Feds Get 30 Days to Back Up FOIA Argument

     (CN) – Government agencies conducted an adequate search for two records requests but they did not prove releasing metadata and database schema would be a security risk, a federal judge ruled Monday.
     Syracuse University professors Susan Long and David Burnham filed seven Freedom of Information Act (FOIA) requests with the U.S. Immigration and Customs Enforcement (ICE) and/or the Customs and Border Patrol (CBP) between October 2010 and February 2013.
     Long and Burnham’s are co-directors of Syracuse’s Transactional Records Access Clearinghouse, or TRAC. They sought metadata and database language structure, or schema, from databases used by both agencies, as well as snapshots of information.
     ICE and CBP produced some records but withheld others, citing FOIA exemptions for documents shielded by other laws and records compiled for law enforcement purposes. The agencies also claimed it would be overly burdensome to produce some responsive records.
     U.S. District Amit Mehta ruled Monday that ICE and CBP conducted an adequate search for the professors’ two October 2010 FOIA requests for information about the structure of two databases.
     “The agency responded to the request by searching the ‘authoritative’ database where responsive records were likely to be held. It identified the sections of that database where responsive records were likely to be found and reviewed the responsive documents,” Mehta wrote. “[Long and Burnham] have not offered any reason to believe that responsive records – other than the database schema and codes themselves, which defendants are not required to produce at this juncture – would be found within the databases.”
     The judge also held that ICE and CBP properly withheld copies of snapshots requested under multiple FOIA filings. He ruled that the agencies are not required to provide data snapshots.
     “Defendants’ declarant, Jeff Wilson, has attested, based on his specific knowledge of and experience with the EID database and associated datamarts that replicating and redacting the snapshots would create an undue burden on the agencies,” Mehta wrote.
     However, the judge stopped short of ruling entirely in favor of the federal agencies. Mehta said they have 30 days to supplement their briefing with more evidence that disclosure of metadata and database schema could risk circumvention of law enforcement, and that they have conducted an adequate search for a September 2012 FOIA request seeking information about snapshots.
     He noted that the government simply did not address what search, if any, it conducted for the request for information about data snapshots.
     As for metadata and database schema, Mehta found that ICE and CBP did not convincingly show that release of such information would expose the government to cyber attacks or other threats, but he ruled they are allowed to provide more evidence to boost their argument.
     “The court, however, will not at this juncture order defendants to disclose the withheld material. Rather, in the exercise of its discretion, the court will permit defendants to supplement the record with additional affidavits or other evidence to establish that disclosure of the IED and IIDS metadata and database schema will increase the risk of a cyber-attack, data breach, or any other circumvention of the law,” he wrote in the 32-page opinion.
     In June, another federal judge ruled that the Long and Burnham were entitled to lower processing fees for their public records request because its purpose was educational and journalistic.