27 September 2011

ICO FOI guidance for universities

The Information Commissioner's Office in the UK has issued a new guidance for Universities and other institutes of Higher Education on dealing with FOI and EIR requests.

This is welcome for a number of reasons, and though it is quite clear, it also raises some additional questions.

One thread comes across clearly in the advice, and that is that any exemption claimed that is subject to a public interest test must be thoroughly supported. In a number of the cases highlighted in the advice (the QUB/Ballie tree ring case, or the CRU dataset case), the decisions were based not on the manifest inappropriateness of the exemptions claimed, but on the specific lack of clear and sufficient support to invoke them. Given the lack of precedent in these cases, one might expect future ICO appeals to be defended more robustly if these exemptions are to be claimed.

There are some positive statements in the advice regarding whether peer review documentation - either reviews performed or received by a covered academic - is exempt under sections 36 and 41 of FOI. In the MRC case, the expectation of confidentiality in peer review, and the need for a 'safe space' for frank discussion of a proposal's merits were made clear and were upheld as valid reasons for an exemption which no public interest trumped. The ICO is careful to state that this is not a blanket exemption for all peer-review material, but it is hard to see how these justifications do not extend to all such requests, absent some overwhelming public interest which, though conceivable in theory, is hard to see ever applying.

Another welcome clarification is related to the exemption for "information intended for future publication". This will cover almost all unpublished data or analyses, as long as the requestee can demonstrate that the data was really being worked on with an intent for future publication at the time of the request. This will be tested in a specific case mentioned here previously where Steve McIntyre has appealed the refusal of UEA to release an unpublished analysis related to tree ring reconstructions.

More worrying are the ICO statements regarding personal email accounts. These are email accounts (on gmail, hotmail etc.) that are not controlled by the university. Since there is no statutory requirement for UK academics (or any other academics as far as I know) to solely use university email for academic or university communications there is a clear possibility that information that would be FOI-able if located on a university server will reside on private email servers. (NB. US government business at the Executive Office level - ie. the White House - does have a requirement via the Presidental Records Act to be conducted on official computers - but in this case there is an absolute exemption under US FOI for material related to discussions made by the executive - so it is not particularly relevant).

In the US, the first test of whether a document is FOI-able, is whether an agency has control of the document. In the case of a document on a gmail server, the answer is obviously no. It is hard to imagine what might compel Google to release any private email records to an agency (short of a court order, which is not within the power of the agency to produce). Fourth amendment protections against unjustified search would almost certainly trump any FOI justification.

The ICO, however, seems to suggest (section 2.3that "if the information held on a personal email account is related to public authority business, it is likely to be held on behalf of the public authority in accordance with s3(2)(b) of FOIA" and that FOI officers should "consider whether it is appropriate to ask a member of staff whether they hold information in a personal email account". There are no cases given of this occurring, but it is unclear under what authority a university could compel the turning over of information from a gmail account. This is clearly an issue which bears further watching, and will probably require a test case to determine the limits.

06 September 2011

ATI & UVa: An intervention

As discussed here and here, a key oddity in the ATI vs. UVa VFOIA case is that UVa voluntarily consented to have ATI review all material in the scope of the request in order to challenge any redactions or exemptions that UVa deemed necessary.

Now, Michael Mann has filed a motion directly with the Virginia court to have this state of affairs reviewed citing privacy concerns and the clear lack of ability to safeguard legitimate interests should the process go according to the current plans.

In return, ATI has thrown up another whole suite of red-herrings and strawman arguments that have nothing to do with the point of law at hand. They are arguing that Mann has no standing to intervene (which would seem to be obviously ridiculous given that it is his email account that is being mined), and that the Mann challenge is a focused on the legitimacy of the VFOIA request in the first place. This last argument is transparently false, since UVa has already sent over the material requested that did not come under any valid exemptions with no objection having been raised. Mann's intervention is solely focused on the procedure for dealing with material that UVa thinks is exempt, but that ATI thinks the exemption is invalid. The ATI release does not actually mention the point in question at all.

Even more interestingly, Chris Horner is quoted as saying that Mann is merely "sputtering ad hominem and conspiracy theories". This is the same Chris Horner who called Jim Hansen a 'fanatic' and wondered "Why is NASA hiding James Hansen's ethics records?" (see here for a more reality-based view). No ad hominem or conspiracy theorizing there of course.

ATI additionally claims that "Dr. Mann wants, after the fact, for UVA to throw out policies he accepted as a condition of living off of taxpayer dollars, in order to cover up public information and to evade scrutiny." - a statement wholly at odds with the facts in this case, and indeed with the VFOIA legislation itself. Why are there any mandated exemptions to total public disclosure if that any recourse to them is "a cover up" to "evade scrutiny"?

Indeed, since the point of Mann's complaint is that the ATI lawyers cannot be trusted to deal professionally with any material under seal, one would think that they would make more of an effort to appear trustworthy. One would be wrong.