EPIC has filed a Freedom of Information Act lawsuit against the Office of the Director of National Intelligence (ODNI), seeking documents related to the collection and integration of detailed personal information of US persons from databases at various levels of government. The ODNI is the top intelligence agency in the US, coordinating the activities of agencies including the CIA, the FBI, and the DHS.
ODNI operates and maintains the National Counterterrorism Center (NCTC), a facility comprising an integrated network of electronic databases. The NCTC was established in August 2004 by Presidential Executive Order 13354, and codified by the Intelligence Reform and Terrorism Prevention Act of 2004 (IRTPA). On its website, the NCTC describes its mission and purpose as “implement[ing] a key recommendation of the 9/11 Commission: ‘Breaking the older mold of national government organizations, this NCTC should be a center for joint operational planning and joint intelligence, staffed by personnel from the various agencies.'” NCTC serves as the primary organization in the United States that gathers, integrates, and analyzes all counterintelligence information. It gathers this information from “all instruments of national power, including diplomatic, financial, military, intelligence, homeland security, and law enforcement to ensure unity of effort. NCTC ensures effective integration of CT plans and synchronization of operations across more than 20 government departments and agencies engaged in the War on Terror, through a single and truly joint planning process.” The procedures and policies governing the NCTC’s collection, storage, and use of data are outlined in a set of Guidelines (“Guidelines for Access, Retention, Use, and Dissemination by the National Counterterrorism Center (NCTC)”) published by the ODNI. In March 2012, Attorney General Eric Holder approved an updated set of revised Guidelines, which expanded the NCTC’s data collection and storage capabilities. Under the revised guidelines, the detailed personal information that will populate the integrated ODNI databases will be amassed from across the federal government. The data then will be kept for up to five years without the legal safeguards typically in place for personal data held by government agencies.
EPIC’s FOIA Request
On March 22, 2012, the New York Times published an article describing the implementation of the Guidelines. The Times reported that not only would the new guidelines permit the NCTC to copy other agencies’ databases in their entirety, but they also establish a “priority list” of agencies who data the NCTC intends to copy first. After the Guidelines’ publication, EPIC filed several FOIA requests, seeking documents identifying both “priority” databases and any procedural safeguards in place to ensure accuracy and data security.
EPIC requested documents related to (1) the “priority list” of databases discussed in the NTCT Guidelines, (2) data accuracy and security safeguards, (3) agreements and disputes between ODNI and agency heads, and (4) interpretations of key standards used to identify “terrorism information.”
After the ODNI failed to make a timely response to EPIC’s FOIA requests, EPIC filed suit in the Washington, DC District Court. EPIC’s complaint demands that ODNI conduct a reasonable search and promptly disclose responsive records.
Congressional Hearing by the Subcommittee on Oversight of Government Management, the Federal Workforce and the District of Columbia: “State of Federal Privacy and Data Security Law: Lagging Behind the Times?”, July 31, 2012