Electronic Privacy Information Center v. National Security Agency

National Security Policy Directive 54, the document at issue in this Freedom of Information Act (FOIA) case, established a Comprehensive National Cybersecurity Initiative for executive agencies to safeguard federal cybersecurity. This Directive, issued by President George W. Bush in 2008, set a federal policy with broad application, much like an executive order. The Directive was disseminated to various Cabinet officials, agency heads, and presidential advisors, and all but a single paragraph of the document is unclassified, although not public. The Electronic Privacy Information Center (EPIC) filed a FOIA request to gain access to the Directive, and the government claimed that the Directive was exempt under FOIA Exemption 1 (as classified information) and Exemption 5 (as a document protected by the presidential communications privilege). The federal district court held sua sponte that the Directive is not an “agency record” because the document, although in the hands of federal agencies, is under the White House’s control. It reached this issue, not briefed by any party, because it concluded that a document’s status as an “agency record” is a jurisdictional prerequisite under FOIA.

On appeal, PCLG represents Public Citizen and five other open government groups as amici in support of EPIC and reversal of the district court’s decision. The amicus brief contends that whether the Directive is an “agency record” is an issue reached by the district court only as a result of legal error. The district court’s jurisdictional holding ignores a long line of Supreme Court cases, in particular Steel Co. v. Citizens for a Better Environment, 523 U.S. 83 (1998), whose rationale makes clear that the “agency record” issue does not implicate a district court’s subject-matter jurisdiction. Because the “agency record” issue is not jurisdictional, the district court had no obligation to consider it, and the NSA in fact waived the issue. The amicus brief also contends on the merits that the Directive is, in fact, an agency record. It explains why the Directive in this case is not analogous to the records at issue in Judicial Watch v. Secret Service, 726 F.3d 208 (D.C. Cir. 2013), which held that White House visitor logs were not agency records. The brief also explains why the district court’s decision manipulates the meaning of the term “agency record,” creating a threshold barrier for FOIA requesters that avoids FOIA’s basic structure, which focuses on the applicability of the statute’s nine exclusive exemptions.

While the appeal was pending, the NSA released the directive to EPIC. The parties then jointly moved to dismiss the appeal.