Summary
In State ex rel. Ohio Republican Party v. FitzGerald, 145 Ohio St.3d 92, 2015-Ohio-5056, a county withheld as "security records" key-card-swipe data for one employee against whom verified threats had been received, but released the same data for employees who had not received threats.
Summary of this case from Sengstock v. City of TwinsburgOpinion
No. 2014–1141.
12-09-2015
The STATE ex rel. OHIO REPUBLICAN PARTY v. FITZGERALD, Cty. Executive, et al.
Law Firm of Curt C. Hartman and Curt C. Hartman, Amelia; Law Firm of Daniel P. Carter and Daniel P. Carter, Cleveland; and Finney Law Firm, L.L.C., and Christopher P. Finney, Cincinnati, for relator. Majeed G. Makhlouf, Cuyahoga County Law Director, and Robin M. Wilson, Assistant Law Director, for respondents.
Law Firm of Curt C. Hartman and Curt C. Hartman, Amelia; Law Firm of Daniel P. Carter and Daniel P. Carter, Cleveland; and Finney Law Firm, L.L.C., and Christopher P. Finney, Cincinnati, for relator.
Majeed G. Makhlouf, Cuyahoga County Law Director, and Robin M. Wilson, Assistant Law Director, for respondents.
PER CURIAM. {¶ 1} The Ohio Republican Party ("ORP") seeks a writ of mandamus compelling Cuyahoga County, its former county executive Edward FitzGerald, and Koula Celebrezze, the public-records manager for the Department of Public Works, to fulfill its public-records request seeking records of key-card-swipe data documenting when FitzGerald entered and exited county parking facilities and buildings.
{¶ 2} At the time of the ORP's request, the key-card-swipe data were "security records" exempted from release pursuant to R.C. 149.433, because, according to an affidavit by a detective in the Cuyahoga County Sheriff's Office, FitzGerald had received threats and release of that data would have diminished the county's ability to protect him and maintain the security of the office of the county executive. Thus, upon review, the county had no obligation to release these records.
{¶ 3} Subsequent to receipt of the public-records request, circumstances changed: Cuyahoga County moved its administrative offices to a new building; it demolished its former offices to build a hotel and convention center; and FitzGerald's term of office expired, and he is no longer the county executive. In addition, the county released the records to members of the media in January of this year and thereby waived its argument that they are not subject to the public-records law. Accordingly, there is no longer any basis to withhold the requested key-card-swipe data, and therefore we grant the writ and order release of the records.
Facts and Procedural History
{¶ 4} On May 22, 2014, Chris Schrimpf, the communications director for the ORP, e-mailed a public-records request to Celebrezze and Mary Segulin seeking "the county's key card swipe data that shows when an employee enters or leaves a county building" for five individuals, including FitzGerald. He sent the request to Emily Lundgard, the county's director of communications, on June 2, and on June 9, he e-mailed her again, clarifying that his requests were based on the Cuyahoga County Code, the Cuyahoga County Charter, and the Ohio Public Records Act and indicating that because the request sought only information that the county had already denied to the Plain Dealer, further delay in granting or denying the request should be unnecessary. He sent a follow-up e-mail to Celebrezze on June 17, reiterating the prior request and also requesting the key-card-swipe data for a sixth person. Celebrezze acknowledged receiving the request the next day.
{¶ 5} The ORP filed this mandamus action on July 9, 2014, alleging that the county had failed to respond to its public-record requests, even though the same types of records "have readily been provided with respect to other employees or officials of the County of Cuyahoga." The ORP asserts that the records at issue here are public records pursuant to the Public Records Act and the Cuyahoga County Code and that the county has neither fulfilled the record request nor denied it, nor has it provided a written explanation justifying denial of the request as is required by law. The ORP therefore seeks a writ of mandamus compelling respondents to produce the requested records.
{¶ 6} On July 11, Majeed Makhlouf, the law director for Cuyahoga County, responded to Schrimpf's request, explaining that he could not release the key-card-swipe data for FitzGerald because "the Sheriff's Department [had] confirmed the existence of verifiable security threats barring the release of this information pursuant to R.C. 149.433." He provided the key-card-swipe data for the five other individuals but indicated that the county did not have information on when employees left the building because employees are not required to swipe their key cards to exit.
{¶ 7} On July 21, Schrimpf requested key-card-swipe data going back to January 2011, and he e-mailed again on July 29 to ask when he would receive the key-card- swipe records he had requested but not yet received.
{¶ 8} The next day, Makhlouf responded that the July 21 request was being processed "as expeditiously as possible" in light of the move to the new county administration building. On July 31, he e-mailed the key-card-swipe data requested but again excluded data relating to FitzGerald.
{¶ 9} We granted an alternative writ on September 24, 140 Ohio St.3d 1435, 2014-Ohio-4160, 16 N.E.3d 681, and the parties submitted briefs and evidence.
{¶ 10} In support of its position that the key-card-swipe data is excepted from disclosure, the county presented the affidavit of David DeGrandis, a senior administrative officer with the Cuyahoga County Department of Information Technology, who averred that the county installed the key-card system "for the protection of [the county's] facilities and those who use them." He explained that users have different levels of access to the building and that the key-card-swipe system is used to determine whether a user has security clearance to access a particular part of the building. He also stated that the key-card-swipe data can reveal "sensitive security information," so that
if an individual with high-level security credentials, such as the County Executive, utilizes a non-public entryway to enter an area that is secured via the key-card system without the presence of security personnel, the security key-card data will not only reveal the time patterns of entry, but it will also reveal the existence of the non-public, secured entryway itself.
{¶ 11} The county also presented the affidavit of D. Paul Soprek, a detective with the Cuyahoga County sheriff's department and director of the Principal Protection Unit, which is charged with protecting the county's public officials. He claimed that the Principal Protection Unit "is investigating a number of verified threats * * * against Executive FitzGerald" and asserted that "it is critical to protect the manner and pattern of travel, ingress and egress, and timing. This is precisely the kind of information that the county's security key-card data reveals. Release of the security key-card data for the County Executive diminishes the effectiveness of the Principal Protection Unit and its ability to protect the County Executive."
{¶ 12} Nonetheless, on January 7, 2015, Lundgard, the county's director of communications, released FitzGerald's key-card-swipe data to the Cleveland Plain Dealer. The ORP e-mailed Makhlouf asking whether the county would fulfill its public-records request, but Makhlouf replied that the request had been properly denied when it was submitted and invited the ORP to submit a new request "based on the changed circumstances."
Analysis
Motion for oral argument
{¶ 13} The ORP has moved for oral argument, which is discretionary in an original action. S.Ct.Prac.R. 17.02(A). Because we are able to decide the issues in this case without oral argument, we deny that motion. State ex rel. Mahajan v. State Med. Bd. of Ohio, 127 Ohio St.3d 497, 2010-Ohio-5995, 940 N.E.2d 1280, ¶ 65.
Show-cause order and motion to strike
{¶ 14} On March 25, 2015, we ordered the ORP to show cause why the case should not be dismissed as moot based on media reports that the county had released the key-card-swipe data to the press. 142 Ohio St.3d 1407, 2015-Ohio-1099, 27 N.E.3d 538. As we explained in State ex rel. Anderson v. Vermilion, 134 Ohio St.3d 120, 2012-Ohio-5320, 980 N.E.2d 975, ¶ 18, "providing the requested records to a relator generally renders moot a public-records mandamus claim."
{¶ 15} However, in response to the show-cause order, the ORP asserts that the county still has not provided it all of the requested records. The county admits in its memorandum in response that it released "similar" records to the Plain Dealer, but it contends that the records sought in this action are security and infrastructure records that the county is not required to release. And the county indicates that if the ORP submitted a new request, the county would "place it through the appropriate channels."
{¶ 16} The ORP then moved to strike the county's memorandum in response, arguing that it constitutes "supplemental argument and briefing" in violation of S.Ct.Prac.R. 16.08. However, the county submitted additional evidence to prove that it had exercised its discretion to provide FitzGerald's key-card-swipe data to the press, information that is relevant to determining whether this action is moot. In State ex rel. Cincinnati Enquirer, Div. of Gannett Satellite Information Network, Inc. v. Dupuis, 98 Ohio St.3d 126, 2002-Ohio-7041, 781 N.E.2d 163, ¶ 8, we noted that "[a]n event that causes a case to become moot may be proved by extrinsic evidence outside the record." We therefore deny the motion to strike.
{¶ 17} And because the county has not released the records to the ORP and continues to maintain that pursuant to R.C. 149.433, FitzGerald's key-card-swipe data are not public records that must be released, we conclude that this case is not moot.
Motions to take judicial notice
{¶ 18} The ORP filed two motions asking the court to take judicial notice of information on the county's governmental website—specifically, the county's announcements that the county executive's office had moved to a new building and that a new county executive had replaced FitzGerald. Pursuant to Evid.R. 201(B), courts may take judicial notice of facts not subject to reasonable dispute, and here, these motions are unopposed and the county posted the information on its own website. Thus, the motions to take judicial notice of this information are well taken and granted. Merits
{¶ 19} "Mandamus is the appropriate remedy to compel compliance with R.C. 149.43, Ohio's Public Records Act." State ex rel. Physicians Commt. for Responsible Medicine v. Ohio State Univ. Bd. of Trustees, 108 Ohio St.3d 288, 2006-Ohio-903, 843 N.E.2d 174, ¶ 6 ; R.C. 149.43(C)(1). Although we liberally construe the Public Records Act in favor of access to public records, "the relator must still establish entitlement to the requested extraordinary relief by clear and convincing evidence." State ex rel. McCaffrey v. Mahoning Cty. Prosecutor's Office, 133 Ohio St.3d 139, 2012-Ohio-4246, 976 N.E.2d 877, ¶ 16.
{¶ 20} But here, the county asserts that the requested records are exempt from disclosure pursuant to R.C. 149.433. As we explained in State ex rel. Cincinnati Enquirer v. Jones–Kelley, 118 Ohio St.3d 81, 2008-Ohio-1770, 886 N.E.2d 206,
[e]xceptions to disclosure under the Public Records Act, R.C. 149.43, are strictly construed against the public-records custodian, and the
custodian has the burden to establish the applicability of an exception. * * * A custodian does not meet this burden if it has not proven that the requested records fall squarely within the exception.
Id. at ¶ 10.
{¶ 21} R.C. 149.433(B) provides that "[a] record kept by a public office that is a security record or an infrastructure record is not a public record under section 149.43 of the Revised Code and is not subject to mandatory release or disclosure under that section."
{¶ 22} R.C. 149.433(A)(3) defines the term "security record":
This is the current version of R.C. 149.433. The statute was amended slightly in September 2014, Am.Sub.H.B. 487, but the change is not relevant to this opinion.
--------
(3) "Security record" means any of the following:
(a) Any record that contains information directly used for protecting or maintaining the security of a public office against attack, interference, or sabotage;
(b) Any record assembled, prepared, or maintained by a public office or public body to prevent, mitigate, or respond to acts of terrorism, including any of the following:
(i) Those portions of records containing specific and unique vulnerability assessments or specific and unique response plans either of which is intended to prevent or mitigate acts of terrorism, and communication codes or deployment plans of law enforcement or emergency response personnel;
(ii) Specific intelligence information and specific investigative records shared by federal and international law enforcement agencies with state and local law enforcement and public safety agencies;
(iii) National security records classified under federal executive order and not subject to public disclosure under federal law that are shared by federal agencies, and other records related to national security briefings to assist state and local government with domestic preparedness for acts of terrorism.
(c) An emergency management plan adopted pursuant to section 3313.536 of the Revised Code.
{¶ 23} We construed R.C. 149.433(A)(3) in State ex rel. Plunderbund Media, L.L.C., v. Born, 141 Ohio St.3d 422, 2014-Ohio-3679, 25 N.E.3d 988, explaining that "security records" include those that are directly used for protecting and maintaining the security of a public office as well as the public officials and employees of that office. Id. at ¶ 20. There, the Director of Public Safety had presented evidence that disclosure of records documenting threats against the governor " ‘would expose security limitations and vulnerabilities,’ " id. at ¶ 24 (quoting the affidavit of John Born), could " ‘reveal patterns, techniques or information’ related to security," id. at ¶ 25 (quoting the affidavit of Highway Patrol Superintendent Paul Pride), and " ‘could be used to commit terrorism, intimidation, or violence,’ " id. at ¶ 26 (quoting the affidavit of Ohio Homeland Security Executive Director Richard Baron). Based on that evidence, we concluded that those records, which involved direct threats against the governor, were security records not subject to release as public records, because they were directly used to protect and maintain the secure functioning of the governor's office. Id. at ¶ 30.
{¶ 24} Similarly, in this case, the county withheld release of the key-card-swipe data because there had been verified threats against FitzGerald, and according to Detective Soprek, it was "critical" to protect information regarding FitzGerald's "manner and pattern of travel, ingress and egress, and timing" that would be revealed by the key-card-swipe data. Soprek also averred that release of the key-card-swipe data would "diminish[ ] the effectiveness of the Principal Protection Unit and its ability to protect the County Executive." Thus, pursuant to Plunderbund, the key-card-swipe data contain information directly used for protecting or maintaining the security of a public office, and for that reason, they are "security records" within the meaning of R.C. 149.433(A)(3). See Plunderbund at ¶ 28.
{¶ 25} We reject the county's contention that the key-card-swipe data are exempt from release as infrastructure records. R.C. 149.433(A)(2) defines "infrastructure record" to mean
any record that discloses the configuration of a public office's or chartered nonpublic school's critical systems including, but not limited to, communication, computer, electrical, mechanical, ventilation, water, and plumbing systems, security codes, or the infrastructure or structural configuration of the building in which a public office or chartered nonpublic school is located. "Infrastructure record" does not mean a simple floor plan that discloses only the spatial relationship of components of a public office or chartered nonpublic school or the building in which a public office or chartered nonpublic school is located.
{¶ 26} The key-swipe data sought by the ORP does not disclose the configuration of a public office's critical systems. Rather, it shows when FitzGerald entered the building each day—facts unrelated to the building's structural configuration. And although the affidavit of David DeGrandis indicates that the key—swipe data could "reveal the existence of [a] nonpublic, secured entryway," DeGrandis does not specify that the data would reveal the location of such an entryway—information the ORP did not seek in its request. In any case, the location of any secured entrances would be observable by the public and would appear on "a simple floor plan that discloses only the spatial relationship of components of * * * the building in which a public office * * * is located," and such a floor plan is expressly excluded from the definition of an infrastructure record. R.C. 149.433(A)(2). Thus, even if the key-card-swipe data reveals the location of nonpublic, secured entrances, it is not excepted from disclosure as an infrastructure record.
{¶ 27} At the time of the request, R.C. 149.433 exempted FitzGerald's key-card-swipe data from disclosure because FitzGerald had received threats. The undisputed evidence now demonstrates that the data are neither security records nor infrastructure records. Cuyahoga County's website reflects that as of July 2014, its administrative offices are now located in a new building. See http://www.cuyahogacounty.us/en–US/HQ–Background.aspx; http://www.cuyahogacounty.us/en–US/New–County–Admin–HQ.aspx (accessed October 15, 2015). In addition, the old county administration building has been demolished. See http://www.cuyahogacounty.us/en-US/InterimLocations.aspx (accessed October 15, 2015). Lastly, FitzGerald is no longer the county executive. http://executive.cuyahoga county.us/en–US/Budish–Takes–Oath–of–Office.aspx (accessed October 15, 2015).
{¶ 28} Thus, because FitzGerald is no longer the county executive, the key-card-swipe data are no longer security records, and because the old county administration building has been demolished, that data cannot disclose the configuration of its critical systems and are not infrastructure records.
{¶ 29} Release of FitzGerald's key-card-swipe data to the press also precludes the assertion that the data are excepted from disclosure pursuant to the public-records law. State ex rel. Cincinnati Enquirer, 98 Ohio St.3d 126, 2002-Ohio-7041, 781 N.E.2d 163, ¶ 22 ("Voluntarily disclosing the requested record can waive any right to claim an exemption to disclosure"); State ex rel. Gannett Satellite Information Network, Inc. v. Petro, 80 Ohio St.3d 261, 265, 685 N.E.2d 1223 (1997) (state auditor waived right to assert that records were exempt from disclosure partly because he made the records available to the public, represented to the relators that the records were public records, and orally described the records to a representative from the newspaper).
{¶ 30} Accordingly, FitzGerald's key-card-swipe data are public records, and the county has failed to demonstrate that they are exempt from disclosure pursuant to R.C. 149.433. Thus, we grant the requested writ of mandamus and order the release of the records.
Writ granted.
O'CONNOR, C.J., and O'DONNELL, SADLER, and SINGER, JJ., concur.
PFEIFER, LANZINGER, and O'NEILL, JJ., dissent.
LISA L. SADLER, J., of the Tenth Appellate District, sitting for KENNEDY, J.
ARLENE SINGER, J., of the Sixth Appellate District, sitting for FRENCH, J.
O'NEILL, J., dissenting.
{¶ 31} Respectfully, I dissent. Today the court revives a denied public-records request. I do not disagree with the court's determination that the records at issue are subject today to release as public records. Rather, I disagree with its determination that the court should issue a writ of mandamus to compel respondents to release documents based on a request that was previously properly denied.
{¶ 32} The majority opinion boils down the three-part standard for granting a writ of mandamus to the simple statement that " ‘[m]andamus is the appropriate remedy to compel compliance with R.C. 149.43, Ohio's Public Records Act.’ " Majority opinion at ¶ 19, quoting State ex rel. Physicians Commt. for Responsible Medicine v. Ohio State Univ. Bd. of Trustees, 108 Ohio St.3d 288, 2006-Ohio-903, 843 N.E.2d 174, ¶ 6 ; R.C. 149.43(C)(1). As a common practice, this court has made this simple observation in public-records cases. E.g., State ex rel. Beacon Journal Publishing Co. v. Bond, 98 Ohio St.3d 146, 2002-Ohio-7117, 781 N.E.2d 180, ¶ 49. But in the normal course of reviewing a mandamus action, we traditionally conduct a three-part inquiry when considering whether to grant the writ: the relator must establish (1) a clear legal right to the requested relief, (2) a clear legal duty on the part of the respondent, and (3) the lack of an adequate remedy in the ordinary course of the law. E.g., State ex rel. Simpson v. State Teachers Retirement Bd., 143 Ohio St.3d 307, 2015-Ohio-149, 37 N.E.3d 1176, ¶ 17. We have held that the legislature, by enacting R.C. 149.43(C), made mandamus the only appropriate remedy for enforcing the public-records law. State ex rel. Steckman v. Jackson, 70 Ohio St.3d 420, 426–427, 639 N.E.2d 83 (1994). Accordingly, we no longer reject petitions seeking an order compelling disclosure of public records on the basis that there is an adequate remedy in the ordinary course of the law. Id. Until today, we have not done away with the other two prongs of the mandamus standard in public-records cases.
{¶ 33} Through changed circumstances subsequent to respondents' denial of relator's request, relator has inarguably become entitled to the records at issue. The building in question no longer exists; the public official is no longer in office; and the security risk has gone away. In light of these new developments, what is respondents' duty with regard to the request? I would say they have none.
{¶ 34} When any person requests public records, a public office must promptly prepare any records for inspection that are responsive to the request. R.C. 149.43(B)(1). The public office must also make copies of the requested records available at cost. Id. If some of the responsive records contain information that is exempt from inspection, the public office must still provide all of the nonexempt public records. Id. The public office must notify the requester of any redactions, and a redaction is treated as a denial of the public-records request. Id. If all or part of a request is denied, the public office shall provide an explanation for the denial with citations to legal authority. R.C. 149.43(B)(3).
{¶ 35} It is plain that respondents complied with these clear legal duties on July 11 and 31, 2014. At that time, the county provided the key-card-swipe data that relator was entitled to and provided an explanation for the partial denial. The majority readily agrees that the records withheld from relator were not subject to disclosure at that time. Majority at ¶ 3.
{¶ 36} Respondents did not fail to perform any act that they had a duty to perform. There is no provision in the Revised Code requiring public offices to keep track of whether the circumstances that justified the denial of a public-records request subsequently change. Likewise, public offices are not required to act on their own initiative to revive denied requests, even if they may be compelled to grant new requests for the same records based on new circumstances.
{¶ 37} Our power to issue writs of mandamus is an extraordinary one that we should use only "to prevent a failure of justice." State ex rel. Murphy v. Graves, 91 Ohio St. 36, 38, 109 N.E. 590 (1914) ; State ex rel. Ingerson v. Berry, 14 Ohio St. 315, 323 (1863) ("Designed only as a remedy to prevent the failure of justice, [mandamus] must not be made the minister of injustice, and the law does not require the performance of things which are either impossible or useless" [emphasis sic] ). Instead of showing reserve in the interest of doing only what justice demands, the majority stretches the law in this matter to vindicate relator's litigious conduct.
{¶ 38} A proper public-records request was made. It was properly denied. Any action taken by anyone subsequent to that final denial is irrelevant, and the majority's focus on those acts obfuscates the question before us. Does the subsequent demolition of the building in question, the departure from office of the official involved, or the Plain Dealer 's receipt of the records requested change anything for our legal analysis? No. The request was properly denied at the time, and respondents do not have a duty to examine old requests to determine whether the conditions that permitted denial of the request have subsequently changed.
{¶ 39} Therefore, I must dissent.
PFEIFER and LANZINGER, JJ., concur in the foregoing opinion.