The FOIA Fight for SOP 303
In 2011, Charles Hill, a homeless man, was shot and killed by a BART police officer in the Civic Center station in San Francisco.[1] Protestors demonstrated in BART stations, opposing what they saw as the officer’s unwarranted fatal response to a drunk, suspected mentally ill man, who was armed solely with a knife and a vodka bottle.[2] BART service was disrupted by the demonstrations.[3] To combat a second protest, BART, without prior notice, temporarily shut down wireless communications service underground for three hours to thwart protestors’ attempt to organize.[4] Although it was not the first time a local or federal government shut down communication services in the name of public security, for some First Amendment advocates the BART incident was a clear example of how the government’s shut down power could easily be abused,[5] and attention was refocused on Standard Operation Protocol 303 (“SOP 303”).[6]
SOP 303, otherwise known as the cellphone kill switch, was created after the 2005 London bombings.[7] U.S. federal authorities feared that a similar remotely detonated bomb would be set off through the wireless networks at major infrastructure sites in New York City, and without notice to either the wireless providers or the public, “killed” cell service in the Lincoln, Holland, Queens and Brooklyn Battery Tunnels for almost two weeks after the London attack.[8] The unannounced shut down resulted in a government-acknowledged mess.[9] Lesson learned, the President’s National Security Telecommunications Advisory Committee charged a task force to create a process for coordinating government and industry actors in implementing emergency wireless network shut downs.[10] SOP 303 “Emergency Wireless Protocols” was codified by the now-disbanded National Communication System within the Department of Homeland Security (DHS).[11] President Obama, in a 2012 Executive Order, reaffirmed the DHS’s authority to seize private telecommunication facilities and shut down services in national emergencies.[12]
After the BART incident, the Electronic Privacy Information Center (“EPIC”) began inquiring into SOP 303, which has been the subject of an ongoing FOIA battle between EPIC and the DHS ever since. EPIC initially sent a FOIA request to the DHS for a copy of SOP 303’s text, the questions that determine its implementation, and any related guidelines or protocols.[13] After a dismissive response from DHS stating that they did not have any corresponding records[14], the DHS did eventually relent to a follow-up FOIA appeals request[15], and provided to EPIC, thirty, mostly redacted, pages on SOP 303, citing FOIA Exemptions 7(e) and 7(f) for blacking out huge swaths of the document and revealing little information of substance.[16]
In 2013, more than a year after its first FOIA request, EPIC successfully brought a suit against the DHS in the DC District Court, where the court held that Exemptions 7(e) and 7(f) did not apply.[17] The court found that the requested documents did not qualify for non-disclosure under Exemption 7(e) because they did not reveal “techniques and procedures for law enforcement investigations or prosecutions” as SOP 303 is a protective measure.[18] The court also did not buy the government’s argument that the records, if revealed, “could reasonably be expected to endanger life or physical safety of any individual,” as required under Exemption 7(f).[19] The concern that a terrorist could get ahold of details on how SOP 303 operates and use it to interfere with wireless networks, was found to be too broad of a threat and failed to identify any targeted group or victim with specificity as the phrase “any individual” in the statute’s text suggests is required.[20] EPIC’s victory was short lived, and in February, the DC Court of Appeals reversed the District Court’s judgment.[21] After its motion to rehear the case was denied, EPIC filed a petition for writ of certiorari arguing that the Court of Appeals broadened the purpose of 7(f) to protect against “diffuse security risks to unidentified groups” and created a “new catchall provision” that applies to any record related to domestic and national security programs.[22] The broadening of FOIA exemptions, EPIC argues, is a direct violation of FOIA’s codified presumption of disclosure.[23] The Solicitor General is expected to file a response to EPIC’s petition by the end of this month.[24]
Whether or not the Supreme Court eventually hears the case, it raises notable questions that the American public and the world at large will continue to struggle with in a new era of technology, social media and unfortunately very real and increasing threats of terrorism. What role should FOIA law play between ensuring public access to information for government accountability and protecting confidential information for national security? The stated purpose of SOP 303 is to prevent remotely activated bombs through wireless networks, but will shutting down wireless services actually thwart determined terrorists as easily as it might peaceful protestors? Should cellphone and internet access be considered a First Amendment right that should not be censored, even in national emergencies, especially as we now live in a world with Facebook check-ins and #PorteOuverte? These are questions without clear-cut answers, but what is certain for now is that SOP 303 remains a mystery.
** Update 1/11/2016: On January 11, 2016, the U.S. Supreme Court declined to review EPIC v. DHS, concerning the release of details of a secret “killswitch” protocol to shutdown cellphone and Internet service during emergencies.
Footnotes