Knowing What the Government Is Up To
- April 28, 2018
- Clayton Rice, Q.C.
The American Civil Liberties Union of Minnesota and the Electronic Frontier Foundation, in a joint Brief of Amici Curiae filed in Webster v Hennepin County, Minnesota Supreme Court, Case No.: A16-0736, began argument this way, at p. 5:
“Knowing ‘what the government is up to’ is often the first step in ensuring that the government respects our civil liberties. The meteoric growth in the volume of [electronically stored information] is undeniable. Literature reflects that in 2015, the typical employee sent and received 125 emails per day. The increased use of instant and text messaging as well as the ability to attach audio and video files further increases the amount of electronic data that organizations create and store. Government entities will most certainly experience similar growth as they, too, seek to leverage technology.”
The amici brief asserted, at p. 3, that the US federal government is “in the process of building the world’s largest cache of face recognition data, with the goal of identifying every person in the country”. Local law enforcement authorities are being given access to the FBI’s Next Generation Identification program which seeks to build the world’s largest biometric database. Biometric data sets are massive and “the government is developing the ability to search them in real time to identify each of us in public. To what end is not yet clear, and the legal boundaries for the collection, storage, sharing, and use of biometric data have not been set.”
In August 2015 Tony Webster requested public government data from Hennepin County and the Sheriff’s Office under the Minnesota Government Data Practices Act, Minn Stat ss. 13.01-.90 (2016). The Data Practices Act governs the storage of government data and public access to it. The Minnesota Supreme Court was asked to decide whether the county’s procedures for public access to data violated the Act. The Minnesota Supreme Court is the state’s court of last resort exercising original or appellate jurisdiction as conferred by the Minnesota Constitution. Decisions of the Supreme Court are binding on the Minnesota Court of Appeals and state trial courts.
Webster’s request sought all data since January 1, 2013, including emails, that referenced biometric data or mobile biometric technology including rapid DNA, facial recognition, iris scan and tattoo recognition. That data was listed in the request as item 14. According to the amici brief, at pp. 7-8, the request sought information about law enforcement’s use of biometric technologies. “Law enforcement officers,” the brief stated, “in many jurisdictions around the country now carry mobile devices capable of capturing and scanning all kinds of biometric information – from fingerprints to face-recognition to DNA – from members of the public. This information is often, in turn, uploaded to databases that can be accessed later by a wide range of other government agencies, often for purposes beyond simple identification.”
Webster then corresponded with the County over the next three months about the status of the request. In late November he received a letter from Kristi Lahti-Johnson, the Hennepin County Data Governance Officer, with responses to items 1-13. With respect to item 14, Lahti-Johnson said the request was “too burdensome with which to comply”. She advised that a test examination for emails returned 312 emails after seven hours of searching. She calculated a responsive search would “tie up Hennepin County’s servers 24 hours a day for more than 15 months”. Lahti-Johnson told Webster that the response was complete but also stated that the County would work with him “to determine a reasonable limitation” to item 14.
In December, Webster replied to Lahti-Johnson that taking fifteen weeks to raise the issue of undue burden was “concerning to him” but he narrowed item 14 to emails of employees of the Sheriff’s Office, the Security Department and any County employees providing services to those departments. Webster also said that he thought the County had violated the Data Practices Act and that he was retaining counsel. Webster’s attorney contacted the County three days later asking it to retain the requested data because of the potential for litigation. Lahti-Johnson then advised Webster that the Sheriff’s Office should be his “point of contact” on item 14 and he received an email from the Sheriff’s Office stating that it was “continuing to explore the options regarding [the] revised request from December 4th, specifically as it relates to ‘Request Item 14’.”
On January 7, 2016, Webster filed an expedited data practices complaint with the Office of Administrative Hearings. The administrative law judge concluded that the County’s procedures did not insure that requests for government data were received and complied with in an appropriate and prompt manner. The Minnesota Court of Appeals reversed and the Minnesota Supreme Court granted Webster’s petition for review.
On April 18, 2018, the Supreme Court released its opinion finding that there was substantial evidence to support the administrative law judge’s conclusion that the County’s procedures did not comply with the Data Practices Act. The Court of Appeals had essentially concluded that a single violation of the statute was not sufficient. The threshold issue, therefore, was whether a standard that distinguishes between a single and multiple violations is appropriate.
In reversing the decision of the Court of Appeals, Judge Barry Anderson found, at p. 17, that “the proper standard under this statute hinges on the word ‘insure’.” The Data Practices Act commands responsible authorities to “establish procedures…to insure that requests for government data are received and complied with in an appropriate and prompt manner.” In the absence of a statutory definition of “insure” Judge Anderson looked to leading dictionary definitions (but not Webster’s) to conclude that insure means “to make certain or secure” and overlaps with ensure meaning to “make certain that (something) shall occur or be the case”. Judge Anderson then went on to hold, at pp. 19-20:
“The County concedes that its response to Webster’s request was untimely – not ‘prompt’. We recognize, and Webster acknowledges, that not every untimely response will support a finding that a government entity’s ‘established procedures’ do not comply with the Data Practices Act. Established procedures fail to insure timely responses when those procedures are the cause of the untimely response. Key to the violation here, therefore, is that the County’s established procedures were the cause of the untimely response. The County has ‘established procedures’ or standard practices, followed those procedures or practices, and yet the record contains substantial evidence of the County’s missteps and failures in responding to Webster’s request at every juncture, leading inexorably to the conclusion that the existing procedures were insufficient to meet the statutory requirements.”
Government transparency is a pillar of democracy that fosters accountability and thus creates confidence in public institutions. “To make informed decisions,” the amici brief argued at p. 1, “we need to know what the government does with the power and money entrusted to it.” The Data Practices Act is not new and the Minnesota Supreme Court has previously recognized that its purpose is “to reconcile the rights of data subjects to protect personal information from indiscriminate disclosure with the rights of the public to know what the government is doing.” It was not the statute, then, that failed Webster but the administration of it. See: KSTP-TV v. Ramsey County, 806 N.W.2d 785, 788 (2011)
On April 20, 2018, in a post to the EFF blog titled Minnesota Supreme Court Ruling Will Help Shed Light on Police Use of Biometric Technology, staff attorney Aaron Mackey said Webster requested the records as part of a 2015 campaign by EFF and MuckRock to track the use of mobile biometric technology by law enforcement. Mackey went on to say: “In many cases, police use mobile devices in the field to scan and identify people during stops. However, police may also use this technology when a subject isn’t present, such as grabbing images from social media, CCTV, or even lifting biological traces from seats or drinking glasses.”
Hmmm. Yes. What is the government up to?