Date:
05/19/2022
Subject:
Michael Merritt/Iowa State University - Dismissal Order
Opinion:
The Iowa Public Information Board
|
In re the Matter of: Michael Merritt, Complainant And Concerning: Iowa State University, Respondent |
Case Number: 22FC:0025
Dismissal Order
|
COMES NOW, Margaret E. Johnson, Executive Director for the Iowa Public Information Board (IPIB), and enters this Dismissal Order.
On March 30, 2022, Michael Merritt filed formal complaint 22FC:0025, alleging that Iowa State University (ISU) violated Iowa Code chapter 22.
Mr. Merritt alleged that on December 5, 2021, he sent a request to ISU for the following records:
- The identity of ISU “end-users who interacted with the following uniform locators (URL)” from July 1, 2018 to December 5, 2021, followed by a list of 24 URLs.
- All ISU emails/attachments mentioning the 24 domains listed in (1) and/or the certain names, with a list of 56 specific names, between December 25, 2016 and December 5, 2021.
- The academic or professional purpose regarding ISU’s interaction with any of the 24 specific URLs provided in item (1).
- The academic or professional purpose regarding ISU’s interaction with any of the 56 specific names provided in item (2).
On January 3, 2022, Mr. Merritt sent a subsequent, narrower request, for the “[i]dentity of Iowa State University end-users who interacted with the following uniform resource locators (URL) while authenticated with the below Iowa State University Information System Assets,” with 49 specific time and host descriptions to replace item 1, above.
Mr. Merritt also requested the historical record of a particular ISU employee’s interactions with the 24 specific domains listed in item 1, above. A separate request included emails and attachments from a specific ISU employee from July 1, 2018, to December 5, 2021, that were to, from, or mention 56 specific names and all emails and attachments from the same ISU employee that were to, from, or mention Ames High School or Ames Community School District.
Mr. Merritt provided the response he received from ISU on December 17, 2021, informing him that his request for over three years of records was too broad and that ISU was “unable to reasonably comply with this request.”
On January 3, 2022, Mr. Merrit submitted a narrower record request. He stated that on March 1, 2022, he received a response from ISU acknowledging his secondary record request.
Mr. Merritt stated that on March 24, 2022, he received another response from ISU that included one email that ISU released pursuant to his request for copies of emails from a specific named employee. He was informed that other responsive emails had been withheld as confidential.
ISU informed Mr. Merrit that his requests for URLs visited by ISU network users could not be fulfilled as ISU did not retain those records. He added that he was informed that his request for emails and attachments mentioning the listed URLs and the 56 specific names he listed was also too broad and could not be retrieved.
In response to this complaint, ISU legal counsel noted that ISU had provided all documents that were not confidential in response to Mr. Merritt’s record request. Other emails were withheld because they were either confidential peace officers' investigative reports or information related to security measures.
Iowa Code section 22.7(5) states that certain law enforcement records are confidential:
5. Peace officers’ investigative reports, privileged records or information specified in section 80G.2, and specific portions of electronic mail and telephone billing records of law enforcement agencies if that information is part of an ongoing investigation, except where disclosure is authorized elsewhere in this Code. However, the date, time, specific location, and immediate facts and circumstances surrounding a crime or incident shall not be kept confidential under this section, except in those unusual circumstances where disclosure would plainly and seriously jeopardize an investigation or pose a clear and present danger to the safety of an individual. Specific portions of electronic mail and telephone billing records may only be kept confidential under this subsection if the length of time prescribed for commencement of prosecution or the finding of an indictment or information under the statute of limitations applicable to the crime that is under investigation has not expired.
Counsel noted that ISU has a police department. Currently, the police department is investigating an alleged incident. Releasing email conversations between law enforcement and the employee could seriously jeopardize the investigation.
Iowa Code section 22.7(50) states that certain security information is confidential:
50. Information and records concerning physical infrastructure, cyber security, critical infrastructure, security procedures or emergency preparedness information developed, maintained, or held by a government body for the protection of life or property, if disclosure could reasonably be expected to jeopardize such life or property.
a. Such information and records include but are not limited to information directly related to vulnerability assessments; information contained in records relating to security measures such as security and response plans, security codes and combinations, passwords, restricted area passes, keys, and security or response procedures; emergency response protocols; and information contained in records that if disclosed would significantly increase the vulnerability of critical physical systems or infrastructures of a government body to attack.
Counsel stated that some emails contain information concerning security and response plans with the employee, as part of the ongoing investigation. Release of these emails could reasonably be expected to jeopardize the safety of this employee or co-workers.1
Iowa Code section 23.8 requires that a complaint be within the IPIB’s jurisdiction, appear legally sufficient, and could have merit before the IPIB accepts a complaint. This complaint does not meet the necessary requirements for acceptance.
IT IS SO ORDERED: Formal complaint 22FC:0025 is dismissed as legally insufficient pursuant to Iowa Code section 23.8(2) and Iowa Administrative Rule 497-2.1(2)(b).
Pursuant to Iowa Administrative Rule 497-2.1(3), the IPIB may “delegate acceptance or dismissal of a complaint to the executive director, subject to review by the board.” The IPIB will review this Order on May 19, 2022. Pursuant to IPIB rule 497-2.1(4), the parties will be notified in writing of its decision.
By the IPIB Executive Director
________________________________
Margaret E. Johnson, J.D.
1. According to Mr. Merritt, there is ongoing litigation involving child custody/parenting time matters which involve Mr. Merritt and the ISU employee.
CERTIFICATE OF MAILING
This document was sent via. U.S. Mail or by electronic mail on the ___ day of May, 2022, to:
Michael Merritt
Michael Norton, legal counsel for the City of Ames