The Evolving Landscape of Public Information Access in Maryland

Technology advancements continue to threaten to blow the wheels off the public information access process in Maryland and beyond. State and local officials are sounding the alarm, but oversight committees stop short of meaningful recommendations to tackle the issues.

Maryland’s Public Information Act (PIA) serves as a cornerstone of open government, designed to ensure transparency and accountability at every level of public service. However, as technology advances, the challenge of balancing citizen access to information with the protection of sensitive data has become increasingly complex. Counties across Maryland are grappling with this balancing act, adapting their policies and practices to meet citizens’ expectations while navigating new cybersecurity threats and the demands of modern governance.

The Role of the Ombudsman and Compliance Board

Central to this landscape are two entities: the Maryland Public Access Ombudsman and the PIA Compliance Board. These organizations are pivotal in resolving disputes that arise from PIA requests. The Ombudsman facilitates initial mediation, helping parties come to an agreement before the issue escalates to the Compliance Board. For example, when a request is deemed too broad, the Ombudsman can guide the requester to narrow it, preventing unnecessary strain on local governments and allowing them to fulfill their obligations.

The Ombudsman, Lisa Kershner, recently highlighted the improvements in the office’s workflow during an annual update. Thanks to recent legislative changes, the Ombudsman’s team has grown, enhancing their ability to resolve cases more swiftly. Before these changes, the office faced significant backlogs, eroding public trust. Now, with additional staff and resources, the office is catching up and even reviving educational initiatives for public agencies around the PIA.

Cybersecurity: A Pressing Concern

The rise of cybersecurity threats looms large over the PIA process. Kershner emphasized the dual risk that requestors and custodians face: the potential for malicious software hidden within requests and the danger of unintentional security breaches during the review of sensitive information. Local governments are caught in a quandary, needing to respond rapidly to PIA requests while protecting their systems from malware attacks. This challenge necessitates clear guidelines about what can and cannot be disclosed without compromising security.

Cybersecurity breaches have become increasingly frequent and serious, prompting many local governments to exercise caution regarding disclosure. Advocates are raising alarms about the growing number of exemptions being cited for cybersecurity concerns, which could impede transparency. The call for stakeholder workgroups suggests a route toward developing more effective policies that balance the need for open government with essential security measures.

Body-Worn Camera Requests: A Case in Point

The implementation of body-worn cameras (BWC) for police, mandated by the Police Accountability Act of 2021, has resulted in a surge of public requests for footage. This has proved burdensome for local authorities, who must meticulously review videos for redactions before disclosure. Kershner pointed out the complex web of legal exemptions that can apply to these requests, making the process time-consuming and stressful for custodians. With detailed reviews required to protect the identities of individuals in footage, local police forces are finding themselves stretched thin.

For instance, footage depicting a victim near their home must have any identifying features removed, from tattoos to addresses, to uphold privacy. The advent of technology, such as artificial intelligence, complicates this process further, raising concerns about the adequacy of human efforts to protect individuals’ identities. Although there has been advocacy for reforming mandatory denial standards, progress has been slow, despite backing from key legislators.

The Challenge of Email Requests

Another significant pain point highlighted by the Ombudsman during the update is the challenge posed by expansive requests for emails. Local governments often struggle with these requests, which are costly and labor-intensive. Kershner characterized email searches as a “perennial problem,” noting that unless requests are exceptionally specific, the search process can disrupt productivity and lead to overwork among custodians.

With limited resources and technology to streamline email searches, many local governments are finding it increasingly difficult to meet the demands placed upon them. The unique feature of personal liability in Maryland further intensifies the issue, making it challenging to recruit and retain effective staff for these custodial roles.

Automation and AI: The Emerging Frontier

An additional concern that has not been fully addressed is the impact of automation on the PIA request process. With the rise of tools enabling individuals to submit requests automatically, there’s a real risk of overwhelming governmental offices with excessive inquiries from anonymous sources. This new trend raises questions about the legitimacy of such requests and whether anonymous submissions can even be considered valid under the PIA framework.

Moreover, the potential for AI-driven requests adds another layer of complexity. As technology continues to evolve, determining the legitimacy of a request generated by an AI—and the adequacy of responses to such inquiries—becomes increasingly pressing.

The Need for Comprehensive Legislative Change

Despite recent recommendations from the PIA Compliance Board, there is a growing consensus that the proposed changes do not fully address the technological challenges confronting the public information access process. Current recommendations seem to expand responsibility for local governments without adequately acknowledging the myriad complexities introduced by modern technology.

The impending publication of the Ombudsman’s reports will shed light on how the PIA process is functioning, but there is an urgent need for more robust legislative action to protect the integrity of public access while respecting the legitimate security concerns of local governments. The trajectory toward enacting meaningful change will require the General Assembly to confront these emerging challenges head-on; failure to do so risks deepening public distrust and complicating state and local governance practices.