The Minnesota Supreme Court today upheld a ruling that the Hennepin County Sheriff violated the Minnesota Government Data Practices Act—the state’s freedom of information law—regarding a 2015 request to access data about law enforcement’s use of biometric technologies. What could have been a simple e-mail search turned into a 2½-year court battle, largely due to the Hennepin County Attorney’s Office choosing to use the case to attempt to get from the courts a laundry list of changes to the law that the Legislature had denied government lobbyists for years. Their scheme failed, and the law’s strong public-access mandate remains standing.

*

Nearly three years ago, I asked the Hennepin County Sheriff’s Office for data about law enforcement’s use of biometric technologies. After months of waiting, Hennepin County records staffers said it would take 10,800 hours of work to perform an email search for the names of biometric technologies and vendors.

I knew that wasn’t true—and they later admitted as much—but I nevertheless voluntarily reduced the scope of my request by about 90%. The County continued to ignore me. I repeatedly offered to work with them to find a good way forward, but Sheriff’s Office and County staff wouldn’t budge. I retained an attorney, gave the County yet another month to comply or cooperate in some fashion, and when it was clear nothing was working, I filed suit. My attorney continued to engage in conversation after filing suit, hoping to resolve the case, but the Hennepin County Attorney’s Office stopped responding. They wanted a fight; a chance to create case law against the public interest.

In order to obtain a court order compelling the Sheriff’s compliance with the law, I needed to prove at least one violation of the law. Most litigants might simply seek a judicial finding that their request was improperly denied or delayed. But I went a bit further, pleading violations about the County’s records management more generally. I didn’t know if I’d win them all—it’s impossible to know the inner-workings of government from the outside—but I also thought their inexcusable practices were worth judicial scrutiny. Absent a lawsuit, there’s no state agency with authority to look into a government entity’s practices.

In 2016, an administrative law judge ruled that the County and Sheriff’s Office broke the law in all of the four violations I argued.

The Hennepin County Attorney’s Office pled a kitchen sink of arguments in the Sheriff’s defense. They said my request to access emails wasn’t valid because I was asking for emails containing certain words—but they wouldn’t say what would be a valid request. They said the data request was more like ‘research’ than a request for data, because they would have to make a “personal database” of emails for me. They said the request was burdensome, artificially inflating the amount of work they thought they would have to perform due to a failure to use the right technology or implement date restrictions. They said that by asking to see emails, I was asking for them to change the format of the data, and they couldn’t do it. All of these arguments lacked a basis in fact and law.

Some of the County’s arguments defied common sense and the availability of modern technology, such as Hennepin County’s suggestion that in order to search their email, they would need to make copies of each individual email and put one copy each into a million different folders corresponding to each word in the English language. In reality, the County had the ability to use a central email search system, but chose not to use it.

Each of the County’s arguments failed, and the judge issued an order compelling their compliance with the law. The Sheriff began producing some data in weekly sets, but Hennepin County Attorney Mike Freeman appealed that decision to the Minnesota Court of Appeals, arguing again that requests to access government emails by topic or keyword aren’t valid, that the request was burdensome, and that the County felt their procedures and email storage arrangements were good enough.

The County obtained a ‘stay’ on the order compelling their compliance with the law, pending appeal, allowing them to deny my access to the public emails I requested until the conclusion of any appeal. I challenged the stay-pending-appeal in 2016, but lost.

In 2017, the Minnesota Court of Appeals upheld the administrative law judge’s ruling that the County violated the law by not producing the data I requested, which is the most important aspect of the case. Additionally, the County had not appealed findings regarding a lack of timeliness, or a failure to provide proper legal citations to support redactions, so those violations remained standing. However, the Court reversed two of the violations under the requirements for proper procedures and storing data “easily accessible for convenient use.” These issues contributed to the County’s refusal to produce data, but ultimately were adjacent matters that had never been litigated before.

I had still won the key point—that the County failed to comply with my request—but I wanted some finality.

I petitioned for review to the Minnesota Supreme Court on the issues of whether Hennepin County’s data was stored “easily accessible for convenient use” and whether they had adequate procedures to ensure prompt compliance. This was a decision in whether the County had adequate technology but failed to have adequate procedures to handle requests for data, or if the technology was also a problem.

Today’s order

The Minnesota Supreme Court, analyzing government Data Practices Act procedures for the first time, decided the problem lied with Hennepin County’s procedures:

“…the record contains substantial evidence of the County’s missteps and failures in responding to Webster’s request at every juncture, leading inexorably to the conclusion that the existing procedures were insufficient to meet the statutory requirements. The County argues that its procedures are sufficient and were followed. But of the four evidentiary reasons in the record advanced by the County, two are red herrings and two demonstrate instead that the procedures were not sufficient to establish statutory compliance.”

Importantly, the Supreme Court decided an unanswered legal question: to prove a violation of the Data Practices Act’s requirement that government have a policy to “insure” appropriate and prompt compliance, must a data requestor show the government has a pattern and practice of failures, or is one failure enough?

The Supreme Court found that one failure is enough to qualify as a violation. And because one violation is necessary to obtain an order compelling compliance with the law, this order strengthens the law for data requestors and transparency advocates, who may have an easier path toward securing court orders in the future.

“Nothing in the text of the statute suggests that a government entity can avoid a violation of the statute as long as that entity does not commit multiple violations. Plainly, the use of “insure” suggests that the “established procedures,” when followed, should result in appropriate and prompt responses in all cases. Put another way, the Legislature has not suggested that only a pattern of violations will suffice. We will not read such a standard into the statutory scheme adopted by the Legislature.”

I also asked the court to weigh-in on two of the County’s defenses: that the request was “unduly burdensome” and that the County felt a data request seeking emails by topic or keyword wasn’t valid. The Supreme Court declined to do so because I had already prevailed on these issues, so the Court of Appeals opinion stands.

As to the issue of alleged burden, the record was replete with documentation that burden was the County’s own making, such as their choice to use an unnecessarily laborious search process, to failing to conduct searches that were limited by date. The administrative law judge found, based on a County staffer’s testimony, that it would take only 18 hours to fulfill the email search. The Court of Appeals opinion of April 2017 stands on this point, which said “we cannot conclude that requiring [Hennepin County] to provide access to public government data produces an absurd result.”

The 2017 Court of Appeals opinion also sustained the validity of the request, ruling that the administrative law judge did not order the County to use specific methodology to conduct the search. Rather, the County needed to produce the requested data and how they found it was up to them. A request to access emails by the words in that email was not invalid, because I was not demanding the County use specific methodology to locate the emails.

The Court of Appeals had also rejected the County’s argument that asking for emails constituted asking for data in a different format from what the government entity maintained, stating that “…culling data from larger stores does not change the format of the data, it merely segregates it for public access.” This ruling continues to stand.

Government lobbyists used this case to try to weaken the law

What could have and should have been a simple e-mail search was turned into an unnecessary legal battle. Instead of spending 18 hours searching for data—which may not have required any human involvement after entering the search parameters—we went to court. Then, what could have been a three-month expedited enforcement action at the Office of Administrative Hearings was stretched out for two additional years, largely because the Hennepin County Attorney’s Office wanted to use the case to attempt to gain from the courts a laundry list of what government associations have unsuccessfully lobbied for at the Capitol for years.

Government associations and lobbyists had long billed the case as one which could fundamentally break government operations, and had been hopeful for a ruling that would create new case law giving government ways to avoid complying with requests.

In an amicus brief filed by a very long list of government associations—the League of Minnesota Cities, Association of Minnesota Counties, Minnesota Inter-County Association, Minnesota County Attorneys Association, Minnesota Chiefs of Police Association, Minnesota Sheriffs’ Association, National Sheriffs’ Association, Major County Sheriffs of America, and Minnesota School Boards Association—these organizations attacked the foundations of the law.

“[If government is] required to comply with unduly burdensome data requests, it will necessarily frustrate their ability to effectively fulfil [sic] their many other important governmental functions,” wrote an attorney at the League of Minnesota Cities in a court brief.

But compliance with public records requests is an important governmental function, and the Data Practices Act is the Legislature’s “fundamental commitment to making the operations of our public institutions open to the public,” according to previous appellate litigation and multiple advisory opinions from the Commissioner of Administration.

Moreover, the record established that my request was not burdensome, and that any burden was the County’s own making by choosing to use an unnecessarily laborious search process instead of doing a more simple direct search on their email servers.

But the League of Minnesota Cities continued to misrepresent to the Supreme Court that the request was burdensome, and that I was unwilling to restrict my request by date. But my public records request—Exhibit 1 in the case—shows that I did. In actuality, it was Hennepin County who failed to use that date restriction in their search attempts, falsely inflating their perceived effort.

It was a disheartening trend among government associations to obfuscate facts to achieve a political goal.

“The [Minnesota School Boards Association] seeks relief from burdensome data requests on members’ behalf,” was the headline of a newsletter article written by the organization’s Director of Legal and Policy Services, who continued to describe that my request to Hennepin County would “require its servers to be devoted to the search 24 hours a day for more than 15 months”—a fact that had been established as false more than a year before the article was written. Similarly, in a printed handout distributed to members of the state legislature in 2017, Keith Carlson, a lobbyist for the Association of Minnesota Counties misrepresented the technology and time aspects of the case.

These government associations are funded with taxpayer funds, by proxy, from government agencies around the state. But while they do government work with public money, these associations are not subject to the same transparency requirements of cities, counties, and state agencies. That should change, in my opinion.

In a brief filed by the Hennepin County Attorney’s Office, lawyers attacked my credibility, arguing that I’m just some “individual who routinely makes records requests.” I used the request to report about the Sheriff’s Office use of facial recognition technology; the first reporting on the technology’s law enforcement use in Minnesota. My data request uncovered emails showing Sheriff’s Office staffers laughing at a local television news report that said facial recognition wasn’t in use in the state, when it was actively being used in Hennepin County. “It is in our best interest to stay out of that type of limelight with this technology,” said a Sheriff’s Office staff member, who also noted that the technology is “really scary.”

This is exactly the type of public disclosure that is necessary for a healthy democracy.

Hennepin County and the Hennepin County Sheriff’s Office broke the law in multiple ways, and now the administrative law judge’s 2016 order compelling the Sheriff to produce the data I requested will be modified as appropriate, and the stay pending appeal will be lifted. I will soon be allowed to see the data I requested nearly three years ago.

I am, of course, pleased with the result. It sends a message that compliance is important, and that it’s risky for government to launch unnecessary appeals to fight for anti-transparency case law. Lawmaking should happen in the Legislature, not in the courts. Today’s ruling makes clear that government cannot avoid compliance by relying on deficient procedures, and that government must consider ease of public access before a request comes in.

Is public data public if you have to wait three years to see it?

This was not a dispute over whether the data was public. Both the Sheriff and I agreed that the data is presumptively public, and there was never a dispute over whether the law allowed the data to be withheld on the basis of data classification. Instead, the dispute was that the County Attorney did not feel I asked to see the data in the correct way, by asking for it by keyword. And yet, the County Attorney actually asked me to provide keywords at one point, sullying that argument, and couldn’t effectively identify how I should have asked to see the data.

If the data is public, and the law requires “prompt” compliance with a request, why did I have to wait nearly three years to see it?

If government data exists, and that data is public, there must be a way to ask for it. If I’m not asking for it in the right way, what is the right way? I asked Daniel Rogan, counsel for the County and Sheriff’s Office, this very question. “If you do not know the employees that are likely to have the information you are looking for, you may request that Hennepin County search the email accounts of those employees who are most likely to have [data] regarding the topic identified,” he said. I’m unclear how that’s different from what I did, and I’m especially unclear as to how asking for the data in the allegedly wrong way would render the public without a right to access that data.

It’s inexcusable that an elected official can delay access to public data for that long, simply by filing politically-motivated or frivolous appeals. I’m looking forward to finally having the opportunity to see the data I requested in 2015, but the sad reality is that the data is possibly stale and no longer newsworthy. To that end, perhaps the victory is the Sheriff’s.

The cost

“I estimate that I have spent 280 hours litigating this matter,” said Dan Rogan, who represented the Hennepin County defendants in this case. Responding to a public records request, the Hennepin County Attorney’s Office provided figures indicating their out-of-pocket expenses on the case had reached $7,600. My legal representation was pro bono, but easily exceeded $100,000 in attorney’s fees. State statute caps my attorney’s fee recovery in an administrative action to compel compliance to a mere $5,000. (The County will likely be responsible for additional costs or fees, as will be determined in the near future.)

Had I filed a civil lawsuit in district court, it’s possible the County would not have advanced the arguments they did. In a civil lawsuit, there is no cap on attorney’s fees, and judges have expanded remedy authority. Going forward, I will never again use the Office of Administrative Hearings administrative law judge “expedited” remedy, as the Hennepin County Attorney’s Office has proven they can and will use it as an appeal-mill to attempt to get bad case law—everything they’ve been unable to get at the Legislature—on the public’s dime, while the data I asked for is held hostage.

This cannot happen again.

Transparency requires a culture shift

In the years since this case began, Hennepin County has made improvements to their handling of data requests, implementing a data portal that keeps track of public records requests. I have noticed a dramatic improvement in the County’s response to data requests.

Meanwhile, while this case was pending, I noticed a slow-down at cities and counties throughout the state. Simple requests for emails used to take days or weeks to fulfill, and had now started taking months or more. In some requests, it took well over a year to get access to emails, which I believed was a delay tactic; government hoping the Court of Appeals or Supreme Court would enact new provisions allowing government to deny requests. This cultural opposition to transparency and accountability has no place in public service.

Further, Hennepin County Sheriff Richard Stanek’s office quietly implemented a 30-day auto-deletion policy for government emails while this case was pending at the Court of Appeals, something many open government advocates worried would harm public access and result in the loss of important information before the public even knew to ask for it.

These fears came true. In a 2016 request to access Sheriff’s Office emails, unrelated to this litigation, Sheriff Stanek’s office failed to process a data request until 16 days after it was sent, resulting in the loss of responsive data. The Sheriff’s deletion of government data after I requested it also violates the Data Practices Act. Similarly, last month I asked for a copy of instant messages within the Sheriff’s Office, which automatically delete after 24 hours. Because the Sheriff’s Office waited over 24 hours to conduct a search, those chat messages were presumably wiped and no longer accessible.

The Legislature has considered a bill requiring correspondence to be stored for at least three years, but the bill is unlikely to move forward this session. Government lobbyists opposed the bill last session, objecting to the costs of storing the data. They somehow found the money and resources to engage in this legal battle, though.

I also obtained in a subsequent data request a 2016 email showing a Hennepin County Sheriff’s Office’s IT Development Supervisor openly mocking this litigation by scrambling an acronym for a biometric technology called Integrated Biometric Identification System (IBIS) to “SIIB” and saying, “I have cleverly scrambled the letters in the client program acronym to avoid reading this e-mail on the Internet.”

This email was sent after I won the trial court case, and shortly after the Sheriff implemented shortened retention periods. I obtained it because I asked for all emails within specific mailboxes, because the County Attorney had been arguing that more narrowed requests for emails based on topic or keyword were not valid.

I am hopeful that the Legislature will examine the conduct—and more importantly, anti-transparency culture—of Hennepin County, the Hennepin County Sheriff’s Office, and Hennepin County Attorney’s Office, and realize the need for stronger enforcement provisions to combat some government agencies’ unchecked contempt for the law.

Finally, I note for fairness that the Hennepin County Sheriff’s Office issued a public comment on Facebook about this case, which I respond to below. The HCSO deleted the post the next morning, and did not respond when asked why.

The talking point that the County had to search seven million emails is a tired one. With modern technology, multi-mailbox servers make such a task relatively painless. Email server searches are routinely done in human resources investigations and for discovery in litigation. The Sheriff’s comment about producing emails to me neglects to mention that these emails were not produced until the administrative law judge ordered them to do so.

I’m incredibly thankful for the wonderful pro bono representation from my attorney Scott Flaherty at Briggs and Morgan, P.A., and his co-counsel Cyrus Malek, Emily Peterson, and Samuel Aintablian. Their hard work ensured a victory for the public interest and all who use the Data Practices Act to keep government accountable.

The American Civil Liberties Union of Minnesota, Electronic Frontier Foundation, Public Record Media, Minnesota Coalition on Government Information (MnCOGI), Star Tribune, MinnPost, and American Public Media (MPR News) filed amicus briefs in support of my position, and I appreciate their insightful contributions to the case. In particular, attorney Mahesha Subbaraman wrote a tremendously-detailed amicus brief that carefully analyzed the legislative purpose of the Data Practices Act, and attorneys at the ACLU of Minnesota, EFF, and Stinson Leonard Street LLP applied the law to the availability of modern technology in their amicus brief.