Computers, Privacy & the Constitution

Criminal Records Without Convictions

-- By SeanBerens - 18 Apr 2013

The Problem

In April 3rd's New York Times, Stephanie Clifford and Jessica Silver-Greenberg wrote of a tactic commonly employed by retailers in response to employee theft. Retailers like CVS and Target have begun to report instances of employee theft investigated by their internal loss prevention officers to large databases that track such employee data. Like a bad credit score, these reported thefts follow an employee as he or she seeks subsequent employment. Whereas conventional background checks might yield data like an employee's criminal indictments or convictions, these databases yield information about employment events that are often, legally, no more than allegations. A report in one of these databases effectively prevents the employee in question from ever getting another job with a major retailer.

As a society we purport to regard the detrimental effects of a criminal conviction as serious enough to merit substantial due process protections. If the shame and societal disapprobation of a conviction is going to follow a defendant around for the rest of his or her life, then, at least in theory, we want to have a process in place that guarantees that conviction's accuracy. These databases allow large employers to subvert due process protections but still impart some of the reputational penalties of a criminal conviction. Perhaps an employee marked by one of these databases as a thief will escape the disfavor of the general population, but they will be subject to exclusion by all of the other employers subscribing to the database.

Such exclusion presents moral problems even if it does not present legal ones. Part of the due process afforded to retail employees criminally charged with theft comes in the form of judicial scrutiny of the evidence gathered by a store's loss prevention officer. These "officers" are not held to anything near the standards to which police officers are ostensibly held in the evidence-gathering process. Indeed, many loss prevention officers are failed applicants to police departments across the nation. So, there are multiple reasons to doubt the initial accusation that an employee has stolen from their retail employer. Then, when a store accuses an employee of stealing, fires him, and reports the alleged theft to a database without reporting it to the police, no judicial actor ever reviews any of the employer’s action. A confession of stealing to a loss prevention officer may not seem as serious as a guilty plea in court. It is very possible that an employee might assume that she will be fired one way or another and confess to an alleged theft just to terminate her controversy with the employer. Then, she will not be made aware of the employer's report of the theft to a database until she is refused a job at some other retailer.

Possible Solutions

It is unclear whether there are any appropriate legal means of curtailing this type of activity. As the New York Times article notes, some government officials are examining whether this database violates the Fair Credit Reporting Act. If this type of challenge is unsuccessful, then perhaps private attorneys could bring defamation claims against these databases and their contributors.

Does the employee have some basis on which to show that the information in the database is false? How is a defamation claim to be maintained without proof of falsity?

While there does seem to be collusion here between retail competitors, contribution to these common databases falls short of a restraint on trade necessary to merit antitrust enforcement. All of these possible strategies are of dubious strength and might not be able to curtail this activity.

Perhaps there is a gap in our labor law?

Even if the government could shut down these databases through enforcement actions, would that be the best resolution to this problem? In 1991, Laurence Tribe argued forcefully that the Constitution does not regulate private actors in "cyberspace" in the same way that it regulates the federal government. In his view, the "Constitutions's axiomatic division between the realm of public power and the realm of private life should [not] be jettisoned" in the new world of cyberspace. This case pits large, strong businesses against weaker, isolated individuals but they are all still private actors. Government intrusion into this type of private activity could ultimately lead to government intrusion into other forms of private communication which we might wish to protect. At its core, this type of activity might not be very different from scanning a prospective employee's publicly available Facebook page.

Well, it is obviously different, in ways that should have avoided the comparison for you. The underlying argument appears to be that the state action requirement is important because it prevents more state action in protection of rights, which is not likely to be an appealing argument to people who think the state action requirement interferes too much with state action in protection of rights.

Like so many other dilemmas with individual privacy, the best solution here is probably increasing awareness. Many defects in the area of privacy can be addressed through changes in consumer behavior or technology. For instance, people c an elect to refrain from using Facebook, Gmail or even debit cards.

What has this to do in the world with the problem of the employer blacklist?

In this case, however, the person spreading information is not the person affected by that behavior. Therefore, retail employees must be aware of their rights ex ante, in the real world, and proactively guard against negative entries being made into these databases in the first place. Perhaps employees will be less likely to falsely confess if they know that such a confession will bar them from future retail employment.

You think? But who is going to tell them?

Maybe employees could withhold restitution until they secure a commitment that the employer will not report to a database. If the power imbalance between employees and loss prevention officers is too great to hope for such behavior, then advocacy groups could bring suit on behalf of defamed individuals.

That is, prove that people were falsely accused and that the false accusation was published? How do you think the falsity of the accusation is likely to be proved? How will investigation be paid for?

If employers are made to understand the ramifications of their unreflective reporting of alleged employee theft, then they may choose not to report at all. Without contributors, databases such as these would have no subscribers. Without subscribers, they would cease to exist.

Indeed. But why these businesses should cease to inform themselves about potential employees, you do not say. Would it really be too expensive to settle the infinitesimal number of cases in which the ex-employee has any hope of proving that the original accusation was false?

You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" character on the next two lines:

Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.


Webs Webs

r3 - 14 Jan 2015 - 22:44:39 - IanSullivan
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM