Jusletter IT

It was 1970. American cities had been devastated by demographic change, «blockbusting». «white flight», «urban decay», and «red-lining», the practice of banks and other lending institutions of excluding whole sections of America’s largest cities, and whole segments of the population who lived in those parts of major cities, from access to lending necessary for proper property maintenance and renewal.

It has long been conceded that «red-lining» the practice of financial institutions of drawing «red lines» on the map around demographic sections of cities where they did not choose to lend, had become a serious problem that led to the deterioration of vast areas of American cities. The «consumer movement» in Congress sought to eliminate that practice by introducing legislation that would prohibit racial and other invidious forms of discrimination in lending, and would regulate credit scoring and profiling by the «credit reporting» industry. How bad it had become has been summarized by the Electronic Privacy Information Center (EPIC):

To secure passage of the first regulatory legislation in this area, the sponsors of the so-called «Fair Credit Reporting Act» (FCRA) in Congress conceded the lines at the head of this section to the industry -- license to publish, not only private financial data, but also to opine on personal creditworthiness, character, and reputation. Thus retrospectively they conceded that the profiling practices that the industry had long been engaged in involved not simply «credit reporting», if by that we mean reporting outstanding credit and payments history. It had also included reporting public records data such as outstanding judgments and bankruptcy filings, that the industry labeled «character» and «reputation» failings.

Nevertheless, payments history and court filings could be regarded as factual reporting, verifiable with creditors and public records. To assure recourse against inaccurate reporting, the FCRA required «reasonable procedures» for data collection and «strict procedures» for obtaining correction of inaccuracies. To this extent, Congress accorded the industry immunity from any state action for libel for such reporting, thus pre-empting regulation of «credit reporting» to the federal level – so long as it conformed to the procedures set forth in the Act:

In brief, even «negligence» and «false reporting» was protected in the Act (subject to the «consumer’s» being able to establish the threshold claim of «malice» or «willful intent to injure»). It was clear, even at the time the FCRA was first passed, that the industry took a very broad view of «credit reporting», intended also for pre-employment, and insurance screening, and similar purposes.

As important as «credit reporting» has become today, it is above all in the expanded areas of «character» reporting and profiling that the full impact of the FCRA is felt. Here, the industry has taken the legislative gift of immunity from the libel laws that Congress has provided for «credit reporting», in order to claim powers of «character» judgment for the profit-making private sector that even our educational, religious, and psychological counseling sectors do not aspire to attribute to themselves: «investigating and evaluating the…character and…reputation of consumers [or, in plain English, of every one of us]». In this respect, Congress, and the industry, laid the foundation in the pre-digital era for the electronic profiling to follow in the coming IT revolution.

The business opportunities in character-profiling in the days since 9/11 have been enormous. To their credit, the American Association of University Professors (AAUP) saw what was coming just in the personnel data handling of their profession. Typically, they made a study and published a warning:

Unfortunately, a reasonable response assumes ongoing attention by reasoning people. Politically it is often enough to say «we hired background checkers to take care of the problem».

The Fair Credit Reporting Act (FCRA) exempts inaccurate or negligent misreporting of «credit report» information from the purview of state libel laws. Since the purpose of the FCRA is to «establish means» of obtaining correction of inaccurate «credit reporting» data by compelling the «credit reporting agency» (CRA) to go back to the source for confirmation of challenged data, this is conceivably justified. By the same token, it is also possible to oblige CRAs to confirm data reported from public sector agencies.

It is a much different matter, however, to confirm «character» and «reputation» allegations collected under provisions provided, initially, for employment or insurance reporting, but accessible also to others who allege «a legitimate business purpose». For reporting of this kind, the FCRA allows collection of what the law would otherwise consider mere gossip and hearsay of «friends», «neighbors», or «associates», with no requirement whatsoever as to ascertaining whether such comments may reflect grudges or other conflicts of interest.

This also includes allegations relating to why a person left a prior place of employment, what his or her performance record was, and whether he or she would be rehired. Negative information from public records must be verified within 30 days of release. Negative information obtained from interviews must be verified by a second source, unless the initial informant is regarded as «the best possible source».⁵ For on the job, personal experience allegations, that quite possibly means «the only source».

Whatever the shortcomings of the FCRA, it requires that whenever a «consumer report» for employment is made, the «consumer» has a right to be informed first, and must authorize it. Yet even before the most recent amendments, the industry was well ahead of the limitations on «credit reporting» allowed under the FCRA. Congress could not deprive us in the FCRA of the protections of privacy and equal employment opportunity that Congress itself had enacted. To do this, the data collection industry, and their human resources management clients, had to come back to the «consumer» or job applicant. Instead, of being allowed to rely on regulations limiting industry abuse, we have been, and are being, obliged to provide expanded legal powers to the CRAs ourselves. The data collection industry, employers, financial institutions, and some of our most esteemed educational institutions now require invariable pre-printed and/or online applications for employment, for credit, for insurance, etc. and requiringmandatory «voluntary waiver» of our rights – rights that Congress itself has enacted and rights guarantied by the Constitution of the United States.

Nor do these elite institutions hesitate to declare that private sector, for profit, investigations are mandatory, and that surveillance is ongoing:

Years of correspondence between the staff counsel at the Federal Trade Commission (the FTC), that oversees enforcement of the FCRA and CRAs, and the Society for Human Resources Management (SHRM), have also dealt with how the letter of the FCRA could theoretically be observed, and, nevertheless, meaningful notice to the employee be avoided. After several years of lobbying Congress, the SHRM prides itself on having overcome even the remaining notice requirements with passage of the so-called «Fair and Accurate Credit Transactions Act» (FACTA):

In other words, this amendment to the FCRA to require what would otherwise be an «investigative consumer report» – subject to the notice and verification regulations of the FCRA – is, by this definition, not an «investigative consumer report» any longer. And thus the Amendment, in fact, «liberates employers » – from affording us the guaranties of the 4th, the 5th, and the 6th Amendments of the Constitution of the United States, which:

• protect us from search and seizure of our papers and of access to our government agency files, educational files, or, to some extent, medical files, without notice or judicial warrant;
  
• allow us to know the nature of any accusation against us, to confront witnesses; and, in general,
  
• guaranty us due process of law.

Peer review, and the giving and receiving of professional references has been a central feature of professional life since time immemorial. Lately, however, reference verification, and evaluation as well, has become another profit-center of the so-called «consumer reporting agencies» (CRAs), and their off-shoots, the «recruitment assessment» companies. The Federal Trade Commission (FTC) has even put itself into the picture – giving the impression that the employer is better off with commercial reference verification.

That is frankly misleading – and indicates that the staff writer at FTC has adopted the data collection industry’s view that unrelated third party comments are «references». It is true that only a CRA is protected from liability for reporting negative remarks gleaned from «friends», «neighbors», and «associates» of an applicant by the provision of the FCRA cited at n. 3 above, and that those third parties benefit from anonymity and immunity granted by FCRA – unless the sources reported on are subject to discovery in a legal proceeding. Knowingly making use of unverified defamatory material can, of course, make all parties liable.

Yet, one wonders what possible liability an employer who merely seeks to verify credentials, or to ask for letters from the employee’s, or the applicant’s, named professional references, would have to fear. The employer is also free to ask for a criminal background check, if the position requires care of the vulnerable young, the elderly, or the disabled, or requires exercise of fiduciary responsibility. Here again, however, the applicant is better protected from mismatches or inaccurate reports if the request is direct to the criminal records bureau in question rather than through a third party CRA.

Why, then, do CRAs require greater protection than the institutions to whom references are addressed? Principally, because CRAs and «recruitment assessment» companies do not simplycollect references. They «mine» references! That is they take so many positive points from one, and so many negative points from another. When they use language like:

These latter sources are obviously not the equivalent of respected members of the profession who we might choose as references. This is not to say that those persons do not have the freedom of speech to say whatever they like about us – as long as they do not breach the laws of confidentiality, privacy, defamation, or negligent injury to our economic interests. Reliance on CRA investigator-chosen sources is foreseen in the FCRA – that is by legislation drafted by the industry itself and promoted to human resources management – but it has never been accepted as desirable or authoritative in place of traditional references by any professional body, though employer human resources departments now regularly accept such commercial reports as a matter of course.

Any professional person who receives or writes reference letters knows very well that outright negative reference writing is extremely rare. Anyone who agrees to write a reference is by implication agreeing to support the applicant who requests a confidential reference letter in some way. This is not to say that an aggrieved supervisor, instructor, or employer can not exercise his or her free speech against a former student or colleague – though, such a declaration is more credible when the author is identified and the basis of the allegation is disclosed. But, such statements are not «references».

Naming a «confidential reference» is a demonstration of respect and confidence in the judgment of a leading member of the profession. A «confidential reference» allows the writer to compare students or employees who have worked under him or her. It is, however, not a license to trash a former student or colleague. Giving a reference implies that the writer has worked closely with the applicant and is willing to support him or her in some way. An applicant with few accomplishments may expect only «faint praise», but still has no fear that the writer is likely to seek to damage an old colleague.

For good reason, employer personnel managers who are less likely than frontline supervisors to have direct knowledge of an employee’s work performance, typically restrict themselves to giving only job title and starting and ending dates of employment (and to confirm salary, if requested by the former employee). By and large it is only the «associates» attracted by anonymity and immunity offered by CRAs by virtue of their non-statutory demands formandatory «voluntary waiver » from applicants, who may be drawn into making remarks or allegations that can damage the prospects of the applicant, but do not require substantiation.

This is in fact the «value added» that the outsourcing «recruitment assessment» companies offer – their independent «evaluation» and «assessment». However, the agencies that look for «uncovering potentially damaging secrets of the candidates», may have put themselves over the line of collecting references and into the realm of promoting gossip and hearsay. There are still some of us left who remember when governments encouraged surveillance by «friends» and «neighbors», and even members of one's own family:

What the FTC and the CRAs and «recruitment assessment» companies fail to tell us is what service we the public gain in exchange for our trust and the «waiver » of our rights. HR management officers are experienced in credentials verification and in collecting and assessing professional references. The only thing that the CRAs and «recruitment assessment» companies offer in addition is a summary statement gleaned from the secret proprietary masterfiles that they compile on all of us. They may «mine » our reference letters to re-state our good points and weaknesses. Then they leaven these with the unprofessional gossip and hearsay of their sub-contracting investigators’ randomly chosen «friends», «neighbors», and workplace «associates».

The CRA cited at note 10 above claims that all this is better for «uncovering potentially damaging secrets of candidates». We have seen a vast CRA literature alleging «lying on resumes»; …superior CRA methods of spotting favorable personality traits of candidates; …and of CRA IT systems matching job descriptions and job skills. None of this demonstrates that the hype in resume writing is any worse than the hype in the «recruitment assessment» literature. But the latter represents a multibillion dollar industry that caters to HR managers’ fears of the industry-invented charge of «negligent hiring» if they do not utilize CRA «background checking» services.

In other words, it is not our professional development, experience, and achievements, that they focus on. Those are qualities they take for granted, or they consider that there is a large enough pool to satisfy their needs. Rather, their literature is clear that they rate us on the subjective standards they associate with success at «fitting in» in the atmosphere of the new employer:

Perhaps that is true. Nonetheless, many of us apply for professional, or for vocational, positions, where the job description calls for professional or vocational training and frontline experience. Doubtless the related subjective qualities also play a role in «fitting in» and «getting along» on the job. But, they can rarely be precisely narrowed to a particular description. The perception of who fits in best varies from one situation to another.

Some companies claim specially trained teams, or unique IT to spot the right candidates:

ADP goes on to reveal, however, that it is not only those ephemeral personality qualities that HR management is after:

«Hiring policy » is also not covered by the job description: quotas, or demographic «goals», preference for fresh graduates regardless of advertised needs for lengthy experience, and often biases that favor good looks or personality traits. If all our background and experience only makes up a machine readable template, where does our tradition of democratic transparency and equal and competitive opportunity go?

It appears that HR management may be outsourcing a «hiring policy» that, for various reasons, they cannot put into so many words in the advertised job description. No one has captured this unwillingness to speak in plain words in current human resources management better than the words of the U.S. Office of Personnel Management, «There are disadvantages to using definitions of terms »:

No «recruiting assessment» firm has put it as clearly. All this «background checking», «evaluation», and «assessment» is not really to turn up terrorists or hardened criminals in the ranks of business, education, and public service. What it is concerned with is, in simplest terms, «disruptiveness». Contrary to the spirit of «rugged individualism», the myth of the frontier, that used to be part of socialization in American schools, today business, education, and public service institutions are run not by frontiersmen or entrepreneurs but managers. At the level, where you meet the clerk behind bullet-proof glass, the first order of business does not call for the «self-starter» or the «innovator», but for compliance. Anything less is considered «disruptive», and «disruptiveness» is tantamount to «violence»:

In the past, «disruption» , in this vain, meant work stoppage, industrial strife, or advocating partisan politics in the workplace. Today, it is extended to passively questioning whether intrusive investigative measures carried out by unidentified outsourcing agents are «disproportionate» to the supposed «security» risks being investigated [as per the statement of the American Association of University Professors (AAUP) cited at note 4, above].

Of course there may be professionals as well as common laborers who have advanced their careers by cheating and false documentation. But isn’t that something that trained in-house personnel recruiters are expected to uncover from applicant interviews and claims themselves? Weren’t they trained to call to verify college degrees and official licenses? Can’t they investigate themselves whether a degree comes from a recognized college, or a degree mill? Has third party denunciation become more respectable in an age of shock TV? Has duress to oblige candidates to sign «waivers» of their rights become less a violation of our fundamental freedoms because it conceivably helps avoid employment or credit risk?

We have all known professional colleagues who we may not have thought well of. But isn’t it simply tale-bearing or slander to report claims that the subject individual cannot respond to? Isn’t it simply libel to collect such stories anonymously, from «associates » whose motives and grudges are neither known nor acknowledged? Is it any worthier to collect anonymous «reports » in asecret proprietary file , as «background » material for sale to employers and government? Is all this any more respectable when it is done by commercial agencies, serving Fortune 500 companies, distinguished universities and non-profit employers, and government agencies?

Doesn’t such a policy rely on the same kind of personal surveillance masterfiles that generations of us have condemned in the dictatorships of the 20th century? We condemned those practices by the Nazis, …the NKVD of the former Soviet Union, …and the East German Stasi. Are they any less morally corrupt when statutes protecting that form of legalized libel are enacted by the Congress of the United States? …and when those practices are spread around the world by the personal data collection industry?

No, they are not keeping these masterfiles on us to send us to the extermination camps or the gulags. But, «credit reporting» is one thing. It is theoretically verifiable for accuracy – and back payments can be paid off. «Character profiling» is something else. It is not psychological counseling – «profiling» is permanent. Yet, profiling systems do not have «strict procedures » for accuracy in reporting. «Friends», «neighbors», and «associates» may have free speech to say what they choose about us. But «waivers » obtained under duress in monopoly systems cannot be used to justify publishing a defamation, and blacklisting the affected person from all possibility of employment.

40 years ago, the U.S. Government was among world leaders in recommending a «Code of Fair Information Practices»,¹⁶ that would apply the lessons of the totalitarian political systems and prevent future abuse of emerging information technology. Those principles were incorporated in the federal Privacy Act of 1974. That «Code» and the Privacy Act that followed from it, dealt with government data systems. But the same principles must also apply to any system that Congress authorizes. As suggested above, some of those concerns were already included in the FCRA, although it was of earlier date, where the FCRA calls for «reasonable procedures» for collecting data and «strict procedures» for correcting errors.

Private sector interests have lobbied against further extension of those principles of «Fair Information Practices» in the United States – although they are now well established in the Commonwealth countries and the European Union. Unbridled exploitation of information technology for profit, regardless of privacy concerns, has prevailed so far in the United States. Yet, the prospect of obliging a whole nation to «waive» their privacy and civil rights simply in order for employers to be able to verify credentials and collect «references» is utterly disproportionate to the need. The creation of private enterprise proprietary rights over the personal data of the whole rest of the population is equally absurd. The notion that an individual cannot access libels against him or herself and correct them, and that such a person can be blacklisted from employment, credit, or insurance for life is intolerable in a free country. Hopefully, rational discussion of these problems will enable us to restore reasonable balance between personal data protection and public needs.

Why would candidates consent to such a presentation of their files – files bound to follow them from one employer to the next – forever? This only works where employers can refuse to accept any application for employment except via the internet; and can refuse to accept any application in which the applicant does not «waive» all right to sue for defamation, invasion of privacy, or interference with economic relations. No law could make these demands. No genuine fear of terrorism in the workplace leads to these results. These are the dialectical gifts of modern Information Technology, and capitalism gone wild.

---

Orlan Lee , M.A., Dr.Jur., J.D., LL.M., is Professor, in the School of Management, of the New York Institute of Technology, Global Programs, and is a Life Member of Clare Hall, a College of Advanced Study, in the University of Cambridge. The problems raised here are more fully discussed in the forthcoming:Waiving Our Rights: the Personal Data Collection Complex and its Threat to Privacy and Civil Liberties , (New York and Lanham, MD: Lexington Books, in the press). An earlier version of the present paper was presented at a conference on «Evil, Law, and the State». A shorter version appears in the conference volume edited byS. King, C. Salzani & O. Staley, Law, Morality and Power, Global Perspectives on Violence and the State , (Oxford: Inter-Disciplinary Press, 2010),http://www.inter-disciplinary.net/publishing/id-press/ebooks/law-morality-and-power/ .

---