Little Rock School District Board President Greg Adams defended a secret meeting he called in November, saying the district was stuck between a rock and a hard place. Not everyone agrees. Brian Chilson

A cyberattack that made vulnerable the personal data of the district’s students and staff sent the Little Rock School District board into panic mode late in November.

On Tuesday, LRSD board President Greg Adams acknowledged a secret meeting the board held Nov. 21 to figure their way out of a virtual hostage situation that went sideways of the Arkansas Freedom of Information Act. Adams said the board was in an impossible spot and did their best, with hackers having accessed the private data of students, staff and vendors. Security consultants recommended that they keep quiet as they worked toward a resolution, Adams said.

Advertisement

“We needed to keep as much of this private — discussions on the plans and the pros and cons about different ways of responding — in order to not increase our vulnerability, or perhaps for more information to be taken, or for other threats to be made,” Adams said. “And so we were in a terrible bind to know how to respond, but we went ahead and met in private because of the concern. We did not want to make a bad situation worse, particularly to what didn’t affect just the district. That could affect thousands of individuals and families.”

Board members met secretly over Zoom to discuss the security breach, reportedly looking to a state law passed in 2017 that allows public entities to shield from the public any information about security.

Advertisement

But that law does not free public entities from public meeting requirements. In fact, board members Ali Noland and Vicki Hatter reportedly logged out of the Nov. 21 Zoom because of this very concern, then lobbied to hold another meeting, not secret this time, to make sure the board was on the right side of the public meetings law.

Brian Chilson
LRSD Board President Greg Adams said the board has struggled with how to deal with the cyberattack that put private information at risk.

But on Tuesday, Adams said he would make the same decision again, and that he still believes meeting secretly was the right decision.

Advertisement

“Erring on the side of protecting vulnerable stakeholders was the most important concern,” he said. “The idea was never that the meeting would never come to light or that we wouldn’t tell people about it, but that it was an emergency. And we needed to do what we can to minimize the damage and risk to people.”

The conventional wisdom about not negotiating with terrorists doesn’t always hold in these kinds of jams, according to industry experts.

Advertisement

On Monday, the board met publicly and in person to vote on a resolution authorizing district administration to negotiate with the hackers. (It’s the same thing they voted on in the secret meeting, but this time they did it publicly.)

Beyond that, the district remains tight-lipped about the situation, at least for now. Adams said he expects it to be resolved within the week, and said he will have more to share then. He said the FBI is involved, security experts are on the case, and the district is already making plans to shore up security to try to stave off any repeat attacks.

Advertisement

Arkansas Times contributor and LRSD watchdog Jim Ross classified Monday’s meeting as damage control, and noted in social media accounts that two issues were at play: Board members and administration had to figure out how to protect private data, and they also had to continue following the law. It appears they succeeded on the first count and fumbled on the second.

Here is Ross’s account of Monday’s meeting, which he posted to Facebook:

Advertisement

Ross and other critics say the board could and should have figured out a way to deal with the cyberattack without violating public meeting laws. And they’re right. Letting elected officials decide what should be public information and what shouldn’t, when to follow laws and when to ignore them, is a recipe for authoritarianism.

Adams said he does not foresee this conundrum presenting itself again. “This truly has been a horrible thing for everybody involved. It’s been horrible to have to consider that people would do something like this and that we’d be put in this terrible position,” he said.

Dealing with faceless criminals was a novel challenge, and they didn’t have any experience to draw from. “We had to decide how to handle the responsibility, and do we we pay people money who have broken the law and are in our putting our people at risk? Those are just terrible decisions and there’s really, in my mind, these are no-win decisions. There’s no good option, it’s just trying to figure out what the least bad option is.”

Advertisement

What is the least bad option? That’s grounds for debate. The board voted 6-3 Monday 6-3 to negotiate with the hackers in hopes of protecting students’ and staff’s personal information. Noland, Hatter and Norma Johnson voted against negotiating.

Correction: An earlier version of this story misidentified the names of the board members who declined to participate in the November meeting.

Help to Keep Great Journalism Alive in Arkansas

Join the fight for truth and become a subscriber of the Arkansas Times. We've been battling powerful forces for 50 years through our tough, determined, and feisty journalism. With over 63,000 Facebook followers, 58,000 Twitter followers, 35,000 Arkansas blog followers, and 70,000 daily email blasts, our readers value great journalism. But we need your help to do even more. By subscribing and supporting our efforts, you'll not only have access to all of our articles, but you'll also be helping us hire more writers to expand our coverage. Together, we can continue to hold the powerful accountable and bring important stories to light. Subscribe now or donate for as little as $1 and be a part of the Arkansas Times community.

Previous article ASO announces the E. Lee Ronnel Music Academy in a moving tribute to a lifelong volunteer Next article Bill Clinton: Negative now for COVID