Officer for the CIA's Litigation Information Review Office. Id. ¶ 1. She is also a designated Records Validation Officer, which means she is "authorized to testify or execute affidavits regarding CIA records and records searches for litigation matters involving CIA information." Id. ¶¶ 3, 5.
The CIA sent Hillier a March 5, 2012 letter stating that his request would be processed as both a Privacy Act request and a FOIA request. Id. ¶ 7. The CIA first focused on unclassified records that "reveal an open or acknowledged relationship" between Hillier and the CIA. Id. ¶ 11. The CIA therefore confined its initial search to publicly released records about Hillier but found none. Id. ¶ 12.
The CIA also directed Hillier to contact the Office of the Director of National Intelligence (ODNI) to request records from the CIA-33 system because the ODNI maintains that system. Id.
"[B]ased on this search, and analysis of the subject matter of the request," the CIA determined that the "Directorate of Support (DS) and the Director's Area (DIR) were the directorates most likely to maintain records responsive to the request because they were the most likely to maintain records that reflect an overt relationship between Mr. Hillier and the CIA." Id. According to Shiner, "[t]here were no additional locations that would reasonably likely . . . maintain the records sought in this case." Id. The CIA ultimately "identified the specific databases that were reasonably likely to maintain responsive records," id., and conducted searches of all offices that manage the systems of records Hillier identified, id. ¶ 12 n.6. The CIA's searches "us[ed] all variations of [Hillier's] name and biographical identifiers that he provided: 'W Hillier,' 'Hillier (with DOB/SSN),' 'M Rainsong,' and 'Rainsong (with DOB/SSN),' 'Wynship West Hillier,' 'Mabon Clearwater Rainsong,' and 'Hillier.'" Id. ¶ 13. But the CIA again located no records about Hillier. Id. ¶ 13.
Shiner's declaration states that the "Director's Area" is a "cluster of offices under the Director of the CIA, such as the Office of General Counsel, the Office of Public Affairs and the Office of the Inspector General." Shiner Decl. ¶ 12 n.5. The database searches at that directorate therefore covered multiple offices.
For classified records, the CIA provided a so-called "Glomar response" that neither confirmed nor denied the existence of records about Hillier pursuant to FOIA exemptions 1 and 3 and Privacy Act exemptions (j)(1) and (k)(1). FOIA exemption 1 protects from disclosure "matters that are . . . specifically authorized under criteria established by an Executive order to be kept secret in the interest of national defense or foreign policy and (B) are in fact properly classified pursuant to such Executive order." 5 U.S.C. § 552(b)(1). As Shiner explained, Executive Order 13256 "is the operative executive order that governs classification," Shiner Decl. ¶ 14, and it provides that, "in response to a request for information under the Freedom of Information Act, the Presidential Records Act, the Privacy Act of 1974, or the mandatory review provisions of this order: (a) An agency may refuse to confirm or deny the existence or nonexistence of requested records whenever the fact of their existence or nonexistence is itself classified under this order or its predecessors," EO 13256 § 3.6(a). By a delegation of authority under Executive Order 13256, Shiner is authorized to make classification decisions and "determined that the fact of the existence vel non of the requested records is currently and properly classified." Shiner Decl. ¶ 15.
"The Glomar response takes its name from the CIA's refusal to confirm or deny the existence of records about the Hughes Glomar Explorer, a ship used in a classified CIA project to raise a sunken Soviet submarine from the floor of the Pacific Ocean to recover the missiles, codes, and communications equipment onboard for analysis by United States military and intelligence experts." People for the Ethical Treatment of Animals v. Nat'l Insts. of Health, Dep't of Health & Human Servs., 745 F.3d 535, 540 (D.C. Cir. 2014) (internal quotation and alteration marks omitted).
Because FOIA exemption 1 requires the CIA to describe the national security damage that could result from revealing whether classified records exist about Hillier, id. ¶ 23, Shiner explained that confirming the existence or nonexistence of records about Hillier could reveal intelligence sources or methods and intelligence activities, including covert actions, as defined in Executive Order 13256. See id. ¶¶ 17, 18, 19. Shiner stated that a response to Hillier's Privacy Act request could "jeopardize the clandestine nature of the Agency's intelligence activities or otherwise reveal previously undisclosed information about CIA sources, capabilities, authorities, interests, relationships with domestic or foreign entities, strengths, weaknesses, and/or resources." Id. ¶ 18.
Shiner further stated that intelligence gathering is a primary function of the CIA that depends on human sources and targets. Id. ¶ 19. According to Shiner, human sources will furnish information only with confidence that the CIA will protect them from public disclosure. Id. She emphasized that CIA confirmation of a human source may lead targets to retaliate against the source or his family and friends. Id. Disclosure of human sources also "places in jeopardy every individual with whom the individual has had contact." Id. "Thus, the indiscretion of one source in a chain of intelligence sources can damage an entire spectrum of sources." Id. For these reasons, Shiner concluded that confirming or denying the existence of records about someone "reasonably could be expected to cause serious damage to U.S. national security by indicating whether or not CIA maintained any human intelligence sources related to an interest in the subject of the request." Id. And she explained why consistent use of a Glomar response is necessary even when the CIA has no records about a requester:
To be credible and effective, the CIA must use the Glomar response consistently in all cases where the existence or nonexistence of records responsive to a FOIA request is a classified fact, including instances in which the CIA does not possess records responsive to a particular request. If the CIA were to invoke a Glomar response only when it actually possessed responsive records, the Glomar response would be interpreted as an admission that responsive records exist. This practice would reveal the very information that the CIA must protect in the interest of national security.Id. ¶ 20.
Shiner asserted that a Glomar response was also proper under FOIA exemption 3, which protects information exempted by statute when the statute (1) requires withholding the information from the public in a manner that leaves no discretion on the issue or (2) establishes particular criteria for withholding or refers to particular types of matters to be withheld. Id. ¶¶ 21, 23; see also 5 U.S.C. § 552(b)(3). The National Security Act of 1947, as amended, mandates that the Director of National Intelligence protect intelligence sources and methods from unauthorized disclosure and thereby requires the information to be withheld without discretion. Shiner Decl. ¶ 22; see also 50 U.S.C. § 3024(i)(1). In accordance with that Act and provisions of Executive Order 12333, and under the direction of the Director of National Intelligence, "the CIA is authorized to protect CIA sources and methods from unauthorized disclosure." Shiner Decl. ¶ 22. As Shiner explained with respect to FOIA exemption 1, the existence or nonexistence of records indicating a classified connection between Hillier and the CIA could reveal information about intelligence sources and methods. Id. ¶ 18, 19. And the National Security Act protects such information from unauthorized disclosure. Id. ¶ 22. Shiner therefore stated that "the fact of the existence or nonexistence of records that would reflect a classified connection to the CIA is exempt from disclosure under FOIA exemption [3] pursuant to the National Security Act." Id. ¶ 23.
Shiner also concluded that the existence or nonexistence of records about Hillier was protected from disclosure by Privacy Act exemptions (j)(1) and (k)(1). Id. ¶¶ 24, 25, 26, 27. Exemption (j)(1) authorizes the Director of the CIA to promulgate regulations that exempt systems of records from the Privacy Act's access and amendment provisions. 5 U.S.C. § 552a(d). Shiner Decl. ¶ 24; see also 5 U.S.C. § 552a(j)(1). The Director of the CIA did so in 32 C.F.R. § 1901.62(d)(1), which exempts from the Privacy Act's access provisions parts of CIA systems of records "that consist of, pertain to, or would otherwise reveal intelligence sources and methods." Shiner Decl. ¶ 24 (citing the regulation). As Shiner explained with respect to FOIA exemptions 1 and 3, the existence or nonexistence of a classified connection between the CIA and Hillier "implicates intelligence sources and methods." Id. ¶ 24.
Privacy Act exemption (k)(1) authorizes the Director of the CIA to promulgate rules that exempt agency systems of records from the access provision of the Privacy Act if the system is subject to FOIA exemption 1. Id. ¶ 26 (citing 5 U.S.C. § 552a(k)(1)). As already discussed, FOIA exemption 1 protects from disclosure information that is properly classified under an executive order. 5 U.S.C. § 552(b)(1). Shiner asserted that the existence or nonexistence of a classified connection between the CIA and Hillier "can reasonably be expected to cause serious damage to U.S. national security" so it "is currently and properly classified under Executive Order 13526 and is, therefore, exempt from disclosure under Privacy Act exemption (k)(1)." Shiner Decl. ¶ 26.
Because the existence or nonexistence of classified responsive records about Hillier "is itself a properly classified fact and . . . is intertwined with intelligence activities, sources, and methods," Shiner determined that "this fact is, and must remain, classified and protected by statute." Id. ¶ 28. Shiner therefore concluded that "the only appropriate response is for the CIA to neither confirm nor deny the existence or nonexistence of the requested records under FOIA exemptions and Privacy Act exemptions (j)(1) and (k)(1)." Id.
2. Adequacy of the CIA's Search and Propriety of Withholdings
To secure summary judgment under the Privacy Act and FOIA, the CIA "must show that it made a good faith effort to conduct a search for the requested records, using methods which can be reasonably expected to produce the information requested." Reporters Comm. for Freedom of Press v. FBI, 877 F.3d 399, 402 (D.C. Cir. 2017) (quoting Oglesby v. U.S. Dep't of Army, 920 F.2d 57, 68 (D.C. Cir. 1990)). "[T]he issue to be resolved is not whether there might exist any other documents possibly responsive to the request, but rather whether the search for those documents was adequate." Weisberg v. DOJ, 745 F.2d 1476, 1485 (D.C. Cir. 1984). "The adequacy of the search, in turn, is judged by a standard of reasonableness and depends, not surprisingly, upon the facts of each case." Id. The question is whether the CIA's search was "reasonably calculated to discover the requested documents, not whether it actually uncovered every document extant." SafeCard, 926 F.2d at 1201.
"A reasonably detailed affidavit, setting forth the search terms and the type of search performed, and averring that all files likely to contain responsive materials (if such records exist) were searched" is necessary for an agency to prevail on summary judgment. Oglesby, 920 F.2d at 68. Agency declarations should also specify who performed the search, Steinberg v. DOJ, 23 F.3d 548, 552 (D.C. Cir. 1994), and "reflect [a] systematic approach to document location," Weisberg v. DOJ, 627 F.2d 365, 371 (D.C. Cir. 1980).
The Shiner declaration satisfies the standards of both the Privacy Act and FOIA by properly describing a systematic approach to the CIA's search that first focused on publicly released records and then turned to unclassified documents that the agency might possess. The declaration explains that the CIA rationally determined that the Directorate of Support and the Director's Area were the only locations likely to have responsive records based on the results of the search of publicly-released records and the substance of Hillier's request. The declaration states that the CIA identified specific databases that were reasonably likely to contain responsive records and searched those databases using search terms consisting of the personal identifiers Hillier presented in his Privacy Act request. The Court therefore finds that the CIA's Shiner declaration describes an adequate search conducted in good faith that was reasonably calculated to discover Hillier's requested documents. See Reporters Comm. for Freedom of Press, 877 F.3d at 402; Oglesby, 920 F.2d at 68.
Hillier challenges the CIA's search by first arguing that the Shiner declaration was not based on personal knowledge. See Pl.'s Opp'n Br. at 25-26. But Shiner states in her declaration that "I make the following statements based upon my personal knowledge and information made available to me in my official capacity." Shiner Decl. ¶ 6. In this Circuit, a declarant may satisfy the personal knowledge requirement by "attest[ing] to his personal knowledge of the procedures used in handling [a FOIA or Privacy Act] request and his familiarity with the documents in question." Barnard v. Dep't of Homeland Sec., 598 F. Supp. 2d 1, 19 (D.D.C. 2009) (internal quotation marks omitted). Shiner's declaration makes clear that she is familiar with the procedures relating to the Privacy Act and FOIA requirements, as well as the records Hillier requested. Shiner states that she: (1) worked in the review-and-release field for 18 years in various official capacities that involved responsibility for classification and release determinations, Shiner Decl. ¶ 2; (2) is a senior CIA official who holds original classification authority to the Top Secret level, id. ¶ 3; (3) is responsible for litigation information and public requests for information under the Privacy Act and FOIA, id. ¶ 4; (4) is a Records Validation Officer authorized to testify about CIA records and searches, id. ¶ 5; and (5) "[t]hrough the exercise of [her] official duties, [she] ha[s] become familiar with this civil action and the underlying FOIA request," id. ¶ 6. These statements suffice to satisfy the personal knowledge requirement. See Barnard, 598 F. Supp. at 19.
Hillier also claims that Shiner's declaration fails to identify who conducted and supervised the searches or when the searches were performed. Pl.'s Opp'n Br. at 25-26. But Shiner's declaration, which must be accorded a presumption of good faith, see SafeCard Servs., Inc., 926 F.2d at 1200, identified who conducted the searches by stating that the CIA Information and Privacy Coordinator received and processed Hillier's request, Shiner Decl. ¶ 7, and the "CIA employees who performed the necessary searches have access to pertinent records, are qualified to search those records and regularly search those records in the course of their professional duties," id. ¶ 11. With respect to these employees' names, "[t]he FOIA does not require the disclosure of the names or information about agency staff involved in processing FOIA requests." Kidder v. FBI, 517 F. Supp. 2d 17, 24 (D.D.C. 2007). Indeed, this court previously rejected as "frivolous" a requester's contention that an agency should reveal the names of employees who conducted searches. Harrison v. Fed. Bureau of Prisons, 611 F. Supp. 2d 54, 65 (D.D.C. 2009) (noting that personal identifying information about agency searchers would be exempt from disclosure under FOIA exemption 6 if recorded).
Hillier cites no authority for the proposition that failing to identify the actual date on which an agency conducts a search defeats the adequacy of the search or the presumption of good faith attached to an agency declaration. See Pl.'s Opp'n Br. at 25-26. And Hillier's claim that Shiner did not supervise the searches is unavailing. Id. at 26. Shiner's declaration states that she is responsible for the classification review of CIA documents and information that are the subject of court proceedings or Privacy Act and FOIA requests, and, as a Records Validation Officer, she is authorized to testify or execute affidavits about CIA records searches. See Shiner Decl. ¶¶ 4, 5. Shiner's representations show that, through her authorities and position as a Records Validation Officer for CIA records searches, id. ¶ 5, she had a managerial (and thus supervisory) role with respect to the searches conducted here.
Hillier further argues that the CIA's searches were incomplete because "entire systems of records of which plaintiff requested search were apparently never touched." Pl.'s Opp'n Br. at 29-30. But "there are some limits on what an agency must do to satisfy its FOIA obligations." Nation Magazine, Wash. Bureau v. U.S. Customs Serv., 71 F.3d 885, 891 (D.C. Cir. 1995). "There is no requirement that an agency search every record system." Oglesby, 920 F.2d at 68. "Although an agency may not ignore a request to search specific record systems when a request reaches the agency before it has completed its search, a search is generally adequate where the agency has sufficiently explained its search process and why the specified record systems are not reasonably likely to contain responsive records." Mobley v. CIA, 806 F.3d 568, 582 (D.C. Cir. 2015). "Further, a request for an agency to search a particular record system—without more—does not invariably constitute a 'lead' that an agency must pursue." Id. "After all, a FOIA requester's detailed search instructions cannot dictate the reasonableness of the scope of an agency's FOIA search." Nolen v. DOJ, 146 F. Supp. 3d 89, 98 (D.D.C. 2015).
Ultimately, the question is whether the agency's search was reasonable based on the facts, Mobley, 806 F.3d at 580, not "whether any further documents might conceivably exist," Truitt v. Dep't of State, 897 F.2d 540, 542 (D.C. Cir. 1990). Here, the CIA determined that the "Directorate of Support (DS) and the Director's Area (DIR) were the directorates most likely to maintain records responsive to the request because they were most likely to maintain records that reflect an overt relationship between Mr. Hillier and the CIA." Shiner Decl. ¶ 12. "[T]he Agency identified the specific databases that were reasonably likely to maintain responsive records," and "[t]here were no additional locations that would [be] reasonably likely to maintain the records sought in this case." Id. All of the circumstances described in the Shiner declaration demonstrate that the CIA made a good faith effort to conduct a search for Hillier's requested records, using methods that can reasonably be expected to produce the requested information. See Oglesby, 920 F.2d at 68. The Court therefore holds that the CIA's search was reasonable and adequate. See Truitt, 897 F.2d at 542.
3. The CIA's Glomar Response
Hillier contends that it was improper for the CIA to provide a Glomar response to his request. Pl.'s Opp'n Br. at 25, 33-44. A "Glomar response . . . is proper if the fact of the existence or nonexistence of agency records falls within a FOIA [or Privacy Act] exemption." Wolf v. CIA, 473 F.3d 370, 374 (D.C. Cir. 2007). "In determining whether the existence of agency records vel non fits a FOIA exemption, courts apply the general exemption review standards established in non-Glomar cases." Id. If a Glomar response is justified, "the agency need not conduct any search for responsive documents or perform any analysis to identify segregable portions of such documents." People for the Ethical Treatment of Animals, 745 F.3d 535 at 540. And "[c]ourts can grant summary judgment upholding a Glomar response based on agency affidavits explaining the basis for the response." Id. As described, the Shiner declaration provides a detailed justification for the CIA's Glomar response. Shiner explained the legal bases for the response and how it complied with exemptions (j)(1) and (k)(1) of the Privacy Act and exemptions 1 and 3 of FOIA. Shiner Decl. ¶¶ 13-27.
Hillier's claim that the Glomar response was improper because the CIA misapplied its regulations also is not persuasive. See Pl.'s Opp'n Br. at 18. Hillier's argument appears to rest on two premises: first, that he sought notice of records—not access to them; and second, that the standard for invoking a Glomar response under the notice provisions of the applicable agency regulations, see 32 C.F.R. § 1901.62(c), is higher than that for the access provision, see 32 C.F.R. § 1901.62(d)(1). Id. at 19-25. Even assuming that Hillier is right, Shiner's declaration demonstrates how confirming the existence of records about Hillier could jeopardize intelligence sources and methods, see Shiner Decl. ¶¶ 18, 19, and would therefore satisfy any heightened standard potentially applicable to a request for notice. The CIA's Glomar response is amply supported by Shiner's declaration. See People for the Ethical Treatment of Animals, 745 F.3d at 540.
B. Hillier's Privacy Act Requests to DHS
Hillier next sent a January 11, 2012 letter to the Disclosure Officer at the Office of Intelligence and Analysis in DHS asking for notice of non-exempt records about him in a record system he identified as "DHS/IA-001 (Office of Intelligence and Analysis Enterprise Records System)." Sepeta Decl. Ex. A at 1, Dkt. 40-2. Hillier's letter requested that the agency "please search record categories A, B, C, D, E, F, G, H, and I, as listed on 73 FR 28132." Id. Hillier noted that records about him "may have been compiled at any time from 1983 to the present" and he added that he worked for two defense department contractors in the mid-1980s. Id. He also stated: "I may have been mistakenly identified as a terrorist, as people have suggested this much to me, I appear to be under surveillance, I appear to be the continual target of a number of behaviors intended to provoke, threaten, intimidate, distress, and harass me, and I continue to be a target for continuing incidents of battery, and am currently disabled as the result of one such incident." Id. Hillier then identified himself by his full legal name, an alternate name he used from 1990-91, his date and place of birth, his social security number, his citizenship status, and both his then-current and a prior residential address. Id.
The next day, January 12, 2012, Hillier sent a similar letter to the Chief Privacy Officer and Chief Freedom of Information Act Officer at DHS. Id. Ex. D at 1. In this second letter, Hillier requested any non-exempt records about him located in the following two record systems:
• DHS/ALL-30 "Department of Homeland Security (DHS)/ALL-030 Use of the Terrorist Screening Database (TSDB) System of Records" (record categories: identifying information and other available identifying particulars including audit records containing such, references to and/or information from other government law enforcement and intelligence databases or other relevant databases containing such).Id. Hillier stated that "[DHS] may have a record about me because I may have been mistakenly identified as a known or suspected terrorist." Id. Hillier provided the same identifying information that he submitted in his first letter to the agency, with the exception of his social security number, which he omits. Id. at 2. He added a California driver's license number and a passport number. Id. He also indicated that records might be in the possession of the following DHS components: Headquarters; Directorate for National Protection and Programs; Directorate for Science and Technology; Office of Policy; Office of Health Affairs; Office of Intelligence and Analysis; Office of Operations Coordination and Planning; Federal Law Enforcement Training Center; Domestic Nuclear Detection Office; United States Coast Guard; Federal Emergency Management Agency; and the United States Secret Service. Id.
• DHS/ALL-031 "Information Sharing Environment (ISE) Suspicious Activity Reporting (SAR) Initiative System of Records" (record categories: attachments, contact information for submitters of ISE-SARs, driver license, follow-up action, location, location address, location coordinates, observer, owning organization, other identifier, passport, person, person name, physical descriptors, physical feature, ISE-SAR submission, sensitive information details, source organization, suspicious activity report, submitting organization, suspicious activity, target, vehicle, and related ISE-SAR).
1. DHS's Response
Arthur R. Sepeta's declaration describes DHS's searches and response to Hillier's Privacy Act requests. As the Chief of the Privacy and Intelligence Oversight Branch at Office of Intelligence and Analysis, Sepeta has "direct oversight" of the FOIA and Privacy Act policies, procedures, and litigation involving Office of Intelligence and Analysis records. Sepeta Decl. ¶ 1. Sepeta states that DHS treated Hillier's requests as requests under both the Privacy Act and FOIA consistent with the agency's policy and "to provide the greatest degree of access authorized." Id. ¶ 9. The defendants emphasize that, as a result, DHS "searched a broader universe of records than those in the system of records that Plaintiff identified in his request." Defs.' Reply at 5, Dkt. 47. As Sepeta explains, "[t]he Privacy Act's right of access is limited to records in a system of records, whereas FOIA searches encompass a much broader scope of records." Sepeta Decl. ¶ 9.
a. DHS's Search of Record System DHS/IA-001
According to Sepeta, Hillier's January 11, 2012 request seeking notice of records about him in the DHS/IA-001 record system was referred to the Office of Intelligence and Analysis and assigned the tracking number 12-OIA-0030. Id. ¶¶ 10, 21. DHS/IA-001 is an Enterprise Records System that contains all records over which the Office of Intelligence and Analysis exercises control. Id. ¶ 22. The Office of Intelligence and Analysis searched the DHS/IA-001 record system using Hillier's name, the alternate name he identified, his date and place of birth, both his present and prior residential addresses, and the last four digits of his social security number. Id. ¶ 22. The search encompassed "the Production Management Branch, the State and Local Program Office, Enterprise Mission Support Division, and the Analysis and Production Office." Id. ¶ 22.
On February 29, 2012, the Office of Intelligence and Analysis advised Hillier by letter that no responsive records were found during the search of the DHS/IA-001 record system. Id. ¶ 11 & Ex. C at 1, Dkt. 40-2. The Office of Intelligence and Analysis also confirmed that no records existed before January 24, 2003, the date DHS was created. Id. Ex. C at 1.
b. DHS's Search of Record System DHS/ALL-30
DHS's Privacy Office processed Hillier's second request seeking notice of records about him in the record system identified as DHS/ALL-30 (Use of the Terrorist Screening Database Systems of Records). Id. ¶ 13 & Ex. E at 1, Dkt. 40-2. In a March 19, 2012 letter, the Privacy Office explained to Hillier that, even if records about him exist in the DHS/ALL-30 record system, he had no right to access the records because they are exempt under both the Privacy Act and FOIA. Id. Ex. E at 1-2.
The record does not reflect that DHS assigned a tracking number to this request. See Id. ¶¶ 12-13; id. Ex. E.
Addressing the Privacy Act first, the Privacy Office stated that the records in DHS/ALL-30 are exempt from the Act because the Terrorist Screening Database is part of a Federal Bureau of Investigation (FBI) record system that the FBI has exempted from certain provisions of the Act. Id. Ex. E at 1. According to the Privacy Office, the FBI exempted the Terrorist Screening Database from 5 U.S.C. § 552a(d), which is the Privacy Act provision that provides access rights. Id. Because DHS gets Terrorist Screening Database information from the FBI's Terrorist Screening Center, the FBI's exemption "carries over when the TSDB information is transferred to the Department." Id.
The Privacy Office further explained that DHS's record systems that receive the FBI's Terrorist Screening Database information through the Watch List Service are also exempt under the Privacy Act, including the Privacy Act provision providing access to records. Id. (citing 5 U.S.C. §§ 552a(d), (j)(2), (k)(1), (k)(2), and 76 Fed. Reg. 81787). Information from the Terrorist Screening Database "is categorized as Sensitive Security Information ('SSI') under 49 U.S.C. §114(r), and the implementing regulation found at 49 CFR part 1520." Id. Citing 49 C.F.R. §§ 1520.9(a)(2) and 1520.15(a), the Privacy Office stated that "[r]ecords containing SSI are not available for public inspection or copying, nor can they be released to anyone who does not have an official need to know." Id. The Privacy Office therefore concluded that Hillier "has no right to access or amend the records contained in these systems" and denied his request under the Privacy Act. Id.
The Privacy Office reached a similar result under FOIA, concluding that any records responsive to Hillier's request for records in DHS/ALL-30 are exempt from disclosure under FOIA exemption 3 because they constitute Sensitive Security Information exempt by a statute, 49 U.S.C. § 114(r), Sepeta Decl. Ex. E at 2, which prohibits the disclosure of qualifying information that is "obtained or developed in carrying out security under authority of the Aviation and Transportation Security Act," 49 U.S.C. § 114(r)(1). Thus, the Privacy Office provided a Glomar response and neither confirmed nor denied the existence of records that might reveal Hillier's status in the Terrorist Screening Database. Sepeta Decl. Ex. E at 2.
The Privacy Office further concluded that any such records were also subject to FOIA exemption 7(E), 5 U.S.C. § 552(b)(7)(E). Id. Exemption 7(E) protects law enforcement information that "would disclose techniques and procedures for law enforcement investigations or prosecutions, or would disclose guidelines for law enforcement investigations or prosecutions if such disclosure could reasonably be expected to risk circumvention of the law." 5 U.S.C. § 552(b)(7)(E). Accordingly, the Privacy Office denied Hillier's request for notice of records relating to him based on FOIA exemptions 3 and 7(E). Sepeta Decl. Ex. E at 2.
c. DHS's Search of Record System DHS/ALL-031
Hillier's third request asking for notice of records about him located in the DHS/ALL-031 system was referred to the Office of Intelligence and Analysis where it was assigned tracking number 12-OIA-0040. Sepeta Decl. ¶ 13. The Sepeta declaration and exhibits indicate that the records in DHS/ALL-031 are a subset of the records contained in DHS/IA-001, which, as noted, is a comprehensive record system that contains all records over which the Office of Intelligence and Analysis exercises control. Id. ¶¶ 14, 22 & Ex. F at 1 (stating that DHS/IA-001 "includes . . . ISE . . . and Suspicious Activity Reporting (SAR)"). As a result, the Office of Intelligence and Analysis's search of DHS/IA-001 using Hillier's full name, alternative name, birth date, birth place, and current and prior residential addresses also covered records in DHS/ALL-031. Id. ¶ 21.
Sepeta's declaration states that the Office of Intelligence and Analysis's April 4, 2012 letter to Hillier served as its final response to Hillier's request about DHS/ALL-031. Id. ¶ 14. The April 4, 2012 letter, however, refers to DHS/ALL-030 rather than to DHS/ALL-031, which appears to be a typographical error. Id. Ex. F at 1, Dkt. 40-2. Perhaps this is why, after Hillier pursued an administrative appeal on April 20, 2012, id. ¶ 15, the United States Coast Guard Office of the Chief Administrative Law Judge remanded the matter back to the Office of Intelligence and Analysis on February 12, 2013, stating that "the record does not reflect whether the proper database was searched or otherwise accounted for in the Final Response," id. Ex. G at 2, Dkt. 40-2.
The confusion about whether DHS/ALL-031 was adequately searched can be attributed to this apparent typographical error in the Privacy Office's April 4, 2012 letter to Hillier. See Sepeta Decl. Ex. F at 1. DHS/ALL-031 is consistently characterized in Sepeta's declaration and exhibits, as well as in Hillier's January 12, 2012 Privacy Act request, as an "Information Sharing Environment and Suspicious Activity Reporting System." Id. ¶¶ 12, 22, Ex. D at 1, Ex. E at 2, Ex. H at 1; see also id Ex. E at 2 ("As it relates to your access for records in the DHS/All-031, Information Sharing Environment (ISE) Suspicious Activity Reporting (SAR) Initiative System of Records . . . . I am referring your request to the FOIA Officer for OI&A . . . ."). Although the Privacy Office's April 4, 2012, letter refers to DHS/ALL-030 rather than to DHS/ALL-031, it characterizes the system as the "Information Sharing Environment and Suspicious Activity Reporting system," id. Ex. F at 1, thereby indicating that it is intended to be DHS/ALL-031. In contrast, the DHS/ALL-030 system is consistently characterized as "Use of the Terrorist Screening Database System of Records." Id. ¶ 12, Ex. D at 1, Ex. E at 1. Moreover, Hillier's request for records in the DHS/ALL-031 record system is the only request that was referred to the Office of Intelligence and Analysis on March 19, 2012. Thus, the record indicates that the reference to DHS/ALL-030 in the April 4, 2012 letter to Hillier is a typographical error, although DHS has never said so.
By contract, the United States Coast Guard Office of the Chief Administrative Law Judge reviews FOIA appeals for the DHS General Counsel. See id. Ex. G at 2.
The Sepeta declaration reveals that on May 8, 2012—after Hillier filed his administrative appeal on April 20, 2012 but before it was remanded on February 12, 2013—the Office of Intelligence and Analysis conducted a search of computers and share drives belonging to personnel within the Production Management Branch of the Office of Intelligence and Analysis. Id. ¶ 23. The Office of Intelligence and Analysis conducted the search using the personal identifiers Hillier provided in his January 12, 2012 letter. Id. The Office of Intelligence and Analysis limited the search to the Production and Management Branch of the Office of Intelligence and Analysis because that branch was responsible for keeping finished intelligence products and the search would have identified responsive documents created between the time of the first and second searches. Id. Because the Office of Intelligence and Analysis discovered no responsive records during the second search, "there was no need to further expand the search to other offices." Id. DHS denied Hillier's administrative appeal on July 9, 2015. Id. ¶ 19.
Although the Sepeta declaration never expressly states whether that search involved the DHS/ALL-031 record system, the declaration cites the tracking number that applied to the DHS/ALL-031 record system. Sepeta Decl. ¶ 16. Moreover, on remand, the Office of Intelligence and Analysis reported on November 26, 2013 that it "searched all component level SAR [Suspicious Activity Reporting] files, and other source material without result." Id. ¶ 18, Ex. H at 2, Dkt. 40-2. As noted, this search must have involved the DHS/ALL-031 record system given that system's characterization in the Privacy Office's March 19, 2012 letter as a "suspicious activity reporting" system. Id. Ex. E at 1.
2. Adequacy of DHS's Searches
Hillier does not challenge DHS's searches of DHS/IA-001 or DHS/ALL-030. But he does contest DHS's search of DHS/ALL-031 because it was limited to the Office of Intelligence and Analysis—only one of DHS's twelve components. See Pl.'s Br. In Support of Mot. for Partial Summ. J. at 10, Dkt. 41; Pl.'s Opp'n Br. at 9.
Because the arguments raised in Hillier's other motions are similar to those raised in his opposition to the defendants' motion for summary judgment, from this point forward the Court cites to his opposition to the defendants' motion for summary judgment.
Although an agency is not required to search every record system, Oglesby, 920 F.2d at 68, it cannot ignore requests to search specific systems that are received before it completes its searches, Mobley, 806 F.3d at 582. If an agency elects not to search specific systems that a requester has identified, controlling precedent makes clear that the agency must "sufficiently explain[] . . . why the specified record systems are not reasonably likely to contain responsive records." Mobley, 806 F.3d at 582. The Sepeta declaration lacks sufficient detail to meet this standard. As a result, the Court is unable to conclude whether DHS's search was adequate.
Hillier's Privacy Act request to DHS seeking notice of records in DHS/ALL-031 identified the following 12 components where Hillier believed records could be found: Headquarters; Directorate for National Protection and Programs; Directorate for Science and Technology; Office of Policy; Office of Health Affairs; Office of Intelligence and Analysis; Office of Operations Coordination and Planning; Federal Law Enforcement Training Center; Domestic Nuclear Detection Office; United States Coast Guard; Federal Emergency Management Agency; and the United States Secret Service. Sepeta Decl. Ex. D at 2. The Sepeta declaration states that the Office of Intelligence and Analysis searched for records "over which [it] maintained control," id. ¶ 23, but never mentions whether the other 11 components might have responsive records or their records are under the Office of Intelligence and Analysis's "control." If DHS determined that the Office of Intelligence and Analysis was the only DHS component that had a record system reasonably likely to contain responsive records, the Sepeta declaration should say so. See Mobley, 806 F.3d at 582.
It is also unclear whether the Office of Intelligence and Analysis's search of the DHS/ALL-031 system was limited to only its own suspicious activity reports or whether it included the suspicious activity reports of other DHS components. The Sepeta declaration's exhibits indicate that the Office of Intelligence and Analysis's search might not have been so limited. As the Office of Intelligence and Analysis FOIA Officer explained in a November 26, 2013 letter responding to the remand of Hillier's administrative appeal:
[S]everal operational components within DHS regularly observe or otherwise encounter suspicious activities while executing their authorized missions and performing operational duties. Components document those observations or encounters in SARs. DHS I&A is one of the DHS components that routinely collects and formats information into SARs. These documents are stored locally, which means that all contributors, including DHS components, exercise control over their own reports and they are not available in the absence of a specific query. And because each contributor maintains control over its own information, when a record from a contributor is located, the contributor has sole authority to determine whether it can be released outside NSI participants.Sepeta Decl. Ex. H at 2, Dkt. 47-1 (emphasis added) (quotation marks omitted). This letter suggests that the Office of Intelligence and Analysis conducted a search of all DHS (i.e., component level) suspicious activity reports, not just the Office of Intelligence and Analysis's reports. Neither the Sepeta declaration nor the defendants' legal briefs make this argument, however, so the Court is left to believe this might not be the case.
As a contributor to this system of records, DHS I&A has authority over only its own SARs. Nevertheless, DHS I&A searched all component level SAR files, and other source material without result. To the extent that Mr. Hillier wants a search of SARs contributed by other NSI participants, he must make separate requests.
Additionally, it appears that Hillier was required to submit separate Privacy Act requests to search suspicious activity reports contributed by other participants in the Nationwide Suspicious Activity Reporting Initiative. See Sepeta Decl. Ex. H at 2 (stating "[t]o the extent that Mr. Hillier wants a search of SARs contributed by other NSI participants, he must make separate requests"). The record does not reflect that he ever did that, although it is unclear whether that is required for the 11 components Hillier identified or only applies to other agencies that participate in the Nationwide Suspicious Activity Reporting Initiative.
This lack of clarity is compounded by the fact that, as already discussed, the Office of Intelligence and Analysis's April 4, 2012 letter to Hillier that purports to be DHS's final response to Hillier's request about DHS/ALL-031 makes reference to DHS/ALL-030 rather than to DHS/ALL-031. The Court presumes that this is an error but it would be helpful if the Sepeta declaration said so one way or the other.
Because the Sepeta declaration fails to state whether DHS determined that the Office of Intelligence and Analysis was the only component with a record system that was reasonably likely to contain records responsive to Hillier's request, the declaration lacks sufficient detail for the Court to determine whether DHS's search was adequate. The Court will therefore deny without prejudice the defendants' motion for summary judgment with respect to the search conducted by DHS.
Hillier's other challenges to the search of DHS/ALL-031 are not compelling. Hillier questions whether the DHS/ALL-031 record system was properly characterized as "under the purview" of the Office of Intelligence and Analysis as the Privacy Office stated in the March 19, 2012 letter to Hillier. Pl.'s Opp'n Br. at 9. Wrapped into this argument is Hillier's dispute about Sepeta's citation of 6 C.F.R. § 5.4 as the basis for referring his DHS/ALL-031 request to the Office of Intelligence and Analysis. Id. That regulation states that "the component that first receives a request for a record and maintains that record is the component responsible for responding to the request" unless the request was misdirected to that component or a component determines the records originated at another component or the information was provided by another component or is of substantial interest to another component. 6 C.F.R. §§ 5.4(a), (c), (d). These points culminate with Hillier alleging that the FOIA Program Specialist who signed the March 19, 2012 letter to Hillier was "lying" about the agency's rationale for referring Hillier's DHS/ALL-031 request to the Office of Intelligence and Analysis. Pl.'s Opp'n Br. at 13-14.
It was reasonable for the Privacy Office's FOIA Program Specialist to determine that DHS/ALL-031 "falls under the purview of the DHS Office of Intelligence and Analysis," Sepeta Decl. Ex. E at 2, given that the DHS/ALL-031 system is a subset of DHS/IA-001, a comprehensive record system over which the Office of Intelligence and Analysis has control, see id. ¶ 22. Furthermore, 6 C.F.R. § 5.4(a) makes clear that a component that first receives a request for records is responsible for responding to the request if it "maintains that record." There is no evidence that DHS's Privacy Office "maintains" records in DHS/ALL-031, in which case it was appropriate for that component to forward the request to a component that did maintain such records. Notably too, 6 C.F.R. § 5.4 provides that if a component determines that it maintains responsive records that contain information of substantial interest to another component, then "[t]he component may refer the responsibility for responding to the request or portion of the request to the component . . . best able to determine whether to disclose the relevant records." 6 C.F.R. § 5.4(d)(3). The regulation goes on to state that "[o]rdinarily, the component . . . that created or initially acquired the record will be presumed to be best able to make the disclosure determination." Id. Hillier offered the Court no reason to think that DHS's Privacy Office erred by referring his request to search DHS/ALL-031 to the Office of Intelligence and Analysis given that there is no evidence that the Privacy Office maintains any records in that system.
C. Hillier's Department of State Privacy Act Request
Hillier's final attempt to identify records about him was initiated by a January 19, 2012 Privacy Act request sent to the Department of State Director of Foreign Affairs Document and Reference Center. 2d Am. Compl. Ex. 34 at 1; Stein Decl. ¶ 4, Dkt. 40-3. In that letter, Hillier asks the Department of State to check whether it possesses any non-exempt records about Hillier in the STATE-06 "Coordinator for the Combatting of Terrorism Records" (all record categories) record system. 2d Am. Compl. Ex. 34 at 1; Stein Decl. ¶ 4, Dkt. 40-3. Hillier states that he "believes that the Department of State may have records about [him] because [he] [was] an American Citizen involved in terrorist incidents." 2d Am. Compl. Ex. 34 at 1. Hillier supplies the Department of State with his full legal name, another name he used in the past, his date and place of birth, his social security number, and his then-current mailing address. Id. at 2.
It appears from the record that Hillier's January 19, 2012 letter to the Department of State was returned to him, Stein Decl. ¶ 4, but at some point Hillier began corresponding with the Department of State's Office of Information Programs and Services. The Office of Information Programs and Services later received Hillier's request for STATE-06 records as an attachment to subsequent correspondence with him. Id.
1. The Department of State's Response
The Department of State submits Eric F. Stein's declaration describing the agency's response to Hillier's Privacy Act request. Stein is the Department of State's Director of the Office of Information Programs and Services and the official responsible for responding to records requests under the Privacy Act and FOIA. Stein Decl. ¶ 1, Dkt. 40-3. According to Stein, the Department of State processes Privacy Act requests under both the Privacy Act and FOIA. Id. ¶ 6.
Stein states that he reviewed Hillier's Privacy Act request and determined that the Bureau of Counterterrorism and Countering Violent Extremism was the Department of State component likely to have responsive documents "because [Hillier's] request specifically referred to STATE-06, and [the Bureau of Counterterrorism and Countering Violent Extremism] is the Department component that would maintain any records described in STATE-06, 'Coordinator for the Combatting of Terrorism Records.'" Id. ¶ 9. Stein also determined that the Department of State's Retired Record Inventory Management System, "a searchable database that automates the processing of records retired to the Records Service Center" was reasonably likely to have responsive records. Id. Stein "concluded that no other offices or records systems were reasonably likely to maintain documents responsive to [Hillier's] request related to STATE-06." Id.
According to Stein, the Bureau of Counterterrorism and Countering Violent Extremism Director of the Office of Regional Affairs determined that the only bureau components reasonably likely to have responsive records were the Office of South and Central Asia and the Near East, and the Office of Africa, Europe, the Americas, and Asia. Id. ¶ 11. Stein explains that these two offices "work on counterterrorism policy in individual countries, and all [bureau] records that reference an American involved with terrorist activities would pass through these offices." Id. In addition, "[a]ny American who had joined a terrorist organization or been kidnapped by terrorists would also have had the attention of the office leadership in these two offices." Id.
Three officials knowledgeable about Hillier's Privacy Act request and the record systems in these two offices searched both the unclassified and classified electronic files for records relating to Hillier. Id. ¶ 12. The official who was a Program Analyst for the Office of Africa, Europe, the Americas, and Asia "searched the unclassified and classified shared drives (a collection of folders stored on a local network) used by both [the Office of South and Central Asia and the Near East and the Office of Africa, Europe, the Americas, and Asia] to maintain their electronic records, including archived emails stored in .pst files, using the following names and other identifying information provided by Plaintiff: 'Wynship Hillier,' 'Wynship West Hillier,' 'Mabon Rainsong,' 'Mabon Clearwater Rainsong,' and Mr. Hillier's Social Security number." Id. In addition, the Deputy Office Director of the Office of South and Central Asia and the Near East and the Office Director for the Office of Africa, Europe, the Americas, and Asia "searched their unclassified and classified email records and individual drives using the search terms: 'Wynship Hillier,' 'Wynship West Hillier,' 'Mabon Rainsong,' 'Mabon Clearwater Rainsong,' and Mr. Hillier's Social Security number." Id. Stein states that "[n]o date restrictions were applied to these searches," id., and no responsive records were found, id. ¶ 13. Stein further explains that "[a]ll files are maintained electronically, so a search of these record systems would have located any responsive records." Id. ¶ 12.
Addressing the Retired Records Inventory Management System, Stein describes the system as a "searchable database that automates the processing of records retired to the Records Service Center and tracks the status of all boxes received" at the center. Id. ¶ 14. Stein states that both the full text and the metadata of records in the "retired file manifests" are searchable. Id. He explains that "retired file manifests serve as an index of the contents of retired paper files and are used to direct a researcher to particular file folders or documents in retired file boxes." Id. Stein notes, however, that "[o]n occasion, manifests do not contain sufficient detail to indicate the exact contents maintained under a given subject, so once a potentially responsive box is located, the entire contents of the box must be searched manually." Id.
According to Stein, an Office of Information Programs and Services Information Specialist who was knowledgeable about FOIA and the Retired Records Inventory Management System searched the system using the terms "counterterrorism" or "CT." Id. ¶ 15. The search covered the time period from January 1, 2007 through the date of the search. Id. The 2007 date was derived from Hillier's statement that he was involved in terrorist incidents since 2007. Id. The Office of Information Programs and Services "determined that these search terms would locate any records during the time frame that were covered by STATE-06." Id. Stein states that the search located "[n]o retired file manifests for CT for the relevant time period." Id. The Information Specialist also searched all the system records using the terms "Hillier," "Wynship," or "Rainsong," but "[n]o relevant retired file manifests indicating the existence of records regarding [Hillier] were located." Id.
By letter dated January 13, 2017, the Office of Information Programs and Services advised Hillier that professional employees in the Department of State's Bureau of Counterterrorism and Countering Violent Extremism who are familiar with the content and organization of the agency's non-exempt records conducted a thorough search of records in STATE-06 and found no records about him. Id. Ex. 1.
2. Adequacy of the Department of State's Searches
Stein's declaration explains the scope of the Department of State's search, which was defined by Hillier's request for records about him in the STATE-06 system. Stein identifies the methodology deployed to identify the record systems reasonably likely to have responsive records and the timeframe that was applied. The declaration also identifies who performed the searches, the search terms that were used, and the type of searches that were performed. See Steinberg, 23 F.3d at 552.
Hillier raises a series of objections to the Stein declaration, Pl.'s Opp'n Br. at 3-5, 16-18, none of which the Court finds convincing. First, Hillier contends that the declaration is deficient because it does not state that it was based on personal knowledge. But Hillier is mistaken. The first paragraph of the declaration states "I make the following statements based upon my personal knowledge, including information furnished to me in the course of my official duties." Stein Decl. ¶ 1. Stein also states that he is "familiar with the efforts of Department personnel to process the Privacy Act request" and "in charge of coordinating the agency's search efforts with respect to [Hillier's] request." Id. Stein's declaration therefore demonstrates his personal knowledge of the procedures used in handling requests and his familiarity with the documents in question. See Barnard, 598 F. Supp. 2d at 19.
Second, Hillier claims that the Stein declaration is deficient because the Director of the Office of Regional Affairs relied on hearsay to determine that only the Office of South and Central Asia and the Near East and the Office of Africa, Europe, the Americas and Asia were reasonably likely to maintain responsive records. But "courts in this jurisdiction have long held that [agency] declarants may rely on 'information they have obtained in the course of their official duties.'" Canning v. U.S. Dep't of State, 134 F. Supp. 3d 490, 510 (D.D.C. 2015) (quoting Barnard, 598 F. Supp. 2d at 19); Cucci v. DEA, 871 F. Supp. 508, 513 (D.D.C. 1994); Inst. for Policy Studies v. CIA, 885 F. Supp. 2d 120, 133 (D.D.C. 2012)). Thus, "declarations that contain hearsay in recounting searches for documents are generally acceptable." Gov't Accountability Project v. DOJ, 852 F. Supp. 2d 14, 23 (D.D.C. 2012) (internal quotation and alteration marks omitted).
Third, Hillier claims that the Stein declaration does not adequately explain why the Office of South and Central Asia and the Near East and the Office of Africa, Europe, the Americas and Asia were the only components that were likely to have responsive records. The Court disagrees. Stein explained that the Office of Information Programs and Services determined that CT was the component that maintains records in STATE-06, the system Hillier requested be searched. Stein Decl. ¶¶ 4, 9. The Director of Regional Affairs in CT further determined that the Office of South and Central Asia and the Near East and the Office of Africa, Europe, the Americas and Asia were the "only CT components reasonably likely to maintain responsive records" because "all CT records that reference an American involved with terrorist activities would pass through these offices." Id. ¶ 11. As noted, Hillier identified himself as someone believed to be involved in terrorist incidents. 2d Am. Compl. Ex. 34 at 1. Thus, it was reasonable for the agency to conduct searches in systems used by the components through which all records referencing Americans involved with terrorism would pass.
Fourth, Hillier argues that Stein's declaration is defective because paragraph 10 of the declaration states that CT maintains records about American citizens involved in terrorist incidents overseas or who have been captured by a terrorist organization. According to Hillier, that statement is inconsistent with a Department of State publication that indicates that the system of records includes American citizens involved in terrorist incidents "vel non." Pl.'s Opp'n Br. at 17. Hillier also claims that Stein's statement that all STATE-06 records are electronic, Stein Decl. ¶ 12, conflicts with a more than 40-year-old (1977) Department of State System of Records Notice (SORN) that states "Storage: Hard copy," see Pl.'s Opp'n Br. at 17 (quoting 42 Fed. Reg. 49702). Neither of these alleged inconsistencies, however, create a genuine issue of material fact because they are irrelevant to the question of whether the Department of State conducted a search reasonably calculated to uncover Hillier's requested records. See Anderson, 477 U.S. at 248 ("Only disputes over facts that might affect the outcome of the suit under the governing law will properly preclude the entry of summary judgment. Factual disputes that are irrelevant or unnecessary will not be counted.").
Finally, Hillier argues that the Department of State acted in bad faith by delaying its responses to his requests. It is well established, however, that "delays in responding to a FOIA request are rarely, if ever, grounds for discrediting later affidavits by the agency." Iturralde v. Comptroller of Currency, 315 F.3d 311, 315 (D.C. Cir. 2003). The delays alleged here do not undermine the Stein declaration. Because the declaration is sufficiently detailed to conclude that the Department of State made a good faith effort to search for the records Hillier requests using methods that can reasonably be expected to produce the information requested, the Court finds that the agency's searches were adequate. See Oglesby, 920 F.2d at 68.
Hillier originally made allegations of bad faith against the CIA, see Pl.'s Opp'n Br. at 45-46, but appears to have abandoned those allegations, see Pl.'s Am. Opp'n Br. at 45-46 (attached as Ex. 85 to Pl.'s Mot. to Amend, Dkt. 55). Regardless, the Court would reject any such challenge for the reasons stated here. --------
CONCLUSION
For the foregoing reasons, defendants' Motion for Summary Judgment, Dkt. 40, will be granted in part with respect to the CIA and Department of State and denied in part without prejudice with respect to DHS. Hillier's Motion for Partial Summary Judgment Against Defendant United States Department of Homeland Security, Dkt. 41, will be denied without prejudice because, without more detail about whether DHS determined that the Office of Intelligence and Analysis was the only component with a record system that was reasonably likely to contain responsive records, the Court is unable to conclude one way or the other whether the search was reasonable, in which case neither party can prevail at this juncture. The Court will deny Hillier's Cross-Motion for Partial Summary Judgment Against the Central Intelligence Agency and United States Department of State, Dkt. 48, because the Court holds that the searches conducted by those agencies were reasonable and the CIA's Glomar response was compliant with both the Privacy Act and FOIA. Hillier ably raised numerous arguments throughout the litigation of his Privacy Act requests and his remaining motions are addressed in the accompanying order.
/s/_________
DABNEY L. FRIEDRICH
United States District Judge September 12, 2018