New Packaging for Left-Over Big Data: "Identity Proofing" and "Equality Monitoring"
by Orlan Lee*
“Identity Proofing” is a commercial database search product recently adopted by the US Department of Homeland Security (DHS), other government agencies, and commercial entities, paradoxically, to verify the identity of the holder of identity documents. Clearly, in the security world, tracking has greater appeal than hard copy credentials. No matter the photo IDs and documents with embossed seals, the system relies on confirming our knowledge of database entries: present and former home addresses, present and former employers, details of financial credit experience, names of personal associates, and what the latter say about the person the system has their eye on. If, when “quizzed” about these things, your answers match the contents of your file, you may convince the inquiring IdP client that you are the rightful holder of your ID docs. Without a warrant, even the police could not seize all your personal information in the United States. Of course, nothing can stop you from consenting to provide it. Presumably, you have also consented, sometime, somewhere, for all this to be already available in a commercial file.
Rarely do we see an industry leader—here a developer of prime “identity proofing” products—also admit that a hidden weakness may lie anywhere along the chain of data collection, entry, search, recovery, or solutions application:
Source data is sometimes reported or entered inaccurately, processed poorly or incorrectly, and is generally not free from defect. This product or service aggregates and reports data as provided by the public records and commercially available data sources, and is not the source of the data, nor is it a compilation of the data. Before relying on any data, it should be independently verified.1
The UK Equality Act signifies real advances toward the “Aim of Equality”. Whether or not reliable or useful statistics emerge from the “Duty to Monitor”, British HR practice now outdoes the Americans in their intrusive personal data tracking.
Table of contents
“Identities are various: personal, national, religious, regional, racial, gender…”2 the announcement of an International Conference on Identity Studies tells us. The conference seeks to attract us to deeper comparative studies into religious, cultural, institutional background of what makes us special, and what makes us different from one another. Yet, none of these cultural, social institutional attributes that lend private character, and community bonds to us as individuals and as members of groups is the subject of the new practice of “identity proofing” now in use by major financial institutions and, among others, by the US Department of Homeland Security (DHS), which supervises airport security (TSA3), and immigration and border control (USCIS4), as part of its system of “identity authentication”:
USCIS uses a third-party private sector Identity Proofing (IdP) service to generate a quiz containing questions that only you should be able to answer. These questions are generated by the IdP service based on commercial identity verification information. . . collected by third party companies from financial institutions, and other service providers.5
And this is only a bare sample of the verbal stop and frisk where passing the barrier depends on your confirming the accuracy of personal data in “IdP” files gathered from third party sources. The unspoken assumption here is that the risk of relying on official credentials and government IDs is greater than relying on anonymous, proprietary, private sector “consumer reports”.
The industry denies it, but it is difficult to believe that allowing anonymous “identity proofing” third parties—often located in third countries as well—to scan background files on us to produce their random quiz questions does not contribute to identity theft. The cure the industry promotes is to shift liability to us to review our “consumer reports” periodically. That is completely illusory, since it obliges us to provide them with still more and updated personal data. And, in any case, your “consumer reports” are at best only digests of their files.
Since 9/11, the new DHS department has already been policing who can and who cannot work in the United States and has regularly been requiring two to three official government IDs6 to verify “identity” in all financial transactions and to confirm “employment authorization”. The new directive announcing “Identity Proofing”, outsourcing of our personal data to commercial private-eye data collection companies, alerts us to the inherent inclination of all quasi-secret police agencies to prefer surreptitious personal surveillance to open and accountable reference checking.
Taken literally, implementation of this regulation means that in the future there may be no jobs, no credit, no rental housing, no public utilities, no school or university admission, no telephone, and no internet connection available to us until we provide our private personal data, on each occasion, to a faceless multinational personal data collection agency.
And what is the danger to national security if we refuse (refuse as a nation that is—this is not something we can succeed at individually) to give our personal data to some private-eye spy agency, and to refuse to cooperate with this intrusion into our privacy and infringement of our rights? That some poor soul who makes it across the desert will get a day-job in LA?7 Are we now so afraid of the “huddled masses yearning to breathe free”8 that we have to make ourselves homeless, jobless, and voiceless in our own country in their place?
“Identity verification” and “employment authorization” is something that Americans used to be able to take for granted. Even after the Patriot Act—enacted to provide “tools required to intercept and obstruct terrorism”9 after the events of September 11, 2001—Americans could still satisfy the government’s theoretical concerns about unauthorized persons accessing the workforce by presenting official documents: an official photo ID or our FBI fingerprints. However, as the newly christened Homeland Security bureaucracy grew, preoccupation with lifetime tracking of everyone has led to the desire for deeper probing of our private lives. Suddenly a passport, a birth certificate, a driver’s license, a PhD, or our military service records are all only the bare documentary first steps to “identity authentication”.
The private sector personal data collection industry has been happy to seize this new opportunity to offer data matching services. To prevent the assumed onslaught of “imposters” with fraudulent credentials, they offer to match our private personal identity documents with what they have collected in secret, anonymously gathered, proprietary “consumer reporting” files
…that authenticate an applicant’s identity by presenting multiple-choice questions…that should only be known by that actual person. This patented interactive session binds the applicant to the identity information entered and leverages an analytical model that provides a fraud risk score as part of the overall assessment [...] a far-reaching and comprehensive solution to positively verify and authenticate individuals using consistent and objective score-driven policies that incorporate multiple data assets spanning both demographic and credit history data.10
Actually, the major personal data gathering conglomerates have set up patented ID games based on but not co-extensive with pre-existing “consumer reporting” files. LexisNexis summarizes the situation for its offerings:
Instant Verify, TrueID, Instant Authenticate, Risk Research, InstantID® Q&A, and Instant Age Verify does not constitute a “consumer report” as the term is defined by the federal Fair Credit Reporting Act […] Accordingly [none of the above] may [...] be used in whole or in part as a factor in determining eligibility for credit, insurance, employment, or another permissible purpose under the [Fair Credit Reporting Act].11
Rise of the consumer credit data industry: As they say, USCIS did not invent this identity verification system by themselves. They owe that to the ingenuity of the product managers of the “consumer reporting agencies” (CRAs) who are constantly engaged in finding ways to market applications of the proprietary personal data files they have accumulated on everybody touched by financial credit in the United States.
“It is more economical to let us do it,” the product manager argues. Obviously eyeing shifting government agency budget to the outsource industry:
…Identity proofing allow[s] enterprises to deploy externally-facing, transformational business applications with strong identity awareness established at registration. It solves the problem of expensive, in-person verification by providing cost effective, no-touch identity proofing during the user’s initial enrollment on the Web portal.12
But in-person verification is the least we expect. Go ahead and touch the embossed seals. That should stand for a lot more than a customer-rep in a third country quizzing us on last month’s expenditures or what our neighbour suspects through our back window.
No law ever foresaw acquisition of these vast masses of personal data. It was rather through access to previous credit experience that the old local “credit bureaus” offered to the developing financial services industry that led the latter to share their clients’ files and the former to become an essential element in the credit-based capital markets of the United States.
The statutory authority, if it can be called that, did not come about until Congress attempted, belatedly, to regulate the industry with the Fair Credit Reporting Act of 1970 (FRCA).13 Congress attempted to limit access to these already massive personal data files to those with a “permissible purpose” or a “legitimate business need”.14 However the same section of the statute that limits use also permits sale of “consumer information” to those who intend to make “a firm offer of credit or insurance”, to the individual concerned. Practically everyone with a reasonably good credit history, and many with no credit history at all, merely names and addresses that fall into the hands of credit card and insurance marketing departments, become targets to receive such solicitations. As a result, personal data originally collected from financial services applications has been trafficked far and wide.
The “credit reporting” files become “character and reputation” files: Statutory authorization for “consumer reporting agencies” to opine on “character and reputation” derives initially from language friendly to personal data collection in the preamble of the FCRA:
An elaborate mechanism has been developed for investigating and evaluating the creditworthiness, credit standing, credit capacity, character and general reputation of consumers.15
Thus these files, originally compiled to track lending and credit behavior, long ago took on the mission to assess Americans’ “character and reputation” in accordance with the “credit bureau” or reporting collection agent’s perception of the debtor’s regularity or delay in repayment. Language for future development in the area of pre-employment and insurance solicitation screening as foreseen by the industry was also included in the legislation. Industry files are promoted not only for financial and credit transactions, but also for employment, insurance solicitation, university admissions, professional recruitment, etc. The language of the statute is accordingly quite expansive, allowing the CRAs—or, today, their offspring—to collect
information on a consumer’s character, general reputation, personal characteristics, or mode of living [whatever that is] … obtained through personal interviews with neighbors, friends, or associates of the consumer16
…confirmed only by anonymous third parties, who, the statute assures us:
may have knowledge concerning any such items of information.17
These secret proprietary files are relied on more and more for business, financial, and personnel decisions both by government and by private industry in the United States. not solely for “credit scoring”, but also in specialized CRAs for “recruitment assessment”, “tenant screening”, “insurance claims”, “medical and prescription drugs histories”, “check-writing” and “background checking”, more and more undermining the Fourth, the Fifth, and the Sixth Amendments to the Constitution of the United States (the protections against search and seizure without a warrant, the right to know the nature of any accusation made against us, the right to confront witnesses, and the right to due process of law in general.18
Growing surveillance culture: Ironically, building on the experience of American progressive legislation in the 1960s and 1970s,19 there are superior privacy laws in the EU and the Commonwealth countries today. Nevertheless, blind acceptance of American style surreptitious personal data collection for financial institutions and for “recruitment assessment” and similar purposes is also undermining the same rights in those countries.
Americans have experienced a number of incidents of airline hijacking, terrorism, and money laundering that a free society is ill-prepared to cope with. But the concern with the personal data collection industry here is not about terrorism. It involves more often the sleazy gossip and hearsay of “friends, neighbors, and associates” with grudges and grievances, or with no grudges or grievances…who just do not always have our best interests at heart when they talk about us with strangers, but who the FCRA allows CRAs to poll regarding our “character and general reputation”.
We see this throughout the skewed language of the “consumer reporting”, “recruitment screening”, and the “background checking” industry:
Under the Fair and Accurate Credit Transactions Act (FACTA), a year 2003 amendment to the FCRA, a CRA can make a secret “communication” to an employer that would ordinarily be considered an “investigative consumer report” (that would require prior notice and consent and ultimately disclosure to the employee). Such a secret “communication” can relate to:
In other words, this power allows an employer, via their CRA, ongoing monitoring of the private morality of employees.
Such a secret “communication” may not be made “for the purpose of investigating a consumer’s credit worthiness, credit standing, or credit capacity”—the purpose for which “consumer reporting” originated—since a “consumer report” would require notice and consent. In other words, an employee is protected against unauthorized investigation of credit, but is completely unprotected with regard to violation of the most basic civil rights:
Consumer analytics serve all fears: All of this random personality judgment has essentially nothing to do with terrorism or money laundering and little to do with crime—the evils it is supposed to combat. More often than not it merely contributes to the arbitrary and capricious “scoring”25 and matching of personal characteristics, which may or may not reflect how we “fit in,”26 or how we “get along”, and may, or may not, make us suitable in the eyes of the personal data “screening” and “evaluating” gurus for certain honours, jobs, care-giving obligations to children or to elders, and domestic relationships.
It may be that the alternative of traditional bank letters and letters of reference do not disclose all we may hope to learn when we make inquiries about credit, professional competence, and good character of prospective business partners and employees. That does not mean that digital information gathering technology produces more reliable results when it collects non-objective gossip and hearsay from our casual acquaintances.
In brief, this problem is not simply just about the right to privacy anymore. In a country with mandatory “voluntary waiver”27 of due process of law, where private sector companies have a statutory right to opine on our “character and reputation” with impunity, where personnel managers can order secret “suspected misconduct” investigations of employees without warrant, where multinational personal data collection agencies gather proprietary secret files regarding “character and general reputation” on all Americans—a power which the Congress of the United States itself does not have28 —there is ultimately:
What is more, employers, financial services institutions and CRAs that oblige us to “waive” our rights to sue for libel and slander29 in order to create unmonitored “character and reputation” files, retain all of their own rights to sue to protect their own interests. The FCRA, cited to justify “waivers” on our part, theoretically does preserve our right to sue for “willful non-compliance” with the FCRA, for “false information furnished with malice”, or “willful intent to injure the consumer”.30 Yet, the courts are reluctant to enforce our rights, even in those cases.
None of this is the result of “Big Government” or terrorism. Instead, we can thank a personal data gathering industry gone wild, human resources managers too jaded to check credentials themselves, and the fact that the United States is the only Western democracy without a comprehensive law to control abuse of personal data.
There is nothing in this present review of US personal data policies that involves revelation of secret or clandestine operations. Granted this material may not be widely known—or even known by members of the public at all. But the discussion here is derived entirely from published material of the personal data collection industry, and is reviewed here solely so that members of the public can make up their own minds about whether this is the vision of liberty in America—and soon in the rest of the world that follows the US model—that they are committed to.
Consumer credit analytics The old “credit bureaus”, now referred to in current legislation as CRAs, are at least subject in theory to regulatory oversight under the FCRA. They benefit from immunity from liability for potential lawsuits for “defamation, invasion of privacy, and negligence”31 in including negative reports from credit and financial agency providers reporting to them. They are also permitted to develop “character and reputation” reports attributable to “interviews” with persons with “knowledge of such items of information.” CRAs are also permitted by law to allege that negative decisions—based upon reports originating with them—are not made by them.32
CRAs and/or “background checking” companies have, for many years, been hired to report to employers and financial services companies. Government agencies that require “background checks” for employment purposes also rely on their reports. Under the federal Privacy Act of 1974,33 any agency that collects personal data for a specific purpose cannot share that personal data with another government agency—except for “routine purposes” such as for law enforcement or collection of debts owed to the federal government—without permission of the individual concerned.34 Therefore, to sweep government agency files, “background checks” are outsourced to CRAs or “recruitment assessment” agencies, which, by obliging the individual applicant to provide a “voluntary waiver”35 of his or her right to confidentiality, may consolidate background files that government agency holders themselves cannot provide.
New packaging for left-over big data: The introduction of the new so-called “Identity Proofing” (IdP) companies (as opposed to CRAs) presents an entirely new situation. IdPs limit themselves to confirming an “identity profile”. Insofar as they distinguish themselves from CRAs, IdPs consider themselves relieved of the regulatory requirements of the FCRA to update and correct reports of information submitted by providers. In fact, they have no “providers”. Their sources of information are public records and the existing consumer files of their parent CRAs, that obtain access to confidential sources (government agencies, schools and universities) by requiring “voluntary waiver” from the employee or applicant so they can sweep both official and private sector sources concerned. The IdP itself only locates existing materials. It does not create or assemble anything. It merely tracks a person back through his or her existing third party file history:
USCIS uses a third-party private sector Identity Proofing (IdP) service to generate a quiz containing questions that only you should be able to answer. These questions are generated by the IdP service based on commercial identity verification information. . . collected by third party companies from financial institutions, and other service providers. (Department of Homeland Security)36
“If you pass the quiz… and decide to move on… to confirm your work authorization status…. The IdP sends USCIS a transaction number, a pass/fail indicator, the date and time of the transaction, and any applicable error code(s)…”.37 In other words, even given a backward-looking surveillance of your life history—which under the Privacy Act a US Government agency could not conduct on its own without probable cause and judicial warrant, a US citizen or legal resident may still be denied “identity verification”, and potentially, “employment authorization” in the United States.
The potential consequences of a “fail” or significant negative “error score” are horrendous. Taking the cited language of USCIS literally, you can lose your identity regardless of whether or not you hold genuine identity documents. As a result, you can potentially lose employment, financial services, rental accommodation, access to travel and communication, and even internet and/or cable TV connection. This is not spelled out on the various IdP websites. But it is an obvious threat for lack of “cooperation” with whoever is sitting there when you are called in.
Nor is there any real conviction, even in these IdPs, that they are making any unqualified contribution to the well-being of the nation by reshuffling personal data collected by other private sector agencies. LexisNexis one of the leading personal data vendors has a number of different IdPs serving the info-market’s special needs. But LexisNexis itself is clear about the uncertainty of re-sold data that was never fully vetted in the first place:
Due to the nature of the origin of public record information, the public records and commercially available data sources used in reports may contain errors. Source data is sometimes reported or entered inaccurately, processed poorly or incorrectly, and is generally not free from defect. This product or service aggregates and reports data as provided by the public records and commercially available data sources, and is not the source of the data, nor is it a compilation of the data. Before relying on any data, it should be independently verified.38
If this is true of public records, how much more is it the case of the gossip and hearsay collected by the personal data collection CRAs. The IdP concept has the appearance of re-sale packaging of personal data collected for a different purpose. Heretofore, use of essentially left-over, unverified personal data for neither a “credit related”, nor an “insurance” or “employment” use would not qualify as a “permissible purpose” under the FCRA.39
What the IdPs and their users are not telling us here is that there is actually no need to outsource a public records check at all. Although the Privacy Act prohibits consolidation of personal data files from different federal agencies into one federal government database, a consolidated federal criminal records database (assuming that is what a background check should be lookingfor ) already exists. The obligation of the FBI to maintain an accurate and updated database of criminal records was established by court order 40 years ago.40
In brief, we already have a national criminal records bureau41 as the result of the many years dedication of the Brady Campaign that produced the Brady Handgun Violence Prevention Act of 1991.42 We are also indebted, by the way, to the 15 years of resistance to the Brady Campaign by the National Rifle Association (NRA) that the Brady law also established, the National Instant Criminal Background Check System (NICS), which satisfied NRA demands for “instant” criminal background checks—something that none of the commercial CRA “vendors” has yet been able to provide.
Also, thanks to the privacy and civil rights concerns of the NRA, no social security number and no fingerprints had to be provided in order to benefit from this service—at least originally. While this special privacy protection also appears to have suffered under the Patriot Act, once the purpose for which this mildly intrusive “background check” has been completed—that is the sale of a handgun to a lawfully authorized purchaser—the file is deleted and does not become the proprietary file of any third party CRA “vendor”. Once the gun lover purchases a weapon, once the licensed gun shop completes the sale, notation is made of the weapon number, and the first handgun buyer goes on his or her way.43 (Of course, the tracking may be more difficult if the first buyer sells the gun.)
Thanks again to the diligence of the NRA, the Brady Law also includes a model provision to require agency review and expedited correction of any erroneous entries in official records so that a lawful handgun purchaser is not unduly inconvenienced in acquiring a weapon.44
Ironically, reportedly security concerns45 (and of course gun ownership promotion) now make it much easier to arm yourself with a deadly weapon than to obtain lawful employment in the United States. But let us be clear-headed about it, this means that the gun lovers in the United States have been better advocates for the defense of the presumptive “right to bear arms”46 than the working man and woman have been of “the right to work”47.
The practice of “Identity proofing”—based not upon official documentation, but rather upon solely commercial “consumer reporting”/”credit reporting” files is a very disturbing new development. Of course we all have birth certificates, passport files, school/university files, military records, tax records, and employment histories. According to the US federal and state Privacy Acts these records are accessible by waiver in each of the various separate federal, state, or local administrative agencies, and/or private institutions for verifying our background, credentials, military service, and payment of taxes.
The new “identity proofing” process, leading to so-called “work authorization status”, is more alarming. If we do not consent to waive confidentiality or permit consolidation of all our personal data in the central proprietary/private-eye surveillance files, subject to “assessment and evaluation” of anonymous third parties who may have distinctly opposing notions of the good life, but are not subject to the regulatory, including data verification, requirements of the FCRA—the only official personal data collection oversight we have in the United States—we could be barred from employment, financial transactions, housing, travel, communication, etc. In other words, we can simply be made to disappear.
Nosy Demographics: In the United States, there is federal legislation prohibiting discrimination in employment on the basis of sex, race, color, age, disability, religion, national origin, and genetic information. There is also some broader state and local discrimination law. These prohibitions generally mean we are bound not “to consider” references to sex life or other prohibited categories in credit, admissions, and employment matters in the United States today. “Not consider” means “not to ask about”48 in the US—although “mode of living” and “lifestyle” are euphemisms that are still expressly permitted in third party background screening.
In the UK, it is also prohibited to discriminate in employment, on similar bases, or “to consider” legally protected sexual identity matters, for example. However, equal employment practices differ there. In order “not to consider” protected areas the practice has arisen for UK human resources offices to collect self-designation data for sexual identity, religion, and ethnic/racial origin, and disability, for purposes of “equality monitoring”—theoretically to demonstrate accessibility to consideration for employment and presumably to demonstrate reasonably proportional hiring.
Typically, an equality monitoring data collection form is literally a continuation of the application form for the vacancy—although we are assured that HR will separate it out, so that the “selection panel” never sees it. However, the equality monitoring form itself also repeats all the essential personal data from the main application form, so that the individual applicant is clearly identifiable—albeit only to need to know persons. Although this form is not to be released to the selection panel most include date of birth and call for self-designation identification in check-off boxes for religion, ethnic origin, disability/handicap, sexual orientation, and
Is your gender identity different from your birth sex?49
To many Americans, the British are thought to be those fastidious Victorians we see in old movies when it comes to intrusive conversation on such matters. Yet, we are told that those who value their jobs are learning to cope with a new reality in the UK human resources ideology, today:
Staff are increasingly open and comfortable in declaring equality information. The proportion of staff declaring a disability has increased substantially, especially for our Associate Lecturer staff. Staff are confident to declare sensitive personal information. The proportion of staff declaring religion or belief and sexual orientation in the staff survey is increasing.50
Whether such data is considered by the selection panel during recruitment or not, it is clearly identifiable to the applicant, and if outsourced for storage may well find its way into a common personal data file of an outsource recruitment screening company that serves multiple employers. We are advised on one application form:
You may submit information, including personal data and sensitive personal data to us […] Sensitive personal data is information as to your racial or ethnic origin, political opinions, religious, philosophical or similar beliefs, trade union membership, physical or mental health, sexual life, commission of criminal offences and/or involvement in criminal proceedings. […] Your information may be controlled and processed by any of our offices. You acknowledge and agree that the location of our offices may change from time to time and that we may acquire other offices in any number of other countries or territories at any time […] Some of our offices and those of our affiliates, agents or representatives are located in countries outside the European Economic Area [like the United States] which do not have well developed data protection….51 (Privacy Statement, WebSAF)
We are told, for example that: “WebSAF (Web Standard Application Form) is WCN's52 online, transferable application form used by over fifty of Europe's top employers.”53 Also: “If you have already applied to another company who also uses a WebSAF form, your personal details will be completed automatically when you enter your existing WebSAF username and password into our online application form.”
In any event, the equality monitoring form is intended to be included in the applicant’s personnel file if he or she is hired. UK universities that collect “Equality Monitoring” information as part of the positive “duty” under the Equality Act assure us that such information will not be submitted to the selection panel, that “it will be used anonymously for statistical purposes” —though it will become a part of your permanent file. Bucks New University is one of the most informative as to this plan:
We understand that for a variety of reasons you may be reluctant to disclose all or some of the data we ask for but please be assured that it will be held by the Human Resources Directorate in the strictest confidence. It will be used anonymously for statistical purposes for instance, internally in conjunction with the Equality and Diversity Service to find out if our equality policies are working effectively and help us decide our priorities for action and externally, for approved external bodies such as the Higher Education Statistical Agency (HESA) which collects and monitors data from all higher education institutions. The form will not be kept with your application form and will not be seen by those involved in selecting applicants. If you are later appointed, this information will be kept in a restricted access area on your personal file ….54
The human resources offices, which retain operational control of this information, have been far from voiceless in this development. A variety of non-discrimination laws had already existed, and were consolidated, in the Equality Act 2010. The last area to be covered was age discrimination, as mandated in the EU Directive of the year 200055. Formal extensions had delayed full implementation of the Directive for six years. Then the UK complied with only incremental legislation for another five.
How HR policy affects such decisions rarely comes to the surface. Yet, it was apparent in resistance to age equality protection. HR departments and line managers often expressed themselves in terms of artful folk-wisdom: “Age improves wine up to a certain point, but after that point, deterioration sets in.”56 Too much wine also leads to drunkenness, but that had never led to its being banned in the colleges. This is just the “clearing the deadwood” argument in more elegant terms: “Those who are left to decide their own retirement age don’t always know when to go”,57 they said. That may be true as far as human nature is concerned. But it is far from adopting objective measures of performance, or of explaining the motivation of those as deeply engaged in their work at more advanced age as many a younger colleague.
Managers appear to be at ease in mixing motives on this subject. When Cambridge adopted an Employer Justified Retirement Age (EJRA) in 2012, the Director of Human Resources enthused:
…the reform will…promote more innovation in the university’s research; and “refresh” academic thinking and inquiry.58
So much for Oxbridge business English. When demographics favour equality—favour equality. When demographics seek places for fresh graduates—go back to time-worn stereotypes. Who will believe that Cambridge “departments dominated by the excellent but elderly”59 were being “reformed” because of failing “innovation in research” or backward “thinking and inquiry”. Neither would the new “intergenerational fairness” standards apply universally. Equality Act age protection continues to apply to non-academic staff.60 Oxford also adopted an EJRA in 201161, with the same distinctions.
In the meantime, the UK Supreme Court has set a major precedent when it dismissed an age discrimination lawsuit by an equity partner of a law firm bound by contract to retire at age 65, calling this: “a proportionate means of achieving a legitimate aim”.62
In other words, the leading universities and the Courts effectively abandoned the ideal of pursuit of livelihood, regardless of age, as a human right and set aside law which could have achieved “proportionate” distribution objectively, no longer based solely upon age.
The public-sector equality duty. The UK Equality Act 2010 consolidated pre-existing prohibitions against employment discrimination. And Equality Act measures may have contributed significantly to inspiring employers to overcome long-standing ills of the workplace:
We will not tolerate any form of bullying or harassment. Examples include unwanted physical contact, personal insults or name-calling, sexual innuendo, coercion, constant unfounded criticism, unwanted intrusion, persistent patronising or exclusion, and derogatory comments. This is not an exhaustive list and further examples are included in the two bullying and harassment codes of practice, one for students and the other for staff.63
However, amendment to the Equality Act in 2011 has added a new public sector “Equality Duty”, that can be interpreted as going far beyond the obligation to eliminate unlawful discrimination and to include a public sector duty to advance equality of opportunity and foster good relations, in the exercise of all public sector functions.
The legislative admonition to “have due regard” “to eliminate discrimination”, “advance equality of opportunity”, and “foster good relations” (s149) has suddenly taken on a positive law significance that inspires some human resources and professional recruitment bodies to go beyond familiar diversity efforts in hiring and resort to personal data gathering analytics that contribute to procedures from admission of students, to hiring of faculty, to “minority” interest group formation and networking, to research direction and funding for faculty.
The Open University has been particularly outspoken on this subject. Not only does “equality monitoring” policy affect non-discrimination in hiring, it also orients us in the appropriate direction for our private interests and research, research collaboration, and contracts:
We developed our student monitoring information so that our Programme Committees can review the participation and outcomes for different student groups more easily as part of their annual quality review process. We supported curriculum development and research that advances equality and fosters good relations through promoting understanding, across a range of characteristics, including ageing, disability, religion, gender, sexual orientation and socio-economic inequalities.
We developed a Code of Practice Supporting the Management of Research to ensure that the 2008 Research Assessment Exercise submission and selection process were conducted in a fair and transparent manner. We developed a new approach to considering equality during policy development and when managing change projects. Our Equality Analysis method ensures that we give active consideration to equality implications at an early stage and we have embedded this method in our annual unit planning process. We developed a range of additional resources to support staff in embedding equality in their work, including a resource to support assessment with partner institutions, and a resource to strengthen equality in contracting….
In addition, it promotes social “networking” on the basis of approved “minority” axes, and mentoring of leadership in these areas:
. . .For staff, we developed a framework to enable staff networks and gave practical support to help a number of these to get started, including networks for ethnic minority staff, for lesbian, gay, bisexual and transgender staff, and for disabled staff. We introduced religion or belief and sexual orientation questions in our staff survey and we analysed survey results by a wide range of characteristics. We responded to issues identified in the surveys, for example we developed Aspire, a leadership mentoring programme for minority staff. We developed a new Disability and Employment website to enable managers to respond effectively to the needs of disabled staff.64
“Equality” by the above definition: “understanding, across a range of characteristics”, calls for first verifying the demographic distribution of applicants by collection of their personal data, then achieving “equality” through the proper demographic distribution of employees into equal “minorities”.
Regrettably, sometimes a movement that started out seeking “equality of opportunity” may shatter over the demand for equally shared convictions. Selection committees are not restrained in their demands that successful applicants provide evidence of: “willingness to commit to the Core values” of the university. “…to work flexibly in a collegiate manner and having a commitment to diversity and equality.”65
Of course those of us who believe in democracy aspire to achieve equality of opportunity. Some of us believe by competition on the basis of merit. We are not necessarily looking for equality by membership in personal identification with ethnographic or social minorities. Democracy does not have to mean a lot of balkanized same-ness groups.
On the one hand it is quite remarkable that promotion of “diversity” or “multiculturalism” could have taken such a hold in the home country of an historically more or less homogeneous former colonial empire that it would attribute such importance to integrating an ethnic, religious, sexual identity distribution of every former dependent people, along with groups socially varied in other respects, in every home country employer institution. On the other hand, isn’t this an awfully casual way of saying that in order to preserve what we value in our make-up or cultural origins that we cannot do it as one people with private and personal differences, but only on the basis of a kind of federated communalism.
In the United States we still tend to talk in terms of a “melting pot” philosophy—although some parts of the country may be more communally divided than in Britain. However, as far as hiring is concerned, the collection of personal data “not to be considered” through the same IT channels employed for personal data “to be considered” on the assumption that there is some benefit accruing to those contributing such data, and that it is kept away from hiring decision-makers, is in a more restrained way the same persuasion as that of the major players of the personal data collection industry. It is like climbing Everest. You collect irrelevant “personal data” not because there is an overriding need or purpose, but simply because it is there.
Despite the best intentions, an HR database for one purpose is no more secure than a database for another purpose, and data files processed by “recruitment screening agencies”, which tend to be located in the United States, where the personal data collection industry and financial institutions have long resisted any such strict personal data protection laws as exist in the UK, makes a mockery of thinking that UK personal data protection is preserved once it is sent abroad.
Typically a UK HR webpage will read, as for example the webpages of, say, Salford University:
Irrespective of where the data may be [in our system], we will abide by the UK Data Protection Act.
That should mean that their data security is as good as it gets. However, the same paragraph adds tangentially:
Your information may be controlled and processed by any of our offices. You acknowledge and agree that the location of our offices may change from time to time and that we may acquire other offices in any number of other countries or territories at any time, any one or more of which may act as a controller of and/or process your information.
It is amazing how many UK universities now claim such “overseas locations”. But, the line continues:
We will not disclose your data to any other third party unless for recruitment purposes.66
Now how exactly does all that qualification shade the meaning? “Your information may be controlled and processed by any of our offices.” Really? When we are applying for a vacancy in the only known offices of one of Britain’s red-brick local universities in a Manchester suburb? And, “We may acquire other offices in any number of other countries”? Suppose they do open such offices in “other countries”, is it likely that expressly the HR files for the North of England area will be filed so far removed from the departments with the vacancies applied for?
Then, we do come closer to sensible meaning below: a third party may be involved for “recruitment purposes”? In plain English that sounds like outsourcing to a “recruitment screening agency” most of which are American institutions that store data files in the United States, where there is as good as no personal data protection law, and where personal data “assessed” or “evaluated” for one client falls, for that purpose, under the copyright of that agency, and can easily be re-sold to another client.
Not every employer or financial institution in the United States will confirm this, but one that does tells us that if a consumer report is obtained,
The consumer reporting agency may keep a copy of the report and disclose it to others having a legitimate need for such information.67
The “legitimate need” language derives from the FCRA68 — where it originally meant sharing “credit reporting” records with a prospective creditor, not a wholly unrelated prospective employer, who had not made “clear and conspicuous disclosure”69 to the prospective employment applicant.
However, this makes clear that stored data for re-release is not limited to hard data credit reporting figures anymore. “Assessment” and “evaluation”, that the data subject never sees, is for good or evil reported in complete disregard of Fourth Amendment protection against seizure of protected personal data without warrant, Sixth Amendment guaranties of confrontation of witnesses, and Fifth Amendment protection of due process.
Furthermore, personal data once “assessed” or “evaluated” is not personal data anymore. It has become the copyrighted work product of the data collection agency. Thus personal data, once disclosed, has lost any protection it may have had in the United States. But the personal profile produced by the CRA or “recruitment assessment” agency is protected intellectual property.
The purpose of business school English today is not so much to inform as (1) to capture the “consumer”: “Listen carefully, our menu has changed”, and (2) to escape liability: “By accessing this website, you agree to the terms & conditions” are classic examples of how to hide what no one in a bargained-for contract would agree to. Where technology takes over it is not to facilitate “interactivity” or “intercommunication”, but to avoid it.
We often hear from IT or social media operators that privacy does not exist anymore. They really mean that they do not want to be bound by privacy laws. They tell us that technology has also moved beyond copyright law, and, unless it is their own, that they should not be bound by copyright either. Then their special interest organizations promote something as involved as the US Digital Millenium Copyright Act (DMCA),70 that creates statutory dilemmas never dreamt of before. What these people tell us is of course what suits their purposes. The common law of trust and confidentiality, privacy, and personal injury goes on as before—while they attempt to enforce the more favourable, much more wide-ranging Digital-Millenium Copyright Act.
The Common Law in context: What is true is not that the “old law” does not exist anymore. Rather, we have to look at the law in context, and “update” and add new law where necessary. Privacy law as far as it exists in the United States is alive and well, and many of us would fight to keep it. However, it is often derived by implication from sources where the word “privacy” itself does not appear. We say that we are protecting privacy when we say that the police need a judicial warrant prior to search and seizure. Privacy is also the implied right protected in reproductive areas. Copyright is, however, entirely statutory. It is provided for in Article I of the US Constitution, but length of copyright protection has been determined and varied by Congress entirely dependent on influences at work in the political, legislative area at any given time. However, it allows data-handlers to convert pure data, which loses its protection once it is disclosed or permissibly released, into intellectual property once its content is assessed or evaluated.
Changes and advances in privacy and copyright law insofar as the rights of individuals are concerned have come to the Commonwealth and European Union countries—perhaps on the basis of inspiration of early Anglo-American individualistic liberalism, but this is long since a liberalism maturing in the EU and suppressed by commercial special interests in the United States.
“Market analytics” and “recruitment screening”: There are two separate commercial forces at work in the attack on personal data protection. The one seeking to collect our personal data to market to us (“market analytics”). The other seeking to collect our personal data to market us to ourselves (“recruitment screening”). Both of these marketing techniques are highly profitable, but neither one of them adds anything new to the economy.
Information technology and social media: When we say “information society”, we think of a world of technological advances that make it possible for us to gather facts, store knowledge, and apply all that we have learned with much greater efficiency than was available to us in previous generations. That is true with the advances from the typewriter to the word processor. We can write faster. We can amend and correct. We can cut and paste. We have come through punch card technology, to Univac, to software-defined storage, to cloud computing. It has become possible to eliminate file-storage and create searchable electronic databases. Rapid location of obscure data is the gift of the world of web browsing. Yet, reliance on search-results of electronic databases can be deceptive.
That there is an inherent danger in all of this—the danger of personal data files we know nothing about—the danger of confusing recorded data with absolute truth—was recognized long before the “information age”. The development of electronic recording and recovery of data leads to inevitability of its use—and the desire for a realm of artificial intelligence in decision-making. This discussion is not a warning that fair use of AI does not exist. It is only a call for return to “the Code of Fair Information Practices”.71
* Orlan Lee, MA, DrJur, JurisDr, LLM, Life Member, Clare Hall, A college for advanced study in the University of Cambridge. The present paper was originally prepared for SubTech 2014: 13th International Conference on Substantive Technology in Legal Education and Practice, Vienna, 2014.
1 See, LexisNexis, “Identity Proofing & Identity Authentication Solutions from LexisNexis”, http://www.lexis-nexis.com/backgroundchecks/business/identityproofing-verification-authentication.aspx (disclaimer). Retrieved 5 December, 2014.
2 “International Conference on Identity Studies”, Centre for Research in Social Sciences and Humanities, Vienna, 26–27 July, 2014, http://socialsciencesandhumanities.com/upcoming-conferences-call-for-papers/international-conf.
3 Transport Security Administration (TSA).
4 US Citizenship and Immigration Services (USCIS).
6 To work in the United States, DHS requires employers to see and record information from three lists of documents (DHS Form I-9, Employment Eligibility Verification): one from List A, documents that establish both identity and employment authorization (6 documents acceptable); or one from List B, documents that establish identity (12 documents acceptable), and one from List C, documents that establish em¬ployment authorization (8 documents acceptable).
7 Widely quoted estimates of numbers of undocumented aliens living in the United States center around 11.2 million. Presumably, many of these must have entered the US legally and remained beyond their visa limits. See e.g., JS Passel, “Estimates of the Size and Characteristics of the Undocumented Population”. Pew Hispanic Center, Report, March 21, 2005. If the illegals are employed without proper documentation on the “dark side economy”, then effectively the “identity proofing” system only burdens the life of the legal working population.
8 from Emma Lazarus, “The New Colossus” (1883). Every American schoolchild sometime learns to recite this poem, which has been inscribed on the pedestal of the Statue of Liberty since 1903.
9 USA PATRIOT Act, Pub L 107-56, 115 Stat 272 (2001), in the title of the statute itself.
10 Equifax, “Identity Proofing” brochure, at http://www.equifax.com/assets/IFS/efx_ identity_proofing.pdf.
11 “Identity Proofing & Identity Authentication Solutions from LexisNexis” (n 1 above).
12 Equifax (n 10 above).
13 FCRA, 15 USC § 1681. The emergence of “credit reporting”, now “consumer reporting”, and of statutory regulation that came much later, is summarized in Orlan Lee, Waiving Our Rights: The Personal Data Collection Complex and its Threat to Privacy and Civil Liberties (Lexington Books 2012), ch 2.
14 See s 604 FRCA, 15 USC § 1681b.
15 FCRA, 15 USC § 1681a(2). See also Lee (n 13 above) 66.
16 FCRA, 15 USC § 1681a(d)(3)(D)(e).
17 ibid. See also Lee (n 13 above) 70 ff.
18 ibid, 1 ff.
19 There is no comprehensive personal data or privacy law in the United States beyond what is contained in the FCRA. However, the following examples indicate the growing interest in such legislation: Freedom of Information Act 1966; The Privacy Act 1974; Family Educational Rights and Privacy Act (FERPA) 1974; The Right to Financial Privacy Act 1978; Electronic Communications Privacy Act,1986; Health Insurance Portability and Accountability Act (HIPAA) 1996; and marginally Financial Services Modernization Act (Gramm Leach Bliley Act) 1999. Many traditional rights of Americans are seriously inhibited by the USA PATRIOT Act of 2001.
20 “Red-lining”, or drawing red lines on the map around deteriorating or “changing” areas of major American cities where financial institutions had decided not to lend, was widely suspected in the 1960s. The FCRA of 1970 was enacted as part of consumer reform intended to remedy that practice. Cf Lee (n 13 above) ch 2.
23 s 601(1)(B) FACTA, PL 198-159, 111 Stat 1952 (2003), a 2003 amendment to the FCRA.
24 See, US Office of Personnel Management’s “Suitability Matrix” , a curve ranging from minor impropriety to disruptive and violent behavior, http://hspd12pl.org/files/suitability.matrix.pdf. How to apply this new background screening standard to senior scientists of 30 years standing was an issue in NASA v. Nelson, slip opinion 559 US __(2010), http://www.supremecourt.gov/opinions/10pdf/09-530.pdf.
25 ADP, for one, prides itself on development of “smart hiring technology”, “which rates each individual background report behind-the-scenes”, “each candidate is given one overall scoring”. ADP Selection Services, p 71. See Lee (n 13 above) 56.
26 Infolink on its personality analysis system: “people rarely succeed or fail due to lack of skills or intelligence. Instead their success or failure is due to personal characteristics such as aptitude, motivation, and especially temperament (behavior).” http://www.infolinkscreening.com/infolink/Services/Behavioral.aspx retrieved 31 December, 2006. Infolink appears in the meantime to have been acquired by Kroll. See Lee (n 13 above) 57 ff.
27 As, for example, the employment “Notification and Consent” form of Colgate University: “I must authorize the procurement of [an ‘investigative consumer report’ that]…will include character, general reputation, personal characteristics, mode of living, etc., obtained through interviews with neighbors and associates.” See discussion in Lee (n 13 above) ch 1.
28 See “Can Congress Authorize a Secret Proprietary Masterfile on Every American?” in Lee (n 13 above) ch 6.
29 As, for example, Harvard’s “Consent for Pre-Employment Reference and Background Checks”: “In consideration of Harvard’s review of my application for employment, I hereby release any individual, and Harvard University from all claims or liabilities that might arise from the inquiry into or disclosure of any…information, including claims under any federal, state, or local civil rights law and any claims for defamation or invasion of privacy,” https://www.uos.harvard.edu/information/reference_consent-form.html, retrieved 14 December, 2006. Italics added.
30 FCRA, 15 USC §1681h(e).
31 “[N]o consumer may bring any action or proceeding in the nature of defamation, invasion of privacy, or negligence with respect to the reporting of information against any consumer reporting agency, any user of information, or any person who furnishes information to a consumer reporting agency, based on information disclosed…or based on information disclosed by a user of a consumer report to or for a consumer against whom the user has taken adverse action…based in whole or in part on the reports, except as to false information furnished with malice or willful intent to injure such consumer.” FCRA, 15 USC §1681h(e).
32 “If any person takes any adverse action with respect to any consumer that is based in whole or in part on any information contained in a consumer report, the person shall…provide to the consumer…a statement that the consumer reporting agency did not make the decision to take the adverse action and is unable to provide the consumer the specific reasons why the adverse action was taken.” FCRA, 15 USC §1681m(a)(1)(2)(B).
33 Privacy Act, 5 USC §552a.
34 Privacy Act, 5 USC §552a(a)(b)(3): “No agency shall disclose any record which is contained in a system of records by any means of communication to any person, or to another agency, except pursuant to a written request by, or with the prior written consent of, the individual to whom the record pertains, unless disclosure of the record would be…for a routine use….”
35 An outstanding example of this kind of mandatory “voluntary waiver” is contained in the Colgate University’s “Notification and Authorization to Obtain Information”: “I VOLUNTARILY AND KNOWINGLY AUTHORIZE ANY PRESENT OR PAST EMPLOYER OR SUPERVISOR, COLLEGE OR UNIVERSITY OR OTHER INSTITUTION OF LEARNING, ADMINISTRATOR, LAW ENFORCEMENT AGENCY, STATE AGENCY, LOCAL AGENCY, FEDERAL AGENCY, CREDIT BUREAU, COLLECTION AGENCY, PRIVATE BUSINESS, MILITARY BRANCH OR THE NATIONAL PERSONNEL RECORDS CENTER, PERSONAL REFERENCE, AND/OR OTHER PERSONS TO GIVE RECORDS OR INFORMATION THEY MAY HAVE CONCERNING MY CRIMINAL HISTORY, MOTOR VEHICLE HISTORY, SOCIAL SECURITY NUMBER, EARNINGS HISTORY, CHARACTER AND EMPLOYMENT (INCLUDING REASONS FOR TERMINATION), CREDIT HISTORY, CREDIT CAPACITY, OR CREDIT STANDING OR ANY OTHER INFORMATION REQUESTED BY INFOLINK” [Colgate’s recruitment assessment agent; capital letters are as in the original.] In the past, Colgate University was one of the most “liberal” of American universities. When the 1958 National Defense Education Act required a loyalty oath for student loans, Colgate, along with Harvard, Yale, Oberlin, and many other colleges and universities actively rejected this “Orwellian” means of “thought control”—at least for the time being.
36 Official Website, Department of Homeland Security, http://www.dhs.gov/sites/default/files/publications/privacy-pia-update-hsin-3-5-22-2013.pdf http://www.dhs.gov/sites/default/files/publications/privacy-pia-uscis-myeverify-september2014.pdf , p.4
38 See LexisNexis, n 11 above. Italics added.
39 See Federal Trade Commission Regulations, 16 CFR 600 (United States), Commentary on the Fair Credit Reporting Act.
40 See Tarlton v Saxbe, 507 F 2d 1116 (DC Cir 1974).
41 Comparable to the former Criminal Records Bureau (CRB), now Disclosure and Barring Service (DBS), for England and Wales, for Scotland, and presumably for all the other EU countries.
42 Pub L 103-159, 107 Stat 1536 (1993), codified as 18 USC §§ 921 and 922. Jim Brady was White House Press Secretary for President Ronald Reagan. He was severely injured during an assassination attempt on the President in 1981. He and his wife then led an effort to secure passage of the 1993 Brady Handgun Violence Prevention Act that included a background check requirement for purchase of a handgun.
43 18 USC § 922 (C)(a)(1), (C)(2)(C).
44 18 USC §103 (f)–(g).
45 The Pew Research Center, which describes itself as “a nonpartisan fact tank that informs the public about the issues, attitudes and trends” reports that “nearly half of gun owners (48%) volunteer that the main reason they own a gun is for protection”, http://www.people-press.org/2013/03/12/why-own-a-gun-protection-is-now-top-reason/.
46 The Second Amendment to the Constitution of the United States, reads: "A well regulated Militia, being necessary to the security of a free State, the right of the people to keep and bear Arms, shall not be infringed." But Americans are not like the Swiss waiting for a call to arms to defend the state. Gun fanatics think they have a right (under the Declaration of Independence) to take up arms against the state when their right to bear arms is threatened. More alarming is the number of gun lovers with assault weapons.
47 Used here expansively. American courts have occasionally referred to a right not to be deprived of “livelihood”. The “right to work”, in those states that have it, refers to the right not to be obliged to join a union in a contractually unionized industry.
48 See e.g., “Interview Questions, Dos and Don’ts”, University of Texas, Houston, http://hr.uthtmc.edu/Supervisors_Toolkit/Interview_Quest_DoI.pdf; Alison Doyle, “Illegal Interview Questions,” http://hr,uth,tmc,edu/Supervisors_Toolkit/Interview_Quest_DoI.pdf ; Ira S. Wolfe, “Interview Questions that You Can and Cannot Ask,” http://supersolutions.com/pdfs/Interviewing-Guide_WhatCanYouAsk.pdf ; Joseph Anthony, “Don’t Ask a Job Applicant These Questions,” Http://www.microsoft.com/Smallbusiness/resources/Management/recruiting_staffing/don’t_ask_a_job_applicant_these_questions.mspx.
49 See e.g., the University of Manchester, Equal Opportunities Monitoring Form. UK university job application forms and attached equal opportunities monitoring forms are today generally available only after collection of personal data, i.e., “account registration”. As a result, they are not always accessible on open internet sites.
50 The Open University, ‘Equality and diversity…making it happen’, http://www.open.ac.uk/equality-diversity/sites/www.open.ac.uk.equality-diversity/files/pics/d136235.pdf, p. 19.
51 WebSAF Privacy Statement, https://static.wcn.co.uk/company/lbs&m/privacy.htm.
52 As WCN describes itself: “WCN is a pioneer and leading supplier of innovative e-Recruitment solutions, with over 15 years experience improving the business performance of many of the largest employers in the UK and across the globe. With a unique blend of recruitment and software expertise, WCN provides complete solutions to its clients via best practice e-Recruitment software and unrivalled customer service and advice.” (http://wcn.co.uk/, Retrieved 5 December 2014)
53 University of Birmingham http://www.birmingham.ac.uk/staff/jobs/faqs/submitting/Starting-a-New-Blank-Form.aspx.
54 Buckinghamshire New University, Equality monitoring information, http://bucks.ac.uk/...equa- lity_monitoring_form_-_august_2011.doc, recovered 11 December, 2014.
55 EU Directive 2000/78/EC of 27 November 2000, establishing a general framework for equal treatment in employment and occupation.
56 Professor Thomas Körner, Fellow of Trinity Hall, Cambridge, a mathematics genius who Wikipedia says is 68, and who we might hope to be the last to believe in such fables, quoted by Eleanor Dickinson, in “Analysis: Should Cambridge dons be made to retire at 67 ?” The Cambridge Student, April 25, 2012, http://www.tcs.cam.ac.uk/news /0016016-analysis-should-cambridge-dons-be-made-to-retire-at-67-2.html, recovered 11 December, 2014.
58 Mr Indi Seehra, HR Director, quoted in “Cambridge University adopt retirement age of 67 to promote ‘intergenerational fairness’”, People Management, May 8, 2012, http://www.age-discrimination.info/News/Pages/ItemPage.aspx?Item=625 .Retrieved 11 December, 2014.
59 Professor Mary Beard of Cambridge quoted in The Cambridge Student, ibid., n. 56.
61 University of Oxford, Personnel Services, UAS, “Aim of EJRA”, http://www.admin.ox.ac.uk/personnel/end/retirement/ejraaim/, recovered 11 December, 2014.
62 Seldon v Clarkson Wright & Jakes, UKEAT/0434/13/RN. See also: Jonathan Rayner, “Supreme Court dismisses Seldon age Discrimination appeal,” The Law Society Gazette, 26 April, 2012, http://www.lawgazette.co.uk/news/supreme-court-dismisses-seldon-age-discrimin-ation-ppeal/65310.full-article. Retrieved 11 December, 2014.
63 The Open University (n 49 above) 35.
64 ibid, 1.
65 See, e.g., University of Liverpool, employee specification, selection criteria.
67 RiverSource Insurers of Ameriprise Financial
68 15 USC §1681b(a)(3)(F).
69 15 USC §1681b(b)(2)(A)(i).
70 DMCA, 17 USC chapter 5.
71 See Lee (n 13 above) 58 ff.
© 2014 Orlan Lee. This HTML edition © 2014
University of Oxford.