278 F. Supp. 3d 11
D.D.C.2017Background
- Sheridan, a pro se requester, sought the e-QIP system source code and design/operations manuals from OPM via FOIA (request made April 2015); he sued after OPM failed to timely respond.
- e-QIP is OPM’s web-based system used to collect and transmit background-investigation forms for federal employment; blank forms are public but submission/adjudication use e-QIP.
- OPM located responsive material (about 3,241 source-code files, a 79‑page design manual, and a 109‑page operations manual) but declined production.
- OPM invoked FOIA Exemption 7(E) (and alternatively Exemption 2) arguing disclosure would reveal law-enforcement techniques/guidelines and risk circumvention of background checks and cyber-intrusion/phishing.
- Sheridan argued disclosure posed no harm (public forms already available), that source code is modular and thus segregable, and that Exemption 2’s public-interest limit applies.
- The Court granted OPM summary judgment, holding Exemption 7(E) applies and that OPM satisfied the segregability requirement.
Issues
| Issue | Plaintiff's Argument | Defendant's Argument | Held |
|---|---|---|---|
| Whether records were "compiled for law enforcement purposes" under Exemption 7 | Sheridan: e-QIP is merely a collection/transmission system; not law-enforcement techniques | OPM: e-QIP supports background investigations (a law-enforcement purpose) | Held: Records were compiled for law-enforcement purposes |
| Whether production would "disclose techniques and procedures" under Exemption 7(E) | Sheridan: public forms show nothing about adjudication; code may not reveal evaluation process | OPM: source code/manuals are a roadmap revealing how data is analyzed and triggers investigations | Held: Production would disclose techniques/procedures |
| Whether disclosure "could reasonably be expected to risk circumvention of the law" | Sheridan: cyber-risks exist regardless; prior intrusion occurred without source code; expert says release adds no significant risk | OPM: logical risk shown — code would aid cheating background checks and facilitate hacking/phishing; agency expertise entitled to deference | Held: OPM met the relatively low burden to show a reasonable risk of circumvention |
| Whether any reasonably segregable, non-exempt portions must be produced | Sheridan: source code modularity (3,241 files) implies segregable non-exempt portions | OPM: non-exempt portions are inextricably intertwined and disclosure of any part would aid circumvention/phishing | Held: OPM sufficiently justified non-segregability; withheld records in full |
Key Cases Cited
- Milner v. Dep’t of Navy, 562 U.S. 562 (agency Exemption 2/FOIA framework and scope of exemptions)
- Mittleman v. Office of Personnel Management, 76 F.3d 1240 (background-investigation records relate to law enforcement)
- Morley v. CIA, 508 F.3d 1108 (security-clearance/background procedures are law-enforcement related)
- Sack v. U.S. Dep’t of Defense, 823 F.3d 687 (Exemption 7(E) covers disclosures about use/timing/effectiveness of investigative techniques)
- Blackwell v. FBI, 646 F.3d 37 (technical forensic procedures qualify as law-enforcement techniques under Exemption 7(E))
- Mayer Brown LLP v. I.R.S., 562 F.3d 1190 (low burden for showing a reasonable risk of circumvention under Exemption 7(E))
- Dep’t of the Air Force v. Rose, 425 U.S. 352 (public-interest limitation on Exemption 2)
- Sussman v. U.S. Marshals Serv., 494 F.3d 1106 (agency entitled to presumption it complied with segregability requirement)
