Hennepin County fined for violating records law

Tony Webster wanted to know whether the Hennepin County Sheriff's Office was using newfangled technology to track people through their faces, fingerprints and irises.

So in August, Webster filed a public records request with the county seeking contracts, e-mail messages or any other data about mobile "biometric" technology.

So far, he hasn't uncovered any widespread deployment of Mission Impossible-style spy gadgets. What he has exposed is Hennepin County's sluggish observance of Minnesota's sunshine law.

In an April 22 order, Administrative Law Judge Jim Mortenson described four months of unexplained delays, improperly redacted records, inadequate answers and other behavior by county officials in response to Webster's request.

The county's actions violated the Minnesota Government Data Practices Act (MGDPA), Mortenson found. He fined the county $300, the maximum allowed by law; ordered it to pay up to $5,000 in Webster's attorney's fees; refund $950 of the filing fee, and pay $1,000 in court costs.

Perhaps most significant, he ordered the county to figure out a way to make its millions of e-mail messages publicly accessible by June 1.

The county will appeal the decision and believes it has not violated the law, said Daniel Rogan, manager of the Hennepin County attorney's civil division.

"Responding to some of the requests took longer than we would have hoped," Rogan said Friday. But the larger issue, he said, is "we don't believe that the Data Practices Act requires government entities to do massive e-mail term searches the way that Mr. Webster requested it."

Mortenson's order torpedoed one of the principal arguments that government agencies use to deny records: Our computers won't allow us to do it.

The unusually forceful ruling reflects that Webster is not your typical individual trying to get records out of government. Webster, 29, a self-employed software engineer who lives in Minneapolis, has a deep interest in privacy and police surveillance technology, and he has the time and resources to take agencies to court if they don't follow the law.

Last year, he sued the city of Bloomington for its refusal to hand over data relating to a Black Lives Matter protest at the Mall of America in 2014. (I should say here, the Minnesota Coalition on Government Information, on whose board I serve, filed an amicus brief supporting Webster in that case.) The case recently settled.

"It's very unlikely that a member of the public would go through this process," Webster said. "It's not a consumer-friendly experience."

Indeed, he has walked away from records denials in the past. This time, he stuck with it. After he filed his request Aug. 12, weeks passed before he had access to any records. County officials weren't idle during that time: One staffer met with 25 employees to figure out what biometric stuff the county was using.

On Nov. 25, Kristi Lahti-Johnson, the county's data governance officer, sent a letter to Webster with some answers: Aside from mobile fingerprint scanners, there wasn't much in the way of biometric technology. But the request for a keyword search of county e-mails was "unreasonable and too burdensome with which to comply," Lahti-Johnson wrote.

Hennepin County has 209 million e-mails in its accounts and gets 6 million more every month. Seventy percent of them are spam. County officials estimated that searching every e-mail account for the 20 keywords would keep the servers running 24 hours a day for more than 15 months.

Webster was able to look at a number of e-mails on Dec. 21, but some were redacted without explanation. When Webster complained, Rogan determined that certain redactions were unjustified and provided the full e-mails.

Tired of the delays, Webster had his attorney, Scott Flaherty of Briggs and Morgan, file a complaint on his behalf in January with the Office of Administrative Hearings. The fine from the law judge was a first for the county, Rogan said. While it prepares to make its case to the Minnesota Court of Appeals, Hennepin County has to comply with Mortenson's order.

That means Webster must have his e-mails by June 3.

Contact James Eli Shiffer at james.shiffer@startribune.com or 612-673-4116.