Case number: 080288
Whether the Department's decision to refuse to grant access to the requested database of coverage information that informs the map entitled 'Wireless and Broadband Coverage' was justified under the FOI Act.
In a request made to the Department dated 11 September 2008, the applicant sought access under the FOI Act to the "database of coverage information that informs the map entitled 'Wireless and Broadband Coverage'". The map was published in August 2008 as part of the National Broadband Scheme (NBS).
The applicant specified that the information should include the following:
The applicant also requested "a map contemporaneous to the above data".
In a decision dated 2 October 2008, the Department refused the request under sections 27(1)(a), (b), and (c) of the FOI Act. The applicant applied for internal review of the Department's decision on 30 October 2008. In a decision dated 28 November 2008, Mr. Aidan Ryan, Telecommunications Advisor, Business and Technology Division, affirmed the Department's original decision.
By letter dated 3 December 2008, the applicant applied to this Office for a review of the Department's decision. In his letter, the applicant referred to an another application for review, reference number 080184, that he then had pending before this Office, involving an "identical request" dated 25 April 2008. He acknowledged, however, that application number 080184 was a "separate application".
Although separate applications, the apparent similarities between the requests meant that the review in this case was initially dealt with together with the review in Case 080184. Ultimately, however, it was established to the satisfaction of my authorised official at the time, Mr. Seán Garvey, Senior Investigator, that the database requested in Case 080184 no longer existed as at the date of receipt of the request (25 April 2008) and that section 10(1)(a) of the FOI Act therefore applied. Case 080184 was concluded by way of a binding decision issued by Mr. Garvey on 21 January 2011.
A letter from the Department dated 21 January 2009 indicated that, unlike Case 080184, the database which is the subject of the applicant's request in this case still existed. Nevertheless, a further delay arose in making progress with the review due to personnel changes in this Office and other exigencies. The investigation of the review began in earnest in February of this year and included notification or attempted notification of the 48 broadband service providers whose information is contained in the database concerned. However, it subsequently transpired that many of the third party service providers did not receive the letters of notification that had been issued, because this Office did not have the correct contact details. In addition, on 4 May 2012, a meeting was held at the Department's premises that was attended by two officials of my Office, numerous officials of the Department, a representative from the Defence Forces Directorate of Intelligence, and a Superintendent from the Garda Telecommunications Unit.
On 22 June 2012, Ms. Melanie Campbell, Investigator, wrote to applicant explaining her preliminary observations on the matter in light of the meeting, the Department's subsequent submission, and the submissions that had been received by that time from the third party service providers. Briefly stated, Ms. Campbell's view was that the database was exempt under various provisions of the FOI Act, particularly sections 23(1)(c), 27(1)(a), and 27(1)(b). She also noted that she considered it likely that an equitable duty of confidence (section 26(1)(b) of the FOI Act refers) would apply with respect to any information in the database that qualifies as a trade secret.
I have now completed my review in this case in accordance with section 34(2) of the FOI Act. I note that a review under section 34 of the FOI Act is de novo, which means that it is based on the circumstances and the law as they pertain at the time of the review. In carrying out my review, I have had regard to the many submissions made by the Department, the third party service providers, and the applicant, including the applicant's submission dated 25 July 2012 that was made in reply to Ms. Campbell's preliminary view letter to him dated 22 June 2012. While my decision does not comment or make findings on each and every query raised by the applicant in his submissions, all relevant points have been considered.
As Ms. Campbell explained in her preliminary view letter to the applicant, the database at issue includes Microsoft Excel spreadsheets with detailed coordinates of the base station locations (otherwise referred to in this decision as the transmissions sites). Generally speaking, the spreadsheets also include the frequency band, antennae height, and service radius of the base stations concerned. Specific coverage maps are also provided. My review is concerned solely with the question of whether the Department's decision to refuse to grant access to the requested database was justified under the FOI Act.
In his reply to Ms. Campbell's preliminary view letter, the applicant has queried whether the database made available to my Office for the purposes of my review is the complete database to which he seeks access. I do not consider that I have any basis for questioning the integrity of the manner in which the Department has dealt with my Office in this matter. The database before me was forwarded to my Office by Mr. Ryan in response to my Investigator's request for the relevant "record" or a sample of the record. The database was the subject of intensive discussions at the meeting held on 4 May 2012, where the detailed and comprehensive nature of the telecommunications information therein was emphasised. Mr. Ryan has confirmed that it contains the relevant files. While it is not clear whether the maps are in the format that the applicant seems to expect, it is evident that they are the maps that were produced by ERSI Ireland. I accept that the database before me is the database that conforms to the applicant's request of 11 September 2008, i.e. that it is the "database of coverage information that informs the map entitled 'Wireless and Broadband Coverage'". In any event, however, I consider that sight of a pertinent sample of the database would have been sufficient for the purposes of this review.
As Ms. Campbell has also explained to the applicant, it is not within my remit as Information Commissioner to adjudicate on how public authorities carry out their functions generally. Moreover, matters that were at issue in Case 080184 will not be revisited in the context of this review, which relates solely to the applicant's FOI request dated 11 September 2008. This review also will not consider issues under the Access to Information on the Environment (AIE) Directive, which has been implemented as a separate access regime in Ireland.
Before setting out my findings, I should point out that while I am required by section 34(10) of the FOI Act to give reasons for my decisions, this is subject to the requirement of section 43(3) that I take all reasonable precautions to prevent disclosure of information contained in an exempt record or matter that, if it were included in a record, would cause the record to be exempt. This constraint means that, in the present case, the extent of the information that I can give in relation to certain security concerns raised by the Department is limited.
I should also explain my approach to the granting of access to parts of records. Section 2 of the FOI Act defines "record" as including "anything that is a part or a copy" of a record. Section 13 of the FOI Act provides for the deletion of exempt information and the granting of access to a copy of a record with such exempt information removed. This should be done where it is practicable to do so and where the copy of the record thus created would not be misleading. However, I take the view that neither the definition of a record nor the provisions of section 13 envisage or require the extracting of particular sentences or occasional paragraphs from records for the purpose of granting access to those particular sentences or paragraphs. Generally speaking, therefore, I am not in favour of the cutting or "dissecting" of records to such an extent.
The Confidential Nature of the Database
From the outset of this review, there has been a considerable amount of confusion over the nature of the information contained in the database and whether the information could, with effort, be sourced from the public domain or not. The confusion largely arose because references to broadband base stations had been used almost interchangeably with references to mobile transmitter sites. Coordinates for the location of every mobile transmitter in the country, together with the name of the relevant service provider, are available by accessing the Siteviewer service on the website of the Commission for Communications Regulation (ComReg). Although the information about the site locations is not as easily accessible on Siteviewer as it is in the database, the availability of such precise information about the locations seemed to undermine the claims of sensitivity that had been made with respect to the information requested.
However, it is undisputed that Siteviewer does not provide all of the details sought for any of the sites, such as service radius, antennae height, and deployment status. Moreover, based on the submissions that have been made, I accept that, while mobile transmitter sites and mobile broadband stations are generally one and the same, most of the Fixed Wireless Broadband systems installed by the Wireless ISP throughout Ireland have different locations and masts from the mobile operators. In other words, not all of the sites documented in the database are available on Siteviewer. I also accept that many of the installations would not be greatly visible, especially when camouflaged, because they are on poles less than 10 metres high; such installations are also exempted from planning permission.
In his submission dated 25 July 2012, the applicant points out that certain exempted structures require prior notification to the relevant planning authority. Class 31 of Part 1 of Schedule 2 of the Planning and Development Regulations 2001 relates to exempted developments by telecommunications service providers; under paragraph (k), prior notification is required of the proposed location of antennae attached to the following existing structures:
(i) public or commercial buildings (other than educational facilities, childcare facilities or hospitals) by way of attachment to roofs, facades, chimneys, chimney pots or vent pipes;
(ii) telegraph poles, lamp posts, flag poles;
(iii) electricity pylons.
The implication is that information about transmission sites, whether exempted developments or not, could be obtained from the planning authorities. However, it seems unlikely that all of the exempted transmission sites would fall within the ambit of paragraph (k), since many are located on property that is in private ownership, such as farm sheds. Moreover, the "proposed location" that must be notified would not include the level of detail that is contained in the database at issue.
In any event, what is truly significant about the database at issue is that it is a comprehensive source of detailed information about the telecommunications infrastructure of this country in a relatively easy-to-access format. In other words, its true value lies in the scope and level of detail that it provides "at a glance", figuratively speaking. While certain individual details in the database could be obtained from publicly available sources such as Siteviewer or the various planning authorities, I accept that no single source of such comprehensive information about the telecommunications infrastructure of this country can be found in the public domain.
In House of Spring Gardens Limited v. Point Blank Limited  I.R 611, Costello J observed:
"As to (ii) [the nature of the information], if the information has been compiled by the expenditure of skill, time and labour by the informant then, although he has obtained it from sources which are public, (in the sense that any member of the public with the same skills could obtain it had he acted like the compiler of the information) the information may still, because of its value, be regarded as 'confidential' information and subject to an obligation of confidence."
Thus, if it takes skill, time and labour to compile the information concerned, the information may still be regarded as confidential even if the component parts were sourced from the public domain.
In this case, the database is, in effect, a comprehensive directory to the majority of the broadband transmission sites in the country as of 2008. It provides a snapshot of each respective service provider's so-called "network footprint" as it existed at that time. Based on the submissions that have been made by the Department and a number of the relevant third party service providers, I accept that there was an implicit understanding of confidentiality in relation to the network details supplied by the service providers. Moreover, given the investment involved in developing the networks, I accept that coverage and network design do not change rapidly; thus, the database is by no means obsolete. As one service provider has explained: "As mobile networks are a significant sunk cost, they are built on a medium to long term [basis]". The database includes details which are not publicly available from any source. Even where the information therein could be found from sources which are publicly available, such as Siteviewer or the various planning authorities, it would take skill, time and labour to compile the details into a similar such database. It is in this context that the Department's claims for exemption may be properly understood.
In her judgment in the case of The Governors and Guardians of the Hospital for the Relief of Poor Lying-In Women v The Information Commissioner IESC 26 [more commonly referred to as "the Rotunda Hospital case"], Macken J commented on the question of the proof required of public bodies to show that the terms of the various exemptions in Part III of the FOI Act (sections 19 to 32) have been met. She indicated that considerable weight should be accorded to proof that is presented "by an appropriate person". In this case, the Department has presented compelling evidence of the security concerns surrounding the database at issue. I attach significant weight in particular to the presentations made by the representative from the Defence Forces Directorate of Intelligence and the Superintendent from the Garda Telecommunications Unit at the meeting held on 4 May 2012. I take it that these two members of the security services have expert knowledge of security matters and would not have taken the time to meet with my officials if their concerns over the potential release of the database were not genuine. I note that it is their opinion that release of the database under FOI would facilitate criminal activity, some of a very serious nature.
Prior to the meeting, Mr. Ryan had already submitted copies of Garda photographs of criminal damage to telecommunication sites. In a submission dated 22 March 2012, Mr. Ryan reported:
"In relation to criminal damage to the sites, the Garda have advised that as of today they are investigating 83 cases of criminal damage to sites included in our list. The problem has become so acute that a special interdepartmental task force has been created to address and reduce this problem. . . . While some of these sites are in use by the mobile operators this is not the case for all sites. Some of the photographic evidence already provided to you do not involve a site which is used by mobile operators and is a site that was specifically designed for broadband rollout. In addition one of the sites currently under Garda investigation as a result of criminal damage is a hub site for the emergency services and broadband users."
At the meeting, Mr. Ryan highlighted the fact that the two most critical areas of national infrastructure are (1) telecommunications, and (2) energy. He stated that, apart from ComReg, there would be no single source of as much information on the critical telecoms industry than that which has been requested from the database. When Ms. Campbell asked about the absence of any evidence that assurances of confidentiality were given to the service providers who supplied the information, Mr. Ryan stressed that confidentiality would have been understood by all involved, i.e. that there was an implicit understanding of confidentiality, because the need for confidentiality was so self-evident.
The Garda representative then outlined the concerns of the Garda Síochána with respect to this "critical national infrastructure", which are twofold: (1) economic, and (2) security. According to the Garda representative, metal theft has become a huge problem since the downturn in the Irish economy. The base stations have valuable copper that is much sought after, and the repair of the sites has become increasingly expensive. There has been a 30 percent increase in theft and vandalism in recent months. In addition, criminal gangs have been known to target sites in particular areas in order to reduce or weaken coverage and thus facilitate other criminal operations such as bank robberies. The security concerns voiced by the Garda representative were corroborated and further clarified by the representative from the Defence Forces Directorate of Intelligence, who also provided some highly sensitive background information regarding the telecommunications infrastructure of the country that this Office is not at liberty to disclose.
When asked why, in light of the such concerns, it was considered acceptable to publish the locations of mobile sites on the ComReg website and not to release the location given in the database, it was pointed out that the coordinates in the database are more specific than those available on Siteviewer (which would appear to be the case in some but not all instances; in certain other cases, specific place names are given). It was explained that the Siteviewer coordinates will only direct a person to an area, whereas the coordinates in the database would direct the person to within one metre of the site. The other details in the database were also referred to. An analogy was made to a criminal planning the burglary of a house and the difference between the would-be burglar examining the lay-out of the house from outside and being given the plans to the house setting out the location of every door, window, etc. It was stressed that the level of detail provided in the database simply is not in the public domain anywhere.
The Department's submission dated 5 June 2012 summarised the information that had been provided at the meeting, focusing particularly on the security concerns. In relation to the issue of criminal damage to telecommunications sites, the Department emphasised: "This is a new and increasingly significant problem for all telecommunications operators, the end users who depend on these sites for communications and site owners and is a matter that has highlighted the importance of these installations for all stakeholders." The Department supported its submission with statements of opposition from most of the relevant service providers that it was able to contact about the matter.
I note that concerns about an increase in vandalism, theft, and trespass were also raised in the third party submissions received by this Office prior to the meeting. As one third party objector put it, "there is a big difference between driving around looking for masts, which could be easily located by a scanner, and the release of all the locations as requested via FOI appearing on some blog for all to see at a glance".
The evidence presented by the Department, and more particularly by the security service representatives, is relevant to a number of the exemption provisions of the FOI Act, but in light of what I am free to disclose, I consider that section 23(1)(c) is the most appropriate exemption to apply in this particular case with respect to the information contained in the spreadsheets in the database. Section 23(1)(c) of the FOI Act provides that a head may refuse to grant a request under section 7 if access to the record concerned could, in the opinion of the head, reasonably be expected to facilitate the commission of a crime. The word "facilitate" is not defined in the Act, but it is commonly understood to mean: to make easier.
I note that, in his submission dated 25 July 2012, the applicant is dismissive of the security concerns which have been raised, but I am not. I accept that the database includes details that are not available in the public domain. To the extent that the details are in the public domain, it would take time, labour, and skill to compile them into a similar such source of information. The database is in the nature of a directory giving the precise locations and antennae height of the majority of the broadband transmission sites in the country, including the exempted structures on property in private ownership. As Ms. Campbell explained, release under FOI is regarded as release to the world at large. Thus, to release the requested database on foot of the applicant's request would be the equivalent of publishing this detailed and comprehensive source of information about the telecommunications infrastructure of this country for all the world to see. It seems to me that the more information that potential criminals have about an intended target, the better they can plan for and execute the intended criminal enterprise, whether it is the mere theft and vandalism of a particular transmission site or whether it is launching a coordinated attack on a number of sites in a given area in order to reduce or weaken coverage and thus facilitate a larger criminal operation such a bank robbery. In the circumstances, I am fully satisfied that granting access to the database in full could reasonably be expected to facilitate the commission of an offence and that section 23(1)(c) therefore applies. Moreover, I do not consider that it would be practicable to attempt to sever any of the information in the spreadsheets with a view to partial release under section 13 of the FOI Act.
Section 23(1) is subject to section 23(3), which provides that consideration must be given to the possibility that the public interest would be better served by the release of the information rather than by it being withheld, in the event that one of three conditions is fulfilled. The first condition is that the record under consideration "discloses that an investigation for the purpose of the enforcement of any law... is not authorised by law or contravenes any law". The second condition is that the record contains information concerning "the performance of the functions of a public body whose functions include functions relating to the enforcement of law" and the third condition is that it contains information concerning "the merits or otherwise or the success or otherwise of any programme, scheme or policy of a public body for preventing, detecting or investigating contraventions of the law". I agree with Ms. Campbell that the database itself does not contain any information that satisfies these conditions. Accordingly, I am satisfied that section 23(3) does not apply.
The Department does not claim, however, that security concerns arise with respect to the maps included in the database. The focus of the security concerns is on the ease of reference to the details in the spreadsheets that the composite database would provide. No claim for exemption has been made with respect to the aggregate or composite maps in the database, but the Department contends that the individual maps are confidential and commercially sensitive. According to the Department, the individual maps provide more detailed and specific coverage information than what is publicly available and could be used to reverse engineer some of the technical information that is provided in the spreadsheets, but it is not claimed that there is any reasonable expectation that this process would be undertaken in order to facilitate criminal activity.
From the outset of this case, however, the Department has claimed that the information in the database is commercially confidential. At least eighteen of the third party service providers have supported the Department's position, including one service provider which effectively withdrew its previous consent to the release of its information in the database.
Section 27 of the FOI Act provides protection for three different classes of commercially sensitive information as follows:
"27.-(1) Subject to subsection (2), a head shall refuse to grant a request under section 7 if the record concerned contains-
a) trade secrets of a person other than the requester concerned,
b) financial, commercial, scientific or technical or other information whose disclosure could reasonably be expected to result in a material financial loss or gain to the person to whom the information relates, or could prejudice the competitive position of that person in the conduct of his or her profession or business or otherwise in his or her occupation, or
c) information whose disclosure could prejudice the conduct or outcome of contractual or other negotiations of the person to whom the information relates."
Section 27(1) does not apply, however, if the public interest would, on balance, be better served by granting rather than by refusing the request (section 27(3) refers).
I note that the individual maps are more detailed and specific than the coverage maps that are generally available on the websites of the respective service providers. I accept that they were produced by the ESRI based on information that had been given by the service providers on an understanding of confidence, though the information was subject to verification by the Department. I also accept that such coverage information is key to competition between service providers. Moreover, the maps reveal specific areas that the companies concerned could reasonably be expected to target in order to upgrade their networks. In the circumstances, I am satisfied that the individual maps are commercially sensitive within the meaning of section 27(1)(b) of the Act except insofar as the third parties concerned have consented to the release of their information that is contained in the database. The parties that are considered as having given their consent are those that affirmatively stated that they had no objection to the release of the database. If it subsequently transpires that there has been some misunderstanding and such consent is withdrawn before the map concerned is released, then the map concerned should also be treated as exempt under section 27(1)(b). Moreover, I note that, as there is evidence on the case file that many of the third parties did not actually receive the letters of notification that had been issued in the course of the investigation of this review, at least in some instances because of a change of name, address, and/or ownership, I do not consider it appropriate in the circumstances to treat the absence of a statement of objection as consent to release. It follows from the above that, notwithstanding the applicant's arguments, I do not accept that the exception to the exemption provided for under section 27(2)(b) applies in this case.
In relation to the question of the public interest, I note that the accuracy of the maps, including the final aggregate map that was published in August 2008, is a matter of dispute. The NBS project was designed to address the problem of so-called "market failure" in certain rural areas in relation to broadband rollout through subsidies approved by the European Commission. Service providers supplied information about their coverage and network systems to the Department in the hope of avoiding subsidised competition in their areas of operation. In the circumstances, service providers had natural incentive to inflate their coverage details. On the other hand, however, it seems that some service providers were not happy when their coverage claims were discounted.
In Sheedy v. The Information Commissioner IESC 35, Fennelly J observed that FOI is "designed to open up the workings of government and administration to scrutiny". Moreover, in the Rotunda Hospital case, the Supreme Court drew a distinction between private interests and public interests. Fennelly J. stated that a request made "by a private individual for a private purpose" is not a request "made in the public interest". In the opinion of Macken J, the public interest would require "a true public interest recognised by means of a well known and established policy, adopted by the Oireachtas, or by law".
Section 27 of the FOI Act itself recognises a public interest in protecting the commercially sensitive information of private companies that is held by public bodies. In this case, the relevant third party service providers cooperated with the Department's request for detailed information about their network footprints, actual and proposed, without, to my knowledge, any public money being received in return for the time and effort involved. They did so voluntarily and on the understanding that the information, given its inherent sensitivity, would be kept confidential. The individual maps were produced based on the information thus supplied.
I note that there may be a consumer interest in the individual maps, but I am not satisfied that the equates to a public interest for the purposes of the FOI Act. I consider that the true public interest in the NBS mapping project would lie in revealing information about the steps taken by the Department to verify the data supplied to it rather than in disclosing the coverage details, accurate or inaccurate, of the private companies concerned. As noted by Ms. Campbell, the publication of the aggregate map itself provided some openness and transparency with respect to its accuracy, as inhabitants of supposed "red zones" whose coverage was in fact inadequate have been able to bring the discrepancies to the Department's attention. In the circumstances, I am not satisfied that the release of the individual maps against the wishes of the relevant service providers would serve any true public interest to a sufficient extent to overcome the public interest in protecting their commercially sensitive information. I find that section 27(3) does not apply.
Having carried out a review under section 34(2) of the FOI Act, I hereby vary the decision of the Department in the following terms:
I annul its decision in relation to the aggregate or composite maps in the database and direct their release.
I annul its decision in relation to the individual maps of the third party service providers who consented to the release of their information that is contained in the database, as named in the relevant cover letters to this decision, and direct the release of these maps, provided that such consent is not withdrawn prior to release.
I affirm its decision in relation to remainder of the database, including with respect to the individual maps of the third parties who objected to the release of their information.
A party to a review, or any other person affected by a decision of the Information Commissioner following a review, may appeal to the High Court on a point of law arising from the decision. Such an appeal must be initiated not later than eight weeks after notice of the decision was given to the person bringing the appeal.
13 December 2012