Whilst UEA should comply with the request, I think that M Tuppen may be barking up the wrong tree.

Here's hoping for a double own goal

Should all FOI requests be suffixed with the message, "refusal to comply with this request will lead us to believe that you have something to hide"?

He should appeal to the ICO. I did (with Professor Jonathan Jones- Oxford) and the CRUtemp data was released.
I am still pursuing a further action- which I should be able to report back on next week.

Be persistent and do not take "no" for an answer

It is good that Tuppen is testing the limits of the FOI laws this this way and creating precedents (I can see the statute book will eventually littered with cites to UEA/CRU 2009-2011 :) )- more power to his/her elbow. I remember looking at the redraft of the Tuppen request and smiling at the ever so humble way Tuppen rephrased the request noting the EIR points and other suggestions which were going on this on this blog at the time :)

Probably slow but I still don't see the wriggle room here in this case though

Where a public authority only holds information on backup media, because its primary data store has been accidently wiped out, or where it is in fact using backup as a method of storage, information will be classed as held.

The Commissioner will consider the circumstances on a case by case basis to make a judgement on the intended use of the information stored on back up files in assessing whether such information is held for the purposes of the Act.

If the commisioner has any sense of justice about the way UEA had (un-intentionally) finessed the 6 month period to now send indignant letters whenever they are quoted as breaching the rules then maybe now is the time to redress that?

Tuppen should get the data surely?

I've been away and have not followed up on the ongoing requests for copies of email correspondence between myself and McIntyre, Watts, Condon etc. As I said at the time this amounts to just a few emails all of which I deleted more than a year ago. Since Jeff Condon has kindly published the single email between us.

I doubt that the emails contain any information as defined in the Environmental Information Regulations 2004 which I've excerpted below:

“environmental information” has the same meaning as in Article 2(1) of the Directive, namely any information in written, visual, aural, electronic or any other material form on—
(a) the state of the elements of the environment, such as air and atmosphere, water, soil, land, landscape and natural sites including wetlands, coastal and marine areas, biological diversity and its components, including genetically modified organisms, and the interaction among these elements;
(b) factors, such as substances, energy, noise, radiation or waste, including radioactive waste, emissions, discharges and other releases into the environment, aVecting or likely to aVect the elements of the environment referred to in (a);
(c) measures (including administrative measures), such as policies, legislation, plans, programmes, environmental agreements, and activities affecting or likely to affect the elements and factors referred to in (a) and (b) as well as measures or activities designed to protect those elements;
(d) reports on the implementation of environmental legislation;
(e) cost-benefit and other economic analyses and assumptions used within the framework of the measures and activities referred to in (c); and
(f) the state of human health and safety, including the contamination of the food chain, where relevant, conditions of human life, cultural sites and built structures inasmuch as they are or may be aVected by the state of the elements of the environment referred to in (a) or, through those elements, by any of the matters referred to in (b) and (c);

The emails contain no data, or information relating to the points a) to f) above.

I don't have any objection to the publishing of these emails and so will ask that the university, on my behalf, recovers them for me. Assuming that I am able to recover them I will then post them here with the permission of my correspondents and the Bishop.

Plus, the precedent is needed, so let the University release them. Innocence is presumed by your offer, but the University should prove it. An irony for my museum.
================

O/T but wanted to mention the following has been removed from the Daily Mail article i excerpted under the "Stirling's Excuses" thread yesterday re Huhne:

“The stealth levies, introduced to fund Britain’s investment in wind and solar power, are costing families an average of £200 a year – two-thirds of the amount the Cabinet Minister said they should be able to save.
This represents an increase of between 15 and 20 per cent on the average domestic power bill. The money is being used to help fund the building of 10,000 wind turbines and the proposed installation of £7 billion worth of smart meters in homes.”

http://www.dailymail.co.uk/news/article-2038678/Chris-Huhne-Crippling-energy-bills-YOUR-fault.html

Hey! I feel I just got to explicitly say this about this wonderful case..

Isn't it amazing that we see all parties to an FOI being in full agreement that it should be fullfilled and there is only one familiar agent with a delaying mindset shown as a stumbling block here?

Hang on, they are lying about IT disaster recovery policies tape back ups are routenly used to recover deleted data; a disaster recovery is used to recover an entire servers data from the last known version of the live data and would not restore previous archive data.

I'll dig out the relevant cabinet office guidlines on data retention policies on this tomorrow but I think they are trying to baffle the requester with BS by mixing up tape backup data retention legislation with
Disaster recovery to throw out the request.

The cabinet office has an IT data managment guidlines and policies in relation to this.

These are worth reading:
http://interim.cabinetoffice.gov.uk/media/132709/dataprotection.pdf

http://russ.michaels.me.uk/enclosures/emailarchiving.pdf

Can you FOI the identity of the FOI applicant ?

This is from the email archiving pdf quoted above

Freedom of Information Act
Those working in the public sector have experienced perhaps the most dramatic legislative change to affect email management in recent years. The Freedom of Information Act 2000 (“FOIA”) came into force on 1st January 2005 and gave the public new rights of access to recorded information held by public authorities. Email communications fall within the definition of “recorded information”. Anyone, anywhere, without giving either proof of identity or details of their motive for making a request, can ask for a copy of an email.
The deadline for responding is 20 working days from the date of receipt of the request, and many public authorities have discovered that their current facilities for searching and retrieving archived emails have caused considerable difficulties in meeting the deadline.
A search of the Information Commissioner’s decision notices (which can be found at www.informationcommissioner.gov.uk) shows that the majority of public authorities that are named have earned their place in this dubious hall of fame for this very reason.
One of the most shocking aspects of the FOIA is the fact that it is retrospective. Public authorities are obliged to provide information in emails that were generated before the date the FOIA came into force, forcing them to search through archives. In a recent case in the Information Tribunal, (where decisions by the Information Commissioner are reconsidered when those concerned do not agree with his decisions), it was clearly stated that if a document is at all recoverable (for example, a trace of it remains on the network) it must be retrieved in order to comply with the FOIA. Most of those charged with information governance are realising that basic, usually folder-based search-and-retrieval functions in their email applications are simply not enough to rise to the challenge, and that a state-ofthe- art-email storage facility with enhanced retrieval and management capabilities is the only viable solution.
Public authorities are also having to wake up to the fact that an ability to locate, assess and delete redundant material is as important as an ability to preserve the more relevant content. Whilst deletion of redundant material is essential, the Freedom of Information Act also imposes criminal sanctions where the deletion is for more sinister reasons. Section 77 of the FOIA makes it a criminal offence to alter, deface, erase, destroy or conceal any record, including an email, with the intention of preventing disclosure by a public authority. This criminal penalty can be imposed on the individuals concerned, and this personal liability can fall upon employees and officers of an organisation, or consultants and other temporary staff. Clearly, a system with the built-in ability to protect system integrity and provide a reliable audit trail could provide vital evidence to protect a public authority from liability where the wrongdoing is committed by an individual acting for his or her own ends.
Without the ability to retrieve reliable information, and an accurate audit trail, an employer will be exposing itself to unnecessary risks Public authorities are also expected to comply with a statutory code on records management that has been issued under the FOIA, (called the s46 Code).Very early on in the history of the FOIA it was anticipated that records management (or rather a lack of it) would be a major hurdle for compliance with the new right to public information. The Code requires all public bodies to treat the records management function “as a specific corporate programme”. The Code emphasises that electronic records, such as emails, should be managed with the same care accorded to manual records, and that the records management programme “should bring together responsibilities for records in all formats, including electronic records, throughout their life cycle, from planning and creation through to ultimate disposal”. The National Archives has issued useful guidance on developing a policy for managing email, in support of this requirement for good records management. The guidance recommends that archiving and records management should be considered alongside the more usual elements of an Acceptable Use Policy. Clearly, an archiving facility that allows the organisation to set the archiving functions to run in accordance with the terms of its own policy will give that organisation a significant foundation from which to operate.

The relevans S46 FOI code of practice:
http://www.justice.gov.uk/guidance/docs/foi-section-46-code-of-practice.pdf

"a regular backup regime for email"

Well, is it or isn't it? The clue is in the word 'backup'...

They are in a bind, they want to cover up shenanigans in another part of the university and if they give up Paul Dennis' emails they'll open up the floodgates for the CRU. So being the simpletons they've proved themselves to be time and again they're refusing, and hoping to get away with it.

"I do not believe that it is necessary for us to search these for the information you have requested and therefore, I agree with our original assessment that we do not hold the requested information"

Only a lawyer could have written a non-sequitur like that. Bill Clinton would be proud.

I would be surprised if UEA had retained multiple backups going back over 2 years just for the purpose of disaster recovery. I would expect such backups to be fairly current.

The UEA have stated they dont retain deleted emails for more than one month.

Paul Dennis has indicated he deleted the emails a long time ago. Would a backup still be retained that goes back to the time he did the deletion?

The case cited as a precedent says in respect to backup:

Where a public authority only holds information on backup media, because its primary data store has been accidently wiped out, or where it is in fact using backup as a method of storage, information will be classed as held.

The Commissioner will consider the circumstances on a case by case basis to make a judgement on the intended use of the information stored on back up files in assessing whether such information is held for the purposes of the Act.

The circumstances in the present case have not been addressed in previous cases.

James P -
The non-sequitur appears to originate with the ICO:

The Tribunal found in Harper that information on backup media can be held and the Section 46 Code of Practice (records management) says that "A record cannot be considered to have been completely destroyed until all copies, including back-up copies, have been destroyed, if there is a possibility that the data could be recovered". However, the ICO takes the view that in general information on backup will not be held for the purposes of the Act as the public authority will have no use for it otherwise than where it is required after data loss.

The reasoning appears to be that the record was intended to be deleted in the normal course of events. Yet they draw a parallel to a file which was deleted but remains in a recycle bin, which is considered to be held: "The Tribunal in the case found that information retained in a trash can or recycle bin folder is held." Surely only a lawyer can love such logic.

Keep on it, Bishop - disclosure, in these circumstances, ie matters of public interest, are essenial, as you know. Whether it helps or hinders ( disproves!) a particuliar view is immaterial. You know what truth is- it's courage - forward!

HaroldW - I suspect that people will also need to take on the practical issues with regard to restoring from backup. Restoring a file from a recycle bin is relatively easy to do. Recovering information from server backups is a different order of magnitude.

Lets assume they retain multiple generations of backups and a backup does exist which contains the deleted emails. I assume it will probably be an image of the server. Even if it is compressed the nature of emails would suggest it will be a very large file. I doubt that they will be able to read directly from the image.

They will not be able to restore to the current server because that is live. They will need to locate a "spare" server which is formatted with sufficient capacity to allow a restore. The restore itself will probably take hours.

After restore will this server then contain any administrative software that will allow them to search for the emails. If not this software will need to be installed and configured. After that someone will then need to do the search of all Pauls emails and the time spent will probably depend on what tools are available.

My understanding is there is a limit to the amount of time that can reasonably be spent on responding to FOI requests.

clivere

Most enterprise backup software doen't work in the way you describe.

A backup policy will usually be to tape on a daily (incremental changes) weekly (full server backup) and Monthly (full backup at end of Month). Depending on the retention policy daily tapes would probably be recycled (re-used) on a pretty regular basis, Weekly tapes may be retained for something like three Months and Monthly tapes could be kept for years.
The backup software will keep a catalogue of all the files retained on the tapes and can be very quickly searched for versions of file, in the case of emails this can be down to individual emails in a mailbox. From there they can easily be restored to the original location or re-directed wherever the admin chooses.

They will not be able to restore to the current server because that is live. They will need to locate a "spare" server which is formatted with sufficient capacity to allow a restore. The restore itself will probably take hours.
After restore will this server then contain any administrative software that will allow them to search for the emails. If not this software will need to be installed and configured. After that someone will then need to do the search of all Pauls emails and the time spent will probably depend on what tools are available.

The above backup recovery scenario is not something I have encountered in all my years as an IT system administrator. It reads more like the actions you would take to recover a server that had been lost completely, day to day tape backup and recovery just doesn’t work like that.

Jason F - I am describing a disaster recovery regime as per the quote in the main post "This backup is for the purposes of disaster recovery and is not provided as a service for the retrieval of erroneously deleted information."

They have always stated they do not retain deleted emails for more than one month from their main email system.

http://www.cce-review.org/pdf/MR%2018%20Dec%20final%20IT%20Personnel.pdf

JCF "Configuration of backup server was unfortunate as it did not remove deleted emails. Centrally, UEA emails are held only for a month and then deleted permanently.

clivere -
Not being conversant with the methods by which backup servers maintain information, I will let more informed voices discuss it.

My point was merely that the ICO policy makes a point of intent when discussing backups: "Whether or not the deletion was intentional is critical, however." Yet deletions on a computer, such that the file still exists in the computers's recycle bin or trash can, are always considered to be held. This inconsistency puzzles me, as it seems to me that one can draw parallels:
deleting a file <-> backing up a mail server
removing file from trash can <-> destroying/reusing outdated backup tapes
Yet the ICO point of view is that the first step on the left results in the information still being held, while the first step on the right results in information not being held.

Clivere, sorry if I sounded at all hostile in my earlier post. I do think they are trying to be clever with what they are saying.

Jason F - I am describing a disaster recovery regime as per the quote in the main post "This backup is for the purposes of disaster recovery and is not provided as a service for the retrieval of erroneously deleted information."

- The purpose of the backup is irrelevant they don’t say that they do not keep a historical tape backup of data, they do say they do not use it to recover erroneously deleted data.

They have always stated they do not retain deleted emails for more than one month from their main email system.

- This is only the retention policy for files in the live system if the files were removed by an automated policy to remove files older than a month the files were not erroneously deleted, they make no mention of how long the files would remain on tape.

JCF "Configuration of backup server was unfortunate as it did not remove deleted emails. Centrally, UEA emails are held only for a month and then deleted permanently.

- Again this is a data retention policy on the live system backup tapes will contain data that was deleted as part of this policy.
Disaster recovery is only one aspect of what a tape retention policy is used for, someone should ask them:
How long do they keep the tapes containing the data and what are their retention policies for the tapes? Instead of letting them tell us they use tapes for disaster recovery and only keep files for a month on the live system as it’s allowing them to evade the FOI.
If they don’t keep their backup tapes for more than one month I’d be looking at the data protection act and legislative guidance on email archiving for public bodies to see if this policy complies.

HaroldW - the problem we have from the headline quote is that it is not clear what the guidance received from the ICO contained. I am pointing out the possibility that retrieving from backups retained for disaster recovery could be quite time consuming and may exceed what should reasonably be expected.

I am still seeing a distinction between the issues raised by this FOI request and refusal compared with the flagrant abuse of FOI by CRU as exposed by Climategate

Jason F - Paul Dennis has previously confirmed that the one month deletion issue did apply to his emails ie they are gone from the main system.. In this thread he restates he deleted them over a year ago so it becomes problematic if they would be retained on any backup.

Paul has also publically indicated he is quite keen for the emails to be released. The issue in this case appears to be that retrieval is either very difficult or if the emails are not contained on a backup then impossible.

There's Trouble in River City and it starts with T and it rhymes with P and it stands for Precedence.
===================

@ clivere 3:53

"The issue in this case appears to be that retrieval is either very difficult or if the emails are not contained on a backup then impossible."

It could also be that UEA is searching for excuses not to (have to) release the information.

"It could also be that UEA is searching for excuses not to (have to) release the information."

That is still a possibility. They have a track record!

However based on the information that has already been provided by both UEA and Paul Dennis I think in this instance it is unlikely.

I assume Tuppen may appeal in which case we may get to see more.

I find it interesting to read that the UEA policy is to delete emails after 1 month and wonder just how long this policy has been in place ?

If that is the case then perhaps there is a need for a monthly FOI request of all CRU emails to ensure that any relevant correspondence is not lost for the future ........

I am almost certain the original request was prompted by the 4 February 2010 Guardian article (below) and that Mr/Ms Tuppen thinks Dennis performed, depending on his/her vantage point, either a miracle or a heinous crime. By use of the phrase 'global warming disinformation' in the original request, I lean toward the latter, since 'disinformation' is, for want of a better descriptor, a 'Mannian' word.

http://www.guardian.co.uk/environment/2010/feb/04/climate-change-email-hacking-leaks?commentpage=last#end-of-comments

If my supposition is correct, Mr/Ms Tuppen may have a conflicting dilemma about releasing emails at all!

Pharos - who knows! In a world full of conspiracy theories anything seems possible.

I will point out that during July some of the AGW blogs were trying to argue that Rupert Murdoch was responsible for Climategate. I will also argue that the AGW blogs in general produce poorer quality conspiracies than skeptic blogs but sometimes there is not a lot between either side.

http://bobpark.physics.umd.edu/WN11/wn072211.html

Some of the usual suspects including Steve Bloom were discussing over at the bunny house about whether "Were I in a suspicious mood, I would wonder about a couple of Phil's colleagues who have expressed hostility toward him (probably based on jealousy of Phil's rather small modicum of media exposure), e.g. Mike Hulme (the other name I can't recall)."

http://rabett.blogspot.com/2011/07/who-burgled-uea-in-climate-gate.html

I expect "the other name I cant recall" is Paul Dennis and a conversation like that one could have triggered this particular FOI enquiry.

Who knows? But something tells me Dennis couldn't give a fig for Phil's 'media exposure' and if he did, the last reason would be jealousy.

I hope he's enjoying the irony of the University confirming his innocence and setting a dread, for them, precedent in one stroke. Didn't a cat become a King by dispatching seven in one blow?

Would that the mails be found. Found, or not, no credit is reflected upon the University.
========================

LATEST: Canada's Natural Sciences and Engineering Research Council (NSERC) went "far out of its way to keep" some information out of FOI reach. Follows a story of obfuscation successfully countered by a brave reporter and an alert blogger. And no, it's not climate-related.

As if had never heard of stories like that before 8-)