• Background: Illinois has an excellent FOIA statute with few exceptions. Any information collected by a public body is public property and anyone can request it. The main limitation is that FOIA can't compel public bodies to create new records. Information now often lives in databases with specific schemas.
• Matt Chapman vs. City of Chicago: Matt Chapman is a civic hacker who uses FOIA to extract data. He requested the CANVAS database schema from Chicago, which was refused under a specific exemption. He sued the city with the help of Merrick Wayne and Matt Topic.
• The Trial: The trial centered around whether disclosing the CANVAS schema would endanger security. I was Matt's expert witness and argued against the city's claims. We discussed SQL Injection and how the schema doesn't pose a threat. I made some mistakes but ultimately won the judge over.
• The Appeal: Chicago appealed the decision. The appeals court found that for an attack to be likely under FOIA, it needed clear evidence of harm. They didn't address whether a SQL schema is a file layout. The Illinois Supreme Court then disagreed, saying the qualifying language only applies to "any other information" and "file layouts" are exempt. A SQL schema is not a file layout, but the court considered it one, and we lost.
• Where This Leaves Us: Illinois public bodies can now refuse to divulge database schemas, which is a problem as more data is in databases. SB0226 would add language to the statute requiring public bodies to provide a description of database structures for specific queries. Matt Chapman's persistence led to this bill, and it should be called "The Chapman Act". Call your reps!