[23]
In the 1960s and 70s the U.S. Government attempted to formulate a Code of Fair Information Practices that reflected our experience with the secret police societies of the 20th century. That draft Code served as a basis for our federal and state Privacy Acts, the Family Educational Rights and Privacy Act (FERPA), and served as a model for the Personal Data Protection laws throughout the rest of the Western democratic world. Unfortunately the authors of the HEW Code did not foresee that the danger of unregulated exploitation of personal data was not confined to government.
[24]
In the United States, the personal data collection industry, and those who foresaw the possibilities of its commercial expansion, stopped the consumer protection movement that promoted these efforts in its tracks. As a result, today, we are being obliged to ‘waive’ the protection of personal data and civil rights laws that the rest of the Western democratic world now takes for granted. Thank globalization, the personal data practices of the U.S. companies are also being extended, by ‘waiver’, throughout the rest of the world.
[25]
Not every business strategy that employs leading information technology and produces multibillion-dollar returns deserves our respect for ALL its business practices, or should be permitted to continue unregulated. In recent news, for example, ChoicePoint, ‘an identification and credentials verification services provider’, a spinoff of Equifax, a CRA, was sold to Reed Elsevier, ‘a publisher and information provider’, the parent group of LexisNexis, a ‘total solution’ and ‘searchable archive’ for $4.1 billion. And Google, the search and ad-targeting genius, acquired the ‘digital marketing’ profiler, Doubleclick, for $3.1 billion. This amalgamation of companies supplying background ‘dossiers’, known also as ‘data products’ on individuals, led to a request by the Electronic Privacy Information Center (EPIC), one of the leading consumer advocacy groups in the United States, for an antitrust investigation because all of these ‘data product’ providers claim to be exempt from the minimal accuracy, verification, and notice requirements of the FCRA.
[26]
What makes the adoption of a commercial plagiarism-detection system (such as the iParadigms version cited below), at college and high school level, more worrisome, is that its purpose is not simply improvement of academic discipline. Instead, it supplies an ostensibly incontrovertible final judgment on the morality of the student, for the personal profiling industry. Its scourge is to be applied from high school through university. Subscription to the service as an institution, inevitably requires supplying user data from the institution’s own student database. Whether the release of school and university databases, itself, is NOT in violation of FERPA (as one federal district court and a U.S. Court of Appeals have held) is immaterial (see, A.V. et al. v. iParadigms, LL.C. ). It is not simply disclosure of student personal data that is at risk. It is the inherently defamatory exposure of the usage to which the names of juveniles and young students on the subscriber list are to be put.
[27]
In Britain, they have adopted the concept of the ‘spent conviction’. Not in the United States! A ‘juvenile delinquent’ may have learned his lesson. A juvenile conviction may have been expunged – by the courts. But, the ‘consumer reporting agencies’, and their corporate offshoots, in ‘human resources assessment’ may retain such entries in their proprietary masterfiles indefinitely.
[28]
CRAs are bound to adhere to the current FCRA requirements for notice, verification, and updating for accuracy. But their own philosophy is that they are arbiters of public morality:
An elaborate mechanism has been developed for investigating and evaluating [credit worthiness and] the . . . character and general reputation of consumers. . . . (from preamble of the FCRA)
[29]
Inertia in the system leaves it up to the ‘consumer’ to discover and demand correction where it is called for. Regardless of whether these ‘consumers’ are undergraduates or only 13-year olds (as in the iParadigms case). The judgment of state licensing fitness committees and their specialist CRAs, that utilize these data-products, is forever.
[30]
The much broader ‘data product’ personal profiling industry (i.e. ChoicePoint, LexisNexis, et al., the offshoots of the CRAs) have, at times, argued that they are not, themselves, CRAs, i.e. entities
. . .which, for monetary fees, . . . regularly engage [ ] in whole or in part in the practice of assembling or evaluating consumer credit information or other information . . . for the purpose of furnishing consumer reports to third parties . . . .
[31]
If they are not CRAs, then, of course, they are not regulated by the FCRA.
[32]
In that event, ‘waiver’ of the ‘consumer’s’ right (under the FCRA) not to agree to preparation and release of a ‘consumer report’, or ‘investigative consumer report’, disappears. Of course, online applications that explicitly require ‘investigative consumer reports’, and ‘waiver’ of the right to sue for defamation, have diminished that right long ago. One stand-alone law school (named for the first American legal scholar to speak of a ‘right to privacy’) goes so far as to require a lengthy set of personal data disclosures by the applicant him or herself, that it intends to compare with the secret commercial data profiles furnished by the ‘data product’ industry. That law school declares that it: ‘reserves the right to conduct complete history checks of any applicant,’ which for them includes, not only criminal records checks, but also ‘credit reports’, ‘character reports’ by anonymous ‘friends, neighbors, and associates’ who speak with immunity about the applicant, second-guessing whether the applicant may ever have filed ‘frivolous’ lawsuits, and whether he or she may ever have left a previous employer on less than friendly terms. It then boasts that:
. . . the Faculty Admissions Committee may deny admission to candidates who lack the requisite character and fitness to study the law.
[33]
‘Deny admission . . . to study the law’? Since Hammurabi, Western tradition has aspired to the ideal that every accused has the right to know the law that he or she may be accused under. The United States has some of the world’s most gruesome prisons. But we also have a living legend of ‘jailhouse lawyers’ – who, not only study the law in prison, they sometimes go on to law school after their release, and some qualify to practice. Nevertheless, professional licensing organizations, government agencies, and others that subscribe to ‘consumer reporting agencies’ and non-CRA ‘background’ personal ‘data product’ companies, similarly call for the masterfile ‘character’ reports from all of these companies. The National Conference of Bar Examiners (NCBE) is an exclusive specialist CRA to advise the various state ‘character and fitness committees’ that decide on admission to practice of law in the United States. The NCBE rule for disqualifying attributes includes ‘academic misconduct’ – which, heretofore, may have been defined, assessed, and recorded by the school or university, but, today, it is whatever the ‘consumer reporting’ or ‘human resources assessment’ agencies’ master profile says it is.
[34]
Clearly, plagiarism does rise to the level of ‘academic misconduct’, and can in egregious cases lead to institutional disciplinary action and/or expulsion. But this is an academic decision, and is certainly unlikely at the high school or freshman, college level – before the student may even have had the first lessons in distinguishing what is ‘a recognized fact in the public domain’ from ‘another author’s research work-product’. We do expect students to learn that distinction, even first year students in university – those who do not know the difference must learn quickly. Yet, anyone who teaches freshmen students can tell you that our high schools are sorely lagging behind on that count, and/or in making our students aware of long-range penalties accruing against them in the secret digital profiles of the personal data gathering agencies of the modern world.
[35]
Furthermore, the student should not imagine that what goes into our school or University files is absolutely immune from disclosure. A Student Handbook is misleading in this respect, when it indicates that student files are always kept confidential. That is our tradition. That is also the intention of FERPA. However, today, many if not all online applications for employment or financial services – including the plagiarism-detection service cited – contains a mandatory ‘voluntary waiver’ of FERPA and other confidentiality rights. Once these ‘waivers’, are executed by the student, or by a school or university on their behalf, students should not imagine that the individual school or university can in any way reserve the right to limit release of personal data. ‘Waiver’ of FERPA (as it appears in pre-printed ‘application’ forms) opens the entire student personnel file for the CRA or ‘Human Resources Assessment’ agency to data-mine and ‘evaluate’ as it chooses, nor, should we waste any confidence in the ‘privacy policy’ of the plagiarism-detection company. They are in business to exploit personal data – and, as they put it themselves, even in the event of their bankruptcy, such information will be regarded as a commercial asset available to a successor company or purchaser of their assets.
[36]
For the criminal law, the U.S. Supreme Court and many state courts have long held that ‘waiver’ of basic rights must be ‘voluntary’, ‘intentional’, and ‘understanding’. Enrollment of school children in the plagiarism-detection system obviously does not involve any of these qualifications. Plagiarism itself is not a criminal offense. Yet, as demonstrated above, the allegation of ‘academic misconduct’, which flows from the attribution of plagiarism, can have very serious future consequences in loss of reputation and, in a purely information technology directed world, loss of basic rights. The courts have so far not held that the fact that plagiarism-detection system clients were underage at the time of enrollment is a limiting factor on validity of ‘waiver’ of their rights. The unfortunate abandonment of the ‘validity of waiver’ rule in the United States is a gratuitous consequence of A.V. v. iParadigms a case brought by adult intervenors for five underage students.