Request for Email Metadata (Information Technology)
| Multi Request | Request for Email Metadata |
| Submitted | Jan. 25, 2019 |
| Est. Completion | None |
MuckRock users can file, duplicate, track, and share public records requests like this one. Learn more.
Communications
From: Matt Chapman
To Whom It May Concern:
Pursuant to the California Public Records Act, I hereby request the following records:
For all email accounts under the management of this city, please provide me the following information for all emails sent and received during January, 2019:
1. From address
2. To address
3. bcc addresses
4. cc addresses
5. Time
6. Date
E-mail metadata is trivially exportable from the IT infrastructure of any modern e-mail archiving or data retention system - such as Microsoft Outlook 365, Google, Datacove, etc. - and should be deliverable in a .CSV, .XLS, or other machine readable format.
Please note that I am not requesting the contents of each email. E-mail metadata does not include the contents of the specified e-mails, thus do not need individual review for redaction.
The requested documents will be made available to the general public, and this request is not being made for commercial purposes.
In the event that there are fees, I would be grateful if you would inform me of the total charges in advance of fulfilling my request. I would prefer the request filled electronically, by e-mail attachment if available or CD-ROM if not.
Thank you in advance for your anticipated cooperation in this matter. I look forward to receiving your response to this request within 10 calendar days, as the statute requires.
Sincerely,
Matt Chapman - Free Our Info, NFP
From: Muckrock Staff
To Whom It May Concern:
I wanted to follow up on the following California Public Records Act request, copied below, and originally submitted on Jan. 25, 2019. Please let me know when I can expect to receive a response.
Thanks for your help, and let me know if further clarification is needed.
From: Information Technology
To whom it may concern,
In response to your request for :
For all email accounts under the management of this city, please provide me the following information for all emails sent and received during January, 2019:
1. From address
2. To address
3. bcc addresses
4. cc addresses
5. Time
6. Date
The City does not have an obligation to create a record if one does not exist. Gov. Code, § 6252(e).
Also there is a security concern, so we would not release this information under the exemption. Gov. Code § 6255.
In the future, requests should be made through our Public Records Request Portal at https://sandiego.nextrequest.com/
not some generic email account.
Mathew Alger
Information Systems Analyst
City of San Diego, Department of Information Technology
1200 Third Avenue
Suite 1800
San Diego, CA 92101
(619) 533-3489 [Office]
malger@sandiego.gov<mailto:malger@sandiego.gov>
From: Matt Chapman
This request does not require the creation of records, as the records pursuant to this request already exist in a discrete context separate from the contents of emails themselves. Any steps to retrieve the requested documentation is simply retrieving those discrete records.
Here is the technical documentation which describes how messages are stored within Exchange for storing emails: https://msdn.microsoft.com/en-us/library/ee158780(v=exchg.80).aspx . The takeaway from this document is that while a message itself is an object (a record), there are subobjects (also records) for 1. the message body, 2. recipients and sender(s) 3. subject line and 4. attachments. To the extent that you would likely consider an attachment to be a distinct record, despite being a component of an email message in its method of storage, then it follows that the recipient objects of an email would be a distinct record apart from the message themselves.
WRT the security concern, could you please share more information on that?
From: Muckrock Staff
To Whom It May Concern:
I wanted to follow up on the following California Public Records Act request, copied below, and originally submitted on Jan. 25, 2019. Please let me know when I can expect to receive a response.
Thanks for your help, and let me know if further clarification is needed.
From: Information Technology
If the City compiled metadata to create the record you requested, the record would be exempt from release under Government Code Section 6255. Providing such a record would be a security issue, because the information could be used for spear phishing campaigns and would increase the City’s risk of this type of attack. Therefore, the public interest served by not disclosing the record clearly outweighs the public interest served by disclosure of the record.
Mathew Alger
Information Systems Analyst
City of San Diego, Department of Information Technology
1200 Third Avenue
Suite 1800
San Diego, CA 92101
(619) 533-3489 [Office]
malger@sandiego.gov<mailto:malger@sandiego.gov>
From: Matt Chapman
Thank you for your response.
I wholeheartedly disagree with the conclusion that the risk of a spearfishing attack outweighs the release of the requested information. In particular when being mindful that email addresses are constantly already being published to the City of San Diego's website. To the extent that San Diego does not have a policy to remove email addresses from the ~150k public and online resources to avoid spearfishing, the policy to reject my request does not stand to reason.
I would like to ask that you reconsider your rejection in light of the fact that San Diego already publishes many, many email addresses on its public site. To show the extent of email addresses already publicly published, I ran a recursive site scraper against sandiego.gov last night and extracted all email addresses. The resulting list of email addresses is 6,814 total email addresses - 1,710 of which are sandiego.gov.
Should the rejection still stand, then I would like to kindly ask that you reduce the scope to only include the 6,814 email addresses that were scraped from sandiego.gov. This list is attached, and the source of each email address is included in the second column. An excel spreadsheet or MSAccess can be used to filter the email addresses to produce a filtered production. If any technical help is needed, please let me know.
Thanks and regards,
Matt Chapman
Free Our Info, NFP
-
sandiego_email_addresses.txt
From: Muckrock Staff
To Whom It May Concern:
I wanted to follow up on the following California Public Records Act request, copied below, and originally submitted on Jan. 25, 2019. Please let me know when I can expect to receive a response.
Thanks for your help, and let me know if further clarification is needed.
From: Information Technology
Quit sending emails to me. Submit them to the link I supplied in your original request. We have responded to your request twice already.
From: Matt Chapman
As it stands, I would like to continue with this request, and this is currently the communication channel for this specific request. That said, if I can submit to that portal in a way that doesn't create a new request, I will go that route. I've never, ever seen that work in the past. This is all needed to keep this request within the original statutory parameters.
Alternately, I will need to go through the appeals process, which is not favorable so long as the previously discussed differences can quickly be resolved over email.
From: Information Technology
As far as we are concerned, this request is closed. Our legal department has already responded to this request twice with the appropriate statutes that apply. Quit harassing me.