← Back to Search
Phil Thompson v. Massachusetts Port Authority (SPR 20253718)
Massachusetts Public Records Appeal · Petitioner won — agency ordered to provide records · Filed 12-17-2025
ClosedAppealPetitioner Won
SPR 20253718 is a Massachusetts Public Records Law appeal filed by Phil Thompson concerning records held by Massachusetts Port Authority, opened 12-17-2025. Type: Appeal. Status: Closed. Supervisor of Public Records determination: Petitioner won — agency ordered to provide records.
Case Details
- Case Number
- 20253718
- Case Type
- Appeal
- Case Subtype
- Initial
- Status
- Closed
- Requester
- Phil Thompson
- Custodian
- Massachusetts Port Authority
- Date Opened
- 12-17-2025
- Date Closed
- 01-02-2026
PDF Document
Extracted Text (searchable & copyable)
The Commonwealth of Massachusetts William Francis Galvin, Secretary of the Commonwealth Public Records Division Manza Arthur Supervisor of Records January 2, 2026 SPR25/3718 Joshua Monahan, Esq. Senior Legal Counsel Massachusetts Port Authority One Harborside Drive, Suite 200S East Boston, MA 02128 Dear Attorney Monahan: I have received the petition of Phil Thompson appealing the response of the Massachusetts Port Authority to a request for public records. See G. L. c. 66, § 10A; see also 950 C.M.R. 32.08(1). On July 23, 2025, Mr. Thompson requested the following: [1] Electronic badge-in or access control records (including any log-in/log-out data, ID scans, gate access records, or time-tracking logs) for [two identified individuals]; [2] Payroll records and job classification reports for [two identified individuals] for 2010-2025 including: [a] Position titles held, job descriptions, and classification…; [b] Dates of hire, changes in employment status, promotions, or reclassifications; [c] Weekly or biweekly pay stubs or summaries, including total hours paid, overtime hours, and job codes used; [d] Any associate documentation justifying or approving their pay, including supervisor approvals or timecard entries; and [e] Records of payments made through third-party agents, if applicable… [3] Payroll records for all longshoremen employed under Ship Operations and Conley Terminal (2000-2005); [4] Job assignment records/dispatch logs documenting who was scheduled or dispatched to each job during that time; [5] Badge-in/official attendance records, including any gate access logs or security sign-in data, showing actual entry into the facility by those employees. On September 15, 2025, Mr. Thompson modified Item 2 of his request as follows: One Ashburton Place, Room 1719, Boston, Massachusetts 02108 • (617) 727-2832 • Fax: (617) 727-5914 sec.state.ma.us/pre • pre@sec.state.ma.us Joshua Monahan, Esq. SPR25/3718 Page 2 January 2, 2026 [t]o further narrow and clarify my request, I will settle for the following: Payroll and job assignment records Payroll and job assignment records for [two named individuals] covering January 1, 2010, through July 1, 2025, limited to the following job categories at Conley Terminal: Utility[;] Swap[;] Extra Dock[.]” “[F]or these roles, please provide dates worked, hours paid, overtime and corresponding pay.” [a]“Badge-in records (or a date/time verified way to prove they were in attendance at the facility) for [two named individuals] covering the same time period (2010-2025), but only for days/weeks where they held the above listed jobs of: swap, utility, and extra dock jobs. Prior Appeals This request was the subject of prior appeals. See SPR25/2401 Determination of the Supervisor of Records (August 18, 2025); SPR25/2710 Determination of the Supervisor of Records (September 29, 2025) and SPR25/2944 Determination of the Supervisor of Records (October 22, 2025). In my October 22nd determination, I ordered the Authority to clarify its claims under Exemptions (a) and (n) of the Public Records Law for withholding records responsive to Items 1 and 5 of the request. I also found that where the Authority had confirmed that it possessed no records responsive to Items 3 and 4, that this portion of Mr. Thompson’s appeal was resolved. Subsequently, the Authority responded on November 19, 2025. Unsatisfied with the Authority’s response, Mr. Thompson petitioned this office, and this appeal, SPR25/3718, was opened as a result. The Public Records Law The Public Records Law strongly favors disclosure by creating a presumption that all governmental records are public records. G. L. c. 66, § 10A(d); 950 C.M.R. 32.03(4). “Public records” is broadly defined to include all documentary materials or data, regardless of physical form or characteristics, made or received by any officer or employee of any agency or municipality of the Commonwealth, unless falling within a statutory exemption. G. L. c. 4, § 7(26). It is the burden of the records custodian to demonstrate the application of an exemption in order to withhold a requested record. G. L. c. 66, § 10(b)(iv); 950 C.M.R. 32.06(3); see also Dist. Attorney for the Norfolk Dist. v. Flatley, 419 Mass. 507, 511 (1995) (custodian has the burden of establishing the applicability of an exemption). To meet the specificity requirement a custodian must not only cite an exemption, but must also state why the exemption applies to the withheld or redacted portion of the responsive record. If there are any fees associated with a response, a written good faith estimate must be provided. G. L. c. 66, § 10(b)(viii); see also 950 C.M.R. 32.07(2). Once fees are paid, a records Joshua Monahan, Esq. SPR25/3718 Page 3 January 2, 2026 custodian must provide the responsive records. Fee Estimates – Agencies An agency may assess a reasonable fee for the production of a public record except those records that are freely available for public inspection. G. L. c. 66, § 10(d). The fees must reflect the actual cost of complying with a particular request. Id. A maximum fee of five cents ($.05) per page may be assessed for a black and white single or double-sided photocopy of a public record. G. L. c. 66, § 10(d)(i). Agencies may not assess a fee for the first four (4) hours of employee time to search for, compile, segregate, redact or reproduce the record or records requested. G. L. c. 66, § 10(d)(ii). Where appropriate, agencies may include as part of the fee an hourly rate equal to or less than the hourly rate attributed to the lowest paid employee who has the necessary skill required to search for, compile, segregate, redact or reproduce a record requested, but the fee shall not be more than $25 per hour. Id. A fee shall not be assessed for time spent segregating or redacting records unless such segregation or redaction is required by law or approved by the Supervisor of Records under a petition under G. L. c. 66, § 10(d)(iv). See G. L. c. 66, § 10(d)(ii); 950 C.M.R. 32.06(4). Current Appeal In his appeal petition, Mr. Thompson states the following: The basis of my appeal is twofold: 1. Items 1 & 5: I contest the withholding of attendance/badge in logs. I maintain that the public interest in investigating potential payroll fraud outweighs the Authority’s broad security claims. 2. Item 2: I contest the fee requirement. I have no problem paying the fee if I can acquire badge in records as well, as this is crucial for proving labor attendance for the two individuals. I maintain that payment should be conditional upon the disclosure of the verification records/badge in logs in Items 1 and 5. Additionally, in his appeal petition, Mr. Thompson clarifies the following: I acknowledge that I am not presently appealing the assessed fee estimate for the modified payroll and job assignment records responsive to Item 2. However, please be advised that my intent to remit payment for this fee is expressly conditional upon the simultaneous release of the corresponding badge-in/ attendance data. Upon review of the appeal petition, it appears Mr. Thompson objects only to the withholding of records responsive to Items 1 and 5 of the request, and does not object the amount of the $2,275 fee estimate for records responsive to Item 2 of the request, previously provided in Joshua Monahan, Esq. SPR25/3718 Page 4 January 2, 2026 the Authority’s September 12, 2025 response. The Authority’s November 19th Response In its November 19, 2025 response, the Authority cites 33 C.F.R. § 105.225(b) and 33 C.F.R. § 1520.9(a) as they operate through Exemption (a) of the Public Records Law to withhold records responsive to Items 1 and 5 of the request. The Authority also cites Exemption (n) of the Public Records Law for withholding the records. See G. L. c. 4, § 7(26)(a), (n). Exemption (a) Exemption (a), known as the statutory exemption, permits the withholding of records that are: specifically or by necessary implication exempted from disclosure by statute G. L. c. 4, § 7(26)(a). A governmental entity may use the statutory exemption as a basis for withholding requested materials where the language of the exempting statute relied upon expressly or necessarily implies that the public’s right to inspect records under the Public Records Law is restricted. See Att’y Gen. v. Collector of Lynn, 377 Mass. 151, 154 (1979); Ottaway Newspapers, Inc. v. Appeals Court, 372 Mass. 539, 545-46 (1977). This exemption creates two categories of exempt records. The first category includes records that are specifically exempt from disclosure by statute. Such statutes expressly state that such a record either “shall not be a public record,” “shall be kept confidential” or “shall not be subject to the disclosure provision of the Public Records Law.” The second category under the exemption includes records deemed exempt under statute by necessary implication. Such statutes expressly limit the dissemination of particular records to a defined group of individuals or entities. A statute is not a basis for exemption if it merely lists individuals or entities to whom the records are to be provided; the statute must expressly limit access to the listed individuals or entities. In its response, the Authority cites 33 C.F.R. § 105 and 49 C.F.R. §§ 15, 1520, federal regulations promulgated by the Transportation Security Administration (TSA) and the Department of Homeland Security, which provide protection for sensitive security information. 49 C.F.R. § 15 provides in pertinent part as follows: This part governs the maintenance, safeguarding, and disclosure of records and information that TSA has determined to be Sensitive Security Information, as defined in § 1520.5. This part does not apply to the maintenance, safeguarding, or disclosure of classified national security information, as defined by Executive Joshua Monahan, Esq. SPR25/3718 Page 5 January 2, 2026 Order 12968, or to other sensitive unclassified information that is not SSI, but that nonetheless may be exempt from public disclosure under the Freedom of Information Act. In addition, in the case of information that has been designated as critical infrastructure information under section 214 of the Homeland Security Act, the receipt, maintenance, or disclosure of such information by a Federal agency or employee is governed by section 214 and any implementing regulations, not by this part. 49 C.F.R. § 15 et. seq. The Authority also cites 33 C.F.R. § 105.225, which provides in pertinent part as follows: (b) Records required by this section may be kept in electronic format. If kept in an electronic format, they must be protected against unauthorized deletion, destruction, or amendment. The following records must be kept: . . . (9) TWIC Reader/Physical Access Control System (PACS). For each individual granted unescorted access to a secure area, the: FASC-N; date and time that unescorted access was granted; and, if captured, the individual’s name. Additionally, documentation to demonstrate that the owner or operator has updated the Canceled Card List with the frequency required in § 101.525 of this subchapter. (c) Any record required by this part must be protected from unauthorized access or disclosure. Electronic reader records and similar records in a PACS are sensitive security information and must be protected in accordance with 49 CFR part 1520. 33 C.F.R. § 105.225(b)(9), (c). Additionally, 33 C.F.R. § 1520.9, provides in pertinent parts as follows: (a) Duty to protect information. A covered person must— (1) Take reasonable steps to safeguard SSI in that person’s possession or control from unauthorized disclosure. When a person is not in physical possession of SSI, the person must store it a secure container, such as a locked desk or file cabinet or in a locked room. (2) Disclose, or otherwise provide access to, SSI only to covered persons who have a need to know, unless otherwise authorized in writing by TSA, the Coast Guard, or the Secretary of DOT. . . . 33 C.F.R. § 1520.9(a). In its November 19th response, under the regulations cited above, the Authority argues the following: Joshua Monahan, Esq. SPR25/3718 Page 6 January 2, 2026 With regard to the Authority’s position that access control records are SSI, protected under Federal law as described above, we emphasize that Conley Terminal is critical infrastructure, under a Federally approved and regulated Port Security Plan. Massport’s access control systems, and data contained therein, are records explicitly categorized as SSI. Under Title 33 CFR Part 105, specifically §105.225(b)(9), Massport is required to keep the following protected records – “TWIC Reader/Physical Access Control System (PACS). For each individual granted unescorted access to a secure area, the: FASC-N; date and time that unescorted access was granted; and, if captured, the individual’s name…” Further, § 105.225 (c), requires that such access data “must be protected from unauthorized access or disclosure. Electronic reader records and similar records in a [Physical Access Control System] are sensitive security information and must be protected in accordance with 49 CFR 1520.” Again, 49 CFR 1520 prohibits unauthorized disclosure to individuals without a need to know. While Mr. Thompson represents that his request for these records is for “payroll verification and labor accountability,” this may very well reflect Mr. Thompson’s subjective motivation for requesting the records, but it does not qualify him as a person with an operational need to know under 49 CFR 1520. Under exemption (a), and in accordance with the above cited law and regulations, the Authority cannot disclose access control data, to the extent such data exists, in these circumstances. Simply stated, there is no reasonable way to segregate the data to prevent the unauthorized disclosure of SSI given that the data sought to be segregated is, in and of itself, SSI. Exemption (n) Exemption (n) applies to: records, including, but not limited to, blueprints, plans, policies, procedures and schematic drawings, which relate to internal layout and structural elements, security measures, emergency preparedness, threat or vulnerability assessments, or any other records relating to the security or safety of persons or buildings, structures, facilities, utilities, transportation, cyber security or other infrastructure located within the commonwealth, the disclosure of which, in the reasonable judgment of the record custodian, subject to review by the supervisor of public records under subsection (c) of section 10 of chapter 66, is likely to jeopardize public safety or cyber security. G. L. c. 4, § 7(26)(n). Exemption (n) allows for the withholding of certain records which if released would jeopardize public safety. The first prong of Exemption (n) examines “whether, and to what degree, the record sought resembles the records listed as examples in the statute;” specifically, the “inquiry is whether, and to what degree, the record is one a terrorist ‘would find useful to Joshua Monahan, Esq. SPR25/3718 Page 7 January 2, 2026 maximize damage.’” People for the Ethical Treatment of Animals (PETA) v. Dep’t of Agric. Res., 477 Mass. 280, 289-90 (2017). The second prong of Exemption (n) examines “the factual and contextual support for the proposition that disclosure of the record is ‘likely to jeopardize public safety.’” Id. at 289-90. The PETA decision further provides that “[b]ecause the records custodian must exercise ‘reasonable judgment’ in making that determination, the primary focus on review is whether the custodian has provided sufficient factual heft for the supervisor of public records or the reviewing court to conclude that a reasonable person would agree with the custodian’s determination given the context of the particular case.” Id. PETA also provides that “[t]hese two prongs of exemption (n) must be analyzed together, because there is an inverse correlation between them. That is, the more the record sought resembles the records enumerated in exemption (n), the lower the custodian’s burden in demonstrating ‘reasonable judgment’ and vice versa.” PETA, at 290. In its November 19th response, under Exemption (n), the Authority argues the following: Under exemption (n)’s two prong analysis, we address the first prong – whether, and to what extent, the record sought resembles the records in the non-exhaustive list of examples in the statute. First, the records themselves relate to “internal layout and structural elements,” “security measures,” and the “security and safety of persons or building, structures, facilities…transportation…or other infrastructure located within the Commonwealth.” Access control points occur at physical locations at specific times. Mr. Thompson has asked for specific entry/exit information for specifically known individuals, meaning that the arrival/departure habits of these individuals could be leveraged by terrorists or other “bad actors” seeking to gain entry or to exit the secured areas (e.g., “piggy- backing”). There is no way to meaningfully segregate the access control data from the access control systems and the physical nature of points of entry/exit. Addressing the second prong, which probes the factual and contextual support for the proposition that disclosure of the record is likely to jeopardize public safety, we reiterate that access control records cannot be reasonably segregated in any way that would eliminate the risk of misuse (e.g., piggy-backing) – meaning that terrorists or other “bad actors” could use the information to maximize damage “to persons or building, structures, facilities…transportation…or other infrastructure” located on Conley Terminal. “Because the records custodian must exercise “reasonable judgment” in making that determination, the primary focus on review is whether the custodian has provided sufficient factual heft for the supervisor of public records or the reviewing court to conclude that a reasonable person would agree with the custodian’s determination given the context of the particular case.” (PETA at 290) Here, the severe consequences of unauthorized access to secured facilities, such Joshua Monahan, Esq. SPR25/3718 Page 8 January 2, 2026 as Conley Terminal, more than meets this burden, even if the Supervisor finds the relatedness of access control records to the statutory categories to be tenuous. And, in further support of the Authority’s position that release of these records is likely to jeopardize public safety and security, we note that unlike parties who have established an operational need to know, and who can be properly vetted to ensure that such records will be appropriately safeguarded, the Authority has no way to assess whether Mr. Thompson is taking or can take such measures. This means that such safety and security sensitive information may be unintentionally disclosed by the requestor or used for a purpose other than as stated, thereby increasing the risk of misuse with catastrophic results. The Authority cannot take such risks with the safety and security of its facilities and the people that work at its facilities. In Camera Inspection In order to facilitate a determination as to the applicability of the Exemptions (a) and (n) claims made by the Authority to withhold responsive records, the Authority must provide this office with un-redacted copies of a representative sample of the responsive records for in camera inspection. See 950 C.M.R. 32.08(4). After I complete my review of the records, I will return the records to the Authority’s custody and issue an opinion on the public or exempt nature of the records. The authority to require the submission of records for an in camera inspection emanates from the Code of Massachusetts Regulations. 950 C.M.R. 32.08(4); see also G. L. c. 66, § 1. This office interprets the in camera inspection process to be analogous to that utilized by the judicial system. See Rock v. Mass. Comm’n Against Discrimination, 384 Mass. 198, 206 (1981) (administrative agency entitled deference in the interpretation of its own regulations). Records are not voluntarily submitted, but rather are submitted pursuant to an order by this office that an in camera inspection is necessary to make a proper finding. Records are submitted for the limited purpose of review. This office is not the custodian of records examined in camera, therefore, any request made to this office for records being reviewed in camera will be denied. See 950 C.M.R. 32.08(4)(c). This office has a long history of cooperation with governmental agencies with respect to in camera inspection. Custodians submit copies of the relevant records to this office upon a promise of confidentiality. This office does not release records reviewed in camera to anyone under any circumstances. Upon a determination of the public record status, records reviewed in camera are promptly returned to the custodian. To operate in any other fashion would seriously impede our ability to function and would certainly affect our credibility within the legal community. Please be aware, any cover letter submitted to accompany the relevant records may be subject to disclosure. Joshua Monahan, Esq. SPR25/3718 Page 9 January 2, 2026 Order Accordingly, the Authority is ordered to provide this office with un-redacted copies of a representative sample of the responsive records for in camera inspection without delay. Sincerely, Manza Arthur Supervisor of Records cc: Phil Thompson