California opens access to public business conducted on private devices
- By Susan Miller
- Mar 03, 2017
Communications by government officials in California who use personal devices or email accounts to conduct official business may be subject to disclosure under the California Public Record Acts.
In a unanimous decision welcomed by transparency advocates, the California Supreme Court overturned an appellate court ruling. “If public officials could evade the law simply by clicking into a different email account, or communicating through a personal device, sensitive information could routinely evade public scrutiny,” the Supreme Court wrote.
The issue of public records on personal devices or accounts has been making headlines.
Hillary Clinton was repeatedly criticized during the 2016 election campaign for her use of a private email server when she was secretary of State. More recently, questions have been raised about whether President Donald Trump’s tweets on his personal account should be considered official records. And on March 3, the Indianapolis Star reported that Vice President Mike Pence routinely used his AOL email account to conduct state business. Pence, however, “fully complied with Indiana law regarding email use and retention,” according to a statement from his office. “Government emails involving his state and personal accounts are being archived by the state consistent with Indiana law, and are being managed according to Indiana’s Access to Public Records Act,” it said.
The California court’s ruling applies to all public entities in the state -- from utilities, school districts, city, state and county agencies. It also covers social media accounts because it focuses on the content of the communication rather the type of account used in preparation or transmission.
The road to the ruling has been long. San Jose, Calif., resident Ted Smith in 2009 requested emails, texts and other messages sent to and from personal devices by San Jose officials about city business. The city refused to provide the records, Smith sued, and Santa Clara County Superior Court ruled in his favor. In March 2014, however, an appellate court ruled in the city’s favor. Smith then took the case to the state’s Supreme Court.
The Electronic Frontier Foundation joined the American Civil Liberties Union in filing an amicus brief in support of Smith. In it, they referred to federal records laws that require employees using “non-agency email accounts to ensure those records are preserved as agency records.”
The brief also, however, made a case for the security of public records in the face of shadow IT, a problem affecting public and private sector enterprises alike.
“The use of private email accounts undermines what is perhaps the most important security protocol for email: establishing and securing a single email system for all of an agency’s employees,” the brief stated. “In fact, the use of personal accounts makes it impossible even to effectively identify all of the technologies that are used for communications, let alone evaluate and address potential security vulnerabilities.”
Government-controlled networks are not only easier to secure than the apps and cloud-based services consumers use, but they have other advantages, the brief said, including:
- End-to-end encryption
- Controls to limit access to specific devices or locations
- Threat detection tools to flag and respond to unusual activity
- Filters that protect against malware and phishing
- Identity verification
Moreover, the brief stated, the use of private email accounts for government business “magnifies the risk” of network security problems caused by negligent or careless employees, often cited as the major cause of security risk.
“Today’s decision will have wide-ranging impact on how public records are treated throughout the state, whether that’s elected officials communicating with lobbyists through Twitter direct messages or law enforcement officers exchanging controversial text messages on their personal smartphones,” the Electronic Frontier Foundation said in a statement. The group said new policies that ensure government employees do not use personal communications tools to conduct public business “would ultimately be the best way to ensure transparency and privacy.”
Susan Miller is executive editor at GCN.
Over a career spent in tech media, Miller has worked in editorial, print production and online, starting on the copy desk at IDG’s ComputerWorld, moving to print production for Federal Computer Week and later helping launch websites and email newsletter delivery for FCW. After a turn at Virginia’s Center for Innovative Technology, where she worked to promote technology-based economic development, she rejoined what was to become 1105 Media in 2004, eventually managing content and production for all the company's government-focused websites. Miller shifted back to editorial in 2012, when she began working with GCN.
Miller has a BA from West Chester University and an MA in English from the University of Delaware.
Connect with Susan at firstname.lastname@example.org or @sjaymiller.