In December, 2009, the city of San Francisco issued a request for quote (RFQ) for "the analysis and compilation of business, technical and policy requirements, for the...email environment [of the city]," (Appendix 1). In addition to an assessment of the email requirements for the city, the proposal specifies that "the contractor will need to help define and evaluate the policy and technical implications of 'open email'," and further that there is to be a "case study of the Law Enforcement Agency email pilot project."
A multi-disciplinary team from the Center for Information Technology Research in the Interest of Society (CITRIS) at UC Berkeley, including faculty and graduate researchers from Boalt Law School and the School of Information, submitted a proposal in mid-December. The proposal describes two tracks of inquiry. The first is focused on "examin[ing] alternative approaches to achieving the City's goal to be 'an open and transparent organization' through 'open email'," through "technical, security, legal, and ethical analysis," (Quote and Proposal, CITRIS). The second track is an examination of the "Law Enforcement Pilot Program," specifically through qualitative research aimed at assessing the current uses and needs of the San Francisco Police Department (SFPD) with regard to email. Additionally, the qualitative research with the SFPD is designed to "analyze the social implications of various 'open email' systems and the consequences that user behavior may have for the overall openness and transparency of government, employee privacy, [and] efficiency," (Quote and Proposal, CITRIS). It is the second track that I was responsible for, and which is the focus of this paper.
Before discussing the research and its findings, it is important to understand what distinguishes email as a communication medium, and what "open email" means for San Francisco city government.
The focus of my qualitative research with the SFPD was on the use of email as a communication medium. There are several features that, while not unique to email, are important to understand. For the purposes of this paper, the salient features of email, as a system, are that it:
- is asynchronous;
- allows one-to-one communication;
- allows one-to-many communication;
- is not anonymous;
- requires a client that has the ability to communicate with the email server;
- can be used to communicate outside of an organization;
- does not allow significant recipient control over what is received;
- does not allow significant sender control over how a message is retransmitted;
- can be used to attach and share files;
- can be encrypted;
- routes messages without realtime human involvement;
- results in messages being stored on the sender's machine, the recipient's machine, and at least one server in between.
These features distinguish it from other forms of electronic and non-electronic communication used in the SFPD.
Openness in government can and does mean many things. Typically, it involves granting the public access to government meetings and writings. At the federal level, the United States has the Freedom of Information Act (FOIA), passed in 1966, among other laws. However, many states have their own laws as well. In 2004, Californians voted in favor of proposition 59 (Prop 59, First Amendment Coalition), a proposed amendment to the state constitution which established public access to government information as a constitutional right (California Constitution, Article 1, Section 3).
The statutory right to government information has existed in California since well before 2004. In 1968, the California Legislature enacted the California Public Records Act (CPRA) (California State Government Code (GC), Section 6250-6270). The CPRA allows for anyone to request access to a public record. The CPRA defines a public record as "includ[ing] any writing containing information relating to the conduct of the public's business prepared, owned, used or retained by any state or local agency regardless of physical form or characteristics," (GC Sec 6252). The CPRA gives the public broad access to government information, but includes a number of voluntary exemptions, including exemptions for "[p]ersonnel, medical, or similar files, the disclosure of which would constitute an unwarranted invasion of personal privacy," (GC Sec 6254.c) and "[r]ecords of complaints to, or investigations conducted by, or records of intelligence information or security procedures of,...any state or local police agency," (GC Sec 254.f). As stated, these are voluntary, rather than mandatory, exemptions, and many, including 6254.f, are heavily qualified. Nevertheless, the CPRA seeks to strike a balance between the public's right to information and the competing interests such as the privacy rights of government employees and members of the public, such as the victims of certain crimes. Because of its history in the state, the breadth of its provisions, and the prevalence of claims made through it, I focused on the CPRA as the primary legal means for granting public access to government information in this research.
As of May, 2010, the San Francisco's email infrastructure is highly heterogeneous. Each department within the city exercises significant control over how email is deployed, used, and managed. Although email addresses across the city belong to the same domain, sfgov.org, the email servers, clients, and policies are determined by each department. The SFPD currently uses Lotus Notes for its email system, and runs a separate Windows Active Directory server for user authentication for desktop login. Consequently, logging into email requires at least two usernames, and potentially two passwords, as well. About 1600 members of the department have Lotus Notes email accounts, while about 1000 members of the department have no officially issued email account. In parallel with my research, the SFPD participated in an email trial with Microsoft to test a hosted email system. The email trial was conducted in order to assess the suitability of the Microsoft hosted email solution for the SFPD. My research was designed to address the larger, encompassing, question of what needs of the SFPD need to be met by any future email system.