Elec. Privacy Info. Ctr. v. DHS, No. 12-0333, 2015 WL 4638303 (D.D.C. Aug. 4, 2015) (Kessler, J.)
Elec. Privacy Info. Ctr. v. DHS, No. 12-0333, 2015 WL 4638303 (D.D.C. Aug. 4, 2015) (Kessler, J.)
Re: Request for records concerning Defense Industrial Base Cyber, cyber-security pilot program jointly conducted by DOD and DHS
Disposition: Granting in part and denying in part defendant's motion for summary judgment; denying plaintiff's motion for summary judgment
- Procedural Considerations, Adequacy of Search: The court holds that "the Government has shown that the initial search conducted by DHS in response to [plaintiff's] FOIA request was meticulous, organized, and thorough." The court finds that defendant "explains in great detail how the search was conducted, which subdivisions and employees of DHS conducted the search, and the results of the search." The court additionally finds that "[w]hile [plaintiff] contends that DHS should have performed an additional search after [plaintiff] discovered the existence of crossreferenced documents . . . our Court of Appeals has made clear that agencies do not need to examine every crossreferenced document uncovered after an initial disclosure." "Although it is true that some documents were responsive, it was a very small number and in no way detracts from the Government's extraordinary efforts in executing its search."
- Exemption 1: "As the Court gives a presumption of good faith to [defendant's] affidavit, and because EPIC has provided no support for its allegation that the declarations provided by DHS are insufficient, the Court concludes that the Second [defendant] declaration, along with [another defendant] declaration from another case, are sufficient to establish that [the Associate Director for Policy and Records at the National Security Agency] is an authority on classified materials who properly identified documents to be withheld under the Executive Orders pursuant to Exemption 1."
- Exemption 3: "[T]he Court concludes that DHS has provided sufficient details justifying application of Exemption 3 and the information was properly withheld under Section 6 and Section 798." The court relates that "[t]he Government withheld documents under Exemption 3 based on two statutes: 18 U.S.C. § 798 . . . and Section 6 of the National Security Agency Act of 1959, Pub.L. No. 86–36, 73 Stat. 64 (codified at 50 U.S.C. § 3605)." The court rejects plaintiff's "conten[tion] that the second prong is not satisfied because the Government has not demonstrated how the statutes apply to nondisclosure." The court rejects plaintiff's argument with regard to Section 798 because it was "based on its prior [rejected] contention that the Government has not shown that [the Associate Director for Policy and Records at the National Security Agency] has original classification authority and therefore the documents are not properly classified." Regarding Section 6, the court rejects plaintiff's "conten[tion] that documents withheld under Section 6 are not related solely to NSA functions or activities."
- Exemption 4: The court holds that "DHS has met its burden of showing why Exemption 4 applies to the identities of participants in the DIB Cyber Pilot program." First, "the Court concludes that the names of participants in the DIB Cyber Pilot are correctly considered commercial information in this particular context." "The Government argues, and the Court agrees, that while a company may not always have a commercial interest in its name and identity, the Court may also consider the context in which the issue arises." "The identities of which companies have participated in the DIB Cyber Pilot, if disclosed, could have a commercial or financial impact on the companies involved." Second, "the Court concludes that the identities of the companies would not ordinarily be released to the public and are confidential." The court finds that "[c]ompanies voluntarily participated in the DIB Cyber Pilot to allow DHS to help the companies better protect their own information systems and enhance their cybersecurity." The court also agrees with defendant that "'[i]f a company's participation in the DIB Cyber Pilot were publicly known, that company could face increased cyber targeting, exposing the company to greater business or financial loss ... [and] participation ... could be viewed as an admission of cyber vulnerability; a company could face competitive disadvantages or market loss if its participation were revealed.'"
- Exemption 5, Attorney-Client Privilege: The court holds that "there is no question that the redaction was properly exempted under the attorney-client privilege prong of Exemption 5." The court relates that "the particular portion [of an e-mail chain] redacted by the Government contains a communication between a DHS employee and a DHS attorney seeking legal review and advice."
- Exemption 7(D): "[T]he Court finds that the Government has failed to carry its burden to show that every participating company provided information to the Government" and, "[t]hus, the Government's application of Exemption 7(D) is not justified." The court explains that "the Government refers to the participating companies as 'sources,' without sufficiently explaining why the companies are sources." Specifically, "[w]hile the express promise of confidentiality is relevant, DHS has not contended that the companies provided any information pursuant to that promise."