Monday, July 7, 2014

The use of Twitter to make FOI requests




I have a rule – when it comes to Twitter, I try not to discuss any organisation within the sector that I work in. According to the ICO decision notice search tool, I work in the ‘police and criminal justice’ sector. So, when I saw FS50543791 published today against the Metropolitan Police Service (MPS), I did decide not to comment. But the fact that it was served against a police force is pretty much irrelevant – it would have happened to anyone at all. This has nothing to do with the police or where I work (note: @Tim2040).
The DN is straight-forward – boy tweets org, org does not realise they are so loved, boy complains to ICO, ICO tears org a new one, boy and org live happily ever after.

The DN stated:

2. Twitter is a 'microblogging' platform which allows users to post short text messages (up to 140 characters in length) and converse with other users.

The first thing that other Twitter users will notice is that this definition is hopelessly out of date and shows how little the ICO understands this medium – it is not trivial that one can post videos and pictures – it is not just ‘short text messages’. This would be irrelevant point scoring, but it matters because the ICO then goes on to draw a parallel between conversations and Tweeting. I don’t like this.

I certainly interact with people on Twitter – I even described to someone how I spent a lot of this afternoon in a meeting at work ‘chatting’ to friends on Twitter about this issue. But it is not a conversation in one crucial sense – I experience it more like people making announcements and other people choosing to respond with their own announcement and so on. What can emerge can resemble a conversation. But it does not start out as one.

So, what about directing your announcement to someone? Lots of Tweets start @someone. Does not matter. I think of it as someone shouting and picking a specific direction in which to do so.Other people, who follow both accounts, can also see the tweets. It is broadcast to lots of people.

All of the above could be nonsense. It is just how I see it. The thing is, there is room for discussion on whether Tweeting is a conversation – which is something that the ICO has just decided is a fact and a definition.

I like what @FOIMonkey said: Just say @ ing an authority doesn't count as recieved. It's a bit like painting a request on a wall opposite council HQ

...then telling them to look outside to read it. A Tribunal may one day take different view from the ICO on this.

@bainsey1969: Disagree with analogy - unless PA puts wall up and invites people to write on it with expectation they'll get a reply...

@FOIMonkey: Is there an expectation that they'll reply? Twitter is also a broadcast only medium. For wall, you could read billboard

Personally, I think it is looks a lot more like CB radio – you can yell out all you want, but it is not clear that anyone is listening and even less clear whether anyone owes it to you to listen. 

And now we come to the base reason that public authorities reply to stuff – in the bad old days, PAs barely used to reply to anything at all. It would not have occurred to most people to even bother writing to the council or the government about anything, which was just as well – you would get ignored unless you wrote through your MP. So, the Cabinet Office published an edict to force government departments to reply to correspondence in a timely manner (cannot find the original, but an updated version is here). 

It is not just a matter of good customer, of wanting to be seen to engage more, etc – the root of the transformation of why PAs started to reply to anything at all was because once their sponsoring government department had to start answering stuff and pretending to be accountable, the local PA had to follow. While your local NHS is not bound by the Cabinet Office decision, it follows the Department of Health in never setting more than a 20 day limit for responding to letters (although most NHS organisations, depending on who you write to, will have much tighter deadlines). This is the mindset into which the big bad wolf of email came along. 

We remember the days of PAs arguing about accepting FOIs via email. Then there was Brent Council refusing to respond through Whatdotheyknow.com. In a few years, the drama was over – sense had prevailed and you could use email or WDTK. But Twitter is not like that – it is not just a luddite resistance to (relatively) new technology. For a start, it is not clear to me that we ‘receive’ a tweet. We definitely receive email – a package of code moves from one server, through others, to that of the recipient. Once sent, even if the sender deletes it, the receiver holds an independent copy. 

This is not so of Twitter – the person tweeting can delete the tweet – which removes the ability for everyone to see it (unless it has been replicated, either by retweeting or copied and pasted into another medium by the receiver). From all of this, it is not clear that a tweet is ‘received’. 

While it might be that people will argue that has been, when I look at the ICO guidance, it is not clear to me that they have gone into this sort of depth and analysed the situation – which is why I think that the guidance is not worth much. 

Back to the ICO guidance: “authorities that have Twitter accounts should plan for the possibility of receiving them”. So, I look up ‘should’ and read that it is totally different to ‘must’ – the former being the right thing to do from a duty of appropriateness, the latter deriving from a legal obligation. But the MPS went too far in its self-abasement:

However, in relation to the circumstances of this case the MPS, going forward, has put in place additional measures to ensure that the MPS twitter account is monitored appropriately to ensure that we are compliant in respect of the requirements of Freedom of Information Legislation. 

What requirements? The ICO's evangelism is not the basis for a requirement – the ICO itself recognises this because it avoids ‘must’ and uses ‘should’. It is not in the legislation – and if that is how the legislation MUST be interpreted, then a lot more questions need to be answered.

The MPS reported that it gets 500 mentions a day on Twitter. It is a struggle for most public authorities to keep up with the mounds of correspondence that they receive through snail mail and email. When I was at the Department of Health, as a correspondence team leader, one of my jobs was to read up to 150 pieces of correspondence a day that my team had received, just in case any one of them was from someone threatening to harm his or her kid, or threatening suicide, or from someone who could not tell the difference between a hospital and a department of state and wanted to know what to do about chest pains (seriously) – finally, I was supposed to look out for FOI requests and pass them on to the relevant team.

Twitter is a great way for public authorities to disseminate information – but they do not always reply to tweets. I recall several occasions on which @bainsey1969 has tweeted the ICO about something that really merited a reply and heard nothing back for weeks. Most Twitter users know that most PAs do not reply to most tweets and no one realistically expects a reply to everything that that they tweet (compare this with correspondence - pretty much everything, unless it is totally garbled or vexatious gets a reply).

It is really expensive to treat Twitter accounts as something that must be monitored. Getting someone to read 500 tweets a day is just less than one a minute – not quite a full time job, but not hellishly far off it.

I must confess, when No.10 pissed me off about something, I did tweet them a FOI – knowing that in the blizzard of abuse that that account receives, it would go unnoticed – then I could whine about it – which I did and I got a stuffy apology at internal review – I knew that I was being an arsehole. I was not really asking for information. And I suspect that most of the time when a FOI is made using Twitter, the person is just being difficult, or has found a bright new shiny stick with which to poke a civil or public servant.

I am all for transparency and in most organisations have spent my time arguing for the release of information. I get pissed off by the Cabinet Office’s recalcitrance. But this insistence on Twitter is silly – the above is not designed to be a knock down argument – it is just to say that there is doubt in my mind about whether a tweet meets the requirements – the main issue is that if you want information, ask for it in a traditional way, email, letter, WDTK – if you call me and tell me that you have sprained your wrist and cannot type, I will even ignore the stuff about having the request in writing – I will write the request out for you, send it to you and process it. I am desperate to give you as much information as I can – but using Twitter is just a waste of everyone’s time.


Sunday, January 19, 2014

How to tell if the FOI response you have received is bullshit. Part 4: the public interest test


Too many FOI replies are incomplete and invalid as they lack a public interest test.

The public interest is a fundamental concept in the law and seems to have something to do with considering the general welfare of the public (see here for more about the complications). Some FOI responses need a public interest test (‘considering the general welfare of the public’ is a convenient way of thinking about this) and some don’t.

  • Absolute exemptions don‘t need a public interest test.
  • Qualified exemptions do need a public interest test.

Simply, absolute means that the information is exempt because it because of the type of information it is – the clearest example is section 21 of the Act, which relates to information accessibly to the applicant by other mean. If the information is, for example, published, then the public authority (PA) does not have to release it again. The information falls into this class and that is the end of it. No further argument (although you might be able to argue that the information is not readily accessible, but that is another matter), no consideration of the public interest. The general welfare of the public is not a factor – it is accessible and that is that. 

Qualified exemptions need a public interest test (PIT). You cannot say that something is, for example, commercially sensitive and slam a full stop at the end. You have to give a public interest test – to consider what the general welfare of the public is, to qualify your use of the exemption. 

Table of most common exemptions:

Absolute Exemptions (no PIT)
Qualified Exemption (needs PIT)
21
Readily accessible by other means
22
Intended for future publication
23
Relating to security bodies
30
Investigations
41
Provided in confidence*
31
Law enforcement
44
Prohibitions on disclosure
35
Formulation of government policy

*this is a funny one – the PA has to consider the PIT but does not have to give it – you should not expect to see a PIT, but a good reply will mention that it was considered.

36
Prejudice to the effective conduct of public affairs
38
Health and safety
42
Legal professional privilege

If you see any of the exemptions on the right being cited, expect to see a PIT, otherwise the bullshit klaxon needs to wail long and loud. 

Let’s see what a public interest test look likes:

A classic question is ‘I would like to request a copy of the report into Project X’. The PA is going to publish this in a couple of months and the FOI officer talks to the relevant commissioning team and reaches for section 22. The answer needs to look something like this:

We can confirm that we hold the report and that we had intended to publish it in approximately 2 months. We are withholding the report under section 22 of the FOIA, which relates to information intended for future publication. 

Public interest in releasing report:

We value openness and release of the report will help the public understand whether project X was well run and hold the public authority to account

Public interest is withholding the report:

We are in the process of verifying the details of the report and having it reviewed. It is possible that the report will be altered. Releasing the report in its current form would risk putting inaccurate into the public domain and would skew the public debate about project X.

Balance of the public interest:

While it is important to release the report for the sake of accountability, that accountability is likely to not be accurate as the report is unverified, so the public interest is in withholding the report.

The benefits to the public have been set out against the harm to the public (the PIT) and the balance of the public interest has shown how the competing public interests have been measured against each other. 

It is lovely when the FOI officer puts things under headings, but sometimes the PIT is threaded into the narrative:

‘Can I please have the code for the alarm for getting into the PA’s offices?’

This is clearly a silly question – giving out the alarm code will allow criminals to access the offices of the local council, but a proper refusal is still needed. 

We have this but are not giving it to you under s31(1)(a), the prevention of crime. We do want to be open and share information about how we work but it allow criminals to gain access to our premises and it would cost the taxpayer lots of money to replace stolen equipment, so we won’t be giving this out. 

Not as formally written out, but it does say that the information is held, cites an exemption and says the PA can see the value in showing how it works but that it would cost the taxpayer lots of money to replace stolen equipment – that is the public interest test. The balancing of openness with the harm done (and anchoring this in the PUBLIC interest, not those of the PA itself). 

For the exemptions above, be on the look out for a PIT. Even when you get one, it may not tell a convincing story, and those can be serious grounds for appeal, but make sure in the first instance that you get the PIT when it is required – otherwise, the reply is nonsense.