Richard Chichakli v. Rex Tillerson
882 F.3d 229
D.C. Cir.2018Background
- In 2004–2005 OFAC designated Richard A. Chichakli as a Specially Designated National (SDN) under an Executive Order implementing Liberia-related sanctions and published his personal identifying information (name, SSN, DOB, addresses, aliases) on its SDN list.
- OFAC transmitted Chichakli’s information to the State Department, which forwarded it to the United Nations; the UN published additional identifiers (e.g., Australian driver’s license number).
- Chichakli later was extradited, criminally prosecuted, and imprisoned; he was removed from the sanctions lists in 2015 after the Executive Order terminating the emergency.
- Chichakli sued OFAC and the State Department under the Privacy Act alleging unlawful disclosures and resulting identity theft and financial harm.
- The District Court dismissed, holding the disclosures were covered by agencies’ "routine use" exceptions to the Privacy Act and that Chichakli failed to plead concrete, quantifiable damages (and treating claims against individuals as claims against the United States).
- On appeal the D.C. Circuit affirmed, focusing on whether the disclosures were compatible with the purpose for which the records were collected and whether routine-use notices covered the disclosures.
Issues
| Issue | Plaintiff's Argument | Defendant's Argument | Held |
|---|---|---|---|
| Whether OFAC/State disclosures fit the Privacy Act’s "routine use" exception | Disclosures were incompatible with the collection purpose and thus not covered by a valid routine-use | Disclosures were compatible with collection purpose and within published routine-use notices | Held for defendants: disclosures were compatible and covered by routine-use notices |
| Whether agencies published routine-use notices that authorized the disclosures | Argued certain earlier OFAC notices didn’t clearly authorize public publication | Pointed to State’s 2005 notice and OFAC’s 2010 notice authorizing dissemination to public/foreign authorities | Held for defendants: applicable routine-use notices covered the alleged disclosures |
| Whether any statutory/time-bar or forfeiture issues defeat the claims | Not raised as primary on appeal; earlier-notice argument asserted too late | Agency argued failure to raise earlier statutory-notice challenge below (forfeited) and some claims time-barred | Held: plaintiff forfeited the 2005-notice challenge; statute-of-limitations would bar older claims in any event |
| Whether plaintiff pleaded concrete, quantifiable damages under the Privacy Act | Alleged identity theft, fraudulent accounts, tax fraud, and financial harms | Agency argued damages were not sufficiently pleaded or tied to actionable disclosure | District Court found damages insufficient as alternative ground; appellate decision affirmed on routine-use grounds (did not reach damages sufficiency) |
Key Cases Cited
- Ames v. Dep’t of Homeland Sec., 861 F.3d 238 (D.C. Cir. 2017) (articulates compatibility test for routine-use exception)
- Sussman v. U.S. Marshals Serv., 494 F.3d 1106 (D.C. Cir. 2007) (disclosure incompatible where disclosure method was not for investigatory cooperation)
- Maydak v. United States, 630 F.3d 166 (D.C. Cir. 2010) (Privacy Act elements: violation, willfulness, and actual damages)
- Chichakli v. Szubin, 546 F.3d 315 (5th Cir. 2008) (prior challenge to SDN designation)
- Keepseagle v. Vilsack, 815 F.3d 28 (D.C. Cir. 2016) (argument forfeiture doctrine for issues not raised below)