EPIC v. NSA: Google / NSA Relationship
Top News
- NSA Inspector General Issues First Unclassified Report: The NSA's Office of Inspector General issued the first unclassified semi-annual report to Congress on the National Security Agency. The report describes the internal watchdog's audits, studies, and investigations of the NSA's activities. Among other findings, the OIG uncovered improper searches through U.S. persons' data collected under the Foreign Intelligence Surveillance Act, as well as "many instances of noncompliance" with rules to secure NSA networks, systems, and data. In 2012, EPIC testified before Congress on the need for better reporting on the use of FISA authorities. EPIC also routinely highlights reporting on federal surveillance under the Wiretap Act. In EPIC v. NSA, EPIC obtained the Presidential Decision Directive, outlining the agency's authority for domestic surveillance. (Jul. 25, 2018)
- EPIC Seeks Public Release of Secret Directive on Cybersecurity: EPIC has filed an urgent FOIA request with the DHS, the Department of Justice, and the NSA, seeking the expedited release of NSPD-1. The National Security Presidential Directive sets out procedures for cybersecurity "policy coordination, guidance, dispute resolution, and periodic in-progress review." EPIC has previously litigated, and successfully obtained, NSPD-54, a Presidential Directive concerning the NSA's authority to conduct surveillance within the United States. (Jan. 28, 2017) More top news »
- Reuters: US Government Issued Secret Order to Yahoo to Scan All E-mails » (Oct. 4, 2016)
Reuters reported today that Yahoo scanned the private email of Yahoo users pursuant to a secret directive issued by the FBI. The email scanning technique, based on a search for key terms, recalled a similar FBI program “Carnivore” that was found to capture far more information than authorized, according to documents obtained by EPIC under the Freedom of Information Act. The news report also renews concerns about the scope of US Internet surveillance. The European Court of Justice struck down an EU-US data transfer deal last year, following revelations that US Internet firms collaborated with the NSA to enable mass surveillance. A related case, Irish Data Protection Commissioner v. Facebook, is now pending. The Irish High Court has selected EPIC as "a friend of the court" to "counterbalance" the submission of the United States intelligence community.
- EPIC, Coalition Oppose NSA Data Transfer Plan » (Apr. 8, 2016)
EPIC and over 30 organizations have urged the Obama Administration to halt proposed changes to Executive Order 12333 that would permit the NSA to transfer raw data collected to law enforcement agencies. The NSA’s vast data collection activities are traditionally limited to intelligence purposes. The proposal will permit use of NSA data by law enforcement and make personal data more widely available across the federal government. Last year, EPIC urged the Privacy and Civil Liberties Oversight Board to increase oversight of 12333. EPIC called for: (1) new limits on data collection and disclosure; (2) audit trails for surveillance activities; and (3) published legal justifications for surveillance programs. The Board is currently reviewing surveillance under EO 12333.
- Ninth Circuit Sends NSA Surveillance Case Back to Lower Court » (Mar. 24, 2016)
A Federal Appeals court has remanded a case challenging the NSA's bulk collection of telephone records. In Smith v. Obama, the Ninth Circuit Court of Appeals instructed the lower court to consider the impact of the USA Freedom Act, which ended the bulk data collection program. EPIC, joined by thirty-three technical experts and legal scholars, filed an amicus brief in the case, arguing that modern communications systems are "entirely unlike the telephone network of the 1970s" and that a 1977 case concerning "pen registers" no longer applied. EPIC also challenged the NSA bulk collection program in a petition to the Supreme Court.
- NSA to Disclose Agency Records to Other Federal Agencies, Implicating Federal Privacy Act » (Feb. 26, 2016)
According to the New York Times, the NSA plans to disclose intercepted private communications to other federal agencies, including records of communications concerning US persons. The substantial change in agency practices "would relax longstanding restrictions on access to the contents of the phone calls and email." In 2013, EPIC and a group of legal scholars and technical experts, petitioned the NSA to undertake a public rule making on "the agency's monitoring and collection of communications traffic within the United States." EPIC has previously urged the Department of Defense to ensure that the NSA complies with the federal Privacy Act and has opposed expansion of the "Operations Records" database.
- Freedom Act Goes Into Effect, NSA Bulk Data Collection Ends » (Nov. 30, 2015)
The Director of National Intelligence has announced that the NSA's bulk collection of domestic telephone records under "Section 215" ended yesterday when the USA Freedom Act took effect. The Freedom Act ended the NSA's 215 Program and established new transparency and accountability rules for the Foreign Intelligence Surveillance Court. In 2012, EPIC testified before the House Judiciary Committee on the need to reform the Surveillance Court. In 2013, EPIC filed a petition in the Supreme Court, In re EPIC, arguing that the NSA program was unlawful. In 2014, EPIC and a broad coalition urged the President to end the NSA surveillance program.
- EPIC Opposes NSA Plan to Expand Operations Database, Demands Privacy Act Compliance » (Nov. 23, 2015)
EPIC submitted comments to the NSA objecting to the agency's proposal to expand its "Operations Records" database. This database is already largely exempt from Privacy Act safeguards, and the proposal would vastly expand the types of information collected in the database and define new routine uses for this information. EPIC's comments addressed the privacy issues raised by the Operations Records database and NSA's proposed changes, opposed further expansion of NSA's information collection activities, and demanded that NSA narrow the Privacy Act exemptions for the system if the proposal goes forward. EPIC has previously urged NSA to conduct information collection activities in compliance with the Privacy Act.
- Court Suspends NSA Phone Record Collection Program » (Nov. 10, 2015)
A federal court in Washington D.C. has ordered the National Security Administration to halt the bulk collection of domestic telephone records, ruling that the indiscriminate collection violates the Fourth Amendment. Following the USA Freedom Act, the telephone records program will expire at the end of the month. The government has moved to stay the judge's order. In 2013, EPIC brought the first challenge to the NSA surveillance program in the Supreme Court. EPIC has also testified before Congress on the need to reform the Foreign Intelligence Surveillance Court, and led a broad coalition urging the President to end the NSA surveillance program.
- Privacy Groups Urge Ninth Circuit to Find NSA Metadata Program Illegal » (Nov. 5, 2015)
EPIC and other privacy groups have filed a friend of the court brief in United States v. Moalin, the first criminal case challenging the NSA's warrantless surveillance of Americans' telephone records. The lower court refused to reopen the case after it was revealed that data acquired by the NSA provided the primary evidence for the criminal conviction. EPIC and other groups argued in their brief that metadata is protected under the Fourth Amendment. EPIC previously argued in Smith v. Obama that "changes in technology and the Supreme Court's recent decision in Riley v. California favor a new legal rule that recognizes the privacy interest inherent in modern communications records." In In re EPIC, EPIC petitioned the Supreme Court to end the NSA's bulk telephone record collection program, which occurred with passage of the USA Freedom Act.
- EPIC Joins Call for Transparency on Number of Americans Caught in NSA Surveillance » (Nov. 2, 2015)
EPIC, joined by over 30 other organizations, urged the Director of National Intelligence, James Clapper, to disclose data on how many Americans are caught up in NSA surveillance of foreign targets. Americans’ communications are incidentally collected under Section 702 of the Foreign Intelligence Surveillance Act, and the FBI searches this data without a warrant or judicial oversight. EPIC, in testimony before Congress and comments to the Privacy and Civil Liberties Oversight Board, has repeatedly called for greater oversight and transparency of surveillance authorities.
- D.C. Circuit Reverses Important NSA Surveillance Ruling, Sends the Case Back to Lower Court » (Aug. 29, 2015)
A divided panel of the D.C. Circuit has reversed a lower court decision that the NSA bulk metadata collection program violated the Fourth Amendment. The judges in Klayman v. Obama agreed that the plaintiff did not have sufficient evidence that his telephone records were collected. But the majority of the panel agreed that the plaintiff should be allowed to conduct "discovery" to prove standing, and remanded the case to the lower court. In 2013, EPIC filed a petition in the Supreme Court, In re EPIC, arguing that the NSA program was unlawful. In 2014, EPIC and a broad coalition urged the President to end the NSA surveillance program.
- Intelligence Director Says NSA Access to Bulk Phone Record Data Will End » (Jul. 27, 2015)
The Director of National Intelligence announced today that the NSA analysis of "section 215" telephone records previously gathered will end when the USA FREEDOM Act goes into effect on November 29, 2015. Earlier this month, the U.S. Surveillance Court ruled that the NSA could continue collecting records during a 180 day transition period, despite an earlier decision finding the program was unlawful. In 2012, EPIC testified before the House Judiciary Committee on the need to reform the Surveillance Court. In 2013, EPIC filed a petition in the Supreme Court, In re EPIC, arguing that the NSA program was unlawful. In 2014, EPIC and a broad coalition urged the President to end the NSA surveillance program.
- Surveillance Court Ignores Court Ruling, Reauthorizes NSA Bulk Collection Program » (Jul. 1, 2015)
The Foreign Intelligence Surveillance Court has reauthorized the collection of domestic telephone records for 180 days. The Surveillance Court ignored the recent decision of the Federal Court of Appeals, which held that the NSA bulk collection program is unlawful. In 2012, EPIC testified before the House Judiciary Committee on the need to reform the Surveillance Court. In 2013, EPIC filed a petition in the Supreme Court, In re EPIC, arguing that the NSA program was unlawful. In 2014, EPIC and a broad coalition urged the President to end the NSA surveillance program. Congress then passed the Freedom Act to end program, but the FISC didn't get the memo.
- Senate Passes FREEDOM Act, Ends NSA Bulk Collection » (Jun. 2, 2015)
The Senate has passed the USA FREEDOM Act, sponsored by Senator Patrick Leahy (D-VT) and Senator Mike Lee (R-TX). The Act, which the President is expected to sign, ends the NSA bulk collection of domestic telephone records and establishes new transparency and accountability rules for the Foreign Intelligence Surveillance Court. In 2012, EPIC testified before the House Judiciary Committee on the need to reform the Surveillance Court. In 2013, EPIC filed a petition in the Supreme Court, In re EPIC, arguing that the NSA program was unlawful. In 2014, EPIC and a broad coalition urged the President to end the NSA surveillance program.
- Senate to Debate End of PATRIOT Act » (May. 31, 2015)
The Senate convenes today for a rare Sunday session. Senators will consider whether to renew key provisions of the PATRIOT Act, including the NSA bulk collection program, due to expire tonight. Senator Rand Paul has said he will oppose any renewal. Also under consideration is the FREEDOM Act, sponsored by Senator Patrick Leahy (D-VT) and Senator Mike Lee (R-TX). In 2013, EPIC filed a petition in the Supreme Court, In re EPIC, supported by experts, scholars, and members of the Church Committee, arguing that the NSA program was unlawful. In 2014, EPIC and a broad coalition urged the President to end the program. The Sunday debate will be broadcast live on CSPAN2 at 4 pm EDT.
- Inspector General Warns: Significant Oversight of Section 215 Required » (May. 21, 2015)
The DOJ's Office of the Inspector General released a report this month detailing the FBI's use of Section 215 and warning that "significant oversight" is required. The Inspector General describes the FBI's expanding use of 215 to collect electronic information in bulk and criticized the agency for taking seven years to develop minimization procedures. The Second Circuit ruled the NSA's telephone record collection program exceeded the legal authority under Section 215. EPIC previously petitioned the Supreme Court to suspend the program. Unless Congress votes to reauthorize or modify the authority, Section 215 is set to expire on June 1.
- EPIC, Coalition to President: No Encryption Backdoors » (May. 20, 2015)
EPIC and a coalition of civil society organizations and security experts urged President Obama to reject proposal to weaken encryption used in U.S. products. Administration officials, including FBI Director Comey, have advocated for broken encryption to enable law enforcement access to private communications. The letter details how weakened encryption undermines cybersecurity and economic security. EPIC previously led the effort to oppose the "Clipper Chip," the NSA's proposal for key escrow encryption that would have severely crippled the privacy and security of online communication. EPIC also recently expressed support for encryption and anonymity in a letter to a UN Rapporteur.
- Federal Appeals Court Strikes Down NSA Bulk Record Collection Program » (May. 7, 2015)
The Second Circuit Court of Appeals ruled today that the NSA's telephone record collection program exceeds legal authority. The government claimed that it could collect all records under the Section 215 "relevance" standard. But the court rejected that argument and held that "such an expansive concept of 'relevance' is unprecedented and unwarranted." The conclusion mirrors the argument EPIC, and a coalition of technical expert, legal scholars, and former members of the Church Committee made in Petition to the Supreme Court in 2013. EPIC explained in its petition, "It is simply not possible that every phone record in the possession of a telecommunications firm could be relevant to an authorized investigation." The Second Circuit found that Section 215 does not "authorize anything approaching the breadth of the sweeping surveillance at issue here."
- House Committee Approves Surveillance Reform Bill » (May. 1, 2015)
The House Judiciary Committee voted to send the USA FREEDOM Act of 2015 to the House of Representatives for further consideration prior to the June 1 Patriot Act expiration deadline. The bill would end the NSA's controversial domestic telephone record collection program. The bill would also establish new transparency requirements for Intelligence Court Orders, recommended by EPIC in testimony before the House Judiciary Committee. EPIC also opposed renewal of the NSA's Section 215 orders and petitioned the Supreme Court to suspend the program.
- Senator McConnell Seeks Renewal of NSA Bulk Collection Program » (Apr. 23, 2015)
Senate majority leader Mitch McConnell has introduced a bill that would extend the Patriot Act until 2020. Specifically, S. 1035 would renew the controversial Section 215 authorities for the NSA's telephone record collection program. The 215 authority is set to expire on June 1. EPIC urged the President and the Attorney General not to renew the 215 order after it became clear that the NSA routinely collected the telephone records of US citizens. EPIC previously petitioned the Supreme Court to suspend the program, arguing that the NSA program exceeded the section 215 legal authority.
- European Court of Justice Hears Case Challenging "Safe Harbor" Agreement and NSA Spying » (Mar. 24, 2015)
The Court of Justice for the European Union heard arguments this week in Maximilian Schrems v. Data Protection Commissioner, a case filed in Ireland following the revelations of the NSA PRISM program. At issue is whether the disclosure of EU citizens' data by Facebook and other Internet companies to the NSA violates the EU Charter of Fundamental Rights, and whether the EU-US "Safe Harbor" agreement provides "adequate" data protection. A decision is likely later this year. Schrems is the recipient of the 2013 EPIC International Privacy Champion Award.
- Wikimedia Sues NSA Over Mass Internet Surveillance » (Mar. 10, 2015)
Wikimedia filed a federal lawsuit against the NSA over the mass surveillance of Internet communications. Wikimedia asked the court to halt the government's upstream collection—the practice of directly tapping into the Internet backbone that carries communications across the U.S. Wikimedia argues that upstream collection exceeds statutory authority and violates the First and Fourth Amendments, as well as Article III of the Constitution. Explaining the case, Wikipedia founder Jimmy Wales wrote, "Privacy is an essential right. It makes freedom of expression possible, and sustains freedom of inquiry and association." In 2013, EPIC petitioned the Supreme Court to stop the NSA's bulk telephone metadata program.
- Executive Order Calls for More Cybersecurity Info "Sharing" » (Feb. 13, 2015)
President Obama announced today an Executive Order to promote collaboration between the private sector and the government to counter cyber threats. The Order encourages the companies to disclose user data to the federal government outside any judicial process. The Order also promotes compliance with Fair Information Practices and adoption of such Privacy Enhancing Techniques as data minimization. The Executive Order is one of several cybersecurity initiatives announced by the President. In EPIC v. NSA, after a five-year court battle, EPIC obtained National Security Presidential Directive 54 which revealed the NSA's role in domestic cyber security.
- UK Privacy Groups Prevail in GCHQ Spying Case » (Feb. 9, 2015)
A British court that oversees intelligence gathering has ruled that GCHQ, the British spy agency, violated international human rights law with the mass collection of cellphone and Internet data. Last year, the same court ruled that data could lawfully be transferred between US and UK intelligence agencies. That earlier decision is on appeal to the European Court of Human Rights in Strasbourg. In 2013, following the disclosure of the "Verizon order," which authorized the NSA's routine collection of US telephone records, EPIC brought a petition to the US Supreme Court, arguing that the agency practice exceeded the "Section 215" authority. Dozens of legal scholars and former members of the Church Committee supported the EPIC petition.
- Privacy Board Renews Call for President Obama to End Bulk Collection » (Jan. 30, 2015)
The Privacy and Civil Liberties Oversight Board released a report on prior recommendations regarding the NSA's domestic and global surveillance programs. The Board stated that the Obama Administration has failed to end the domestic telephone collection program. The Board stated, "the Administration can end the bulk telephone records program at any time, without congressional involvement." EPIC and a broad coalition have repeatedly urged the President end the NSA's bulk record collection program. Previously, EPIC petitioned the Supreme Court, with the support of dozens of legal experts, arguing that the NSA program was unlawful.
- Senator Leahy Urges Swift Passage of USA Freedom Act » (Nov. 13, 2014)
Senator Patrick Leahy (D-VT), Chairman of the Senate Judiciary Committee, has urged swift passage of the USA FREEDOM Act, which would end the government's dragnet collection of telephone records. The bipartisan bill, which Senator Leahy introduced in July, would also improve oversight accountability for domestic surveillance activities. It has broad bipartisan support among the Intelligence Community, the technology industry, and privacy advocates. Senator Leahy said "Congress should pass the bipartisan USA FREEDOM Act without delay." Last year EPIC petitioned the US Supreme Court to end the NSA bulk record collection program. Former members of the Church Committee and dozens of legal scholars supported the EPIC petition. For more information, see EPIC: In re EPIC - NSA Telephone Record Surveillance.
- Appeals Court Limits Military Surveillance of Civilian Internet Use » (Sep. 26, 2014)
The U.S. Court of Appeals for the Ninth Circuit ruled in United States v. Dreyer that an agent for the Naval Criminal Investigative Service violated Defense Department regulations and the Posse Comitatus Act when he conducted a surveillance operation in Washington state to identify civilians who might be sharing illegal files. The 1878 Act prevents the U.S. military from enforcing laws against civilians. The appeals court ruled that the NCIS intrusion into civilian networks showed “a profound lack of regard for the important limitations on the role of the military in our civilian society.” The court also ruled that the evidence obtained by NCIS should be suppressed to “deter future violations.” In a petition to the Supreme Court, EPIC challenged the NSA’s surveillance of domestic communications. The NSA is a component of the Department of Defense. For more information, see In re EPIC and EPIC v. DOJ: Warrantless Wiretapping Program.
- DC Circuit Rules for EPIC in Case Against NSA, Vacates Lower Court Ruling That Secret Order Is Not Subject to FOIA » (Jul. 31, 2014)
The U.S. Court of Appeals for the D.C. Circuit ruled in favor of EPIC today in a Freedom of Information Act case seeking the full text of National Security Presidential Directive 54, a previously-secret Presidential order granting the government broad authority over cybersecurity matters. EPIC successfully obtained the Directive from the NSA, and the DC Circuit has vacated the lower court’s Fall 2013 ruling that NSPD-54 was not an “agency record” subject to the FOIA. The Directive also includes the Comprehensive National Cybersecurity Initiative and evidences government efforts to enlist private sector companies to assist in monitoring Internet traffic. EPIC has several related FOIA cases against the NSA pending in federal court. For more information, see EPIC v. NSA: NSPD-54 Appeal and EPIC: Freedom of Information Act Cases.
- Senator Leahy Introduces Bill to End NSA Bulk Record Collection » (Jul. 29, 2014)
Today Senator Patrick Leahy (D-VT), joined by Democratic and Republican Senators, introduced legislation to end the NSA's practice of collecting telephone records of Americans. Leahy described the bill as "the most significant reform of government surveillance authorities since Congress passed the USA PATRIOT Act 13 years ago." The USA Freedom Act would require require the government to specify specific "search terms" to obtain telephone record information. The government would have to demonstrate that it has a "reasonable, articulable suspicion" that the search term is associated with a foreign terrorist organization. The bill also requires a comprehensive transparency report for the use of FISA surveillance authorities. However, the bill exempts the FBI from certain reporting requirements. Civil liberties organizations support the bill. EPIC previously filed a Petition for Mandamus with the U.S. Supreme Court, seeking to end the bulk collection of American's phone records. EPIC's petition was supported by legal scholars, technical experts, and former members of the Church Committee. For more information, see In re EPIC and EPIC: FISA Reform.
- Coalition to President: End NSA's Bulk Collection Program Now » (Jun. 17, 2014)
EPIC and a coalition of 25 organizations urged the President and the Attorney General to end the NSA's bulk record collection program when the current authority expires on June 20. In January, the President committed to "end the Section 215 bulk metadata program as it currently exists." The coalition letter states, "[t]he NSA's Bulk Metadata program is simply not effective." Both the Privacy and Civil Liberties Oversight Board report and the President's Review Group report found the NSA's bulk collection to be ineffective. EPIC petitioned the Supreme Court to end the NSA's bulk collection of telephone records after the program was revealed last summer. EPIC's petition argued that the Foreign Intelligence Surveillance Court exceeded its authority when it ordered the production of all domestic telephone records. For more information, see In re EPIC.
- EPIC v. NSA: EPIC Obtains Presidential Directive for Cybersecurity » (Jun. 6, 2014)
After almost five years, EPIC has obtained National Security Presidential Directive 54. The previously classified Presidential Directive contains the full text of the Comprehensive National Cybersecurity Initiative and "establishes United States policy, strategy, guidelines, and implementation actions to secure cyberspace." This Directive, which is the foundational legal document for all cybersecurity policies in the United States, evidences government efforts to enlist private sector companies, more broadly monitor Internet activity, and develop offensive cybersecurity capability. EPIC first sought public release of NSPD-54 with a Freedom of Information Act request, submitted to NSA in June 2009. After the agency failed to disclose the document, EPIC filed suit. When a federal district court ruled in 2013 that the Presidential Directive was not subject to the Freedom of Information Act, EPIC then filed an appeal with the DC Circuit Court of Appeals. The document has now been disclosed to EPIC. The case is EPIC v. NSA, a Freedom of Information Act lawsuit in D.C. Circuit Court. EPIC has several related FOIA cases with the NSA pending in federal court. For more information see EPIC - EPIC v. NSA (Cybersecurity Authority).
- New Documents Reveal Close Ties Between NSA and Tech Companies, PBS Special to Air » (May. 12, 2014)
New e-mails obtained under the Freedom of Information Act reveal former NSA Director Keith Alexander's close communication with technology companies regarding emerging cybersecurity threats. The CEOs of Google, Apple, Microsoft, and other technology companies were invited to classified briefings as part of the "Enduring Security Framework," a government initiative focused on sharing "cyber threat information with the private sector." EPIC previously sued the NSA to obtain records about the agency's collaboration with Google on cybersecurity, following the China hack in January 2010. In that case, the NSA refused to confirm or deny the existence of any records responsive to EPIC's request. EPIC had previously urged Google to routinely encrypt cloud-based services. PBS Frontline begins a two-part special this week that explores NSA surveillance and the role of tech companies. For more information, see EPIC v. NSA: Google/NSA Relationship and EPIC: Cybersecurity.
- House Judiciary Committee to Consider Bill to End Bulk Surveillance, Improve NSA Oversight » (May. 5, 2014)
The House Judiciary Committee has scheduled a markup of the USA Freedom Act. The proposed "Manager's Amendment", sponsored by James Sensenbrenner (R-WI), would prevent bulk collection of phone records and other business records, and would limit the scope of phone record searches. The bill would also (1) limit the collection of US persons communications by the NSA's PRISM program, (2) require public reports on the use of FISA surveillance, (3) require declassification of significant FISA Court opinions, and (4) create a public advocate at the FISA Court. In 2012, EPIC testified before the House Judiciary Committee on the need for public reports and the declassification of significant FISC opinions. In 2013, EPIC filed a petition with the Supreme Court, alleging that the bulk collection of telephone record was unlawful. For more information, see EPIC: FISA Reform and In re EPIC.
- FOIA Groups Support EPIC in Case Against NSA » (Apr. 8, 2014)
Several open government organizations, including Public Citizen, the Sunlight Foundation, the Project on Government Oversight, Citizens for Responsibility and Ethics in Washington, the Center for Effective Government and Openthegovernment.org have filed an amicus brief supporting EPIC in EPIC v. NSA. EPIC is seeking to obtain a Presidential Directive on cyber security that was widely circulated to federal agencies and senior policy advisors. EPIC submitted a Freedom of Information Act Request to the NSA for NSPD-54 and several related documents. After the agency refused to disclose the Directive, EPIC sued the NSA under the Freedom of Information Act. The NSA then disclosed several documents but argued it could withhold NSPD-54 under a narrow legal exemption. Suprisingly, a federal court ruled sue sponte that NSPD-54 was not an "agency record" and simply dismissed the case. The FOIA groups argued that the judge's decision was contrary to FOIA law because NSPD-54 is an agency record and also because courts cannot dismiss such cases particularly when the agency itself thought it was subject to the law. For more information see: EPIC v. NSA.
- EPIC v. NSA: EPIC Appeals Lower Court Decision on Presidential Directive » (Apr. 1, 2014)
EPIC has filed its opening brief in EPIC v. NSA. EPIC is seeking to obtain NSPD-54, a Presidential Directive on cyber security that was widely circulated to federal agencies and senior policy advisors. EPIC submitted a Freedom of Information Act request to the NSA for NSPD-54 and several related documents. The NSA turned over some of the materials to EPIC but withheld the Directive. EPIC then sued the agency to force disclosure of the document but a court ruled sue sponte that the NSA did not have control over NSPD-54, and thus it was not an "agency record" subject to release. It was the first time a federal court had ruled that a Presidential Directive was not subject to FOIA. In the appeal, EPIC argued that the agency has the document and therefore bears the burden of proving it is not an "agency record." EPIC also pointed out that the lower court failed to apply the control test followed by other courts, and that the NSA itself never claimed that NSPD-54 was not an agency record. For more information, see EPIC: Presidential Directives and Cybersecurity and EPIC v. NSA: NSPD-54 Appeal.
- President Obama Renews Unlawful, Ineffective Surveillance Authority » (Mar. 29, 2014)
According to the Attorney General and the Director of National Intelligence, President Obama has renewed the NSA's authority to collect all of the telephone records of all American telephone customers. The "Section 215" program exceeded Congressional authority and was found to be ineffective by two expert panels. At a speech on January 17, 2014, President Obama ordered a transition that will end the Section 215 bulk telephony metadata program as it currently exists. However, according to DNI Clapper, the United States filed an application with the FISC to reauthorize the existing program as previously modified for 90 days, and the FISC issued an order approving the government's application. The order issued expires on June 20, 2014. EPIC and others have strongly objected to the renewal of the 215 program. For more information, see EPIC In re EPIC.
- Senator Leahy Urges President to End NSA Record Collection Program on Friday » (Mar. 27, 2014)
In remarks published this week, Senator Patrick Leahy, Chairman of the Senate Judiciary Committee and co-sponsor of the USA FREEDOM Act, said "I welcome the President's statement that he plans to end the bulk collection of American’s phone records. That is a key element of what I and others have outlined in the USA FREEDOM Act, and that is what the American people have been demanding." Senator Leahy added, "the President could end bulk collection once and for all on Friday by not seeking reauthorization of this program. Rather than postponing action any longer, I hope he chooses this path." EPIC and others have urged the President not to renew the NSA telephone record collection authority when it expires this week. For more information, see In re EPIC.
- Deadline Approaches for End of NSA's Telephone Record Collection Program » (Mar. 24, 2014)
March 28 marks the deadline set by President Obama to end the NSA's bulk collection of American's telephone records. Last week, Attorney General Eric Holder confirmed that the Justice Department is ready to meet the deadline that the President has set. After extensive meetings with leaders of the Intelligence Community, both the President's Review Group and the Privacy and Civil Liberties Oversight Board found the program was ineffective and likely exceeded current legal authority. Senator Leahy, who held extensive public hearings, has stated "This program is not effective. It has to end." EPIC, supported by dozens of legal scholars and former members of the Church Committee, petitioned the US Supreme Court in July 2013 to end the "215" program. For more information, see In re EPIC and EPIC: NSA Verizon Phone Record Monitoring.
- EPIC Accepts NSA's Settlement Offer, Receives Attorneys Fees » (Feb. 11, 2014)
EPIC has accepted the NSA's offer to settle a Freedom of Information Act case EPIC v. NSA. EPIC sought both National Security Presidential Directive 54, a Presidential Directive setting out the scope of the NSA's authority over computer networks in the United States, as well as documents related to NSPD 54. EPIC received some of the documents as a result of the lawsuit, "substantially prevailing" under the FOIA, and prompting the NSA to make a settlement offer to EPIC. As a consequence, EPIC will receive attorneys fees from the NSA. EPIC is simultaneously appealing the lower court's determination that NSPD-54 is not an "agency record" subject to the FOIA. It was the first time a federal court has ruled that a Presidential Directive is not subject to the Freedom of Information Act. For the appeal, EPIC has already filed a Statement of the Issue, and the parties are waiting for the D.C. Circuit Court of Appeals to set a briefing schedule. For more information, see EPIC v. NSA - Cybersecurity Authority.
- EPIC Files Appeal, Challenging Secrecy of Presidential Directives » (Jan. 22, 2014)
EPIC has filed a Statement of the Issue Presented with the D.C. Circuit Court of Appeals. EPIC is appealing a lower court decision that NSPD 54 -- a Presidential Directive setting out the scope of the NSA's authority over computer networks in the United States -- is not subject to disclosure under the Freedom of Information Act. EPIC sought the Presidential Directive, signed by President Bush in January 2008, from the National Security Agency after the White House disclosed the existence of the Directive but not the substance. After the agency failed to respond to EPIC's FOIA request, EPIC filed an administrative appeal, and then a lawsuit. The lower court ruled in EPIC v. NSA that the Presidential Directive is not subject to the FOIA because it was not under "the control" of the NSA. It was the first time a federal court has ruled that an Presidential Directive is not subject to the Freedom of Information Act. EPIC is now asking the Court of Appeals to determine, "Whether the district court erred in holding that a Presidential Directive in the possession of a federal agency is not an agency record subject to the FOIA." For more information, see EPIC v. NSA: Cybersecurity Authority.
- Review Group to Senate: NSA Program Has Not Prevented Threats » (Jan. 15, 2014)
Members of the President's Review Group presented their recommendations for NSA reform a Senate Judiciary Committee hearing. EPIC participated in the work of the Review Group. The export panel set out 46 recommendations on a range of issues from reforming intelligence surveillance directed at United States persons to promoting prosperity, security, and openness in the networked world. The Members stated the the NSA's bulk collection of metadata had not prevented threats against the United States and recommend that the it be ended. Acknowledging privacy concerns, former CIA Deputy Director Michael Morrell also stated that "there is quite a bit of content in metadata." Last year, EPIC filed a petition in the Supreme Court challenging the legality of the NSA's telephone record collection program. Legal scholars and former members of the Church Committee supported the EPIC petition. The Supreme Court dismissed the petition without ruling on the merits. For more information, see In re EPIC.
"there is quite a bit of content in metadata" - Morrell, former CIA Deputy Director - Federal Appeals Court Rules that Legal Policy Memos Can Be Withheld From the Public » (Jan. 3, 2014)
The Court of Appeals for the D.C. Circuit has ruled that the FBI may withhold a memo prepared by the Office of Legal Counsel concerning the law governing "exigent letter" requests to telephone companies for call records. The decision affirmed an earlier opinion that the memo was privileged advice, and exempt from disclosure under the Freedom information Act. The Electronic Frontier Foundation argued that the memo was "working law" and not simply advice from government lawyers. However, the Court of Appeals found that the FBI had not itself adopted the advice of government lawyers. In a different case where the Department of State followed the guidance of Justice Department lawyers, EPIC filed a "friend" of the court brief in support of the New York Times and the ACLU and argued for the release of opinions of the Office of Legal Counsel. For more information, see EPIC v. NSA: Cybersecurity Authority and EPIC: New York Times v. DOJ.
- EPIC Appeals Secrecy of Presidential Cybersecurity Directive » (Dec. 17, 2013)
EPIC has filed a notice of appeal with the D.C. Circuit Court of Appeals in EPIC v. NSA. In that case, EPIC sought NSPD 54, a presidential policy directive outlining the scope of the NSA's authority over computer networks in the United States. A federal district court ruled that the directive is not subject to the Freedom of Information Act because it was not under "the control" of the federal agencies and officials who received it. It is the only time a federal court has ruled that presidential directives in the possession of federal agencies are not subject to the FOIA. EPIC is appealing the decision. For more information, see EPIC v. NSA: Cybersecurity Authority
- EPIC Urges Clarification of NSA's Role in Cybersecurity » (Dec. 13, 2013)
EPIC has submitted comments on the National Institute of Standards and Technology's cybersecurity policy proposal. Pursuant to an Executive Order, the federal agency is charged with defining a "cybersecurity framework" for the federal government. EPIC reiterated previous comments that emphasized civilian control, adherence to the Fair Information Practices, and compliance with the Privacy Act and Freedom of Information Act. In light of revelations that the National Security Agency's has weakened key security standards, EPIC urged NIST to clarify the NSA's involvement in the development of the federal policy. For more information, see EPIC: Cybersecurity Practical Implications and EPIC: EPIC v. NSA (Cybersecurity Authority).
- Presidential Task Force to Recommend Changes at NSA » (Dec. 13, 2013)
The Review Group on Intelligence and Communications Technologies, established to recommend surveillance reforms, will send a final report to the President this Sunday. According to one news article, the task force will recommend putting a civilian leader in charge of NSA, separating out the code-breaking "Information Assurance Directorate," and splitting the U.S. Cyber Command off into a separate military unit. The Review Group will also recommend new limits on the NSA’s ability to search telephone call records, proposing that telephone records be stored with a third party rather than the NSA. The group will also recommend safeguards for the data of European citizens, and restrictions on the use of National Security Letters. Earlier this year, EPIC filed a petition with the U.S. Supreme Court, supported by legal scholars and former members of the Church Committee, arguing that the NSA bulk collection program was unlawful. For more information, see EPIC: Foreign Intelligence Surveillance Act, EPIC: Foreign Intelligence Surveillance Act Reform, and EPIC: In re EPIC.
- EPIC Files Lawsuit to Determine Legal Authority For PRISM Program » (Nov. 25, 2013)
EPIC has filed a Freedom of Information Act lawsuit against the Department of Justice's Office of Legal Counsel for the secret legal analyses that justifies the use of the NSA PRISM program. PRISM is a program that allows the FBI and NSA to collect information - including the contents of internet users' communications - directly from internet service providers, and without a warrant. Through this lawsuit, EPIC seeks to clarify which, if any, legal authority would permit such extensive domestic surveillance of personal activities. The secrecy of these opinions is of increasing concern to Open Government advocates. EPIC, joined by a coalition of FOIA organizations, recently filed an amicus brief in support of a New York Times lawsuit for opinions of the Office of Legal Counsel. For more information, see EPIC v. DOJ - PRISM.
- Supreme Court Declines EPIC's Challenge to NSA Domestic Surveillance Program, Leaves in Place Order of Surveillance Court » (Nov. 18, 2013)
Today the Supreme Court denied review of In re EPIC, a direct challenge to the NSA telephone record collection program. EPIC argued that an order of the secretive Surveillance Court that required Verizon to turn over all customer records exceeded legal authority. "It is simply not possible that every phone record in the possession of Verizon is relevant to a national security investigation," EPIC stated. EPIC asked the Supreme Court to overturn the order of the Foreign Intelligence Surveillance Court. Prominent legal scholars and members of the Church Committee who wrote the law agreed. Four groups filed amicus briefs in support and urged the Supreme Court to grant EPIC’s petition. However, the Supreme Court, without comment, declined to hear the case. For more information, see In re EPIC, In re EPIC Press Release.
- Supreme Court to Consider EPIC Challenge to NSA Program This Week » (Nov. 12, 2013)
The Supreme Court is scheduled to consider EPIC's challenge to the NSA telephone record collection program at conference this week. EPIC has asked the Court to overturn an order of the Foreign Intelligence Surveillance Court that compelled Verizon to produce all of the telephone records of all of its customers to the NSA. EPIC said that this order clearly exceeded the authority of the surveillance court. The EPIC Petition was distributed to the Justices last week along with briefs by former Church committee members and prominent scholars in information law, federal jurisdiction, and constitutional law, who all urged the Supreme Court to grant the EPIC petition. For more information, see In re EPIC.
- EPIC Supports Campaign to End Mass Surveillance » (Oct. 29, 2013)
EPIC joined more than one hundred organizations at the Stop Watching Us rally October 28 in Washington DC. EPIC Counsel Khaliah Barnes told the crowd, "First they ignore us, then they laugh at us, then they fight us, and then we win." The night before the rally, EPIC organized a crypto party with Public Citizen. Featured speakers included Bruce Schneier and Libertarian Presidential candidate Gary Johnson. EPIC has filed a Supreme Court challenge to the NSA telephone record collection program. For more information, see In re EPIC - NSA Telephone Records Surveillance.
- In EPIC v. NSA, Court Rules Presidential Directives are Not Subject to FOIA but Orders Release of Additional Documents to EPIC » (Oct. 23, 2013)
A federal court has issued an opinion in EPIC v. NSA, EPIC's Freedom of Information Act lawsuit concerning the government's policy for the security of American computer networks. As a result of the lawsuit, EPIC obtained documents that the National Security Agency had withheld from the public. The documents concern NSPD 54, a presidential policy directive outlining the scope of the NSA's authority over computer networks in the US. EPIC also challenged the NSA's decision to withheld several other records including the National Security Presidential Directive 54. A federal district court has now ruled that NSPD 54 is not subject to the FOIA because it was not under "the control" of the National Security Agency and the other federal agencies and officials who received the presidential directive. The Court also ordered to the NSA to identify and release other documents to EPIC.For more information, see: EPIC v. NSA - Cybersecurity Authority.
- EPIC, Coalition Urge NSA to Comply with Privacy Act » (Oct. 22, 2013)
EPIC, joined by a coalition of privacy, consumer rights, and civil rights organizations, has urged the Department of Defense to require the National Security Agency to comply with the federal Privacy Act, the primary law protecting personal information held by the federal government. The comments came in response to a proposed agency rule that would amend the Defense Department's privacy program. The organizations noted that the National Security Agency is a component of the Defense Department and subject to agency regulations. EPIC and the coalition stated, "The DOD must ensure that the NSA complies with the Privacy Act by publishing additional system of records notices and otherwise adhering to the Privacy Act before it can adopt its current proposal." Although the NSA has identified twenty-six Privacy Act databases, recent revelations by the Guardian suggest that there are many other databases subject to the Privacy Act that should be identified. EPIC has also petitioned the Supreme Court, challenging to the NSA's telephone record collection program. For more information, see In re EPIC.
- Government Responds to EPIC's Supreme Court Challenge of NSA Telephone Record Program » (Oct. 14, 2013)
The Solicitor General has filed a response to EPIC's challenge to the NSA's telephone record collection program. In July, EPIC petitioned the Supreme Court to vacate the order of the Foreign Intelligence Surveillance Court that requires Verizon to turn over all telephone records to the NSA. EPIC argued that the Intelligence Court exceeded its legal authority and could not compel a telephone company to disclose so much personal information unrelated to a foreign intelligence investigation. Legal scholars and former Members of Congress filed briefs in support of EPIC's petition, including privacy and national security scholars, constitutional scholars, federal courts scholars, and members of the Church Committee. Congressman James Sensenbrenner, the primary author of the Patriot Act, has said that the telephone records collection program was never authorized by Section 215. For more information, see In re EPIC.
- Foreign Intelligence Court Releases Controversial Opinion on Domestic Telephone Records Program » (Sep. 20, 2013)
The Foreign Intelligence Surveillance Court (FISC) has released an Opinion, justifying the NSA's telephone record collection program. In the Opinion, Judge Claire Eagan states that "there is no Fourth Amendment impediment to the collection" of all domestic call detail records. Judge Eagan also concluded that all domestic call detail records are "relevant" under Section 215 because "individuals associated with international terrorist organizations use telephonic systems to communicate" and because the government argued that bulk collection is 'necessary to create a historical repository of metadata' in order to identify 'known and unknown operatives. This FISC opinion was issued more than a month after EPIC filed its Mandamus Petition challenging the NSA domestic surveillance in the U.S. Supreme Court. The Eagan opinion has also been criticized by legal scholars. For more information, see In re EPIC.
- Office of National Intelligence Releases New Documents on NSA Surveillance » (Sep. 11, 2013)
The Office of the Director of National Intelligence has just released new documents concerning the NSA's surveillance programs. The documents, which include numerous filings with the Foreign Intelligence Surveillance Court, date back to 2006. The documents specifically relate to the governments collection of information under Section 215 of the USA PATRIOT Act. In a Mandamus Petition to the United States Supreme Court, EPIC has argued that the FISA Court exceeded the statutory authority under Section 215 when it authorized bulk collection of American's telephone records in an Order concerning Verizon. Under Section 215, the FISA Court may order businesses to produce records that are "relevant" to an authorized national security investigation, but the Verizon Order requires production of all domestic telephone records on an ongoing basis. For more information, see EPIC: In re EPIC - NSA Telephone Records Surveillance.
- EPIC Meets with President's Intelligence Review Group » (Sep. 9, 2013)
EPIC President Marc Rotenberg and EPIC Advisory Board Member Steve Aftergood met today with the Review Group on Intelligence and Communication Technology. The President tasked the panel with the responsibility to assess whether the "United States employs its technical collection capabilities in a manner that optimally protects our national security and advances our foreign policy while appropriately accounting for other policy considerations, such as the risk of unauthorized disclosure and our need to maintain the public trust." EPIC submitted detailed recommendations and included copies of EPIC's Supreme Court petition, arguing that the current domestic surveillance program is unlawful, as well as EPIC's Congressional testimony on the FISA Amendments Act and EPIC's 2010 letter to the Foreign Intelligence Surveillance Court concerning reform of FISA procedures. The panel will accept comments from the public until October 4, 2013. Comments are to be sent to reviewgroup@dni.gov, which oddly is the domain of the current Director of National Intelligence.
- European Parliament Begins Hearings on NSA Surveillance » (Sep. 4, 2013)
The European Parliament will hold a hearing, "Electronic Mass Surveillance of EU Citizens," on September 5, 2013. The hearing is hosted by the Committee on Civil Liberties, Justice, and Home Affairs ("LIBE Committee"). Witnesses include journalists and the Editor-in-Chief of the Guardian as well as current and former government officials. The hearing will focus on surveillance conducted by the United States, but will also address EU-Member State surveillance. A live stream will be accessible. The hearings is the first in a series mandated by a resolution of the European Parliament. EPIC has filed a Petition for a Writ of Mandamus in the U.S. Supreme Court, calling the National Security Agency's practice of collecting U.S. person phone call information unlawful. For more information, see EPIC: In re EPIC - NSA Telephone Records Surveillance.
- Solicitor General Seeks Second Extension for Response to EPIC in Supreme Court Challenge to Domestic Surveillance Program » (Aug. 30, 2013)
The Solicitor General of the United States has asked the clerk of the US Supreme Court for a second extension to prepare a response to EPIC's Petition, which argues that the order of the FISA Court for domestic telephone toll records was unlawful and must be overturned. EPIC filed the Petition on July 8, 2013. Subsequently, several amicus briefs in support of EPIC were filed with the Court by privacy scholars, Constitutional scholars, experts in the Court's jurisdiction, and former members of the Church Committee. The Solicitor General asked for a 30-day extension for the initial August 12, 2013 deadline which was granted. The SG has now asked for a second 30-day extension. The case is In re EPIC, Petitioner, No. 13-58. For more information, see In re EPIC - NSA Telephone Records Surveillance.
- NSA Responds to EPIC's Petition Concerning Domestic Surveillance, EPIC Considers Next Steps » (Aug. 30, 2013)
Two months after EPIC formally petitioned the National Security Agency to suspend the domestic surveillance program, the NSA has responded. In the petition, EPIC stated that "NSA's collection of domestic communications contravenes the First and Fourth Amendments to the United States Constitution, and violates several federal privacy laws, including the Privacy Act of 1974, and the Foreign Intelligence Surveillance Act of 1978 as amended." EPIC further stated that NSA's domestic surveillance "substantively affects the public to a degree sufficient to implicate the policy interests" that require public comment. In response to EPIC, the NSA argued "any NSA activities involving the collection of communications that may meet the description set forth in your letter, if any, would not constitute Agency actions that are subject to notice-and-comment requirements . . ." The letter from the NSA Associate Director for Policy and Records also stated the "NSA operates in accordance with the Constitution and the laws of the United States." EPIC is considering subsequent legal action. For more information, see EPIC: NSA petition.
- EPIC Submits Ninth Petition to NSA to Suspend Domestic Surveillance » (Aug. 19, 2013)
EPIC, joined by over 3,000 members of the public, leading privacy experts, and journalists, has petitioned the National Security Agency for the ninth time, urging the suspension of the NSA domestic surveillance program pending public comments. EPIC first petitioned the agency on June 17, 2013. Because the NSA has failed to respond, EPIC has renewed the petition on a weekly basis. EPIC's petition states, "NSA's collection of domestic communications contravenes the First and Fourth Amendments to the United States Constitution, and violates several federal privacy laws, including the Privacy Act of 1974, and the Foreign Intelligence Surveillance Act of 1978 as amended." The petition further states that the NSA's domestic surveillance "substantively affects the public to a degree sufficient to implicate the policy interests" that require public comment, and that "NSA's collection of domestic communications absent the opportunity for public comment is unlawful." By law, the NSA is required to respond. General Keith Alexander, NSA Director, has publicly stated that the agency is interested in receiving public comments: "Help us defend this country and protect our civil liberties and privacy. And if anybody has a better way to do it than what we are doing today, we want to hear that." EPIC intends to renew its request for a public rulemaking each week until the NSA responds. For more information and to join EPIC's petition, see EPIC: NSA petition.
- NSA Violated Law Thousands of Times and Intercepted American Communications » (Aug. 19, 2013)
An internal audit has revealed that the NSA violated both legal rules and privacy restrictions thousands of times each year since 2008, leading to the unauthorized surveillance of American communications. According to the 2012 report, there were 2,776 violations in the previous 12 months alone. A "large number" of calls placed from Washington DC were intercepted when its area code was confused with that of Egypt. Another document shows how NSA analysts are trained to avoid giving "extraneous information" to their "FAA overseers" when they want to target an individual. In 2006, EPIC wrote to the Senate Judiciary Committee regarding instances of intelligence gathering misconduct by the FBI that were uncovered through EPIC's Freedom of Information Act requests. EPIC is currently petitioning the NSA to suspend its domestic surveillance program pending a public comment period. EPIC has also filed a petition with the U.S. Supreme Court challenging the legal authority of the FISA Court to authorize the NSA's program.
- Administration Argues NSA Domestic Surveillance is Lawful; President Supports FISA Court Adversary » (Aug. 12, 2013)
The administration released a white paper outlining its legal argument for why the Patriot Act Section 215 authorizes the NSA to collect all Americans' telephone records. The government also released a NSA memo discussing the agency's program. At a press conference on Friday, President Obama outlined proposals that would address some, but not all, problems with the domestic surveillance programs, such as appointing a special advocate to argue in favor of civil liberties before the FISA Court. EPIC has brought a lawsuit in the Supreme Court challenging the legal authority for the NSA telephone surveillance program. For more information, see In re EPIC.
- Government Releases Secret Court Order Authorizing NSA Telephone Surveillance » (Jul. 31, 2013)
The Director of National Intelligence has published the "Primary Order" from the FISA Court which describes the scope of the NSA's data analysis activities for telephone call records. The order details the procedures the NSA is expected to follow when reviewing data, but is heavily redacted. The order does not include a legal analysis of the surveillance laws being applied. The government also released past reports on the NSA's domestic surveillance program. For more information, see In re EPIC - NSA Telephone Records Surveillance and EPIC: NSA Petition.
- Chairman Leahy Calls For End of NSA Telephone Surveillance Program » (Jul. 31, 2013)
Senator Patrick Leahy said in an oversight hearing that the NSA's domestic telephone surveillance program should be terminated. "This program is not effective. It has to end," said the Chairman of the Senate Judiciary Committee. Senator Leahy has also introduced the FISA Accountability and Privacy Protection Act, to strengthen oversight of the government surveillance programs. Representatives from the NSA and Justice Department testified about the legality of the NSA's collection of all telephone records in the United States. But both Democratic and Republican Committee members expressed concern about the scope and secrecy of the program. EPIC has filed a petition with the U.S. Supreme Court challenging the legal authority of the FISA Court to authorize the NSA's program. For more information, see In re EPIC - NSA Telephone Records Surveillance.
- House Narrowly Defeats Bill to End NSA Domestic Surveillance Program » (Jul. 25, 2013)
In a surprisingly close vote, the House of Representatives voted 217 to 205 not to suspend funding for the controversial NSA program that has resulted in the collection of all call records of all American telephone customers. The outcome followed intense lobbying by the Administration and leaders of the intelligence community. The measure was introduced by Justin Amash (R-MI) and John Conyers (D-MI). EPIC has filed a petition with the US Supreme Court, charging that the program violates section 215 of the Patriot Act. A decision by the Court is expected in early October. For more information, see EPIC - In re Electronic Privacy Information Center.
- FISA Court Renews Unlawful Surveillance Program, DOJ Defends Program » (Jul. 22, 2013)
According to the Director of National Intelligence, on July 19, 2013 the Government "filed an application with the Foreign Intelligence Surveillance Court seeking renewal of the authority to collect telephony metadata in bulk, and that the Court renewed that authority." In a separate filing, in a July 18 response to a challenge brought by the ACLU, the Department of Justice said that a federal district court in New York could not overturn the order of the FISA court. And in a July 16 letter to Congressman Sensenbrenner the Department asserts that "because the telephony metadata must be available in bulk to allow the NSA to identify records of terrorist communications, there are 'reasonable grounds to believe' that the data is relevant to an authorized investigation. EPIC has recently filed a petition with the US Supreme Court, challenging the lawfulness of the NSA domestic surveillance program. For more information, see EPIC - In re Electronic Privacy Information Center.
- EPIC Updates Congress on Organization's Response to NSA Surveillance » (Jul. 16, 2013)
EPIC has sent a letter to the House Judiciary Committee describing EPIC's response to the NSA domestic surveillance program in anticipation of a hearing on FISA oversight. "In our view, the secret court simply lacks the legal authority to authorize this program of domestic surveillance," EPIC writes. EPIC has filed a petition with the U.S. Supreme Court challenging the Verizon Order issued by the Foreign Intelligence Surveillance Court. EPIC is also petitioning the NSA to create public rules governing its surveillance authorities. For more information, see In Re EPIC and EPIC: NSA Petition.
- EPIC Renews Petition to NSA to Suspend Domestic Surveillance Program » (Jul. 15, 2013)
EPIC, joined by over 2,000 members of the public, leading privacy experts, and journalists, has again petitioned the National Security Agency, urging the suspension of the NSA domestic surveillance program pending public comments. EPIC, joined by leading privacy experts including James Bamford, Whitfield Diffie, and Bruce Schneier, first petitioned the agency on June 17, 2013. Because the NSA has failed to respond, EPIC has renewed the petition on a weekly basis. EPIC's petition states "NSA's collection of domestic communications contravenes the First and Fourth Amendments to the United States Constitution, and violates several federal privacy laws, including the Privacy Act of 1974, and the Foreign Intelligence Surveillance Act of 1978 as amended." EPIC's petition further states that NSA's domestic surveillance "substantively affects the public to a degree sufficient to implicate the policy interests" that require public comment, and that "NSA's collection of domestic communications absent the opportunity for public comment is unlawful." By law, the NSA is required to respond. EPIC intends to renew its request for a public rule making each week until the NSA responds. For more information and to join EPIC’s petition, see EPIC: NSA Petition also #NSApetition.
- EPIC Speaks to Oversight Board, Former Judge Questions FISC » (Jul. 10, 2013)
EPIC, in a prepared statement, addressed the Privacy and Civil Liberties Oversight Board regarding NSA surveillance under the Patriot Act and the Foreign Intelligence Surveillance Act at day long workshop. Retired Judge James Robertson, who served on the FISA Court, told the panel that he was "stunned" by the news that the government was collecting all of the telephone records of Americans. EPIC, which has recently filed a challenge to the domestic surveillance program with the Supreme Court, recommended increased public reporting for FISA and new limitations on the authority of the FISA court. EPIC previously provided recommendations to the Board for future work. Several of the recommendations were incorporated in the Board's semi-annual report. For more information, see EPIC: Foreign Intelligence Surveillance Act and EPIC: NSA Petition.
- EPIC Files Supreme Court Petition, Challenges Domestic Surveillance Program » (Jul. 8, 2013)
EPIC has filed a Petition with the U.S. Supreme Court, asking the Court vacate an unlawful order by the Foreign Intelligence Surveillance Court that enables the collection of all domestic phone record by the NSA. The order, directed to Verizon, requires the production of all "call detail records" for calls made "wholly within the United States, including local telephone calls." EPIC said "It is simply not possible that every phone record in the possession of a telecommunications firm could be relevant to an authorized investigation. . . . Such an interpretation of [the law] would render meaningless the qualifying phrases contained in the provision and eviscerate the purpose of the Act." For more information, see In re Electronic Privacy Information Center.
- Privacy International Files Complaint Against NSA, GCHQ Surveillance Programs » (Jul. 8, 2013)
Privacy International, a leading privacy organization based in London, filed a legal complaint today with a UK tribunal about the recently disclosed surveillance programs. Privacy International asserts that the NSA and its United Kingdom counterpart, GCHQ, have been conducting dragnet surveillance of American and British citizens, without any public accountability. PI also charges that by accessing the NSA's information pool, the British government is acting outside the rule of law. EPIC today filed a petition in the US Supreme Court, alleging that the Foreign Intelligence Surveillance Court exceeded its legal authority when it issued the order to Verizon to turn over all of the phone records of its customers. For more information, see EPIC: NSA Petition and EPIC: NSA - Verizon Phone Record Monitoring.
- EPIC Renews Call for Suspension of NSA Domestic Surveillance Program » (Jun. 28, 2013)
Almost 2,000 members of the public have joined EPIC's petition to the National Security Agency, urging the suspension of the NSA domestic surveillance program pending public comment. EPIC, joined by leading privacy experts including James Bamford, Whitfield Diffie, and Bruce Schneier, first petitioned the agency on June 17, 2013. EPIC's petition states "NSA's collection of domestic communications contravenes the First and Fourth Amendments to the United States Constitution, and violates several federal privacy laws, including the Privacy Act of 1974, and the Foreign Intelligence Surveillance Act of 1978 as amended." EPIC's petition further states that NSA's domestic surveillance "substantively affects the public to a degree sufficient to implicate the policy interests" that require public comment, and that "NSA's collection of domestic communications absent the opportunity for public comment is unlawful." EPIC intends to renew its request each week until the NSA responds. For more information and to join EPIC’s petition, see EPIC: NSA Petition.
- Senator Leahy Introduces Legislation to Limit NSA Domestic Surveillance » (Jun. 25, 2013)
Senator Patrick Leahy (D-VT), joined by several other Senators, has introduced a bill that will amend certain provisions of the USA PATRIOT ACT and the FISA Amendments Act to address recent revelations about domestic surveillance by the National Security Agency. The provisions of the bill will increase the threshold for the NSA to obtain domestic metadata and require court-approved minimization procedures. In addition, the bill will move up expiration dates on surveillance authorities to June 2015. In a statement, Senator Leahy said, "these are all commonsense, practical improvement that will ensure that the broad and powerful surveillance tools being used by the Government are subject to appropriate limitations, transparency, and oversight." EPIC recommended similar proposals in testimony last year before the House Judiciary Committee. For more information, see EPIC: Foreign Intelligence Surveillance Act and EPIC: NSA Petition.
- NSA Targeting and Minimization Procedures Released » (Jun. 21, 2013)
The Guardian has posted the procedures used by the National Security Agency to target non-US citizens under the Foreign Intelligence Surveillance Act, as well as the minimization procedure for information collected about US citizens. The documents indicate that "[a] person whose location is not known will be presumed to be a non-United States person," and that the NSA maintains databases of the telephone numbers, email accounts, and other identifiers of US citizens. EPIC recently petitioned the NSA to suspend its domestic surveillance pending public comment. Last year, in testimony for the House Judiciary Committee, EPIC urged Congress not to reauthorize the FISA Amendments Act until adequate oversight procedures were in place. For more information, see EPIC: Foreign Intelligence Surveillance Act and EPIC: NSA Petition.
- EPIC Joins Coalition to Demand a Congressional Investigation into NSA Surveillance » (Jun. 19, 2013)
Today, EPIC joined a coalition of over 100 civil liberties organizations and Internet companies to demand that Congress initiate a full-scale investigation into the National Security Agency's surveillance programs. In the letter sent to Congress this morning, the coalition emphasized the need for public transparency and an end to dragnet surveillance: "This type of blanket data collection by the government strikes at bedrock American values of freedom and privacy." EPIC is also leading a petition to the NSA to suspend its program of collecting information on all individuals in the United States. EPIC intends to renew its request to the Agency every week until the NSA responds. For more information see EPIC: NSA Petition.
- EPIC, Bamford, Diffie, Schneier Call for Suspension of NSA Domestic Surveillance Program Pending Public Comment » (Jun. 17, 2013)
EPIC, joined by leading privacy experts including James Bamford, Whitfield Diffie, and Bruce Schneier, has petitioned the National Security Agency to suspend its domestic surveillance program pending public comment. EPIC's petition states "NSA's collection of domestic communications contravenes the First and Fourth Amendments to the United States Constitution, and violates several federal privacy laws, including the Privacy Act of 1974, and the Foreign Intelligence Surveillance Act of 1978 as amended." EPIC's petition further states that NSA’s domestic surveillance "substantively affects the public to a degree sufficient to implicate the policy interests" that require public comment, and that "NSA's collection of domestic communications absent the opportunity for public comment is unlawful." EPIC intends to renew its request each week until the NSA responds. For more information and to join EPIC’s petition, see: EPIC: NSA Petition.
- Classified NSA Cybersecurity Directive Sought by EPIC Establishes NSA Cyberattack Authority » (Jun. 8, 2013)
Presidential Policy Directive 20 orders the creation of potential targets for Offensive Cyber Effects Operations by the NSA. According to the classified document, the "Government shall identify potential targets of national importance where [cyberattacks] can offer a favorable balance of effectiveness and risk . . ." The Directive was signed last October and EPIC immediately filed a Freedom of Information request seeking public release of the policy as it implicates the privacy of domestic communications. The NSA refused to release the Directive. The White House released a summary of the Directive, but failed to disclose information about the NSA's proposed cyberattacks. PPD-20 was made available to the public in a post to the Guardian by Glenn Greenwald. For more information, see EPIC: Presidential Directives and Cybersecurity, EPIC: EPIC v. NSA - Cybersecurity Authority and EPIC: Cybersecurity Privacy Practical Implications.
- EPIC Seeks Legal Justification for NSA Domestic Surveillance Program » (Jun. 7, 2013)
EPIC has filed a Freedom of Information Act request with the Department of Justice, seeking the agency's justification for the NSA domestic surveillance program. The Department of Justice authorized a request for "all call detail records or 'telephony metadata' created by Verizon for communications . . . (ii) wholly within the United States, including local telephone calls." By statute, the scope of the Foreign Intelligence Surveillance Court is limited to investigations concerning the collection of foreign intelligence. The Department of Justice and the President have been acknowledged that the Department conveyed information about the program to Congress. EPIC has asked Congress to determine whether the special court exceeded its authority when it compelled Verizon to turn over the records of millions of telephone customers. For more information, see EPIC: Foreign Intelligence Surveillance Act, EPIC: Clapper v. Amnesty Int'l, and EPIC: USA Patriot Act.
- Congress Begins Investigation of NSA Domestic Surveillance Program » (Jun. 7, 2013)
Following the revelation of that the National Security Agency is monitoring domestic communications, members of Congress are initiating new oversight proceedings. The Senate Intelligence Committee will review the program's legal authority. Members of the House Judiciary Committee wrote to President Obama, saying, "We believe this type of program is far too broad and inconsistent with our nation's founding principles." During a hearing of the Senate Appropriations Committee, Sen. Mark Kirk (R-IL)asked Attorney General Eric Holder whether the NSA has spied on members of Congress. EPIC has sent a letter to leaders in Congresscalling for an investigation into the NSA's activities, and alleging that the FISC's authorization of the Verizon search was unlawful. For more information, see EPIC: Foreign Intelligence Surveillance Act, EPIC: Clapper v. Amnesty Int'l, and EPIC: USA Patriot Act.
- EPIC to Congress: 'NSA Domestic Surveillance Program is Unlawful' » (Jun. 7, 2013)
EPIC has sent a letter to Congress charging that the National Security Agency's demand for domestic telephone records is unlawful. EPIC stated, "The Foreign Intelligence Surveillance Court ordered an American telephone company to disclose to the NSA records of wholly domestic communications. The FISC lacks the legal authority to grant this order." EPIC's letter calls on Congress to conduct hearings and determine whether the specialized court, charged with overseeing the collection of foreign intelligence, may also authorize surveillance of solely domestic communications. For more information, see EPIC: Foreign Intelligence Surveillance Act, EPIC: Clapper v. Amnesty Int'l, and EPIC: USA Patriot Act.
- EPIC Seeks Documents on Government's Authority to Search Journalists' Email » (May. 14, 2013)
EPIC has filed a Freedom of Information Act request with the Department of Justice Office of Legal Counsel, seeking documents explaining the DOJ's legal authority to search the electronic communications of reporters. Following news reports that the DOJ seized the telephone records of the Associated Press, EPIC's request seeks to discover the legal basis for the action as well as whether the DOJ could obtain the email or text messaging records of journalists. In 2005, EPIC filed the first FOIA request concerning the government's "warrantless wiretapping". EPIC eventually obtained emails and a memo (pdf) from a former high-level Justice Department official expressing doubt about the government's argument in favor of the legality of the program. EPIC also obtained internal messages (pdf) from the NSA's director to agency staff, defending the NSA's warrantless eavesdropping and discouraging employees from discussing the issue with the news media. For more information, see EPIC: Open Government, EPIC: New York Times v. DOJ.
- DHS Releases Revised Privacy Impact Assessment on Internet Monitoring Program » (Apr. 24, 2013)
The Department of Homeland Security has released a Privacy Impact Assessment for Einstein 3 - Accelerated. Einstein 3 is a government cybersecurity program that monitors Internet traffic. The monitoring includes scanning email destined for .gov networks for malicious attachments and URLs. According to DHS, the basis of the government’s authority to perform the monitoring is National Security Presidential Directive 54. EPIC is pursuing FOIA litigation to force the government to release the Directive to the public. For more information, see EPIC v. NSA - Cybersecurity Authority.
- EPIC FOIA Request Reveals Details About Government Cybersecurity Program » (Apr. 24, 2013)
New documents obtained by EPIC in a Freedom of Information Act lawsuit reveal that the Department of Defense advised private industry on how to best circumvent federal wiretap law. The documents concern a collaboration between the Defense Department, the Department of Homeland Security, and private companies to allow government monitoring of private Internet networks. Though the program initially only applied to defense contractors, an Executive Order issued by the Obama administration earlier this year expanded it to include other "critical infrastructure" industries. The documents obtained by EPIC also cited NSPD 54 as one source of authority for the program. NSPD 54 is a presidential directive issued under President Bush that EPIC is pursuing in separate FOIA litigation. For more information, see EPIC: EPIC v. DHS (Defense Contractor Monitoring), and EPIC: EPIC v. NSA - Cybersecurity Authority.
- White House Releases Unclassified Summary of Presidential Cybersecurity Directive » (Apr. 19, 2013)
The White House has released an unclassified summary of Presidential Policy Directive 20. The Policy Directive sets out the cybersecurity authority of the National Security Agency in the United States and has raised concerns about government surveillance of the Internet. The existence of the Directive was detailed in a story in the Washington Post in 2012, and EPIC immediately pursued the public release of the document. According to the White House, PPD-20 "established principles and processes for the use of cyber operations so that cyber tools are integrated with the full array of national security tools." EPIC is still pursuing the release of the full document. For more information see EPIC: Cybersecurity Privacy Practical Implications and EPIC: EPIC v. NSA (NSPD 54).
- White House Threatens to Veto CISPA Unless Privacy Protections Improved » (Apr. 16, 2013)
In a Statement of Administration Policy, the White House threaten to veto the controversial Cyber Intelligence Sharing and Protection Act (CISPA) unless more robust privacy and civil liberties protections are added and newly authorized information sharing goes through a civilian agency. EPIC joined a letter signed by a coalition of privacy and civil liberty organizations to urge the House Permanent Select Committee on Intelligence to open the markup process for CISPA. The markup for CISPA remained closed, and currently as drafted, CISPA would allow companies to disclose vast amounts of customer and client information to other companies and the government, including the National Security Agency, for "cybersecurity purposes." EPIC favors government transparency and is currently pursuing a lawsuit against the NSA stemming from a FOIA request for National Security Presidential Directive 54, which grants the NSA broad authority over computer networks in the United States. For more information, see EPIC: EPIC v. NSA - Cybersecurity Authority.
- EPIC Comments on Federal Cybersecurity Framework » (Apr. 12, 2013)
In response to a request for comments, EPIC submitted comments on the National Institute of Standards and Technology’s review to develop a cybersecurity framework. Pursuant to Executive Order 13636, the agency is charged with defining a cybersecurity framework for the federal government. EPIC supports civilian control of cybersecurity and privacy protections based on the Fair Information Practices. In the comments to NIST, EPIC emphasized the need for all federal agencies to comply with the Privacy Act and the Freedom of Information Act. For more information, see EPIC: Cybersecurity Practical Implications and EPIC: EPIC v. NSA (Cybersecurity Authority).
- Federal Appeals Court Rejects "Neither Confirm Nor Deny" Defense for Government Secrecy » (Mar. 15, 2013)
The Court of Appeals for the DC Circuit has ruled that the CIA must respond to an ACLU open government request for records pertaining to drone strikes. The CIA had said it could “neither confirm nor deny that it had responsive documents." The appeals court found that the agency itself had acknowledged it had such document. In EPIC v. NSA, a similar challenge to the "Glomar" response , the federal appeals court found that the agency had not acknowledged existence of documents responsive to a FOIA request even tough there were widespread news reports of a partnership between Google and the NSA. For more information, see EPIC: EPIC v. NSA: Google/NSA Relationship.
- White House Issues New Executive Order, Presidential Directive on Cybersecurity » (Feb. 13, 2013)
In conjunction with the 2013 State of the Union, President Obama has signed a public Executive Order on cybersecurity and "critical infrastructure." The Order grants new powers to federal agencies to share cybersecurity information with private companies. Affected federal agencies will "conduct regular assessments of privacy and civil liberties impacts." The President also issued Presidential Policy Directive 21, which directs the Secretary of the Department of Homeland Security to take specific, discrete actions regarding cybersecurity practices. EPIC is currently pursuing a Freedom of Information Act request with the National Security Agency for Presidential Policy Directive 20, a secret directive that grants cybersecurity authority to the National Security Agency. For more information, see EPIC: Cybersecurity Privacy Practical Implications and EPIC: EPIC v. NSA (Cybersecurity Authority).
- Obama Talks Cybersecurity at 2013 State of the Union » (Feb. 13, 2013)
At the 2013 State of the Union, President Obama announced an Executive Order that grants new authority to federal agencies to share information with private companies. President Obama further urged Congress to act to "pass legislation to give our government a greater capacity to secure our networks and deter attacks." A new Presidential Directive was also published today, directing the Secretary of the Department of Homeland Security to take specific, discrete actions regarding cybersecurity practices. EPIC is currently pursuing a Freedom of Information Act request with the National Security Agency for Presidential Policy Directive 20, a prior directive that grants additional, secret cybersecurity authority to the National Security Agency. For more information, see EPIC: Cybersecurity Privacy Practical Implications and EPIC: EPIC v. NSA (Cybersecurity Authority).
- EPIC Obtains Documents on NSA's "Perfect Citizen" Program » (Jan. 2, 2013)
The NSA has turned over documents on the controversial "Perfect Citizen" program to EPIC in response to a FOIA request. "Perfect Citizen" is an NSA program that monitors private networks in the United States. The redacted documents obtained from the federal agency by EPIC state that "[t]he prevention of a loss due to a cyber or physical attack [on Sensitive Control Systems, like large-scale utilities], or recovery of operational capability after such an event, is crucial to the continuity of the [Department of Defense] , the [Intelligence Community], and the operation of SIGNIT systems." The NSA claims that Perfect Citizen is merely a research and development program. The documents obtained by EPIC suggest that the program is operational. For more information, see EPIC: Perfect Citizen.
- EPIC Comments on Federal Cybersecurity Plan » (Dec. 20, 2012)
In response to a request for comments, EPIC submitted comments on the Federal Cybersecurity Research and Development Strategic Plan. The cybersecurity strategic plan calls for a coordinated research strategy across federal agencies including the Department of Homeland Security and the National Security Agency. EPIC supported the call for privacy safeguards and anonymous web access, and recommended the further integration of genuine privacy-enhancing techniques. EPIC also emphasized the need for all federal agencies to comply with the Privacy Act and the Freedom of Information Act as the plan progresses. EPIC previously submitted comments to the Department of Defense regarding Cyber Security and Information Assurance Activities. For more information, see EPIC: Cybersecurity Privacy Practical Implications and EPIC: EPIC v. NSA - Cybersecurity Authority.
- UPDATED: EPIC Appeals NSA's Withholding of Cybersecurity Directive » (Nov. 27, 2012)
EPIC has appealed a decision by the National Security Agency to deny EPIC's Freedom of Information Act Request for the public release of Presidential Policy Directive 20. The Policy Directive expands the NSA's cybersecurity authority and has raised concerns about government surveillance of the Internet. EPIC's FOIA appeal points to numerous substantive and procedural defects in the NSA's response, and highlights the importance of public discussion of cyber security authority. The NSA has ten days to respond to EPIC's appeal. For more information, see EPIC: Cybersecurity Privacy Practical Implications, EPIC: EPIC v. NSA - Cybersecurity Authority.
- NSA Withholds Cybersecurity Directive, EPIC to Appeal » (Nov. 20, 2012)
The National Security Agency has responded to a Freedom of Information Act Request from EPIC, seeking the public release of Presidential Policy Directive 20. The Directive, first reported by the Washington Post, is believed to expand the NSA's cybersecurity authority. In response to EPIC, the NSA argued that the Agency does not have to release the document because it is a confidential presidential communication and it is classified by the NSA. EPIC is litigating similar claims against the NSA, including the release of NSPD 54, a 2008 presidential directive setting out the NSA’s cybersecurity authority. In an official statement to Congress earlier this year, EPIC explained that the NSA was a “black hole for public information about cybersecurity.” EPIC plans to appeal the NSA's determination. For more information, see EPIC: Cybersecurity Privacy Practical Implications, EPIC: EPIC v. NSA - Cybersecurity Authority.
- President Issues Secret Cybersecurity Directive, EPIC Seeks Public Release » (Nov. 14, 2012)
Following a Washington Post report of a new cyber security directive, EPIC has filed a Freedom of Information Act request for the release of Presidential Policy Directive 20. The Directive is believed to expand cyber security authority for the National Security Agency. EPIC is pursuing several FOIA cases, including the release of NSPD-54, an earlier Directive that gave NSA authority to conduct surveillance within the United States. EPIC has also sought public release of the technical arrangement between the NSA and Google that was adopted in January 2010. Federal law prevents the National Security Agency, a component of the Department of Defense, from conducting operations within the United States. For more information, see EPIC: Cybersecurity Privacy Practical Implications, EPIC: EPIC v. NSA - Cybersecurity Authority, and EPIC v. NSA: Google / NSA Relationship.
- EPIC Urges Privacy Safeguards for Defense Department Cybersecurity Program » (Jul. 11, 2012)
EPIC has submitted comments to the Department of Defense, urging the agency to protect individual privacy when it obtains detailed information about Internet users from the private sector. Under current Department regulations, companies are encouraged to provide information about Internet users that may relate to "cyber incidents" and cyber "threats."This is similar to a controversial provision in Cyber Intelligence Information Protection Act ("CISPA"). EPIC recommended that the agency revise the regulations for the "Cyber Security and Information Assurance" program so that: (1) the program remain voluntary, (2) "cyber incident" and "threat" are narrowly defined, (3) liability is imposed on private companies for disclosing excess user information, (4) the Attorney General conduct annual audits, and (5) the agency adheres to federal privacy laws. EPIC also warned the agency to fully comply with the Freedom of Information Act, which has provided the public with important information about network security. For more information, see EPIC: Cybersecurity and EPIC: EPIC v. NSA (FOIA for NSA Cybersecurity Authority), and EPIC: EPIC v. NSA (FOIA for Google/NSA Relationship).
- Federal Appeals Courts Sides with NSA, Rejects EPIC's Arguments that Agency Should Provide Information About Collaboration with Google » (May. 11, 2012)
The DC Circuit Court of Appeals ruled today the National Security Agency need neither "confirm nor deny" the existence of any records about the agency's relationship with Google, even after such a collaboration was widely reported in the national media. EPIC filed a Freedom of Information Act (FOIA) request with the NSA following a cyber attack in January 2010 that led Google to contact the NSA. The NSA refused to either confirm or deny the existence of responsive records, claiming that such information is exempt from disclosure under the NSA Act. EPIC challenged this "Glomar" response and argued that the agency had a responsibility to locate records that could be disclosed, but a lower court ruled in favor of the NSA and the appellate court affirmed. EPIC has several other pending FOIA matters concerning the NSA, including "Perfect Citizen," Internet wiretapping, and even the NSA's own legal authority which the agency has refused to release to the public. For more information, see EPIC v. NSA: Google / NSA Relationship.
- Flawed Cybersecurity Bill Passes House, Headed for Senate without Privacy, FOIA Safeguards » (Apr. 27, 2012)
The House of Representatives passed the Cyber Intelligence Information Protection Act ("CISPA"), a cybersecurity bill that allows the government to obtain detailed information about Internet users from the private sector. The bill preempts established privacy protections in other federal laws and opens the door for increased surveillance of individuals in the United States. The bill also creates a new Freedom of Information Act exemption, which will reduce government transparency and accountability. Earlier this year, EPIC said in a statement to the Senate that the Freedom of Information Act provides the public important information about network security, and warned that the National Security Agency has become a “black hole” for public information about cybersecurity. For more information, see EPIC: Cybersecurity and EPIC: EPIC v. NSA (FOIA for NSA Cybersecurity Authority), and EPIC: EPIC v. NSA (FOIA for Google/NSA Relatioship).
- Coalition Urges Congress to Remove Cybersecurity FOIA Limitations » (Apr. 18, 2012)
An open government coalition has asked House lawmakers to oppose provisions in "CISPA" that would cut off public access to information held by federal agencies. The Cyber Intelligence Sharing and Protection Act would allow the government to refuse to disclose broad swaths of information, otherwise subject to FOIA, that companies provide to the government. More than three dozen groups have signed the petition - including Openthegovernment.org, the Sunlight Foundation, Project On Government Oversight, and EFF. The groups have asserted that the legislation "constitutes a wholesale attack on public access to information under the Freedom of Information Act" and would impede the public's ability to evaluate whether the government is adequately combating cybersecurity threats. In a statement for a hearing on the FOIA and critical infrastructure information, EPIC also warned against new FOIA exemptions and said that the National Security Agency has become a "black hole" for public information about cybersecurity. For more information see EPIC: Cybersecurity, EPIC: EPIC v. NSA, Litigation Under the Federal Open Government Laws 2010.
- EPIC to Argue for Disclosure of Google-NSA Agreement before Federal Appeals Court » (Mar. 19, 2012)
EPIC will pursue its Freedom of Information Act request with the National Security Agency in scheduled arguments before the Court of Appeals for the DC Circuit this Tuesday morning. EPIC submitted the FOIA request in February 2010, following a widely reported collaboration between Google and the NSA after the China hack. The agency replied that it could "neither confirm nor deny" the existence of records responsive to EPIC's request. A lower court ruled in favor of the NSA, but EPIC has challenged that opinion, and the federal appeals court will hear the case on March 20, 2012. The case is EPIC v. NSA, No. 11-5233.
- Open Government Groups Oppose Cyber Security FOIA Exemption » (Mar. 14, 2012)
Open government organizations have sent a letter to Senator John McCain, opposing specific provisions in a cybersecurity bill he introduced. The SECURE IT Act would create a new Freedom of Information Act exemptions for "cyber threat information" as well as for all information shared with a cybersecurity center. FOIA exemptions limit public access to government information. The organizations stated, "Unnecessarily wide-ranging exemptions of this type have the potential to harm public safety and the national defense more than they enhance those interests." In a statement for a hearing on the FOIA and critical infrastructure information, EPIC also warned against new FOIA exemptions and said that the National Security Agency has become a "black hole" for public information about cybersecurity. For more information, see EPIC: Cybersecurity.
- EPIC Urges Senate to Safeguard FOIA for Cybersecurity » (Mar. 12, 2012)
In a detailed statement to the Senate for a hearing on the "Freedom of Information Act: Safeguarding Critical Infrastructure and the Public's Right to Know," EPIC said that safeguarding FOIA was critical to ensure government oversight and accountability. EPIC described how the FOIA provides the public important information about safety and security, but also warned that the National Security Agency has become a "black hole" for public information about cyber security. EPIC described several NSA programs, including "Perfect Citizen," Internet wiretapping, and even the NSA's own legal authority which the agency has refused to release to the public. EPIC v. NSA, a challenge to the agency's "neither confirm nor deny" response to an EPIC FOIA request will be heard next week by the DC Circuit Court of Appeals. For more information, see EPIC: Cybersecurity.
- Federal Court Revives Suit Over NSA Dragnet Surveillance » (Jan. 5, 2012)
A federal appeals recently revived a lawsuit, Jewel v. NSA, challenging the NSA's use of the nation's largest telecommunication providers to conduct suspicionless surveillance of Americans. The three-judge panel reversed a lower court decision that rejected claims based on lack of standing. The case will now return to the district court for a decision on the merits. The same three-judge panel also rejected a related suit against the telecommunications providers, Hepting v. AT&T, based on the "retroactive immunity" provided by Congress in 2008. EPIC, in cooperation with the Stanford Constitutional Law Center, filed a "Friend of the Court" brief in support of the plaintiffs in these cases, arguing that statutory and constitutional privacy violations are sufficient to establish standing, and that the state secrets doctrine should not bar adjudication. For more information, see EPIC: Hepting v. AT&T and EPIC: NSA Warrantless Surveillance.
- EPIC Urges Appeals Court to Shed Light on Google-NSA Agreement » (Jan. 4, 2012)
EPIC filed the opening brief in EPIC v. NSA, No. 11-5233, challenging the National Security Agency’s response to EPIC's Freedom of Information Act request. EPIC is seeking information about the widely publicized cybersecurity agreement between the NSA and Google that followed the January 2010 China hack. The NSA claimed it "could neither confirm nor deny" the existence of any information about its relations with Google. After the attack, Google's implemented encryption technology for Gmail by default, a privacy safeguard EPIC and technical experts had urged in 2009. For more information, see EPIC v. NSA: Google / NSA Relationship.
- EPIC v. NSA: Agency Can "Neither Confirm Nor Deny" Google Ties » (Jul. 13, 2011)
A federal judge has issued an opinion in EPIC v. NSA, and accepted the NSA's claim that it can "neither confirm nor deny" that it had entered into a relationship with Google following the China hacking incident in January 2010. EPIC had sought documents under the FOIA because such an agreement could reveal that the NSA is developing technical standards that would enable greater surveillance of Internet users. The "Glomar response," to neither confirm nor deny, is a controversial legal doctrine that allows agencies to conceal the existence of records that might otherwise be subject to public disclosure. EPIC plans to appeal this decision. EPIC is also litigating to obtain the National Security Presidential Directive that sets out the NSA's cyber security authority. And EPIC is seeking from the NSA information about Internet vulnerability assessments, the Director's classified views on how the NSA's practices impact Internet privacy, and the NSA's "Perfect Citizen" program.
- EPIC v. NSA: FOIA Suit for Cybersecurity Authority Will Move Forward, though National Security Council Remains a "FOIA-Free Zone" » (Jul. 8, 2011)
A District of Columbia federal court ordered an EPIC lawsuit against the National Security Agency to proceed, holding that EPIC can "pursue its claim against the NSA for wrongfully withholding an agency record in its possession." EPIC's Freedom of Information Act suit seeks disclosure of National Security Presidential Directive 54 - the document that provides the legal basis for the NSA's cybersecurity activities. The NSA failed to disclose the document in response to EPIC's FOIA request, instead forwarding the request to the National Security Council. The Court held that the NSC is not subject to FOIA, but that the NSA's transfer of EPIC's request does not absolve the agency of its responsibility to respond to EPIC. For more, see: EPIC: EPIC v. NSA.
- EPIC v. NSA FOIA Lawsuit: NSA Will Neither Confirm Nor Deny Communications with Google » (Feb. 18, 2011)
In a Freedom of Information Act lawsuit filed by EPIC against the National Security Agency for information about the NSA's relationship with Google, the NSA has replied that "confirming or denying the existence of any such records would reveal information relating to its core functions and activities . . ." EPIC sought the information, including a widely discussed cooperative research agreement between NSA and Google, because the agency's practices would impact the privacy interests of millions of Internet users both in the United States and around the world. The case is EPIC v. NSA, Civ. Action No. 10-1533 (RJL). EPIC has a related release against the NSA concerning the agency's cybersecurity authority. For more information, see EPIC - EPIC v. NSA.
- EPIC Files Suit For Documents Regarding Google/NSA Partnership » (Sep. 13, 2010)
Today, EPIC filed a Freedom of Information Act lawsuit against the National Security Agency in the United States District Court in the District of Columbia. The agency failed to respond to EPIC's FOIA request for documents about an "Information Assurance" partnership with Google. EPIC previously appealed to the agency to comply with its legal duty to produce the documents, but he agency failed to respond. EPIC is also seeking the Presidential Directive that grants the NSA authority to conduct electronic surveillance in the United States. For more information, see EPIC: Open Government.
- EPIC FOIAs NSA for Details of "Perfect Citizen" » (Jul. 16, 2010)
EPIC has filed a Freedom of Information Act request with the National Security Agency regarding the new secret cybersecurity program known as "Perfect Citizen." According to the Wall Street Journal, the program "would rely on a set of sensors deployed in computer networks for critical infrastructure that would be triggered by unusual activity suggesting an impending cyber attack," although the agency has claimed that there "is no monitoring activity involved, and no sensors are employed in this endeavor" but has refused to release the details of the program. In its request, EPIC has sought contracts, memoranda, and other records relating to "Perfect Citizen." For more information, see EPIC Cybersecurity and Privacy.
- Coalition Letter Results in Meeting with White House Cybersecurity Coordinator » (May. 12, 2010)
EPIC, joined by over 30 organizations, launched a campaign to obtain a meeting with Howard Schmidt, the White House Cybersecurity Coordinator. Groups joining the letter included the ACLU, American Library Association, Bill of Rights Defense Committee, Liberty Coalition, NAACP, OpenTheGovernment.org, and the Lawyers Committee for Civil Rights Under Law. The White House has agreed to the meeting, which follows Senate confirmation of Keith B. Alexander, director of the National Security Agency, to lead the U.S Cyber Command. Civil society organizations have expressed concern about the growing role of the NSA in cyber security. EPIC is currently in litigation with the NSA to obtain the secret policy for NSA surveillance authority. For more information, see EPIC Sues NSA to Force Disclosure of Cybersecurity Authority, and EPIC - Cybersecurity Privacy: Practical Implications.
- EPIC Demands Release of Classified Answers on Privacy and Internet Standards from Cyber Command Nominee » (Apr. 19, 2010)
EPIC has filed a Freedom of Information Act (FOIA) request with the National Security Agency (NSA) seeking the "classified supplement" that Director Lt. Gen. Keith Alexander filed with his answers to questions from the Senate Armed Services Committee regarding his nomination to be the Commander of the newly formed United States Cyber Command. Several of Lt. Gen. Alexander's classified responses were to questions regarding the privacy of Americans' communications, and EPIC's request urges the Agency to make the full responses public. EPIC is currently in litigation with the NSA to obtain the secret policy for NSA surveillance authority. For more information, see EPIC Sues NSA to Force Disclosure of Cybersecurity Authority.
- Congress Considers Nomination of NSA Director to US Cyber Command, Concerns Remain » (Apr. 15, 2010)
The Senate Armed Services Committee will hold a hearing on April 15, to consider the nomination NSA Director Lt. Gen Keith B. Alexander to be the Commander of the US Cyber Command. EPIC has expressed concern about the expanded authority of the NSA within the United States and has specifically requested the public release of NSPD-54, the secret Presidential Directive that allows the NSA to conduct electronic surveillance against US citizens within the United States, prior to the confirmation of Lt. Gen. Alexander. EPIC is seeking this and related document in a Freedom of Information Act lawsuit. For more information, see EPIC Sues NSA to Force Disclosure of Cyber Security Authority.
- White House Publishes Outline of Cyber Security Policies » (Mar. 2, 2010)
The White House announced today that it has made a description of the Comprehensive National Cybersecurity Initiative (CNCI) available online for public viewing. The12 CNCI initiatives cover a wide range of government activity, from cyber education to intrusion detection. However, the text of the underlying legal authority for cybersecurity still remains secret. EPIC has been involved in ongoing litigation regarding a Freedom of Information Act request for the text of the critical cybersecurity document NSPD 54 that President Bush signed in 2008. For more information, see EPIC: EPIC Sues NSA to Force Disclosure of Cyber Security Authority and EPIC: EPIC Seeks Records on Google-NSA Relationship.
- EPIC Statement to Congress on Google, NSA, and Cybersecurity » (Feb. 9, 2010)
EPIC has submitted a statement for the record for a House Foreign Affairs Committee hearing on Google and U.S. Cyberspace Policy. EPIC's statement recommends investigation into the newly-announced partnership between Google and the National Security Agency and the public release of the secret document that grants the NSA broad surveillance authority in cyberspace. The EPIC statement also urges the Congressional Committee to support US ratification of the Council of Europe privacy convention. For more information, see EPIC Critical Infrastructure Protection, Experts' Letter to Secretary Clinton on the Council of Europe Convention.
- EPIC Seeks Records on Google-NSA Relationship » (Feb. 4, 2010)
Today EPIC filed a Freedom of Information Act request with the National Security Agency, seeking records regarding the relationship between Google and the NSA. The press reported that Google and the NSA have entered into a partnership following a recent hacker attack on Google originating from China. The EPIC FOIA request also seeks NSA communications with Google regarding Google's failure to encrypt Gmail and cloud computing services. In March 2009, EPIC filed a complaint with the Federal Trade Commission urging it to investigate the adequacy of Google's cloud computing privacy and security safeguards. Today EPIC also filed a lawsuit against the National Security Agency and the National Security Council, seeking a key document governing national cybersecurity policy. For more information, see EPIC FOIA Litigation and EPIC Cloud Computing.
- EPIC Sues NSA to Force Disclosure of Cyber Security Authority » (Feb. 4, 2010)
EPIC has filed a lawsuit against the National Security Agency and the National Security Council, seeking a key document governing national cybersecurity policy. The document, National Security Presidential Directive 54 grants the NSA broad authority over the security of American computer networks. The agencies violated the Freedom of Information Act by failing to make public the Directive and related records in response to EPIC's request. EPIC's suit asks a federal judge to require the release of the documents. Congress is currently debating cyber security policy. For more information, see EPIC FOIA Litigation, EPIC Critical Infrastructure Protection.
- Senate to Investigate NSA "Overcollection" » (Apr. 17, 2009)
Senator Dianne Feinstein has announced that the Senate Intelligence Committee will hold a hearing on the National Security Agency's interception of phone calls and private e-mail messages of Americans. Recently, the New York Times reported that the NSA's activities went beyond the legal limits established by the Congress last year. EPIC has a related lawsuit asking a federal court to force the release of memos on the legal authority for domestic surveillance of American citizens. For more information, see EPIC's page on Freedom of Information Act Work on the National Security Agency's Warrantless Surveillance Program.
- Cybersecurity Czar Steps Down, Warns of Growing NSA Influence » (Mar. 9, 2009)
Rod Beckstrom, Director of the National Cybersecurity Center, has resigned. In a letter to Homeland Security Secretary Janet Napolitano, Beckstrom warned of the increasing role of the National Security Agency in domestic security. The "intelligence culture is very different than a network operation or security culture... the threats to our democratic processes are significant if all top government network and monitoring are handled by any one organization... we have been unwilling to subjugate the NSCS under the NSA," wrote the former NCSC Director. The announcement follows Congressional testimony from the new Director of National Intelligence that the NSA should be responsible for network security. EPIC has long maintained that the NSA, though it plays a vital role in gathering foreign intelligence, should not be the lead agency for domestic network security because it also engages in extensive and unregulated spying. See EPIC Computer Security Act of 1987.
- Justice Department Releases Domestic Surveillance Memos and Opinions » (Mar. 3, 2009)
Attorney General Eric Holder announced that the Department of Justice will make public memos and opinions concerning warrantless surveillance, and other controversial claims of Presidential authority, that were prepared in the wake of 9/11. The documents describe the legal basis for President Bush's domestic surveillance program. After learning of the warrantless wiretap program, EPIC sued the Department of Justice under the Freedom of Information Act to compel disclosure of legal memos concerning the program. Government lawyers subsequently disavowed the justifications for the warrantless surveillance. For more, see EPIC's "National Security Agency's Warrantless Surveillance Program" page.
- All records concerning an agreement or similar basis for collaboration, final or draft, between the NSA and Google regarding cyber security;
- All records of communication between NSA and Google concerning Gmail, including but not limited to Google's decision to fail to routinely encrypt Gmail messages prior to January 13, 2010; and
- All records of communications regarding NSA's role in Google's decision regarding the failure to routinely deploy encryption for cloud-based computing service, such as Google Docs.
- EPIC's Complaint Against NSA (Sept. 13, 2010) (pdf)
- NSA's Answer to EPIC's Complaint (Oct. 27, 2010) (pdf)
- NSA Motion for Summary Judgment (Dec. 22, 2010) (pdf)
- EPIC's Opposition and Cross Motion for Summary Judgment (Jan. 28, 2011) (pdf)
- NSA's Opposition and Reply (Feb. 18, 2011) (pdf)
- EPIC's Reply (Mar. 4, 2011) (pdf)
- District Court Memorandum Opinion, 798 F.Supp.2d 26 (D.D.C. 2011) (July 8, 2011) (pdf)
- EPIC's Notice of Appeal (Sept. 9, 2011) (pdf)
- Order Setting Briefing Schedule (Nov. 16, 2011) (pdf)
- Order Scheduling Oral Argument (Nov. 22, 2011) (pdf)
- EPIC's Opening Brief (Jan. 3, 2012) (pdf)
- Joint Appendix (Jan. 3, 2012) (pdf)
- NSA's Opening Brief (Jan. 26, 2012) (pdf)
- EPIC's Reply Brief (Feb. 16, 2012) (pdf)
- Opinion, EPIC v. NSA, 678 F.3d 926 (D.C. Cir. 2012)
- EPIC's February 4, 2010 request for agency records under the Freedom of Information Act
- NSA's March 10, 2010 letter acknowledging of receipt of EPIC's FOIA request and invoking the Glomar Response
- EPIC's May 7, 2010 Administrative Appeal to the NSA
- In 1976, NSA Was Tasked to Help Secure Private Communications, Secrecy News, March 12, 2012.
- DOJ Asks Court To Keep Secret Any Partnership Between Google, NSA, BLT: The Blog of Legal Times, March 9, 2012.
- A New Approach to China, Google Blog, January 12, 2010.
- Mike McConnell on How to Win the Cyber-War We're Losing, Washington Post, February 28, 2010.
- Google to enlist NSA to help it ward off cyberattacks, Washington Post, February 4, 2010.
- Google Working With NSA to Investigate Cyber Attack, Wall Street Journal, February 4, 2010.
- Default https access for Gmail, Google Blog, January 13, 2010.
- HTTPS Security for Web Applications, Google Security Blog, June 1, 2009.
- In re: Google, Inc. and Cloud Computing Services, EPIC, March 17, 2009.
- Letter from Eileen Harrington, Acting Director, Bureau of Consumer Protection (FTC), EPIC, March 18, 2009.
- An open letter to Google's CEO, Eric Schmidt, Christopher Soghoian, June 16, 2009.
- About EPIC
- Press Center
- EPIC's Work
- Litigation Docket
- Amicus Briefs
- APA Comments
- EPIC Consumer Privacy Project
- EPIC Domestic Surveillance Project
- FOIA Cases
- EPIC International Privacy Project
- EPIC Open Government Project
- EPIC Policy Project
- EPIC Student Privacy Project
- EPIC Congressional Testimony
- EPIC Publications
- Privacy Campaigns
- Spotlight on Surveillance
- EPIC Amicus Tracker
- EPIC Affiliated Sites
- Hot Policy Issues
- Algorithmic Transparency
- Big Data
- Cloud Computing
- Consumer Privacy Bill of Rights
- Cybersecurity
- Donor Privacy
- Drones and UAVs
- Equifax Data Breach
- EU Data Protection Directive
- GDPR
- Google Purchase Tracking
- Government Surveillance
- Internet of Things
- Location Privacy
- Right to be Forgotten
- Privacy Shield
- Search Engine Privacy
- Schrems Case (Safe Harbor)
- Social Media Monitoring
- Student Privacy
- Voter ID Laws
- EPIC's Work
- Litigation Docket
- Amicus Briefs
- APA Comments
- EPIC Consumer Privacy Project
- EPIC Domestic Surveillance Project
- FOIA Cases
- EPIC International Privacy Project
- EPIC Open Government Project
- EPIC Policy Project
- EPIC Student Privacy Project
- EPIC Congressional Testimony
- EPIC Publications
- Privacy Campaigns
- Spotlight on Surveillance
- EPIC Amicus Tracker
- Press Center
- Affiliated Sites
- FOIA Documents
- Hot Policy Issues
- Algorithmic Transparency
- Big Data
- Cloud Computing
- Consumer Privacy Bill of Rights
- Cybersecurity
- Donor Privacy
- Drones and UAVs
- Equifax Data Breach
- EU Data Protection Directive
- GDPR
- Google Purchase Tracking
- Government Surveillance
- Internet of Things
- Location Privacy
- Right to be Forgotten
- Privacy Shield
- Search Engine Privacy
- Schrems Case (Safe Harbor)
- Social Media Monitoring
- Student Privacy
- Voter ID Laws
- About EPIC
- EPIC Bookstore
- Support EPIC
Outcome
The U.S. Court of Appeals for the D.C. Circuit ruled on May 11, 2012, affirming the lower court judgment and upholding the National Security Agency's "Glomar" response to EPIC's Freedom of Information Act Request for communications sent to the NSA by Google related to a 2010 cyber attack. In response to EPIC's request, the NSA stated that it could "neither confirm nor deny the existence of records" responsive records (a "Glomar" response). The court held that the NSA was not required to confirm the existence of the records because Section 6 of the National Security Agency Act exempts from disclosure "the organization or any function of the National Security Agency" and because "acknowledging the mere existence of responsive records would disclose exempt information."
Background
On March 17, 2009, EPIC filed a complaint with the Federal Trade Commission (FTC), urging an investigation into Google's cloud computing services to determine "the adequacy of the privacy and security safeguards." The complaint followed a reported security breach of Google Docs. EPIC observed that Google repeatedly assured consumers that their services stored user-generated data securely, but had opted to not encrypt the personal information stored or transmitted on its computer network by default.
On June 16, 2009, Christopher Soghoian wrote an open letter to Google CEO, Eric Schmidt that was joined by 37 researchers and academics in the fields of computer science, information security, and privacy law. The letter pointed out that Google had already employed encryption techniques to protect individuals' login information, but did not enable it to protect information transmitted over their network. The letter pointed out that, while the option to encrypt this information was available, it was difficult to locate, even for sophisticated users who were aware of what to look for.
Google opted to ignore both of these warnings.
On January 12, 2010, Google reported that the company had suffered a "highly sophisticated and coordinated" cyber attack originating from China. The attackers planted malicious code in Google's corporate networks, and resulted in the theft of Google's intellectual property, and at least the attempted access of the Gmail accounts of Chinese human rights activists. The following day, Google changed a key setting, causing all subsequent traffic to and from its electronic mail servers to be encrypted by default. On February 4, 2010, the Washington Post reported that Google had contacted the National Security Agency ("NSA") regarding the firm's security practices immediately following the attack. In addition, the Wall Street Journal stated that the NSA's general counsel had drafted a "cooperative research and development agreement" within 24 hours of Google's announcement of the attack, which authorized the Agency to "examine some of the data related to the intrusion into Google's systems."
EPIC's Freedom of Information Act Requests and Subsequent Lawsuit
On February 4, 2010, EPIC filed a Freedom of Information Act ("FOIA") request with the National Security Agency ("NSA"). EPIC requested the following agency records:
By letter dated March 10, the NSA acknowledged receipt of EPIC's FOIA Request and granted EPIC's request for a fee waiver. The NSA's letter invoked FOIA exemption b(3) and Section 6 of the National Security Agency Act in order to issue a Glomar response. A Glomar response is the Agency's act of neither confirming nor denying the existence of Agency records responsive to the Request.
On May 7, 2010, EPIC filed an administrative appeal stating that the NSA had failed to present factual evidence that the requested documents fell within Section 6 and that established FOIA exemptions could sufficiently conceal protected information. The NSA never replied to EPIC's appeal or produced responsive documents. EPIC filed a complaint in United States District Court for the District of Columbia on September 13, 2010. The NSA argued that the Agency was under no obligation to conduct a search prior to determining that any potentially responsive records would implicate the Agency's functions or activities. Judge Richard Leon deferred to the NSA's judgment in a Memorandum Opinion dated July 8, 2011. EPIC filed a Notice of Appeal in the D.C. Circuit Court on September 9, 2011. The court heard oral argument on March 20, 2012, and decided the case on May 11, 2012. EPIC v. NSA, 678 F.3d 926 (D.C. Cir. 2012).
The Glomar Doctrine
In a unique category of FOIA cases, an agency may issue a “Glomar response” and refuse to confirm or deny the existence of records. Gardels v. CIA, 689 F.2d 1100, 1103 (D.C. Cir. 1982); see also Miller v. Casey, 730 F.2d 773, 776-77 (D.C. Cir. 1984); Phillippi v. CIA, 546 F.2d 1009, 1012 (D.C. Cir. 1976). Courts uphold Glomar responses when “to answer the FOIA inquiry would cause harm cognizable under” an applicable statutory exemption. Gardels, 689 F.2d at 1103. Glomar responses must be tethered to a specific exemption. The agency must demonstrate that acknowledging the mere existence of responsive records would disclose exempt information. Wolf v. CIA, 473 F.3d 370, 374 (D.C. Cir. 2007).
In Glomar cases, courts may grant summary judgment on the basis of agency affidavits that contain “reasonable specificity of detail rather than merely conclusory statements, and if they are not called into question by contradictory evidence in the record or by evidence of agency bad faith.” Gardels, 689 F.2d at 1104-05 (citing Halperin v, CIA, 629 F.2d 144, 148 (D.C. Cir. 1980)). The supporting affidavit must give a “logical” justification for the Glomar response based on “general exemption review standards established in non-Glomar cases.” Wolf, 473 F.3d at 375. “Very importantly, ‘the burden is on the agency to sustain its action.’” Founding Church of Scientology of Washington, D.C., Inc. v. NSA, 610 F.2d 824, 830 (D.C. Cir. 1979). This Circuit has made clear that “‘[c]onclusory and generalized allegations of exemptions’ are unacceptable; if the court is unable to sustain nondivulgence on the basis of affidavits, in camera inspection may well be in order.” Wolf, 473 F.3d at 375.
Legal Documents
EPIC v. National Security Agency, Case No. 10-1533 (RJL) (D.D.C. filed Sept. 13, 2010)
EPIC v. National Security Agency, Case No. 11-5233 (D.C.Cir. filed Sept. 9, 2011)
Freedom of Information Act Documents
Resources
Share this page:
Support EPIC
EPIC relies on support from individual donors to pursue our work.
Subscribe to the EPIC Alert
The EPIC Alert is a biweekly newsletter highlighting emerging privacy issues.

Electronic Privacy Information Center
1718 Connecticut Ave, N.W.
Suite 200
Washington, DC 20009
202.483.1140
info[at]epic[dot]org
© 1994 - 2019 EPIC, all rights reserved.
Electronic Privacy Information Center
1718 Connecticut Ave. NW Washington, DC 20009
More info