When journalist Jim Haddadin sent a public records request to the Massachusetts Office of Information Technology in August 2015, he didn’t think much of it. But now the seasoned reporter for the Framingham-based MetroWest Daily News says it spawned one of the longest, and strangest, transparency battles of his career — a fight that even caught the attention of the governor’s office.
Haddadin’s request was simple: He asked for records that “describe, list or catalog the databases maintained by” MassIT, which administers them on behalf of numerous state agencies. “To me, it’s fascinating that there is all this government data that is being collected, and we don’t know what it is, what type of records different agencies keep, and as a reporter you can find all kinds of great stories in a single database alone,” Haddadin explains.
“Sometimes you can find fun, light-hearted data that might reveal something interesting about the state. But in other instances, you can get data that illuminates some type of fraud, waste, or abuse,” Haddadin adds. “[P]ersonally I’m interested in discovering maybe more mundane data that’s out there, like where parking tickets are issued, or companies that are faulted for violating state law, or water quality tests — things like that.”
Haddadin learned from an email list for New England journalists that North Carolina law actually requires every public agency to create a list of databases it maintains, and it specifies that these lists are public records — so he naturally assumed that a similar request in Mass wouldn’t be a big deal. And at first, MassIT didn’t treat it like one. On Oct 1, 2015, MassIT legal practice manager Michelle Burwell told Haddadin that she planned to give him the lists “today or definitely tomorrow.” The following day, Burwell said she was at home with her sick child but would send the records when she returned to work.
Two weeks passed, and Haddadin’s minor request morphed into a serious security concern for MassIT. Burwell denied the request under the public safety exemption, which was passed after the Sept 11 terrorist attacks to protect information related to the security of people, buildings, and infrastructure. She claimed that revealing any information from the lists “would pose a threat to the state’s IT systems, in that it would disclose data and information stored at MassIT facilities whose locations are publicly known” — despite the fact that Haddadin was not actually requesting any information from the databases, just lists of them.
KEEPING YOU IN THE DARK FOR YOUR OWN GOOD
Puzzled by the rejection, Haddadin filed an appeal with the secretary of the Commonwealth’s office. “[T]he Daily News and its team of dedicated journalists is not a criminal enterprise, nor is it a terrorist organization,” he assured the secretary’s office. He suggested that MassIT provide the lists after redacting any sensitive information, a common solution when records contain information that is exempt from the law.
In response, MassIT lawyer Linda Hamel sent the secretary’s office an eight-page letter that named the records Haddadin was seeking — three “Database Team Lists” and one “Data Catalog List” — but claimed redacting information wasn’t enough. Her main argument was that it’s too dangerous for the public to even know what databases exist.
Hamel fretted over the possibility that the databases would be hacked, pointing to the 2015 hack of the federal Office of Personnel Management — when social security numbers, addresses, fingerprints, and other data on millions of government employees were compromised. She further wrote that releasing the lists would give “terrorists or other criminals … a ‘shopping list’ of critical data which, when combined with common knowledge about the state’s centralization of IT and the location of its data centers, could incite violence against the buildings in which the data is housed.”
It should bother anyone who believes in government transparency that MassIT is withholding records on the basis that they will alert the public to the existence of other records. As Haddadin says: “[T]he issue that lies at the heart of this request is whether citizens have the right to know what information the government keeps … MassIT is effectively saying that from this point forward, citizens don’t … and I think that’s a dangerous precedent to set.”
Aaron Mackey, a legal fellow with the Electronic Frontier Foundation, agrees. He says that to safeguard personal privacy, the government should not be allowed to keep secret databases — whether for “benign or nefarious” purposes. He pointed to the ’60s and ’70s, when the government kept detailed dossiers on anti-Vietnam war activists. “The idea is that the public should know what type of information the government is maintaining about them,” he says. Releasing the list would actually be a “public service,” according to Mackey.
“I think that the test [for whether records can be released] needs to be that there actually has to be a concrete, articulated risk that someone can claim rather than a hypothetical,” Mackey says. “[P]roducing a list … is not something that is going to lead to a risk of targeting of facilities or cyber attack or what have you. It just seems very ephemeral, very conjectural about what may occur.”
But the public safety exemption is not working in this ideal manner. That’s partly because it differs from most other exemptions to the law in that it requires records custodians to make judgments about what they believe requesters will do with records. It’s up to them to decide which people can be trusted and which ones might be plotting dastardly deeds. To accomplish that, the exemption allows custodians to ask requesters why they want records, which is usually prohibited since it can intimidate and discourage people from seeking information.
To make matters worse, Suffolk Superior Court ruled in 2014 that the exemption gives a “heightened level of deference to” the subjective judgments of records custodians and the secretary’s office, a decision that will make rejections harder to challenge in court unless it’s overturned (the SJC took it up of its own accord).
Neither Burwell nor Hamel asked Haddadin why he was making his request, but Hamel did make a judgment about him: She wrote that MassIT would not release the records to him in part because he’s a journalist, and she worried that he might publish the lists “either on paper or online.”
Haddadin was not pleased: “I’m very uncomfortable with my status as a journalist influencing whether or not I have access to public records. That is not the way that the statute is supposed to work. It’s not the spirit of why we have open government laws.”
After reviewing Haddadin’s appeal, the secretary of the Commonwealth’s office ruled that Burwell’s denial letter was not specific enough. But that was by no means the end of it. Hamel, the MassIT attorney, sent Haddadin an abridged version of her letter, rejecting his request for a second time. In response, Haddadin appealed again. This time, Hamel called the journalist to speak about his request. “My understanding was that she was calling me for [a public safety exemption] evaluation because I specifically requested [one] when I appealed these things. So we talked for a while. I felt like she genuinely wanted to help me out, too,” Haddadin says.
Hamel took notes on the conversation then submitted them to the secretary’s office. Here, the story takes a confusing turn. Hamel’s notes said Haddadin would be willing to drop his request if the secretary’s office found that the lists weren’t responsive to his request. But the secretary’s office closed the appeal, claiming that MassIT decided the records weren’t relevant to the request. Supervisor of Records Shawn Williams wrote to Hamel: “You explained to an attorney on my staff that based on your subsequent conversation with Mr. Haddadin you no longer believe that the records withheld by MassIT are responsive to Mr. Haddadin’s request.” Williams also cited a June 7 letter, in which he says Hamel “confirmed this belief.” But Hamel actually wrote that one of the lists “is potentially responsive to Mr. Haddadin’s request.”
So who actually decided the records weren’t responsive? Shawn Williams and Linda Hamel did not respond to requests for comment. Either way though, the secretary’s office shares some blame because it reviewed the MassIT lists as part of the appeal but then dropped the appeal instead of deciding whether the records are public — which raises the question of why it looked at them in the first place.
Haddadin was perplexed about why the secretary’s office didn’t talk to him directly instead of relying on what Hamel typed up. More importantly: “[The decision] was obviously frustrating to me because I absolutely believe that there’s no reason that you could construe [the records] as anything other than what I’ve requested — most notably because we’ve been arguing about it for the better part of a year, and they’ve already identified that it does fall within the scope of the request.”
Haddadin adds: “It was especially disappointing because I made a point of saying it to [Hamel], on the phone, that I’m willing to have this conversation but in no way do I want to change the scope of my records request. And after that, about two days after that call, I actually called [the secretary]’s office … to stress the exact same thing.”
‘INTERESTING NEWSPAPER STORIES’
After Haddadin’s second appeal was closed, he used every public-records trick in the book. First, he asked the secretary’s office for a copy of the June 7 letter regarding his second appeal. Next, he sent MassIT a new request for all the records it initially identified as responsive to his request so that it couldn’t claim they weren’t responsive. But, infuriatingly, Burwell did anyway. She decided for Haddadin that the lists aren’t the stuff “interesting newspaper stories” are made of and were not responsive to his “business purpose,” citing his conversation with Hamel. She also cited the same exemptions Hamel previously cited.
It’s hard to believe that these records are simultaneously so sensitive they can’t be released and also so boring that there’s nothing to write about them. More importantly, as Aaron Mackey of EFF says: “[T]hat’s not a judgment [MassIT] can make. It’s never about whether the documents are interesting or not … The fact that the agency is now relying on its own projections of the newsworthiness of particular documents is sort of ridiculous because that’s not their decision to make.”
Haddadin also asked MassIT for all emails sent or received by its employees in relation to his first records request, which is how he learned about the notes. On that prompt, MassIT produced a log of 331 emails that it said it was withholding due to attorney-client privilege and other reasons. Interestingly, 50 of these emails were either sent or received by Cathy Judd-Stein, an employee of the governor’s office. Brendan Moss, deputy communications director for Charlie Baker, would not comment on the nature of these emails. However, he pointed to a memo explaining how state agencies are required to seek advice from the governor’s office under certain circumstances, such as when a request is “non-routine” or there’s an appeal. Judd-Stein was first copied on an email prior to Haddadin’s initial appeal.
Haddadin also filed a third appeal regarding his initial records request. In response, the secretary’s office ordered MassIT to provide Haddadin with a new response to his records request but still did not rule on whether the records were public — despite already reviewing the records during the second appeal. For added measure, Haddadin filed an appeal regarding his second request for the lists.
‘RADICAL AND DISPARATE CHANGE’
This long tale doesn’t have an ending yet. Welcome to Massachusetts, which has one of the worst freedom of information laws in the country. The Legislature passed an update that is set to go into effect next year, but even then the law will continue to be weak and accessing records will still require playing bureaucratic cat-and-mouse games. In fact, the new law expands the public safety exemption to specifically cover “cyber security,” which will only lead to more denials like the ones Haddadin has gotten.
“I don’t even know how good the record is that we’re arguing over. I don’t know if I could look at [the requested] spreadsheet and get anything out of it, like if it even really says the names of the databases in a way that would allow me to understand what they are,” Haddadin says. And yet he’s spent more than a year sending emails, writing appeals, and trying to piece together what’s going on behind the scenes to hold things up. That’s the kind of tenacity it takes to get public records in the Commonwealth.
Haddadin’s saga is proof positive that one of the biggest flaws of the records law is that there are too many broad and vaguely worded exemptions, and that the public safety exemption is one of them. Even Secretary of the Commonwealth William Galvin, who has a terrible record on the public information law, has expressed concern about the exemption. In his guide to the law, he explains: “The nature of the exemption requires a records custodian to make some value judgment regarding the requester … [which] is specifically antithetic to the previously expounded presumptions that all records are public records and all requesters shall be treated uniformly. The legislature was informed in writing of this radical and disparate change … but chose to retain the language.”
Aaron Mackey says this aspect of the law is “silly” since people can easily share documents online. He adds: “[I]t just invites discretion and bias on behalf of the records custodian to make certain records discloseable to certain parties and not. If the basic idea is that the records belong to the entire public, that anyone can request them, then it begins to violate the basic first principles of what the public records law is all about.”
Next year, the Legislature will be forming a commission to determine whether it, the governor’s office, and the courts should be subject to the public records law. It also ordered the formation of a working group to reexamine the exemption for law enforcement investigations. Haddadin says a fresh look at the public safety exemption is warranted too. “[T]he situation that the Legislature has created … is confusing at best,” he says, and it should “consider whether there is a better way to handle that exemption, or if we should do away with that benefit that’s been granted to records custodians altogether.”
Those of us in the open government community can — and should — hope and agitate for this kind of change. It took decades for the Legislature to seriously get involved with public records reform, and we can’t let the momentum die now. While we’re at it, we should strive to be like Jim Haddadin and stick with our requests no matter how much of a pain in the ass it is.
This column is the first in a special two-part series on the public safety exemption to the Massachusetts public records law.
Broken Records is a column produced in partnership between the Boston Institute for Nonprofit Journalism and DigBoston. Follow @BINJreports and @BrokenRecordsMA on Twitter for upcoming installments and other news.
Special thanks to MuckRock’s Caitlin Russell for assistance on this story.