As originally published in Forbes on December 8, 2011.
The New York Supreme Court recently considered whether the principles that underlie freedom of information requests apply to obtaining software systems that contain records that otherwise would have to be produced by the government. Applying a two-part litmus test, the court answered that question in the affirmative. This opinion in important respects collapses the distinction between data and the systems that store it. Although fact-specific, the court’s analysis is worth noting not only for future freedom of information requests that involve sensitive storage systems, but also for similar dispute between private litigants.
In TJS of New York, Inc. v. New York Department of Taxation and Finance, 932 N.Y.S.2d 243 (Nov. 3, 2011), the petitioner (“TJS”) requested pursuant to New York’s Freedom of Information Law (“FOIL”) records related to a sales tax audit performed by the Department of Taxation and Finance (“Department”). The Department argued in the lower court that certain data could not be viewed in its native format, as ordered by the court, without producing the Department’s actual Audit Framework Extension software, which it refused to do. The lower court denied TJS’s motion to compel production of the software. TJS appealed.
The Court’s analysis proceeded as follows. First, the Court looked at the principles that inform FOIL and the definition of the term “record” under that law. Second, it examined the question whether software constitutes a record. And third, the Court considered whether the Department’s particular software falls under an exemption to FOIL designed to guarantee the security of information technology assets. The Court answered the second question in the affirmative and the third question in the negative based on its finding that the Department failed to meet its burden of demonstrating that the exemption applies here.
“It is by now axiomatic,” the Court began, “that FOIL imposes a broad standard of open disclosure in that all government records are presumptively available to the public unless they fall within a specific statutory exemption.” Id. at 245. What, then, constitutes a record? Quoting a New York statutory definition, the court provided:
For FOIL purposes, the term record is broadly defined as including “any information kept, held, filed, produced or reproduced by, with or for an agency . . . in any physical form whatsoever, including, but not limited to, reports, statements, examinations, memoranda, opinions, folders, files, books, manuals, pamphlets, forms, papers, designs, drawings, maps, photos, letters, microfilms, computer tapes or discs, rules, regulations or codes.
Id. at 246 (quoting Public Officers Law s. 86).
The Court then addressed the question whether software is an actual record under FOIL. Yes, it stated, dismissing the Department’s contention that its software is not a record because it per se does not contain information and instead is “a mere delivery system or warehouse.” Id. at 246. Not surprisingly, the Court concluded that the software at issue in fact does contain information and constitutes a record under FOIL. Software, the court stated, is a “means” to an end that can only be realized with the data therein. In this case:
[T]he software program, as well as the attached training manual for the software, reveals that the software is the means for conducting an audit and that, based on data entered by an auditor, the program does reconciliations, creates letters, produces forms, determines taxes due or refunds owed and creates a comprehensive audit report.
Id. It added that software in question is more than just a delivery system or data warehouse and, instead, falls within FOIL’s broad definition of a record subject to disclosure. See id.
This did not end the Court’s inquiry. Finally, it turned to the possibility that the software might be statutorily exempt from FOIL, which would have rendered null for practical purposes in this case its analysis above. The Department argued that the security of its software program would be jeopardized to generate false letters or forms that, if sent to taxpayers, would allow them to disclose confidential information. In other words, TJS could break the law or enable others to do so. The Court disagreed. It examined the language and legislative history of the aforementioned Public Law that is the basis of the exemption and concluded that “[t]he expressed legislative intent was to protect against risks of electronic attack, including damage to the assets themselves, including interference of agency computers and programs.” Id. at 246-47 (emphasis added).
The Court concluded that the Department “raised no such concerns” and relied on an overly broad interpretation of the exemption. This is especially so, the Court stated, because an applicant’s motive for seeking a record is generally irrelevant in determining whether documents are available under FOIL. See id. at 247 (citing cases). The Court thus found that the Department had failed to meet its burden of demonstrating the applicability of the exemption, and thus had to produce the software containing the relevant records.
A Few Thoughts
I have argued elsewhere that the principles of freedom of information should be enforced stringently when it comes to the government. The Court’s analysis here was thorough, and I agree with its holding. I do think, however, that the opinion leaves a number of important questions unanswered – questions that were not before the Court in this case.
For example, let’s assume that the Department’s software did in fact fall under the exemption? Would a litigant thus be deprived of any possibility to obtain the sought records in their original format? If so, what steps can be taken to overcome that loss of rights? What if examining records in a non-native format would be overly burdensome under standards applied to the Federal Rules of Civil Procedure? Should we allow the distinction (i) records and (ii) software and storage systems—a “means” to an end that can only be realized with the data therein, according to the Court—to be collapsed so easily? What if the requesting party could show that the records in question were indispensable to the disposition of a lawsuit, for example? Would a court then apply or create a balancing test? If so, which one? Moreover, what happens when these same principles arise in non-FOIA/FOIL cases? That is, when a private litigant, though not protected statutorily, asserts that its software systems should be safeguarded for some reason under the common law? These are important questions that the Court didn’t have to address here. They certainly merit our consideration.
- Big Data
- Business Intelligence
- Chief Information Officer
- Cloud Computing
- Corporate Compliance
- Corporate Counsel
- Corporate Governance
- Corporate Hierarchy
- Corporate Liability
- Data Privacy
- Data Security
- Electronic Discovery
- Electronic Discovery Sanctions
- Electronic Mail
- Electronically Stored Information
- Freedom of Information Act
- Health Care
- Information Technology
- Intellectual Property
- Internet Resources
- Legal Services
- Predictive Coding
- Social Media
- Wireless Networks