Report of the Senate committee on Post Audit and Oversight (under the provisions of Section 63 of Chapter 3 of the General Laws, as most recently amended by Chapter 557 of the Acts of 1986) entitled "Open Standards, Closed Government:ITD's Deliberate Disregard for Public Process" (Senate, No. 2612).
Senator Marc R. Pacheco, Chair
Senator Susan C. Fargo, Vice Chair
Senator Robert A. Havern III
Senator Steven A. Baddour
Senator Richard T. Moore
Senator Steven C. Panagiotakos
Senator Robert L. Hedlund
It shall be the duty of the Senate Committee on Post Audit and Oversight (established under Section 63 of Chapter 3 of the General Laws) to oversee the development and implementation of legislative auditing programs conducted by the Legislative Post Audit and Oversight Bureau with particular emphasis on performance auditing. The Committee shall have the power to summon witnesses, administer oaths, take testimony and compel the production of books, papers, documents and other evidence in connection with any authorized examination or review. If the Committee shall deem special studies or investigations to be necessary, they may direct their legislative auditors to undertake such studies or investigations.
Jesse L. Stanesa
Committee would like to acknowledge the contributions from Senator
Pacheco’s office, including Mary Wasylyk, Chief of Staff; Jessica
Nordstrom, Policy Analyst; Kristen Green, General Counsel, and Meghan
Reilly, Communications Director.
· Executive Summary ·
On August 29, 2005, the state’s Information Technology Division (“ITD”) issued a proposal to make sweeping changes to the state’s information technology infrastructure. The proposal, called the Enterprise Technical Reference Manual (“ETRM”) includes a provision that would make Massachusetts the first state in the country to require that all executive branch agencies use open standards for government documents. Open standards is a policy that increases interoperability of electronic documents and eliminates restrictive licensing agreements. The Senate Committee on Post Audit and Oversight (“Committee”), with the mandate to review state agency operations, reviewed the process by which ITD developed the ETRM. The Committee found that ITD was not aware of the cost of the ETRM, the impact it could have on the state’s public records, limitations on IT accessibility for persons with disabilities, that the agency excluded key governmental and advocacy groups, and that the proposal was issued in violation of state law.
Under the ETRM, all executive branch agencies in Massachusetts, with as many as 80,000 desktops, are required to comply with the new requirements by January 1, 2007. The Committee initiated the investigation of the ETRM in 2003 after a memo from then-Administration and Finance Secretary Eric Kriss directed ITD that “[e]ffective immediately, we will adopt… a comprehensive Open Standards, Open Source policy for all future IT investments….” Shortly thereafter, ITD began releasing a series of open standards policies, culminating in the ETRM, with little or no collaboration with the legislature, executive branch, constitutional officers, or advocacy groups who expressed concern with the ETRM. The Committee made the following key findings:
While the principles of open standards may offer the promise of decreased costs and greater interoperability of state documents, ITD did not pursue this policy in an open, collaborative or lawful manner. Based on these findings, the Committee makes the following recommendations:
· BACKGROUND ·
The initiative to adopt open
To gather additional information about the proposed policy, the Committee held an oversight hearing in December 2003. The Committee invited Secretary Kriss to testify at the hearing but Mr. Quinn represented the Administration instead. The Committee reviewed Secretary Kriss’s memo, the OS/OS policy, and the provision in the capital budget. ITD had released a Request for Responses on its OS/OS policy that was still open for public comments at the time the capital budget was released.
Committee members inquired whether the OS/OS policy created a procurement preference favoring non-proprietary software vendors and questioned the advisability of proceeding with a policy in the IT Bond Bill while the agency was still taking public comments on the RFP. Mr. Quinn commented that the OS/OS policy was designed to increase competition rather than exclude vendors, that the IT Commission endorsed this concept, and that it would move forward conceptually while receiving public comments. After Mr. Quinn’s comments that this policy would provide savings to taxpayers, the Committee requested a cost-benefit analysis quantifying anticipated savings.
The Committee heard testimony
from two industry associations, Association for Competitive Technology and CompTIA,
regarding the cost of the proposal and the potential exclusion of proprietary vendors
In January 2004, ITD published and adopted the Enterprise Information Technology Acquisition Policy, which required agencies making IT investments consider all possible solutions, including “open standards compliant open source and proprietary software as well as open standards compliant public sector code sharing at the local, state and federal levels.” In April 2004, ITD included an open standards requirement in the first version of the ETRM, which outlined the agency’s IT strategy, goals and tools.
It is important to note the distinction between open source and open standards. While “open standards” refers to the technical specification of a document, “open source” generally defines software with a license that does not restrict its redistribution through licensing fees, royalties or other limitations. Open source software also must make available the source code, or underlying software blueprint, so that all end users are free to use, share or modify the product. While certain desktop applications can be downloaded without acquisition costs, this software is not necessarily free as many companies sell a distribution version of operating systems or applications for a fee. The original proposal by ITD required executive branch conversion to open source software and open standards, but subsequent proposals only required documents based on open standards, which is generally supported by open source software.
The ETRM is divided into five
categories, including the Information Domain which provides the requirements
for open standards. Open standards
refers to the technical specification or “make-up” for an electronic document. An open standard is generally required to be
defined by a standards organization or a consortium, resulting in a consensus
from industry vendors and experts. The
standard must also be available to the public for developing compliant
products, and implies that that an existing component in a system can be
replaced with that of another vendor. In the ETRM, ITD defines principles for open
standards as “specifications that are based on an underlying open standard,
developed by an open community, affirmed and maintained by a standards body and
are fully documented and publicly available. It is the policy of the
ITD released a second draft, the ETRM v. 2.0, in May 2004 which did not include any document format requirements. Several months later ITD and Microsoft, a proprietary IT vendor, began negotiations on the licensing agreement to achieve a more accessible standard that complied with ITD objectives for open standards. In a January 2005 presentation to the Massachusetts Software Council, Secretary Kriss announced a tentative agreement to include other software programs, such as Microsoft, in executive branch operations. The licensing agreement was noted in Governor Romney’s “Progress Report to the People of the Commonwealth,” which claimed that the state had reached a “groundbreaking agreement with Microsoft Corporation, [ensuring] full access to public records has been perpetually guaranteed without any license fees or restrictions.” Several months later, ITD released the ETRM v. 3.0, which included MS Office XML along with the OpenDocument Format (ODF) as acceptable open formats.
The ODF was specified as an
acceptable standard for office documents such as text documents, spreadsheets,
and presentations. The ODF was developed
in 2005 by the Organization for the Advancement of Structured Information
Standards (OASIS), a non-profit consortium of IT companies and was approved by ISO/IEC
international standards body in May 2006.  The ODF is presently supported by several
office applications, including OpenOffice, StarOffice, KOffice, and
No state government in the
After publishing the ETRM v. 3.0,
ITD received a “firestorm of negative comments” from the vendor community about
the inclusion of Office XML as an open standard and subsequently deleted the
entire section on data formats from the ETRM. Linda Hamel, ITD General Counsel, noted that
while Microsoft made significant progress towards meeting ITD’s requirements
for an open standard, the agency determined that it was not “open enough.” On
The Committee reviewed the final standard
and public comments and met with various industry groups, including Adobe,
During the December 2003
oversight hearing, the Committee invited testimony from several industry groups
and met with others to discuss, among other things, the cost of the proposal. All parties interviewed, including ITD, agreed
that a Total Cost of Ownership (“
At the 2003 hearing, the
Committee requested that Mr. Quinn provide a cost analysis of the proposed
ETRM. The Committee received no response
and again requested a cost analysis when the ETRM v. 3.5 was issued in August
2005. The Committee received a letter from
Mr. Quinn on
The Committee reviewed the document and questioned certain assumptions used in the analysis, including seemingly conservative estimates of training and consulting costs. The ETRM proposes an enterprise-wide implementation of technology that had never been deployed in a statewide branch of government and with which state agency Chief Information Officers (“CIOs”), who would likely lead the implementation, were not familiar. The 2003 memo by Secretary Kriss to Mr. Quinn acknowledged that the “policy will take time, energy, and money. We have a large installed base of systems, many using obsolete technology, which cannot be quickly converted or replaced.” In written testimony to ITD about the ETRM, Mr. John Beveridge, Deputy Auditor, IT Audit Division, Office of the Auditor of the Commonwealth, noted that “[t]he effort, considering the current IT environment, would be substantial” and inquired whether ITD had “considered starting this on a pilot basis, possibly something where the value could be tested?” Committee research indicates that implementations of this scale carry risk for state governments and can cause operating problems and financial loss.
The ETRM requires state agencies
to develop implementation plans that will allow them to configure existing
applications to save office documents in the ODF by
The Committee had additional concerns about the cost analysis, including a lack of licensing costs for legacy Microsoft programs in the proposed parallel IT systems, potentially high training cost projections for the new Microsoft Office 12 upgrade, ITD’s uncertainty about the number of desktops subject to the ETRM, and a lack of consultation with all state agencies about training costs. The Committee also had questions about the cost and productivity comparisons of the two applications. Specifically, how will government performance be affected if Office 12 increases user functionality, while under the ETRM, ITD would eliminate excess functionality by tailoring desktop programs to the specific needs of the employees.
Based on these concerns, the Committee forwarded ITD’s analysis to the Information Technology Division in the Office of the Auditor of the Commonwealth and requested an independent review of the proposal. This matter is presently under investigation by the Office of the State Auditor. Separately, ITD engaged a consulting firm in January 2006 to conduct a cost analysis of the ETRM and this investigation is also currently in progress.
1. ITD did not perform a cost analysis prior to the issuance of the ETRM v. 3.5 or prior versions of the ETRM. ITD did not respond to the Committee’s request in December 2003 for a cost analysis of the proposal.
ITD did not have any implementation documents prior to
publishing the ETRM v. 3.5 on
3. The issuance of architecture standards can impact state spending, through IT Bond spending or agency operating budget, by tens of millions of dollars.
4. Cost analysis of IT applications should be based on the Total Cost of Ownership of the application to appropriately measure all potential expenditures and savings.
5. The IT Audit Division of the Office of the Auditor of the Commonwealth is presently reviewing ITD’s cost analysis submitted to the Committee in September 2005.
6. New Information Technology Division Director Louis Gutierrez engaged a consulting firm in January 2006 to develop a cost model and analysis to ascertain the costs of the ETRM v. 3.5.
1. ITD should include the IT Audit Division of the Office of the Auditor of the Commonwealth in the cost analysis review to add expertise and ensure objectivity of the engagement.
2. Prior to the issuance of future IT architecture standards, ITD should conduct a cost analysis and submit a copy to the Joint Committee on Technology and Economic Development, the House and Senate Committees on Ways and Means, the House and Senate Committees on Post Audit and Oversight, and the IT Audit Division of the Office of the Auditor of the Commonwealth.
The citizens and businesses of
Following conversations with ITD and members of the IT vendor community and a program demonstration, the Committee was assured that taxpayers with applications that do not support the ODF would be able to correspond with executive branch agencies through an apparently simple conversion process. While training would be required, it is the understanding of the Committee that executive branch employees would save ODF documents in a different format that would allow compatibility with other common software programs used by most citizens and businesses. ITD and industry vendors explained that this conversion process may create minor formatting changes, such as a logo or font, but will not affect document content. In circumstances where a conversion process could potentially interfere with the communication, including legal contracts, the user will maintain a parallel Microsoft application.
During the review of the effect
of the ETRM on citizen services, the Committee learned of potential adverse
consequences for persons with disabilities.
The Committee did not raise the
question of whether ITD violated disability law by issuing the ETRM, as
presented in ITD’s brief, but rather it reviewed the processes to ensure the
state’s technology is compliant with disability law. Presently, there is no requirement for ITD to
collaborate with advocates or state agencies representing disabled
persons. As a result, persons with
After posting the ETRM, ITD received public comments from members of the disability community, including Myra Berloff, Director of the Massachusetts Office on Disability (“MOD”), the Disability Policy Consortium (“DPC”), the Bay State Council for the Blind and more than a dozen workers with disabilities, expressing their concerns about the ETRM. MOD is the Commonwealth’s Americans with Disabilities Act coordinating agency with the mandate “to bring about full and equal participation of people with disabilities in all aspects of life.” In testimony submitted to ITD, Ms. Berloff noted that she was not aware of the ETRM proposal until it was published for public comment in August. Ms. Berloff commended ITD’s overall objectives, but stated:
The proposed migration to an XML-based open standards approach, however, concerns us. We are concerned that in reality it may be an unintended step backward toward closing off access to government information and government jobs for people with disabilities. As state government, we are obligated to ensure that we can effectively communicate with people with disabilities. Although the open source/open standards arena is no doubt making progress toward ensuring access for people with disabilities, it is our understanding that it is currently far less than fully usable for people who employ screen readers, speech recognition and other complex alternative interfaces.
Mr. Berrier, President of the Bay
State Council for the Blind, submitted testimony on
I [am] deeply concerned at the potential effect open source programming would have on the ability of people who are blind to access and use state systems and documents. It is imperative that the effect on people with disabilities be considered before such a change is made. I am blind and I rely heavily on a screen reader called JAWS and on Microsoft applications such as Word and Excel. As a blind person, I do not have the luxury of switching to other applications. These work well with JAWS only because scripts have been meticulously written to make them work.
These comments were echoed in testimony submitted to ITD by other state employees with disabilities who expressed concerns about the compatibility of assistive technology with changes proposed by the ETRM. One such employee, Mr. Gerard Boucher, stated that “[w]e believe these changes would fly in the face of the Americans with Disabilities Act, possibly leading to a loss of employment for some state employees who are blind.” Despite these public comments from MOD and the disability community, ITD made no accessibility related changes or policy announcements prior to the ETRM v. 3.5 publishing. ITD did make other “minor changes” to the standard and has in the past shown a willingness to respond to certain public comments, as it made its decision to exclude Office XML from ETRM v. 3.0 based on negative comments from the vendor community.
The Committee invited Ms. Berloff, Mr. Winske of the DPC, and Mr. Berrier to testify at the October 2005 oversight hearing. Ms. Berloff testified that she was concerned about the impact of ETRM on the disabled community, but that ITD has since included MOD in ETRM discussions. Ms. Berloff testified that Microsoft had become a good partner for assistive technology, but cautioned that the company required encouragement from MOD and there was a difficult transition period in the early 1990s. Ms. Berloff expressed similar concerns about the ETRM and the January 2007 deadline, but that she expected to be a partner in the ETRM development and implementation process to address the needs of the disability community.
At the hearing, Mr. Berrier and Mr. Winske testified in opposition to the ETRM and provided a demonstration of assistive technology and how implementation of the ETRM will prohibit accessibility to these applications for workers with disabilities. Mr. Berrier testified that this policy would increase unemployment among this group of workers. Mr. Berrier’s current level of access “far exceeds anything that has been available in the past…. While the computer may be an option for others, in many cases the technology represents the only way people with disabilities have of accomplishing tasks, be they simple office tasks or more complicated things.” Based on prior experiences with ITD, Mr. Berrier cautioned the committee about proceeding with a policy without assurances that it will meet the needs of the disability community. “[L]ooking at accessibility after a change has already taken placed [sic] is kind of like building a house, and then deciding to put a wheelchair ramp in after you have already built the porch, the driveway, the concrete steps, etc…. This relates to people's ability to hold jobs; it speaks to our livelihoods. This issue relates directly to the civil rights of people with disabilities.”
During the hearing, Mr. Quinn acknowledged that ITD has “learned from the well informed community of persons with disabilities that there are currently no office applications supporting ODF that meet the current standards for the accessibility of such applications. We will not disenfranchise the community of the persons with disabilities.” Mr. Quinn pledged to improve communication with the disability community in the continued development and implementation of the ETRM. While an accessibility working group did convene, ITD did not agree to meet with the DPC for several months until the Committee forwarded a letter on the DPC’s behalf to Secretary Trimarco in January 2006.
In November 2005, ITD drafted a Memorandum of Understanding (“MOU”) with MOD to ensure that the state’s IT policies incorporated the needs of the disabled community. For the past seven months, however, this MOU has been under review by ITD and, at the date of this report, has not been signed by all parties. While new ITD Director Louis Gutierrez informed the Committee that all sides are still working towards completion, the absence of this binding agreement provides no assurances of improved IT accessibility for the disabled community.
· ACCESSIBILITY ·
1. Despite public comments by the Massachusetts Office on Disability, advocates and state employees expressing accessibility concerns with the ETRM v. 3.5, the Information Technology Division did not delay its release, or make any changes or policy announcements prior to publishing the standard.
2. At the Committee’s October 2005 hearing, the Information Technology Division, the Massachusetts Office on Disability and representatives from the disability community testified that assistive technology is not readily compatible with applications that support the OpenDocument Format.
3. The Information Technology Division is not required to consult the Massachusetts Office on Disability and other disability advocacy groups in the development of the IT standards. The Massachusetts Office on Disability, which oversees compliance with state and federal disability laws, does not have authority to demand compliance of state IT standards or applications.
4. While no state agency tracks disability information on state employees, the Massachusetts Office on Disability “conservatively” reported that there are at least 1,400 state workers with disabilities, more than 1,000 of whom require some form of assistive technology. The Disability Policy Consortium testified that approximately 18-20% of the population has some form of disability, which would indicate there could be as many as 14,400 to 16,000 executive branch employees with disabilities.
There is approximately 70% unemployment, and an even greater
problem of underemployment, among persons with disabilities in
6. The state has had a history of problems providing IT accessibility for persons with disabilities. The Virtual Gateway, the state’s web portal for health and human services, is not compatible with certain assistive technology. The state’s website, Mass.gov, contains documents and features that are not accessible for persons with disabilities.
7. After more than seven months of negotiations, ITD has not finalized a Memorandum of Understanding with the Massachusetts Office on Disability and other human services agencies to ensure that future state IT policies do not adversely affect the needs or rights of the disabled. Without an MOU or legislation, there is no guarantee that state information technology applications in the Commonwealth will be accessible for persons with disabilities.
Although significant work remains, the new agency
leaders have demonstrated a more collaborative approach to the implementation
of IT policy. New
ITD should delay the ETRM implementation date of
2. To protect the rights of persons with disabilities and to prevent litigation, ITD should act in consultation with the MOD to ensure that IT standards comply with state and federal disability mandates. This should be accomplished either through legislation or a Memorandum of Understanding between MOD, the ITD and other appropriate state human service agencies.
3. To ensure accessibility for persons with disabilities, MOD should report to the Office of the State Auditor and the Attorney General on compliance of the state’s information technology systems with state and federal disability laws.
The enabling statute for the Senate Committee on Post Audit and Oversight mandates performance auditing “for the particular purpose of making an appraisal or evaluation of the … faithfulness of administrative compliance with the intent of legislation and administrative regulations affecting a specified agency of the commonwealth.” Accordingly, the Committee reviewed the authority of agencies presently involved in setting IT policy for the Commonwealth, including ITD, the Secretary of the Commonwealth, and the Records Conservation Board (“RCB”).
In the October 2005 oversight hearing, Mr. Quinn and Ms. Hamel of ITD and Mr. Alan Cote, Supervisor of Public Records, Secretary of the Commonwealth, disagreed on ITD’s legal authority to unilaterally issue the ETRM. Generally, ITD is responsible for the ongoing IT operations in the executive branch and the Secretary of the Commonwealth and the RCB are responsible for, among other things, public records creation, retention, and preservation policies. As public records are increasingly created in electronic format, information technology and document management policies have become intermingled, creating uncertain legal authority for state agencies.
The Secretary is the state’s mandated keeper of public records and employs the state Supervisor of Public Records (“Supervisor”). The Supervisor was established in 1892 to “take necessary measures to put the records of the commonwealth, counties, cities or towns required by law and to secure their preservation” and administers and enforces the state’s Public Record Law. The Supervisor is arbiter of the manner in which public records are recorded and stored.
The Records Conservation Board, created in 1920, is comprised of the state librarian, the Attorney General, the state comptroller, the Commissioner of Administration, the Supervisor of Public Records and the state archivist. The RCB may “require all departments of the commonwealth to report to it what series of records they hold, to set standards for the management and preservation of such records, and to establish schedules for the destruction, in whole, or in part, and transfer to the archives or another appropriate division within the office of the state secretary, in whole, or in part, of records no longer needed for current business.” (Emphasis added). The RCB’s authority applies to all documentary materials, “regardless of physical form or characteristics,” made by any state agency or governmental subdivision.
The Information Technology Division has the mandate to carry out “the efficient and economical administration of [IT] systems within the executive departments including, but not limited to, setting information technology standards… reviewing and approving the planning, design, acquisition and operation of information technology systems, assessing the performance of information technology systems and operations…. ” ITD has also been authorized to expend funds appropriated by the legislature in IT Bond bills, requiring any executive branch agency requesting new IT hardware or software to seek the approval of ITD.
The Supervisor, the RCB and ITD are granted identical authority in the Massachusetts Uniform Electronic Transactions Act (MUETA). The MUETA was adopted from a national model to ensure a uniform application of law for transactions between parties that rely on electronic means such as email and electronic signature. Despite numerous meetings with the Mr. Cote about the ETRM, ITD issued the standard without the approval of the Secretary and without ever formally presenting it to the RCB, let alone receiving its approval. In a brief to the Committee, ITD asserted that it has “clear” legal authority for adoption of standards pertaining to electronic document formats for the executive branch. ITD’s claims may broadly be categorized as the following:
1. Legal Construction: ITD claims the legal construction of the three agencies, ITD, the Secretary of the Commonwealth, and the Records Conservation Board, favors authority of a more recently created centralized agency that oversees technology standards for the Commonwealth.
2. Lack of Jurisdiction: ITD claims that the Archivist, Secretary and RCB have no authority over the ETRM because the standard does not affect document creation, maintenance or destruction.
3. MUETA: ITD claims the MUETA was adopted to ensure collaboration on IT policies that affect state public records (which the ETRM does not) and was not a reorganization of the agencies that altered existing legal authority.
The Committee reviewed the brief, met with ITD’s General Counsel on several occasions and analyzed the enabling statutes and supporting case law for the three agencies and found questionable legal authority for ITD’s issuance of the ETRM standard based on the following:
ITD argues that it has the
authority to set standards that may affect public records because it was
created subsequent to the Secretary and the RCB and the principles of legal
construction hold that the more recent and more specific statute governs. The Committee has several concerns about this
contention. First, the legal
construction of a more recent, more specific statute superseding a general rule
applies when two or more statutes conflict.
Doe v. Attorney General, 425
Second, a more specific statute
does not repeal an underlying
authority. Doe, 425
Third, ITD argues that it has
power to issue IT standards for the executive branch, which have inherent
affect on public records and that the “[l]egislature must be assumed to have
know [sic] that it had [granted the agency this power].”  Importantly, ITD’s statute does not provide any
authority over public records. The
legislature is presumed to understand existing statutes and the
Lack of Jurisdiction
ITD states that the Secretary and the RCB have no jurisdiction over the ETRM because it is an architectural blueprint that contains no provisions for the creation, maintenance or preservation of electronic documents. The ODF is part of the ETRM’s principles for open standards and is strictly a technology decision regarding executive branch documents and has no effect on the authority of the Secretary of the Commonwealth and the Records Conservation Board. First, ITD claims that the Secretary’s office only administers non-current records, which are not affected by the ETRM and that the Supervisor of Public Records has already allowed agencies to play a role in archiving electronic records. Second, the RCB’s authority extends only to non-current records and cannot affect the existing authority of the Executive Office of Administration and Finance.
Currently, when a record is deemed public and necessary for long-term preservation, the State Archivist converts the record, regardless of type (paper, electronic, etc.), into a format that guarantees the record’s accessibility and readability into the future. The hardware and software used in the process is jointly selected by the Supervisor, the state archivist, and the RCB. In developing document standards in the ETRM, ITD was aware of the conflict with public records jurisdiction and removed any specific provisions relative to the creation, preservation or destruction of public records. ITD still concedes, however, that it can’t function without issuing standards that “that profoundly affect the creation and storage of public records.”
Mr. Cote maintains that the ETRM still
infringes on the Secretary’s authority. Specifically,
Mr. Cote asserts and ITD admits that the Supervisor is responsible for the
proposal to build the state’s digital archive, a
central storage facility for all electronic documents created by state and
local government entities in
Mr. Cote has acknowledged that he finds promise in the ODF, but has expressed two concerns about its impact on public records. First, the ODF, while endorsed by certain archival agencies, at this time is not sufficiently mature to guarantee the storage of public records. Mr. Cote maintains this is not a technology decision for ITD, because if such a standard proves unworkable for the Secretary’s proposed digital archive, then it has public records creation and preservation implications. Second, Mr. Cote argues that many state agencies with whom his office works to develop document storage programs, have made significant financial investments in IT systems that operate efficiently and securely, and will no longer be available under the ETRM. Consequently, ITD has issued a standard that the Secretary will be required to manage under the digital archive and has removed an existing public records storage option for municipalities and state agencies without the approval of the Secretary of the Commonwealth or the RCB.
ITD claims that the RCB has no jurisdiction
over the ETRM because the enabling statute pertains to non-current records and
shall not lessen the authority of the Executive Office for Administration and Finance. In a public meeting on
Recognizing the intersection of document management and information technology, the MUETA, among other things, requires ITD, the Secretary, and the RCB to jointly administer decisions about the creation, preservation and destruction of electronic documents. The MUETA, in relevant part, provides the following:
Section 17. (a) The supervisor of records under section 1 of chapter 66 and clause Twenty-sixth of section 7 of chapter 4, the records conservation board under section 42 of chapter 30, and the information technology division under section 7 of chapter 4A, shall determine whether, the extent to which and the manner by which each executive department agency shall create, maintain and preserve electronic records, signatures and contracts and the method of converting paper government records to electronic format. Nothing in this chapter shall affect the existing authority of the supervisor of records, the records conservation board or the information technology division under the cited sections. (Emphasis added). 
In determining the validity of
administrative compliance with legislative mandates, the Massachusetts Supreme
Court first looks at the clarity of the statutory language, which is the
“principal source of insight into Legislative purpose.” Massachusetts Hosp. Ass’n v. Department of
Medical Sec., 412
In recent years, the legislature
has placed limits on ITD’s authority to independently develop IT policy. The 2002 capital outlay bill, referred to as
If the statute is unclear or
provides discretion, a state agency has latitude to interpret statutory
construction, but “[an] incorrect interpretation of a statute… is not entitled
to deference.” Massachusetts Hospital
Ass’n, 412 Mass 340, 346 citing Kszepka’s Case, 408
In reviewing the legal authority of these agencies, the Committee notes the public policy importance of the Secretary’s role in preserving public records. “The commitment to maintaining the availability of such records is one of state government's most fundamental and vital responsibilities.” Public records are accessed each day by hundreds of thousands of citizens relying on basic government services. In addition to documenting the state’s history, these records help taxpayers with health benefits, voting information, housing deeds, automobile registration, and basic corporate operations. The state public records law permits citizens the absolute right of access to public information, including the right to inspect or copy public records from government agencies. Any policies that potentially compromise public records standards must be done with the approval of the Secretary of Commonwealth.
1. ITD did not have the statutory authority to issue provisions in the ETRM relating to public records management. The Secretary of the Commonwealth and the Records Conservation Board both have jurisdiction over public records in Massachusetts and did not approve the ETRM as required by Massachusetts statute.
2. The Secretary of the Commonwealth, the state’s keeper of public records, has expressed opposition to the ETRM. The Supervisor of the Public Records claims that if such a standard proves unworkable for the Secretary’s proposed public records digital archive, then it has public records creation and preservation implications.
3. The Records Conservation Board stated that the ETRM will affect the state’s public records and it was never provided a formal presentation of the standard let alone endorsed it.
4. The language of the MUETA clearly requires collaboration with the Secretary of the Commonwealth and the Records Conservation Board. This interpretation is consistent with legislative intent that ITD collaborate with other bodies in the development of certain IT policy.
5. The legislature has limited the authority of ITD on several occasions since 2002. Specifically, the legislature has required ITD to obtain the approval of other agencies that may be affected by IT strategic decisions as well as reporting requirements to the various legislative committees and state agencies.
6. The maintenance and preservation of public records is an essential function of state government. Hundreds of thousands of citizens rely on public records each day for the administration of basic government services such as health care, voting information, housing deeds and corporate operations. The Secretary of the Commonwealth is responsible for ensuring citizens have the absolute right to these documents.
1. To ensure the protection of the state’s public records, the Secretary of the Commonwealth and the Records Conservation Board should maintain authority to approve IT standards that affect public records.
2. The legislature should adopt legislation proposed by Secretary William Galvin to include the Information Technology Division on the Records Conservation Board.
· Process ·
The 2002 IT Commission, in its
mission statement, recommended that “[e]nterprise IT reform in
Over a two year period, ITD put significant effort into drafting the ETRM, including legal research, vendor forums, and communication with state CIOs. Despite these efforts, the Committee’s investigation revealed that ITD did not have a sufficiently open process during the ETRM development period and excluded important constituencies, including state agencies, legislators and advocates.
ITD normally conducts monthly meetings for all state agency CIOs “to ensure information is accessible to all who could benefit [and] the intent to publish agendas, presentations, and handouts, and to provide meeting minutes.” In the development of the ETRM, however, ITD relied on a series of “kitchen cabinet” meetings that included a small group of executive branch CIOs and did not release meeting minutes or make meeting information public. From December 2004 until August 2005, a period in which two versions of the ETRM were released, ITD cancelled nine of the ten scheduled monthly CIO meetings and did not discuss the ETRM in the one meeting it did hold.
In the October 2005 oversight
hearing, MOD Director Myra Berloff testified that she was unaware of the ETRM
until it was published. ITD subsequently
confirmed that “some of the disability agency IT people were left off of the
CIO meeting list (inadvertently)” but have since [after release of the ETRM v.
3.5] been included in discussions. In November, the Committee learned that the DPC
had been unable to schedule a meeting with ITD despite numerous requests, and forwarded
a letter to Secretary Thomas Trimarco. A
meeting was scheduled on
There is disagreement between ITD and the Supervisor of Public Records about the level of collaboration between the agencies in the development of the ETRM. ITD claims it provided the Secretary special deference on the matter, while Mr. Cote asserted that he repeatedly expressed his reservations about the standard and his concerns were not addressed. Mr. Cote claims that he was not aware the ETRM would contain document format standards until June 2005. Also, while ITD did communicate with Mr. Cote, a member of the RCB, the agency did not collaborate with the RCB in the development of the ETRM, and did not seek the approval of or even make a formal presentation to the RCB prior to its issuance.
INFORMATION TECHNOLOGY ADVISORY BOARD
In 2004, the legislature enacted the Information Technology Advisory Board (“Advisory Board”) based upon the 2002 IT Commission’s recommendations to improve the government’s uncoordinated IT strategy. The Commission found that the state’s disparate IT policies resulted in increased costs, and decreased information sharing and capabilities and consequently, decreased value and utility to the taxpayers and businesses of the Commonwealth. To address these concerns and develop a statewide IT coordinated strategy, the legislature passed Chapter 149 of the Acts of 2004, which created an advisory panel of the government’s three branches.
The seven member Advisory Board is comprised of the state CIO, legislative CIO, the judiciary’s CIO, the Chairs of the House and Senate Committee on Science and Technology, and two members selected by the Governor. It is charged with drafting a MOU that is “acceptable to the executive department, legislature, judiciary and constitutional offices that shall include information technology standards and a strategic plan for the signatories' acquisition and use of information technology.” The Advisory Board was designed to advise the state CIO on IT issues, “including the development of an enterprise vision, strategy and direction for the use of information technology in the executive department, the development of policy, strategic planning, and project selection criteria, and information technology architecture, infrastructure, information technology investments and security.”
Enacted in July of 2004, the Advisory Board conducted its
first meeting on
The Advisory Board has met twice since the issuance of the
annual report, but has not drafted an MOU outlining IT Strategy. ITD maintains that the goals of the ETRM, which
is a strategic vision and specifications for the executive branch, are not what
the legislature envisioned as “strategy” in the passage of the Advisory
Board. While the Advisory Board is a
consultative entity and constitutional
prohibitions preclude interference between branches of government, it was
developed as a collaborative entity to create more value for the taxpayers and
ensure that the
ADMINSTRATIVE PROCEDURE ACT
It is important that government
agencies, particularly information technology agencies, have flexibility in
decision-making processes. ITD is forced
to make hundreds of decisions about IT procurements and standards, varying in
size and scope, which are within the scope of its expertise and have no impact
on outside entities. For example, in the
event of a virus threat or a systems failure, ITD may be required to make
real-time decisions and procurements that should not be slowed by bureaucratic
requirements. Agencies should, however,
maintain an open administrative process for more comprehensive policies to
ensure public input, a transparent process and avenues of administrative
recourse. The Massachusetts
Administrative Procedures Act (“
As ITD does not have regulatory
authority, it issued the ETRM as a standard which it claims is not subject to
The Committee recognizes the
temptation for parties to use
· Process ·
1. ITD held a voluntary public comment period, industry vendor forums, and conducted legal research, but did not lead a collaborative policy-making process with the legislature and other state agencies in developing the ETRM.
2. The Massachusetts Office on Disability, the state’s American Disability Act compliance office, was not aware of the ETRM until it was published in August 2005.
3. The Records Conservation Board, comprised of public records specialists, believes the ETRM will affect public records, but was not consulted in the development of the ETRM and did not receive a formal presentation of the standard prior to issuance.
4. The Supervisor of Public Records and ITD communicated intermittently during the development of the ETRM. ITD claims that it made repeated attempts to work with the Office of the Secretary of the Commonwealth, while the Supervisor maintains there was no recognition of the concerns of the Secretary of the Commonwealth.
5. ITD did not formally present the ETRM to the IT Advisory Board, a nonbinding entity created to coordinate a statewide IT policy between the three government branches prior to releasing the standard.
The Advisory Board should continue to meet, pursuant to
Chapter 149 of the Acts of 2004, to ensure there is a collaborative process in
the development of IT strategy for the
2. ITD should establish a formal notice period and public hearing process prior to issuing all IT architecture standards to ensure there is an open and transparent administrative process.
3. The legislature should add the state’s constitutional office holders (Secretary of the Commonwealth, Auditor of the Commonwealth, and Treasurer) to the IT Advisory Board to ensure all governmental agencies are included in state IT discussions.
 Memorandum from Eric Kriss, Secretary, Executive Office for Administration and Finance, to Peter Quinn, Chief Information Officer, Information Technology Division (Sept. 26, 2003) (on file with author).
Capital Budget, Eric Kriss, Secretary, Executive Office for Administration and
Enterprise Open Standards and Open Source Policy, Policy #: ITD-APP-01,
Information Technology Division (
 Enterprise Information Technology Acquisition Policy, Policy #: ITD – APP – 02, Information Technology Division, (Jan. 13, 2004) (on file with author).
 The Open
Source Definition, www.opensource.org,
TechEncyclopedia, www.techweb.com. viewed
 Enterprise Technical Reference Manual version 3.5,
Information Technology Division, (
Governor Romney’s Progress Report to the People of the
 Brief of the Information Technology Division Regarding Adoption of Open Document Format, Information Technology Division, submitted to Senator Marc R. Pacheco, Chairman, Senate Committee on Post Audit and Oversight (Nov. 16, 2005) (on file with author).
 ITD has
provided a list of entities that have implemented software that supports the
ODF, including the French Ministry of Economy, Finance, and Industry, the
with Craig Burlingam, Chief Information Officer,
 ITD Brief.
Interview with Linda Hamel, ITD General Counsel,
ETRM was published on
 ITD Brief.
from Peter Quinn, Director, Information Technology Division to Senator Marc R.
Public Testimony on the ETRM by John Beveridge, IT Audit Director, for the Office of the State Auditor, submitted to Information Technology Division. Mr. Beveridge inquired whether there was a “sufficient understanding of the current IT environment across the Commonwealth and the impact of the change” prior to setting an implementation date and whether ITD considered “the change required in the culture of information use and management needed for an enterprise framework.”
 Email correspondence from John Beveridge, IT Audit Division, Office of the Auditor of the Commonwealth, to Peter Quinn, Director, Information Technology Division, public comments on the ETRM (Sept. 9, 2005) (on file with author). It should be noted that Mr. Beveridge’s comments were not posted on ITD’s website due to a technology error that prevented submission prior to the deadline. The comments were subsequently emailed to ITD.
 Email from Linda Hamel, General Counsel, ITD, to Jesse Stanesa, Director, Senate Committee on Post Audit and Oversight, (March 30, 2006) (on file with author).
 ITD worked with the state Human Resources Department to develop the cost analysis. During the October 2005 hearing and as part of its investigation, the Committee learned that ITD consulted with a limited number of executive branch CIOs.
Interview with Linda Hamel, General Counsel, Information Technology Division and
Bethann Pepoli, Deputy Chief Information Officer, Information Technology
Division in Boston, Mass. (
 The ETRM requires the executive branch agencies to make the ODF the default standard for text and spreadsheet documents.
Interview with Linda Hamel, General Counsel, Information Technology Division,
and Bethann Pepoli, Deputy Chief Information Officer, Information Technology
 In response to a Committee request, Myra Berloff, Director of the Massachusetts Office on Disability, provided a “conservative” estimate of 1,400 state workers with disabilities with 1,000 requiring assistive technology. The Disability Policy Consortium testified that 18-20% of the population has some form of disability, which if applied to the executive branch would be 14,400 to 16,000.
 Interviews with disability advocates.
 Interview with disability advocates.
 Interview with disability advocates.
 Public Testimony of Myra Berloff, Director, Massachusetts Office on Disability, submitted to Senator Marc R. Pacheco, Chairman, Senate Committee on Post Audit and Oversight, (Oct. 31, 2005) (on file with author).
Testimony of Jerry Berrier, President, Bay State Council for the Blind,
submitted to Peter Quinn, Director, Information Technology Division. (
Testimony of Gerard Boucher. submitted to Peter Quinn, Director, Information
Technology Division. (
 Public Testimony of Jerry Berrier, President, Bay State Council for the Blind, submitted to Senate Committee on Post Audit and Oversight (Oct. 31, 2005) (on file with author).
Testimony of Peter Quinn, Director, Information Technology Division, submitted
to the Senate Committee on Post Audit and Oversight (
 Letter from Thomas Trimarco, Secretary, Executive Office of Administration and Finance, to Myra Berloff, Director, Massachusetts Office on Disability (Jan. 13, 2006) (on file with author).
 Mass. Gen. L. c. 3, § 63 (2002)
 Mass Gen. L. c. 66, § 1 (2002)
 Mass Gen. L. c. 66, § 10 (2002)
 Mass. Gen. L. c. 30, § 42 (2002)
 Id. Mass. Gen. L. c. 30 § 42 (2002)
 Id. Mass. Gen. L. c. 30 § 42 (2002)
 Mass. Gen. L. c. 7, § 4A (d) (2002)
 Mass. Gen. L c. 110G, § 17 (a) (2002)
Interview with Mr. Stephen Fulchino, Chairman, Records Conservation Board, in
 Doe v. Attorney General refers to a general statute about disclosure of juvenile records and a subsequent conflicting act governing disclosure of .the records of juveniles that have committed sex offenses. The subsequent act was given precedence because the legislature is presumed to be aware of existing statutes.
 ITD specifically removed provisions from the ETRM relative to document creation, destruction and preservation to avoid conflict with the jurisdiction of the Secretary of the Commonwealth.
 Interview with Linda Hamel, General Counsel, Information Technology Division and Bethann Pepoli, Deputy Chief Information Officer, in Boston, Mass. (Feb. 10, 2006).
 The Supervisor submitted a draft proposal for IT Bond funding for the digital archive that will automatically retain all public records generated by state and local government entities. This important initiative is designed to reduce paper costs, avoid lost electronic records, ensure long-term preservation of records, and provide instant access to public records for all citizens. ITD has expressed implementation concerns about the proposal and requested additional information
 Supervisor of Public Records Bulletins…
Secretary Galvin’s Guide to the State Public Records Law.
 Interview by Andrew Updegrove, Gesmer Updegrove, LLP, with Alan Cote, Supervisor of Public Records, Office of the Secretary of the Commonwealth. Mr. Cote commented that the ODF “does show promise as one of the formats our government should use to accomplish our goals of preserving records and serving the public.”
 It is the understanding of the Committee that the Microsoft Office application could support the ODF, as it did the PDF standard in Office 12. Microsoft informed the Committee that adoption of the PDF standard required 18 months of research and development. Microsoft is concerned that results may not produce full functionality for documents.
Interview with Mr. Stephen Fulchino, Chairman, Records Conservation Board, in
 Mass. Gen. L. c. 110G, § 17 (2002).
 In the “Frequently Asked Questions” document on the ITD website, ITD suggested that it had sole legal authority under the UETA to “create, maintain and preserve documents.” At the oversight hearing the omission of the Secretary of the Commonwealth and the RCB was clarified.
 House Bill 4213 (2002)
 Chapter 142 of the Acts of 2002.
 Ms. Hamel stated that Mr. Cote is a member of the RCB and ITD considered him a liaison during the discussions, but the Chairman of the RCB is Stephen Fulchino, an appointee of the Governor, and there was never a presentation to other members of the board.
Society of American Archivists, Statement
on the Importance of
 Mass. Gen. L. c. 66
 Enterprise IT Strategy, Final Report, Information Technology Commission, (Feb. 2003) (on file with author).
Website. IT Leaders CIO Meetings. Viewed
 Email from Linda Hamel, General Counsel, Information Technology Division, to Jesse Stanesa, Director Senate Committee on Post Audit and Oversight (Apr. 3, 2006, 12:20 EST) (on file with author).
 Email from Bethann Pepoli, Deputy Chief Information Officer, Information Technology Division, to Jesse Stanesa, Director, Senate Committee on Post Audit and Oversight (Feb. 13, 2006, ) (on file with author).
 Interview by Andrew Updegrove, Gesmer Updegrove, LLP, with Alan Cote, Supervisor of Public Records, Office of the Secretary of the Commonwealth, at http://www.consortiuminfo.org/newsblog/blogcat.php?CID=30&Result_Set=5
Interview with Stephen Fulchino, State Librarian and Chairman of the Records
Conservation Board, in
 IT Advisory Board Yearly Report, Fiscal Year 2005, (2005) (on file with author).
 The Advisory Board was created in the Fiscal Year 2005 budget, but was delayed in part due to a reorganization of legislative committees.
 IT Advisory Board Annual Report
 Mass. Gen. L. c. 30A (2002)
 Public testimony to the Information Technology Division by submitted by Alan Yates, General Manager, Microsoft, September 2005.
 The architecture standards referred to here do not include standards under the domain of the Enterprise Security Board.
 There have been four versions of the ETRM issued since 2003.