Why Seattle Accidentally Sent This Activist the First 256 Characters of 32 Million Internal Emails

For the last few years, a self-professed “FOIA-nerd” by the name of Matt Chapman has been using FOIA requests and data analysis to not only improve city government transparency—but improve the way cities function. Chapman founded the non-profit Free Our Info for teaching and advocating the release of digital records.

Chapman’s efforts are prodigious: he’s submitted over a hundred requests for email metadata across the United States—at least two per state.

Occasionally, Chapman’s efforts have run face-first into city dysfunction to almost comedic and sometimes troubling effect. Last year, Chapman’s attempts to obtain email metadata from the city of Seattle resulted in a fairly notable scandal for the city, after the city’s IT department accidentally provided him with not just the email metadata, but the first 256 characters of over 32 million city emails, likely breaking numerous privacy laws in the process.

Chapman’s experience with the city is detailed at length over at his blog and is well worth a read. While he says the data he received was “enormously useful in understanding the dynamics of one the US's biggest cities,” the city’s release of 34 gigabytes of emails to and from city employees—without any personal information redacted—was an obvious problem.

“Seattle definitely showed a lack of transparency by not following Washington's public records law, which requires them to notify its employees after private information has been released,” Chapman said.

The city of Seattle IT Department told Motherboard the last city administration’s run in with Chapman wound up being a bit of a learning experience, ultimately improving the city’s response to both FOIA requests and the way it handles private data.

“Since this incident occurred last year, we’ve streamlined our process by moving various technicians responsible for pulling data into the same team with more consistent oversight,” Seattle IT Department’s Megan Erb told Motherboard. “With this move, we’ve increased the checks of the work that is being done and eliminated the different handoff points.” The city was quick to point out that no credit card details, social security numbers were released as part of the data breach.

More often, however, Chapman’s work is hugely beneficial for the cities and residents whose data he acquires and analyzes.

Earlier this year, for example, Chapman saved Chicago residents upwards of $60,000 after his FOIA requests and data analysis helped pinpoint a particularly confusing city parking spot that had dumbfounded city residents for years, largely because it was serving double duty as a taxi stand while a nearby semi-broken and oddly-placed parking meter stood nearby.

Chapman told me the data he hoovers up from cities has proven immeasurably valuable in better understanding how cities function—and how they can function better.

“By applying social network analysis techniques to email metadata, a lot of patterns on the inner workings of our government can become more apparent—particularly when combined with other sets of communication metadata,” Chapman told me. “From those patterns, future requests for the actual email contents can be sent.” Chapman told me the analysis of city metadata is also invaluable in other ways. Initial data requests can lead to access to other data sets and database schemas, often useful in determining the width and breadth of police activity, city “anti-terrorism” training, or the extension of city cooperation with federal agencies.

“For example, if you wanted to determine what sort of communications ICE has with law enforcement, an easy first step might be to request a chunk of ICE's email metadata and then follow up with requests for the emails between two known-communicating parties,” Chapman said. As for Seattle, they’re an example of how city operational efficiency and privacy standards can be solidified just by having someone like Chapman around prodding established systems and actually paying attention to how things work. “I get the impression that they'll review requests a bit more thoroughly before sending them out” next time,” Chapman said.