Date:
08/17/2017
Subject:
Gavin Aronsen/Iowa State University - Probable Cause Report
Opinion:
The Iowa Public Information Board
In re the Matter of: Gavin Aronsen, Complainant And Concerning: Iowa State University, Respondent |
Case Number: 17FC:0012
PROBABLE CAUSE REPORT |
COMES NOW, Margaret E. Johnson, Executive Director for the Iowa Public Information Board (IPIB) and submits this probable cause report pursuant to Iowa Code section 23.10(1):
On February 9, 2017, Gavin Aronsen filed formal complaint 17FC:0012, concerning Iowa State University (ISU). He alleged that ISU violated Iowa Code chapter 22 (Public Records) by refusing to release floor plans for the Knoll, an ISU campus building. The Knoll is the residence of the President of ISU.
ISU responded that the plans are confidential under Iowa Code section 22.7(50). ISU also filed a copy of the security related information exemption policy enacted on May 17, 2007, and revised on April 6, 2011, as required by Iowa Code section 22.7(50)(b). An initial review of the policy did not appear to exempt the records requested by Mr. Aronsen. He also claimed that the requested records have been available until recently. A portion of the Knoll is also open to public access.
The initial record request was made on January 26, 2017. The denial was received on February 9, 2017. Redacted records were not offered. The ISU website with the building information for the Knoll has a link to request floor plans.
The IPIB accepted this complaint on March 16, 2017. Pursuant to Iowa Code section 23.9, IPIB staff then worked with both parties to reach an informal resolution. Certain plans could be made available, but ISU would not release those plans that were deemed confidential pursuant to Iowa Code section 22.7(50)(b). Efforts to reach an informal resolution were unsuccessful.
As part of the formal investigation process, I reviewed the policy enacted by ISU as required by Iowa Code section 22.7(50)(b) (exhibit 1). The policy specifically withholds “(p)ortions of architectural and engineering designs, and other technical information, which are not otherwise publicly available, and which if disseminated, would significantly compromise the security of a university-owned or leased building or facility.”
Katherine Gregory, Senior Vice President for University Services at ISU, submitted an affidavit outlining the rationale, in her professional opinion, for withholding certain records concerning the Knoll pursuant to Iowa Code section 22.7(50) (exhibit 2). She notes: “The floor plans provide detailed information regarding the President’s residence including all points of ingress and egress. The plans also provide detailed information that may allow a person to make reasonable determinations about the likely location of family members and points of access that would be least likely detectable by security.”
She continues: “Public dissemination of this type of information significantly impacts the security of the building and makes it more difficult for campus security officials to protect the safety of the President and the security of the Knoll.”
I also reviewed the information available on the public website for the Knoll. There is a link for “Floor Plans”, but that link leads to a page that reads “Floor plans for Knoll are not available online.” There is a list on the webpage that lists each room in the Knoll by floor, its square footage, the department it is assigned to, and capacity (if applicable). Emergency maps for the Knoll are available by contacting Environmental Health and Safety. The website lists the severe weather shelter and the location of the emergency radio.
ISU states that these records are considered confidential under Iowa Code section 22.7(50):
50. Information and records concerning physical infrastructure, cyber security, critical infrastructure, security procedures or emergency preparedness information developed, maintained, or held by a government body for the protection of life or property, if disclosure could reasonably be expected to jeopardize such life or property.
a. Such information and records include but are not limited to information directly related to vulnerability assessments; information contained in records relating to security measures such as security and response plans, security codes and combinations, passwords, restricted area passes, keys, and security or response procedures; emergency response protocols; and information contained in records that if disclosed would significantly increase the vulnerability of critical physical systems or infrastructures of a government body to attack.
b. For the purpose of this subsection, "cyber security information and records" include but are not limited to information and records relating to cyber security defenses, threats, attacks, or general attempts to attack cyber system operations.
I was able to review all the plans for the Knoll, both public and private areas. These materials are considered confidential pursuant to Iowa Code section 23.6(6) while in the possession of the IPIB. The plans show the location of windows, doors, bathrooms, and other easily identifiable rooms in the basement and on the first, second, and third floors. Even without any engineering expertise in reviewing floor plans, it was easy to determine the access, egress, and usage of most rooms based upon these floor plans.
Based upon my review of the ISU security policy, Iowa law, and the floor plans, I would agree that these records do fall within the confidentiality protection of Iowa Code section 22.7(50).
IPIB Action
The IPIB has several options upon receipt of a probable cause report. According to Iowa Administrative Rule 497 - 2.2(4):
“Board action. Upon receipt and review of the staff investigative report and any recommendations, the board may:
a. Redirect the matter for further investigation;
b. Dismiss the matter for lack of probable cause to believe a violation has occurred;
c. Make a determination that probable cause exists to believe a violation has occurred, but, as an exercise of administrative discretion, dismiss the matter; or
d. Make a determination that probable cause exists to believe a violation has occurred, designate a prosecutor and direct the issuance of a statement of charges to initiate a contested case proceeding; or
e. Direct administrative resolution of the matter under subrule 2.1(6) without making a determination as to whether a violation occurred.”
Recommendation
There is insufficient evidence to support a finding of probable cause for a violation of Chapter 22. I recommend dismissal.
Respectfully submitted this ___ day of _______, 2017.
Margaret E. Johnson, JD
Executive Director
Iowa Public Information Board
Wallace Building, Third Floor
502 E. 9th Street
Des Moines, Iowa 50319
(515) 725-1783
(515) 725-1789 (fax)
Cc: IPIB
Gavin Aronsen
Michael Norton, counsel for Iowa State University