A reporter from Reuters recently had a row with Jacksonville officials regarding claimed exemptions from disclosure of public records related to informational technology.
The city has had its approach to public records disclosure questioned by local media in recent days, via a panel in the city’s “Open Government Task Force” and on Twitter; however, the Reuters reporter (who generally doesn’t deal with local officials) offered his own take independently of that process, claiming that the city was using a statutory protection from exemptions “like a ball peen hammer.”
Reuters reporter Ryan McNeil wanted the last few years of records on IT security audits of city websites and/or computer networks, penetration and vulnerability testing, the city’s cyberinsurance policy, claims made on said policy and payments of ransom demands, as well as documentation of breaches.
McNeil was to find his request substantially frustrated, however, via claims of exemption from inspection of public records pursuant to Florida Statute, Section 119.071 (3).
McNeil let loose with an epic reply to the city’s custodian of public records: “On behalf of myself and Reuters, I raise strong objection to the city’s interpretation of its requirements under Florida’s broad open government laws. To be clear, there is no way 119.071(3) covers all of the responsive records. I strongly urge you to re-evaluate this denial.”
McNeil notes that “Florida public officials are required to take a narrow approach to exemptions.” And when exemptions apply, the sensitive information should be, per statute, redacted. Not addressed via a blanket denial, which per McNeil “is neither narrow nor does it comply with requirements to produce non-exempt information.”
McNeil contends “the city has attempted to use 119.071(3) like a ball peen hammer,” before drawing conclusions based on elided answers.
“For example, based on your response, apparently the city has made payments and/or communicated with people making a ransom demand as part of a cyber incident. We asked for ‘documentation of payments made to any entity as part of a ransom demand following a cyber incident as well as any correspondence made to or from the entities making the demand.’ These types of records in no way, shape or form relate ‘directly to the physical security of the facility’ nor do they reveal ‘security systems’,” McNeil writes, before posing provocative questions.
“Is the city arguing that it can make secret payments to satisfy ransom demands under Florida law? Additionally, is the city arguing it can have secret communications with those demanding taxpayer monies be used to satisfy a ransom demand?”
Along these lines, McNeil wondered if the city was “arguing that it can have secret contracts with vendors merely because they provide cybersecurity-related services,” based on declared exemption from disclosure.
“The same arguments can be applied to every single one of the blanket denials,” McNeil argued, a “blanket exemption [which] is not appropriate and inconsistent with Florida’s broad sunshine laws.”
This email, dated May 8, came in hours before local reporters offered their own critiques of how records are handled in Jacksonville’s City Hall.
During a “media panel” in Jacksonville’s “Task Force on Open Government,” representatives from The Florida Times-Union, WJCT, and this outlet described a system in which transparency and sunshine are subjective concepts, driven by the whims of the gatekeepers.
From the minutes: “The conversation focused primarily on public records and how they are accessed and received by the media. According to the panelists, there are often delays and unexpected costs associated with public records requests, which according to should be provided at a “reasonable” cost in a “reasonable” amount of time … some readily available public records appear to go through political review before being shared with the media, and the delays sometimes give the impression of being intentionally obstructive.”
Suggested solutions were proferred also: “Legislation could be enacted to clean up the records process – possibly with timelines; make records easier and cheaper to get; incorporate public records sharing as a regular part of government.”
However, the Office of General Counsel’s representative on hand diverged from the concord of the media panel members: “Jon Phillips, Office of General Counsel, expressed doubts about the public records obstacles and delays described by the media panel.”
What is clear: there is a real gap between the way the media interprets the Sunshine Law and the concept of open government and the way city officials interpret it.
Gaps have been identified before, of course, and will continue to be. With informational technology what it is, it is possible for all intragovernmental emails and texts to be online, made available in close to a real time way.
The reality, at least in Jacksonville, is one of selective disclosure. For example, the only publicly available email addresses, of the Mayor and his senior staff, are not updated in a time-sensitive manner. And if Lenny Curry doesn’t have a secondary official business email, well, questions are raised, given that the official inbox is little more than a fruitless farrago of crank correspondence and conspiracy theory.
Likewise, individual emails of Council members are available on no portal. While technology allows for a real-time cataloguing of such, legislative will doesn’t compel such.
And texts? Good luck.
As the Florida Times-Union found when investigating text messages that swayed a line-item during a budget vote, texts were difficult to obtain, with some members of the City Council seemingly unaware that part of the job description was to be a custodian of their public records.
Jacksonville’s latest slogan, “It’s easier here,” simply doesn’t apply to the city and its haphazard commitment to the Sunshine Law and public records disclosures. Local reporters have been acutely aware of that. And Reuters just got its education.