Judge to review documents in OU public-records lawsuit
By Jim Phillips
June 26, 2008
A local judge has said he needs to examine a controversial consultant’s report before he can rule on Ohio University’s request for partial summary judgment, in a lawsuit by two OU officials who got fired in the wake of a computer security breach.
Athens County Common Pleas Judge Michael Ward “wants definition of what is and is not at issue,” explained attorney Frederick M. Gittes, who represents Todd Acheson in a public-records lawsuit. The other plaintiff is Tom Reid, represented by James D. Colner.
OU has outside attorneys working for the Ohio Attorney General handling the case. They are not commenting on it. OU spokeswoman Sally Linder said only that OU “will comply with any request of the court and let the court decide, based on the merits of the case.”
Reid and Acheson sued OU in summer 2006, after both were fired for allegedly failing to prevent hackers from breaking into the university’s computer network.
In incidents that gained publicity nationwide, hackers entered OU’s system on multiple occasions in 2006, gaining potential access to the Social Security numbers of thousands of students, alumni, donors and contractors.
OU President Roderick McDavis has said he does not believe any personal information in OU databases was stolen. The hackers apparently used the system to distribute bootlegged movie files.
The security breach prompted outrage from many alums and donors, and a lawsuit by two alums (which OU won).
Reid was head of OU’s Communications Network Services, and Acheson the department’s UNIX systems manager. OU claimed both fell asleep at the switch, and failed to enact security measures to prevent the hacking incidents. The men appealed their terminations, and an OU grievance committee recommended the university reinstate them. OU Provost Kathy Krendl upheld their firings.
Reid and Acheson sued OU in Athens County Common Pleas Court, claiming it failed to comply with state public-records laws in providing them with requested documents.
An OU attorney has suggested the public-records suit is a disguised employment action. Gittes denies this. “It’s about helping to hold the (OU) administration accountable,” he insisted. “It’s about public records, and the fact that Ohio University just stonewalled us on our requests for information until we filed a public-records lawsuit.”
The plaintiffs claim OU not only withheld public records, but also destroyed some – or at least allowed a consultant to dispose of them. These were the working notes of the Illinois firm, Moran Technology Consultants, Inc., which investigated the security breach and wrote a report on it. Later, at least some of those notes were retrieved from old e-mails.
Reid and Acheson have now gotten much of the information OU refused to turn over, but as lawsuit discovery, not public records.The main document in dispute is the Moran report, which assigned Reid and Acheson significant blame in allowing the security breach.
At first, OU would release only a copy of the report with portions blacked out, supposedly to protect sensitive information about computer security. Later, the university turned over an un-redacted copy in discovery.
Reid and Acheson have asked the court to order OU not to destroy any more records, to declare that OU broke the law by allowing the disposal of the Moran working notes, and to order the university to pay a civil-forfeiture penalty of $1,000 per destroyed record.
The suit also asks for a court order, forcing OU officials to turn over as public records the documents they still deny fall into that legal category.
OU has asked for summary judgment in its favor only on the second claim, and also has asked Ward to turn down a request by Reid and Acheson that OU pay their attorney fees.
In Ward’s latest ruling, he admits, “the court finds there is little it can resolve at this juncture.” He goes on to recount the parties’ current positions.
OU still maintains that while the Moran report “in general, is a public record,” exemptions in state law justified blacking out parts of it, and therefore the university should not be penalized for violating public-records law.
The university has listed 10 categories of documents Reid and Acheson want, but which OU believes are not public documents. These include various e-mail messages, the un-redacted Moran report, the report with editors’ comments by different hands, Acheson’s computer calendar, and payroll records.
Ward goes on to note the response by Gittes and Colner, who argue, regarding the redactions to the Moran report made by OU, that “no one could reasonably believe that they were made to remove infrastructure or security information.”
OU has conceded that the question of whether the un-redacted Moran report is public is still open to legal debate. It has asked Ward to grant summary judgment on all other categories of information on its 10-item list.
If the issue of the Moran report’s legal status is still up in the air, Ward notes, he obviously can’t decide on whether Reid and Acheson deserve to have OU pay their legal fees.
The judge’s solution is to have OU submit the full Moran report to him, so he can examine it in camera, and try to decide whether parts of it can be legally exempted from public-records law.
Ward has asked the parties to clarify whether they agree about the status of the other documents (e-mails, etc.). If both sides agree that these other documents are exempt from public-records law, he has indicated, he will grant OU summary judgment on the claims relating to just those items.
Comments
Please log in to post a comment.
