ELECTRONIC PRIVACY INFORMATION CENTER v. FEDERAL BUREAU OF INVESTIGATION, No. 1:2014cv01311 - Document 32 (D.D.C. 2017)

Court Description: MEMORANDUM OPINION AND ORDER granting in part and denying in part 26 Defendant's Motions for Summary Judgment and denying in part 27 Plaintiff's Cross-Motion for Summary Judgment. See the attached Memorandum Opinion and Order for additional details. Signed by Judge Amit P. Mehta on 02/21/2017. (lcapm2)
Download PDF
UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA _________________________________________ ) ELECTRONIC PRIVACY ) INFORMATION CENTER, ) ) Plaintiff, ) ) v. ) ) FEDERAL BUREAU OF INVESTIGATION, ) ) Defendant. ) _________________________________________ ) Case No. 1:14-cv-01311 (APM) MEMORANDUM OPINION I. INTRODUCTION Plaintiff Electronic Privacy Information Center brings this Freedom of Information Act (“FOIA”) action against Defendant Federal Bureau of Investigation (“FBI”), seeking disclosure of unpublished privacy assessments prepared by the agency. These assessments, known as “Privacy Impact Assessments” and “Privacy Threshold Analyses,” are designed to evaluate whether the FBI’s information technology systems effectively protect sensitive personal information that comes into the agency’s possession. The FBI produced the privacy assessments sought by Plaintiff but with heavy redactions. This action is before the court on the parties’ cross motions for summary judgment. Plaintiff contends that the FBI failed to: (1) conduct an adequate search; (2) justify its redactions of the privacy assessments under FOIA Exemption 7(E); and (3) demonstrate that it disclosed all reasonably segregable portions of the records responsive to Plaintiff’s request. Defendant, for its part, seeks judgment on the adequacy of its search, its withholdings, and its segregability determination. The court agrees with Plaintiff that the FBI has neither adequately described its search nor properly justified its withholding of information under FOIA Exemption 7(E). The court will not, however, order disclosure of the withheld information at this time, but instead will give the FBI an opportunity to supplement the record. The court also will defer evaluating the FBI’s segregability determination until after it renews its Motion for Summary Judgment. Accordingly, for the reasons that follow, the court grants in part and denies in part the parties’ cross motions for summary judgment. II. BACKGROUND A. Factual Background On June 4, 2014, Plaintiff Electronic Privacy Information Center (“EPIC”) submitted a FOIA request to Defendant the Federal Bureau of Investigation (“FBI”) seeking all unpublished FBI Privacy Impact Assessments (“PIAs”) and Privacy Threshold Analyses (“PTAs”). Def.’s Mot. for Summ. J., ECF No. 26 [hereinafter Def.’s Mot.], Def.’s Stmt. of Mat. Facts, ECF No. 26-1 [hereinafter Def.’s Stmt.], ¶ 1; Pl.’s Mot. for Summ. J., ECF No. 27 [hereinafter Pl.’s Mot.], Pl.’s Stmt. of Mat. Facts and Resp. to Def.’s Stmt., ECF No. 27-2 [hereinafter Pl.’s Stmt.], ¶ 1. Generally speaking, PIAs and PTAs concern the FBI’s methods for collecting and storing personal information. A PIA is “an analysis of how information in identifiable form is collected, stored, protected, shared, and managed” in federal agency information technology (“IT”) systems. More specifically, a PIA analyzes an agency’s IT systems in order to: “(1) ensure that handling conforms to applicable legal, regulatory, and policy requirements regarding privacy; (2) determine the risks and effects of collecting, maintaining, and disseminating information; and (3) examine and evaluate protections and alternative processes for handling information to mitigate potential privacy risks.” Def.’s Mot., Ex. 1, ECF. No. 26-2 [hereinafter Hardy Decl.], ¶ 6. A PTA is a 2 more limited report that “contains basic questions about the nature of the system [in question] in addition to a basic system description.” Id. ¶ 7. The purpose of a PTA is “to assess and document whether a PIA is required.” Id. ¶ 7. Specifically, Plaintiff’s FOIA request sought: All Privacy Impact Assessments [“PIAs”] the FBI has conducted that are not publicly available at http://www.fbi.gov/foia/privacy-impactassessments/department-of-justice-federal-bureau-of-investigation. All Privacy Threshold Analysis [“PTAs”] documents and Initial Privacy Assessments the FBI has conducted since 2007 to present. Def.’s Stmt. ¶ 2. On June 17, 2014, the FBI acknowledged receipt of Plaintiff’s FOIA request and informed Plaintiff that it would search for responsive records in its Central Records System (“CRS”), as is standard agency protocol. Id. ¶¶ 4, 6; Pl.’s Stmt. ¶ 2. Upon further review of Plaintiff’s request, however, the FBI determined that it needed to conduct additional searches outside the CRS in order to locate all potentially responsive documents. Def.’s Stmt. ¶¶ 9–16. The FBI designed a “targeted search” to locate those records and, on June 27, 2014, directed the Privacy and Civil Liberties Unit (“PCLU”) of the FBI’s Office of the General Counsel—the FBI division tasked with ensuring agency compliance with privacy laws—to conduct the “targeted search.” Id. ¶¶ 18–21; Hardy Decl. ¶ 23. PCLU located approximately 4,720 pages of records potentially responsive to Plaintiff’s request and, on December 15, 2014, the FBI began reviewing 500 pages of responsive records per month for potential disclosure, providing Plaintiff with both monthly progress updates and several rolling productions over the next two years. Def.’s Stmt. ¶¶ 9–16; Pl.’s Stmt. ¶ 2. The agency made its final production on June 15, 2015, and concluded its review of responsive records on January 11, 2016. Def.’s Stmt. ¶¶ 15–16; Pl.’s Stmt. ¶ 2. During that time, the FBI reviewed 4,379 3 pages of potentially responsive documents; determined 2,490 of those pages were actually responsive to Plaintiff’s request; released 2,275 of those actually responsive pages, in whole or in part; and withheld 215 actually responsive pages in full. Def.’s Stmt. ¶¶ 24–25. The FBI informed Plaintiff that its withholdings of certain responsive pages were based on a combination of FOIA Exemptions 1, 3, 5, 6, 7(C), 7(D), and 7(E). Id. ¶ 17; Pl.’s Stmt. ¶ 2. B. Procedural History Plaintiff filed this action on August 1, 2014. Compl., ECF No. 1. After the FBI finished producing records, the parties met and conferred, and Plaintiff agreed to limit its challenges to: (1) the sufficiency of the FBI’s search for responsive records; (2) the decision to withhold responsive records pursuant to FOIA Exemption 7(E); and (3) the adequacy of its segregability determination. See Joint Status Report, Feb. 16, 2016, ECF No. 23, ¶ 3.1 This matter is now before the court on the parties’ cross motions for summary judgment. III. LEGAL STANDARD Most FOIA cases are appropriately resolved on motions for summary judgment. Brayton v. Office of the U.S. Trade Representative, 641 F.3d 521, 527 (D.C. Cir. 2011). A court must grant summary judgment “if the movant shows that there is no genuine dispute as to any material fact and the movant is entitled to judgment as a matter of law.” Fed. R. Civ. P. 56(a). A dispute is “genuine” only if a reasonable fact-finder could find for the nonmoving party, and a fact is “material” only if it is capable of affecting the outcome of litigation. Anderson v. Liberty Lobby, Inc., 477 U.S. 242, 248 (1986). “Unlike the review of other agency action that must be In the Joint Status Report, Plaintiff also indicated its intention to challenge the FBI’s invocation of Exemptions 5 and 7(D). Plaintiff’s Motion, however, does not respond to the agency’s arguments concerning Exemption 5. Accordingly, the court grants summary judgment in favor of the FBI as to the FBI’s reliance on that exemption. See Sykes v. Dudas, 573 F. Supp. 2d 191, 202 (D.D.C. 2008) (“[W]hen a party responds to some but not all arguments raised on a Motion for Summary Judgment, a court may fairly view the unacknowledged arguments as conceded.”). Separately, the FBI withdrew its assertion of Exemption 7(D) to justify its withholdings, see Hardy Decl. ¶ 43, so the agency’s reliance on that exemption is not before the court. 1 4 upheld if supported by substantial evidence and not arbitrary or capricious, the FOIA expressly places the burden ‘on the agency to sustain its action’ and directs the district courts to ‘determine the matter de novo.’” U.S. Dep’t of Justice v. Reporters Comm. for Freedom of Press, 489 U.S. 749, 755 (1989) (quoting 5 U.S.C. § 552(a)(4)(B)). Summary judgment in a FOIA case may be based solely on information provided in an agency’s supporting affidavits or declarations if those affidavits or declarations are “relatively detailed and non-conclusory.” SafeCard Servs., Inc. v. SEC, 926 F.2d 1197, 1200 (D.C. Cir. 1991) (internal quotation marks omitted). The agency’s affidavits or declarations must “describe the documents and the justifications for nondisclosure with reasonably specific detail [and] demonstrate that the information withheld logically falls within the claimed exemption.” Military Audit Project v. Casey, 656 F.2d 724, 738 (D.C. Cir. 1981). Further, they must not be “controverted by either contrary evidence in the record [or] by evidence of agency bad faith.” Id.; see Beltranena v. Clinton, 770 F. Supp. 2d 175, 181–82 (D.D.C. 2011). “To successfully challenge an agency’s showing that it complied with the FOIA, the plaintiff must come forward with ‘specific facts’ demonstrating that there is a genuine issue with respect to whether the agency has improperly withheld extant agency records.” Span v. U.S. Dep’t of Justice, 696 F. Supp. 2d 113, 119 (D.D.C. 2010) (quoting U.S. Dep’t of Justice v. Tax Analysts, 492 U.S. 136, 142 (1989)). IV. DISCUSSION The court first considers Plaintiff’s challenge to the adequacy of the FBI’s search before turning to Plaintiff’s arguments concerning the agency’s reliance on Exemption 7(E) to withhold information. Because the court concludes that the FBI has not sufficiently justified its assertion of Exemption 7(E), the court does not reach Plaintiff’s challenge to the adequacy of its segregability determination. 5 A. Adequacy of the Search FOIA requires an agency to conduct a search for responsive records that is “reasonably calculated to discover the requested documents.” SafeCard Servs., 926 F.2d at 1201. “In general, the adequacy of a search is ‘determined not by the fruits of the search, but by the appropriateness of [its] methods.’” Hodge v. FBI, 703 F.3d 575, 579 (D.C. Cir. 2013) (quoting Iturralde v. Comptroller of the Currency, 315 F.3d 311, 315 (D.C. Cir. 2003)). In order to prevail on summary judgment, “the agency must show that it made a good faith effort to conduct a search for the requested records, using methods which can be reasonably expected to produce the information requested.” Oglesby v. U.S. Dep’t of the Army, 920 F.2d 57, 68 (D.C. Cir. 1990). “The adequacy of the search, in turn, is judged by a standard of reasonableness and depends, not surprisingly, upon the facts of each case.” Weisberg v. U.S. Dep’t of Justice, 745 F.2d 1476, 1485 (D.C. Cir. 1984). The FBI contends that its evidence—in the form of a declaration signed by David Hardy, Section Chief of the Record/Information Dissemination Section of the FBI’s Records Management Division—sufficiently demonstrates that it satisfied its search obligations. According to the Hardy Declaration, the FBI first endeavored, pursuant to its “standard search protocol,” to search the “indices [of] the FBI’s Central Records System.” Hardy Decl. ¶ 22. However, “[u]pon further review of the plaintiff’s FOIA request,” the FBI decided that it needed to search outside the CRS in order to locate all potentially responsive documents. Id. Accordingly, the FBI then designed a “targeted search” that was “reasonably calculated to locate [responsive] records.” Id. ¶ 23. That search was carried out by employees of the PCLU Privacy and Civil Liberties Unit (“PCLU”) within the FBI’s Office of the General Counsel—the FBI division tasked with ensuring agency compliance with privacy laws. Id. Hardy further avers that the PCLU is “the unit reasonably 6 likely to maintain responsive material” for Plaintiff’s request and that “there is no indication from the information located . . . that responsive material would reside in any other FBI system or location.” Id. Plaintiff criticizes the Hardy Declaration as not sufficiently detailed because it “fail[s] to provide the search terms used, fail[s] to explain with reasonable detail how the agency conducted its targeted search, and fail[s] to even assert that all files likely to have responsive records were searched.” Pl.’s Mot., Ex. 1, Pl.’s Mem. in Supp., ECF No. 27-1, at 27. The court agrees with Plaintiff. At summary judgment, the FBI bears the burden of proving that it met its obligations under FOIA, and the Hardy Declaration falls short of being “a reasonably detailed affidavit, setting forth the search terms and the type of search performed, and averring that all files likely to contain responsive materials . . . were searched.” See Iturralde, 315 F.3d at 313–14 (internal quotation marks omitted). The Hardy Declaration does not describe in “reasonable detail[]” how the FBI—more specifically, the PCLU—conducted its “targeted search.” The declaration does not, for instance, say whether PCLU staff searched paper files, electronic files, or both. If it searched electronic files, then the declaration does not say what search terms were used. Nor does it identify the persons within PCLU who most likely possessed responsive materials. A declaration lacking such basic facts does not satisfy an agency’s burden to demonstrate the adequacy of its search. See Morley v. CIA, 508 F.3d 1108, 1122–23 (D.C. Cir. 2007) (finding agency affidavit inadequate because it merely identified the employees charged with carrying out the search and “provide[d] no information about the search strategies” used); see also Bonaparte v. U.S. Dep’t of Justice, 531 F. Supp. 2d 118, 122 (D.D.C. 2008) (finding the agency affidavit inadequate because it did “not describe the filing systems searched, the search methods employed[,] and the search terms utilized”); Aguirre v. SEC, 551 F. Supp. 2d 33, 61 7 (D.D.C. 2008) (finding the agency affidavit inadequate because “it fail[ed] to describe in detail how each office conducted its search”). In short, summary judgment cannot be entered for the FBI because the record does not contain sufficient information for the court to assess whether the agency conducted a search reasonably calculated to uncover all responsive records. The court, however, will permit the FBI to supplement the record to cure the deficiencies and to renew its motion for summary judgment as to the adequacy of its search. See Judicial Watch, Inc. v. U.S. Dep’t of Justice, 185 F. Supp. 2d 54, 65 (D.D.C. 2002) (“[W]hen an agency’s affidavits or declarations are deficient regarding the adequacy of its search . . . the courts generally will request that the agency supplement its supporting declarations.”). B. Exemption 7(E) The court now turns to the sole exemption at issue in this case, Exemption 7(E). Under Exemption 7(E), an agency may withhold information “compiled for law enforcement purposes” if, among other reasons, its release “would disclose techniques and procedures for law enforcement investigations or prosecutions, or would disclose guidelines for law enforcement investigations or prosecutions if such disclosure could reasonably be expected to risk circumvention of the law.” 5 U.S.C. § 552(b)(7)(E). Exemption 7(E) “sets a relatively low bar for the agency to justify withholding.” Blackwell v. FBI, 646 F.3d 37, 42 (D.C. Cir. 2011). Especially “where an agency ‘specializes in law enforcement, its decision to invoke [E]xemption 7 is entitled to deference.’” Lardner v. U.S. Dep’t of Justice, 638 F. Supp. 2d 14, 31 (D.D.C. 2009) (quoting Campbell v. U.S. Dep’t of Justice, 164 F.3d 20, 32 (D.C. Cir. 1998)). Such deference does not, however, excuse the requirement that an agency describe its “justifications for withholding the information with specific detail.” ACLU v. U.S. Dep’t of Defense, 628 F.3d 612, 619 (D.C. Cir. 2011)). 8 Plaintiff challenges Defendant’s invocation of Exemption 7(E) on three grounds. According to Plaintiff, the PIAs and PTAs at issue here: (1) were not compiled for law enforcement purposes; (2) do not disclose law enforcement techniques, procedures, or guidelines; and (3) would not, if disclosed, present a risk of circumvention of the law. Because the court concludes that Defendant has not sufficiently shown that the PIAs and PTAs at issue here were compiled for law enforcement purposes, the court does not reach Defendant’s second and third arguments. PIAs and PTAs are created pursuant to federal statute. In 2002, Congress passed the EGovernment Act, which was designed, in part, “[t]o provide enhanced access to Government information and services in a manner consistent with laws regarding protection of personal privacy.” E-Government Act of 2002, Pub. L. No. 107-347, 116 Stat. 2899 [hereinafter E- Government Act], § 2(b)(11) (codified at 44 U.S.C. § 3501 note). Section 208 of the E- Government Act, entitled “Privacy Provisions,” requires federal agencies to undertake certain actions designed “to ensure sufficient protections for the privacy of personal information as agencies implement citizen-centered electronic Government.” Id. § 208(a). Those actions include “conduct[ing] a privacy impact assessment” before (1) “developing or procuring information technology that collects, maintains, or disseminates information that is in an identifiable form,” or (2) “initiating the collection of new information that will be collected, maintained, or disseminated using information technology,” which includes any information in identifiable form in certain circumstances involving the public. Id. §§ 208(b)(1)(A)(i)–(ii), (B)(i). The Department of Justice’s Office of Privacy and Civil Liberties has explained in an “Official Guidance” that a “PIA demonstrates that the Department considers privacy from the beginning stages of a system’s development and throughout the system’s life cycle” in order to “ensure[] that privacy protections 9 are built into the system from the start—not after the fact—when they can be far more costly or could affect the visibility of the project.” Office of Privacy and Civil Liberties, U.S. Dep’t of Justice, Privacy Impact Assessments Official Guidance, 3 (2015), https://www.justice.gov/opcl/file/631431/download [hereinafter OPCL Guidance]. The public availability of PIAs is also governed by federal statute. The E-Government Act requires agencies, “if practicable,” to make all PIAs available through “the website of the agency, publication in the Federal Register, or other means.” E-Government Act § 208(b)(1)(B)(iii). Consistent with that congressional directive, the PCLU has advised Justice Department agencies to draft PIAs in a manner that “should be clear, unambiguous, and understandable to the general public.” OPCL Guidance at 5. Although Congress expressed a preference for PIAs to be made public, it also recognized that such assessments might contain sensitive information that is not suitable for public release and, accordingly, provided that the general directive to publish PIAs “may be modified or waived for security reasons, or to protect classified, sensitive, or private information contained in an assessment.” E-Government Act § 208(b)(1)(C). Against this statutory background, the FBI asserts that the PIAs and PTAs at issue here were “compiled for law enforcement purposes,” which is “the threshold requirement of FOIA Exemption 7.” Sack v. U.S. Dep’t of Defense, 823 F.3d 687, 693 (D.C. Cir. 2016). To support that assertion, the FBI again points to the Hardy Declaration. The declaration, in a single paragraph, attempts to explain why the PIAs and PTAs were compiled for law enforcement purposes: Specifically, the pertinent records were compiled and or created in furtherance of FBI’s law enforcement, national security, and intelligence missions. To accomplish these missions, inherent tasks and operational functions are required, to include the identification of, development, and implementation of law enforcement and intelligence gathering methods, techniques, procedures, and 10 guidelines. The FBI uses sensitive information collection systems, networks, infrastructure, and analytical application tools to conduct surveillance, collect intelligence, analyze, and interpret collected data, and maintain secure storage of law enforcement and intelligence related data for future retrieval in support of operational needs. Accordingly, there is a nexus between the FBI’s law enforcement responsibilities and these responsive records, especially those concerning the development of surveillance technical abilities and associated logistical resources. Hardy Decl. ¶ 34 (emphasis added). This paragraph, without more, is insufficient to establish that the withheld materials were compiled for law enforcement purposes within the meaning of FOIA. It devotes most of its attention to establish a single, generic point: The FBI uses various technologies to carry out its law enforcement duties. No one disputes that fact. Only in the emphasized text does Hardy attempt to make the case that the privacy assessments at issue in this case were “compiled for law enforcement purposes.” And there the declaration falls woefully short. The term “compiled” for purposes of Exemption 7(E) “requires that a document be created, gathered, or used by an agency for law enforcement purposes at some time before the agency invokes the exemption.” Pub. Employees for Envtl. Responsibility v. U.S. Section, Int’l Boundary & Water Comm’n, U.S.Mexico, 740 F.3d 195, 203 (D.C. Cir. 2014) (citing John Doe Agency v. John Doe Corp., 493 U.S. 146, 155 (1989)). The term “law enforcement” means “‘the act of enforcing the law, both civil and criminal.” Sack, 823 F.3d at 694. Applying those two definitions here, the Hardy Declaration does not adequately explain how or why the PTAs and PIAs are created or used to enforce the law. It tells the court nothing about the connection between the contents of the assessments and the agency’s law enforcement function. Rather, the declaration simply asserts, without any elaboration, that there is some unspecified “nexus” between the privacy assessments and the agency’s law enforcement 11 responsibilities. Such a conclusory assertion does not enable the court to conduct a de novo review of the FBI’s withholdings under Exemption 7(E). Cf. id. And, when considered against a statutory regime that favors public disclosure and an agency Official Guidance that counsels that “PIAs should be clear, unambiguous, and understandable,” the FBI’s effort to establish the requisite nexus between the privacy assessments and its law enforcement function is particularly inadequate. Cf. Campbell v. U.S. Dep’t of Justice, 164 F.3d 20, 32 (D.C. Cir. 1998) (explaining that “[i]f the FBI relies on declarations to identify a law enforcement purpose underlying withheld documents, [then] such declarations must establish a rational nexus between the investigation and one of the agency’s law enforcement duties” (internal quotation marks omitted)). None of this should be taken to mean that the privacy assessments required by the EGovernment Act do not, in theory, have a rational nexus to the act of enforcing the law. Law enforcement agencies, like the FBI, cannot effectively carry out their law enforcement function unless their technology systems are capable of securing sensitive personal information that comes into the agency’s possession. These agencies routinely collect personal information through a variety of methods—interviews, surveillance, communication intercepts, and subpoenas, just to name a few. The information collected relates not only to those who violate the law, but also to those who are perfectly innocent. Because of the sensitive nature of the contents of law enforcement records, the D.C. Circuit has recognized that individuals possess a strong privacy interest in the contents of those records. See, e.g., Citizens for Responsibility and Ethics in Gov’t v. U.S. Dep’t of Justice, 746 F.3d 1082, 1091–92 (D.C. Cir. 2014). Accordingly, technology systems that are vulnerable to being compromised, whether by internal or external means, do not merely put investigations at risk, but also imperil the privacy interests of those individuals whose personal information happens to come into possession of a law enforcement agency. 12 The Hardy Declaration, however, draws no such connection between the privacy assessments requested by Plaintiff and the FBI’s law enforcement function, and the court will not recognize the propriety of the FBI’s withholdings based on an argument the agency has not made. The court, however, will allow the FBI to supplement its declaration so that the court can determine whether Exemption 7(E) applies to the withheld information. * * * Because the court concludes that the FBI has not established that the PIAs and PTAs meet the threshold “compiled for law enforcement purposes” requirement under Exemption 7(E), the court need not reach the parties’ disputes concerning the exemption’s secondary requirements; namely, whether the withheld information “would disclose the techniques and procedures for law enforcement investigations” and whether that disclosure would reasonably “risk circumvention of the law.” See 5 U.S.C. § 522(b)(7)(E). Nevertheless, the court offers the following observation for the FBI to consider before renewing its request for summary judgment: The Hardy Declaration is far too laden with technical jargon for the court to assess, on that Declaration alone, whether the FBI has satisfied FOIA. An example sharpens the point. The Hardy Declaration describes one category of withheld information as relating to “the description of database structure, and program interface tools, used in the development of sensitive information systems.” Hardy Decl. ¶ 39. It states that the FBI has withheld such information to “protect the details pertaining to the information systems transmission pathways, the access portals for shared system initiatives, and the operational directives and integrity protocols of the information systems, system applications, databases, and program interface tools.” Id. Were the withheld material to be disclosed, the Hardy Declaration posits, the disclosure “could expose the devices, equipment, and/or databases to hackers and 13 unauthorized users, who could disrupt official business and compromise the effectiveness of the FBI internal computer systems by devising ways to access—and tamper with—the systems without detection.” Id. That is a mouthful. The heavy use of technical jargon makes it difficult, at least for this court, to discern precisely what “techniques and procedures” the release of the withheld materials would disclose. Likewise, saying that disclosure of withheld information “could” enable hackers to infiltrate “the FBI’s internal computer systems” is simply a conclusory statement, unsupported by any facts. The court does not mean to diminish the difficulties attendant to describing technology systems and concepts to a non-technical audience. Nevertheless, those descriptions cannot be written as if the court possesses an advanced degree in computer science. Unfortunately, it does not. Thus, when the FBI revises its declaration, the court urges the agency to use less jargon and opt instead for plain language that will more easily enable the court to determine if the requirements of Exemption 7(E) are met. Further, the FBI also should evaluate its withholdings in light of the purposes of Section 208 of the E-Government Act. 14 IV. CONCLUSION AND ORDER For the reasons set forth above, Defendant’s Motion for Summary Judgment is granted as to its invocation of Exemption 5, but is otherwise denied. Plaintiff’s Motion for Summary Judgment is granted insofar as it seeks further information about the FBI’s withholdings, but is otherwise denied. The parties shall meet and confer and, no later than March 3, 2017, propose to the court a briefing schedule for renewed motions for summary judgment. Dated: February 21, 2017 Amit P. Mehta United States District Judge 15