Court Rules Govt Officials' Internet Browsing Histories Are Not Public Records

Law professor and legal commentator Jonathan H. Adler shares an update about a nonprofit group advocating for accountable government: The Cause of Action Institute sought to obtain the internet browsing histories of several government officials, including the Secretary of Agriculture and Director of the Office of Management and Budget, under the Freedom of Information Act (FOIA). A district court rejected their claim, concluding that browsing histories are not agency records under FOIA. Yesterday a panel of the U.S. Court of Appeals for the D.C. Circuit agreed.

In Cause of Action Institute v. OMB, Judge Rao (joined by Judges Srinivasan and Sentelle) agreed with the district court that federal agencies do not exercise the requisite degree of control over internet browsing histories for the histories to constitute agency records subject to FOIA disclosure. As Judge Rao explained, the "agencies' retention and access policies for browsing histories, along with the fact they did not use any of the officials' browsing histories for any reason, lead to the conclusion that these documents are not agency records."

This is what

[oldgraybeard]

government corruption looks like. What public employees do @ work on government equipment is a public record.

Re:

[Anonymous Coward]

yeah..no. most agencies allow their users a certain amount of freedom to browse in breaks, access child care, access banks etc. This information SHOULD NOT ever be for public record.

Re:

[93 Escort Wagon]

I wonder if they’ve considered getting this info through the back door, though - e.g. through network switch logs (if those exist) and whatnot.

Re:

[lionchild]

I would tend to agree that under normal circumstances browsing history wouldn't be something you could use FOIA to pull those records. However, if web searches are filtered on a centralized server/service, that is a government record that should be accessible to FOIA. That may just be a record of sites they tried to go to, but were rejected. However, I suspect that data is being scrutinized, and those records likely are accessible.

Re:

[demon driver]

In civilized countries even government employees retain a minimum of workers' rights, including unsupervised internet usage at work, with not even their superiors being entitled to check their browsing logs except in case of strong and valid reasons for misuse and the staff council agreeing to such an inspection.

Re:

[lionchild]

I would agree that in a civilized country that should be a true statement. The US, especially the business world, is either VERY strict with internet usage, or pretty lax. But typically, it has been very strict on the whole. You are supposed to be doing company business with company property, you signed a AUP for that. I would wager that most government employees sign an AUP that would prohibit non-work use of work equipment.

Re:

[minstrelmike]

The government does have you sign an agreement and even re-sign it every few years, State, local, Federal.
However, none of them have the manpower or dollars to dink around with search histories. There's a lot of other computing stuff they can spend money on. Apparently you have to keep video evidence (police body camera) until all appeals have been exhausted. That's easily 30-40 years.
Video and security is taking up all their time. They got no spare bandwidth to look at web page logs.

Re:

[JackieBrown]

Not really the case when you are using your employer's internet. They have the right to make sure that you are not abusing their resources and that you are working while on the clock

Https protects the contents

[rsilvergun]

If you didn't want it added to the e public records do it at home or in a personal device with zero connection to your job.

Re: Https protects the contents

[zabbey]

Don't forget that there's millions of government workers and if you start expecting them to earn their money or, at the least, stop ordering stuff online or whatching YouTube instead of working, you're going to get some major pushback. There's just too many of them so they'll easily find their echo chamber. And if you do harass them, they'll just quit and the feds will print some free money for them.

Re:

[drinkypoo]

Don't forget that there's millions of government workers and if you start expecting them to earn their money or, at the least, stop ordering stuff online or whatching YouTube instead of working, you're going to get some major pushback

Good. That will let us identify the thieves stealing our tax money.

Re:

[Gruntbeetle]

> access banks etc.

Funny you should mention that. I always thought that my bank transactions were private since I created them. Turns out they belong to the bank and are subject to a search warrant and can later be made public in court.

BTW, can't government workers afford a smartphone and dataplan?

On a different subject, my company issued laptop is so locked down that it forbids me from accessing my e-mail from it. I can't plug my personal USB thumb drive or anything USB that is not company issued

Re:

[aaarrrgggh]

Poster Child for inefficient operations.

Re:This is what

[sound+vision]

I've never accessed my bank on a work computer. Not sure how you do child care on a computer but... anything that I wouldn't want the company seeing was done on my own personal hardware, period. Calls, too. Never would I entertain the idea of having a personal call logged on my work phone. I wouldn't even connect to the company Wifi - I used my own 4G connection, on my own phone.

The companies I worked for often had rules about personal browsing, or there just wasn't even time to do it. But even at places without rules, and where I did have time, I didn't risk it because it's just a bad idea. And that goes double for anyone in public service. The key word there is public. They are your employer, they get to watch what you do on their time and equipment.

Re:

[AmiMoJo]

Most places I have worked were fine with personal browsing. One place recommended installing Firefox to keep all your stuff separate from the corporate Chrome install.

The one place that didn't offered guest WiFi and was happy for people to bring their own laptop.

Re:

[JackieBrown]

Most places I worked do not let most of the staff install software for any reason. I can't imagine an exception being made to that policy simply to allow me to use my work computer and there network services for personal use.

Re:

[JackieBrown]

I do it but I agree it's a bad idea and something I can probably be held accountable for.

It also a bad idea because it becomes easy to browse when bored rather than proactively look for work to do.

Re:This is what

[drinkypoo]

Most businesses' computers don't belong to THE PEOPLE.

If they don't want THE PEOPLE seeing what they do on THE PEOPLE'S computers, they can use THEIR OWN computers.

Re: This is what

[Lowell Boggs]

Exactly. But where is the cutoff? I try not to use my employer equipment for personal emails, but web page access is pretty fundamental - and it's encrypted. Further muddying the waters of FOIA

Re: This is what

[RightwingNutjob]

Perhaps it's an avenue for corruption but the statutory definition of government records is stuff that's material to how the agencies do business. Work emails fit the bill but browser histories is a stretch unless you think weekday lunch receipts that weren't expensed also count.

Re:

[Libertarian_Geek]

What's the problem, if they have nothing to hide?
It's just metadata.
If it stops just one act of terrorism(or corruption), isn't it worth it?

...and various other justifications used to support the warrantless collection of data from innocent citizens.
Modern white-collar jobs are performed in the browser as much (or more) as they are in email.

Re: This is what

[ToasterMonkey]

Would a federal law enforcement agency need a warrant to search a federal employee's work history? They'd just call the employee's supervisor and the IT department would cooperate. If a private company wanted to fight a request like that it might go as far as forcing them to get a narrower warrant targeting just the employee's records, maybe, or they could just cooperate with law enforcement and hand everything over because there's no privacy law protecting your browser history at work right? But your em

Re:

[AmiMoJo]

Or maybe you should be looking at ways of reducing workplace surveillance by your own employer, and treat this as a positive confirmation that it's not okay.

Re:

[Monoman]

Government (and most orgs for that matter) doesn't record video and audio of everything being done by employees or elected officials. You know all conversations, phone calls, bathroom visits, etc. Why would this be any different?

However, if there is a reporting being done for web filters, firewalls, security software etc then there maybe there should be the ability to request that information.

Re:

[jellomizer]

You say that until, it is found out the official that you like or had voted for, is caught with some stupid stuff that is taken out of proportion, from their political rivals.

In terms of actual Corruption, being that it is so easy to not do things on government equipped equipment, I don't see it being a major issue. Other than the fact that they during a break, clicked on a link or read a stupid article.

Re:

[jobslave]

So in the past, before the internet, were we able to know what books they checked out from a library?

Re:

[oldgraybeard]

"able to know what books they checked out from a library" yes, since your sitting at your desk with your feet propped up reading said book instead of working when your boss comes up and fires you.

Oh wait! government employee, can't fire'em

Using your employers computers and browsers

[bobstreo]

Is always subject for review in case someone wants to know if you tried to email out "secrets"

If a Government employee is using a Government computer, their records should be subject to review via FOIA requests.

If the Government doesn't have control or oversight of the use of their equipment, they should probably look up the associated rules in place that they are not following.

Re:

[PPH]

If a Government employee is using a Government computer

That appears to be the assumption here. But I didn't see that stated explicitly. Did I miss something?

The first half is a reasonable opinion

[raymorris]

> If a Government employee is using a Government computer, their records should be subject to review via FOIA

If you think you *should* be able to look at their browser history, that's fine.

If you think that's FOIA, the Freedom of Information Act of 1968, 5 U.S.C. Â 552 - well, that's just not what it says. That's not FOIA. That's a new law you'd like to pass.

FOIA says agency records, which records maintained by the agency, except for ...

Their browser history isn't an agency record. Not under FOIA.

Re:

[drinkypoo]

FOIA says agency records, which records maintained by the agency, except for ...
Their browser history isn't an agency record. Not under FOIA.

It may not be, if there is an explicit exception, I didn't look. But their browser history IS "records maintained by the agency", done automatically by the browser. And it's frankly entirely material, those records are evidence of whether the users are violating the terms of their employment.

Re:

[raymorris]

The agency does not decide what's included in the browser history, how long it stays there, when to delete it, whether to trim some entries and not others - it's not maintained by the agency. Because it's not an agency record.

You can think they SHOULD write a plugin that maintains more detailed browser history. You can think they SHOULD store that detailed record on the agency servers. You can think they SHOULD have a policy for how long it's kept. The fact is, they don't. They do not maintain records of em

Re: Using your employers computers and browsers

[deepthought90]

Everything is subject to review for FOIA requests. That doesn't mean everything is releasable. There are FOIA exceptions, and there are other laws that govern the release of information. And, yes, our information systems are monitor for unauthorized releases of information or just unauthorized use of an information system.

Re:

[aitikin]

Is always subject for review in case someone wants to know if you tried to email out "secrets"

If a Government employee is using a Government computer, their records should be subject to review via FOIA requests.

If the Government doesn't have control or oversight of the use of their equipment, they should probably look up the associated rules in place that they are not following.

SCOTUS has ruled that there is a reasonable expectation of privacy [lexology.com] assuming that personal usage is not forbidden. Same reason that my company is expected to delete recordings of phone calls that are personal once it becomes apparent that it's not work related (do I really expect them to do that? Not on your life, but, in this instance, that's because the company doesn't have the money or manpower to filter through all the calls all the time).

Want that to change? Get some lobbyists and have them write a l

Re:

[minstrelmike]

FOIA is fairly specific about _material_ requests, relevant to the creation of the document. Most govt agencies document the sources they use, whether journals or websites. The way employees search for that information seems superfluous. That's like asking: What are the journal articles you read that didn't apply?

How will credit scores work now..

[Vomitgod]

https://news.slashdot.org/stor... [slashdot.org]

Government's Got Your Back!

[Arzaboa]

While the left hand of the government wants privacy, the right hand wants to take it away.

Just remember, the government wants privacy while you'll see the congress critters all up in arms about why us pleebs shouldn't have encryption.

Doesn't Alanis Morissete have a song about this?
--
"It's like rain on your wedding day" - Alanis Morissette

Re:

[93 Escort Wagon]

Problem is, none of the situations Alanis included in her song were actually ironic.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[JackieBrown]

Oh, you're THAT guy at parties.

Re:

[93 Escort Wagon]

Oh, you're THAT guy at parties.

I am NOT "that guy at parties"... because they stopped inviting me.

Public Officials Can't Be Public

[zenlessyank]

This makes total sense to me.

Seems reasonnable

[godrik]

What you do on your computer should not be public record.
Imagine the nightmare of having to back up all history of all public employee.

Probably the content of individual hard drive would not be public record either. Though some files in there could be.

Re:

[drinkypoo]

What you do on your computer should not be public record.

It's not THEIR computer. It's OUR computer. WE OWN THAT. We ARE their employer. We have a RIGHT to see that data, IT IS OURS.

Don't like it? They can use their own fucking devices. Frankly, they should not be doing anything personal on OUR computers. Permitting people some leeway there made sense once, before we all started carrying supercomputers in our pockets.

Noobs with modpoints

[drinkypoo]

"Troll" doesn't mean "I don't like this"

You fucking noobs ruin everything

Re:

[JackieBrown]

Yeah - I am starting to wish that when down-modding, there was a drop down justification for it.

Eh, no

[Kludge]

Do you back up and track every piece of browsing history on every computer (including your phone) you own before it gets occasionally flushed or lost? I don't. That's because it would be a waste of my time and resources. Agencies don't do it either b/c it would be a waste of tax payer dollars. Therefore agencies differentiate what constitute official records (worth saving) and what do not. And no, you do not have a "RIGHT" to see it all. Work would grind to a halt if every conversation or electronic r

Re:

[drinkypoo]

Work would grind to a halt if every conversation or electronic request for information had to be documented and stored.

Unless, of course, all of that was automated. And that is completely doable.

The government seems to want to spy on us 24x7. Turnabout is fair play.

A lot of people do personal browsing at work

[joe_frisch]

Its pretty accepted that people can spend a little time browsing for personal material while at work. This seems only fair to compensate for the expectation that that people answer work emails at home.

FOIA doesn't mean everything is releasable

[deepthought90]

Federal employee and libertarian here. FOIA doesn't mean everything the government does is releasable. The government is allowed to keep secrets for good reasons even if they hide behind it sometimes. Even if browsing histories were official records, that doesn't make them releasable. There are multiple FOIA exceptions, and there are other laws that say certain kinds of information are to be protected in certain ways. Think about all the FOIA requests you see on the news that are heavily redacted. As for those who are saying if I want to do personal browsing to just bring a personal device, I do. But our building is half underground and even the part that is above ground doesn't get good cell reception. Our rules are to allow limited personal use of government information systems for situations like this. But it's really mundane stuff like calling a doctor's office.

Defend this!

[Impy the Impiuos Imp]

These are the same profoundly stinky bags of crap that voted to allow your browser histories to be sold.

Business as usual

[RegistrationIsDumb83]

ISPs like TMO and ATT sell the public's browsing history to advertisers/govt? No problem, says govt. The public sees govt browsing history? No way, says govt.

Government and Corporations allowing

[oldgraybeard]

personal browsing/email while @ work on government equipment is one of the main reasons they get hacked over and over again.

Nothing to hide ...

[PinkyGigglebrain]

makes you wonder what they are afraid of.

Great

[backslashdot]

But can the feds grab them without a search warrant? I hope not.

Re:

[ebvwfbw]

But can the feds grab them without a search warrant? I hope not.

Absolutely. When you work for the government on their machines "There is no expectation of privacy."

Policies should be irrelevant

[Todd Knarr]

Policies, including retention policies, should be irrelevant to the question of whether any document is a public record. It either is or it isn't, and an agency shouldn't be able to change that status simply by deciding to treat a public record document as if it wasn't a public record. If a document is a public record and isn't treated as such, then it's the policy that's in error and not the classification of the document.

The fact that the agency doesn't use browser histories for anything, though, should be sufficient to find that they aren't public records. If the CAI thinks the officials or the agency had an improper basis for their decisions they should ask for all documentation that was used as the basis for those decisions (which would be public records) and go for inconsistencies or inadequacies there.

The judge is wrong

[nospam007]

They are records of something civil servants were doing on the job, paid by our tax-money.

If they are wasting our taxes by surfing Pornhub, we have the right to know.

We are even allowed to request the videos and photos they take with their private phones while on the job.

I guess the judge doesn't want HIS history revealed.

Re:

[gonzo67]

They are records of something civil servants were doing on the job, paid by our tax-money.

If they are wasting our taxes by surfing Pornhub, we have the right to know.

We are even allowed to request the videos and photos they take with their private phones while on the job.

I guess the judge doesn't want HIS history revealed.

No...Pornhub and the like are probably filtered out (most federal agencies tend to have both allowable and not-allowable lists on their network.

My personal phone? Get a warrant.

My government issued phone? File a FOIA request, and maybe the lawyers will allow it to be released, maybe not. I wouldn't care either way.

As far as a log of what I was doing while on the clock...do you need a list of every bathroom break, and what exactly was done? What about when I grab something to drink or eat on my break to

Space for 'blue sky' research

[Bruce66423]

One of the problems of high office is the lack of time to think things through properly. One of the aids to that CAN be net surfing to see if there are ideas out there that would the conversation on an issue forward. This may result in a search leading to a 'nasty' source; racist, terrorist etc. The fact that a bureaucrat using the net for such research accesses such a site proves nothing - very often their nature is not obvious. But there's a great news story in it if that information becomes public.

The co

Re:

[gonzo67]

This decision directly conflicts with over a century of case law that has, until now, said that government officials have no expectation of privacy, anywhere, in the performance of their official duties.

Please provide some citations. Personal browsing while on a break is NOT in the performance of their duties usually (though there as times I have browsed legal databases to get caught up on the latest in the area of law I work in. I am not a lawyer, but do work within a niche aspect of federal labor law).

While in public, government officials cannot expect privacy. However, case law does point to times where the public can be excluded from aspects of government work. For example, if a person is in a media