When the Municipality Has to Prove Everything

Israel's Freedom of Information Act 1998 gives every citizen the right to request information from any public authority. The authority must respond within 30 days with the document, the records of who held it, and the rationale for any redactions. The penalty for non-compliance is statutory; the State Comptroller audits municipal compliance annually. It is not a soft obligation. It is a law.

The reality on the ground is messier. Most municipalities run FOIA on email and spreadsheets. A request comes in via the public-portal email box. A clerk forwards it to the relevant department head. The department head asks an archivist to pull the file. The archivist scans paper. Someone redacts. Someone emails it back. By the time the response goes out, six people have touched the workflow, and the only record of who did what is the email thread, which is on private municipal servers, which the citizen cannot see.

The State Comptroller's annual audit reads exactly like you'd expect. Sample 100 FOIA requests; check whether each was answered within 30 days; check whether the response matches what was actually requested; check whether the redactions are documented; check whether anyone signed off on the rationale. The comptroller's report routinely lists 30 to 50 percent of sampled requests as "compliance gap." Municipalities respond with action plans. The action plans repeat each year because the underlying workflow has not changed.

The signed-citizen-receipt version of this is a different operating model. The request arrives. A signed receipt is generated at intake — citizen ID, request text, timestamp, request hash. The request is routed to the department; each handoff is signed by the departing employee and the receiving employee. The redaction step is signed by the redactor with their stated rationale. The response is signed at issuance. The citizen receives the signed bundle along with their answer — verifiable offline, against the municipality's published key, by anyone the citizen chooses to show it to.

From the comptroller's chair, the audit becomes trivial. Run a query against the signed log: how many requests in the period, what's the median response time, what fraction crossed 30 days, what fraction had documented redaction rationales? The answers come back in seconds, with cryptographic confidence. The comptroller's office moves from sampling 100 requests to comprehensive coverage of every request. The action plans become specific instead of generic — "Department X has a 14-day median; Department Y has a 45-day median; here are the names of the two clerks responsible for the bottleneck."

From the citizen's chair, the experience is also better. Instead of a PDF with no provenance, the citizen receives a signed bundle they can verify with any public-key checker. If they later challenge a redaction, they have the redactor's name and stated rationale already in hand. If the case escalates to court, the chain of custody is mathematical, not narrative. The phrase "the municipality lost the file" stops being a credible defense, because the signed log shows exactly when each handoff happened and who held the file at every step.

The product GI Engine ships for this is called Citizen Mirror. It is the operational form of the workflow described above — intake, handoff, redaction, response, all signed. Tel Aviv-area municipalities have piloted it; the State Comptroller's office has reviewed the audit-export format. The infrastructure for a 21st-century municipal FOIA exists. The remaining work is rollout — and the municipalities who deploy it are the ones whose State Comptroller report lines stop appearing in the next year's audit summary.