UNITED STATES DISTRICT COURT
FOR THE DISTRICT OF COLUMBIA
JASON PRECHTEL
Plaintiff,
v. Case No. 17-cv-01835 (CRC)
FEDERAL COMMUNICATIONS
COMMISSION, et al.
Defendants.
MEMORANDUM OPINION
In spring of 2017, the Federal Communications Commission (“FCC” or “Commission”)
promulgated a proposed rule to establish regulations for broadband internet service providers.
Captioned “Restoring Internet Freedom,” the rulemaking sought to repeal prior regulations
promoting “net neutrality”—the principle that internet service providers afford equal access to all
internet-enabled data. The proposal received significant public attention, garnering an
unprecedented twenty-four million public comments on the administrative record. The number
of fraudulent, duplicative, or otherwise dubious comments was equally unprecedented. These
questionable comments have drawn the attention of FCC Commissioners, Members of Congress,
and journalists including Jason Prechtel, the plaintiff in this case.
Prechtel filed Freedom of Information Act (“FOIA”) requests seeking details about the
use of two electronic comment-submission tools that the FCC had enabled to facilitate public
participation in the regulatory process: comma-separated value (“.CSV”) files and an Application
Programming Interface (“API”). These tools allowed members of the public to comment on the
proposal without going directly to the Commission’s website and accessing its comment
1
platform (or Electronic Comment Filing System (“ECFS”)). A .CSV file is a template provided
by the FCC—essentially, a spreadsheet in which every row contains a separate comment—that
allows an individual or organization to solicit and compile multiple comments and upload them
into ECFS in one fell swoop. These submissions are sometimes referred to as “bulk comments.”
By way of example, if an organization wanted its membership to submit comments supporting
the FCC’s proposed actions, it might ordinarily be forced to encourage each member to access
the ECFS website and submit an individual comment. The bulk comment submission process
enabled the organization to collect its members’ comments, format them into the .CSV
spreadsheet, and submit them all at once by transmitting that spreadsheet to ECFS.
An API, in turn, is a mechanism that facilitates communication between ECFS and other
websites. As relevant here, it allows website developers to place comment-submission tools on
third-party websites, meaning that visitors to those websites can submit comments to ECFS
directly from those websites. For example, if a group opposing the Commission’s proposed
actions wanted visitors to its website to submit comments into the record, it might ordinarily
include a link to ECFS, forcing a visitor to leave its website to submit a comment. The API
instead enabled the group to place a comment form directly on its own website, allowing a
visitor to type a comment and submit it into ECFS without leaving the site. Those seeking to
host an API capable of communicating with ECFS must register for a “key,” which confirms to
ECFS that the information being transmitted comes from a registered source—essentially, a
unique code that opens the door to ECFS so a comment can be left inside.
Prechtel filed two FOIA requests: one with the Commission and one with the General
Services Administration (“GSA”), the executive agency that manages the Commission’s API
system. See Compl. Ex. A; Pl.’s Statement of Undisputed Material Facts (“SUMF”) Ex. B. In
2
this suit, Prechtel challenges how the agencies handled his requests. Specifically, he challenges
the adequacy of the FCC’s search for the requested records, its invocation of several statutory
exemptions to withhold or redact those records, and the GSA’s constructive denial of his FOIA
request. Am. Compl. ¶¶ 24, 27-28; Pl.’s Mot. Summ. J. & Opp’n at 1. The Court addresses only
the second challenge, aimed at the Commission’s withholdings. Prechtel belatedly served the
GSA and it has not had the opportunity to submit an affidavit clarifying its response to his FOIA
request. Accordingly, the Court reserves judgment on the GSA’s actions. And because a GSA
affidavit should clarify ownership of the API keys, which implicates the adequacy of the FCC’s
search, the Court also reserves judgment on Prechtel’s challenge to that search. The Court will
thus deny without prejudice all parties’ motions for summary judgment on those issues.
Regarding Prechtel’s challenge to the Commission’s withholdings: The Court will grant the
Commission’s motion for summary judgment on its withholding of certain privileged emails and
its server logs; grant Prechtel’s motion for summary judgment on the email addresses used to
submit .CSV files; and direct the parties to confer regarding the .CSV files themselves.
I. Background
On June 4, 2017, Prechtel filed FOIA requests with the GSA and the FCC. Am.
Compl. ¶¶ 9, 16. His request to the GSA sought two sets of documents: (1) all public API keys
used to submit online comments relating to the “Restoring Internet Freedom” proceeding,
including the associated registration names and email addresses, and copies of all data files
submitted through those API keys; and (2) logs of all dates and times that those API keys were
used to submit comments. Id. ¶ 9. Prechtel’s FOIA request to the FCC sought the same
information as well as: (1) “the email addresses associated with .CSV comment uploads, along
with all .CSV files uploaded in response to [the] Proceeding”; (2) “logs of all dates and times the
3
email addresses submitted comments”; and (3) “all email inquiries to ECFSHelp@fcc.gov
regarding .CSV comment submissions to the Proceeding.” Id. ¶ 16.
On June 5, the GSA informed Prechtel that the requested files were not within its
“jurisdiction.” Pl.’s SUMF Ex. B, at 1 (GSA response to Prechtel’s FOIA request). After
several email exchanges, the GSA elaborated that the FCC was the “API owner” and therefore
that Prechtel’s request was “more appropriate[ly]” addressed to the FCC. Id. at 7.
After receiving no substantive response from the FCC, Prechtel filed this suit on
September 7, 2017. See Compl.; id. ¶¶ 9-12. Twenty days later, the Commission released
fifteen pages of documents responsive to the fifth part of his request—that seeking
communications to the ECFSHelp@fcc.gov “help desk” email address. See Defs.’ SUMF Ex. B,
at 2 (FCC response to Prechtel’s FOIA request). It redacted several emails within these records
and withheld all records responsive to other aspects of Prechtel’s request, invoking several of
FOIA’s statutory exemptions to justify its redactions and withholdings. Id. at 2-4. Further, it
indicated that it did not maintain documents responsive to Prechtel’s request for the API keys
and associated information, asserting that the GSA maintains these records. Id. at 1-2.
The parties filed cross-motions for summary judgment, after which Prechtel amended his
complaint to add the GSA as a defendant. See Am. Compl. ¶¶ 9-15, 21-24. However, Prechtel
did not serve the GSA until after briefing had commenced. The GSA has joined the FCC’s
motion for summary judgment. But it has not provided an affidavit or declaration explaining its
response to Prechtel or the extent to which it is in tension with the FCC’s response regarding API
keys and attendant information. The Court held a telephonic status conference with the parties
regarding this issue, after which Prechtel served the GSA. Based on the status conference, the
Court expects that the GSA will provide a declaration detailing how it handled Prechtel’s FOIA
4
request, which will clarify the issues surrounding the API keys and associated information.
Consequently, the Court will deny without prejudice all parties’ motions for summary judgment
on matters not resolved in this opinion. The parties may renew such motions in the future, if
necessary.
II. Legal Standards
FOIA requires federal executive agencies to produce their records upon request unless
one of the Act’s nine exemptions protects those records from disclosure. See 5 U.S.C. § 552(b).
These exemptions “balance the public’s interest in governmental transparency against ‘legitimate
governmental and private interests [that] could be harmed by release of certain types of
information.’” United Techs. Corp. v. DOD, 601 F.3d 557, 559 (D.C. Cir. 2010) (alteration in
original) (quoting Critical Mass Energy Project v. Nuclear Regulatory Comm’n, 975 F.2d 871,
872 (D.C. Cir. 1992) (en banc)). “But these limited exemptions do not obscure the basic policy
that disclosure, not secrecy, is the dominant objective of the Act.” Dep’t of Air Force v. Rose,
425 U.S. 352, 361 (1976). Accordingly, when a plaintiff challenges an agency’s withholding of
records, the agency must show that one of FOIA’s exemptions applies. ACLU v. DOD, 628
F.3d 612, 619 (D.C. Cir. 2011).
FOIA disputes are generally resolved on cross-motions for summary judgment. In
evaluating each motion, the Court must view the record in the light most favorable to the non-
movant. The agency may satisfy its burden of showing that a FOIA exemption applies through
an affidavit or declaration that “describes the justifications for withholding the information with
specific detail, demonstrates that the information withheld logically falls within the claimed
exemption, and is not contradicted by contrary evidence in the record or by evidence of the
agency’s bad faith.” Id.
5
III. Analysis
The Commission withheld all or part of three categories of records responsive to
Prechtel’s request: email exchanges between agency staff regarding how to respond to an inquiry
to ECFSHelp@fcc.gov; .CSV files used to submit bulk comments and the email addresses of
those who submitted them; and Commission server logs detailing the dates and times that .CSV
files were submitted. The Court will evaluate each withholding in turn.
A. Email Threads
Prechtel requested all email inquiries to the Commission’s ECFSHelp@fcc.gov “help
desk” email address regarding .CSV submissions to the Restoring Internet Freedom proceeding.
Am. Compl. ¶ 16. The Commission released fifteen pages of responsive documents and invoked
the deliberative process privilege under FOIA Exemption 5 to redact certain email threads. 1 See
Defs.’ SUMF Ex. B, at 2. The Court concludes that this withholding was proper. 2
Exemption 5 allows agencies to withhold “inter-agency or intra-agency memorandums or
letters that would not be available by law to a party other than an agency in litigation with the
1
The Commission also redacted the name of the agency representative who printed out
the emails that the Commission released to Prechtel, invoking Exemption 6. See Defs.’ SUMF
Ex. A. Prechtel does not appear to challenge this withholding. In any event, the Court finds this
withholding to be proper. As described in more detail in Section III.B, infra, Exemption 6
requires courts to balance the privacy interest in non-disclosure with the public interest in
disclosure. Here, Prechtel has not advanced any public interest in disclosure of the employee’s
name, and the Court cannot think of any benefit to the public in revealing the name. “[E]ven a
modest privacy interest[] outweighs nothing every time.” Nat’l Ass’n of Retired Federal Emps.
v. Horner, 879 F.2d 873, 879 (D.C. Cir. 1989).
2
Prechtel’s FOIA request sought “all email inquiries to ECFSHelp@fcc.gov regarding
.CSV comment submissions to the Proceeding.” Am. Compl. ¶ 16 (emphasis added). It is
unclear why emails internal to the agency are responsive to this request for communications from
external parties to the agency, but the Commission has not raised this defense to its withholding.
Because the parties have briefed the Exemption 5 issue, the Court will proceed as though the
withheld emails were in fact responsive to Prechtel’s request.
6
agency.” 5 U.S.C. § 552(b)(5). In other words, it shields information that would be “normally
privileged in the civil discovery context.” NLRB v. Sears, Roebuck & Co., 421 U.S. 132, 149
(1975).
The Commission invoked the deliberative process privilege protected by Exemption 5.
An agency invoking that privilege must show that withheld documents are both “predecisional”
and “deliberative.” Coastal States Gas Corp. v. Dep’t of Energy, 617 F.2d 854, 866 (D.C. Cir.
1980). Predecisional communications are those that “occurred before any final agency decision
on the relevant matter.” Nat’l Sec. Archive v. CIA, 752 F.3d 460, 463 (D.C. Cir. 2014).
Deliberative communications are those that “reflect[] the give-and-take of the consultative
process.” Coastal States, 617 F.2d at 866.
According to the Commission’s declaration, the emails contain “internal deliberations
among IT staff regarding how to respond” to an inquiry about comment submissions, and
“include[] a back-and-forth conversation regarding the best method for handling [the] . . .
request, including options considered and discarded.” Decl. of Ryan J. Yates Supp. Defs.’ Mot.
for Summ. J. (“First Yates Decl.”) ¶ 15. The agency withheld the exchange after concluding
“that its release would chill the candid exchange of ideas among staff.” Id. This is precisely
what the deliberative process privilege is designed to protect: the agency staff’s ability to have
candid discussions and weigh options before making a final decision. See, e.g., Petroleum Info.
Corp. v. Dep’t of Interior, 976 F.2d 1429, 1434 (D.C. Cir. 1992) (“[D]ecisions on the
‘deliberativeness’ inquiry have focused on whether disclosure . . . would tend to discourage
candid discussion within an agency.” (quotation marks omitted)).
Contrary to Prechtel’s assertions, the Commission’s explanation is not “generic.” Pl.’s
Mot. Summ. J. & Opp’n at 17. The Commission has explained who deliberated (the
7
Commission’s IT staff), the agency action about which they deliberated (a response to an outside
inquiry), the role the deliberations played in crafting that action (determining the best way to
handle the inquirer’s underlying request, including possibilities that eventually were rejected),
and the harms that would result from disclosure (a chill on agency staff’s ability to weigh options
candidly to make decisions). The declaration provides appropriate details and stands in contrast
to invocations of the deliberative process privilege that courts in this district have rejected as
insufficient. See, e.g., Hunton & Williams LLP v. EPA, 248 F. Supp. 3d 220, 242-43 (D.D.C.
2017) (rejecting invocation of the privilege because agency did not specify the topic of the
deliberative process); Trea Senior Citizens League v. U.S. Dep’t of State, 923 F. Supp. 2d 55, 68
(D.D.C. 2013) (noting that agency declaration left it “unclear to which deliberative process this
[withheld] document may have contributed or pertained.”).
Prechtel claims that, even if some of the communications are privileged, any records
reflecting the agency’s final decision, the accompanying explanation, 3 and any factual
information are not exempt. See Pl.’s Mot. Summ. J. & Opp’n at 16. He is partially correct in
his depiction of what the law requires. While “factual information generally must be disclosed,”
Petroleum Info. Corp., 976 F.2d at 1434, it is not per se non-exempt, see, e.g., Quarles v. Dep’t
of Navy, 893 F.2d 390, 392 (D.C. Cir. 1990). Prechtel is correct that a document is exempt in
this context only if it is antecedent to the final agency decision, see, e.g., Nat’l Sec. Archive, 752
F.3d at 463, and, even then, can lose its predecisional status if adopted as the agency position,
3
The Court understands Prechtel’s argument to refer to a final decision and
accompanying explanation sent internally among agency staff. Any final decision and
explanation sent externally as a response to the outside inquirer is not privileged. See, e.g., Ctr.
for Int’l Envtl. Law v. Office of U.S. Trade Representative, 237 F. Supp. 2d 17, 25 (D.D.C.
2002) (“[C]ommunications between agencies and outside parties are not protected under
Exemption 5.”).
8
see, e.g., Coastal States, 617 F.2d at 866. But his argument is unavailing because it does little
more than cast aspersions on the Commission’s declaration by suggesting that there must be
some non-exempt information that the declarant did not acknowledge. This claim is factually
unfounded and thus legally inadequate. “Agency [declarations]—so long as they are relatively
detailed and non-conclusory—are accorded a presumption of good faith, which cannot be
rebutted by purely speculative claims.” Mobley v. CIA, 806 F.3d 568, 581 (D.C. Cir. 2015)
(quotation marks omitted). As discussed, the Commission’s declaration is sufficiently detailed to
support the deliberative process exemption, and Prechtel’s rebuttal is pure speculation. Because
the Commission properly invoked Exemption 5 to protect its deliberative process, the Court
grants its motion for summary judgment on this issue.
B. The .CSV Files and Associated Email Addresses
Prechtel also requested the .CSV files used to submit bulk comments to the proceeding
and the email addresses used to transmit those files. Am. Compl. ¶ 16. In response, the
Commission invoked FOIA Exemption 6, which protects personal information from disclosure,
to withhold the email addresses and instructed Prechtel that any other responsive information
was already public. See Defs.’ SUMF Ex. B, at 2.
An initial clarifying matter: Prechtel requested the .CSV files along with the email
addresses used to submit them. The Commission’s response that all non-exempt responsive
information was already public appears to reveal a misunderstanding of Prechtel’s request.
While the submitted comments are publicly available on ECFS, the .CSV files themselves do not
appear to be. See Defs.’ Opp’n & Reply at 6 (“[A]s to Mr. Prechtel’s request for the CSV files
themselves, the FCC repeats that the information in those files other than the submitter email
addresses is already publicly available on the FCC’s website along with all other submitted
9
comments. . . . Mr. Prechtel may access the content of those comments there.” (emphases
added)). It is as though someone submitted hundreds of individual letters in an envelope and
Prechtel has asked to inspect the return address on the envelope and the letters it contained. The
Commission has declined to release the return address (on privacy grounds) and, instead of
providing the envelope with return address redacted, has told Prechtel that copies of the letters
are available among a pile of twenty-odd million letters.
But, as Prechtel points out, the .CSV files have independent value—principally, they
reflect which comments were submitted together and, assuming disclosure of the bulk file
submitters’ email addresses, by whom. Whether or not the Commission properly withheld the
email addresses of bulk submitters, it still must justify independently the withholding of the files
themselves. If the Commission maintains access to the files and cannot show why they are
independently exempt, it must disclose them. The Court will elaborate on each of these issues in
turn.
1. Bulk Submitters’ Email Addresses
The Court finds that the Commission improperly invoked Exemption 6 to withhold the
bulk submitters’ email addresses and orders the Commission to release those records.
Exemption 6 shields from disclosure “personnel and medical files and similar files the
disclosure of which would constitute a clearly unwarranted invasion of personal privacy.” 5
U.S.C. § 552(b)(6). The catchall provision “similar files” includes any “[g]overnment records on
an individual which can be identified as applying to that individual.” U.S. Dep’t of State v.
Wash. Post Co., 456 U.S. 595, 602 (1982) (citation omitted). This definition encompasses email
addresses. See, e.g., Bayala v. U.S. Dep’t of Homeland Sec., 264 F. Supp. 3d 165, 178 (D.D.C.
2017). But the Court’s inquiry must go beyond this threshold observation. To determine
10
whether the disclosure of these email addresses would constitute “a clearly unwarranted invasion
of personal privacy,” the Court must balance the “privacy interest in non-disclosure against the
public interest in the release of the records.” Lepelletier v. FDIC, 164 F.3d 37, 46 (D.C. Cir.
1999) (citation omitted). In balancing these interests, the Court is mindful that “under
Exemption 6, the presumption in favor of disclosure is as strong as can be found anywhere in the
Act.” Wash. Post Co. v. U.S. Dep’t of Health & Human Servs., 690 F.2d 252, 261 (D.C. Cir.
1982).
The bulk submitters’ privacy interest in their email addresses is minimal in this context.
Importantly, bulk submitters had ample indication that their email addresses could be made
public, mitigating any expectation of privacy. Cf. Alliance for Wild Rockies v. Dep’t of Interior,
53 F. Supp. 2d 32, 37 (D.D.C. 1999) (“The notice of proposed rulemaking . . . specified that the
complete file for this proposed rule is available for inspection . . . . [T]he [agency] made it
abundantly clear in its notice that the individuals submitting comments to its rulemaking would
not have their identities concealed.” (punctuation omitted)). Individuals submitting a .CSV file
into the public record did so through a widget on the FCC’s website. See Pl.’s SUMF Ex. E
(image of .CSV file submission webpage). The widget required them to provide an email
address. Id. The text in the widget warned: “Note: You are filing a document into an official
FCC proceeding. All information submitted, including names and addresses, will be publicly
available via the web.” Id. (emphasis added). This could hardly have been more
straightforward. And bulk submitters were also told that the Commission would release
individual commenters’ email addresses. Id. Together, the message was clear: The email
addresses of those intending to influence the Commission’s decision-making were subject to
public disclosure.
11
The Commission maintains that because bulk submitters merely transmitted files and did
not necessarily comment on the proposal, they are more akin to “any other private individual[s]”
than to public commenters and therefore have a “substantial” privacy interest in their email
addresses. See Defs.’ Opp’n & Reply at 4-5. The Court disagrees. While the Commission
correctly notes that courts in this district have attached a “substantial” privacy interest to the
email addresses of “private individual[s],” id. at 5, the facts of the cases cited by the Commission
differ from those here. Judicial Watch, Inc. v. U.S. Department of State, for example, dealt with
private email addresses used by government employees. 306 F. Supp. 3d 97, 116-17 (D.D.C.
2018). Judicial Watch, in turn, cites Government Accountability Project v. U.S. Department of
State, which dealt with the personal email addresses of several government officials and
applicants considered, but not chosen, for job positions. 699 F. Supp. 2d 97, 106 (D.D.C.
2010). 4
By contrast, the individuals here sought to influence agency decision-making by
submitting scores of public comments into the administrative record. This makes them more
akin to individual commenters who provide their email addresses when petitioning the
government than to “any other private individual[s]” whose email addresses the government
4
The Commission also cites Cornucopia Institute v. U.S. Department of Agriculture and
Bayala v. U.S. Department of Homeland Security for the proposition that “Exemption 6 applies
to email addresses.” Defs.’ Mot. Summ. J. at 12 n.5. Insofar as the Commission’s point is that
an email address is the type of information that triggers an Exemption 6 balancing test, the Court
agrees. But insofar as the Commission attempts to graft the outcome in those cases onto this
one, the Court rejects its argument. Neither of those cases is analogous. As relevant here,
Cornucopia Institute involved the personal email addresses of third parties conducting
inspections on behalf of the Department of Agriculture, see 282 F. Supp. 3d 150, 164-65 (D.D.C.
2017), and Bayala dealt with the email addresses of interpreters, see 264 F. Supp. 3d at 178. As
with Judicial Watch and Government Accountability Project, neither case implicated the privacy
interests of those petitioning the government.
12
happens to possess. Any difference between public commenters’ and bulk submitters’ privacy
interests is one of degree, not kind. And the degree of difference is minimal where, as here, a
message directed to bulk submitters alerted them that “[a]ll information submitted” would be
publicly available. In other words, when someone submits multiple comments to influence
public policy and is told that her email address will become part of the public record, her privacy
interest in that email address is not as strong as the Commission now suggests.
Still, bulk submitters have some privacy interest in non-disclosure of their email
addresses. For Prechtel to successfully challenge the withholding, he must show that the public
interest in disclosure of these email addresses outweighs that privacy interest. The “public
interest” in this context must relate to FOIA’s “core purpose” of “shed[ding] light on an agency’s
performance of its statutory duties.” DOJ v. Reporters Comm. for Freedom of the Press, 489
U.S. 749, 773-75 (1989) (citation omitted); see also Consumers’ Checkbook Ctr. for Study of
Servs. v. U.S. Dep’t of Health & Human Servs., 554 F.3d 1046, 1051 (D.C. Cir. 2009)
(“[I]nformation about private citizens that reveals little or nothing about an agency’s own
conduct does not serve a relevant public interest under FOIA.” (punctuation and citation
omitted)).
Courts in this district have held that disclosing the identities of those seeking to influence
an agency’s actions can shed light on those actions. See, e.g., People for the Am. Way Found. v.
Nat’l Park Serv., 503 F. Supp. 2d 284, 306 (D.D.C. 2007); Lardner v. DOJ, 03-0180, 2005 WL
758267, at *18 (D.D.C. Mar. 31, 2005); cf. Edelman v. SEC, 239 F. Supp. 3d 45, 55-56 (D.D.C.
2017) (articulating this principle while remanding to agency). But see Kidd v. DOJ, 362 F.
Supp. 2d 291, 297 (D.D.C. 2005); Voinche v. FBI, 940 F.Supp. 323, 329-30 (D.D.C. 1996). And
while courts have sometimes allowed agencies to withhold information such as telephone
13
numbers and home addresses, they have not done so automatically. The propriety of such
withholdings depends largely on whether the information sought is independently valuable in
illuminating the agency’s actions. In Alliance for Wild Rockies v. Department of Interior, which
considered disclosure of public comments on the proposed re-introduction of grizzly bears into a
particular geographic ecosystem, the court found that disclosure of commenters’ home addresses
clarified whether the agency gave greater weight to the views of residents of the affected region
than it did to those who lived elsewhere. 53 F. Supp. 2d at 37. By contrast, the court in People
for the American Way Foundation v. National Park Service declined to order the release of the
telephone numbers and home addresses of individuals who had written to the government
regarding a display at the Lincoln Memorial because, unlike in Alliance for Wild Rockies,
plaintiffs had not indicated “any apparent significance attached to the individual commenters’
geographical locations.” 503 F. Supp. 2d at 307 n.8.
This case is closer to the former than the latter. Never mind the plaintiff; here, the
defendant, through its actions, has shown the significance attached to email addresses. The
Commission has released the email addresses of over twenty million public commenters on the
rulemaking. See FCC Public Notice, FCC Facilitates Review of Restoring Internet Freedom
Record, WC Docket No. 17-108 (Nov. 7, 2017). Outside groups have examined this information
and highlighted the extent to which public comments were associated with clearly fraudulent or
otherwise dubious email addresses, such as example@example.com. See, e.g., Pew Research
Ctr., Public Comments to the Federal Communications Commission About Net Neutrality
Contain Many Inaccuracies and Duplicates (2017), https://perma.cc/B9SZ-JUWC.
Moreover, after dissenting Commissioners had called for a delay in the vote on a final
rulemaking due to concerns about the fraudulent comments, see Hamza Shaban, FCC
14
Commissioner, New York Attorney General Call for Delay of Net Neutrality Vote Over Fake
Comments, Wash. Post (Dec. 4, 2017), https://perma.cc/WRD7-S8WZ, the Commission assured
the public that “those comments in no way impeded the Commission’s ability to identify or
respond to material issues in the record,” FCC, Declaratory Ruling, Report and Order, and
Order, Restoring Internet Freedom, WC Docket No. 17-108, at ¶ 345 (rel. Jan. 4, 2018). The
Commission’s assurances highlighted thousands of easily discounted comments from email
addresses that were obviously created with fake email generators. Id. ¶ 345 n.1178. The
Commission cannot now turn around and say that there is no public interest or independent
significance in information that will illuminate whether .CSV files containing scores of
comments were submitted by similarly dubious email addresses.
To illustrate, if someone had used example@example.com or an email address created
with a fake email generator to submit a .CSV file containing hundreds or thousands of
comments, it would be at least as relevant as individual comments bearing those same indicia of
fraud. The disclosure Prechtel seeks would thus reveal information at the heart of FOIA’s
purpose of illuminating agency action: It would clarify the extent to which the Commission
succeeded—as it assured the American people it had—in managing a public-commenting
process seemingly corrupted by dubious comments. The relative public value of this information
might have been a slightly closer call had the Commission not already released over twenty
million email addresses. But it has, and that information has generated significant questions
about the agency’s procedures; it cannot now claim that the outstanding information is irrelevant
to the public’s scrutiny of those procedures. Thus, Prechtel has convincingly shown the
independent significance attached to the email addresses associated with bulk comment
submissions.
15
In addition to enabling scrutiny of how the Commission handled dubious comments
during the rulemaking, disclosure would illuminate the Commission’s forward-looking efforts to
prevent fraud in future processes. The Commission, its Chairman, Members of Congress, and
more than a dozen state attorneys general have all expressed concern about the extent to which
fake comments were submitted into the rulemaking record. See Pl.’s SUMF Ex. F (letter from
Members of Congress to FCC Chairman Ajit Pai); id. Ex. J (letter from state attorneys general to
FCC Chairman and Commissioners); Pl.’s Reply Ex. A (letters from FCC Chairman Ajit Pai to
Sens. Jeff Merkley and Patrick J. Toomey). The Government Accountability Office has agreed
to investigate the issue. See Pl.’s SUMF Ex. I (letter from GAO to Rep. Frank Pallone, Jr.). The
Commission’s Chairman has expressed a desire to implement mechanisms to prevent future
abuses of the public-commenting process. See Pl.’s Reply Ex. A. He has suggested that
longstanding Commission policies might be partly to blame, which implies that they might be
revisited. Id. at 2, 5. In other words, the public-commenting process appears to have been
corrupted by endemic fraud and the Commission hopes to take action to ensure that this problem
will not reoccur. Disclosure of the email addresses and .CSV files will enable interested
observers to scrutinize that action (or its absence) by defining the scope of the problem. It may
be the case, for example, that hundreds of comments were submitted in bulk .CSV files by
plainly fake email addresses, or that the comments submitted through .CSV files were all above-
board and most problematic comments were submitted through other means. In either instance,
Prechtel seeks information that sheds light on the suitability of the Commission’s efforts to
prevent future public-commenting fraud and abuse. It is surely in the public interest to further
the oversight of agency action to protect the very means by which Americans make their voices
heard in regulatory processes.
16
The Commission maintains that the email addresses cannot illuminate its actions because
they were stored by a third party and not accessed during the relevant agency action. See Defs.’
Opp’n & Reply at 5. But knowing whether dubious email addresses were used to submit bulk
comments will shed light on the relative wisdom of the Commission’s non-scrutiny of this
information. Given the controversy surrounding dubious comments and the Commission’s
subsequent assurances that its response was adequate, the public has an interest in knowing
whether a keener eye (i.e., accessing the information) could have revealed information that
would have enabled the Commission to better distinguish between real and fake comments. The
Commission notes that Prechtel has not explained why a .CSV file submitted with a fraudulent
email address would compel the Commission to reject the underlying comments. Id. True,
Prechtel has not argued that the Commission must discount such comments. But FOIA exists to
illuminate not just whether an agency complied with its statutory duties, but also how it chose to
do so. Prechtel need not allege that the Commission had to act a certain way to seek information
about its chosen actions.
The public interest in disclosure of bulk submitters’ email addresses is significant when
compared to the privacy interest at stake. The Court therefore grants Prechtel’s motion for
summary judgment on this issue.
2. .CSV Files
To the extent that the Commission maintains access to the .CSV files themselves, their
disclosure would further illuminate the agency’s actions, particularly in light of the ordered
disclosure of the email addresses.
Disclosure of the files would allow scrutiny of the Commission’s success in combatting
fraud. If, for example, a .CSV file contained 1,000 comments, 800 of which were dubious on
17
their face, the public might question the validity of the remaining 200. Or, if a .CSV file
containing 1,000 seemingly legitimate comments were submitted by a plainly suspicious email
address, the public might question whether the Commission should have discounted those
comments.
Moreover, disclosure of the full .CSV files alongside the email addresses could shed light
on whose comments the Commission placed most weight. The Commission’s release of over
twenty million email addresses belies its argument that there is no public interest in the email
addresses of those seeking to influence the Commission’s actions here. The already released
email addresses can reveal important information about the identity of commenters, 5 which in
turn might suggest to whom the government is responsive: Technology experts or laypeople?
Consumers or industry? Internet service providers or social media companies? Courts have
repeatedly recognized the public interest in this information. See, e.g., People for the Am. Way,
503 F. Supp. 2d at 306; Lardner, 2005 WL 758267, at *18; Alliance for Wild Rockies, 53 F.
Supp. 2d at 37. But the already public information paints only a part of the picture. The .CSV
files will reveal which public comments were submitted together and—with disclosure of the
bulk submitter email addresses—by whom. The public might better understand the agency’s
responsiveness to various constituencies if it knows which stakeholders solicited and facilitated
bulk public comments and which comments they submitted. 6
5
For example, a public comment submitted by someone with the email address domain
@USTelecom.org might indicate affiliation with a large trade group of internet service providers
supporting the Commission’s actions; a public comment submitted by someone with the email
address domain @InternetAssociation.org might indicate affiliation with a large trade group
representing companies that opposed the Commission’s actions.
6
This value depends on the email address disclosure: Because bulk submitters did not
have to provide their names, the information to be gleaned from the email addresses is the only
18
The Commission’s non-use of the email addresses does not negate this value. Disclosure
illuminates the relative weight an agency places on various constituencies’ comments whether or
not that weighing is conscious or overt. 7 There is heuristic value for assessing an agency’s
actions when disclosure reveals that an agency relied more heavily on certain constituencies’
comments, or that its reasoning aligned with the preferences of one constituency over another. 8
That value is independent of what the agency knew at the time.
Because the Commission’s apparent misunderstanding of Prechtel’s request left the issue
unbriefed, it is unclear whether the Commission currently possesses the .CSV files themselves
and, if so, how they are stored. 9 The Court therefore directs the parties to meet and confer
regarding the release of the .CSV files, applying the analysis set forth in this opinion to the
information from which the public can potentially learn something about their identities and the
relative weight the Commission placed on the comments they submitted.
7
To be sure, courts have sometimes depicted the public interest in disclosure as
“knowing who may be exerting influence on [agency] officials sufficient to convince them to”
make policy changes, People for the Am. Way, 503 F. Supp. 2d at 306, which implies that the
agency must have had knowledge of the relevant identity for the interest to attach. In other
cases, however, the interest has been framed as knowing to whose comments agencies “give
greater weight” in regulatory processes, Alliance for Wild Rockies, 53 F. Supp. 2d at 37, which
does not necessitate overt weighing.
8
This case is distinguishable from Edelman v. SEC, 302 F. Supp. 3d 421 (D.D.C. 2018),
a recent decision in which a court in this district found minimal public interest due to limited
agency use of the underlying information. There, plaintiff sought the names of those who had
submitted consumer complaints to an agency; the court held that the balance tipped away from
disclosure because the agency had used the underlying complaints only for a limited purpose,
which did not include policy development. Id. at 427-28. Here, even though the Commission
did not rely on the information Prechtel seeks, it did consider the underlying submissions
associated with that information.
9
The Court is unsure whether the Commission maintains possession or control of the
.CSV files after the comments they contain are placed into ECFS. Likewise, it is not clear
whether, if the Commission maintains those files, it stores them in a manner that renders them
reasonably segregable from otherwise exempt information such as that discussed in Section III.C
of this opinion, infra.
19
relevant facts. If a dispute remains, the Commission may file a renewed motion for summary
judgment on this issue. Any such motion shall include a declaration providing a factual
explanation of whether and how the Commission stores the .CSV files.
C. The Server Logs
Finally, Prechtel sought the release of FCC electronic server logs detailing all dates and
times that .CSV files were submitted. Am. Compl. ¶ 16. The purpose of this request was
apparently to examine the logs for signs of nefarious activity. The Commission withheld these
logs in their entirety, claiming that some of the information in the logs is protected under FOIA
Exemptions 6 and 7(E) and not reasonably segregable from the non-exempt information. See
Defs.’ SUMF Ex. B, at 3-4. The Court finds that the Commission has properly invoked
Exemption 7(E) and has shown that the properly withheld information is not reasonably
segregable from the other information; therefore, there is no need to address the invocation of
Exemption 6. The Court will grant the Commission’s motion for summary judgment on the
server log withholding.
1. Exemption 7(E)
FOIA’s Exemption 7(E), as relevant here, allows agencies to withhold “records or
information” that “would disclose techniques and procedures for law enforcement investigations
or prosecutions . . . if such disclosure could reasonably be expected to risk circumvention of the
law.” 5 U.S.C. § 552(b)(7). This provision creates “a relatively low bar for the agency [to meet]
to justify withholding.” Blackwell v. FBI, 646 F.3d 37, 42 (D.C. Cir. 2011). “[T]he exemption
looks not just for circumvention of the law, but for a risk of circumvention; not just for an actual
or certain risk of circumvention, but for an expected risk; not just for an undeniably or
universally expected risk, but for a reasonably expected risk; and not just for certitude of a
20
reasonably expected risk, but for the chance of a reasonably expected risk.” Mayer Brown LLP
v. IRS, 562 F.3d 1190, 1193 (D.C. Cir. 2009). And an agency need not meet a “highly specific
burden of showing how the law will be circumvented,” but only must “demonstrate logically
how the release of the requested information might create a risk of circumvention of the law.”
Id. at 1194 (punctuation and citation omitted).
In this case, the Commission’s IT staff fears that revealing the requested server logs
would expose both general security measures and specific steps it has taken to fend off past
cyber-attacks. The Commission explains in its declaration that its “IT staff concluded that
release of the server logs would reveal sensitive information regarding [its] IT architecture,
including security measures [it] takes to protect its systems from malicious activity.” First Yates
Decl. ¶ 18. Additionally, the Commission’s IT staff explained that “the logs would also disclose
detailed information about the steps the FCC took in response to the spike in ECFS traffic during
the period in question, thereby giving future attackers a ‘roadmap’ to evade the Commission’s
future defensive efforts.” Id. Courts have repeatedly “recognized the risk of a cyber-attack . . .
as valid grounds for withholding under Exemption 7(E).” Long v. ICE, 149 F. Supp. 3d 39, 51
(D.D.C. 2015).
Prechtel does not question the risk of renewed attacks but maintains that disclosure will
not aggravate the risk of any such attacks’ success. He contends that “the techniques for
detecting fraud, spam, and unique internet traffic are well known” and the Commission could
have used only two well-known techniques. Pl.’s Mot. Summ. J. & Opp’n at 15. The
Commission counters that “[t]he timing and nature of how [it] deployed those tools would
provide malicious actors with insight into how exactly [it] protects its systems and improve their
ability to defeat those protections.” Suppl. Decl. of Ryan J. Yates Supp. Defs.’ Mot. Summ. J.
21
(“Second Yates Decl.”) ¶ 13. Contrary to Prechtel’s assertions, these are not legally inadequate
“conclusory” and “vague or sweeping claims.” Pl.’s Reply at 9. The Commission has explained
its concerns and has rebutted specifically Prechtel’s contention that they are misplaced. This
more than suffices to meet its burden. “‘[J]udges are not cyber specialists, and it would be the
height of judicial irresponsibility for a court to blithely disregard . . . a claimed risk’ of cyber-
attack or a security breach.” Levinthal v. FEC, 219 F. Supp. 3d 1, 7 (D.D.C. 2016) (quoting
Long, 149 F. Supp. 3d at 53).
2. Segregability
But the Commission does not claim that all information in its server logs is exempt. So
why isn’t Prechtel entitled to the non-exempt information? Because under FOIA, while an
agency must provide “[a]ny reasonably segregable portion of a record . . . after deletion of the
portions which are exempt,” 5 U.S.C. § 552(b), it may withhold non-exempt portions of records
if they are “inextricably intertwined with exempt portions,” Mead Data Cent., Inc. v. U.S. Dep’t
of Air Force, 566 F.2d 242, 260 (D.C. Cir. 1977). In other words, FOIA anticipates situations
like this one, in which an agency possesses information that it would ordinarily be required to
release but that is intermingled with information protected from disclosure. “Agencies are
entitled to a presumption that they complied with the obligation to disclose reasonably
segregable material,” Sussman v. U.S. Marshals Serv., 494 F.3d 1106, 1117 (D.C. Cir. 2007), but
still must “carry [the] evidentiary burden and fully explain [their] decisions on segregability,”
Am. Immigration Council v. U.S. Dep’t of Homeland Sec., 21 F. Supp. 3d 60, 83 (D.D.C. 2014).
The agency can meet this burden by showing with “reasonable specificity” that the non-exempt
information is not reasonably segregable. See, e.g., Armstrong v. Exec. Office of the President,
97 F.3d 575, 578 (D.C. Cir. 1996).
22
The Commission has done so here. Its submissions explain that “[d]ue to the nature of
how the server logs record information, non-sensitive information . . . is interspersed throughout
hundreds of millions of lines of . . . . exempt information, . . . the disclosure of which would
jeopardize the Commission’s IT security.” First Yates Decl. ¶ 18 n.4. Prechtel maintains that
these submissions are insufficient because segregating server logs is an easy task, as
demonstrated by the fact that another agency has done so in the past. Pl.’s Reply at 7-8. But
another agency’s action does not undermine the Commission’s explanation. Agencies do not
necessarily have parallel IT architectures or use identical techniques.
Prechtel also contends that, at most, the Commission’s declaration indicates that
segregation is possible, but involves multiple steps. Id. at 8. That may be the case, but the
relevant statutory standard is whether the information can be reasonably segregated. The
Commission has explained that “extracting any non-exempt information” is complicated “[d]ue
to idiosyncrasies in how ECFS is built.” Second Yates Decl. ¶ 15. Further, it notes that “[e]ven
attempting to create the records [Prechtel] seeks would require substantial coding work by the
Commission’s IT staff to craft algorithms tailored to the Commission’s server architecture.” Id.
“Courts in this Circuit have held repeatedly that records [are] not reasonably segregable where
the agency attest[s] that it lack[s] the technical capability to edit the records in order to disclose
non-exempt portions.” Milton v. DOJ, 842 F. Supp. 2d 257, 260 (D.D.C. 2012). This is so even
when plaintiffs indicate the availability of software that could undertake the task. Id. The same
principle attaches here: The Commission need not “acquire new technological capacity in order
to comply with disclosure requests,” id., and FOIA does not require it to craft complicated
algorithms to meet Prechtel’s request. Because portions of its server logs were properly withheld
under FOIA Exemption 7(E) and because the Commission has shown that the remaining portions
23
cannot be reasonably segregated, the Court grants its motion for summary judgment on this
issue.
IV. Conclusion
For the foregoing reasons, the Court will grant in part and deny in part both parties’
cross-motions for summary judgment and directs the parties to confer regarding release of .CSV
files in light of the analysis in this opinion. A separate order accompanies this memorandum
opinion.
CHRISTOPHER R. COOPER
United States District Judge
Date: September 13, 2018
24