Searching over 5,500,000 cases.

Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.

Wikimedia Foundation v. National Security Agency

United States District Court, D. Maryland

December 13, 2019




         Plaintiff, Wikimedia Foundation ("Wikimedia"), [1] challenges the legality of the National Security Agency's ("NSA") Upstream surveillance data gathering efforts, one of a series of recent cases challenging the constitutionality of the NSA's surveillance programs.[2] According to the Director of National Intelligence ("DM"), Upstream surveillance is a surveillance program authorized pursuant to § 702 of the Foreign Intelligence Surveillance Act ("FISA") that involves the targeted collection of non-U.S. persons' international Internet communications by the NSA.[3]Wikimedia alleges that the NSA has intercepted, copied, and collected Wikimedia's Internet communications pursuant to the Upstream surveillance program and that such interception, duplication, and collection exceeds the NSA's authority under FISA and violates Wikimedia's rights under the First and Fourth Amendments of the Constitution.

         At issue in this matter is defendants' motion for summary judgment. Defendants argue that judgment must be entered in their favor because Wikimedia, the only remaining plaintiff, lacks Article III standing. Defendants also argue that even if a genuine dispute of material fact exists as to Wikimedia's standing, the state secrets doctrine precludes further litigation of Wikimedia's standing, and thus requires entry of judgment in defendants' favor.

         Before analyzing the parties' arguments on the issue of Article III standing and the state secrets doctrine, however, it is important to address briefly three topics: (i) the definition of Upstream surveillance and the statutory authority for the NSA's Upstream surveillance program, (ii) the procedural history of this case, and (iii) the undisputed factual record developed by the parties. After addressing these three preliminary topics, which frame all of the analysis that follows, the pertinent summary judgment standard is set forth, and the parties' arguments are analyzed under that standard. For the reasons that follow, Wikimedia has failed to establish that it has Article III standing sufficient to survive summary judgment, and further litigation of this matter is precluded by the state secrets doctrine. Accordingly, this case must be dismissed, and judgment must be entered in favor of defendants.


         To begin with, it is necessary to define Upstream surveillance, the NSA program at issue in this litigation, and to clarify what is meant by the term Upstream surveillance as that term is used in this litigation. The NSA conducts Upstream surveillance pursuant to § 702 of FISA, 50 U.S.C. § 1881a. The government has acknowledged that it conducts § 702 surveillance through two programs, namely the Upstream and PRISM programs.[4] In PRISM surveillance, the government acquires communications directly from a United States-based Internet Service Provider ("ISP"). See PCLOB 702 Report, at 33. In contrast, the acquisition of communications via Upstream surveillance does not occur "with the compelled assistance of the United States ISPs, but instead with the compelled assistance... of the providers that control the telecommunications backbone over which communications transit."[5] Id. at 35. Thus, Upstream collection, unlike PRISM collection, "does not occur at the local telephone company or email provider with whom the targeted person interacts." Id. Instead, the collection of communications for Upstream surveillance "occurs 'upstream' in the flow of communications between communication service providers." Id. Only the Upstream surveillance program is at issue in this case.

         As noted, the government contends that its Upstream surveillance program is conducted pursuant to FISA § 702. Specifically, § 702 permits the Attorney General and the DNI to authorize jointly, for up to one year, foreign-intelligence surveillance targeted at non-U.S. persons located abroad, [6] if the Foreign Intelligence Surveillance Court ("FISC")[7] approves the government's written certification demonstrating that the intended surveillance complies with statutory requirements.[8] To approve such a certification, the FISC must determine that the government's targeting procedures are reasonably designed:

(i) to ensure that acquisition "is limited to targeting persons reasonably believed to be located outside the United States," 50 U.S.C. § 1881a(j)(2)(B)(i);
(ii) to prevent the intentional acquisition of wholly domestic communications, id § 1881aG)(2)(B)(ii);
(iii) to "minimize the acquisition and retention, and prohibit the dissemination, of nonpublicly available information concerning unconsenting United States persons consistent with the need of the United States to obtain, produce, and disseminate foreign-intelligence information," id § 1801(h)(1); see id § 1881aG)(2)(C); and
(iv) to ensure that the procedures "are consistent with...the [F]ourth [A]mendment," id § 1881a(j)(3)(A).[9]

         In effect, FISC approval of government surveillance pursuant to § 702 means that the FISC has found that the surveillance comports with the statutory requirements and the Constitution.

         The recent release of public reports and declassification of some FISC opinions have revealed additional details regarding the collection of communications pursuant to § 702. After the FISC approves a § 702 certification, the NSA designates "targets," which are non-U.S. persons located outside the United States who are reasonably believed to possess or receive, or are likely to communicate, foreign-intelligence information designated in the certification.[10] The NSA then attempts to identify "selectors," namely the specific means by which the targets communicate, such as email addresses or telephone numbers.[11] Importantly, selectors cannot be key words (e.g., "bomb") or targets' names (e.g., "Bin Laden"); rather, selectors must be specific communication identifiers.[12] The government then may issue a § 702 directive to a U.S. telecommunications service provider requiring it to assist the government in acquiring communications involving those selectors.[13]

         As for the actual collection of communications containing these targeted selectors, the government has described the Upstream surveillance collection process as follows:

[C]ertain Internet transactions transiting the Internet backbone network(s) of certain electronic communication service provider(s) are filtered for the purpose of excluding wholly domestic communications[, ] and are then scanned to identify for acquisition those transactions [that contain communications] to or from... persons targeted in accordance with the applicable NSA targeting procedures; only those transactions that pass through both the filtering and the scanning are ingested into Government databases.

         Defs.' Br. 4 (quoting Pub. Decl. of Daniel R. Coats, Director of National Intelligence, ¶ 15, ECF No. 138-2).[14] Thus, the Upstream surveillance collection process involves three steps-(1) filtering, (2) scanning, and (3) ingesting. As this description shows, although the government has disclosed some information about Upstream surveillance in declassified documents and unclassified reports, most technical details of the Upstream surveillance process remain classified. Wikimedia Found, v. Nat'l Sec. Agency, 857 F.3d 193, 202 (4th Cir. 2017) (citing Jewel v. Nat'l Sec. Agency, 810 F.3d 622, 627 (9th Cir. 2015)).


         With this statutory framework and definition of Upstream surveillance in mind, it is appropriate to turn to the procedural history of this case. On June 22, 2015, Wikimedia, along with eight other organizations, [15] filed the Amended Complaint in this suit, challenging the legality of the NSA's Upstream surveillance program. The Amended Complaint alleges that Upstream surveillance (i) exceeds the scope of the government's authority under § 702, (ii) violates Article III, (iii) violates the First Amendment, and (iv) violates the Fourth Amendment and requests (i) a declaration that Upstream surveillance violates the Constitution and § 702 and (ii) an order permanently enjoining the NSA from conducting Upstream surveillance. On August 6, 2015, defendants moved to dismiss the Amended Complaint, arguing that plaintiffs lacked Article III standing. On October 23, 2015, defendants' motion was granted on the ground that plaintiffs' allegations were too speculative to establish Article III standing. Wikimedia Found. v. Nat'l Sec. Agency, 143 F.Supp.3d 344, 356 (D. Md. 2015), aff'd in part, vacated in part, and remanded by, 857 F.3d 193 (4th Cir. 2017).

         Thereafter, plaintiffs appealed, and the Fourth Circuit affirmed in part, vacated in part, and remanded the case for further consideration. Wikimedia Found., 857 F.3d at 200. Specifically, the Fourth Circuit vacated the finding that Wikimedia lacked standing, but affirmed the finding that the other plaintiffs lacked standing. Id. The Fourth Circuit concluded that Wikimedia had established standing sufficient to survive a facial challenge to the Amended Complaint based on the "Wikimedia Allegation", namely the allegation "that the sheer volume of [Wikimedia's] communications makes it virtually certain that the NSA has intercepted, copied, and reviewed at least some of [Wikimedia's] communications[, ]" "even if the NSA conducts Upstream surveillance on only a single [I]nternet [backbone] link." Id. at 202, 209 (internal quotation marks and citation omitted). Three factual allegations, accepted as true as required at the motion to dismiss stage, made the Wikimedia Allegation plausible: (i) "Wikimedia's communications almost certainly traverse every international [Internet] backbone link connecting the United States with the rest of the world[J" (ii) "the NSA has confirmed that it conducts Upstream surveillance at more than one point along the [I]nternet backbone[J" and (iii) "the government, for technical reasons[, ]... must be copying and reviewing all the international text-based communications that travel across a given [Internet backbone] link upon which it has installed surveillance equipment." Id. at 210-11 (internal quotation marks and citations omitted).

         Importantly, the Fourth Circuit rejected the "Dragnet Allegation", that is the allegation "that[, ] in the course of conducting Upstream surveillance[, ] the NSA is intercepting, copying, and reviewing substantially all text-based communications entering and leaving the United States, including" those of the nine plaintiffs. Id. at 202 (internal quotation marks and citation omitted). Plaintiffs alleged the following facts in support of the Dragnet Allegation: (i) "the NSA has a strong incentive to intercept communications at as many [Internet] backbone chokepoints as possible, and indeed must be doing so at many different [Internet] backbone chokepoints," (ii) "the technical rules governing online communications make this conclusion especially true," and (iii) "a New York Times article asserts that the NSA is temporarily copying and then sifting through the contents of what is apparently most e-mails and other text-based communications that cross the [U.S.] border." Id. at 213 (internal quotation marks and citations omitted). The Fourth Circuit concluded that the Dragnet Allegation failed to establish standing because it did "not contain enough well-pleaded facts entitled to the presumption of truth." Id. at 200. As such, although Wikimedia pled sufficient facts to establish standing at the motion to dismiss stage, the other plaintiffs did not. Id. at 200. Thus, Wikimedia is the only remaining plaintiff.

         On remand, an Order issued on October 3, 2017 directing the parties to conduct a limited five-month period of jurisdictional discovery. See ECF Nos. 117, 123. Both sides took depositions and served requests for written discovery and production of documents. Defendants objected to 53 of Wikimedia's 84 discovery requests on the ground that responses to the requests would reveal classified information protected by the common law state secrets privilege and related statutory privileges. Thereafter, the DNI formally asserted the state secrets privilege and the statutory privilege set forth in 50 U.S.C. § 3024(i)(1).[16] Defendants stated that the information Wikimedia sought, if disclosed, reasonably could be expected to result in exceptionally grave damage to U.S. national security.[17] Wikimedia subsequently moved to compel production of the documents. On August 20, 2018, an Order and Memorandum Opinion issued, concluding that defendants satisfied the procedural requirements necessary to invoke the state secrets privilege, that the information sought to be protected qualified as privileged under the state secrets doctrine, and that therefore, Wikimedia's motion to compel must be denied. Wikimedia Found. v. Nat'l Sec. Agency, 335 F.Supp.3d 772, 790 (D. Md. 2018). Accordingly, the parties continued jurisdictional discovery, limited to information not protected by the state secrets privilege.

         Defendants now seek summary judgment on the ground that Wikimedia lacks Article III standing to contest the legality of the NSA's Upstream surveillance program, or alternatively, that if there is a genuine issue of material fact as to the three essential elements of the Wikimedia Allegation articulated in the Fourth Circuit's remand order, the state secrets doctrine operates to preclude further litigation of Wikimedia's standing and thus requires entry of judgment in defendants' favor.


         Summary judgment is appropriate only where there are no genuine disputes of material fact. Rule 56, Fed.R.Civ.P. Accordingly, the material facts as to which no genuine dispute exists must first be identified. Defendants set out their statement of material facts in their brief in support of summary judgment, as required by the local rules. Plaintiff, in addition to responding to defendants' statement of material facts as required by the local rules, also offered their own separate statement of material facts in their brief in opposition to summary judgment. Neither the local rules of the District of Maryland nor the Eastern District of Virginia require plaintiff, as the non-moving party, to set forth a statement of material facts. See generally D. Md. Local Rules; E.D. Va. Local Civ. R. 56(B). In the interest of completeness, however, and because each party has responded to the other party's statement of material facts, all facts, and disputes as to those facts, have been considered in deriving from the record the following undisputed material facts.

         1. The Internet is a global collection of networks, large and small, interconnected by a set of routers.[18] Together, these large and small networks function as a single, large virtual network, on which any device connected to the network can communicate with any other connected device.

         2. To communicate over the Internet, an individual user connects with the network of a local Internet Service Provider ("ISP"), either directly (typically for a monthly fee) or indirectly through an organization (e.g., a place of business, an Internet cafe). In turn, the local ISP's network connects to the networks of larger regional and national ISPs, the largest of which are called "Tier 1" telecommunication service providers (e.g., AT&T, Century Link, Cogent, Verizon).

         3. Tier 1 providers and other large carriers maintain high-capacity terrestrial fiber-optic networks, known generally as Internet "backbone" networks, that use long-haul terrestrial cables to link large metropolitan areas across a nation or region. Data travel across these cables in the form of optical signals, or pulses of light.

         4. The Internet backbone also includes transoceanic cables linking North and South America with each other and with Europe, Asia, the Middle East, and Africa. These undersea cables reach shore at points known as cable landing stations, from which they are linked to the terrestrial telecommunications network.

         5. Tier 1 providers and other large carriers typically connect separate legs of their own networks using high-capacity switches. To allow users of different providers' networks to communicate with one another, Tier 1 providers and other large carriers typically interconnect their networks using high-capacity routers.[19]

         6. Generally speaking, to send a communication on the Internet, the transmitting device (e.g., a personal computer, a cell phone) first converts the communication into one or more small bundles of data called "packets," configured according to globally accepted protocols.[20]

         7. When a communication is broken into separate packets, each packet includes (i) a "header," which consists of the routing, addressing, and other technical information required to facilitate the packets' travel from its source to its intended destination, and (ii) a "pay load," which consists of a portion of the contents of the communication being transmitted.

         8. A packet's header contains three relevant pieces of address and routing information: (i) the packet's source and destination Internet Protocol ("IP") addresses; (ii) the source and destination ports; and (iii) protocol numbers.

         9. IP addresses, which are included in packet headers, are unique numeric identifiers assigned to particular computers, devices, or systems connected to the Internet.[21] IP addresses are used to direct data back and forth between one computer (or other online device) and another online device. IP addresses may be analogized to the destination and return addresses on a mailing envelope.

         10. The IP addresses of entities with a large, fixed presence on the Internet do not change and are publicly accessible.[22]

         11. Port numbers, which are also included in packet headers, are used to identify communications of different kinds (e.g., webpage requests, or email) so that servers hosting multiple communications services (e.g., a website and an email service) can distinguish packets destined for one service from those meant for another. Port numbers for common applications, like web-browsing and email, are assigned in a common industry registry maintained by the IANA. Whereas IP addresses can be analogized to the street address on a letter, port numbers are roughly analogous to the apartment numbers at a multi-unit dwelling.

         12. Protocol numbers, which are also included in packet headers, are used by receiving devices to determine the appropriate method of interpreting data (e.g., HTTP, TCP/IP). A protocol defines the actions taken upon the transmission and/or receipt of a message or other transmission. Protocols are also assigned numbers maintained in a common industry registry maintained by the IANA.

         13. After a communication has been broken into packets by the transmitting device, specialized computers called routers and switches ensure that the packets travel an appropriate path across the Internet to their destination IP address.

         14. Each router or switch through which a packet transits scans the packet's header information, including its destination IP address, and determines which direction (path) the packet should follow next in order to reach its intended destination. The router or switch operates somewhat similarly to Google Maps, updating the fastest route to take between a user's starting point and his or her destination.

         15. When packets transmitting a communication arrive at the receiving computer, smartphone, or other online device, the receiving device reassembles the packets into the original communication, such as a webpage or email.

         16. Traffic "mirroring" is a technical term for a process by which a router or switch, in addition to determining where on the Internet each packet should be forwarded next, can also identify certain packets to be copied ("mirrored") and divert the designated copies off-network for separate processing. In other words, traffic mirroring can create a copy of all communications, or a subset of all communications, passing through a router or switch without interrupting the flow of those communications.

         17. Traffic mirroring is accomplished by programming routers and switches with access control lists ("ACLs") to determine whether packets will be copied and collected at a certain link (the "interface") between the router or switch and another device. The criteria used in the ACL can include a packet's source or destination IP address, the port number, the protocol numbers, or other information contained in a packet header.

         18. The router or switch examines the header information of each packet it processes, and compares it to the ACL for each interface, to determine which interfaces the packet may or may not pass through without mirroring (copying).

         19. Tier 1 providers and other smaller service providers employ traffic mirroring in the normal course of their operations for such purposes as monitoring traffic load, conducting quality-control processes, and rejecting unwanted traffic.

         20. At any link on the Internet where surveillance may be conducted, traffic mirroring with ACLs can be used in several ways to make only certain packets available for inspection by a collecting entity.[23]

         21. To conduct traffic mirroring, an interface (a fiber-optic link) would have to be established between the router or switch directing traffic at the selected location and the separate equipment used by the collecting entity (hereinafter, the "collector interface").

         22. After the collector interface is established, communications traffic passing through the carrier's router or switch to the collector's equipment can be filtered by "whitelisting" or "blacklisting" techniques. "Whitelisting" or "blacklisting" involves configuring an ACL to allow only packets meeting the ACL's criteria to be copied and passed through the collector interface to the collector's equipment.

         23. For example, the collector could configure an ACL containing a "whitelist" of specific IP addresses of interest. When the router or switch examines the header information of each packet it processes, it would then, (i) as usual, forward a copy of the packet toward its intended destination, (ii) perhaps forward additional copies through other interfaces, per the carrier's routine business practices, and (iii) if, and only if, the packet header contains a source or destination IP address on the whitelist, create an additional copy of the packet, and forward it through the collector interface into the collector's possession and control. In other words, packets containing IP addresses on the whitelist would be copied and sent through to the collector's equipment. Packets not meeting the whitelist criteria would not be copied for, or made available to, the collector's equipment for any purpose.

         24. Blacklisting, conversely, involves configuring an ACL to allow all packets to be copied to the collector interface except those matching the ACL's criteria. With a blacklist, the router or switch would examine each packet header and (i) as usual, forward a copy of the packet toward its intended destination, (ii) perhaps forward additional copies through other interfaces, per the carrier's routine business practices, and (iii) create an additional copy of every packet and forward it through the collector interface into the collector's possession and control, except for those packets with source or destination IP addresses on the blacklist. In other words, if the router or switch finds that a packet header contains a source or destination IP address on the blacklist, an additional copy of that packet is not created or forwarded through the collector interface.

         25. Whitelisting and blacklisting techniques can also be used to limit mirroring to particular sources of traffic, such as only cables used by specific carriers, or only cables linked to specific countries or regions.

         26. In addition, ACLs can be configured to whitelist or blacklist particular types of communication based on their port or protocol numbers, such as email communications or communications from accessing websites.

         27. Wikimedia operates twelve free-knowledge projects on the Internet, including Wikipedia. Wikipedia, a free-access, free content encyclopedia, is one of the top ten most-visited websites in the world. In 2017, Wikipedia's website received visits from more than 1 billion unique devices each month.

         28. Wikimedia engages in more than a trillion international Internet communications each year, with individuals in every country on the planet. This includes communications between foreign users and Wikimedia's U.S.-based servers, and communications between U.S. users and Wikimedia's foreign-based servers.

         29. Wikimedia has identified three categories of its international Internet communications that it contends are subjected to Upstream surveillance collection by the NSA: (i) communications with its community members[24] ("Category 1"), (ii) internal "log" communications ("Category 2"), and (iii) the electronic communications of Wikimedia's staff ("Category 3").

         30. Category 1 consists of communications with and among Wikimedia's community members, including requests from foreign and domestic users to view or download content from Wikimedia websites, and email communications sent from foreign users to Wikimedia servers.[25] All of these communications were directed to the public IP address ranges assigned to and used by Wikimedia.

         31. Category 2 consists of internal log communications transmitted from Wikimedia's servers in the Netherlands to its servers in the United States. These communications are encrypted and received at one of the same public IP address ranges as Wikimedia's communications in Category l.[26]

         32. Category 3 consists of communications by Wikimedia's staff using various protocols, some of which are encrypted, some of which are not. These communications, like those in Categories 1 and 2, are sent and received from the public IP address ranges assigned to and used by Wikimedia.[27]

         33. The total volume of Wikimedia's international Internet communications exceeds the number of cables transporting Internet communications between the U.S. and other countries. Moreover, Wikimedia's communications are broadly distributed, with users in every country in the world.

         34. It is "virtually certain" that Wikimedia's communications traverse every cable carrying public Internet traffic that connects the U.S. to other countries.

         35. The government has described Upstream surveillance as involving three steps. First, "certain Internet transactions transiting the Internet backbone network(s) of certain electronic communication service provider(s) are filtered for the purpose of excluding wholly domestic communications." Second, these Internet transactions "are then scanned to identify for acquisition those transactions [that contain communications] to or from ... persons targeted in accordance with the applicable NSA targeting procedures." And third, "those transactions that pass through both the filtering and the scanning are ingested into Government databases."[28]

         36. Prior to April 2017, Upstream surveillance involved "about" collection (i.e., a communication containing a reference in the communication's text to a selector tasked for acquisition under § 702). "About" communications were not necessarily sent to or from the user of a § 702 tasked-selector.

         37. The statement-the "NSA will acquire a wholly domestic 'about' communication if the transaction containing the communication is routed through an international Internet link being monitored by NSA or is routed through a foreign server"-was accurate as of October 3, 2011.[29]


         Summary judgment is appropriate when there is "no genuine issue as to any material fact" and based on those undisputed facts the moving party "is entitled to judgment as a matter of law." Celotex Corp. v. Catrett,477U.S. 317, 322 (1986). To serve as a bar to summary judgment, facts must be "material," which means that the disputed fact "might affect the outcome of the suit under the governing law." Anderson v. Liberty Lobby, Inc.,477 U.S. 242, 248 (1986). Where a party "fails to make a showing sufficient to establish the existence of an element essential to that party's case, and on which that party will bear ...

Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.