United States District Court, District of Columbia
P. Mehta United States District Judge
Dave Levinthal and the Center for Public Integrity bring this
suit under the Freedom of Information Act
(“FOIA”). On July 6, 2015, Plaintiffs submitted a
FOIA request to Defendant Federal Election Commission
seeking: (1) a copy of a study that assesses vulnerabilities
in the Commission's information technology
(“IT”) systems and makes recommendations to
address those vulnerabilities; and (2) any emails and
documents related to the study. Defendant produced non-exempt
materials related to the study, but withheld the study
itself. Plaintiffs brought this suit claiming that Defendant
violated FOIA by failing to produce the study.
consideration of the parties' submissions and the record
evidence, the court grants Defendant's Motion for Summary
Judgment and denies Plaintiffs' Cross-Motion for Summary
required by Local Civil Rule 7(h)(1), Defendant Federal
Election Commission (“Commission” or
“Defendant”) submitted a detailed statement of
undisputed material facts. See Def.'s Mot. for
Summ. J., ECF No. 13 [hereinafter Def.'s Mot.],
Def.'s Stmt. of Material Facts, ECF No. 13-1 [hereinafter
Def.'s Stmt.]. Plaintiffs, for their part, responded with
a bare-boned counter-statement that did not dispute
Defendant's factual assertions. Pls.' Cross-Mot. for
Summ. J., ECF No. 14 [hereinafter Pls.' Mot.], Pls.'
Stmt. of Material Facts, ECF No. 14-1 [hereinafter Pls.'
Stmt.]. Accordingly, the court treats
Defendant's proffered facts, recited below, as conceded
by Plaintiffs. See SEC v. Banner Fund Int'l, 211
F.3d 602, 616 (D.C. Cir. 2000) (“If the party opposing
the motion fails to comply with [the] local rule, then
‘the district court is under no obligation to sift
through the record' and should ‘[i]nstead . . .
deem as admitted the moving party's facts that are
uncontroverted by the nonmoving party's Rule [LCvR
7.1(h)] statement.'” (alterations in original)
(quoting Jackson v. Finnegan, Henderson, Farabow, Garrett
& Dunner, 101 F.3d 145, 154 (D.D.C. 1996)).
Fiscal Year 2014, the Commission hired an outside contractor,
S.D. Solutions, LLC, to determine whether there were
vulnerabilities in the Commission's IT systems and, if
there were, to provide remedial recommendations. Def.'s
Stmt. ¶ 5; Def.'s Mot., Decl. of Alec Palmer, ECF
No. 13-2 [hereinafter Palmer Decl.], ¶ 7. The Commission
ordered the study to assist it in deciding whether to
implement newly developed information security guidelines
published by the U.S. Department of Commerce's National
Institute of Standards and Technology (“NIST”).
Def.'s Stmt. ¶ 6; Palmer Decl. ¶ 7. In
preparing its report, S.D. Solutions examined the
Commission's “physical and virtual information
technology assets” and recommended measures for the
Commission to protect its infrastructure from “wrongful
interference, circumvention, or unlawful action by
unauthorized persons.” Palmer Decl. ¶ 8.
Furthermore, it assessed the “vulnerabilities to
unlawful breach present in the Commission's technological
infrastructure, describing sensitive Commission systems and
recommending specific security measures to address the
vulnerabilities.” Id. The Commission refers to
S.D. Solutions' final report and its related documents,
collectively, as the “NIST Study.” Def.'s
Stmt. ¶ 8; Palmer Decl. ¶ 18.
NIST Study consists of two parts. The first part is an
overview memorandum prepared by the Commission's Office
of the Chief Information Officer. The overview memorandum
lists measures the Office has used in the past to address IT
vulnerabilities, summarizes S.D. Solutions' final report,
and discusses “the practicalities of implementing the
[NIST] guidelines should the Commission adopt the
recommendations in the Final Report.” Def.'s Stmt.
¶ 10; Palmer Decl. ¶¶ 2, 9, 10. The overview
memorandum includes two appendices: (1) an abridged version
of the full final report, and (2) a summary of both the
recommendations in the report and the personnel and financial
resources that would be required to satisfy each
recommendation. Id. ¶¶ 10, 11.
second part of the NIST Study is the final report itself. As
discussed, the report describes the Commission's IT
network, assesses the security of each system and identifies
the vulnerabilities therein, and contains recommendations for
security measures to address the identified vulnerabilities.
Id. ¶¶ 12, 14.
Dave Levinthal is an investigative journalist employed by
Plaintiff the Center for Public Integrity. See
Pls.' Mot. at 1; Def.'s Mot. at 3; Def.'s Stmt.
¶ 4. On July 6, 2015, Plaintiffs submitted a FOIA
request to the Commission, seeking: (1) “a copy of the
2015 National Institute of Standards and Technology
Report-also known as the NIST study-pertaining to the Federal
Election Commission's operations, ” and (2)
“any FEC emails, memoranda, correspondence or other
documents that, in any form or fashion, mention or refer to
this National Institute of Standards and Technology report,
by name or otherwise.” Def.'s Stmt. ¶ 38;
Def.'s Mot., Decl. of Robert M. Kahn, ECF No. 13-3
[hereinafter Kahn Decl.], ¶ 6 & Ex. A [hereinafter
August 18, 2015, the Commission denied Plaintiffs'
request for a copy of the NIST Study, but granted their
request for documents that mention or refer to the study,
subject to applicable FOIA exemptions. Kahn Decl. ¶ 7
& Ex. C (Email from Robert M. Kahn to Dave Levinthal
(Aug. 18, 2015)). The Commission eventually produced more
than 1, 450 pages of non-exempt records, and non-exempt
portions of records, that mentioned or referred to the NIST
Study. Jt. Status Rep., ECF No. 11.
filed an administrative appeal challenging the decision to
withhold the NIST Study, asserting that it “is likely
to contain information that directly benefits the
public's understanding of Federal Election Commission
capabilities and operations during a high-profile election
season.” Kahn Decl. ¶ 8 & Ex. C. In September
2015, the Commission denied ...