By Jake Rossen
By Jesse Marx
By Michelle LeBow
By Alleen Brown
By Maggie LaMaack
By CP Staff
By Jesse Marx
In the wake of September 11, as the federal government moved swiftly, and with much fanfare, to enact a host of sweeping antiterrorism measures, officials at various Minnesota state agencies quietly began scrambling to come up with their own responses. At the Department of Public Safety, for instance, there was worry about the ease with which members of the general public could gain access to different types of sensitive information. Officials fretted that things such as the location of gas pipelines, storage sites for hazardous materials, even specific details of the department's emergency-response plans were simply too available to potential terrorists. Meanwhile, the anthrax scare had the Department of Health looking to expand its authority to collect private health information about Minnesota citizens. These local proposals were not nearly as broad or as controversial as those set forth in the federal government's USA Patriot Act, with its expansion of police powers, or the presidential order paving the way for the creation of secret military tribunals. The press and public paid little notice.
By mid-November, with the 2002 legislative session still about two months away, state officials in the health and public-safety departments were still in the early stages of planning. But they already knew that some of their proposals might run afoul of the Minnesota Government Data Practices Act--a sprawling, largely misunderstood, and rare state law that governs what information is public and what information, especially data on individuals, is not. So lawmakers, lawyers, and other capitol insiders did what they've been doing for the last quarter-century when faced with a data-practices dilemma. They called Don Gemberling.
Gemberling, who bears the unwieldy title of Director of the Information Policy Analysis Division at the Minnesota Department of Administration, is technically a midlevel bureaucrat with no formal policy- or rulemaking authority. But by dint of an encyclopedic knowledge of the history and philosophic underpinnings of the Data Practices Act, he has become its guru. Since 1974, when the Legislature passed the first incarnation of the law, Gemberling has weighed in on virtually every significant debate affecting its makeup, subtly and sometimes not so subtly shaping the ways the state government handles the ever-increasing volume of information it collects and maintains.
Unlike access and privacy laws in other states, which are built on broad principles, the Minnesota statute is all about the details. So, in large part because he has yet to see any specific language, Gemberling is not sure what to make of the public-safety and health departments' recent overtures. As always, though, he is wary. "From some of the questions I've been getting, it seems the agencies want more
control over what gets released. I think we're gonna see a lot more attempts to close stuff," Gemberling opines. "It doesn't look like really big stuff. But it all comes down to how it's worded. Every bit of experience I have tells me that if it's worded in a way that's real vague, the government will try and drive the proverbial Mack truck through it."
This type of blunt assessment has earned Gemberling a reputation as something of a crusader. His critics say the Data Practices Act, and Gemberling's commitment to its expressed ideal of open government and a citizenry safeguarded from prying eyes, doesn't take into account real-world problems--such as terrorism. Gemberling's admirers say he is frank, wholly immersed in the law, and committed to its underlying values. "I think Gemberling is driven by this strong belief in his work. He's built an expertise in a way that far surpasses anyone in this state--and probably puts him tops in the country," says Gene Merriam, a former DFL state senator from Coon Rapids.
"He's not your standard-issue bureaucrat. He's a very intriguing, complex guy," agrees attorney Mark Anfinson, who represents the Minnesota Newspaper Association and media outlets such as City Pages. Anfinson has locked horns with Gemberling in the past, typically when arguing that one news outlet or another should be given access to a particular piece of government data. "We're not always on the same side of the issue. But I think he's one of the finest public servants in the state.
"A lot of government lawyers--school-board lawyers, county attorneys--hate his guts," Anfinson concludes with admiration. "He doesn't kiss their asses. That's what it amounts to."
Don Gemberling looks a bit like a shopping-mall Santa. He is 59 years old, tall and heavyset, with a ruddy complexion and snow-white hair and beard. He speaks in the deliberate, precise manner of a lawyer (which he is). Occasionally, though, he will punctuate a just-the-facts soliloquy with a philosophic flourish. For instance, Gemberling, like most privacy advocates, is worried about the public's willingness to accept the presence of new information-gathering technologies without asking tough questions. "Most people don't think about it until something happens and they get all weird. I just wish they'd get weird earlier," he says. "At this moment, within the capitol, there are some 60 cameras. Most everywhere you go today, you're on camera. After September 11 many state employees are required to use magnetic-strip cards to get in and out of buildings. But nobody has told us whether or not tracking data is being collected on us--when we're coming or when we're going."
The offices of the Information Policy Analysis Division (IPAD) are situated on the third floor of the Centennial Office Building, an imposing gray and singularly ugly edifice a couple of blocks south of the capitol dome in St. Paul. There, working in a maze of cubicles and filing cabinets, the division's six employees go about explaining the nuances of data-practices law to both public employees and private citizens. The staffers spend much of their time answering informal questions over the telephone, but they also draft written opinions upon request. These opinions (there were 96 last year) are submitted to Gemberling for his review, then passed on to his supervisor, David Fisher, commissioner of the Department of Administration, for final approval.
Newspaper clippings have been tacked to a bulletin board outside Gemberling's office. The articles reflect the breadth of Gemberling's milieu: There is a story about a former University of Minnesota researcher who accidentally posted children's confidential psychiatric records on a Web site; another addresses the case of a former employee at the Hennepin Conservation District who is now ensnarled in a court battle with district board members over access to their internal e-mail messages. Government e-mail has, Gemberling notes, become an increasingly common subject of data disputes. And then there is a piece about whether or not audits of Native American casinos should be available to the public. Gemberling says the gambling imbroglio, which has pitted the Department of Public Safety against Attorney General Mike Hatch, has "gotten political." It's an observation he makes with a slight hint of disdain.
Tacked beside those clippings are two quotations, printed out on office paper: one from Václav Havel ("Courage means going against majority opinion in the name of the truth"); the other credited to Upton Sinclair ("It is difficult to get a man to understand something when his salary depends on his not understanding"). There is also a greeting card with a picture of President Bush and the First Lady dancing cheek to cheek, part of a computer-generated mailing from the White House which was addressed to the IPAD. Beside the picture, Gemberling has tacked up a message of his own: "Please note, the posting of the First Couple's picture and accompanying letter are not intended as a political statement. They are intended as a statement on the computer age and how computers can turn a government agency into a source of campaign contributions."
"I just got this big envelope in the mail, and I thought, 'What did they do? Scan the entire State of Minnesota phone book?'" Gemberling asks with a bemused air. Gemberling has been asking questions about the ways in which government uses the information it collects for most of his adult life.
He says that he was sensitized to the issue as a young soldier. In 1966, upon enlisting in the army, he was given a standard form called a DD 298. Among other things, the waiver contained a list of "subversive" organizations such as the Socialist Workers Party and the Young Socialists Alliance, and asked the newly inducted soldiers whether they had ever been affiliated with any of them. A political-science major at Macalester College with "a family labor union background," Gemberling was interested in various left-wing organizations. From time to time, he corresponded with the groups. He says he acknowledged the contact on DD 298, then promptly forgot about it.
When he joined his battalion in Germany, he applied to be an intelligence clerk. "I was about to get the job, when the officer that interviewed me pointed to the waiver and said, 'Tell me about this.'" Gemberling explained his background. The officer, while sympathetic, was in no mood for the additional paperwork an intelligence assignment would have required, so he made Gemberling a supply clerk. A year passed, and Gemberling had yet to be promoted. When he asked his first sergeant about it, he discovered that his personnel file had legs. "[The sergeant] was in a position to make trouble for me. And he looked at my records and he decided that I was a communist," he recalls. By an unfortunate coincidence, Gemberling and his pregnant wife happened to be renting an apartment from the sergeant's in-laws, who subsequently evicted them: "[The form] caused me a lot of problems. It cost me money. It cost me a promotion. And it cost me an apartment. And it gave me a personal experience in what recorded information can do to you. With people who are drawn into this field, that is hardly unique."
After finishing his stint in the service, Gemberling returned to Minnesota, where he landed a job with the Department of Administration. For the first few years, he spent his time working with police, developing ways to computerize criminal data. At the time, there was a sea change in the public's attitude about the ways in which the government collected and handled information. Since the beginning of the cold war, public agencies enjoyed free rein, particularly those acting in the name of national security. But revelations about abuses--from rampant FBI surveillance of political activists and average citizens to the Nixon White House's notorious enemies list--led to calls for reform.
In 1973 Robert Tennessen, a state senator from Minneapolis, held a series of hearings about the sorts of information the government was collecting about its citizens. The next year Minnesota became the first state in the nation to enact a comprehensive data-privacy law. Among other things, the Data Privacy Act, which would subsequently become the Data Practices Act, prohibited the government from creating record-keeping systems in secret. Individual citizens (or "data subjects," as the act called them) were guaranteed the right to know what types of data the government has collected about them.
In addition, each government agency was required to report its data-practices policies to the Department of Administration, which would then evaluate them for the Legislature. Gemberling found himself in the role of the department's data-practices point person, an assignment that, as it turned out, was the launching pad for Gemberling's 28-year relationship with the Data Practices Act.
In the ensuing years, the amount of information collected, maintained, and distributed by the government has exploded, mainly because of the computer boom. Additions and modifications to the Data Practices Act have, too. The biggest change came in 1979, when the state Legislature enacted what has become a core principle of the law: the presumption that all information collected by the government is public unless it is specifically classified as private or confidential.
Up to that point, people seeking documents or other information from the government had to rely on a moribund 1941 statute called the Official Records Act. Broadly worded, and even more broadly construed by the state courts, the law guaranteed access only to documents that government agencies deemed official. It was the kind of law Gemberling dislikes--the kind you could drive a Mack truck through.
Some laud the Minnesota Data Practices Act as a groundbreaking, constantly evolving law that balances the often conflicting interests of individual privacy and open government to a degree rivaled in few states. Critics, many of them lawyers who work for government agencies, counter that the act is rife with internal contradictions and is both too complex and too long. On the latter assertion, at least, they have a point. In 1974 the law was just four pages long. Today, after having been somehow revised in every legislative session since, it weighs in at 112 pages.
The philosophical leap taken in 1979 caused most of the swelling. In a vast majority of states, access to public records is governed by broadly written statutes that agencies interpret independently. When there are disputes, the courts act as arbiter. But for more than two decades, Minnesota has relied upon an ever-evolving list of specific types of information lawmakers have deemed not public--and often amendments to that list are crafted in the wake of circumstances no one could have imagined, let alone anticipated. Following outrage over a grave-robbing incident in Minneapolis, for instance, the Legislature enacted Chapter 13.82, Subdivision 17, Section E, which allows police to withhold the identity of a person whose body has been illegally removed from a graveyard.
"The Legislature had to go through the trouble of writing that special provision," complains Bloomington Deputy Police Chief Ron Whitehead, who is also an attorney. "But that's probably never going to come into play again. Why not give agencies some discretion instead? Every year, the Legislature just tinkers and tinkers. It's just too much nitty-gritty."
A longtime critic of the Data Privacy Act, Whitehead has testified at legislative hearings to voice his displeasure with one provision or another. He says his complaints are typically ignored, however, in part because of Gemberling's stature among lawmakers. "The Legislature's attitude is just, 'Don, what are your thoughts?' And they just pretty much go along with what he says," Whitehead offers. "You get the feeling this is Don's act. Everybody pretty much acknowledges that he's had a hand in everything that's occurred since day one."
Gemberling views his role in the legislative process a little differently. "Each session, I'd meet with whoever was working on data practices, and I'd say, 'Okay, this is your policy, here's how it's being interpreted, and here's a way to fix it," he says. "Ultimately, that escalated into legislators saying, 'This stuff is getting so complicated, we're not getting any feedback from leadership, so if we're gonna do something dumb, tell us, Don.'"
Gene Merriam, the former state senator from Coon Rapids, who worked on data-practices issues in the Legislature for 22 years, says Gemberling has done more than simply lay out options. "Clearly, Don has had, and does have, a public policy agenda. I don't think he would characterize himself as an advocate and he was very careful not to overstep his role. But he has also been very adept at bringing his principles to the fore," Merriam observes. Tom Pugh, the DFL Minority Whip, says Gemberling's influence is a function of his seniority: "It's very rare that you have a single person so involved in an entire chapter of the law, stretching over such a long time." Additionally, Pugh says, most lawmakers regard data-practices law as a snake pit, and they don't care to wade in without the assistance of someone who knows it intimately. "There are only a handful of people who understand the structure itself. If you are going to try and weave an exception into the framework, you have to know that structure."
Among lawyers who work for the government, that complexity is a common source of frustration. And so are many of the specific provisions of the law. Margaret Westin, a former Dakota County prosecutor and now an attorney with the Minneapolis schools, says the requirement that public agencies make all public information easily accessible is overly burdensome. "The act assumes that all information is in a central place. But it isn't," Westin says. "I've gotten a letter from a private law firm wanting a list of very general statistical information about minority students. Now, the Minneapolis Public Schools have 8,900 employees, 120-some sites, and 50,000-some students. Under the law that data has to be easily accessible, but I'm not able to know, nor is anybody, exactly what pieces of paper are where."
Westin also maintains that the act often presents public agencies with damned-if-they-do, damned-if-they-don't dilemmas. As an example, she cites a conundrum currently facing her school district. The mother of a student is in prison. She has contacted the school seeking the address of the child. Under the law, a child under 18 is not a separate legal entity from a parent, so the school district would normally be allowed to release private data to the mother. But the school is not supposed to release the address of the father, with whom the child is living. "Do I give the mom the child's address and violate the dad's data-privacy right? Or do I violate the mom's rights? What do I do? Who do I get sued by?" Westin asks. "There's this perception that government entities don't want to comply with requests to release information. But usually that's because they have conflicting directions."
Gemberling acknowledges the law has its shortcomings. "This is tough stuff. The policy issues are difficult because we have so many contending interests." And, as the individual most closely identified with the Data Practices Act, Gemberling understands that he will sometimes function as a lightning rod for criticism. (When talking about one public attorney with whom he has done battle in the past, he cracks, "I don't know whether she detests me more, or the act more.")
But Gemberling dismisses complaints concerning the law's complexity. In most states, freedom-of-information and privacy laws are composed as general principles and are subject to considerable interpretation by courts. The Minnesota law, which provides an actual list of what is not public, is far less open to interpretation and, despite its girth, less complicated.
Further, Gemberling argues, sometimes the government's failure to comply with the law has less to do with complexity than a desire to conceal information. He points to a 1991 case involving the Itasca County Sheriff's Department. After the department arrested two suspects in the murder of an 18-year-old female, a reporter asked for the identity of the men being held. "The sheriff said, 'I know it's public data under the law, but I'm not gonna tell you anyway,'" Gemberling recalls. The sheriff's comments were captured on videotape. The Star Tribune and the Duluth News Tribune sued the county for violation of the Data Practices Act. The county ultimately settled out of court for $15,000, which covered the plaintiff's attorney fees. "This is a law that rewards compliance," Gemberling maintains. "You have to take it seriously from the get-go and follow the policies and procedures."
In the past Gemberling has argued in favor of overhauling the Data Practices Act so that his office, or at least some office, would have a greater authority in deciding disputes. As it stands, the Information Policy Analysis Division's opinions are strictly advisory. There have been no formal surveys on compliance rates in recent years, so it is difficult to measure the effectiveness of the process. If nothing else, the more than 500 opinions IPAD has generated since 1993 act as a useful guide for government lawyers and others looking for an interpretation of the law. But government agencies can choose to disregard IPAD's opinions.
And that, Gemberling points out, leaves the aggrieved party with just two choices: sue or drop the matter. "If the only method of enforcement you have is a lawsuit, then the system is flawed, because lawsuits assume you have the wherewithal to sue," he says. For instance, there are plenty of data-practices disputes over relatively minor matters, such as what agencies can legally charge for copies of documents. "And nobody's gonna sue over whether they have to pay five dollars for a piece of paper or 25 cents," Gemberling observes. "Of course, the government folks are fine with that."
The chances that someone in the IPAD, or anyone else for that matter, will be granted more power are not good, however. A few years back, a task force studied the issue but was unable to whip up any legislative support. Some of the opposition, Gemberling figures, was rooted in the perception that he was "trying to become the Minnesota data-practices czar." "At least one person in the House of Representatives interpreted it that way, which was unfortunate, because once that element got introduced into the debate, we couldn't have a serious discussion of what was good policy," he says. "At one point, I said if I could get my personality out of this by promising to never apply for the job, I'd do that."
In Gemberling's view, most of the tinkering that will be done to the Data Practices Act in the 2002 legislative session will be relatively minor. He is, however, concerned that the IPAD's $525,000 annual budget could be slashed. If that resulted in layoffs, Gemberling says he could imagine himself retiring.
Among the handful of lawmakers and others who are passionate about data-practices issues, the thought of Gemberling's departure is worrisome. Rich Neumeister, a bus driver from St. Paul who has lobbied on privacy issues for more than two decades and is widely regarded as the greatest lay expert on data privacy, thinks Gemberling's exit might be exploited by those less sympathetic to the act's underlying principles. "When the big person leaves, some government entities may say, 'Now we can do the things we've always wanted to do.' Or maybe the Department of Administration will say, 'We don't like this stepchild. It's too bothersome,'" Neumeister offers.
"What I really dread is the day when somebody fills that position who takes a hostile view of keeping records public," says State Senator Don Betzold, a DFLer from Fridley who serves as the chair of the Senate's data-practices subcommittee. "I hate to see that coming. But I don't know how to prevent it. Ultimately, somebody is going to say that it [the Data Practices Act] is not worth the trouble."
If current political trends prevail, that day may came sooner rather than later. Harry Hammitt, the editor of Access Reports, a Virginia-based newsletter that focuses on information policy, notes that there has been a flood of terrorism-related bills introduced in legislatures across the country, many of them aimed at restricting what was previously public information. "It's probably a process the states ought to be going through, to think about what they are making public. The problem is that this is largely a knee-jerk reaction," Hammitt opines. In Florida, he points out, the state Senate has been roundly excoriated for hastily amending the state's fabled "sunshine laws," giving themselves the authority to hold secret sessions. Other states have yanked content from Web sites about such things as the condition of bridges. And scads of federal agencies, from the Nuclear Regulatory Commission to the Bureau of Transportation Statistics to the Federal Aviation Administration, have followed suit. At the same time, Hammitt points out, the terrorist attacks seem to have "deflated the privacy balloon." "I think we're moving back to the general idea that if you haven't done anything wrong, then you don't have anything to hide," he notes.
Gemberling expresses little worry about the immediate prospects--in Minnesota, at least. "Maybe they'll change the standards for security information, add a terrorism quotient," he says. "I don't think it will be a big deal." Whatever the case, Gemberling expects to spend some time at the Legislature hashing out the issues, as he has for the better part of three decades.
"We try," he says with a shrug, "to give loving but constructive feedback."
A Data-Practices Primer
In 1993, with hopes of finding a better way to resolve disputes over access to government information, the state Legislature decided that the Department of Administration, upon formal request from either a citizen or government representative, should weigh in with its interpretation of the law. Since then, 533 opinions have been drafted by the Information Policy Analysis Division (IPAD). The opinions, which are signed off on by the Commissioner of Administration, are strictly advisory. But IPAD director Don Gemberling says citizens are seeking out advice more and more often these days. Last year the department issued a record 96 written opinions.
As the following examples show, the issues examined in the opinions, which are posted on IPAD's Web site (www.ipad.state.mn.us/index.html), are wide-ranging--covering everything from the appropriate cost of photocopying government documents to whether information is private or is simply being held hostage by a stubborn agency. They can be sublime, comical, impenetrable, even downright appalling. But they almost always raise intriguing questions about the vagaries of the information age.
The Question: Should the public be able to have access to a videotape that shows government employees having sex?
The Opinion: The issue was raised by the University of Minnesota's student newspaper, the Minnesota Daily, in the wake of a snicker-inducing scandal. It began in 1992, when a member of the U's women's gymnastics team asked assistant coach Gabor Deli if she could review a videotape of a recent meet. Deli supplied the tape, which did contain footage of the team in action. Unfortunately, it also included footage of Gabor and his wife Katalin Deli, the team's longtime head coach, engaged in an entirely different sort of athletic activity. University officials caught wind of the incident and demanded a copy of the tape from the Delis. Not long afterward, both coaches lost their jobs. The U claimed the firing was not a result of the steamy tape. But reporters at the Daily began clamoring for a copy of the video on the grounds that it was a part of a disciplinary proceeding. University officials balked, claiming that the recording was protected under two exceptions in the Data Practices Act. In her opinion, then-Commissioner of Administration Debra Rae Anderson dismissed the U's arguments, but later concluded that "to treat these tapes as public would be an absurd result." In Gemberling's view, the opinion was "small-'p' political" and "didn't feel right." The Daily agreed, sued on principle, and ultimately prevailed.
The Question: Can the government demand a $51,000 down payment if someone wants to examine government e-mails?
The Opinion: Disputes over charges, both for gathering information and making photocopies, have been at issue in some 51 of the IPAD's opinions since 1993. But, for our money, none rivals State Sen. Phil Krinkie's battle with the Department of Transportation over the Hiawatha Light Rail Transit project. In 1999 Krinkie, looking for hard evidence that the DoT misled legislators on cost, wrote to the department asking to inspect all e-mails relating to the project. Margo LaBau, the DoT chief of staff, responded that it would cost approximately $99,950 to gather the information and requested a jaw-dropping $51,000 down payment. In June 2000 the Commissioner of Administration David Fisher delivered his opinion on the matter. He concluded that under data-practices law, Krinkie was within his rights requesting access to the documents, and that the DoT could not charge for compiling the data. "What Krinkie learned from this is the real-life problem of trying to get information out of a government agency," Gemberling observes. The Republican senator is still learning. In the fall of 2000, he filed a data-practices lawsuit against the DoT and the Metropolitan Council, another agency involved with the project. Since then, Krinkie figures he has received about 80 percent of the requested e-mails. "But," he complains, "that's two and a half years and a lawsuit later."
The Question: Should government have to comply with data-practices requests that are, um, ridiculous?
The Opinion: It seems there isn't a public agency or government institution around that hasn't piqued the interest of Minneapolis resident Teresa Graham. Over the past four years she has asked for information from a wide range of public agencies, from the Department of Labor and Industry to the State Board of Private Detectives and Protective Service Agents. Typically her requests are for "all public data" on a particular agency's employees--requests that, those same agencies complain, can take weeks and even months to fulfill. In some instances Graham has sought out advisory opinions from IPAD; in two cases, those requests resulted in findings that an agency had failed to comply with the Data Practices Act. Finally, in January of 2001, Julien Carter, commissioner of the Department of Employee Relations, decided to seek out an opinion of his own: Must state employees assemble data "under circumstances indicating the requests are not necessarily motivated by a desire to gain access to data"? Carter contended that Graham often failed to show up to inspect data once it was collected; he also noted the ill will that existed between Graham and at least five state agencies which, together in 1998, sought and received a restraining order barring Graham from contacting them in person. In March Commissioner Fisher issued his opinion: state agencies ought to be relieved of their data-practices obligations "because of the unique facts of the situation." Fisher also decided that he would not respond to four additional requests for opinions from Graham. He didn't wish to "serve as an agent for Ms. Graham's abuse by perpetuating fruitless exercises in the expenditure of government resources so that she can exact revenge on entities with whom she has a variety of long-standing disputes."