Jusletter IT

When I refuse to accept student work because of plagiarism, there is an implicit understanding that the student who works with me, learns from me. If the question of institutional discipline arises, it is confidential and subject to due process.

Recently, school and university administrations have begun deciding on their own that all student work should be submitted first to a plagiarism-detection service. Unlike the free and anonymous software for which plagiarism-detection is the sole purpose, here, the system operators begin by collecting the personal data of students, with or without their knowledge and consent, also for further commercial exploitation.

The service provides a mark-up of the extent to which a student paper may or may not have been ‘cut and pasted’ from the internet. The business strategy of the company is to retain all student submissions in company archives for matching against future student papers. It also requires ‘waiver’ of confidentiality of student personal data under the U.S. Family Educational Rights and Privacy Act (FERPA)¹ (whether by the student him or herself, or by the institution, in the case of minors) in order to collect personal data files on minor school children as well as university students in their 20s for further business development. There is no ‘opt-out’.

Granted, this new service offers a significant time saving to the faculty member, and an impressive use of information technology for the entrepreneur. That should not mean that we fail to take a closer look at the social context of this gift horse. Yes, undergraduate faculty members, today, spend an inordinate amount of time tracking ‘cut and paste’ plagiarism. Our general impression is that schools our students come from stress standardized testing and computer skills to the detriment of exclusion of academic discipline.

However, if faculty members, themselves, wanted to engage in a plagiarism-detection project, or wanted to develop research results promoting teaching of academic discipline, they would not be free to exploit student data for commercial or any other purposes. In the United States, they would be bound to adhere to the ‘Ethical Principles and Guidelines for the Protection of Human Subjects of Research’.² These always apply where:

. . . information obtained is recorded in such a manner that human subjects can be identified, . . . and any disclosure of th[eir] responses . . . could reasonably place the subjects at risk of criminal or civil liability or be damaging to th[eir] financial standing, employability, or reputation.³

Commercial plagiarism-detection limited to academic support purposes, conceivably has benign uses. Yet, that is difficult to reconcile with present extensive personal data collection from our student database – precisely in light of a commercial enterprise’s broader links to ‘financial standing, employability, and reputation’ assessment companies.

In the United States, the personal data collection industry has so far enjoyed legislative protection, not because their activities do not affect human subjects adversely, but because they have developed support from very profitable business organizations that benefit from exploitation of personal data otherwise not easily accessible to marketing, financial services, human resources management, and/or law enforcement.

On the other hand, the Fair Credit Reporting Act (FCRA)⁴ may apply because at the time of enactment ‘credit reporting agencies’ (CRAs), made sure that ‘character’ and ‘reputation’, were also included within the ambit of ‘credit reporting’.⁵ To the extent that the FCRA does apply here, it would impose the requirement of ‘reasonable’ and ‘strict procedures’ to ensure accuracy, verification, and correction of errors. While the industry was eager enough to join ‘character’ and ‘reputation’ to ‘credit reporting’ at the time of enactment, they have, however, been reticent to allow precisely this very limited liability. Instead they impose blanket mandatory ‘voluntary waivers’ of even these minimal rights of the data subject, typically, via take-it-or-leave-it online application forms of the user institution. In the case of teenage high school students, and 20-year-old undergraduates, such ‘waivers’ leave a lot to be desired with respect to ‘informed consent’.

This new online plagiarism-detection program offers, at best, learning by punishment, and assumes the propriety of a self-executing justice. The question of ‘legal principles’ if it exists for the system operators at all, is one of ‘wrongs’ and ‘punishments’, defined and carried out by the program administrator. To jump to a conclusion before going any further: A legal system based on such principles is not one on which a modern liberal democratic society can emerge. An educational system based simply on ‘wrongs’ and ‘punishments’ may produce well-disciplined graduates, but does not contribute to the desire for thoughtful critical analysis and judgment.

The matching of student writing with online sources when plagiarism is suspected has been around as long as the internet. There has long been free software to assist the instructor to locate suspected sources, anonymously.⁶ A commercial enterprise, that takes the burden of inputting the suspected material off your hands may be worth paying for – if we have hundreds of student papers to check, and that is all it does. If the business strategy of that service includes archiving all student papers submitted, along with the personal data of all students enrolled, on the other hand, it has taken over our obligation of confidential handling of institutional discipline, and become a source for allegations of ‘academic misconduct’ by minors and young persons in the personal profiling marketplace.

Plagiarism, the submission of someone else’s work as your own, is a practice that undermines the integrity of the academic profession. The very purpose of our profession is to overcome ignorance and defiance of academic standards by teaching academic discipline. This is often a thankless task, consuming endless hours of the instructor’s time, and may be despised by the student bent on exploiting the weaknesses of the system. But shortcomings in an academic system are the concern of academic institutions. If institutions fail, we improve them. We do not outsource their key functions. A commercial plagiarism-detection system is not a university.

In schools and universities that subscribe to such a service, the student submits the written assignment directly to the plagiarism-detection system. The instructor receives the paper second-hand with a printout stapled to the assignment that labels student users as having ‘cut and pasted’ 1%, 50%, or 70% as the case may be. The company might as well have attached the grade and the disposition: pass/fail, or expulsion. The offending paper then goes into the company’s archives as lasting evidence of the students’ deficiency – to serve any official survey of delinquent youth, and as a marketing tool for services on offer to this student profile (for example, a company course on ‘how to avoid plagiarism the next time’).

The student’s plagiarism-detection report, with the offending paper attached, also goes into University central files, as lifelong witness to juvenile misconduct, waiting there for a future mandatory ‘voluntary waiver’ of FERPA bound to come along in an authorization for a so-called ‘investigative consumer report’ invariably included in the new-style online application system. That would oblige the University to release the student file for future employment or professional ‘character and fitness’ disclosures. Then, even if the course instructor is diligent, and the student learns not to repeat the offense, the memorandum in the central files remains a permanent record, and the record in the archives of the plagiarism-detection company is never deleted.

Plagiarism itself is not new. In the past, it often taxed the lecturer’s knowledge of the literature of the field – assuming that the offending student copied from learned authorities rather than from term paper sellers. The internet, and the invention of ‘cut and paste’, have added vast new possibilities. In most cases, it is recognizable when the student appears to be writing in language in which he or she would not speak. It may also be evident when a student is writing about matters and events unlikely to come within that student’s background or experience. In many cases, the instructor has only to type a line of such a paper into Google in order to bring up the online source.

When the instructor recognizes that the student has not learned proper research methodology, or only ineptly omits referencing sources, he or she can handle that problem directly with the student. Regrettably, ‘plagiarism’, ‘the substitution of another persons’ work-product for one’s own,’ is only half of the problem. In many cases, students come to university before they have learned how to distinguish between ‘Fact’ and ‘Opinion’. Their internet-search talents may be highly developed. But a student who only names ‘the internet’ as a source, and takes all that appears there to be ‘Fact’, has not really matured enough to recognize plagiarism. This is then the first problem that academic discipline must address.

The internet was not that old when far-sighted software developers made free software available on the web as means of reading large numbers of student papers electronically, to render an opinion on the originality of the content. In the meantime, however, the marketability of a third party service has been more widely developed, and the plagiarism-detection product referred to above has been adopted as the in-house system of a number of schools and colleges. Unfortunately, in the case of many software applications, from e-mail, to online purchases, to credit reporting, to financial services, to mobile phone service, to ISP internet access, the collection of as much personal data as can be extracted from the unwitting user – or vicariously, from the host institution – is primary for commercial operations, and leads to release of the user student database for ancillary marketing purposes.

Maybe there are some students, faculty members, or administrators who do not recognize what is going on here. For those of us who look closer, this practice is bound to divide us into two camps: those who seek, and market, total disclosure masterfiles on everybody; and those who believe in adhering to existing laws and ancient traditions of trust and confidentiality in our educational, financial, counseling, medical, and other personal service professions.

Most adult Americans are not aware that, in addition to a ‘credit report’, they are now also subject to so-called ‘investigative consumer reports’. ‘Credit reports’ (now dubbed ‘consumer reports’) are largely based on verifiable credit experience. ‘Investigative consumer reports’ deal primarily with ‘character’ and ‘reputation’ – which the FCRA relates largely to data collected from ‘interviews’ with ‘friends’, ‘neighbors’, and workplace ‘associates’, who none of the sponsors of the Act thought to consider sometimes have grudges or grievances that conflict with the interests of those they are asked to inform on.

Only few of us would suspect, that whenever we press ‘Submit’ for an online employment application, we may presume that we are also authorizing an ‘investigative consumer report’, and very likely ‘waiving’ constitutional rights. Unlike ‘credit reports’ that can be verified and conceivably corrected, employers and other users generally do not show us ‘investigative consumer reports’. Unlike ‘credit reports’, ‘investigative consumer reports’ do not name sources. Consequently, little is subject to correction or verification.

Nevertheless, the FCRA allows employers (and also state licensing agencies, creditors, insurance companies, landlords, and all those who allege ‘legitimate business interests’) to rely on ‘investigative consumer reports’ as authoritative. In the event an applicant presumes to question their accuracy, the FCRA allows the employer (or other user) to go dumb, and to refer the applicant to the ‘consumer reporting agency’ (CRA), the provider. The FCRA then allows the CRA to assert that it has not made the employment (or credit) decision – though it is the sole source for collection, verification, correction – and, frequently, has also promoted itself for its unique ability for ‘evaluation’ or ‘assessment’ of such material.

‘Sensible measures to reduce risk’ are obviously essential to sound lending practices. But if the financial disasters of 2008 and 2010 tell us nothing else, ‘sound lending’ requires ‘sound financial judgment’. Comprehensive financial reporting and scoring may contribute to a meaningful decision-support system, but they do not assure us that we can rely on perfect information. More and more intrusive means of collecting personal data may gladden the hearts of systems operators. But it ignores the oldest lesson of the IT world: ‘Garbage in, garbage out.’

Thus development of a commercial plagiarism-detection program – with no pedagogical function, but supported by a ‘waiver’ of the confidentiality of educational institutions – allows the creation of a new reputational menace for inclusion in ‘investigative consumer reports’ yet to come. The category of ‘academic misconduct’ in ‘character and fitness’ reports for professional licensing already exists for grave infractions – for example, claiming false professional credentials, or consciously stealing another’s research results. Here, however, an online program devised for undergraduate or high school students, is also marketed for its power to turn up youthful infractions of ‘academic misconduct’. For the moment, this might arouse little concern, for the young student. But file results away until a person graduates from law school or applies to work as a White House Fellow, and the plagiarism-detection agency has planted a real time bomb.

In the 1960s and 70s the U.S. Government attempted to formulate a Code of Fair Information Practices⁷ that reflected our experience with the secret police societies of the 20^th century. That draft Code served as a basis for our federal and state Privacy Acts, the Family Educational Rights and Privacy Act (FERPA), and served as a model for the Personal Data Protection laws throughout the rest of the Western democratic world. Unfortunately the authors of the HEW Code did not foresee that the danger of unregulated exploitation of personal data was not confined to government.

In the United States, the personal data collection industry, and those who foresaw the possibilities of its commercial expansion, stopped the consumer protection movement that promoted these efforts in its tracks. As a result, today, we are being obliged to ‘waive’ the protection of personal data and civil rights laws that the rest of the Western democratic world now takes for granted. Thank globalization, the personal data practices of the U.S. companies are also being extended, by ‘waiver’, throughout the rest of the world.

Not every business strategy that employs leading information technology and produces multibillion-dollar returns deserves our respect for ALL its business practices, or should be permitted to continue unregulated. In recent news, for example, ChoicePoint, ‘an identification and credentials verification services provider’, a spinoff of Equifax, a CRA, was sold to Reed Elsevier, ‘a publisher and information provider’, the parent group of LexisNexis, a ‘total solution’ and ‘searchable archive’ for $4.1 billion.⁸ And Google, the search and ad-targeting genius, acquired the ‘digital marketing’ profiler, Doubleclick, for $3.1 billion.⁹ This amalgamation of companies supplying background ‘dossiers’, known also as ‘data products’ on individuals, led to a request by the Electronic Privacy Information Center (EPIC),¹⁰ one of the leading consumer advocacy groups in the United States, for an antitrust investigation because all of these ‘data product’ providers claim to be exempt from the minimal accuracy, verification, and notice requirements of the FCRA.

What makes the adoption of a commercial plagiarism-detection system (such as the iParadigms version cited below), at college and high school level, more worrisome, is that its purpose is not simply improvement of academic discipline. Instead, it supplies an ostensibly incontrovertible final judgment on the morality of the student, for the personal profiling industry. Its scourge is to be applied from high school through university. Subscription to the service as an institution, inevitably requires supplying user data from the institution’s own student database. Whether the release of school and university databases, itself, is NOT in violation of FERPA (as one federal district court and a U.S. Court of Appeals have held) is immaterial (see, A.V. et al. v. iParadigms, LL.C.¹¹ ). It is not simply disclosure of student personal data that is at risk. It is the inherently defamatory exposure of the usage to which the names of juveniles and young students on the subscriber list are to be put.¹²

In Britain, they have adopted the concept of the ‘spent conviction’.¹³ Not in the United States! A ‘juvenile delinquent’ may have learned his lesson. A juvenile conviction may have been expunged – by the courts. But, the ‘consumer reporting agencies’, and their corporate offshoots, in ‘human resources assessment’ may retain such entries in their proprietary masterfiles indefinitely.¹⁴

CRAs are bound to adhere to the current FCRA requirements for notice, verification, and updating for accuracy. But their own philosophy is that they are arbiters of public morality:

An elaborate mechanism has been developed for investigating and evaluating [credit worthiness and] the . . . character and general reputation of consumers. . . . (from preamble of the FCRA)¹⁵

Inertia in the system leaves it up to the ‘consumer’ to discover and demand correction where it is called for. Regardless of whether these ‘consumers’ are undergraduates or only 13-year olds (as in the iParadigms case). The judgment of state licensing fitness committees and their specialist CRAs, that utilize these data-products, is forever.

The much broader ‘data product’ personal profiling industry (i.e. ChoicePoint, LexisNexis, et al., the offshoots of the CRAs) have, at times, argued that they are not, themselves, CRAs, i.e. entities

. . .which, for monetary fees, . . . regularly engage [ ] in whole or in part in the practice of assembling or evaluating consumer credit information or other information . . . for the purpose of furnishing consumer reports to third parties . . . .¹⁶

If they are not CRAs, then, of course, they are not regulated by the FCRA.

In that event, ‘waiver’ of the ‘consumer’s’ right (under the FCRA) not to agree to preparation and release of a ‘consumer report’, or ‘investigative consumer report’, disappears. Of course, online applications that explicitly require ‘investigative consumer reports’, and ‘waiver’ of the right to sue for defamation, have diminished that right long ago. One stand-alone law school (named for the first American legal scholar to speak of a ‘right to privacy’) goes so far as to require a lengthy set of personal data disclosures by the applicant him or herself, that it intends to compare with the secret commercial data profiles furnished by the ‘data product’ industry. That law school declares that it: ‘reserves the right to conduct complete history checks of any applicant,’ which for them includes, not only criminal records checks, but also ‘credit reports’, ‘character reports’ by anonymous ‘friends, neighbors, and associates’ who speak with immunity about the applicant, second-guessing whether the applicant may ever have filed ‘frivolous’ lawsuits, and whether he or she may ever have left a previous employer on less than friendly terms. It then boasts that:

. . . the Faculty Admissions Committee may deny admission to candidates who lack the requisite character and fitness to study the law.¹⁷

‘Deny admission . . . to study the law’? Since Hammurabi, Western tradition has aspired to the ideal that every accused has the right to know the law that he or she may be accused under. The United States has some of the world’s most gruesome prisons. But we also have a living legend of ‘jailhouse lawyers’ – who, not only study the law in prison, they sometimes go on to law school after their release, and some qualify to practice. Nevertheless, professional licensing organizations, government agencies, and others that subscribe to ‘consumer reporting agencies’ and non-CRA ‘background’ personal ‘data product’ companies, similarly call for the masterfile ‘character’ reports from all of these companies. The National Conference of Bar Examiners (NCBE) is an exclusive specialist CRA to advise the various state ‘character and fitness committees’ that decide on admission to practice of law in the United States. The NCBE rule for disqualifying attributes includes ‘academic misconduct’ – which, heretofore, may have been defined, assessed, and recorded by the school or university, but, today, it is whatever the ‘consumer reporting’ or ‘human resources assessment’ agencies’ master profile says it is.

Clearly, plagiarism does rise to the level of ‘academic misconduct’, and can in egregious cases lead to institutional disciplinary action and/or expulsion. But this is an academic decision, and is certainly unlikely at the high school or freshman, college level – before the student may even have had the first lessons in distinguishing what is ‘a recognized fact in the public domain’ from ‘another author’s research work-product’. We do expect students to learn that distinction, even first year students in university – those who do not know the difference must learn quickly. Yet, anyone who teaches freshmen students can tell you that our high schools are sorely lagging behind on that count, and/or in making our students aware of long-range penalties accruing against them in the secret digital profiles of the personal data gathering agencies of the modern world.

Furthermore, the student should not imagine that what goes into our school or University files is absolutely immune from disclosure. A Student Handbook is misleading in this respect, when it indicates that student files are always kept confidential. That is our tradition. That is also the intention of FERPA. However, today, many if not all online applications for employment or financial services – including the plagiarism-detection service cited – contains a mandatory ‘voluntary waiver’ of FERPA and other confidentiality rights. Once these ‘waivers’, are executed by the student, or by a school or university on their behalf, students should not imagine that the individual school or university can in any way reserve the right to limit release of personal data. ‘Waiver’ of FERPA (as it appears in pre-printed ‘application’ forms) opens the entire student personnel file for the CRA or ‘Human Resources Assessment’ agency to data-mine and ‘evaluate’ as it chooses, nor, should we waste any confidence in the ‘privacy policy’ of the plagiarism-detection company. They are in business to exploit personal data – and, as they put it themselves, even in the event of their bankruptcy, such information will be regarded as a commercial asset available to a successor company or purchaser of their assets.

For the criminal law, the U.S. Supreme Court and many state courts have long held that ‘waiver’ of basic rights must be ‘voluntary’, ‘intentional’, and ‘understanding’. Enrollment of school children in the plagiarism-detection system obviously does not involve any of these qualifications. Plagiarism itself is not a criminal offense. Yet, as demonstrated above, the allegation of ‘academic misconduct’, which flows from the attribution of plagiarism, can have very serious future consequences in loss of reputation and, in a purely information technology directed world, loss of basic rights. The courts have so far not held that the fact that plagiarism-detection system clients were underage at the time of enrollment is a limiting factor on validity of ‘waiver’ of their rights. The unfortunate abandonment of the ‘validity of waiver’ rule in the United States is a gratuitous consequence of A.V. v. iParadigms¹⁸ a case brought by adult intervenors for five underage students.

The new plagiarism-detection service we are being offered begins its promotional material with reference to a lawsuit in which their program had been challenged, and in which they had apparently been vindicated by the courts. In A.V. et al. v. iParadigms, LL.C, the corporate owners of the plagiarism-detection service had been sued on behalf of four 13-year old high school students, whose school had obliged them to submit their written work to the plagiarism-detection program. According to the service agreement with their school, which they were obliged to accept, the company would not only review their work for potential plagiarism of online sources, it would also archive their papers, as reviewed, for use for comparison with other future student submissions. The students sued for ‘infringement of copyright’ by the company for retention of their intellectual property for this purpose.

The truth is that the 13-year olds’ guardians sued on ‘copyright’ because, in the United States, they could not expect to win on a claim of ‘invasion of privacy’ or ‘breach of confidentiality’ – especially for teenagers accused of ‘academic misconduct’. There is no comprehensive personal data protection law in the United States, as there is in the U.K.¹⁹ the E.U.²⁰ , or the Commonwealth nations. 

Our main concern, here, however, is not ‘plagiarism’, which we can hope to deal with as educators. Nor is it ‘copyright’ of student papers archived as evidence of alleged ‘academic misconduct’. We deal with that every day, too. Our main concern should be the surreptitious means of obtaining ‘waivers’ of basic rights. It happens to all of us every day – internationally – largely without our notice. So perhaps it would be helpful to show just how the case of the 13-year olds’ who sued in the iParadigms case affects all the rest of us, not only in the United States, but, via the same or similar offerings, all consumers who are obliged to subscribe to take-it-or-leave-it pre-printed or online contracts all over the world.

The market for personal data collection in the United States originally had the objective of certifying ‘creditworthiness’ – the essential social element of a world where we have transcended from a cash economy to a credit economy. ‘The banking system is dependent upon fair and accurate credit reporting. . . ,’ the preamble of the American FCRA justifies the codification of rules governing the collection of personal data of ‘consumers’.

The authors of the E.U. Report of the Expert Group on Credit Histories²¹ seem to bemoan the fact that ‘credit reporting’ there lags behind the United States: ‘European consumers and financial actors cannot yet fully reap the benefits of an integrated European retail credit market’.²² The ‘Expert Group’ established by the European Commission tells us in their initial Report:

Credit data sharing between creditors is considered an essential element of the financial infrastructure that facilitates access to finance for consumers. The use of credit data in assessing borrowers’ creditworthiness is key in order to enhance the quality of creditors’ loan portfolios and thus reduce risks. It also assists creditors in complying with responsible lending obligations.²³

Clearly, the E.U.’s ‘Expert Group’ adopts words mirroring the U.S. FCRA – innocently, solely in the interest of promoting institutional protective credit granting practices. So there is no division between U.S. and E.U. thinkers in the ‘credit reporting’ field. Overwhelmingly the ‘Expert Group’ appointed comes either from the ‘credit reporting’ or the lending areas. The division in the E.U., just as in the U.S., is between ‘consumers’ of credit and the ‘credit granting’ arm. The Report of the Expert Group gingerly acknowledges that the three ‘consumer’ representative ‘Experts’ in a sea of financial underwriting and reporting administrators, ‘could not support the Report fully’.²⁴

Today the U.S. FERPA, the law guarantying the privacy and confidentiality of academic and educational, disciplinary, and counselling records is regularly circumvented by inserting mandatory ‘voluntary waivers’ in pre-printed and online ‘agreements’ for all sorts of things from credit cards to mobile phone service to internet service connection, though Americans (grammar school and high school students in particular) are generally unaware of this.

Similarly, U.K. and E.U. users of Google. Yahoo, and hordes of other U.S.-based (and U.K.-based) financial services are just as unaware of ‘waivers’ of the much more comprehensive U.K. and EU personal data privacy laws – including ‘waivers’ of provisions prohibiting transfer of personal data to the United States, where there is no comprehensive personal data protection.

This might be relatively harmless, if it only allowed for solicitation for more consumer products. In the case of the 13-year olds, their school had vicariously ‘waived’ their rights against archiving of alleged evidence of ‘academic misconduct’. That is an entirely different matter and could haunt those students for the rest of their lives.

In retrospect, the iParadigms case was, perhaps, filed under the wrong law. The ‘next friends’ of the minor plaintiffs sought to protect their submitted papers, under law of copyright. The U.S. federal District Court, therefore, decided the case strictly by applying the copyright law ‘fair use’ doctrine, which protects ‘transformative’ use – disregarding the ages of the authors of the papers. In other words, the papers once tracked back to the supposed original sources, and assessed for the extent of dependence on those sources, had assumed a ‘transformative’ application. While this may be sustainable in terms of copyright doctrine, it ignores the real underlying concern, here, the protection of minors from the implications of ‘waiver’ of rights that neither they nor their parents or guardians, nor the schools or universities themselves, have correctly understood. The more crucial question is whether the educational institution can ‘waive’ the rights of the student, particularly the underage student, thus subjecting the student to consequences far into the future that neither the individual not the institution can fully contemplate. The Court cites the leading American authority on contract law to the effect that:

[I]f an infant enters into any contract subject to conditions or stipulations he cannot take the benefit of the contract without the burden[s].²⁵

It does not diminish the persuasiveness of this adage in other situations, to contend that there were no contractual ‘benefits’ offered to plaintiffs in this case. At best the ‘benefits’ accrued to the school, which contracted on their behalf. The ‘benefits’ of contract the Court finds, that plaintiffs have had the advantage of, are the ‘grade’ from their teachers (which, arguably, a school, has no authority to withhold) and the ‘standing’ to bring a case in contract (when arguably the students could not have been expected to understand nor consent to the school’s contract vicariously imposed on them).

‘Schools have a right to decide how to monitor and address plagiarism . . .’ the federal District Court opines, . . . and may employ companies like iParadigms to help do so.’ The District Court then continues citing the U.S. Supreme Court:

. . . the rights of students in public school are not automatically coextensive with the rights of adults in other settings. . . . rights of students must be applied in light of the special characteristics of the school environment.²⁶

The Morse decision cited here came down in a case where a high school student held up the banner: ‘Bong hits 4 Jesus’ (an invitation to smoke marijuana) in a school assembly. The principal seized the banner and suspended the student under a school policy against promotion of use of illegal drugs. This would not have been the first U.S. Supreme Court decision to acknowledge limits on the First Amendment right to freedom of speech: defamation, ‘shouting fire in a crowded theater’, causing public disorder, etc. There are many such decisions, and the limits themselves are ancient. The choice of words the U.S. Supreme Court used in the Morse decision is unfortunate, however, and invite misconstruction and misapplication. It had little to do with ‘school environment’, and nothing to do with ‘rights of students’ not being coextensive with ‘rights of adults’.

That, ‘Schools have a right to decide how to monitor and address plagiarism . . .’ is not the real issue. Academic discipline naturally includes the need to address the problem of plagiarism – that is what schools do. What we must not do is create an entirely unforeseen giveaway of individual rights – because we are too lazy to contemplate the consequences of the ‘waiver’ hidden in the plagiarism-detection company contract.

Of course we should deal with plagiarism – also with sophisticated software. But, we can do this with free software, where the identity of the student writer is not disclosed. Or, if the case is so egregious that the alleged offender must be cited, then give him or her the full rights of due process that our own Student Handbooks call for. If we determine that there was a breach of academic discipline, then it is our business to define and condemn it. We do not hint at allegations for third party personal data profilers to data-mine and attribute back to us.

The constitutional right to confront one’s accuser, and the guaranties of due process, apply against government, not private sector entities such as the plagiarism-detection company. In the FCRA Congress permitted CRAs to withhold sources and prevent action for defamation. However, these powers assume ‘reasonable procedures’ to maintain accuracy, provide ‘strict procedures’ for correction of inaccuracy, and provide notice prior to investigation and release of files. All these rights have been subject to abuse. Yet, we have no power to resist such abuse except refusal to ‘waive’ our rights.

No government, no legislature, no university administration, and no public school board has the authority to ‘waive’ our rights for us, even on behalf of a public interest. That was the real issue in A.V. v. iParadigms – which, regrettably was decided as if it could be dealt with solely as a question of copyright. The vicarious ‘waiver’ of basic rights case will ultimately have to be brought again – though we are a long way from that moment today.