Last week PPSA appealed a federal district court decision denying our motion under the Freedom of Information Act (FOIA) to force the FBI to produce records concerning the agency’s “unmasking” of various Members of Congress. Although the legal issue in this case may seem technical and abstruse, the legal question PPSA presents is important to Americans’ ability to hold our government accountable for surveillance directed at all of us. 
 
These are the kinds of overarching, important concerns behind our FOIA requests. But such larger issues are often subsumed along the way in legal wrangling. These cases often center around the government’s efforts to avoid responding to a FOIA at all.
 
At first blush, the FOIA process seems straightforward. You might imagine that: PPSA files a FOIA request seeking records concerning surveillance practices, training, or procedures to a given government agency; the request is transmitted to the relevant agency component; and then the agency produces responsive records a few weeks later and we publicize them. After all, that is what FOIA requires.
 
But things are never so easy with FOIA. Government agencies routinely employ delaying tactics and denials to frustrate and exhaust even the most persistent requesters. In addition to simply ignoring requests, FBI and other agencies rely on a judicially invented doctrine called the Glomar response to claim that they are not even required to confirm or deny the existence of records about a given subject. Elsewhere, agencies claim that they don’t need to comply with FOIA because it would be too burdensome, as if digital search engines had yet to reach government record-keeping.
 
Such responses were meant by Congress to be rare exceptions to the rule. In practice, they’ve become the rule.
 
In the face of such obstructionism from officialdom, PPSA always takes the long view. A FOIA request is just the opening play in a long set. A denial, often on Glomar grounds, is the customary result. Once we receive an official denial to our request (usually long past the statutory deadline), PPSA then files an administrative appeal. Barring a satisfactory result (which is rare), we take the agency to court.
 
So we were not surprised when a judge on the U.S. District Court for the District of Columbia upheld the government’s argument that it cannot respond to a FOIA request we filed in 2020.
 
PPSA had asked for documents concerning government identification, or “unmasking,” of 48 sitting and former members of congressional intelligence committees in their communications from 2008 to 2020. Predictably, the government pled “Glomar,” and the judge agreed. So we are appealing.
 
In another case, PPSA was surprised when a request for FBI records of opinions from the Foreign Intelligence Surveillance Court (FISC) was denied because – the FBI asserted – it cannot locate these court opinions on its revised computer system. As excuses go, this is a dog-ate-my-homework level of sophistication. This is where flabber goes to meet with gasted. If the FBI truly cannot locate FISC opinions directed at the Bureau, we are truly in trouble.
 
In this instance, PPSA is pursuing an administrative appeal to DOJ’s Office of Information Policy. The appeal is couched in the customary legalese, but the gist of it is: “C’mon guys, this last one doesn’t pass the laugh test.”
 
Following FOIA requests on their long journeys is a tough, gritty business. But, as they say, it may be a dirty job, but someone has to do it.

In a twist on the classic song, “Yes, We Have No Bananas,” the FBI issued a non-response response to a PPSA Freedom of Information Act (FOIA) request for opinions concerning the bureau from the secret Foreign Intelligence Surveillance Court (FISC) since 1978.
 
The FBI’s response to the Project for Privacy and Surveillance Accountability is simple but direct: We have these opinions, but our computer systems cannot access them. The section chief of the FBI’s Information Management Division wrote:
 
“Your request for the above referenced subject is not searchable in our indices. The FBI Central Records System (CRS) is indexed according to investigatory interests, and it is not arranged in a manner that allows for the retrieval of information in the form you have requested.”
 
In a filing before Judge Rudy Contreras of the FISC Court earlier this year, the FBI said it has difficulty complying with FOIA requests as it transitions the workflow of the bureau’s components to a new system known as “the Bridge.” The FBI projects that this systemic transition will be complete in first quarter, 2023, at the earliest.
 
Gene Schaerr, general counsel of the Project for Privacy, responded:
 
“We are told that it is beyond the ability of one of the world’s most storied investigative and intelligence agencies to find secret court opinions that directly responded to it. If this is true, it is a wonder that FBI employees can do anything. Those of us in the civil liberties community, however, cannot summon such a level of naïveté. The FBI’s non-response response is risible and can only be taken as disdain for the Freedom of Information Act.
 
“Ultimately, it is up to federal judges, including those on the FISC, to compel the FBI to obey the law.”

​Judge Rudolph Contreras, of the U.S. District Court for the District of Columbia, gave PPSA a victory in our quest to compel the FBI to search and possibly produce correspondence between Members of Congress and agencies about their “unmasking.”
 
More than one year ago, PPSA filed suit to follow up on a Freedom of Information Act (FOIA) request asking the FBI to produce documents about the potential unmasking or identification of individual members of Congress whose messages are caught up in intercepts of foreign communications. We specifically asked for correspondence between House Members and Senators with federal agencies regarding unmasking. We also asserted that since the Gates Procedures – the method by which congressional identities are handled and can be deanonymized – are in the public domain, the FBI cannot issue a Glomar response, which neither confirms nor denies the existence of such records.
 
Judge Contreras denied this broader motion, saying it wasn’t relevant to the core request about acquiring correspondence. But he found merit with the other request about correspondence.
 
The judge wrote: “But there exists a separate category of documents: communications between the FBI and Congress that are a degree removed from FISA-derived documents and which discuss congressional unmasking as a matter of legislative interest, policy, or oversight … The FBI must conduct a search for any ‘policy documents’ in its possession.”
 
FBI attorneys had argued that the core of our request was for “operational documents” concerning congressional unmasking. Judge Contreras rejected that contention, noting there are not necessarily any law enforcement procedures, techniques, or guidelines “that would risk circumvention of the law … because acknowledging the existence of congressional inquiries would not necessarily reveal anything about the FBI’s operations.” Such policy documents are “well within the four corners of the FOIA request.”
 
If the FBI follows it traditional path and issues a Glomar response anyway, PPSA will be there to press further litigation. And we will report any findings with alacrity.

The first responsive information from the Office of the Director of National Intelligence to a Freedom of Information Act (FOIA) lawsuit for records concerning U.S. intelligence purchases of the private data of American citizens is trickling in. As often happens, cursory information allows us to catch a glimpse of secret practices, if only through a glass darkly.
 
The ears of civil libertarians perked up when Director of National Intelligence Avril Haines (1:17:05 mark) in her Senate confirmation hearings in early 2021 was asked about purchases of Americans’ data by Sen. Ron Wyden, (D-OR). She responded:
 
“I would seek to try to publicize, essentially, a framework that helps people understand the circumstances under which we do that and the legal basis that we do that under.”
 
Haines further promised to provide transparency “so people have an understanding of the guidelines under which the intelligence community operates.”
 
On May 17, 2021, PPSA requested records related to statements by Director Haines concerning the promise to publicize the circumstances under which the U.S. intelligence community purchases Americans’ private data, and its legal basis for doing so. After one year of awaiting a response – long past the statutory deadline – PPSA filed a lawsuit in July 2022 to press ODNI to respond to the request.
 
PPSA announces today that it received a reply that ODNI conducted a search and found approximately 1,000 emails potentially responsive to our request.
 
ODNI, however, explains that it does not have “de-duplication” software that would winnow the body of records to single copies. This is remarkable, since almost every other executive agency has such software, including many under ODNI’s purview. Searches of the documents will have to be done by hand and eye. With personnel changes, ODNI explains, it can only begin releasing records in late November – eighteen months after the submission of the FOIA request and in the middle of the holiday and travel season.
 
PPSA filed a motion asking a federal court to require ODNI to process at least 500 pages of records a month.
 
“What is most interesting about ODNI’s response,” said Gene Schaerr, general counsel of PPSA, “is that it has perhaps a thousand emails about living up to Director Haines’ promise of a degree of transparency without referring to a single document that would actually indicate that the office is transparent.”
 
PPSA will release more information from this legal action as ODNI produces results.

​Since the mid-1960s, the Freedom of Information Act (FOIA) has allowed American citizens and civil liberties organizations to obtain unclassified documents from federal agencies, shedding light on official actions and policies. In recent years, however, the government has devised many creative ways to stall, obfuscate, and outright withhold answers to FOIA requests, while seeming to be as responsive as possible. Cato Institute scholar Patrick Eddington calls these tactics “constructive denial.”
 
For over two years, Cato filed FOIA requests to obtain FBI records on militia groups of the left and the right, including the white supremacist Patriot Front. “Groups like the Patriot Front,” Eddington writes in The Hill, “are, in the view of most Americans, a moral and political blight that the country would be far better off without. At the same time, the protection of offensive ideas and speech are at the heart of the purpose of the First Amendment.” Thus, Cato sought records to better understand the threat posed by these groups and the nature of the government’s response.
 
In defiance of FOIA’s requirement that the FBI send the requested documents to the requester himself, the FBI replied to Cato that it would eventually file the documents on an FBI website. “You will be notified when releases are available.”
 
In other words, buzz off.
 
Constructive denial can be seen in another form after PPSA filed suit against the National Security Agency, the CIA, the Department of Justice and FBI, and the Office of the Director of National Intelligence in June to compel the release of records pertaining to the possible purchase of the personal information of more than 100 current and former Members of the House and Senate Judiciary Committees from private data brokers.
 
This is understandably a sensitive question, given that current and former judiciary committee lawmakers include Chairman Jerrold Nadler, Ranking Member Jim Jordan, Chairman Dick Durbin, Ranking Member Chuck Grassley, as well as Vice President Kamala Harris and Florida Gov. Ron DeSantis. Still, it would be a matter of public interest – not to mention to these legislators themselves – if the government were buying up their personal information. Such an act could yield leverage for executive branch agencies to bully leading Members of Congress, subtly undermining democracy.
 
The agencies’ response to PPSA’s FOIA request over summer 2021 was to issue Glomar responses, a judicially invented doctrine that neither confirms nor denies that such records exist.
 
Now that PPSA has sued to enforce its request, these agencies have come back with an answer that doubles down on a government theory that it would be too dangerous to national security for these agencies to even search for such documents. At the same time, government responses strike a tone of wanting to be as cooperative as possible.
 
One choice example: PPSA asserted a “right of prompt access to requested records under the law.” The National Security Agency responded: “To the extent that a response is required, Defendant NSA denies the allegation, including the fact that NSA has wrongfully withheld records.” This is a construction worthy of Joseph Heller’s Catch-22.
 
Gene Schaerr, PPSA general counsel, responds: “The government’s answers disingenuously conflate an internal search for documents with an external response to a question. The government feels free to treat FOIA as polite supplication instead of a law that must be obeyed. PPSA will continue to press on for a serious answer in federal court.”
 
In the meantime, expect the government to come up with many new forms of constructive denial.

Courts throw out cases in which the government violated the Fourth Amendment to gain evidence obtained illegally. Prosecutors, dreading such a rebuke, have sometimes resorted to “parallel construction” – using illicitly gained knowledge to turn up evidence from a source acceptable in court.
 
Suppose, for example, that an illegal wiretap by federal investigators reveals that a target will deliver drugs to a certain street corner. They could then alert local police to decide that specific corner is a good place for a spot-check with drug-sniffing dogs.
 
In this way, evidence obtained by illicit surveillance can be laundered. This seems to be especially prone to happen when law enforcement relies on “stingrays” – the common name for cell-site simulators, equipment that mimics a cellphone tower to ping the location of a cellphone.
 
The FBI, in 2014, after providing the Oklahoma City police with stingray technology, sent that department a memo telling the police that the stingray is for “lead purposes” only and “may not be used as primary evidence in any affidavits, hearings or trials.” Instead, the FBI required the police to use “additional and independent investigative means and methods, such as historical cellular analysis, that would be admissible at trial” to corroborate information obtained using the stingray. The Cato Institute’s Adam Bates analyzed such agreements and concluded that “law enforcement uses some surreptitious and, perhaps, constitutionally dubious tactics to generate a piece of evidence. In order to obscure the source of that evidence, police will use the new information as a lead to gather information from which they construct a case that appears to have been cracked using routine police work.” 
 
Perhaps because of reporting like Cato’s analysis, formal FBI agreements to sell stingrays to local law enforcement – at least those released to the public – appear to be missing this language.
 
But what about informal agreements?
 
In two responses to PPSA’s Freedom of Information Act requests, the FBI has used similar language in 2015 and 2020 deals to allow police to use stingrays. To be fair, these may be one-off situations. Both cases seem to have been loaner deals, in which stingrays were deployed in “exigent” or emergency circumstances.
 
For example, one 2015 email chain shows that an agency agreed to the FBI’s request that “it is required to use additional and independent investigative means and methods, such as [redacted] that would be admissible at trial to corroborate information concerning the location of the target obtained through the use of this equipment.”
 
Comparing this redacted language to the unredacted provisions imposed on the Oklahoma City police, it appears that the FBI continues to push local law enforcement to hide their stingray use from the courts. On the other hand, this language is missing from other NDA forms PPSA has obtained. Has the FBI abandoned this practice? Or is it continuing “off the books” in some fashion to encourage local law enforcement to launder evidence?

​In response to a Freedom of Information Act request from PPSA about classification procedures, the State Department reported that based on a representative sampling, only a tiny number of documents were improperly or overly classified. This seemed to us a mind-boggling response given the mountains of documents stamped classified every day at Foggy Bottom. Now, PPSA has obtained data from across the government to show the State Department’s response was misleading.
 
At a 2015 open house presentation by the National Archives and Records Administration, a graphic produced by the Information Security Oversight Office showed that nearly 100 million items are classified each year by the federal government. An Obama-era law and executive order provide the means for people within the agencies to challenge a classification decision without fear of retribution.
 
So how is that working out?
 
Of these 100 million decisions, only a minuscule fraction is challenged — in one year, much less than 1% of 1%. The graph demonstrates the extent to which the government continues to hide much of its operations from the American people.

​The Project for Privacy and Surveillance Accountability today filed a Freedom of Information Act (FOIA) lawsuit against the Office of the Director of National Intelligence (ODNI) over the refusal of the government to turn over records concerning U.S. intelligence community purchases of the private digital data of American citizens.
 
The government’s stonewalling continues well past its failure to meet any of the deadlines required by the FOIA statute. It also flies in the face of a pledge made by Director of National Intelligence Avril Haines (1:17:05 mark) in her Senate confirmation hearings on Jan. 19, 2021. When Sen. Ron Wyden, (D-OR) asked about informing the American people about purchases of their data, Haines responded:
 
“I would seek to try to publicize, essentially, a framework that helps people understand the circumstances under which we do that and the legal basis that we do that under.”
 
Haines further promised to provide transparency “so people have an understanding of the guidelines under which the intelligence community operates.”
 
In response, PPSA requested “all agency records created, altered, sent, or received in preparation for any public disclosure, as contemplated by Director Haines,” including:

• The intelligence community’s purchases of Americans’ private data

 

• The legal basis for doing so

 

• The guidelines under which the intelligence community operates in making those purchases.

 
The government acknowledged receiving PPSA’s initial FOIA request on June 2, 2021. PPSA inquired about the lack of a substantive response more than one year later. On June 23, 2022, ODNI responded: “we cannot speculat[e] on a specific response date.”

More than thirty business days later, after the ODNI failed to indicate whether it will fully comply with the FOIA request, PPSA decided to file suit.
 
“This is a golden opportunity for Director Haines to demonstrate that the intelligence community will live up to her promise to provide at least some transparency,” said Gene Schaerr, PPSA general counsel. “As Avril Haines herself stated, the American people deserve to know the circumstances in which the intelligence community purchases our personal data and the legal basis for doing so.
 
“Director Haines promises to ‘publicize’ that legal basis. I hope she does, instead of allowing her office to continue to stonewall.”

​The American Civil Liberties Union performed an invaluable service for the American people today by releasing records from Department of Homeland Security agencies that demonstrate the sweep of the government’s routine violation of the Fourth Amendment  by purchasing Americans’ personal data from data brokers.
 
The ACLU’s Freedom of Information Act lawsuit against DHS agencies includes Customs and Border Protection, Immigration and Customs Enforcement, the U.S. Secret Service, and the U.S. Coast Guard. This lawsuit is ongoing, but these first disclosures are eyepopping.
 
The ACLU lawsuit reveals:

• Your own tax dollars are being used to expose your privacy. DHS spends millions of taxpayer dollars to buy access to cellphone location information being aggregated and sold by two “shadowy data brokers,” Venntel and Babel Street.

 

• There is some internal angst in the agencies over the legitimacy of what they are doing. One DHS employee wrote that “[l]egal, policy, and privacy reviews have not always kept pace with the new and evolving technologies.”

 

• The government entertains specious legal theories justifying this raid on cellphone location data. It maintains that everyone with a cellphone relinquishes privacy voluntarily. ACLU’s response is “that consent is fiction: Many cellphone users don’t realize that many apps on their phones are collecting GPS information, and certainly don’t expect that data to be sold to the government in bulk.”

 

• The government is after our “patterns of life.” Documents characterize cellphone location information as “digital exhaust” with no personally identifying information. Yet these documents also say that through purchased data, law enforcement can “identify repeat visitors, frequented locations, pinpoint known associates, and discover pattern of life.”

 

• The project to pinpoint Americans’ location is on an astronomical scale. One data broker, Venntel, sent marketing materials to DHS claiming to collect 15 billion location points from over 250 million cellphones and other mobile devices every day.

 
“ACLU’s findings should concern every American with a cellphone,” said Bob Goodlatte, former Chair of the House Judiciary Committee and now Senior Policy Advisor to PPSA. “ACLU’s determined effort to expose the scale of government intrusion into our privacy is a monumental public service. With the House and Senate now holding hearings into these practices, Congress has every reason to require warrants to intrude into our digital lives by passing the Fourth Amendment Is Not for Sale Act.”
 
Bob Goodlatte will testify on the government’s practice of buying Americans’ personal data tomorrow before the House Judiciary Committee.

The Project for Privacy and Surveillance Accountability today announced the filing of a lawsuit in federal court against the National Security Agency, the Central Intelligence Agency, the U.S. Department of Justice, and the Office of the Director of National Intelligence, to compel the release of documents pertaining to the possible purchasing of the personal information of more than 100 current and former Members of the House and Senate Judiciary Committees from private data brokers.
 
The lawsuit, filed in the United States District Court for the District of Columbia, seeks records relating to data purchases of these current and former lawmakers that include Jerrold Nadler, Chairman of the House Judiciary Committee, Ranking Member Jim Jordan, Sen. Dick Durbin, Chairman of the Senate Judiciary Committee and Ranking Member Sen. Chuck Grassley. The list includes many leading lights of both parties, from current Vice President Kamala Harris to Florida Gov. Ron DeSantis, both former Members of Congress.
 
These government agencies responded over the summer 2021 to PPSA’s FOIA request with Glomar responses, a judicially invented doctrine that neither confirms nor denies that such records exist.
 
At the time, Gene Schaerr, PPSA general counsel, responded: “The government doesn’t want to even entertain our question. What do they have to hide?”
 
He added: “This troubling refusal gives all the more reason for Congress to pass the Fourth Amendment Is Not for Sale Act, which would ban such surveillance from purchased data. If Vice President Harris and Gov. DeSantis are potentially having their rights violated, imagine how little protection you and I have.”