Searching over 5,500,000 cases.


searching
Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.

Long v. Immigration and Customs Enforcement

United States District Court, District of Columbia

September 29, 2017

SUSAN B. LONG, et al., Plaintiffs,
v.
IMMIGRATION AND CUSTOMS ENFORCEMENT, et al., Defendants.

          MEMORANDUM OPINION AND ORDER

          Amit P. Mehta, United States District Judge.

         This case arises from seven requests Plaintiffs Susan B. Long and David Burnham made under the Freedom of Information Act (“FOIA”) between October 13, 2010, and February 26, 2013, in which they sought information regarding the metadata and database schema for databases used by Defendant Immigration and Customs Enforcement (“ICE”) and Defendant Customs and Border Patrol (“CBP”), as well as information concerning “snapshots” of one database. Plaintiffs seek this information on behalf of the Transactional Records Access Clearinghouse (“TRAC”) at Syracuse University, which collects, organizes, and distributes data concerning federal government enforcement activities. Defendants produced several pages of responsive documents but withheld many others, leading to the present litigation. In a prior ruling in this matter, the court granted in part and denied in part the parties' cross-motions for summary judgment.

         Only a few issues in this litigation remain. First, the parties continue to dispute whether disclosure of metadata and database schema pertaining to Defendant ICE's Enforcement Integration Database (“EID”) and Integrated Decision Support Database (“IIDS”) could reasonably be expected to risk circumvention of the law, such that those materials may be withheld pursuant to FOIA Exemption 7(E). Second, the parties disagree as to whether Defendant conducted an adequate search to locate “snapshot” identification and preparation records, consistent with Plaintiffs' Third FOIA Request, and then properly withheld certain responsive materials while segregating and releasing non-exempt materials. Both parties have moved for summary judgment.[1]

         Despite an augmented record and supplemental briefing, summary judgment in full remains elusive. The court concludes that there remain genuine disputes of fact as to whether (1) disclosure of the EID and IIDS metadata and database schema could “reasonably be expected to risk circumvention of the law, ” 5 U.S.C. § 552(b)(7)(E) (emphasis added); (2) the requested information concerning the timing and frequency of snapshot production was “compiled for law enforcement purposes” and, if so, whether its release could “reasonably be expected to risk circumvention of the law, ” id. (emphasis added); and (3) whether Defendant performed a proper segregability analysis as to those responsive materials. The court does grant summary judgment to Defendant, however, as to the adequacy of its search in response to Plaintiffs' Third FOIA Request, its withholding of employees' names and contact information under Exemption 6, and its segregability analysis as to those withholdings. Accordingly, the court grants in part and denies in part Defendant's Motion for Summary Judgment and denies in full Plaintiffs' Cross-Motion for Summary Judgment.

         I. BACKGROUND

         The court assumes the parties' familiarity with the underlying factual and procedural history of this case and recites only what is necessary to resolve the narrow issues that remain.

         Three of Plaintiffs' seven FOIA requests are still at issue. Plaintiffs submitted two FOIA requests-one on October 13, 2010, the other on October 18, 2010-that sought documents disclosing the fields, variables, codes, and structures of the shared Enforcement Integration Database (“EID”) and Integrated Decision Support Database (“IIDS”), upon which ICE and CBP rely to manage cases pertaining to the detention of undocumented immigrants. See Long v. Immigration & Customs Enf't, 149 F.Supp.3d 39, 43-44 (D.D.C. 2015). The EID contains information “related to the investigation, arrest, booking, detention, and removal of persons encountered during immigration and criminal law enforcement investigations and operations conducted by ICE, CBP, and U.S. Citizenship and Immigration Services.” Id. at 44 (alterations adopted) (internal quotation marks omitted). The IIDS contains a subset of that information, including “biographic information, information about encounters between agents/officers and subjects, and apprehension and detention information about all persons in EID, ” which the agency uses to produce management and statistical reports. Id. at 45 (internal quotation marks omitted). Plaintiffs submitted a Third FOIA Request to Defendant on September 21, 2012, that sought, in relevant part, information relating to “snapshots” and extracts of the EID over a 12-month period. Id. “Snapshots” and extracts refer to subsets of select EID data maintained in other databases that allow Defendant to search all the information contained in the EID at a particular point in time. Id. Plaintiffs' Third FOIA Request seeks the following information surrounding these snapshots and extracts: (1) documents identifying any snapshots prepared in the past 12 months; (2) the frequency with which snapshots are taken; (3) who prepares the snapshots; (4) to whom snapshots have been sent, and (5) how long it takes to prepare the snapshots. See id.

         Plaintiffs received a limited amount of materials in response to these three FOIA requests. With respect to the first two requests, Defendant released 97 redacted pages of responsive documents, but withheld the remaining responsive materials premised on FOIA Exemption 7(E). See Id. With respect to the Third FOIA Request, Defendant created a nine-page document (“the Nine-Page Document”) that summarizes the responsive materials and released a redacted version of that document, but not the original responsive materials. See Id. at 46.

         Plaintiffs filed suit, claiming, as relevant here, that Defendant has not complied with its FOIA obligations in responding to Plaintiffs' request for EID and IIDS metadata and database schema or Plaintiffs' Third FOIA Request. See Compl., ECF No. 1. Defendants moved for summary judgment on the ground that disclosure of EID and IIDS metadata and database schema would risk a Structured Query Language (“SQL”) injection attack, thereby justifying the agency's withholding of that information under Exemption 7(E). See Defs.' Mot. for Summ. J. & Mem. in Supp., ECF No. 17 [hereinafter Defs.' Mot. for Summ. J., ECF No. 17], at 22-26.[2] Even assuming the materials sought could qualify for withholding under Exemption 7(E), Plaintiffs argued in opposition, it was unclear how Defendant could claim that disclosure of this information risks a SQL injection attack, given that that type of attack requires a direct connection to a database and the EID and IIDS are not publicly accessible. See Pls.' Mem. in Supp. of Cross-Mot. for Summ. J., ECF No. 18, at 19. Separately, Plaintiffs noted, at no point had Defendant provided any information regarding its efforts to search for snapshot identification and preparation records in response to their Third FOIA Request. See Id. at 31.

         In a Memorandum Opinion and Order issued on December 14, 2015, the court agreed with Plaintiffs as to these two issues. Specifically, the court held that the metadata and database schema at issue satisfy the “compiled for law enforcement purposes” and “techniques, procedures, or guidelines” requirements of Exemption 7(E), but the court was unconvinced that Defendant had sufficiently shown how disclosure of these materials “could reasonably be expected to risk circumvention of law” in light of the incongruity between the type of harm claimed and the purported impossibility of it occurring. See Long, 149 F.Supp.3d at 48-54 (emphasis added). Additionally, the court agreed that Defendant had not explained its efforts to conduct an adequate search for materials responsive to Plaintiffs' Third FOIA Request. Id. at 60.

         In the wake of the court's decision, the parties submitted supplemental briefing and evidence in support of their respective positions. With respect to the EID and IIDS metadata and database schema, Defendant emphasized that its disclosure would risk circumvention of law even in the absence of a public interface because disclosing that information would make it easier for hackers to create convincing e-mails that lull unsuspecting, authorized users to click on nefarious links or attachments, also known as phishing or spear phishing attacks, and inadvertently allow hackers to access the system and/or steal users' credentials. See Defs.' Notice of Suppl. Evid., ECF No. 32 [hereinafter Defs.' Notice], Ex. 3, ECF No. 32-3 [hereinafter Foster Decl.], ¶¶ 14-15; Defs.' Suppl. Br. in Supp. of Defs.' Mot. for Summ. J., ECF No. 35 [hereinafter Defs.' Suppl. Summ. J. Br.], at 5-8. Separately, Defendant explains that the reasonableness and adequacy of its search in response to Plaintiffs' Third FOIA Request is evidenced by the fact that the Request went through multiple levels of review, and experts in a sub-division curated the search and created a responsive document, with redactions justified under Exemptions 6, 7(C), and 7(E). Defs.' Suppl. Summ. J. Br. at 16-17; Defs.' Notice, Ex. 2, ECF No. 32-2 [hereinafter Wilson Decl.], ¶¶ 21, 25, 30, 35, 38, 49, 52. In response, Plaintiffs submitted a supplemental brief that contests the application of Exemption 7(E) to withhold the EID and IIDS metadata and database schema; the adequacy of the search in response to their Third FOIA Request; Defendant's reliance on Exemptions 6, 7(C), and 7(E) to withhold material responsive to the Third FOIA Request; and Defendant's segregability analysis. See Pls.' Suppl. Mem. in Opp'n to Defs.' Mot. for Summ. J. & in Supp. of Cross-Mot. for Summ. J., ECF No. 37 [hereinafter Pls.' Suppl. Summ. J. Br.]. In part, Plaintiffs argued that Defendant has identified no “reasonable” expectation that disclosure risks compromising EID security because Defendant previously provided to Plaintiffs earlier versions of the materials they now seek. Id. at 10-11. Because Defendants' supplemental reply brief did not respond to that argument, cf. Defs.' Opp'n to Pls.' Suppl. Cross-Mot. & Suppl. Reply Br. in Supp. of Defs.' Mot. for Summ. J., ECF No. 40 [hereinafter Defs.' Suppl. Reply], at 6-10, the court ordered supplemental briefing as to whether there remains a “reasonable” risk of a security breach given Plaintiffs' claim that Defendants previously disclosed the same type of information. Minute Order, Jan. 26, 2017.

         The issues being ripe for resolution, the court now turns to the remaining issues in this lit igat ion.

         II. LEGAL STANDARD

         The court reviews de novo whether an agency has complied with its obligations under FOIA. 5 U.S.C. § 552(a)(4)(B).

         On a motion for summary judgment, a court must enter judgment in favor of the moving party if that party “shows that there is no genuine dispute as to any material fact and the movant is entitled to judgment as a matter of law.” Fed.R.Civ.P. 56(a). A dispute is “genuine” only if a reasonable fact-finder could find for the nonmoving party, and a fact is “material” only if it is capable of affecting the outcome of the litigation. Anderson v. Liberty Lobby, Inc., 477 U.S. 242, 248 (1986).

         FOIA requires a federal agency to conduct an “adequate search” in response to a FOIA Request. An agency performs an “adequate search” within the meaning of FOIA when it performs a search “reasonably calculated to uncover all relevant documents.” Oglesby v. U.S. Dep't of the Army, 920 F.2d 57, 68 (D.C. Cir. 1990). The agency bears the burden of proving that it performed an adequate search and may rely on sworn affidavits or declarations to make that showing. See SafeCard Servs., Inc. v. SEC, 926 F.2d 1197, 1200 (D.C. Cir. 1991). The court may grant summary judgment to the agency based on those materials if they are reasonably specific and contradicted by neither other record evidence nor evidence of agency bad faith. See Military Audit Project v. Casey, 656 F.2d 724, 738 (D.C. Cir. 1981); Beltranena v. Clinton, 770 F.Supp.2d 175, 181-82 (D.D.C. 2011). FOIA plaintiffs can rebut an agency's declarations and affidavits by demonstrating that there remains a genuine issue as to whether the agency performed an adequate search for documents responsive to the plaintiff's request. See Hodge v. FBI, 703 F.3d 575, 580 (D.C. Cir. 2013); Span v. U.S. Dep't of Justice, 696 F.Supp.2d 113, 119 (D.D.C. 2010) (internal quotation marks omitted).

         The agency also bears the burden of proving that it withheld certain materials responsive to a plaintiff's FOIA request pursuant to a statutory exemption. Citizens for Responsibility & Ethics in Wash. v. U.S. Dep't of Justice, 746 F.3d 1082, 1088 (D.C. Cir. 2014). To make this showing, the agency, again, may rely on affidavits and declarations. If the agency's materials “provide specific information sufficient to place the documents within the exemption category, if this information is not contradicted in the record, and if there is no evidence in the record of agency bad faith, then summary judgment is appropriate without in camera review of the documents.” Am. Civil Liberties Union v. U.S. Dep't of Def., 628 F.3d 612, 626 (D.C. Cir. 2011) (quoting Larson v. U.S. Dep't of State, 565 F.3d 857, 870 (D.C. Cir. 2009)).

         Lastly, even when an exemption applies to shield one portion of a document responsive to the FOIA request, however, the agency is required to disclose “[a]ny reasonably segregable portion” of that document. See 5 U.S.C. § 552(b). “It is neither consistent with the FOIA nor a wise use of increasingly burdened judicial resources to rely on in camera review of documents as the principal tool for review of segregability disputes.” Mead Data Cent., Inc. v. U.S. Dep't of the Air Force, 566 F.2d 242, 262 (D.C. Cir. 1977) (footnote omitted). Instead, agencies enjoy a presumption of compliance with this obligation, absent contrary evidence submitted by the plaintiff. See Sussman v. U.S. Marshals Serv., 494 F.3d 1106, 1117 (D.C. Cir. 2007).

         III. DISCUSSION

         The court begins with whether Defendant may rely upon FOIA Exemption 7(E) to withhold the EID and IIDS metadata and database schema responsive to Plaintiffs' first two FOIA requests before turning to the issues surrounding Defendant's response to Plaintiffs' Third FOIA Request.

         A. The EID and IIDS Metadata and Database Schema

         Defendant cites Exemption 7(E) to justify withholding the EID and IIDS metadata and database schema that Plaintiffs' sought in their first two FOIA requests. That exemption protects from disclosure

records or information compiled for law enforcement purposes, but only to the extent that the production of such law enforcement records or information . . . would disclosure techniques and procedures for law enforcement investigations or prosecutions, or would disclose guidelines for law enforcement investigations or prosecutions if ...

Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.