Hillier v. Central Intelligence Agency ( 2018 )

                            UNITED STATES DISTRICT COURT
FOR THE DISTRICT OF COLUMBIA
WYNSHIP W. HILLIER,
Plaintiff,
v.                                                 Civil Action No. 16-cv-1836 (DLF)
CENTRAL INTELLIGENCE AGENCY, et al.,
Defendants.
MEMORANDUM OPINION
Pro se plaintiff Wynship Hillier invokes the Privacy Act of 1974, 5 U.S.C. § 552a, to
identify records about him at the Department of Homeland Security (DHS), United States
Department of State, and Central Intelligence Agency (CIA) (collectively the “defendants”).
Hillier claims these agencies have records confirming that he is “the target of a sophisticated
campaign” designed to render him an “involuntary psychiatric outpatient” and to convince him,
and others, that he suffers from “psychiatric disorders.” 2d Am. Compl. ¶ 4, Dkt. 33.
Dissatisfied by the agencies’ failure to produce any records, Hillier filed this lawsuit. Before the
Court are the defendants’ Motion for Summary Judgment, Dkt. 40, Hillier’s Motion for Partial
Summary Judgment Against Defendant United States Department of Homeland Security, Dkt.
41, and Hillier’s Cross-motion for Partial Summary Judgment Against the Central Intelligence
Agency and United States Department of State, Dkt. 48. For the reasons that follow, the Court
will grant in part and deny in part the defendant’s motion and deny Hillier’s motions.
I.     BACKGROUND
For the past six years, Wynship Hillier has sought records that he believes DHS,
Department of State, and CIA possess. His quest began in early 2012 1 when he sent letters to
these agencies asking whether certain record systems contained records about him. See Defs.’
Statement of Facts ¶¶ 3, 6, 17, 29, Dkt. 40-1; Pl.’s Statement of Genuine Issues ¶¶ 3, 6, 17, 29,
Dkt. 45. 2 Each agency processed Hillier’s requests under both the Privacy Act, 5 U.S.C. § 552a,
and the Freedom of Information Act (FOIA), 5 U.S.C. §552. But none of the agencies provided
records to Hillier because (1) none were found, (2) the relevant record systems were statutorily
exempt from the Privacy Act and FOIA, or (3) the CIA could neither confirm nor deny the
existence of records that might reveal a classified relationship with the agency. Defs.’ Statement
of Facts ¶¶ 3, 6, 19, 29. Hillier exhausted his administrative remedies and commenced this
lawsuit on September 12, 2016. See 2d Am. Compl. Exs. 1–54; Defs.’ Statement of Facts
¶¶ 9, 31.
1
It appears that Hillier initially submitted a Privacy Act request to the CIA by a letter dated
February 4, 2009. 2d Am. Compl. Ex. 3. The CIA responded on March 13, 2009 by notifying
Hillier that it would not process his request until he provided certain identifying information
required by regulation. 2d Am. Compl. Ex. 4 (citing 32 C.F.R. § 1901.13). There is no evidence
that Hillier provided the required information, but he later submitted another Privacy Act request
via a letter dated January 6, 2011 (the record is clear that the letter should have been dated
January 6, 2012, not 2011). See Defs.’ Statement of Material Facts ¶ 29 n.1; Pl’s. Statement of
Genuine Issues ¶ 29.
Separately, the record also reflects that a January 19, 2012 letter the plaintiff addressed to the
Department of State was not received until much later when “a copy of the . . . letter was
attached to subsequent correspondence between Plaintiff and [the agency].” Defs.’ Statement of
Material Facts ¶ 17; Pl’s. Statement of Genuine Issues ¶ 17.
2
Hillier does not dispute the facts this opinion cites from the defendants’ statement of material
facts. Compare Pl.’s Statement of Genuine Issues, Dkt. 45, with Defs.’ Statement of Facts, Dkt.
40-1. Accordingly, for convenience, the Court omits parallel citations to Hillier’s statement of
genuine issues, Dkt. 45. To be clear, Hillier disputes other facts contained in the defendants’
statement of material facts that are not cited here.
2
Since then, Hillier has zealously prosecuted his lawsuit. In addition to securing leave to
amend his complaint three times, he submitted over 1,300 pages of argument and evidence. See
Dkts. 15–18, 20, 22, 26, 31, 33–35, 38, 39, 41–43, 45, 46, 48, 49, 52–56, 59, 61, 64. 65.
When the defendants moved for summary judgment on August 24, 2017, see Dkt. 40,
Hillier countered on September 7, 2017 with a motion for partial summary judgment against
DHS, see Dkt. 41. He also filed an opposition to the defendants’ motion for summary judgment,
a motion to compel discovery, a motion to participate in hearings by telephone or televideo, see
Dkts. 42, 43, 45, and, on October 17, 2017, he filed a cross-motion for partial summary judgment
against the CIA and Department of State, see Dkt. 48.
About a week after this case was reassigned to the undersigned judge on December 5,
2017, Hillier moved for leave to file a surreply to the defendants’ motion for summary judgment,
see Dkt. 52, which the Court granted. Several weeks later, Hillier filed a 454-page request
asking the Court to take judicial notice of facts that he argued were contained in Federal Register
notices and proposed rules, Executive Orders and memoranda, federal statistical reports
published on agency websites, a telephone directory posted on a government website, a page
from a government website, other court records, dictionaries, law review articles, workday
calculations, and legislative reports and documents. Pl’s. Req. for Judicial Notice at 1, 35, 54,
65, 85, 87, 90, 92, 95, 96, Dkt. 54.
On February 23, 2018, Hillier moved to amend his motion for partial summary judgment
against DHS, cross-motion for partial summary judgment against the CIA and Department of
State, motion to compel discovery, and opposition to the defendants’ motion for summary
judgment. Mot. to Amend at 1, Dkt. 55. In support, Hillier submitted 464 pages of exhibits. 

Dkt. 55-1. He followed that with a March 19, 2018 motion seeking reconsideration
3
of the May 31, 2017 minute order issued by the judge who was previously assigned to this case.
Mot. for Recons. at 1, Dkt. 59. That minute order prohibited Hillier from further amending his
complaint “absent a showing of exceedingly good cause.” Minute Order of May 31, 2017.
The competing motions for summary judgment are addressed in this memorandum
opinion. Hillier’s other pending motions are addressed in the accompanying order.
II.    LEGAL STANDARDS
Rule 56 of the Federal Rules of Civil Procedure mandates that “[t]he court shall grant
summary judgment if the movant shows that there is no genuine dispute as to any material fact”
and, viewing the evidence in the light most favorable to the nonmoving party, “the movant is
entitled to judgment as a matter of law.” Fed. R. Civ. P. 56(a); see also Paige v. Drug Enf’t
Admin., 

, 1358 (D.C. Cir. 2012). “A dispute is ‘genuine’ if the evidence is such
that a reasonable jury could return a verdict for the nonmoving party.” 

.
A fact is material if it “might affect the outcome of the suit under the governing law.” Anderson
v. Liberty Lobby, Inc., 

, 248 (1986).
Hillier invokes the Privacy Act to secure notice of records about him. The Privacy Act
mandates that “[e]ach agency that maintains a system of records shall . . . upon request by any
individual to gain access to his record or to any information pertaining to him which is contained
in the system, permit him . . . to review the record and have a copy made of all or any portion
thereof in a form comprehensible to him.” 5 U.S.C. § 552a(d)(1). The Privacy Act also allows
individuals to request notice that an agency’s system of records contains information about them.
See 5 U.S.C. §§ 552a(e)(4)(G), (f)(1).
The defendants treat Hillier’s requests as though he is also seeking records under FOIA.
Defs.’ Statement of Material Facts ¶¶ 3, 6, 19, 29. FOIA provides that “each agency, upon any
4
request for records which (i) reasonably describes such records and (ii) is made in accordance
with published rules stating the time, place, fees (if any), and procedures to be followed, shall
make the records promptly available to any person.” 5 U.S.C. § 552(a)(3)(A).
The Privacy Act and FOIA are structurally similar. Londrigan v. FBI, 

,
1169 (D.C. Cir. 1981). Both provide a requester with access to federal agency records about the
requester and create a private cause of action when an agency fails to comply with a valid
request. 3 See 5 U.S.C. §§ 552a(d)(1), (g)(1) (Privacy Act); 5 U.S.C. §§ 552(a)(3)(A), (a)(4)(B)
(FOIA).
Under both the Privacy Act and FOIA, an agency must conduct an adequate and
reasonable search for relevant records. See Chambers v. U.S. Dep’t of Interior, 

,
1003 (D.C. Cir. 2009) (stating that “the Privacy Act, like FOIA, requires” that a search “be
reasonably calculated to uncover all relevant documents” (internal quotation marks omitted)). In
this Circuit, courts apply the same standard under both statutes to determine the adequacy of a
search. 4 See id.; Hill v. U.S. Air Force, 

, 1069 (D.C. Cir. 1986) (per curiam)
(affirming search’s adequacy under Privacy Act for the same reasons the search was affirmed
under FOIA). Thus, “[i]n a suit seeking agency documents—whether under the Privacy Act or
the FOIA—at the summary judgment stage, where the agency has the burden to show that it
3
Unlike FOIA, however, the Privacy Act “does not have disclosure as its primary goal. Rather,
the main purpose of the Privacy Act’s disclosure requirement is to allow individuals on whom
information is being compiled and retrieved the opportunity to review the information and
request that the agency correct any inaccuracies.” Henke v. U.S. Dep’t of Commerce, 

, 1456–57 (D.C. Cir. 1996).
4
Hillier contends that FOIA is not relevant in this case. Pl.’s Opp’n Br. at 5–8, Dkt. 45. But
FOIA caselaw is relevant here because, as noted, the agencies treated his requests as seeking
records pursuant to the FOIA and the Privacy Act, and courts apply the same standards to
determine the adequacy of an agency’s search under both statutes. See, e.g., 

; Ellis v. DOJ, 

, 107 (D.D.C. 2015).
5
acted in accordance with the statute, the court may rely on a reasonably detailed affidavit, setting
forth the search terms and the type of search performed, and averring that all files likely to
contain responsive materials (if such records exist) were searched.” 

(internal alteration and quotation marks omitted). The agency’s affidavit is “accorded a
presumption of good faith, which cannot be rebutted by ‘purely speculative claims about the
existence and discoverability of other documents.’” SafeCard Servs., Inc. v. SEC, 

, 1200 (D.C. Cir. 1991) (quoting Ground Saucer Watch, Inc. v. CIA, 

, 771
(D.C.Cir.1981)).
If agency searches reveal records responsive to a Privacy Act or FOIA request, an agency
may withhold access to the records if the statutes exempt them from disclosure. See 5 U.S.C.
§§ 552a(j)(2), (k)(2), 552(b). Although the Privacy Act and FOIA “substantially overlap,” the
statutes “are not completely coextensive; each provides or limits access to material not opened or
closed by the other.” 

. The Privacy Act and FOIA “seek[] in different
ways to respond to the potential excesses of government,” and “[e]ach, therefore, has its own
functions and limitations.” 

Accordingly, “[t]he two acts explicitly state that access to
records under each is available without regard to exemptions under the other.” 

that, when both statutes are at play, an agency seeking to withhold records must “demonstrate
that the documents fall within some exemption under each Act.” Martin v. Office of Special
Counsel, Merit Sys. Prot. Bd., 

, 1184 (D.C. Cir. 1987). “If a FOIA exemption
covers the documents, but a Privacy Act exemption does not, the documents must be released
under the Privacy Act; if a Privacy Act exemption but not a FOIA exemption applies, the
documents must be released under FOIA.” 

  ANALYSIS
The defendants move for summary judgment under Rule 56 on the ground that their
searches were adequate but they found no nonexempt records to disclose to Hillier. Defs.’ Mot.
for Summ. J. at 1. Hillier opposes the defendants’ motion and champions his cross-motion for
summary judgment, which he contends must prevail because the agencies’ declarations
(1) contain statements contradicted by the record, (2) call into question the adequacy of the
searches, (3) pose evidentiary deficiencies, and (4) fail to address Hillier’s allegations of bad
faith. See Pl.’s Opp’n Br. at 1 (attached as Ex. 64 to Pl.’s Opp’n to Defs.’ Mot.), Dkt. 45. The
Court assesses the parties’ motions by considering each of Hillier’s Privacy Act requests and the
agencies’ corresponding searches and responses.
A. Hillier’s Privacy Act Request to the CIA
Hillier began his pursuit of federal agency records by sending a January 6, 2012 Privacy
Act request to the CIA. Shiner Decl. Ex. B at 1. Hillier’s request stated:
I believe that I may have been identified as a person of intelligence interest by your
agency, as I appear to be under surveillance, I appear to be the continual target of a
number of behaviors intended to provoke, threaten, intimidate, distress, and harass
me, and I continue to be a target for acts of battery.

stated that, “[d]ue to my education and subsequent work in operations
research, it is also possible that your agency has record[s] of me as a potential vendor or
consultant, and that fact has led to my identification as a person of intelligence interest to this or
another agency.” 

notice of records about him in the following systems:
(1) CIA-22, Personnel Security Records; (2) CIA-24, Polygraph Records; (3) CIA-26, Office of
General Counsel Records; (4) CIA-32, Office of the Deputy Director of Central Intelligence for
Community Management Records; (5) CIA-33, National Intelligence Council Records; (6) CIA-
7
35, Directorate of Science & Technology Private Sector Contact Information; (7) CIA-37,
Directorate of Operation Records; (8) CIA-38, Academic and Business Contact Records;
(9) CIA-40, Research System Records; and (10) CIA-41, Intelligence Analysis Records. Hillier
identified himself by his full legal name, another name he used from 1990-91, his date and place
of birth, his social security number, his citizenship status, and his then-current and previous
residential addresses. Shiner Decl. Ex. B at 2.
1. The CIA’s Response
The CIA’s response to Hillier’s Privacy Act request is described in Antoinette B. Shiner’s
declaration. Shiner is a senior CIA official with Top Secret classification authority. Shiner Decl.
¶ 2, Dkt. 40-4. Shiner serves as the Information Review Officer for the CIA’s Litigation
Information Review Office. 

She is also a designated Records Validation Officer, which
means she is “authorized to testify or execute affidavits regarding CIA records and records
searches for litigation matters involving CIA information.” 

5.
The CIA sent Hillier a March 5, 2012 letter stating that his request would be processed as
both a Privacy Act request and a FOIA request. 5 

The CIA first focused on unclassified
records that “reveal an open or acknowledged relationship” between Hillier and the CIA. 

The CIA therefore confined its initial search to publicly released records about Hillier but
found none. 

“[B]ased on this search, and analysis of the subject matter of the request,” the CIA
determined that the “Directorate of Support (DS) and the Director’s Area (DIR) were the
directorates most likely to maintain records responsive to the request because they were the most
5
The CIA also directed Hillier to contact the Office of the Director of National Intelligence
(ODNI) to request records from the CIA-33 system because the ODNI maintains that system. 

to maintain records that reflect an overt relationship between Mr. Hillier and the CIA.” 

Shiner, “[t]here were no additional locations that would reasonably likely . . .
maintain the records sought in this case.” 

ultimately “identified the specific
databases that were reasonably likely to maintain responsive records,” 

searches of all offices that manage the systems of records Hillier identified, 

n.6. 6 The
CIA’s searches “us[ed] all variations of [Hillier’s] name and biographical identifiers that he
provided: ‘W Hillier,’ ‘Hillier (with DOB/SSN),’ ‘M Rainsong,’ and ‘Rainsong (with
DOB/SSN),’ ‘Wynship West Hillier,’ ‘Mabon Clearwater Rainsong,’ and ‘Hillier.’” 

But the CIA again located no records about Hillier. 

For classified records, the CIA provided a so-called “Glomar response” 7 that neither
confirmed nor denied the existence of records about Hillier pursuant to FOIA exemptions 1 and
3 and Privacy Act exemptions (j)(1) and (k)(1). FOIA exemption 1 protects from disclosure
“matters that are . . . specifically authorized under criteria established by an Executive order to
be kept secret in the interest of national defense or foreign policy and (B) are in fact properly
classified pursuant to such Executive order.” 5 U.S.C. § 552(b)(1). As Shiner explained,
Executive Order 13256 “is the operative executive order that governs classification,” Shiner
6
Shiner’s declaration states that the “Director’s Area” is a “cluster of offices under the Director
of the CIA, such as the Office of General Counsel, the Office of Public Affairs and the Office of
the Inspector General.” Shiner Decl. ¶ 12 n.5. The database searches at that directorate therefore
covered multiple offices.
7
“The Glomar response takes its name from the CIA’s refusal to confirm or deny the existence
of records about the Hughes Glomar Explorer, a ship used in a classified CIA project to raise a
sunken Soviet submarine from the floor of the Pacific Ocean to recover the missiles, codes, and
communications equipment onboard for analysis by United States military and intelligence
experts.” People for the Ethical Treatment of Animals v. Nat’l Insts. of Health, Dep’t of Health
& Human Servs., 

, 540 (D.C. Cir. 2014) (internal quotation and alteration marks
omitted).
9
Decl. ¶ 14, and it provides that, “in response to a request for information under the Freedom of
Information Act, the Presidential Records Act, the Privacy Act of 1974, or the mandatory review
provisions of this order: (a) An agency may refuse to confirm or deny the existence or
nonexistence of requested records whenever the fact of their existence or nonexistence is itself
classified under this order or its predecessors,” EO 13256 § 3.6(a). By a delegation of authority
under Executive Order 13256, Shiner is authorized to make classification decisions and
“determined that the fact of the existence vel non of the requested records is currently and
properly classified.” Shiner Decl. ¶ 15.
Because FOIA exemption 1 requires the CIA to describe the national security damage
that could result from revealing whether classified records exist about Hillier, 

Shiner
explained that confirming the existence or nonexistence of records about Hillier could reveal
intelligence sources or methods and intelligence activities, including covert actions, as defined in
Executive Order 13256. See 

18, 19. Shiner stated that a response to Hillier’s Privacy
Act request could “jeopardize the clandestine nature of the Agency’s intelligence activities or
otherwise reveal previously undisclosed information about CIA sources, capabilities, authorities,
interests, relationships with domestic or foreign entities, strengths, weaknesses, and/or
resources.” 

Shiner further stated that intelligence gathering is a primary function of the CIA that
depends on human sources and targets. 

According to Shiner, human sources will
furnish information only with confidence that the CIA will protect them from public disclosure.

that CIA confirmation of a human source may lead targets to retaliate
against the source or his family and friends. 

human sources also “places in
jeopardy every individual with whom the individual has had contact.” 

10
indiscretion of one source in a chain of intelligence sources can damage an entire spectrum of
sources.” 

reasons, Shiner concluded that confirming or denying the existence of
records about someone “reasonably could be expected to cause serious damage to U.S. national
security by indicating whether or not CIA maintained any human intelligence sources related to
an interest in the subject of the request.” 

explained why consistent use of a Glomar
response is necessary even when the CIA has no records about a requester:
To be credible and effective, the CIA must use the Glomar response consistently in
all cases where the existence or nonexistence of records responsive to a FOIA
request is a classified fact, including instances in which the CIA does not possess
records responsive to a particular request. If the CIA were to invoke a Glomar
response only when it actually possessed responsive records, the Glomar response
would be interpreted as an admission that responsive records exist. This practice
would reveal the very information that the CIA must protect in the interest of
national security.

Shiner asserted that a Glomar response was also proper under FOIA exemption 3, which
protects information exempted by statute when the statute (1) requires withholding the
information from the public in a manner that leaves no discretion on the issue or (2) establishes
particular criteria for withholding or refers to particular types of matters to be withheld. 

23; see also 5 U.S.C. § 552(b)(3). The National Security Act of 1947, as amended,
mandates that the Director of National Intelligence protect intelligence sources and methods
from unauthorized disclosure and thereby requires the information to be withheld without
discretion. Shiner Decl. ¶ 22; see also 50 U.S.C. § 3024(i)(1). In accordance with that Act and
provisions of Executive Order 12333, and under the direction of the Director of National
Intelligence, “the CIA is authorized to protect CIA sources and methods from unauthorized
disclosure.” Shiner Decl. ¶ 22. As Shiner explained with respect to FOIA exemption 1, the
existence or nonexistence of records indicating a classified connection between Hillier and the
11
CIA could reveal information about intelligence sources and methods. 

19. And the
National Security Act protects such information from unauthorized disclosure. 

Shiner
therefore stated that “the fact of the existence or nonexistence of records that would reflect a
classified connection to the CIA is exempt from disclosure under FOIA exemption [3] pursuant
to the National Security Act.” 

Shiner also concluded that the existence or nonexistence of records about Hillier was
protected from disclosure by Privacy Act exemptions (j)(1) and (k)(1). 

25, 26, 27.
Exemption (j)(1) authorizes the Director of the CIA to promulgate regulations that exempt
systems of records from the Privacy Act’s access and amendment provisions. 5 U.S.C.
§ 552a(d). Shiner Decl. ¶ 24; see also 5 U.S.C. § 552a(j)(1). The Director of the CIA did so in
32 C.F.R. § 1901.62(d)(1), which exempts from the Privacy Act’s access provisions parts of CIA
systems of records “that consist of, pertain to, or would otherwise reveal intelligence sources and
methods.” Shiner Decl. ¶ 24 (citing the regulation). As Shiner explained with respect to FOIA
exemptions 1 and 3, the existence or nonexistence of a classified connection between the CIA
and Hillier “implicates intelligence sources and methods.” 

Privacy Act exemption (k)(1) authorizes the Director of the CIA to promulgate rules that
exempt agency systems of records from the access provision of the Privacy Act if the system is
subject to FOIA exemption 1. 

(citing 5 U.S.C. § 552a(k)(1)). As already discussed,
FOIA exemption 1 protects from disclosure information that is properly classified under an
executive order. 5 U.S.C. § 552(b)(1). Shiner asserted that the existence or nonexistence of a
classified connection between the CIA and Hillier “can reasonably be expected to cause serious
damage to U.S. national security” so it “is currently and properly classified under Executive
12
Order 13526 and is, therefore, exempt from disclosure under Privacy Act exemption (k)(1).”
Shiner Decl. ¶ 26.
Because the existence or nonexistence of classified responsive records about Hillier “is
itself a properly classified fact and . . . is intertwined with intelligence activities, sources, and
methods,” Shiner determined that “this fact is, and must remain, classified and protected by
statute.” 

Shiner therefore concluded that “the only appropriate response is for the CIA
to neither confirm nor deny the existence or nonexistence of the requested records under FOIA
exemptions [1 and 3] and Privacy Act exemptions (j)(1) and (k)(1).” 

of the CIA’s Search and Propriety of Withholdings
To secure summary judgment under the Privacy Act and FOIA, the CIA “must show that
it made a good faith effort to conduct a search for the requested records, using methods which
can be reasonably expected to produce the information requested.” Reporters Comm. for
Freedom of Press v. FBI, 

, 402 (D.C. Cir. 2017) (quoting Oglesby v. U.S. Dep’t of
Army, 

, 68 (D.C. Cir. 1990)). “[T]he issue to be resolved is not whether there might
exist any other documents possibly responsive to the request, but rather whether the search for
those documents was adequate.” Weisberg v. DOJ, 

, 1485 (D.C. Cir. 1984). “The
adequacy of the search, in turn, is judged by a standard of reasonableness and depends, not
surprisingly, upon the facts of each case.” 

is whether the CIA’s search was
“reasonably calculated to discover the requested documents, not whether it actually uncovered
every document extant.” 

.
“A reasonably detailed affidavit, setting forth the search terms and the type of search
performed, and averring that all files likely to contain responsive materials (if such records exist)
were searched” is necessary for an agency to prevail on summary judgment. 

. Agency declarations should also specify who performed the search, Steinberg v. DOJ, 23

, 552 (D.C. Cir. 1994), and “reflect [a] systematic approach to document location,”
Weisberg v. DOJ, 

, 371 (D.C. Cir. 1980).
The Shiner declaration satisfies the standards of both the Privacy Act and FOIA by
properly describing a systematic approach to the CIA’s search that first focused on publicly
released records and then turned to unclassified documents that the agency might possess. The
declaration explains that the CIA rationally determined that the Directorate of Support and the
Director’s Area were the only locations likely to have responsive records based on the results of
the search of publicly-released records and the substance of Hillier’s request. The declaration
states that the CIA identified specific databases that were reasonably likely to contain responsive
records and searched those databases using search terms consisting of the personal identifiers
Hillier presented in his Privacy Act request. The Court therefore finds that the CIA’s Shiner
declaration describes an adequate search conducted in good faith that was reasonably calculated
to discover Hillier’s requested documents. See Reporters Comm. for Freedom of 

; 

.
Hillier challenges the CIA’s search by first arguing that the Shiner declaration was not
based on personal knowledge. See Pl.’s Opp’n Br. at 25–26. But Shiner states in her declaration
that “I make the following statements based upon my personal knowledge and information made
available to me in my official capacity.” Shiner Decl. ¶ 6. In this Circuit, a declarant may
satisfy the personal knowledge requirement by “attest[ing] to his personal knowledge of the
procedures used in handling [a FOIA or Privacy Act] request and his familiarity with the
documents in question.” Barnard v. Dep’t of Homeland Sec., 

, 19 (D.D.C.
2009) (internal quotation marks omitted). Shiner’s declaration makes clear that she is familiar
with the procedures relating to the Privacy Act and FOIA requirements, as well as the records
14
Hillier requested. Shiner states that she: (1) worked in the review-and-release field for 18 years
in various official capacities that involved responsibility for classification and release
determinations, Shiner Decl. ¶ 2; (2) is a senior CIA official who holds original classification
authority to the Top Secret level, 

(3) is responsible for litigation information and public
requests for information under the Privacy Act and FOIA, 

(4) is a Records Validation
Officer authorized to testify about CIA records and searches, 

and (5) “[t]hrough the
exercise of [her] official duties, [she] ha[s] become familiar with this civil action and the
underlying FOIA request,” 

These statements suffice to satisfy the personal knowledge
requirement. See 

.
Hillier also claims that Shiner’s declaration fails to identify who conducted and
supervised the searches or when the searches were performed. Pl.’s Opp’n Br. at 25–26. But
Shiner’s declaration, which must be accorded a presumption of good faith, see SafeCard Servs.,

, identified who conducted the searches by stating that the CIA Information
and Privacy Coordinator received and processed Hillier’s request, Shiner Decl. ¶ 7, and the “CIA
employees who performed the necessary searches have access to pertinent records, are qualified
to search those records and regularly search those records in the course of their professional
duties,” 

With respect to these employees’ names, “[t]he FOIA does not require the
disclosure of the names or information about agency staff involved in processing FOIA
requests.” Kidder v. FBI, 

, 24 (D.D.C. 2007). Indeed, this court previously
rejected as “frivolous” a requester’s contention that an agency should reveal the names of
employees who conducted searches. Harrison v. Fed. Bureau of Prisons, 

, 65
(D.D.C. 2009) (noting that personal identifying information about agency searchers would be
exempt from disclosure under FOIA exemption 6 if recorded).
15
Hillier cites no authority for the proposition that failing to identify the actual date on
which an agency conducts a search defeats the adequacy of the search or the presumption of
good faith attached to an agency declaration. See Pl.’s Opp’n Br. at 25–26. And Hillier’s claim
that Shiner did not supervise the searches is unavailing. 

Shiner’s declaration states that
she is responsible for the classification review of CIA documents and information that are the
subject of court proceedings or Privacy Act and FOIA requests, and, as a Records Validation
Officer, she is authorized to testify or execute affidavits about CIA records searches. See Shiner
Decl. ¶¶ 4, 5. Shiner’s representations show that, through her authorities and position as a
Records Validation Officer for CIA records searches, 

she had a managerial (and thus
supervisory) role with respect to the searches conducted here.
Hillier further argues that the CIA’s searches were incomplete because “entire systems of
records of which plaintiff requested search were apparently never touched.” Pl.’s Opp’n Br. at
29–30. But “there are some limits on what an agency must do to satisfy its FOIA obligations.”
Nation Magazine, Wash. Bureau v. U.S. Customs Serv., 

, 891 (D.C. Cir. 1995).
“There is no requirement that an agency search every record system.” 

.
“Although an agency may not ignore a request to search specific record systems when a request
reaches the agency before it has completed its search, a search is generally adequate where the
agency has sufficiently explained its search process and why the specified record systems are not
reasonably likely to contain responsive records.” Mobley v. CIA, 

, 582 (D.C. Cir.
2015). “Further, a request for an agency to search a particular record system—without more—
does not invariably constitute a ‘lead’ that an agency must pursue.” 

a FOIA
requester’s detailed search instructions cannot dictate the reasonableness of the scope of an
agency’s FOIA search.” Nolen v. DOJ, 

, 98 (D.D.C. 2015).
16
Ultimately, the question is whether the agency’s search was reasonable based on the
facts, 

, not “whether any further documents might conceivably exist,”
Truitt v. Dep’t of State, 

, 542 (D.C. Cir. 1990). Here, the CIA determined that the
“Directorate of Support (DS) and the Director’s Area (DIR) were the directorates most likely to
maintain records responsive to the request because they were most likely to maintain records that
reflect an overt relationship between Mr. Hillier and the CIA.” Shiner Decl. ¶ 12. “[T]he
Agency identified the specific databases that were reasonably likely to maintain responsive
records,” and “[t]here were no additional locations that would [be] reasonably likely to maintain
the records sought in this case.” 

the circumstances described in the Shiner declaration
demonstrate that the CIA made a good faith effort to conduct a search for Hillier’s requested
records, using methods that can reasonably be expected to produce the requested information.
See 

. The Court therefore holds that the CIA’s search was reasonable
and adequate. See 

.
3. The CIA’s Glomar Response
Hillier contends that it was improper for the CIA to provide a Glomar response to his
request. Pl.’s Opp’n Br. at 25, 33–44. A “Glomar response . . . is proper if the fact of the
existence or nonexistence of agency records falls within a FOIA [or Privacy Act] exemption.”
Wolf v. CIA, 

, 374 (D.C. Cir. 2007). “In determining whether the existence of
agency records vel non fits a FOIA exemption, courts apply the general exemption review
standards established in non-Glomar cases.” 

Glomar response is justified, “the agency
need not conduct any search for responsive documents or perform any analysis to identify
segregable portions of such documents.” People for the Ethical Treatment of Animals, 

at 540. And “[c]ourts can grant summary judgment upholding a Glomar response based on
agency affidavits explaining the basis for the response.” 

the Shiner declaration
17
provides a detailed justification for the CIA’s Glomar response. Shiner explained the legal bases
for the response and how it complied with exemptions (j)(1) and (k)(1) of the Privacy Act and
exemptions 1 and 3 of FOIA. Shiner Decl. ¶¶ 13–27.
Hillier’s claim that the Glomar response was improper because the CIA misapplied its
regulations also is not persuasive. See Pl.’s Opp’n Br. at 18. Hillier’s argument appears to rest
on two premises: first, that he sought notice of records—not access to them; and second, that the
standard for invoking a Glomar response under the notice provisions of the applicable agency
regulations, see 32 C.F.R. § 1901.62(c), is higher than that for the access provision, see 32
C.F.R. § 1901.62(d)(1). 

Even assuming that Hillier is right, Shiner’s declaration
demonstrates how confirming the existence of records about Hillier could jeopardize intelligence
sources and methods, see Shiner Decl. ¶¶ 18, 19, and would therefore satisfy any heightened
standard potentially applicable to a request for notice. The CIA’s Glomar response is amply
supported by Shiner’s declaration. See People for the Ethical Treatment of 

.
B. Hillier’s Privacy Act Requests to DHS
Hillier next sent a January 11, 2012 letter to the Disclosure Officer at the Office of
Intelligence and Analysis in DHS asking for notice of non-exempt records about him in a record
system he identified as “DHS/IA-001 (Office of Intelligence and Analysis Enterprise Records
System).” Sepeta Decl. Ex. A at 1, Dkt. 40-2. Hillier’s letter requested that the agency “please
search record categories A, B, C, D, E, F, G, H, and I, as listed on 73 FR 28132.” 

that records about him “may have been compiled at any time from 1983 to the present”
and he added that he worked for two defense department contractors in the mid-1980s. 

stated: “I may have been mistakenly identified as a terrorist, as people have suggested this
much to me, I appear to be under surveillance, I appear to be the continual target of a number of
18
behaviors intended to provoke, threaten, intimidate, distress, and harass me, and I continue to be
a target for continuing incidents of battery, and am currently disabled as the result of one such
incident.” 

identified himself by his full legal name, an alternate name he used
from 1990–91, his date and place of birth, his social security number, his citizenship status, and
both his then-current and a prior residential address. 

day, January 12, 2012, Hillier sent a similar letter to the Chief Privacy Officer
and Chief Freedom of Information Act Officer at DHS. 

at 1. In this second letter,
Hillier requested any non-exempt records about him located in the following two record systems:
•   DHS/ALL-30 “Department of Homeland Security (DHS)/ALL-030 Use
of the Terrorist Screening Database (TSDB) System of Records”
(record categories: identifying information and other available
identifying particulars including audit records containing such,
references to and/or information from other government law
enforcement and intelligence databases or other relevant databases
containing such).
•   DHS/ALL-031 “Information Sharing Environment (ISE) Suspicious
Activity Reporting (SAR) Initiative System of Records” (record
categories: attachments, contact information for submitters of ISE-
SARs, driver license, follow-up action, location, location address,
location coordinates, observer, owning organization, other identifier,
passport, person, person name, physical descriptors, physical feature,
ISE-SAR submission, sensitive information details, source
organization, suspicious activity report, submitting organization,
suspicious activity, target, vehicle, and related ISE-SAR).

that “[DHS] may have a record about me because I may have been mistakenly
identified as a known or suspected terrorist.” 

the same identifying
information that he submitted in his first letter to the agency, with the exception of his social
security number, which he omits. 

He added a California driver’s license number and a
passport number. 

indicated that records might be in the possession of the following
DHS components: Headquarters; Directorate for National Protection and Programs; Directorate
for Science and Technology; Office of Policy; Office of Health Affairs; Office of Intelligence
19
and Analysis; Office of Operations Coordination and Planning; Federal Law Enforcement
Training Center; Domestic Nuclear Detection Office; United States Coast Guard; Federal
Emergency Management Agency; and the United States Secret Service. 

Response
Arthur R. Sepeta’s declaration describes DHS’s searches and response to Hillier’s
Privacy Act requests. As the Chief of the Privacy and Intelligence Oversight Branch at Office of
Intelligence and Analysis, Sepeta has “direct oversight” of the FOIA and Privacy Act policies,
procedures, and litigation involving Office of Intelligence and Analysis records. Sepeta Decl.
¶ 1. Sepeta states that DHS treated Hillier’s requests as requests under both the Privacy Act and
FOIA consistent with the agency’s policy and “to provide the greatest degree of access
authorized.” 

The defendants emphasize that, as a result, DHS “searched a broader
universe of records than those in the system of records that Plaintiff identified in his request.”
Defs.’ Reply at 5, Dkt. 47. As Sepeta explains, “[t]he Privacy Act’s right of access is limited to
records in a system of records, whereas FOIA searches encompass a much broader scope of
records.” Sepeta Decl. ¶ 9.
a. DHS’s Search of Record System DHS/IA-001
According to Sepeta, Hillier’s January 11, 2012 request seeking notice of records about
him in the DHS/IA-001 record system was referred to the Office of Intelligence and Analysis
and assigned the tracking number 12-OIA-0030. 

21. DHS/IA-001 is an Enterprise
Records System that contains all records over which the Office of Intelligence and Analysis
exercises control. 

The Office of Intelligence and Analysis searched the DHS/IA-001
record system using Hillier’s name, the alternate name he identified, his date and place of birth,
both his present and prior residential addresses, and the last four digits of his social security
number. 

The search encompassed “the Production Management Branch, the State and
20
Local Program Office, Enterprise Mission Support Division, and the Analysis and Production
Office.” 

On February 29, 2012, the Office of Intelligence and Analysis advised Hillier by letter
that no responsive records were found during the search of the DHS/IA-001 record system. 

& Ex. C at 1, Dkt. 40-2. The Office of Intelligence and Analysis also confirmed that no
records existed before January 24, 2003, the date DHS was created. 

at 1.
b. DHS’s Search of Record System DHS/ALL-30
DHS’s Privacy Office processed Hillier’s second request seeking notice of records about
him in the record system identified as DHS/ALL-30 (Use of the Terrorist Screening Database
Systems of Records). 8 

& Ex. E at 1, Dkt. 40-2. In a March 19, 2012 letter, the Privacy
Office explained to Hillier that, even if records about him exist in the DHS/ALL-30 record
system, he had no right to access the records because they are exempt under both the Privacy Act
and FOIA. 

at 1–2.
Addressing the Privacy Act first, the Privacy Office stated that the records in DHS/ALL-
30 are exempt from the Act because the Terrorist Screening Database is part of a Federal Bureau
of Investigation (FBI) record system that the FBI has exempted from certain provisions of the
Act. 

at 1. According to the Privacy Office, the FBI exempted the Terrorist Screening
Database from 5 U.S.C. § 552a(d), which is the Privacy Act provision that provides access
rights. 

gets Terrorist Screening Database information from the FBI’s Terrorist
Screening Center, the FBI’s exemption “carries over when the TSDB information is transferred
to the Department.” 

record does not reflect that DHS assigned a tracking number to this request. See 

13; 

21
The Privacy Office further explained that DHS’s record systems that receive the FBI’s
Terrorist Screening Database information through the Watch List Service are also exempt under
the Privacy Act, including the Privacy Act provision providing access to records. 

U.S.C. §§ 552a(d), (j)(2), (k)(1), (k)(2), and 76 Fed. Reg. 81787). Information from the Terrorist
Screening Database “is categorized as Sensitive Security Information (‘SSI’) under 49 U.S.C.
§114(r), and the implementing regulation found at 49 CFR part 1520.” 

C.F.R.
§§ 1520.9(a)(2) and 1520.15(a), the Privacy Office stated that “[r]ecords containing SSI are not
available for public inspection or copying, nor can they be released to anyone who does not have
an official need to know.” 

Office therefore concluded that Hillier “has no right
to access or amend the records contained in these systems” and denied his request under the
Privacy Act. 

Office reached a similar result under FOIA, concluding that any records
responsive to Hillier’s request for records in DHS/ALL-30 are exempt from disclosure under
FOIA exemption 3 because they constitute Sensitive Security Information exempt by a statute,
49 U.S.C. § 114(r), Sepeta Decl. Ex. E at 2, which prohibits the disclosure of qualifying
information that is “obtained or developed in carrying out security under authority of the
Aviation and Transportation Security Act,” 49 U.S.C. § 114(r)(1). Thus, the Privacy Office
provided a Glomar response and neither confirmed nor denied the existence of records that might
reveal Hillier’s status in the Terrorist Screening Database. Sepeta Decl. Ex. E at 2.
The Privacy Office further concluded that any such records were also subject to FOIA
exemption 7(E), 5 U.S.C. § 552(b)(7)(E). 

protects law enforcement
information that “would disclose techniques and procedures for law enforcement investigations
22
or prosecutions, or would disclose guidelines for law enforcement investigations or prosecutions
if such disclosure could reasonably be expected to risk circumvention of the law.” 5 U.S.C.
§ 552(b)(7)(E). Accordingly, the Privacy Office denied Hillier’s request for notice of records
relating to him based on FOIA exemptions 3 and 7(E). Sepeta Decl. Ex. E at 2.
c. DHS’s Search of Record System DHS/ALL-031
Hillier’s third request asking for notice of records about him located in the DHS/ALL-
031 system was referred to the Office of Intelligence and Analysis where it was assigned
tracking number 12-OIA-0040. Sepeta Decl. ¶ 13. The Sepeta declaration and exhibits indicate
that the records in DHS/ALL-031 are a subset of the records contained in DHS/IA-001, which,
as noted, is a comprehensive record system that contains all records over which the Office of
Intelligence and Analysis exercises control. 

22 & Ex. F at 1 (stating that DHS/IA-001
“includes . . . ISE . . . and Suspicious Activity Reporting (SAR)”). As a result, the Office of
Intelligence and Analysis’s search of DHS/IA-001 using Hillier’s full name, alternative name,
birth date, birth place, and current and prior residential addresses also covered records in
DHS/ALL-031. 

Sepeta’s declaration states that the Office of Intelligence and Analysis’s April 4, 2012
letter to Hillier served as its final response to Hillier’s request about DHS/ALL-031. 

The April 4, 2012 letter, however, refers to DHS/ALL-030 rather than to DHS/ALL-031, which
appears to be a typographical error. 9 

at 1, Dkt. 40-2. Perhaps this is why, after Hillier
9
The confusion about whether DHS/ALL-031 was adequately searched can be attributed to this
apparent typographical error in the Privacy Office’s April 4, 2012 letter to Hillier. See Sepeta
Decl. Ex. F at 1. DHS/ALL-031 is consistently characterized in Sepeta’s declaration and
exhibits, as well as in Hillier’s January 12, 2012 Privacy Act request, as an “Information Sharing
Environment and Suspicious Activity Reporting System.” 

22, Ex. D at 1, Ex. E at 2,
Ex. H at 1; see also id Ex. E at 2 (“As it relates to your access for records in the DHS/All-031,
Information Sharing Environment (ISE) Suspicious Activity Reporting (SAR) Initiative System
of Records . . . . I am referring your request to the FOIA Officer for OI&A . . . .”). Although the
23
pursued an administrative appeal on April 20, 2012, 

the United States Coast Guard
Office of the Chief Administrative Law Judge 10 remanded the matter back to the Office of
Intelligence and Analysis on February 12, 2013, stating that “the record does not reflect whether
the proper database was searched or otherwise accounted for in the Final Response,” 

at
2, Dkt. 40-2.
The Sepeta declaration reveals that on May 8, 2012—after Hillier filed his administrative
appeal on April 20, 2012 but before it was remanded on February 12, 2013—the Office of
Intelligence and Analysis conducted a search of computers and share drives belonging to
personnel within the Production Management Branch of the Office of Intelligence and
Analysis. 11 

The Office of Intelligence and Analysis conducted the search using the
personal identifiers Hillier provided in his January 12, 2012 letter. 

of Intelligence
and Analysis limited the search to the Production and Management Branch of the Office of
Privacy Office’s April 4, 2012, letter refers to DHS/ALL-030 rather than to DHS/ALL-031, it
characterizes the system as the “Information Sharing Environment and Suspicious Activity
Reporting system,” 

at 1, thereby indicating that it is intended to be DHS/ALL-031. In
contrast, the DHS/ALL-030 system is consistently characterized as “Use of the Terrorist
Screening Database System of Records.” 

Ex. D at 1, Ex. E at 1. Moreover, Hillier’s
request for records in the DHS/ALL-031 record system is the only request that was referred to
the Office of Intelligence and Analysis on March 19, 2012. Thus, the record indicates that the
reference to DHS/ALL-030 in the April 4, 2012 letter to Hillier is a typographical error, although
DHS has never said so.
10
By contract, the United States Coast Guard Office of the Chief Administrative Law Judge
reviews FOIA appeals for the DHS General Counsel. See 

at 2.
11
Although the Sepeta declaration never expressly states whether that search involved the
DHS/ALL-031 record system, the declaration cites the tracking number that applied to the
DHS/ALL-031 record system. Sepeta Decl. ¶ 16. Moreover, on remand, the Office of
Intelligence and Analysis reported on November 26, 2013 that it “searched all component level
SAR [Suspicious Activity Reporting] files, and other source material without result.” 

Ex. H at 2, Dkt. 40-2. As noted, this search must have involved the DHS/ALL-031 record
system given that system’s characterization in the Privacy Office’s March 19, 2012 letter as a
“suspicious activity reporting” system. 

at 1.
24
Intelligence and Analysis because that branch was responsible for keeping finished intelligence
products and the search would have identified responsive documents created between the time of
the first and second searches. 

Office of Intelligence and Analysis discovered no
responsive records during the second search, “there was no need to further expand the search to
other offices.” 

Hillier’s administrative appeal on July 9, 2015. 

2. Adequacy of DHS’s Searches
Hillier does not challenge DHS’s searches of DHS/IA-001 or DHS/ALL-030. But he
does contest DHS’s search of DHS/ALL-031 because it was limited to the Office of Intelligence
and Analysis—only one of DHS’s twelve components. See Pl.’s Br. In Support of Mot. for
Partial Summ. J. at 10, Dkt. 41; Pl.’s Opp’n Br. at 9. 12
Although an agency is not required to search every record system, 

, it cannot ignore requests to search specific systems that are received before it completes its
searches, 

. If an agency elects not to search specific systems that a
requester has identified, controlling precedent makes clear that the agency must “sufficiently
explain[] . . . why the specified record systems are not reasonably likely to contain responsive
records.” 

. The Sepeta declaration lacks sufficient detail to meet this
standard. As a result, the Court is unable to conclude whether DHS’s search was adequate.
Hillier’s Privacy Act request to DHS seeking notice of records in DHS/ALL-031
identified the following 12 components where Hillier believed records could be found:
Headquarters; Directorate for National Protection and Programs; Directorate for Science and
Technology; Office of Policy; Office of Health Affairs; Office of Intelligence and Analysis;
12
Because the arguments raised in Hillier’s other motions are similar to those raised in his
opposition to the defendants’ motion for summary judgment, from this point forward the Court
cites to his opposition to the defendants’ motion for summary judgment.
25
Office of Operations Coordination and Planning; Federal Law Enforcement Training Center;
Domestic Nuclear Detection Office; United States Coast Guard; Federal Emergency
Management Agency; and the United States Secret Service. Sepeta Decl. Ex. D at 2. The Sepeta
declaration states that the Office of Intelligence and Analysis searched for records “over which
[it] maintained control,” 

but never mentions whether the other 11 components might
have responsive records or their records are under the Office of Intelligence and Analysis’s
“control.” If DHS determined that the Office of Intelligence and Analysis was the only DHS
component that had a record system reasonably likely to contain responsive records, the Sepeta
declaration should say so. See 

.
It is also unclear whether the Office of Intelligence and Analysis’s search of the
DHS/ALL-031 system was limited to only its own suspicious activity reports or whether it
included the suspicious activity reports of other DHS components. The Sepeta declaration’s
exhibits indicate that the Office of Intelligence and Analysis’s search might not have been so
limited. As the Office of Intelligence and Analysis FOIA Officer explained in a November 26,
2013 letter responding to the remand of Hillier’s administrative appeal:
[S]everal operational components within DHS regularly observe or otherwise
encounter suspicious activities while executing their authorized missions and
performing operational duties. Components document those observations or
encounters in SARs. DHS I&A is one of the DHS components that routinely
collects and formats information into SARs. These documents are stored locally,
which means that all contributors, including DHS components, exercise control
over their own reports and they are not available in the absence of a specific query.
And because each contributor maintains control over its own information, when a
record from a contributor is located, the contributor has sole authority to determine
whether it can be released outside NSI participants.
As a contributor to this system of records, DHS I&A has authority over only its
own SARs. Nevertheless, DHS I&A searched all component level SAR files, and
other source material without result. To the extent that Mr. Hillier wants a search
of SARs contributed by other NSI participants, he must make separate requests.
26
Sepeta Decl. Ex. H at 2, Dkt. 47-1 (emphasis added) (quotation marks omitted). This letter
suggests that the Office of Intelligence and Analysis conducted a search of all DHS (i.e.,
component level) suspicious activity reports, not just the Office of Intelligence and Analysis’s
reports. 13 Neither the Sepeta declaration nor the defendants’ legal briefs make this argument,
however, so the Court is left to believe this might not be the case.
This lack of clarity is compounded by the fact that, as already discussed, the Office of
Intelligence and Analysis’s April 4, 2012 letter to Hillier that purports to be DHS’s final
response to Hillier’s request about DHS/ALL-031 makes reference to DHS/ALL-030 rather than
to DHS/ALL-031. The Court presumes that this is an error but it would be helpful if the Sepeta
declaration said so one way or the other.
Because the Sepeta declaration fails to state whether DHS determined that the Office of
Intelligence and Analysis was the only component with a record system that was reasonably
likely to contain records responsive to Hillier’s request, the declaration lacks sufficient detail for
the Court to determine whether DHS’s search was adequate. The Court will therefore deny
without prejudice the defendants’ motion for summary judgment with respect to the search
conducted by DHS.
Hillier’s other challenges to the search of DHS/ALL-031 are not compelling. Hillier
questions whether the DHS/ALL-031 record system was properly characterized as “under the
13
Additionally, it appears that Hillier was required to submit separate Privacy Act requests to
search suspicious activity reports contributed by other participants in the Nationwide Suspicious
Activity Reporting Initiative. See Sepeta Decl. Ex. H at 2 (stating “[t]o the extent that Mr.
Hillier wants a search of SARs contributed by other NSI participants, he must make separate
requests”). The record does not reflect that he ever did that, although it is unclear whether that is
required for the 11 components Hillier identified or only applies to other agencies that participate
in the Nationwide Suspicious Activity Reporting Initiative.
27
purview” of the Office of Intelligence and Analysis as the Privacy Office stated in the March 19,
2012 letter to Hillier. Pl.’s Opp’n Br. at 9. Wrapped into this argument is Hillier’s dispute about
Sepeta’s citation of 6 C.F.R. § 5.4 as the basis for referring his DHS/ALL-031 request to the
Office of Intelligence and Analysis. 

states that “the component that first
receives a request for a record and maintains that record is the component responsible for
responding to the request” unless the request was misdirected to that component or a component
determines the records originated at another component or the information was provided by
another component or is of substantial interest to another component. 6 C.F.R. §§ 5.4(a), (c), (d).
These points culminate with Hillier alleging that the FOIA Program Specialist who signed the
March 19, 2012 letter to Hillier was “lying” about the agency’s rationale for referring Hillier’s
DHS/ALL-031 request to the Office of Intelligence and Analysis. Pl.’s Opp’n Br. at 13–14.
It was reasonable for the Privacy Office’s FOIA Program Specialist to determine that
DHS/ALL-031 “falls under the purview of the DHS Office of Intelligence and Analysis,” Sepeta
Decl. Ex. E at 2, given that the DHS/ALL-031 system is a subset of DHS/IA-001, a
comprehensive record system over which the Office of Intelligence and Analysis has control, see

Furthermore, 6 C.F.R. § 5.4(a) makes clear that a component that first receives a
request for records is responsible for responding to the request if it “maintains that record.”
There is no evidence that DHS’s Privacy Office “maintains” records in DHS/ALL-031, in which
case it was appropriate for that component to forward the request to a component that did
maintain such records. Notably too, 6 C.F.R. § 5.4 provides that if a component determines that
it maintains responsive records that contain information of substantial interest to another
component, then “[t]he component may refer the responsibility for responding to the request or
portion of the request to the component . . . best able to determine whether to disclose the
28
relevant records.” 6 C.F.R. § 5.4(d)(3). The regulation goes on to state that “[o]rdinarily, the
component . . . that created or initially acquired the record will be presumed to be best able to
make the disclosure determination.” 

the Court no reason to think that DHS’s
Privacy Office erred by referring his request to search DHS/ALL-031 to the Office of
Intelligence and Analysis given that there is no evidence that the Privacy Office maintains any
records in that system.
C. Hillier’s Department of State Privacy Act Request
Hillier’s final attempt to identify records about him was initiated by a January 19, 2012
Privacy Act request sent to the Department of State Director of Foreign Affairs Document and
Reference Center. 2d Am. Compl. Ex. 34 at 1; Stein Decl. ¶ 4, Dkt. 40-3. In that letter, Hillier
asks the Department of State to check whether it possesses any non-exempt records about Hillier
in the STATE-06 “Coordinator for the Combatting of Terrorism Records” (all record categories)
record system. 2d Am. Compl. Ex. 34 at 1; Stein Decl. ¶ 4, Dkt. 40-3. Hillier states that he
“believes that the Department of State may have records about [him] because [he] [was] an
American Citizen involved in terrorist incidents.” 2d Am. Compl. Ex. 34 at 1. Hillier supplies
the Department of State with his full legal name, another name he used in the past, his date and
place of birth, his social security number, and his then-current mailing address. 

14
14
It appears from the record that Hillier’s January 19, 2012 letter to the Department of State was
returned to him, Stein Decl. ¶ 4, but at some point Hillier began corresponding with the
Department of State’s Office of Information Programs and Services. The Office of Information
Programs and Services later received Hillier’s request for STATE-06 records as an attachment to
subsequent correspondence with him. 

The Department of State’s Response
The Department of State submits Eric F. Stein’s declaration describing the agency’s
response to Hillier’s Privacy Act request. Stein is the Department of State’s Director of the
Office of Information Programs and Services and the official responsible for responding to
records requests under the Privacy Act and FOIA. Stein Decl. ¶ 1, Dkt. 40-3. According to
Stein, the Department of State processes Privacy Act requests under both the Privacy Act and
FOIA. 

Stein states that he reviewed Hillier’s Privacy Act request and determined that the Bureau
of Counterterrorism and Countering Violent Extremism was the Department of State component
likely to have responsive documents “because [Hillier’s] request specifically referred to STATE-
06, and [the Bureau of Counterterrorism and Countering Violent Extremism] is the Department
component that would maintain any records described in STATE-06, ‘Coordinator for the
Combatting of Terrorism Records.’” 

Stein also determined that the Department of
State’s Retired Record Inventory Management System, “a searchable database that automates the
processing of records retired to the Records Service Center” was reasonably likely to have
responsive records. 

that no other offices or records systems were
reasonably likely to maintain documents responsive to [Hillier’s] request related to STATE-06.”

Stein, the Bureau of Counterterrorism and Countering Violent Extremism
Director of the Office of Regional Affairs determined that the only bureau components
reasonably likely to have responsive records were the Office of South and Central Asia and the
Near East, and the Office of Africa, Europe, the Americas, and Asia. 

Stein explains
that these two offices “work on counterterrorism policy in individual countries, and all [bureau]
30
records that reference an American involved with terrorist activities would pass through these
offices.” 

“[a]ny American who had joined a terrorist organization or been
kidnapped by terrorists would also have had the attention of the office leadership in these two
offices.” 

knowledgeable about Hillier’s Privacy Act request and the record systems
in these two offices searched both the unclassified and classified electronic files for records
relating to Hillier. 

The official who was a Program Analyst for the Office of Africa,
Europe, the Americas, and Asia “searched the unclassified and classified shared drives (a
collection of folders stored on a local network) used by both [the Office of South and Central
Asia and the Near East and the Office of Africa, Europe, the Americas, and Asia] to maintain
their electronic records, including archived emails stored in .pst files, using the following names
and other identifying information provided by Plaintiff: ‘Wynship Hillier,’ ‘Wynship West
Hillier,’ ‘Mabon Rainsong,’ ‘Mabon Clearwater Rainsong,’ and Mr. Hillier’s Social Security
number.” 

the Deputy Office Director of the Office of South and Central Asia
and the Near East and the Office Director for the Office of Africa, Europe, the Americas, and
Asia “searched their unclassified and classified email records and individual drives using the
search terms: ‘Wynship Hillier,’ ‘Wynship West Hillier,’ ‘Mabon Rainsong,’ ‘Mabon Clearwater
Rainsong,’ and Mr. Hillier’s Social Security number.” 

that “[n]o date
restrictions were applied to these searches,” 

responsive records were found, 

Stein further explains that “[a]ll files are maintained electronically, so a search of these record
systems would have located any responsive records.” 

Addressing the Retired Records Inventory Management System, Stein describes the
system as a “searchable database that automates the processing of records retired to the Records
31
Service Center and tracks the status of all boxes received” at the center. 

Stein states
that both the full text and the metadata of records in the “retired file manifests” are searchable.

that “retired file manifests serve as an index of the contents of retired paper files
and are used to direct a researcher to particular file folders or documents in retired file boxes.”

however, that “[o]n occasion, manifests do not contain sufficient detail to
indicate the exact contents maintained under a given subject, so once a potentially responsive
box is located, the entire contents of the box must be searched manually.” 

Stein, an Office of Information Programs and Services Information
Specialist who was knowledgeable about FOIA and the Retired Records Inventory Management
System searched the system using the terms “counterterrorism” or “CT.” 

The search
covered the time period from January 1, 2007 through the date of the search. 

date
was derived from Hillier’s statement that he was involved in terrorist incidents since 2007. 

of Information Programs and Services “determined that these search terms would
locate any records during the time frame that were covered by STATE-06.” 

that
the search located “[n]o retired file manifests for CT for the relevant time period.” 

Specialist also searched all the system records using the terms “Hillier,” “Wynship,”
or “Rainsong,” but “[n]o relevant retired file manifests indicating the existence of records
regarding [Hillier] were located.” 

dated January 13, 2017, the Office of Information Programs and Services
advised Hillier that professional employees in the Department of State’s Bureau of
Counterterrorism and Countering Violent Extremism who are familiar with the content and
organization of the agency’s non-exempt records conducted a thorough search of records in
STATE-06 and found no records about him. 

32
2. Adequacy of the Department of State’s Searches
Stein’s declaration explains the scope of the Department of State’s search, which was
defined by Hillier’s request for records about him in the STATE-06 system. Stein identifies the
methodology deployed to identify the record systems reasonably likely to have responsive
records and the timeframe that was applied. The declaration also identifies who performed the
searches, the search terms that were used, and the type of searches that were performed. See

.
Hillier raises a series of objections to the Stein declaration, Pl.’s Opp’n Br. at 3–5, 16–18,
none of which the Court finds convincing. First, Hillier contends that the declaration is deficient
because it does not state that it was based on personal knowledge. But Hillier is mistaken. The
first paragraph of the declaration states “I make the following statements based upon my
personal knowledge, including information furnished to me in the course of my official duties.”
Stein Decl. ¶ 1. Stein also states that he is “familiar with the efforts of Department personnel to
process the Privacy Act request” and “in charge of coordinating the agency’s search efforts with
respect to [Hillier’s] request.” 

therefore demonstrates his personal
knowledge of the procedures used in handling requests and his familiarity with the documents in
question. See 

.
Second, Hillier claims that the Stein declaration is deficient because the Director of the
Office of Regional Affairs relied on hearsay to determine that only the Office of South and
Central Asia and the Near East and the Office of Africa, Europe, the Americas and Asia were
reasonably likely to maintain responsive records. But “courts in this jurisdiction have long held
that [agency] declarants may rely on ‘information they have obtained in the course of their
official duties.’” Canning v. U.S. Dep’t of State, 

, 510 (D.D.C. 2015)
(quoting 

); Cucci v. DEA, 

, 513 (D.D.C. 1994);
33
Inst. for Policy Studies v. CIA, 

, 133 (D.D.C. 2012)). Thus, “declarations
that contain hearsay in recounting searches for documents are generally acceptable.” Gov’t
Accountability Project v. DOJ, 

, 23 (D.D.C. 2012) (internal quotation and
alteration marks omitted).
Third, Hillier claims that the Stein declaration does not adequately explain why the
Office of South and Central Asia and the Near East and the Office of Africa, Europe, the
Americas and Asia were the only components that were likely to have responsive records. The
Court disagrees. Stein explained that the Office of Information Programs and Services
determined that CT was the component that maintains records in STATE-06, the system Hillier
requested be searched. Stein Decl. ¶¶ 4, 9. The Director of Regional Affairs in CT further
determined that the Office of South and Central Asia and the Near East and the Office of Africa,
Europe, the Americas and Asia were the “only CT components reasonably likely to maintain
responsive records” because “all CT records that reference an American involved with terrorist
activities would pass through these offices.” 

As noted, Hillier identified himself as
someone believed to be involved in terrorist incidents. 2d Am. Compl. Ex. 34 at 1. Thus, it was
reasonable for the agency to conduct searches in systems used by the components through which
all records referencing Americans involved with terrorism would pass.
Fourth, Hillier argues that Stein’s declaration is defective because paragraph 10 of the
declaration states that CT maintains records about American citizens involved in terrorist
incidents overseas or who have been captured by a terrorist organization. According to Hillier,
that statement is inconsistent with a Department of State publication that indicates that the
system of records includes American citizens involved in terrorist incidents “vel non.” Pl.’s
Opp’n Br. at 17. Hillier also claims that Stein’s statement that all STATE-06 records are
34
electronic, Stein Decl. ¶ 12, conflicts with a more than 40-year-old (1977) Department of State
System of Records Notice (SORN) that states “Storage: Hard copy,” see Pl.’s Opp’n Br. at 17
(quoting 42 Fed. Reg. 49702). Neither of these alleged inconsistencies, however, create a
genuine issue of material fact because they are irrelevant to the question of whether the
Department of State conducted a search reasonably calculated to uncover Hillier’s requested
records. See 

(“Only disputes over facts that might affect the outcome
of the suit under the governing law will properly preclude the entry of summary judgment.
Factual disputes that are irrelevant or unnecessary will not be counted.”).
Finally, Hillier argues that the Department of State acted in bad faith by delaying its
responses to his requests. It is well established, however, that “delays in responding to a FOIA
request are rarely, if ever, grounds for discrediting later affidavits by the agency.” Iturralde v.
Comptroller of Currency, 

, 315 (D.C. Cir. 2003). 15 The delays alleged here do not
undermine the Stein declaration. Because the declaration is sufficiently detailed to conclude that
the Department of State made a good faith effort to search for the records Hillier requests using
methods that can reasonably be expected to produce the information requested, the Court finds
that the agency’s searches were adequate. See 

.
CONCLUSION
For the foregoing reasons, defendants’ Motion for Summary Judgment, Dkt. 40, will be
granted in part with respect to the CIA and Department of State and denied in part without
prejudice with respect to DHS. Hillier’s Motion for Partial Summary Judgment Against
15
Hillier originally made allegations of bad faith against the CIA, see Pl.’s Opp’n Br. at 45–46,
but appears to have abandoned those allegations, see Pl.’s Am. Opp’n Br. at 45-46 (attached as
Ex. 85 to Pl.’s Mot. to Amend, Dkt. 55). Regardless, the Court would reject any such challenge
for the reasons stated here.
35
Defendant United States Department of Homeland Security, Dkt. 41, will be denied without
prejudice because, without more detail about whether DHS determined that the Office of
Intelligence and Analysis was the only component with a record system that was reasonably
likely to contain responsive records, the Court is unable to conclude one way or the other
whether the search was reasonable, in which case neither party can prevail at this juncture. The
Court will deny Hillier’s Cross-Motion for Partial Summary Judgment Against the Central
Intelligence Agency and United States Department of State, Dkt. 48, because the Court holds
that the searches conducted by those agencies were reasonable and the CIA’s Glomar response
was compliant with both the Privacy Act and FOIA. Hillier ably raised numerous arguments
throughout the litigation of his Privacy Act requests and his remaining motions are addressed in
the accompanying order.
_________________________
DABNEY L. FRIEDRICH
United States District Judge
September 12, 2018
36