Earlier this month here on The Torch, my colleague Joe Cohn discussed why FIRE felt compelled to write the Uniform Law Commission (ULC) to urge changes to the Employee and Student Online Privacy Protection Act (ESOPPA). As Joe explained, the ULC—a nonpartisan, nonprofit organization committed to facilitating the uniformity of state laws—will soon vote on whether to adopt ESOPPA as model legislation for promulgation nationwide. But as FIRE’s letter makes clear, no matter how well-intentioned, the proposed draft is seriously flawed. As presently written, ESOPPA would allow college administrators to demand access to students’ private social media accounts for “ensuring compliance, or investigating non-compliance, with federal or state law or an educational institution policy.” That’s a broad loophole, and it’s all too easy to imagine its abuse.
For example, consider the First Amendment implications were ESOPPA to be invoked by administrators at a public institution that maintains unconstitutional speech codes. As we write in our letter:
Troy University in Alabama has a harassment policy that states, “Examples of harassment include gestures, remarks, jokes, taunting, innuendos, display of offensive materials, threats, imposition of academic penalties, hazing, stalking, shunning, or exclusion related to the discriminatory or harassing grounds.” Allowing institutions to access social media or email accounts simply because of a report that a student performed a “gesture” or engaged in “innuendo” would not only undermine any protective purpose of the bill but also serve as a hall pass for virtually unlimited and unwarranted snooping into the private lives of students.
Given this and other constitutional problems presented by ESOPPA, FIRE is therefore very happy to report that a sweeping coalition of 25 other civil liberties and advocacy organizations also called upon the ULC to reject the model legislation in a letter sent late last week. Led by the Electronic Frontier Foundation and the American Civil Liberties Union, the coalition states:
As civil liberties groups, advocacy organizations, student and parent rights coalitions, and a union representative, we write to you today to express deep concern over the Employee and Student Online Privacy Protection Act (“ESOPPA”). We appreciate the ULC’s interest in protecting the privacy of employees and students alike, but the version of the bill submitted to the full ULC committee for approval at the upcoming annual meeting fails to accomplish that goal in light of its significant deficiencies. While it purports to protect both employees and students, its broad and vaguely worded exceptions and limitations overshadow any protections the bill attempts to provide—doing next to nothing to prevent school administrators and employers from coercing or requiring students and employees to turn over highly sensitive social media account information. These provisions do not comport with the Fourth or Fifth Amendment, and will result in only further invasions of student and employee privacy.
FIRE strongly agrees with that critique, and we hope the ULC quickly revises ESOPPA to account for our concerns. For more commentary, check out Jamie Williams’ July 6 post on the EFF website.