Opinion
2014-03-20
In re Application for a Judgment under Article 78 of the Civil Practice Law and Rules by Susan CRAWFORD and Anjali Dalal, Petitioners, v. THE NEW YORK CITY DEPARTMENT OF INFORMATION TECHNOLOGY AND TELECOMMUNICATIONS, Respondent.
David A. Schulz, Esq., Levine Sullivan Koch & Schulz, LLP, New York, Patrick Hayden of the Yale Law School Media Freedom and Information Access Clinic, c/o David A. Schulz, for Petitioners. Elizabeth Edmonds, Assistant Corporation Counsel, General Litigation Division, New York City, for Respondent.
David A. Schulz, Esq., Levine Sullivan Koch & Schulz, LLP, New York, Patrick Hayden of the Yale Law School Media Freedom and Information Access Clinic, c/o David A. Schulz, for Petitioners. Elizabeth Edmonds, Assistant Corporation Counsel, General Litigation Division, New York City, for Respondent.
SHLOMO S. HAGLER, J.
In this proceeding, petitioners Susan Crawford and Anjali Dalal (“petitioners,” “Crawford” or “Dalal”) move by Notice of Petition and Verified Petition, pursuant to the Civil Practice Law and Rules (“CPLR”) Article 78, CPLR § 3001, and the Freedom of Information Law (Article 6 of the New York Public Officers Law [“POL”] ) (“FOIL”) seeking the following relief: (1) declaring that respondent has acted unlawfully in failing adequately to justify the basis for concluding that documents are exempt from disclosure and in failing to disclose documents that are not properly exempt from disclosure under FOIL, (2) directing respondent to provide petitioners with immediate access to all non-exempt documents they requested; and (3) awarding petitioners their costs and attorney's fees pursuant to POL § 89(4)(c). Respondent The New York City Department of Information Technology and Telecommunications (“respondent” or “DoITT”) interposed a Verified Answer along with opposition papers and also moved by Order to Show Cause (“OSC”) for an order directing that respondent's opposition papers and petitioners' reply papers be filed under seal pursuant to 22 NYCRR § 216.1. Petitioners oppose the OSC seeking such a sealing order.
After oral argument on the hearing date, this Court adjourned this matter to conduct an in camera inspection of a representative sample of the subject documents sought for disclosure under FOIL. Thereafter, the in camera inspection was conducted in front of the parties.
Background
Petitioner Susan Crawford is a professor at Benjamin N. Cordozo School of Law, and is currently a visiting professor at Harvard Law School, where she teaches communications, privacy and intellectual property law. Petitioner Anjali Dalal is a resident fellow at the Information Society Project at Yale Law School where she studies telecommunications law and policy. Respondent DoITT, an agency of the City of New York, is responsible for providing IT services, infrastructure, and telecommunications to New York City's residents, businesses, and visitors. Non-party Empire City Subway (“ECS”), a subsidiary of Verizon, is the sole entity responsible for building and maintaining the underground conduits that may contain cables in New York City, including Manhattan and the Bronx.
Petitioners assert that high-income mostly white neighborhoods enjoy access to high-speed Internet, while low-income minority neighborhoods have either limited access or don't have any access to the Internet. In order to ensure that all New York residents have equal access to high speed Internet connections in a non-discriminatory manner, petitioners seek certain information to assess whether the City of New York is fulfilling its mandate of making high speed Internet access reliable and competitive to meet the needs of New Yorkers.
With this noble goal in mind, on January 24, 2012, petitioners submitted to respondent a FOIL request seeking disclosure of information as follows:
(1)the geographic location of conduits owned by ECS;
(2) the geographic location of conduits operated by ECS;
(3)the current contract or operating agreement between New York City and ECS;
(4)all previous contracts or operating agreements between New York City and ECS;
(5)rental rates ECS is authorized to charge potential franchisees; and
(6)the names of current franchisees renting ECS-owned ducts.
(Exhibit “A” to the Verified Petition.)
After several letters from respondent informing petitioner that it was researching and reviewing their FOIL request, by letter dated May 11, 2012, respondent provided its first partial response disclosing the above requested items three through six (Exhibits “B,” “C” and “D” to the Verified Petition). About a month later, by letter dated June 22, 2012, respondent stated that it considered the remaining first two items to be exempt from disclosure pursuant to POL § 87(2)(i) (Exhibit “E” to the Verified Petition). On July 19, 2012, petitioners filed an administrative appeal from respondent's partial denial (Exhibit “F” to the Verified Petition). On August 2, 2012, respondent denied petitioner's appeal based upon an additional exemption of POL § 87(2)(f) as well as the prior exemption under POL § 87(2)(i) (Exhibit “G” to the Verified Petition).
The Freedom of Information Law
The clear purpose of FOIL was to make our state government more transparent and open to broad public disclosure of information unless otherwise specifically exempted by POL § 87 (Matter of Data Tree, LLC v. Romaine, 9 N.Y.3d 454, 849 N.Y.S.2d 489, 880 N.E.2d 10 [2007];Matter of Capital Newspapers Div. of Hearst Corp. v. Burns, 67 N.Y.2d 562, 505 N.Y.S.2d 576, 496 N.E.2d 665 [1986];Matter of Fink v. Lefkowitz, 47 N.Y.2d 567, 419 N.Y.S.2d 467, 393 N.E.2d 463 [1979] ).
These exemptions are to be narrowly construed to provide maximum access to public disclosure of information (Matter of Capital Newspapers, 67 N.Y.2d at 566, 505 N.Y.S.2d 576, 496 N.E.2d 665). The Legislature also recognized a “legitimate need on the part of government to keep some matters confidential” (Matter of Fink, 47 N.Y.2d at 571, 419 N.Y.S.2d 467, 393 N.E.2d 463). In order to deny disclosure under FOIL, the governmental agency must show that the requested information “falls squarely within a FOIL exemption by articulating a particularized and specific justification for denying access” (Matter of Capital Newspapers, 67 N.Y.2d at 566, 505 N.Y.S.2d 576, 496 N.E.2d 665). Thus, the burden of proof rests on the agency to justify the denial of access to the requested information (Matter of Data Tree, LLC, 9 N.Y.3d at 463, 849 N.Y.S.2d 489, 880 N.E.2d 10).
Exemptions
Respondent asserts two exemptions, POL § 87(2)(f) (“the life/safety exemption”) and POL § 87(2)(i)(“the information technology exemption”), which read as follows:
(2)Each agency shall, in accordance with published rules, make available for public inspection and copying all records, except such agency may deny access to records thereof that:
* * *
(f)if disclosed could endanger the life or safety of any person;
* * *
(i)if disclosed, would jeopardize the capacity of an agency or an entity that has shared information with an agency to guarantee the security of its information technology assets, such assets encompassing both electronic information systems and infrastructures.
Both exemptions are different, but they share a common element : security or safety to persons or information technology (“IT”) assets. As such, this Court will only address the IT exemption as it is the more relevant exemption and will necessarily determine the instant petition.
Burden of Proof
Respondent bears the sole burden to justify denial of petitioners' FOIL request. Respondent must demonstrate two elements to meet the IT exemption under POL § 87(2)(i); first, that the conduits depicted in the Maps fit the description of “electronic information systems and infrastructures,” and second, that such disclosure of the precise locations of the conduits would jeopardize the respondent's ability to “guarantee the security of its information technology assets.”
The Conduits Are Electronic Information Systems and Infrastructures
Petitioners strenuously argue that the IT exemption does not cover the risk of harm to the actual conduits as respondent's claim. Petitioners maintain that the language, history and purpose of this exemption only contemplated the limited risk of electronic, and not physical, attacks on information technology assets. Respondent, however, interprets the exemption more broadly to encompass both the physical component such as the conduits and cables as well as the “cyber” component which includes the electronic data and systems that run over the physical component.
When construing a statute, the courts must first look to the language of the statute. If the language is clear and unambiguous, the courts must follow the plain meaning of the statute (Statutes § 76; Best Way Beer & Soda Distribs. v. New York State Liq. Auth., 99 A.D.2d 727, 472 N.Y.S.2d 350 [1st Dept.1984];Matter of von Knapitsch, 296 A.D.2d 144, 746 N.Y.S.2d 694 [1st Dept.2002] ). If, however, the language is ambiguous, the courts would resort to examination of the underlying legislative intent and purpose of the statute ( Kurcsics v. Merchants Mut. Ins. Co., 49 N.Y.2d 451, 459, 426 N.Y.S.2d 454, 403 N.E.2d 159 [1980] ).
While it is conceded that this IT exemption has been construed to avoid the risk of electronic or cyber attack, and there has not been any reported cases concerning the risk of physical attack, the plain language of POL § 87(2)(i) provides for the physical protection of “assets encompassing both electronic information systems and infrastructures.” It is noteworthy that nowhere within POL § 87(2)(i) does the words of electronic attack appear to limit its applicability.
“On its face, the exemption is concerned with ensuring the security of information technology” (Matter of TJS of N.Y., Inc. v. New York State Dept. of Taxation and Fin., 89 A.D.3d 239, 243, 932 N.Y.S.2d 243 [3d Dept.2011] ). This security consideration is not merely focused on the method of attack, but on the preservation of both the electronic data and the physical system or infrastructure that carries the data. It would be illogical and unreasonable to protect only against cyber attack and permit an attacker to have access to the physical component such as the computer to retrieve the electronic data. Thus, this Court concludes that the subject conduits come within the purview of electronic information systems and infrastructures under POL § 87(2)(i).
Disclosure Would Jeopardize Security of Information Technology Assets
In its denial of petitioners' administrative appeal to release the geographic location of the conduits owned and/or operated by ECS, respondent cited to the “risk to public safety by physical damage to or destruction of the conduit[s]” (Exhibit “G” to the Verified Petition). Respondent further explained that:
[The] ECS conduit[s] house[ ] important information technology and communication assets. Public disclosure of the location of ECS conduit[s] would create an unacceptable risk of damage to or destruction of the technology and telecommunications assets housed in ECS conduit[s], by terrorist or criminal attack. Knowledge of the precise location of the conduits would help an attacker disrupt communications and data flowing through such conduits. Such knowledge would also enable an attacker to focus an attack on the entry and exit of data and communications to critical buildings.... New York City's appeal as a terrorist target is a matter of historical record.
( Id.)
The geographic location of the conduits owned and/or operated by ECS are contained in 41 detailed maps of Manhattan and the Bronx (the “Maps”). In opposition to the petition and support of its answer to uphold the IT and life/safety exemptions, respondent submitted the affidavit of Sergeant Martin Wingert (“Sgt.Wingert”), sworn to on March 5, 2013 (“Sgt. Wingert Aff.”), an engineer and supervisor to the New York City Police Department Counter–Terrorism Division Threat Reduction Infrastructure Protection Section. Sgt. Wingert reviewed the Maps and concluded that “public dissemination of these [M]aps would put New York City's electronic information infrastructure at risk” (Sgt. Wingert Aff. at ¶ 4).
Specifically, the Maps show the fiber optic network in great detail which cables carry voice and data transmissions and provide internet and phone access throughout New York City (Sgt. Wingert Aff. at ¶¶ 6,7). Both the private and government sector heavily rely on the fiber optic network to conduct their affairs. The private entities that rely on the network include the banking and financial communities. The government entities include the New York City, State and federal courthouses, emergency communications call centers, hospitals, police and fire departments ( id. at ¶¶ 8, 9).
Sgt. Wingert asserts that the Maps depict sensitive information such as the routing and points of entry into “high-profile targets” including governmental buildings, banks and high-rise buildings, data centers and cable landing stations ( id. at ¶¶ 11–14). “In the wrong hands, [this sensitive] information could be used to wreak havoc” ( id. at ¶ 17). Sgt. Wingert detailed his specific concerns which this Court will not elaborate herein to protect the sensitive information, but suffice it to say that even a single attack on a remote location could cause a “substantial disruption or interruption” of computers that could compromise the ability of government to perform its essential services ( id. at ¶ 18). A more precisely targeted attack on certain cables “could result in an internet disruption not only in New York City but also throughout the Unites States and overseas” ( id.) More numerous attacks on “high value cables” could be “catastrophic” ( id. at ¶ 20). The effects of such an attack could lead, among other terrible scenarios, to impede the ability of police to communicate and provide security, and to delete valuable data in government and the private sector ( id.)
Petitioners contend that the allegations that the disclosure of the precise locations of the conduits would jeopardize the respondent's ability to “guarantee the security of its information technology assets” is conclusory and mere speculation. Respondent asserts that the concerns are real as New York City has been the target of multiple attacks. As such, respondent urges that this Court should defer to law enforcement's judgment to avoid the risk of harm or attack on the City's information technology assets and the resulting “catastrophic” consequences.
The above allegations, as vividly and clearly enunciated by Sgt. Wingert, which cautions against the release of sensitive information because it may result in an attack on our information technology assets is, unfortunately, a real life danger that we have experienced in a different context but has dramatically affected New Yorkers in so many different and painful ways. While the unforgettable attack on the World Trade Center towers seem not to have been anticipated, we are now all much more vigilant to guard against the same, new or different terrorist attacks. Sgt. Wingert predicts that the release of the precise location of the conduits would make our fiber optic network more susceptible to terrorist or other attack. “[I]t is bad law and bad policy to second-guess the predictive judgments made by the government's intelligence agencies” ( American Civil Liberties Union v. Dept. of Justice, 681 F.3d 61, 70–71 [2d Cir.2012], citing to Wilner v. NSA, 592 F.3d 60, 76 [2d Cir.2009] ). Therefore, this Court will defer to Sgt. Wingert's professional expertise that the disclosure of the precise information on the Maps would pose a substantial threat and would jeopardize the respondent's ability to “guarantee the security of its information technology assets.”
Diligent Search/Redactions
Even if certain information on the Maps are exempt, petitioners assert that respondent failed to provide redacted versions of the Maps. Moreover, even if the entirety of the Maps are exempt, petitioners contend that its initial request was for the “geographic location of conduits,” not necessarily the Maps of the conduit locations. Petitioners further contend that respondent has not explained why it has not provided petitioners with other responsive documents, even if not in map form.
Respondent affirmatively stated that it “would be impossible to redact these maps so as to avoid the security concerns stated above, as nearly everything depicted is part of the City's critical information infrastructure” (Sgt. Wingert Aff. at ¶ 10). Respondent also alleged that the Maps are the “only ... set of documents in its possession that is has not released to Petitioners after a thorough and diligent search” (Verified Answer at ¶ 51).
It is well settled that when a document subject to FOIL falls within an enumerated exception of Article 6 of the Public Officers Law, the agency “may be required to prepare a redacted version with exempt material removed” (Matter of Data Tree, LLC, 9 N.Y.3d at 464, 849 N.Y.S.2d 489, 880 N.E.2d 10). It is also clear that an agency is required to conduct a “ diligent search” in response to FOIL requests (Matter of Beechwood Restorative Care Ctr. v. Signor, 5 N.Y.3d 435, 444, 808 N.Y.S.2d 568, 842 N.E.2d 466 [2005] ).
Respondent maintains that it would be impossible to redact the Maps, and it has conducted a thorough and diligent search. This Court conducted an in camera review of the two produced samples that are representative of Maps which confirmed the impossibility to redact the exempt material because they contained thousands of entries. However, this Court is not completely satisfied that respondent has conducted a sufficiently diligent search to discover other responsive documents, even if not in a precise map form, which provide petitioners with non-sensitive and non-exempt general information (that seems to be available to the public on respondent's own website) to ensure that all New York residents have equal access to high speed Internet connections in a non-discriminatory manner.
Attorney's fees
An award of attorney's fees may be assessed against an agency and awarded to a petitioner seeking documents subject to FOIL where that requesting party “has substantially prevailed, when: (i) the agency had no reasonable basis for denying access; (ii) the agency failed to respond to a request or appeal within the statutory time” (POL § 89[4][c] ).
Inasmuch as petitioners have not obtained release of the documents they sought herein, they cannot be said to have “substantially prevailed” so as to be entitled to an award of attorney's fees (Matter of Friedland v. Maloney, 148 A.D.2d 814, 538 N.Y.S.2d 650 [3d Dept.1989] ).
Sealing of Court Records
For the same reasons that the Maps are exempt from disclosure as set forth above and to protect against such disclosure of sensitive information, respondent has met its burden in demonstrating “good cause” to seal respondent's opposition papers and petitioners' reply papers pursuant to 22 NYCRR § 216.1.
Conclusion
Accordingly, it is hereby
ORDERED AND ADJUDGED, that the petition is denied except that respondent shall conduct a new exhaustive diligent search to discover other responsive documents , even if not in a precise map form, which provides petitioners with non-sensitive and non-exempt general information of the geographic location
of conduits owned and/or operated by ECS within thirty (30) days of notice of entry of this decision and order. Respondent shall provide a certification that specifies its due diligence in attempting to discover the non-sensitive and non-exempt general information that concerns the geographic location of conduits owned and/or operated by ECS; and it further
While the precise location of the conduits may reveal sensitive information, respondent may be able to release to petitioners the broader location of the conduits by street or neighborhood, etc., without jeopardizing respondent's ability to guarantee the security of its information technology assets.
ORDERED AND ADJUDGED, that respondent's motion for an order directing that respondent's opposition papers and petitioners' reply papers be filed under seal pursuant to 22 NYCRR § 216.1 is granted. The Clerk of Court is directed to seal respondent's opposition papers and petitioners' reply papers unless access is permitted by further written order of this Court.
The foregoing constitutes the decision and order of this Court. Courtesy copies of this decision and order have been sent to counsel for the parties.