Transparency News, 12/17/21

This weekend, the Richmond Times-Dispatch published the alarming news that the Department of Accounts (DOA), a division of the Virginia Department of Finance, has been advising state agencies – in the interest of preventing identify fraud – to remove employee names from credit card statements someone might request through the Freedom of Information Act. Even more alarming is the news that this directive was based on advice from Bank of America, the issuer of the state’s purchase cards. To boil that down: a bank told a state agency created to provide “a unified financial accounting and control system for state funds” to tell other state agencies not to connect names with billing statements detailing expenditures of state funds. Amanda Kastl is the FOIA officer for Fairfax County. I am the director of the FOIA-centric Virginia Coalition for Open Government. While we mostly agree on a lot, we don’t always see eye-to-eye on each and every FOIA issue. We were both taken aback by this news, however. That’s why we write together today to share our practical and philosophical concerns with the DOA’s position on limiting the public’s access to information.
VCOG’s Newsletter on Substack

The Virginia Department of Elections spent $1.5 million on an advertising campaign leading up to and following last month’s election seeking to assure voters their ballots were secure and the results could be trusted. It was the first time the department conducted a campaign to engage voters about election integrity. It created and ran ads in rural and African-American newspapers and on radio stations and TV channels across the state, as well as online through Google, YouTube, streaming TV, Spotify and AudioGo, according to documents obtained by the Daily News-Record through a Freedom of Information Act request.
Daily News Record

The Virginia Museum of Fine Arts acknowledged this week that it detected a breach in the security of its information technology system late last month that prompted the museum to shut down its website for a state investigation. The Richmond-based cultural institution said “there is no evidence” that the security breach is connected to the ransomware attack on the IT systems for Virginia legislative agencies. . . . But the museum said VITA detected a compromise in the website in late November, along with “evidence indicating an existing security threat from an unauthorized third-party.”
Richmond Times-Dispatch
 

The Open, Public, Electronic and Necessary Government Data Act of 2018 (OPEN Government Data Act) codifies and expands on existing open data policy. It requires, among other things, agencies to publish information as open data by default, as well as develop and maintain comprehensive data inventories. However, the Office of Management and Budget (OMB) has not issued statutorily-required implementation guidance to agencies on making data open by default and comprehensive data inventories. GAO previously recommended that OMB issue inventory guidance, but that recommendation has not been implemented. Despite the lack of guidance, selected agencies—AmeriCorps, the Departments of Justice (DOJ) and State, and the Federal Deposit Insurance Corporation (FDIC)—made progress developing data inventories. Specifically, DOJ, the Department of State, and FDIC are at varying stages of updating their data inventories as required under the act. Further, although AmeriCorps lacks a comprehensive data inventory of all of its data assets, it has developed a searchable open data portal.
GAO

For the first time since implementing radio technology in the early 20th century, the San Francisco Police Department has begun encrypting practically all of its radio transmissions, making them inaccessible to the public. SFPD confirmed the move to BuzzFeed News, explaining it had rolled out a new encryption protocol on Monday in compliance with a California Department of Justice mandate to protect personally identifiable information (PII). SFPD’s use of widespread encryption has barred hobbyists like Crisis — as well as journalists and audio platforms that broadcast police streams — from monitoring even standard police operations. It is part of a growing trend among US law enforcement that worries government transparency advocates about the consequences of a less visible police force. Police in Illinois, Minnesota, Virginia, and other states have recently encrypted their radio communications to some degree. Privacy law experts say that blanket encryption is an extreme response to perceived threats, and that police radio traffic is a necessary public resource.
BuzzFeed News