AO-06-18

August 9, 2018

Cameron Cook
Alexandria, Virginia

The staff of the Freedom of Information Advisory Council is authorized to issue advisory opinions. The ensuing staff advisory opinion is based solely upon the information presented in your electronic mail messages dated December 21, 2017.

Dear Mr.Cook:

You have asked for an advisory opinion regarding issues relating to a request for public records from the City of Alexandria (the City) under the Virginia Freedom of Information Act (FOIA). You provided copies of a series of emails detailing your requests to the City as well as various responses from the City and from the Vice Mayor.

Questions Presented

Your first question is whether email headers described in the request for records appropriately fall under the exemption from mandatory disclosure in subdivision 2 of § 2.2-3705.1 as information that may be withheld as advice from legal counsel or protected by attorney-client privilege. Additionally, you have asked whether the inclusion of a vice mayor's administrative assistant on an email between an attorney and a vice mayor would represent a disclosure that breaks the attorney-client privilege. Finally, you have asked whether email headers could fall under the exemption from mandatory disclosure in subdivision 2 of § 2.2-3705.2¹ as information that describes the design, function, operation, or access control features of any security system.

Factual Background

You submitted a request to the City for communications involving the Vice Mayor, his administrative assistant, and any member of the City Attorney's office between August 15, 2017, and September 31, 2017. The City responded by stating that all of the documents requested were being withheld pursuant to subdivision 2 of § 2.2-3705.1 "because the documents contain written advice of legal counsel to state, regional or local public bodies or the officers or employees of such public bodies, and any other records protected by the attorney-client privilege."

You sent a second request to the City asking for the email headers from the records withheld in the previous request. You noted that the response did not need to include the content of the emails, only the headers. The City responded to your request and stated that the requested documents would be withheld for the same reason the records were withheld in your first request.

After the City's second response, you submitted an appeal to the City alleging that the information in the email headers should not qualify as protected under attorney-client privilege. The City responded and asserted again that the information you requested was being withheld pursuant to subdivision 2 of § 2.2-3705.1. This time, the City responded that the requested information was also being withheld "as information that describes the design, function, operation, or access control features of any security system" pursuant to subdivision 2 of § 2.2-3705.2.

Applicable Law and Discussion

Advice of Legal Counsel and Attorney-Client Privilege

Your first two questions are whether email headers² generally can include information that falls under the records exclusion of subdivision 2 of § 2.2-3705.1 and whether the inclusion of the Vice Mayor's assistant on an email would waive attorney-client privilege and therefore mean that the public body could not use the exemption to withhold the records.

It is first necessary to discuss the requirements under the exemption and what is specifically allowed to be withheld. Generally, the exemption protects any information protected by the attorney-client privilege. In Virginia, attorney-client privilege is governed by the principles of common law as interpreted by the courts of the Commonwealth, and this office has previously opined that six elements must be present to invoke the privilege: (i) communications from a client, (ii) to the client's lawyer or lawyer's agent, (iii) relating to the lawyer's rendering of legal advice, (iv) made with the expectation of confidentiality, (v) not in the furtherance of a future crime or tort, and (vi) absent waiver of the privilege.³ The Supreme Court of Virginia has also opined that the privilege applies to more than just communication from a client, including all confidential communications between an attorney and his or her client.⁴

Additionally, the concept of waiver of the privilege relates to the fourth and sixth requirements stated above. In most instances, the inclusion of a third party on an otherwise confidential attorney-client communication is deemed to be a waiver of the privilege because it shows that the intent is for the communication to not be confidential.⁵ Courts have, however, identified some exceptions. For example, if a third party is helping to facilitate the legal counsel, then including the third party on the communications would not destroy the privilege, since the third party is necessary to the communication.⁶ Another example is when the interests of the clients are so closely aligned, such as in the case of codefendants, that the communications between all parties may not be a waiver.⁷ The analysis regarding waiver of the privilege is therefore extremely fact specific.

Furthermore, the ideas of confidentiality and waiver of the privilege are even more difficult in the context of large entities such as governments or other public bodies.⁸ Government attorneys are tasked with representing an entity comprising many individuals, including elected officials and numerous employees. There has been much debate as to who the "client" of a government attorney is in specific circumstances.⁹ In many instances, the interests of multiple employees or members of the government would be closely aligned, and communication between multiple individuals would be necessary for an attorney to adequately represent the interests of the government or public body. There are also instances in which an employee may have interests adverse to those of other members of the government or public body. In those instances, it would clearly be a violation of confidentiality to include those individuals with adverse interests in the communications. Again, this area is extremely fact specific, and there has been little consensus on bright line rules.

FOIA attempts to address some of these complex issues posed by attorneys representing public bodies by adding specific language to the exemption addressing to whom the advice may be given. In the first words of subdivision 2 of § 2.2-3705.1 the exemption states that a public body may withhold records that are "written advice of legal counsel to state, regional or local public bodies or the officers or employees of such public bodies." This portion of the exemption therefore clarifies who can be the client of the attorney of a public body and that all that is required is that the records be (a) written legal advice (b) of legal counsel (c) to state, regional, or local public bodies or the officers or employees of such public bodies. The exemption does not place a limit on how many individuals can receive the advice; it requires only that the advice come from legal counsel and that the individuals receiving the advice fall into certain categories. It is therefore a different analysis than the traditional waiver of the privilege when members or staff of a public body are involved. It is important to remember, however, that the attorney-client privilege must be construed narrowly, both according to the FOIA policy stated in § 2.2-3700 and at common law. If any of the elements of privilege discussed above are not satisfied, the exemption will not apply. Therefore, if individuals were included on the emails other than those allowed by the privilege above, or if the records were disclosed further to individuals not contemplated by the exemption, then the records could not be withheld pursuant to this exemption.

We can now look at your questions and the specific facts you have provided. First, can an email header even include information that would fall under one or both parts of this exemption? Yes, it is possible that the headers could include such information. The first portion of the exemption states that it must be "written legal advice" and the second portion requires only that it be communications related to the lawyer's rendering of legal advice. There is no minimum or maximum length of such advice or communications. The subject line of an email is certainly large enough to allow a lawyer to give brief advice to a public body, or to the officer or employees of such bodies, or to allow a client to convey a confidential communication. An example would be a client enquiring in the subject line, "Should I testify since I lied to the police?" An attorney could then respond briefly in the subject line of his or her reply. Additionally, it is possible that a court could determine that other information contained in a header, such as dates, times, specific email addresses, or other information, falls under the umbrella of advice or communications relating to the rendering of legal advice in specific contexts. It is also entirely likely, however, that some information contained in an email header would not fall under the exemption, especially the more technical and automatically created content. Ultimately, if challenged, a court of law would need to apply the analysis to the specific information included in a particular header.

Next is the issue of whether including the Vice Mayor's assistant on the emails would waive attorney-client privilege and prevent the public body from using the exemption to withhold the records. In the facts you provided, the emails are between the City Attorney, the Vice Mayor, and the Vice Mayor's administrative assistant. The Vice Mayor is an officer of a public body, the public body being the City. Additionally, the Vice Mayor's administrative assistant, while working for the Vice Mayor, is an employee of the public body. Assuming the emails contain legal advice from the attorney, as the City claims, it would appear that the emails in question fall under the first portion of the exemption as written advice of legal counsel to an officer and employee of a public body and could therefore be withheld. As stated above, the exemption provides specific language to address the complex issues facing attorneys representing public bodies and contemplates legal advice being given by the attorney to an employee of the public body, such as the Vice Mayor's administrative assistant. Furthermore, the exemption does not place a limit on the number of recipients of the advice; it requires only that the recipients be a public body or an officer or employees of such bodies. On the basis of the facts you have provided, that appears to be the case, and withholding the records thus would be appropriate. If there is a factual dispute regarding what the records contain or how they were handled, a court of law would be the appropriate body to make that determination. In that instance, the City would bear the burden of proof by a preponderance of the evidence to establish the exemption.¹⁰

It is important to note that the exemption discussed above in relation to both the email headers and the emails is subject to the redaction requirement. If a record contains both information that may be excluded and information that may not be excluded, a public body has a duty to release any portion of the record that does not fall under an exemption from mandatory disclosure, assuming it meets the definition of a public record.¹¹

Information That Describes the Design, Function, Operation, or Access Control Features of Any Security System

Your final question is whether email headers can be withheld by a public body pursuant to the exemption from mandatory disclosure in subdivision 2 of § 2.2-3705.2 as information that describes the design, function, operation, or access control features of any security system. It is important to note that computer security matters are beyond the expertise and authority of this office. And again, the answer is that it may depend on the specific information in a particular record. Generally, however, it seems that there is some information contained in email headers that does not appear to describe the design, function, operation, or access control features of a security system. For example, email addresses, the dates and times messages were received, and the subject lines would likely not describe the design, function, operation, or access control features of a security system.¹² It is also possible, however, that a court of law could disagree or find that there is other information in email headers that does describe a security system in certain instances. Again, if a record contains both information that may be excluded and information that may not be excluded, a public body has a duty to release any portion of the record that does not fall under an exemption from mandatory disclosure, assuming it meets the definition of a public record pursuant to § 2.2-3701.

Conclusion

In both instances, whether the exemptions in subdivision 2 of § 2.2-3705.1 and subdivision 2 of § 2.2-3705.2 were properly invoked depends on the specific records withheld and the facts surrounding them. It is possible that information contained in email headers could include legal advice and information protected by the attorney-client privilege. Additionally, FOIA's exemption under subdivision 2 of § 2.2-3705.1 extends to advice from a lawyer to a public body and employees of the public body, which appears be the case in the given factual scenario. The inclusion of the administrative assistant, as an employee of the public body, is therefore contemplated by the exemption and would not destroy the privilege under the given facts.

Additionally, there seems to be information contained in email headers that would not fall under the exemption of subdivision 2 of § 2.2-3705.2 as information describing the design, function, operation, or access control features of a security system. The area of computer security, however, is beyond the expertise of this office, and it is possible that a court could find that some information contained in a header falls within this exemption, depending on the specific factual circumstances.

In both instances, a public body has a duty to provide any information that falls within the definition of a public record that does not fall within one of the exemptions from mandatory disclosure. If a record contains both information that may be excluded from mandatory disclosure and information that may not be excluded from mandatory disclosure, the public body may only withhold the portions of the public record containing information subject to an exclusion.

Thank you for contacting this office. I hope that I have been of assistance.

Sincerely,

Chad M. Ayers
Attorney

Alan Gernhardt
Executive Director

¹I note that the response you received from the Alexandria City Attorney quoted language from subdivision 2 of § 2.2-3705.2 but referenced subdivision 3 of § 2.2-3705.2. The quoted language was moved from subdivision 3 to subdivision 2 in 2017. Since subdivision 3 of § 2.2-3705.2 addresses security aspects of a safety program plan adopted by the Commonwealth's designated Rail Fixed Guideway Systems Safety Oversight agency, and the email headers you are asking for would seemingly have nothing to do with that type of program, I will assume that the intended exemption was the quoted language under subdivision 2 of § 2.2-3705.2 in the current Code.
²Email headers, as evidenced by the example you provided, include a variety of information about the email such as the subject line, email addresses of senders and recipients, mail servers that the message has passed through, and IP addresses, as well as other information.
³See Freedom of Information Advisory Opinion 04 (2011) (examining a similar issue in which information was disseminated from a town manager, who also served as town attorney, to multiple members of the town council) and Freedom of Information Advisory Opinion 25 (2003) (examining the requirements of the attorney-client privilege, specifically in the context of communications to a public relations firm as the attorney's agent).
⁴Walton v. Mid-Atlantic Spine Specialists, 280 Va. 113, 122; 694 S.E.2d 545, 549 (Va. 2010) (stating that "[a]s a general rule, confidential communications between an attorney and his or her client made in the course of that relationship and concerning the subject matter of the attorney's representation are privileged from disclosure").
⁵See Commonwealth v. Edwards, 235 Va. 499, 509, 370 S.E.2d 296, 301 (1988) (quoting United States v. Cote, 456 F.2d 142, 144 (8th Cir. 1972).
⁶See id. (stating that the "privilege attaches to communications made to the attorney's agents, including accountants, when such agent's services are indispensable to the attorney's effective representation of the client").
⁷See Hicks v. Commonwealth, 17 Va. App. 535, 537 (1994) (stating that the "privilege extends to communications among co-defendants and their attorneys when engaged in consultation about their defense."). The court goes on to say that the privilege applies "[w]hether an action is civil or criminal, potential or actual." Id.
⁸See Jeffrey L. Goodman and Jason Zabokrtsky, The Attorney-Client Privilege and the Municipal Lawyer, 48 Drake L. Rev. 655 (2000) (examining the attorney-client privilege and how it relates to the obligations of the municipal lawyer).
⁹Id. at 661–663 (discussing the problems with defining the municipal lawyer's client)..
¹⁰See subsection E of § 2.2-3713 (stating: "In any action to enforce the provisions of this chapter, the public body shall bear the burden of proof to establish an exclusion by a preponderance of the evidence").
¹¹See § 2.2-3704.01 (addressing records containing both excluded and nonexcluded information and the duty to redact). See also § 2.2-3701 (defining "public records" as "all writings and recordings that consist of letters, words or numbers, or their equivalent . . . regardless of physical form or characteristics, prepared or owned by, or in the possession of a public body or its officers, employees or agents in the transaction of public business").
¹²See Freedom of Information Advisory Opinion 03 (2007) (providing a similar analysis regarding email headers).