Topics:

Formal Complaints

Date:
02/20/2020

Subject:
Joel Miller/Office of the Iowa Secretary of State - Dismissal Order

Opinion:

The Iowa Public Information Board

In re the Matter of:

Joel Miller, Complainant

And Concerning:

Office of the Iowa Secretary of State, Respondent

 

                      Case Number: 20FC:0010

                                  

                          Dismissal Order

              

COMES NOW, Margaret E. Johnson, Executive Director for the Iowa Public Information Board (IPIB), and enters this Dismissal Order:

On January 31, 2020, Joel Miller filed this formal complaint with the IPIB, alleging a violation of Chapter 22 by the Office of the Iowa Secretary of State (SOS) on January 27, 2020.


Mr. Miler submitted a request for public records on January 15, 2020.  His request asked for 

All cybersecurity assessments, tests, and reviews conducted on the Secretary

of State’s election related systems including Iowa’s voter registration

system aka I-Voters by any government agency, contractor, vendor, or

person(s), including the DHS, FBI, or National Guard for the time period from

1/1/2016 through the current date.


All cybersecurity assessments, tests, and reviews of the Secretary of State’s systems planned to occur between the current date and 12/31/2020 by any government agency, contractor, vendor, or person(s).

On January 27, 2020, Molly Widen, legal counsel for the SOS, responded to the record request.  She stated that the requested records were confidential records pursuant to Iowa Code section 22.7(50) and, therefore, would not be released.


Mr. Miller, who serves as the Linn County auditor, replied to Ms. Widen on January 29, 2020.  He expressed concern that Ms. Widen appeared to be impugning his character and trustworthiness by implying that the release of cybersecurity records to him could reasonably be expected to jeopardize security of the election system.

Iowa Code section 22.7(50) states that the following records are confidential:

 

50. Information and records concerning physical infrastructure, cyber security, critical infrastructure, security procedures or emergency preparedness information developed, maintained, or held by a government body for the protection of life or property, if disclosure could reasonably be expected to jeopardize such life or property.

a. Such information and records include but are not limited to information directly related to vulnerability assessments; information contained in records relating to security measures such as security and response plans, security codes and combinations, passwords, restricted area passes, keys, and security or response procedures; emergency response protocols; and information contained in records that if disclosed would significantly increase the vulnerability of critical physical systems or infrastructures of a government body to attack.

b. For the purpose of this subsection, "cyber security information and records" include but are not limited to information and records relating to cyber security defenses, threats, attacks, or general attempts to attack cyber system operations.

Mr. Miller requested the release of public records pursuant to Iowa Code chapter 22.  While he might have access to cybersecurity records in his capacity as Linn County auditor, the SOS can withhold these same records as confidential records pursuant to Iowa Code section 22.7(50) when the records are the subject of a public record request.  If a record is public and not confidential, then all requesters have equal access to that record. 

 

Iowa Code section 23.8 requires that a complaint be within the IPIB’s jurisdiction, appear legally sufficient, and have merit before the IPIB accepts a complaint.  This complaint does not fulfill those requirements.

 

IT IS SO ORDERED:  Formal complaint 20FC:0010 is dismissed as legally insufficient pursuant to Iowa Code section 23.8(2) and Iowa Administrative Rule 497-2.1(2)(b). 

 

Pursuant to Iowa Administrative Rule 497-2.1(3), the IPIB may “delegate acceptance or dismissal of a complaint to the executive director, subject to review by the board.”  The IPIB will review this Order on February 20, 2020. Pursuant to IPIB rule 497-2.1(4), the parties will be notified in writing of its decision.

 

By the IPIB Executive Director

 

________________________________

Margaret E. Johnson

 

CERTIFICATE OF MAILING

    

This document was sent by electronic mail on the ___ day of February, 2020, to:

 

Joel Miller

Molly Widen, legal counsel for the Iowa Office of the Secretary of State