LSAT Thumbprinting a Privacy Violation

By: Omar Ha-Redeye · July 11, 2008 · Filed Under Law School, Privacy Law · 1 Comment 

I always felt like I was a criminal when LSAC, the organization that offers the LSAT exam, required mandatory thumbprints on entry.

Weren’t we the ones defending the criminals (or prosecuting them)? Why are we being treated like them?

This commenter says,

When I was a psychology student I used to administer the LSAT. One thing I always found amusing is that you have to leave your thumbprint to take the test. What does that mean? Other professional or graduate tests do not require this.

Then there is the fact that it’s an American company, meaning the American government would have access to my prints if they so chose.

Should Canadian law students be forced to provide prints to a foreign country as a requirement to entry into a Canadian law school?

And I’m not the only one with these concerns.

Canadians Aren’t so Patriotic about the U.S.

In 2006, Daniel Gervais, acting dean of the common-law section at the University of Ottawa expressed to the CBC his apprehension over the U.S. Patriot Act,

The act gives the power to agencies such as the FBI to get access to information that is sent to the U.S.

Michael Geist, also of UofO, elaborates further,

Test takers in B.C. and Alberta have raised objections to the mandatory thumb-printing, expressing concern sensitive personal information could find its way into the hands of U.S. law enforcement. Empowered by provisions in the U.S. Patriot Act, authorities could compel the LSAC to surrender the data.

Patriot Act fears stem from the secretive nature of the law since authorities can compel disclosures with minimal oversight and without opportunity for the affected person to challenge the disclosure.

Critics also point to the statute’s potential misuse. Those fears were exacerbated last week with reports U.S. counter-terrorism databases contain an astonishing 325,000 names.

There has been swift reaction to the thumb-printing story, with the federal, B.C., and Alberta privacy commissioners joining forces in a combined privacy investigation. The Canadian Council of Law Deans, which represents law schools across the country, has expressed concern over the practice, acknowledging that the data could be subject to a Patriot Act request. The Council raised questions about whether the practice might violate federal and provincial privacy statutes.

Phillipa Lawson, Executive Director – Canadian Internet Policy & Public Interest Clinic at UofO added,

In the LSAT case, the stated purpose of collecting thumbprints (to deter fraud) is clearly reasonable. But is the collection of thumbprints necessary to achieve this purpose? Do other, less intrusive but equally effective methods of deterring fraud exist? And is the fraud-deterrent value of thumbprinting proportional to its privacy invasiveness? The privacy commissioners now investigating this matter will have to answer these questions.

And Mark Lewis weighed in, quipped,

Personally, I think it is time for a cage match pitting the Patriot Act vs. PIPEDA.

Recent developments indicate that round 1 may have just begun.

Non-Profit Status of LSUC Will not Provide Immunity

David Canton of eLegal wrote in the London Free Press recently that the Privacy Commissioner of Canada has found the thumbprinting to be a violation of privacy.

The recommendation came following a complaint by University of Victoria philosophy Professor Eike-Henner Kluge.

The Commissioner used a 4-part test:

  1. Is the measure demonstrably necessary to meet a specific need?
  2. Is it likely to be effective in meeting that need?
  3. Is the loss of privacy proportional to the benefit gained?
  4. Is there a less privacy-invasive way of achieving the same end?

Their conclusion is that thumbprinting were never intended for their expressed purpose, let alone meeting their purpose.

Canton said,

LSAC took the position that since it was a Delaware corporation headquartered in the United States, the privacy commissioner had no jurisdiction over its activities.

The privacy commissioner found, however, that there were sufficient Canadian connections to make LSAC subject to the provisions of PIPEDA, at least to the extent it operates in Canada.

The Commissioner also stated,

LSAC’s status as a non-profit, non-stock, membership-based organization is not determinative. The Act applies to organizations, defined in section 2 as including “an association, a partnership, a person and a trade union.” There is no exemption for non-profit or member-oriented organizations. To the contrary, the definition of “commercial activity,” namely, “any particular transaction, act or conduct or any regular course of conduct that is of a commercial character, including the selling, bartering or leasing of donor, membership or other fundraising lists,” makes clear Parliament’s intention that the Act apply to commercial transactions that non-profit, membership-based organizations might engage in.

Ding, Ding, Ding

So it seems law students, who are in training to defend the rights of others, might finally realize these privacy rights that many have been complaining about for years.

Let the fight begin.

Post tags: , , , , , , , , , ,

UofO Law Students File Against Facebook

By: Law is Cool Contributors · May 31, 2008 · Filed Under Civil Rights, Law School, Legal Research, Marketing/PR in Law · 1 Comment 

We’ve talked about how litigious law students can be, but these four Canadians from the University of Ottawa recently filed a complaint against Facebook to the Federal Privacy Commissioner.

One of the students, Harley Finkelstein, is quoted as saying,

There’s definitely some significant shortcomings with Facebook’s privacy settings and with their ability to protect users.

What’s interesting is how the complaint was raised.

According to Philippa Lawson, Director of Canada’s only technology law clinic, the students were reviewing Facebook as part of their winter term when they identified 22 potential violations of Canadian law.

The complaint was filed on behalf of the Canadian Interest and Public Policy Clinic (CIPPC), and can be viewed online.

The points of interest include failures to:

  1. Identify all the purposes for which it collects Users’ personal information
  2. Obtain informed consent from Users and non-Users to all uses and disclosures of their
    personal information
  3. Allow Users to use its service without consenting to supply unnecessary personal
    information
  4. Obtain express consent to share Users’ sensitive information
  5. Allow Users who have deactivated their accounts to easily withdraw consent to share
    information
  6. Limit the collection of personal information to that which is necessary for its stated
    purposes
  7. Be upfront about its advertisers’ use of personal information and the level of Users’
    control over their privacy settings
  8. Destroy personal information of Users who terminate their use of Facebook services
  9. Safeguard Users’ personal information from unauthorized access
  10. Explain policies and procedures on the range of personal information that is disclosed to
    third party advertisers and application developers

Updates

Harley Finkelstein writes in to Law is Cool, and shares this news release.

Post tags: , , ,