The NSA Has Found a New Way to Categorically Deny FOIA Requests

Photo: AP
Photo: AP

The notoriously secretive National Security Agency is raising “security concerns” to justify an apparent new policy of pre-emptively denying Freedom of Information Act requests about the agency’s contractors.


The policy was cited by John R. Chapman, the agency’s chief FOIA public liaison officer, in a letter to Gizmodo on January 17, 2017, three days before Donald Trump’s inauguration. In explaining that the agency had declined to even conduct a search for records about a company called SCL Group, Chapman wrote, “Please be advised that due to changing security concerns, this is now our standard response to all requests where we reasonably believe acquisition records are being sought on a contract or contract-related activity.”

The response appears to indicate that the NSA will no longer release—or even search for—any records pertaining to the private contractors it works with. SCL Group is a U.K.-based behavioral research firm that has reportedly worked with the Department of Defense in the past; its subsidiary Cambridge Analytica was a central component of the Trump campaign’s winning strategy.

Several FOIA experts contacted by Gizmodo said they had never heard of such a denial before.

“This sounds like a non-Glomar Glomar response,” Bradley Moss, deputy executive director for The James Madison Project, told Gizmodo, using a nickname for the notorious practice of national security and law enforcement agencies refusing to confirm or deny the existence of records. There are existing reasons to categorically deny a request, and even to refuse to conduct a search, Moss said, but he’s never seen such a response justified in this way.

“They’re clamping down across the board,” Moss said. “There is clearly a determined and deliberate attempt to plug any gap” that might allow the public to see how the national security apparatus actually works. The apparently new standard hasn’t been reflected in the regulations that govern the NSA’s FOIA practices, and no rules or proposed rules have been recorded in the Federal Register that might illuminate the issue. Any decision by the NSA to pre-emptively deny requests for contractor-related records would be a major departure for the agency; in 2008 it produced a 22-page internal guidebook for responding to just such requests.

Chapman’s letter didn’t specify which “changing security concerns” motivated the new policy, and he did not immediately respond to an emailed inquiry from Gizmodo. When we called his office, the person answering the phone told us that Chapman wasn’t in the office and that “we don’t really answer questions over the phone.” The NSA’s public affairs office did not respond to a request for comment.


Gizmodo will appeal the denial. As for the company we were asking about: SCL Group (originally Strategic Communication Laboratories) has a complicated and sprawling corporate structure that makes it difficult to determine which of its components conduct what business and for whom. Cambridge Analytica, the subsidiary that worked on both the Trump and Brexit campaigns, made some $14.4 million in this election cycle, filings with the Federal Election Commission show, including $5.7 million from Ted Cruz’s campaign and $5.6 million from Donald Trump’s. The secretive father-daughter duo Robert and Rebekah Mercer—billionaire patrons to both Steve Bannon and Kellyanne Conway—are reportedly investors.

SCL Group worked predominately with commercial clients until the late ’90s, when the Indonesian government reportedly hired the organization for its psychological warfare expertise to respond to secessionist and religious violence. On its website, SCL Group claims to have worked with a variety of governmental and private entities the world over, including the U.S. State Department. SCL did not return a request for comment. (When we asked the State Department for documentation of that work, an official responded, “The claim by the company that you conveyed in your request is … peculiar. Without additional information, I am not able to verify the vendor’s claim.”)


If you know anything about the NSA’s changing security concerns, SCL Group, or Cambridge Analytica, please do get in touch, on a confidential basis if you like.


Reporter, Special Projects Desk


and 100 more

I would expect no less from the U.S. National Central Cyber Security Security Command Agency Service