Campus Speech and The Functions of the University

06.02.2017  |  Comments Off on Campus Speech and The Functions of the University

Summary:  The roles and limits of free speech on university campuses have lately been of increasing interest. This Article suggests that as long as our understandings of the basic functions of the university itself are conflicting and contested, our understandings of the proper scope of free speech on campus will be similarly irreconcilable, even if we think of the university in terms of community. The Article explores this thesis through considering, in particular, problems of hostile speech, of professorial academic freedom, and of speech by students transitioning into professional service roles.

Full Article:  Volume 43:1 Campus Speech and The Functions of the University

Evidentiary Privilege For Researchers

06.21.2017  |  Comments Off on Evidentiary Privilege For Researchers

The Risks and Liability of Governing Board Members To Address Cyber Security Risks In Higher Education

06.21.2017  |  Comments Off on The Risks and Liability of Governing Board Members To Address Cyber Security Risks In Higher Education

Summary:  Cloud computing can be a highly effective means of avoiding information technology costs and are an attractive option to higher education institutions. Cloud computing also creates an incremental potential risk for data breaches and the accompanying privacy concerns that arise when personally identifiable information is stored on third party servers accessible over the internet. Officers and board members of an institution considering a move to the cloud are well- advised to engage in robust diligence and be adequately informed of the benefits and risks of migrating substantial amounts of sensitive data to the cloud. This article provides timely information to higher education institutions to assist the understanding of the nature of cybersecurity risks and preparedness, and how those risks may be mitigated so that the fiduciary duties owed by institutional officers and board members are properly discharged.

Full Article:  Volume 43:3 The Risks and Liability of Governing Board Members To Address Cyber Security Risks In Higher Education

 

Unresolved Conflicts of Interest in University Human Subject Research

06.23.2017  |  Comments Off on Unresolved Conflicts of Interest in University Human Subject Research

STUDENT NOTE : Unresolved Conflicts of Interest in University Human Subject Research

Reconsidering Brown University More Than a Decade Later

06.21.2017  |  Comments Off on Reconsidering Brown University More Than a Decade Later

STUDENT NOTE : Reconsidering Brown University More Than a Decade Later

Campus Speech and The Functions of the University – OLD

11.23.2016  |  Comments Off on Campus Speech and The Functions of the University – OLD

 Volume 43:1 Campus Speech and The Functions of the University

Summary

I. Introduction

This Article addresses the status of free speech on contemporary public and private university campuses.[1] There has been historically, and is now, no consensus on the proper scope of free speech in general on campus. Doubtless a number of considerations partially account for this lack of consensus. This Article, however, focuses on one fundamental such consideration.  In particular, the Article adopts what might be called a loosely functionalist[2] approach.

The functionalism employed herein attends not so much to the functions of freedom of speech, as to the functions of the contemporary university. As employed here, the idea of a ‘function’ encompasses broad, sustained, significant effects of the university on any aspect of its environment or on its own membership, whether such effects are consciously intended or not.[3] The idea of a university function may include university aims, purposes, and missions, whether actual or proposed, traditional or emerging, tangible or intangible, conservative or insurgent, sustaining or disruptive, concrete or abstract, mundane or aspirational, explicit or implicit, unreflective or critical.[4]

Functions of a university can thus vary in the extent to which they are immediately contained within the university context, or else affect persons, institutions, cultures, and other entities beyond the university setting,[5] though drawing any such lines will often be difficult, if not hopeless.

The key assumption below is a blend of descriptive, predictive, and normative considerations. The crucial assumption is this: there are various sorts of university free speech cases, but whatever the case, sensible university free speech rules and policies will tend to, and perhaps should, largely reflect what the various decision makers and others take to be important relevant functions of the university.[6]

The crucial step is then to recognize that in our era, the speech-relevant functions of the university will be not only plural and various,[7] but divergent, and for practical purposes, irreconcilably conflicting. The irreconcilability of partially conflicting university functions — in the clearest cases, partial conflicts in explicitly articulated visions of the university — is fundamental to understanding the nature of campus free speech issues today.

Thus university campus speech policies become contestable, and often irresolvably so, when they implicate some aspect of the unresolved conflicts among partially competing understandings of university function, purpose, and mission. Any given person, group, or institution, on or off campus, may well reject one or more of the commonly asserted university functions. But this does not fundamentally change — indeed, it helps to constitute — the underlying dynamic of conflicting visions of university function and thus of speech on campus.

If this functionalist approach is on the right track, we should expect genuine consensus on the range of potential campus speech cases only if and when universities are widely thought to have some single identified and coherent basic function, or at least some hierarchical, weighted, harmonized, or otherwise non-conflicting plural set of such functions. Absent such unlikely developments, we should expect speech policies on campus to be typically subject to irreconcilable contest.[8]

And if we reasonably assume persistent incompatibilities among conceptions of university functions,[9] then a certain futility must attach to advocacy in endorsing or rejecting any normative theory of campus speech in practice. We should, however, continue to look for and reflect upon genuine overlaps and commonalities of commitment.

To illustrate these themes, this Article considers some of the most prominent discussions, descriptive and normative, of basic university functions.[10] Among such discussions, thorough and comprehensive inventories of the diverse such basic university functions are uncommon.[11] The more typical approach is to focus on some preferred or conspicuous limited set of or single such functions,[12] even if the single function is itself then differentiated into related components. Such treatments then commonly defer to or endorse some favored view,[13] while perhaps alluding to some alternative view in adversary fashion. In pursuit, ultimately futile, of common ground, the discussion below takes up in particular the popular theme of the university as manifesting or somehow committed to overall community and particular communities,[14] to practices of civility,[15] and to genuine conversation.[16] The idea of community, however, inescapably poses as many unresolved questions as answers.

In the context of these varied conceptions of university function, the Article then more concretely addresses apparently intractable debates over, specifically, hostile and hate speech on the contemporary university campus;[17] limits on speech by university faculty on matters of public interest;[18] and cases of controversial speech by university students transitioning to entry into a profession with certification or other relevant requirements.[19] Based on these considerations, a brief Conclusion then follows.[20]

 

II. Diverse and Conflicting Understandings of

Basic University Functions

There is no single canonical formulation of the various basic functions of the contemporary university. If we look, merely to begin with, to the historically prestigious English universities, we find a quite understandable emphasis on an assumed coherence, if not unity, as opposed to unresolved conflict, among university functions and purposes. Thus the University of Cambridge announces that its mission “is to contribute to society through the pursuit of education, learning, and research at the highest international levels of excellence.”[21] The potential for conflict of functions on even this understanding may depend partly upon whether we focus here on the arguably unitary idea of contributing to society, or on the unfortunately complex relations between student learning[22] and faculty research.[23]

Cambridge University then declares itself to hold two core values.[24] These are “freedom of thought and expression,”[25] and “freedom from discrimination.”[26] Together with the above Cambridge Mission Statement, these core values could be unpacked to implicate a number of possible university functions. But there is certainly no effort here by Cambridge to endorse or reject some broadly inclusive explicit typology of basic university functions. And yet, even the most casual reflection raises the possibility of conflict between, for example, Cambridge’s commitments to freedom of expression and to freedom from discrimination in any robust sense.[27]

As an example of a perhaps more consciously plural formulation of university functions, we might consider that of President Amy Gutmann of the University of Pennsylvania.[28] President Gutmann indicates that the “tripartite mission”[29] of the university in general[30] embraces “increasing educational opportunity, optimizing creative understanding, and contributing the fruit of that understanding to society.”[31] This formulation, whether intended to be broadly encompassing or not, does not explicitly identify any possible conflicts among the cited university purposes. It would nonetheless be sensible to recognize that even the reference to “optimizing”[32] creative understanding implicitly grants the reality of at least some sort of resource tradeoff, if not some deeper conflict, between creative understandings and other university functions and purposes.

With a similarly plural focus, Michigan State University President Lou Anna K. Simon asserts that for her institution, “[t]he basic purposes of the University are the advancement, dissemination, and application of knowledge,”[33] with “[t]he most basic condition for the achievement of these purposes [being] freedom of expression and communication.”[34] This commitment is importantly prefaced, though, by defining her university as a “community,”[35] in particular, as a “community of scholars,”[36] explicitly encompassing the university’s students.[37] The complex relationships between preserving various forms of community and freedom of expression are noted separately below.[38]

Another prominent university president, Drew Gilpin Faust of Harvard, refers to a number of possible university functions with obvious potential for mutual conflict. President Faust refers to “economic justifications for universities,”[39] including the university as “a source of economic growth,”[40] as well as to “a market model of university purpose,”[41] as contrasted with “narratives of liberal learning, disinterested scholarship, and social citizenship,”[42] and then further to the university’s role as “society’s critic and conscience.”[43] Whether we take these enumerated university functions to be exhaustive or not, the potential for serious conflict, if not overt antagonism, among these distinct functions seems evident.[44]

Taken in the aggregate, along with complementary discussions below,[45] these various accounts provide some sense of the range of possible basic university functions, with at least a minimal sense of potential conflicts among such functions. Let us elaborate a bit further on the range and disparate nature of typically cited basic university functions, whether endorsed and desired, or merely acknowledged or critiqued, by any given observer.

Classically, Plato drew a distinction between paideia, or culture, and the mere training of a particular capacity, or between perfection of character and the enhancement of power.[46] The cultivation of mind has thus long been seen as a fundamental duty.[47] In founding the University of Virginia, Thomas Jefferson sought “[t]o develop the reasoning faculties of our youth, enlarge their minds, cultivate their morals, and instill in them the precepts of virtue and order.”[48] If such purposes are re-formulated, in contrast, with no explicit moral or character element, the basic educational aim, pursued through acquainting oneself “with the best that has been thought and said in the world”[49] is then judged by Matthew Arnold to be “to get to know [oneself] and the world.”[50]

This general emphasis on the cultivation of the self, in one respect or another, can plainly both support and conflict with a variety of broad social goals. Consider, in this respect, the popular view that a university education should prepare the student to play a role in strengthening the broad democratic political system, through capable and responsible democratic citizenship.

Thus according to President Derek Bok, for example, today’s universities provide not only various sorts of discoveries,[51] and trained, knowledgeable professionals,[52] but the developed capacity to “strengthen our democracy by educating its future leaders; preparing students to be active, knowledgeable citizens; and offering informed critiques of government programs and policies.”[53] A university’s emphasis on social justice could be encompassed hereunder. More concisely, President Robert M. Hutchins argued that “[t]he college . . . meets the needs of society indirectly by making some contribution toward the formation of good citizens.”[54]

Democratic citizenship is thus typically assumed to be not simply a matter of directly supporting the current operations of the established political system. The university may also be thought to serve the purpose of providing critique.[55] Again, this could encompass a university’s social justice mission. On such a view, the university may “serve the public culture by asking questions the public doesn’t want to ask, investigating subjects it cannot or will not investigate, and accommodating voices it fails or refuses to accommodate.”[56]

The university thus need not be seen as invariably endorsing or reinforcing all important aspects of the broader society, even if that society invests in, financially sustains, attempts to guide, and crucially depends upon various aspects of university functioning. The university’s manifold relationships with the broader society’s politics, economy, social justice practices, and culture will inevitably be contested, both on campus, and between the campus and elements of the broader society.

A bit more concretely, writers such as Dean Anthony Kronman have more specifically suggested that among the “non-economic contributions”[57] made by contemporary universities is “the cultivation of habits of respectfulness and tolerance on which responsible citizenship in a democracy depends.”[58] The quality of tolerance is then linked with the potentially distinct virtue of open-mindedness.[59]

Finally, but arguably of greatest importance, one might look for basic university functions, and for elemental conflicts therein, as well in the realm of social and economic production and stratification. The university may to one degree or another reflect a pre-existing status hierarchy,[60] or may help to determine and perhaps legitimize, reproduce, and solidify a status hierarchy.[61] As to any of these university functions, one might again be supportive, indifferent, or critical.[62]

In any event, the contemporary university clearly operates as a linkage, of whatever sort, between future employees, civil servants, and entrepreneurs, and their actual post-university social and economic opportunities, niches, and outcomes.[63] American universities of a century ago accommodated perhaps a mere five percent of the college age population.[64] Today, the figure is closer to 60 percent.[65] These figures suggest the possibility, if not the fulfilment, of a university’s catalyzing the social and economic mobility of groups historically underrepresented within the various professions.[66]

It is certainly possible, though, to support nearly any program of mobility, opportunity, and equality[67] without broadly endorsing contemporary university practices in that regard, let alone judging such practices to be central to the fundamental purposes of the university. Consider in this regard the uncompromising language of philosopher Alasdair MacIntyre:

The aim of a university education is not to fit students for this or that particular profession or career, to equip them with theory that will later on find useful application to this or that form of practice. It is to transform their minds, so that the student becomes a different kind of individual, one able to engage fruitfully in conversation and debate, one who has the capacity for exercising judgment, for bringing insights and arguments from a variety of disciplines to bear on particular complex issues.[68]

Thus there is, as Robert M. Hutchins noted, “a conflict between one aim of the university, the pursuit of truth for its own sake, and another which it professes too, the preparation of men and women for their life work.”[69] Hutchins also contrasts his favored conception of the university as “a center of independent thought”[70] with, respectively, conceptions of the university as “service-station,”[71] “public-entertainment,”[72] and “housing-project.”[73] Each of these latter conceptions exercises some contemporary influence, and thereby exacerbates the functional contradictions of the university.

However we choose to classify the various basic functions and purposes of the university, we are left with potential conflicts and practical contradictions. Consider together the incomplete and overlapping census of basic university functions above: learning and research;[74] anti-discrimination;[75] providing educational opportunities and making societal contributions;[76] advancement of knowledge;[77] freedom of expression and communication;[78] promoting economic growth;[79] disinterested scholarship;[80] serving as societal critic;[81] moral cultivation of the students;[82] professional training;[83] preparation for competent democratic citizenship;[84] reflecting or determining status and opportunity hierarchies or promoting social mobility; [85] and fundamental personal transformation.[86]

The potential for conflict within, as well as among, any such set of university functions is clear enough in general, and almost equally clearly in the more particular area of campus speech. If there were to be any hope of wringing harmony out of conflict, the likeliest possibility would seem to be through emphasizing the concept, briefly alluded to above,[87] of community. But as we shall now see, the idea of community actually contributes more to the intractability of the problems of campus speech than it does to their consensual resolution.

 

III. Community, University Function, and Campus Speech

The linkages between various forms and senses of community and the university are multiple, and in some respects contested. The most basic such linkages may be at the level not precisely of the functions of a university, but of the very definition of a university. Thus it has been variously argued that the university is a community;[88] that it is an aggregate of multiple or diverse communities;[89] that the university aspirationally should be a community, whether that ideal is realized in practice or not;[90] that the experience of university community should be optional;[91] and that the university should promote some form of community in the broader society beyond the campus boundaries.[92] The very idea of community and disputes over the nature of the university thus open the possibility of multi-front conflict, as much as to harmony.

At the level of language itself, the word ‘college’ refers to an association, if not to a genuine community.[93] From the beginning, the university amounted to “an association of masters and scholars leading the common life of learning.”[94]   It is thus natural to think of the traditional, geographically localized,[95] non-cyber university as a community,[96] and perhaps in particular as a community of scholars,[97] however broadly or narrowly defined.[98] Ironically, it is also natural, but distinctly different, to think of community as an aspirational ideal toward which the university ought to strive,[99] or even of the university residential or scholarly community as a model community for emulation on much larger scales.[100]

The potential for conflicting impulses in free speech cases begins to emerge, however, if we believe that the university, whether itself a community or not, encompasses a plurality of communities,[101] perhaps for quite distinct purposes. Even if the various campus communities are somehow “nested,”[102] or perhaps otherwise related, there can be no guarantee of harmony[103] of purposes among the various constituent campus communities.

At the level of the university itself, and of its various constituent communities, meaningful community typically requires “people of like purpose.”[104] The members must share, in the words of John Dewey, “aims, beliefs, aspirations, knowledge — a common understanding.”[105] Thus ‘community’ refers to both a distinct kind of group, and to one or more qualities shared by the group members.[106] In the educational context, there may thus be “a common zeal”[107] for “a common pursuit.”[108]

Absolute and exceptionless commitment to the broader university community, however, may not be desirable,[109] and is in any event not widely in evidence. One element of campus multiculturalism could be described as promoting “safe harbor”[110] communities of various sorts, within, but quite distinct from, a broader campus community. The meaning of ‘safety’ itself may vary as among campus groups. On occasion, the university may seek undue homogeneity in values and in priorities, in the name of furthering the overall campus community. But insufficiently informed universalism can inadvertently depreciate some nested campus cultures.[111] The broader campus community may or may not actually be strengthened, over time, in such cases.

What is clear, in such cases, is the potential conflict between visions of the overarching university community and the self-perceived interests of one or more perhaps mutually quite distinct constituent campus communities. The university community may thus be called upon to acknowledge the differences between a constituent community’s defensive, protective, partial withdrawal from the broader campus community, and the inadvertently or insensitively imposed isolation, burdening, or exclusion of that constituent community.[112]

Crucially, there are inherent contradictions between the broadly encompassing campus community’s functioning as a space for robust and uninhibited expression and debate generally,[113] even on sensitive social issues, and as a space in which responsible consideration and accommodation are broadly exercised on behalf of all members of the campus community,[114] including those distinctly representing diverse societally subordinated communities.

These contradictions among presumably basic university functions help to account for the unresolvability of a substantial number of campus speech problems. Actually, these contradictions, when manifested in campus speech contexts, exemplify an even broader and more fundamental contradiction among basic university functions: the inescapable conflict between the uninhibited pursuit of knowledge and truth, as variously as those notions may currently be envisioned,[115] and the university’s obvious need to somehow act, authoritatively, officially, and uniformly, on the basis of such knowledge and truth, or approximations thereto, as the university currently believes itself to possess.[116]

The university, in a phrase, cannot always defer action in the hope of obtaining a better perspective through yet further pursuit of the truth. And in campus speech contexts, the free pursuit of truth — at least from the perspective of willing speakers and listeners — must inevitably remain distinct[117] from the responsible exercise of that freedom, from the perspective of various other campus community groups and members.[118]

 

IV. Plurality of Basic University Function 

and the Problem of Hostile Speech 

On Campus

Crucially because the university[119] has some more or less familiar if contested set of basic functions, campus speech in general, and hostile, offensive, or injurious speech on campus[120] in particular, pose distinctive issues. In the latter kinds of cases, irreconcilable conflicts among arguably basic university functions largely drive the conflicts in any observer’s preferred case analyses and outcomes.

Consider in particular the problem of on-campus resort to invidious group identity epithets. Even in the broader society, there is at least some impulse to conclude that “such utterances are no essential part of any exposition of ideas, and are of such slight social value as a step to truth that any benefit that may be derived from them is clearly outweighed by the social interest in order and morality.”[121] This impulse would suggest that such epithet speech should not be considered constitutionally protected speech, or perhaps even as speech at all in the sense relevant to constitutional purposes. One might thus conclude that “[r]esort to epithets or personal abuse is not in any sense communication of information or opinion safeguarded by the Constitution. . . .”[122]

Such an approach might have a certain appeal in many contexts. With regard to hostile speech on university campuses in particular, it would not be difficult to link the Chaplinsky logic quoted above to one or more of the commonly cited basic university functions and purposes. It has thus been argued that the university prepares its students for tolerant, responsible democratic citizenship, and on some theories, even seeks to build character in certain respects, while embodying or at least striving for meaningful and mutually respectful community.[123] On such views, hostile epithet speech on campus seems contrary to basic university function and purpose.

Undeniably, though, there are other conceptions of basic university function that may fail to meaningfully address, or may reluctantly tolerate at the level of formal legal sanction, some instances of distinctly and overtly hostile speech on campus. Thus the university as bastion of free thought, free expression, the exploration of ideas, and of free communication, at least for some speakers and listeners;[124] the university as poser and prober of socially uncomfortable questions;[125] and the university as generator, reflector, reinforcer, and replicator of status hierarchies[126] could all be brought to bear on the side of the legal toleration of hostile speech on campus.

These stark oppositions among arguably basic university purposes of course require some refinement. No single basic university function is monolithic and utterly unequivocal on all reasonable interpretations. Some basic university functions can be internally contradictory in their implications for campus speech. Thus one might well argue that some instances of hostile campus speech can suppress, rather than encourage, speech, including any possible “counter-speech,” by the targets of such speech.[127]

Thus there are conflicts within each purported basic university function, as well as among those basic functions. Crucially, though, it is unlikely that in all instances of potential conflict among basic university functions, the conflicts internal to each such function will be aligned, like the cylinders of a combination lock, so as to generate some unique and largely uncontroversial outcome at the level of basic university purpose. Realistically, the prominent basic university purposes, however granulated or refined, individually and collectively will typically point in opposing directions on questions of hostile speech, and on questions of campus speech more broadly.

Nor is the interaction between jurisprudential free speech doctrine and basic university functions likely to point toward an unequivocal solution. Consider the language ultimately adopted in the classic hostile speech case of Chaplinsky v. New Hampshire.[128] Chaplinsky declares to be constitutionally unprotected what it calls “insulting or ‘fighting’ words — those which by their very utterance inflict injury or tend to incite an immediate breach of the peace.”[129] The crucial problem with Chaplinsky is not one of systematic underprotectiveness of speech, but of undue and unfortunate indeterminacy of judicial outcome, in light of the basic university functions.

Many members of the university community sense that not all verbal insults should be legally or administratively treated in similar ways. Some insults may reflect not so much any social or political point, as some displaced autobiographical personal resentment.[130] More importantly, the most reasonable legal, administrative, and moral responses to insults often depend upon prior interactions, if any, between the relevant parties; their relationships; and any relevant differences in statuses and power relationships. Asymmetries of power often translate into asymmetries in the harms of insulting or abusive language, including epithets.[131] And the most significant harms of some insulting speech may be either collective; as distinct from individualized,[132] or cumulative and aggregative, rather than being confined to the particular incident in question.[133]

Thus while it is important to recognize that seriously intended insults may well not be intended as contributions to a dialogue, or to any ongoing conversation or exchange of ideas,[134] not all genuinely insulting language has the same sorts of effects. Consider, for example, a few of the calculated insults directed at Richard, Duke of Gloucester by women nobility in Shakespeare’s play: “Blush, blush, thou lump of foul deformity;”[135] “Never hung poison on a fouler toad;”[136] “Villain, thou know’st nor law of God nor man.”[137] Should even such unsparing insults, directed at a remarkably unscrupulous would-be king, be judged the cultural equivalent of invidious and directly targeted epithet speech, aimed at any of various identity groups, on a contemporary campus?[138]

The Chaplinsky case itself does not much reflect upon any relevant differences among the class of insulting words that by their very utterance inflict one sort of injury, or another.[139] Nor is the more frequently litigated Chaplinsky second prong or “fighting words” itself of determinate scope. The idea of words likely, under the circumstances, to immediately provoke an average — as distinct from a ‘reasonable’ — addressee to physically fight is locally historically conditioned, culture-bound, and certainly far from neutral among cultures.[140]

The Chaplinsky Court’s own attempt to provide guidance regarding this second prong holds that “[t]he test is what men[141] of common intelligence would understand would be words likely to cause an average addressee to fight.”[142] What amounts to an unprotected fighting word is thus not left entirely to the person making the decision, in the moment, to fight or not to fight.[143] The courts are instead to focus on the likely reaction of an “average addressee.”[144]

In university campus cases, the Chaplinsky question thus requires attention to any relevant attributes of what is somehow thought to be an average student. The victim of fighting words in a given case may in reality have been targeted precisely as a member of, say, a particular ethnic, racial, religious, or sexual minority. Is it clear, though, that an average member of the campus community is a member of, or sufficiently understands and identifies with, the relevant ethnic, racial, religious, or sexual minority?

A typical student who does not genuinely identify with any of the characteristics or beliefs at issue in a given instance of possible fighting words will be unlikely to react by physically fighting. The category of fighting words would then reflect the characteristics, values, and beliefs of the dominant groups on campus, as distinct from those of less represented groups. Redressing such a judicial injustice[145] would, however, presumably take us back some distance from Chaplinsky toward a focus on instead taking the victim of fighting words as we find her,[146] with her relevant characteristics.

By itself, then, Chaplinsky offers no stable solution to what should count as fighting words, or as unprotected language, in campus incidents. On both the inflicted injury prong and on the likely-to-fight prong, Chaplinsky invites, but does not meaningfully specify, a choice as to how to conceive of the speech target or victim. At the extremes, we might think of the victim as nearly an abstract, bodiless, cultureless universal, and thus as unlikely to physically fight, whatever sense of justice we ascribe to such an entity. Or we might instead take the victim much more as we find her, including her sensitivities, but perhaps without what the rest of us somehow take to be any inappropriate hypersensitivities on her part.[147] As to where, in between such extremes,[148] campus authorities and others should focus their attention, the Chaplinsky test is silent.

The problem of hostile speech on campus is further complicated by doubts as to the relevance, in some such cases, of the university function of free and uninhibited discussion of issues and “learning through open debate and study.”[149] In cases of campus hate speech, some persons may judge the best response to be one of “more speech,”[150] or counter-speech, as though such incidents were an implicit invitation to discussion, dialogue, and debate. But if at least some instances of campus hate speech are, and are intended to be, largely assaultive speech, or akin to the tort of battery committed through the medium of words,[151] the idea of counterspeech may be not only unresponsive, but itself undignified.[152]

Some campus authorities may believe more broadly that the most effective overall response to hate speech involves generally exposing prejudice and fallacy through open debate,[153] and even that an official disciplinary response may be “infantilizing and disempowering”[154] to the targeted victims. This is partly an empirical, but as well partly a normative, debate. Such debates cannot be resolved until the relevant university functions have been settled upon and interpreted at a sufficiently specific level. As we have seen, universities in general seem far from any such settlement.

 

V. Plurality of Basic University Function 

and the Problem of Professorial Speech 

On Matters of Public Concern

For public employees in general, the scope of free speech protection from adverse action by one’s public employer is largely derived from the Supreme Court case of Garcetti v. Ceballos.[155] In such cases, Garcetti requires that for free speech protection to attach, the public employee speech must have been on a subject of public interest and concern; the employee’s interest as a citizen in thus speaking must outweigh the government employer’s relevant interests in workplace order, efficiency, discipline, confidentiality, and morale; and crucially that the speech in question not have occurred within and pursuant to the scope of the public employee’s actual job responsibilities.[156]

The possibility of the disciplinary sanctioning of public university professorial speech, whatever the motive or political context, assuming merely that the speech took place in the course of professional job responsibilities, perhaps reflecting the speaker’s distinct academic expertise, prompted an expression of concern on the part of Justice Souter.[157]

The majority in Garcetti, however, merely set aside such academic freedom concerns without prejudice. The majority thus acknowledged that [t]here is some argument that expression related to academic scholarship or classroom instruction implicates additional constitutional interests that are not fully accounted for by this Court’s customary employee-speech jurisprudence. We need not, and for that reason do not, decide whether the analysis we conduct today would apply in the same manner to a case involving speech related to scholarship or teaching.[158]

In the absence of Supreme Court guidance in this area, the courts and commentators have been divided on whether to extend professorial speech rights beyond those of non-academic public employees.[159] In particular, the Seventh Circuit[160] may currently be less open to thus extending professorial speech rights based on academic freedom considerations than are the Fourth[161] and Ninth Circuits.[162]

The most crucial reason for disagreements over the proper scope of any distinctive protection for academic speech draws upon inevitable conflicts among purported basic purposes or functions of the university. Of course, one’s general assessment of the functions of an institution does not by itself decide concrete cases.[163] But diverging conceptions of the basic functions of the university will inevitably be crucial to our contested notions of individual, as well as institutional, academic freedom.[164]

There may well be occasions on which even some single, agreed upon basic university function itself points in opposing directions.[165] But the broader and more typical conflicts will involve contradictions between and among the several purported basic university functions. In particular, whether we think that the above Garcetti test, without further constitutional level modification,[166] should be applied broadly to public university professorial speech in the realms of teaching and scholarship will ultimately reflect what we think about university functions, and their prioritizing.

Thus we will tend to resist extending a constitutionally unmodified Garcetti rule into public university academic speech if we choose to think of university function in terms of individual, if not institutional, free thought and expression;[167] the advancement and dissemination, internally or externally, of knowledge;[168] disinterested scholarship;[169] or of the university as a center for independent thought, by individuals if not at the institutional level,[170] at least if the speech at issue is not otherwise inconsistent with other acknowledged university missions.

But these considerations clearly do not exhaust the widely recognized and endorsed basic functions of a university, public or private. We will tend to favor something like a Garcetti rule, all else equal, in academic speech cases if we instead choose to think of university functions in institutional or hierarchy-governed terms, whether the governing hierarchy is internal, in the form of a university administration, or external, as in the form of corporate stakeholders, a board of trustees, a legislature, or other elected officials. For those who choose to prioritize the university’s economic production or market sorting and signaling functions;[171] or training professionals to accommodate and enter into markets;[172] or generally re-inscribing existing social hierarchies, the individual speech-restrictive Garcetti rule may be unobjectionable, or a matter of indifference.[173] Visions of the university as an ultimately hierarchical community, or set of such communities,[174] also seem better attuned to something like an unmodified Garcetti rule, even at some cost in purely individual academic expression.

We should thus expect a consensus on the proper role of relatively restrictive Garcetti-like rules for professorial speech only when we reach a corresponding consensus, not presently envisionable, on the putative basic functions of the university.

 

VI. Plurality of Basic University Function and 

The Speech of Students Transitioning to Professions

To what extent should universities censure speech and beliefs of students formally aspiring to a particular profession, where such speech or beliefs if held by a practitioner would be formally deemed unprofessional by the major official oversight body of that profession? This broad and increasingly important[175] question has arisen in several recent cases, including the exemplary Tatro v. University of Minnesota.[176]

Tatro involved the imposition of university discipline on a professional program student for her personal Facebook posts, allegedly in violation of university curricular program rules requiring discretion and confidentiality, and reflecting both official professional ethical standards formally binding on practitioners, and program accreditation standards binding on the university.[177]   On the record, the court in Tatro held the university program rules to be sufficiently well-established, non-pretextual, and sufficiently narrowly tailored to the appropriately weighty interests at stake.[178]

In this general run of cases, the judicial results have been mixed.[179] A distinction between straightforwardly applying a legitimate university professional program rule, and penalizing officially disfavored student speech,[180] may or may not always be dispositive, or even readily drawn. Any free speech analysis of such cases must also recognize the irony that in this context, university students, and graduate or professional school students in particular, may be subject to speech restrictions not imposed upon elementary or high school students.[181]

A functionalist approach would suggest that campus speech restrictions imposed upon mature graduate students but not on sixteen year old high school students may well be accommodating differences in the basic functions of high schools[182] and of universities. But as we would by now expect, conflicting judgments as to university student speech in tension with professional program standards most deeply reflect conflicting visions and priorities among basic university functions. Consider, by way of illustration, language from the recent Ninth Circuit Oyama case:

The importance of academic freedom at a public university does not disappear when one walks down the hall from a political philosophy seminar to a professional certification program. . . . Indeed, the progress of our professions . . . may depend upon the “discord and dissent” of students training to enter them: it is by challenging the inherited wisdom of their respective fields that the next generation of professionals may develop solutions to the problems that vexed their predecessors.[183]

On the other hand, we would also strongly sympathize with a school that refused to professionally certify a medical student who consistently and carefully denied, in curricular or non-curricular speech, any causal relation between any prescription drugs, or surgery, and patient health.[184]

Whatever the outcome in any case not based sheerly on arbitrary dislike of the student’s viewpoint, conflicting understandings of basic university functions will underlie any debate on the merits of that case. Cases involving the speech of students transitioning into professions will often involve a conflict, classically noted by Robert M. Hutchins, “between . . . the pursuit of truth for its own sake, and . . . the preparation of men and women for their life work.”[185] And in any case in which the transitioning professional would arguably deny equal treatment to prospective clients, there is also a conflict between, for example, the University of Cambridge’s two most fundamental values: “freedom of thought and expression,”[186] on the one hand, and “freedom from discrimination,”[187] as practiced by or received from certified graduates, on the other.

More broadly, the transitioning professional cases evoke the university functions of free expression and communication;[188] the university as the locus of individual-level critique of society and culture;[189] and the asking, again at an individualized level, of questions with which the broader culture may be uncomfortable.[190] These considerations will generally tend to favor the dissenting student speaker’s case.

But no less, the transitioning professional speech cases will also inevitably evoke a sense of the university’s responsibilities to its various external constituencies, including taxpayers and consumers of vital, licensed services provided by its graduates.[191] The university as provider of trained, knowledgeable, responsible professionals[192] arguably fails in that respect to the extent that it knowingly certifies licensed professionals who would betray basic norms binding on vital service providers and reasonably anticipated by consumers.[193] Basic function-level conflicts are again inevitable.

 

VII. Conclusion

This survey of the major presumed functions of the university, generally and as reflected in several particular campus speech contexts, explains at a fundamental level the irresolvability of typical campus speech issues. Such issues will be irresolvable to the extent that they reflect persisting conflicts of vision as to the basic functions of the university.

It is certainly possible to think of the university, and speech therein, in terms that make no direct and explicit reference to any university function. One could, for example, adopt a sophisticated utilitarian approach to the scope and limits of speech on campus. Or one could think in terms of human flourishing, and of relevant virtues and vices, in the context of campus speech. Inevitably, though, such approaches must at some level address, incorporate, and crucially depend upon some account of the basic university functions inventoried above. No sensible approach to campus speech can bypass the relevant ongoing practical contradictions among such functions.   Thus as long as visions of the basic university functions remain locked in crucial practical contradiction, the broad problem of the proper scope and limits of campus speech must remain unresolved.

---

 

* Lawrence A. Jegen Professor of Law, Indiana University Robert H. McKinney School of Law.

[1] Thus the presence or absence of state action and the applicability of the first and fourteenth amendments of the federal Constitution are not of central concern herein. We also do not especially emphasize below the obvious differences among universities in size, geography, prestige, endowment, religious orientation, selectivity, co-educational status, and identity as an historically black college or university.

[2] The loosely functional approach adopted herein encompasses what are called manifest and latent functions, and is intended to be compatible with institutional critique of the university, of any depth and direction. For general inspiration, see the classic formulation in Robert K. Merton, Social Theory and Social Structure ch. III (rev. ed. 1968) (elaborating in particular on

the distinction between manifest and latent institutional functions). See also Melvin Tumin, The Functionalist Approach to Social Problems, 12 Social Probs. 379 (1965); Whitney Pope, Durkheim as a Functionalist, 16 Sociological Q. 361 (1975). For a critique, see Paul Helm, Manifest and Latent Functions, 21 Phil. Q. 51 (1971). We make no assumptions as to any broader merits or limits of sociological functionalism in general.

[3] See the authorities cited supra note 2. Most of the major potential functions of the university will have conscious defenders, but we should hold open the possibility that a particular function of a university could play a role in university speech policy even in the absence of much conscious reflection on that function.

[4] See id.

[5] Thus university functions can be mostly internal or even intrinsic, or else mostly external in their reference.

[6] It may be possible to sensibly decide some university speech cases on grounds entirely independent of any putative major function or purpose of a university, and such function-independent grounds may well supplement a functionalist approach to some university speech cases. But we should not expect considerations foreign to any purported function of the university to usefully guide the apt resolution of typical university speech cases. Concisely put, considerations extrinsic to university functions will rarely be of primary importance in adjudicating university speech cases. For the role of functionalism or purposivism in free speech law, see the references cited infra note 25.

[7] See infra Sections II–IIII.

[8] A university whose operation is genuinely dominated by the pursuit of some single coherent basic function or goal could still experience some degree of dissensus on basic free speech issues. But in such hypothetical circumstances, we should expect the scope and frequency, if not the emotional intensity, of free speech conflicts to be meaningfully reduced.

[9] Competing visions of university functions may be irreconcilable, for reasons of sustained conflicts in economic and other material group interest, cultural conflicts, conflicting visions of the good or just society, and conflicts among values. Such value conflicts could involve not only freedom of speech in general, but dignity, equality, opportunity, well-being, material and cultural progress, civility, community, knowledge, and harmony, as well as conflicts internal to the value of free speech itself. Such conflicts may well contribute to the actual shape of conflicting views of the proper functions of a university. It is also possible that a sense of the proper functions of a university might affect our views on how to adjudicate among these various conflicts of interests and values.

[10] See infra Sections II-III.

[11] See infra Sections II. Loosely relatedly, Professor Steven Brint has referred to multiple purposes or dimensions of college student development: “social, personal, academic, civic, and economic.” Steven Brint, The Multiple Purposes of an Undergraduate Education, available at www.cshe.berkeley.edu/publications/research-university (October, 2015) (visited February 21, 2016).

[12] See infra Sections II-III.

[13] See id.

[14] See infra Section III.

[15] See id.

[16] See id.

[17] See infra Section IV.

[18] See infra Section V.

[19] See infra Section VI.

[20] See infra Section VII.

[21] The University’s Mission and Core Values, available at www.cam.ac.uk/about-the-university/how-the-university-and-colleges-work (visited January 3, 2016).

[22] One would hope that the compatibility of, at a minimum, education and learning could be taken for granted.

[23] At the very least, even this formula implicates the traditionally debated relationship – perhaps mutually supportive, or conflicting — between classroom teaching and professorial research. For a start, note the unabashed emphasis on research, as distinct from teaching, in Robert Maynard Hutchins, The Spirit of the University of Chicago, 1 J. Higher Educ. 5, 5 (1930), and the emphasis on teaching in John Henry Newman, The Idea of a University 1 (Aeterna Press ed., 2015) (1852).

[24] See The University’s Mission and Core Values, supra note 21.

[25] Id. For recent descriptions of the basic functions and purposes of freedom of expression in general, see Alexander Tsesis, Free Speech Constitutionalism, 2015 U. Ill. L. Rev. 1015 (2015); Brian C. Murchison, Speech and the Truth-Seeking Value, 39 Colum. J.L. & Arts 55 (2015). Classically, see John Stuart Mill, On Liberty and Other Essays ch. II (John Gray ed., 1991) (1859) (“On the Liberty of Thought and Discussion”). For a brief popular exposition, see Steven Pinker, Why Free Speech Is Fundamental, available at www.bostonglobe.com/opinion/2015/01/26 (visited January 25, 2016).

In general, functionalist approaches to freedom of speech often refer to values such as the pursuit of truth, democratic self-governance, and the promotion of autonomy. As a practical matter, though, the appropriate role of each of these and other functionalist approaches to freedom of speech is persistently contested. For a sampling of mutually incompatible perspectives on the pursuit of truth as a function of free speech, see C. Edwin Baker, Scope of the First Amendment Freedom of Speech, 27 UCLA L. Rev. 964, 964-66 (1978); Stanley Ingber, The Markeplace of Ideas: A Legitimizing Myth, 1984 Duke L.J. 1; Steven D. Smith, Skepticism, Tolerance, and Truth in The Theory of Free Expression, 60 S. Cal. L. Rev. 696 (1987); Eugene Volokh, In Defense of the Marketplace of Ideas/Search for Truth as a Theory of Free Speech Protection, 97 Va. L. Rev. 595 (2011). For conflicting contemporary views on the relationship between free speech and promoting democracy, see Ashutosh Bhagwat, Free Speech Without Democracy, 49 U. Cal. Davis L. Rev. 59 (2015); James Weinstein, Participatory Democracy as the Central Value of American Free Speech Doctrine, 97 Va. L. Rev. 491 (2011). For hate speech on campus as arguably tending to impair the autonomy, in the relevant sense, of its targets, at least as much as it may genuinely promote the autonomy of its speakers, see R. George Wright, Traces of Violence: Gadamer, Habermas, and the Hate Speech Problem, 76 Chi.-Kent L. Rev. 991 (2000).

[26] The University’s Mission and Core Values, supra note 21.

[27] See infra Sections III, IV, and VI. By way of comparison, the University of Oxford Strategic Plan 2013-18 comprises numerous elements, with no apparent attempt to distinguish those elements that might amount to basic university functions or purposes. See www.ox.ac.uk/about/organisation/strategic-plan (visited January 3, 3016).

[28] Amy Gutmann, The Fundamental Worth of Higher Education, 158 Proceedings Am. Phil. Society 136 (2014), available at www.upenn.edu/president/images/president/pdfs (2012) (visited January 3, 2016).

[29] Id. at 137.

[30] See id.

[31] Id.

[32] Id. President Gutmann explicitly notes the possibility of conflicts, in educating for democratic citizenship, between the values of individuality or autonomy and social diversity. See Amy Gutmann, Civic Education and Social Diversity, 105 Ethics 557 (1995). More broadly, see Amy Gutmann, Democratic Education chs. 6-7 (rev. ed., 1999); Nel Noddings, Education and Democracy in the 21^st Century ch. 10 (2013).

[33] Lou Anna K. Simon, President’s Statement on Free Speech Rights and Responsibilities 1, available at http://president.msu.edu/communications/statements/free-speech.html (visited January 3, 2016). See also Stanley Fish, Versions of Academic Freedom: From Professionalism to Revolution 132 (2014) (“[t]he values of advancing knowledge and discovering truth are not extrinsic to academic activity; they constitute it”).

[34] See Simon, supra note 33.

[35] Id.

[36] Id.

[37] See id. See also the attempt by John W. Boyer of the University of Chicago to respectively or jointly prioritize “critical thinking, writing, and argumentation;” a “capacity for bold, self-confident questions,” and “civility and respect for intellectual divergence.” At a minimum, there can be no guarantee of compatibility between what one person or group takes to be bold, critical argumentation, and another person or group takes to be incivility. See John W. Boyer, An Introduction to the Annual Lecture on the Aims of Education (2016), available at http://aims.uchicago.edu/page/history (visited February 21, 2016). For a recent discussion of possible conflicts between the university as a bazaar of perhaps heterodox competing ideas and associated offensiveness, distress, rudeness, and any resulting cacophony, see Doe v. Rector and Visitors of George Mason Univ., ____ F. Supp. 3d _____ (E.D. Va. 2016), slip op. at 34 (quoting Kim v. Coppin State Coll., 662 F.2d 1055, 1064 (4^th Cir. 1981)).

[38] See infra Section III.

[39] Drew Gilpin Faust, The University’s Crisis of Purpose, available at www.nytimes.com/2009/09/06/books/review/Faust (visited January 3, 2016).

[40] Id. at 3.

[41] Id.

[42] Id.

[43] Id. President Faust is at this point drawing upon the work of former Dean George Fallis of York University in Toronto.

[44] President Faust also recognizes the essential conflict between the university’s disinterested pursuit of knowledge for its own sake, however this idea might be clarified, and providing various sorts of material, immediate benefits to the society. See id. at 1.

[45] See, e.g., the institutionally-focused suggestion by Professor Gordon Graham that universities should promote the university’s transcendence of pure vocationalism; of pure utilitarianism in research; and of financial and legal dependence upon the state, or more positively phrased, the value of university autonomy. See Gordon Graham, Universities: The Recovery of an Idea 5-6 (2d ed. 2008), and at the individual level, the typology offered by Professor Harry Brighouse of the aims to which the well-educated student should aspire: “personal autonomy; the ability to contribute to social and economic life broadly understood; personal flourishing; democratic competence; and the capacity for cooperation.” Harry Brighouse, Moral and Political Aims of Education, in The Oxford Handbook of Philosophy of Education 35, 37 (Harvey Siegel, ed.) (2009) (available online at www.oxfordhandbooks.com). At this point, note merely the classic potential for tragic conflict between the goals of personal autonomy and of genuine group or institutional flourishing.

Crucially, though, even if the basic functions of the university are to some degree inseparable and mutually interdependent, this hardly precludes their mutual conflict. For a strong claim of mutual interdependence among basic university functions, see the argument of Karl Jaspers, The Idea of the University (H.A.T. Reiche & H.F. Vanderschmidt, trans.) (Beacon Press ed., 1959) (1946) (citing, as the three basic functions of the university, “professional training, education of the whole man, research,” with the university thus serving as, indissolubly, “a professional school, a cultural center, and a research institute”).

[46] See 2 Werner Jaeger, Paideia: The Ideals of Greek Culture 133-34 (Gilbert Highet trans., 1986) (1943).

[47] See Immanuel Kant, Education § 12, at 11 (A. Churton trans., 1900) (1960 ed.) (1803) (“[m]an’s duty is to improve himself; to cultivate his mind”).

[48] Thomas Jefferson, Report of the Commissioners for the University of Virginia, in Writings 457, 460 (Merrill D. Peterson ed., 1984) (1818). See also John Locke, Some Thoughts Concerning Education § 134, at 104-05 (2000) (1698) (on education for “Virtue, Wisdom, Breeding, and Learning”).

[49] Matthew Arnold, Thoughts On Education 243 (Leonard Huxley ed., 1912). The broad knowledge acquisition function is of broader ideological interest. See V.I. Lenin, The Tasks of the Youth Leagues, in The Lenin Anthology 663 (Robert C. Tucker ed., 1975) (“assimilating the wealth of knowledge amassed by mankind” as essential to being a Communist).

[50] Arnold, supra note 49, at 243. Similarly, if naively, Goethe’s Faustian student reports to Mephistopheles that “I should like to be erudite; and from the earth to heaven’s height know every law and every action. . . .” Johann Wolfgang von Goethe, Faust (part I) 197 (Walter Kaufman trans.) (1990 ed.) (1808). More recently, Professor Daniel Bell echoes Matthew Arnold in declaring that the university can serve to “liberate young people by making them aware of the forces that impel them from within and constrict them from without.” Daniel Bell, Reforming General Education, available at www.college.columbia.edu/core/sites/core/files/Bell (February 28, 1966) (visited January 5, 2016). On such theories, the image of the “committed faculty member” interacting with “an engaged student,” as classically in “Mark Hopkins on one end of a log and a student on the other,” can arise. Michael S. McPherson & Morton Owen Schapiro, Mark Hopkins and the Log-On 10, 10, available at www.educause.edu/pub/er/erm.html (May/June 2002) (visited January 5, 2016).

[51] See Derek Bok, Higher Education in America 1 (rev. ed., 2015).

[52] See id.

[53] Id. See also Richard Arum & Josipa Roksa, Academically Adrift: Limited Learning on College Campuses 31 (2011) (“[r]egardless of economic competitiveness, the future of the democratic society depends upon educating a generation of young adults who can think critically, reason deeply, and communicate effectively”).

[54] Robert M. Hutchins, The College and the Needs of Society, 3 J. Gen. Educ. 175, 181 (1949). See also id. at 179 (on the university function of encouraging thoughtful citizenship).

[55] See Bok, supra note 51 at 1. There may, however, turn out to be a sort of long-term contradiction between promoting the value of democracy, even on pragmatic grounds, and academically popular skeptical approaches to metaethics, freedom and autonomy, the dignity of the person, and materialism.

[56] Louis Menand, The Marketplace of Ideas 158 (2010). More elaborately, but outside the formal academic setting, see Plato, Apology, in Five Dialogues 21, 34 (John M. Cooper, trans.) (2d ed., 2002) (~399 BCE) (“gadfly” metaphor). Within official academia, see Report of the Committee on Freedom of Expression at Yale (Woodward Report) (December 23, 1974), available at http://yalecollege.yale.edu/faculty-staff/faculty/policies-reports (visited January 15, 2016) (re the right to “challenge the unchallengeable”).

[57] Anthony T. Kronman, Education’s End: Why Our Colleges and Universities Have Given Up on the Meaning of Life 38 (2007). See also Stefan Collini, What Are Universities For? 87 (2012) (beyond today’s “semi-marketized, employment-oriented institutions, there remains a strong popular desire that they should, at their best, incarnate a set of ‘aspirations and ideals’ that go beyond any form of economic return”).

[58] Kronman, supra note 57, at 38.

[59] Id. See also Andrew Delbanco, College: What It Was, Is, and Should Be 3 (2011 ed.) (arguing that colleges should promote, among other personal qualities of mind, “[a] willingness to imagine experience from perspectives other than one’s own”) (to which one might add the underlying capacity to do so, with some degree of fidelity).

[60] See, e.g., Daniel Bell, About the Reforming of General Education, 37 Am. Scholar 401, 401 (1968). See also Antonio Gramsci, Selections From the Prison Notebooks 26 (Quintin Hoare & Geoffrey Nowell Smith, trans.) (1971 ed.) (~1930).

[61] See Bell, supra note 60, at 401. For brief discussion in a much broader educational context, see Antonio Gramsci, The Antonio Gramsci Reader chs. II, X (David Forgacs ed., 1988).

[62] See, e.g., Bell, supra note 60, at 401.

[63] Henry Giroux argues that “the university is gradually being transformed into a training ground for the corporate workforce.” Henry A. Giroux, On Critical Pedagogy 112 (2012 ed.). See also Peter J. Stokes, Higher Education and Employability: New Models For Integrating Study and Work (2015). Debates as to how universities perform this function, and their efficiency in doing so, are secondary to whether or the degree to which the universities should serve such a function. For a critique, see Joseph Arum & Josipa Roksa, Aspiring Adults Adrift (2014).

[64] See Faust, supra note 39, at 2.

[65] See id. Earlier, Clark Kerr had noted the “transition from elite to mass access to universal access higher education,” however incomplete or contested the transition. Clark Kerr, Higher Education: Paradise Lost?, 7 Higher Educ. 261, 266 (1978). See also Collini, supra note 57, at 41.

[66] See, e.g., Collini, supra note 57, at 92 (2012). On some scale, such a function has of course long been undertaken by historically black college and universities. For background, see the contributions to Historically Black College and Universities (Charles L. Betsy, ed.) (2008).

[67] For an inventory of fundamental approaches to the idea of distributional equality, see R. George Wright, Equal Protection and the Idea of Equality, 34 L. & Inequality ____ (2016).

[68] Alasdair MacIntyre, God, Philosophy, Universities 147 (2009) (at this point largely endorsing the perspective of John Henry Newman). One could certainly argue that these are among the qualities that promote long-term success in business and the professions. If the Newman-MacIntyre approach is pressed to an extreme, it becomes transformed into the claim that “the distinguishing mark of universities, as opposed to other institutions of further and higher education, is their concern with knowledge and the pursuit of learning for their own sake, not for the sake of some external practical end.” Graham, supra note 45, at 28 (discussing, rather than unequivocally endorsing, such a view).

[69] Robert Maynard Hutchins, The Higher Learning in America 33 (2009 ed.) (1936). Roughly this conflict was earlier articulated by Thorstein Veblen. See Thorstein Veblen, The Higher Learning in America 68 (Richard F. Teichgraber ed., 2015) (1918) (noting the conflict between “the needs of the higher learning and the demands of business enterprises”). See also Christopher Dawson, The Crisis of Western Education 149 (2010 ed.) (1961) (the modern technological order as requiring that university-level and general education be coordinated with the needs of business and industry).

[70] Robert M. Hutchins, The Freedom of the University, 61 Ethics 95, 104 (1951).

[71] Id.

[72] Id.

[73] Id. The expansion of these latter functions is ascribed by Hutchins to the need, or the temptation, “to get money.” Id.

[74] See supra note 21 and accompanying text.

[75] See supra note 26 and accompanying text.

[76] See supra note 31 and accompanying text.

[77] See supra note 33 and accompanying text.

[78] See supra note 34 and accompanying text.

[79] See supra note 40 and accompanying text.

[80] See supra note 42 and accompanying text.

[81] See supra note 43 and accompanying text.

[82] See supra note 48 and accompanying text.

[83] See supra note 52 and accompanying text.

[84] See supra note 53 and accompanying text.

[85] See supra notes 60-61 and accompanying text.

[86] See supra notes 66-68 and accompanying text.

[87] See supra text accompanying notes 35-37. For a sense of a possible conjunction of the general pursuit of knowledge with an individually or collectively experienced imaginative zest and excitement therein, see Alfred North Whitehead, Universities and Their Function (1927), available at http://la.utexas.edu/users/hcleaver/33OT (visited February 21, 2016).

[88] See infra notes 93-98 and accompanying text.

[89] See infra note 101 and accompanying text.

[90] See infra note 99 and accompanying text.

[91] See infra notes 109, 112 and accompanying text.

[92] See infra note 100 and accompanying text.

[93] See Robert S. Rait, Life in the Medieval University 5 (Forgotten Books ed., 2015) (Cambridge Univ. Press ed., 1918) (1912). The classic distinction between a mere association and a genuine community is elaborated in Ferdinand Tonnies, Community and Society [Gemeinschaft und Gesellschaft] 226-32 (Charles P. Loomis trans.) (Dover ed., 2002) (1887). Very roughly, this distinction gestures at differences between family and small village life on the one hand and city life on the other. See id. For some relevant contemporary developments, see Marc J. Dunkelman, The Vanishing Neighbor: The Transformation of American Community (2014); Robert D. Putnam, Bowling Alone: The Collapse and Revival of American Community (2000).

[94] Charles Homer Haskins, The Rise of Universities 24 (1965 ed.) (1923). See also Clark Kerr, The Uses of the University 1 (1964) (“[t]he university started as a single community — a community of masters and students”); Jacques Barzun, The American University 244 (2d ed. 1993) (1968).

[95] Thus one might decline to think of, say, the University of California system, or the California State University system, as a whole, as genuine communities. See Daniel Bell, About The Reforming of General Education, 37 Am. Scholar 401, 403 (1968).

[96] See, e.g., Ellen Condliffe Lagemann & Harry Lewis, Renewing the Civic Mission of American Higher Education, in What Is College For?: The Public Purpose of Higher Education 9, 11 (Ellen Condliffe Lagemann & Harry Lewis eds., 2012) (“[c]ollege are communities”). See also Healy v. James, 408 U.S. 169, 171 (1972) (referring to “the academic community” in the context of potential tradeoffs among free expression and campus orderliness and non-disruption).

[97] See, e.g., Michael Oakeshott, The Idea of a University, available at www.cse.cuhk.edu.hk/irwin.king 23, 24 (originally published 1950) (“a university . . . is a corporate body of scholars, each devoted to a particular branch of learning: what is characteristic is the pursuit of learning as a co-operative enterprise. . . . A university . . . is a home of learning”) (emphasis added); Simon, supra note 33, at 1 (“Michigan State University is a community of scholars whose members include its faculty, staff, students, and administrators”).

[98] See Simon, supra note 33, at 1.

[99] See Robert Paul Wolff, The Ideal of the University 127 (1969) (“[t]he ideal university . . . is a community of learning”) (emphasis in the original). Professor Wolff elaborates: “a university ought to be a community of persons united by collective understandings, by common and communal goals, by bonds of reciprocal obligation, and by a flow of sentiment which makes the preservation of the community an object of desire, not merely a matter of prudence or a command of duty”).

[100] Howard Gardner, Discussion, in William G. Bowen, Higher Education in the Digital Age 97, 100 (2014 ed.). For the importance of community in the broader societal context, see Robert A. Nisbet, The Quest For Community 30 (1973 ed.) (1953).

[101] See Kerr, supra note 94, at 1 (“[t]oday the large American university is . . . a whole series of communities and activities”). See also the distinct sense in which each classroom, or more literally each particular class, is or can be itself a genuine community, as outlined in bell hooks, Teaching to Transgress: Education as the Practice of Freedom 8 (1994).

[102] This term is adapted from John D. Inazu, Virtual Assembly, 98 Cornell L. Rev. 1093, 1096 (2013).

[103] Consider, by possible contrast, the community constituted by the well-functioning symphony orchestra, as briefly elaborated in Ronald Dworkin, Liberal Community, 77 Cal. L. Rev. 479, 493 (1989).

[104] Barzun, supra note 94, at 244.

[105] John Dewey, Democracy and Education 4 (Dover ed., 2004) (1916).

[106] See Robert Paul Wolff, The Poverty of Liberalism 163 (1968).

[107] R.S. Peters, Ethics and Education 58 (1966).

[108] Id.

[109] See Jaroslav Pelikan, The Idea of the University: A Re-Examination 65 (1992) (“[i]t is not an inconsistency to insist that the healthiest community . . . is one in which scholars are not obliged to be in the community incessantly, and therefore that one of the functions of the community of scholars is to protect the right and need of the scholars in the community to be by themselves”) (or, presumably, within some sub-community).

[110] See Jim Sidanius, et al., Ethnic Enclaves and the Dynamics of Social Identity on the College Campus: The Good, the Bad, and the Ugly, 87 J. Personality & Social Psych. 96, 96 (2004). The university has long been thought of as a safe or protective space in other respects. See Collini, supra note 57, at 56.

[111] See, e.g., Roderick A. Ferguson, The Re-Order of Things: The University and Its Pedagogy of Minority Differences 81 (2012).

[112] See Sidanius, supra note 110, at 96; Pelikan, supra note 109, at 65. Concisely put, uninhibited debate may well not be fully compatible with an assumed pre-existing genuine campus community. The University of Chicago appears to endorse the former, even at some cost in the latter, but then registers a number of function-based exceptions to that endorsement. See Report of the Committee on Freedom of Expression, available at http://provost.uchicago.edu/FOECCommitteeReport.pdf (2015) (visited January 15, 2016). For a similar stance, see the Princeton University Faculty Statement, available at www.princeton.edu/main/news/archive (April 7, 2015) (visited January 15, 2016).

[113] See supra notes 25, 33, 34, 69, 70 and accompanying text.

[114] See supra notes 26, 58, 96, 99, 110 and accompanying text. Consider also the implications for this conflict of classifying the promotion of social justice and broad sustainability as genuinely basic university functions.

[115] For a sense of the disparate contemporary understandings of the very idea of truth, see, e.g., Timothy M. Mosteller, Theories of Truth: An Introduction (2014); Truth (Oxford Readings in Philosophy) (Simon Blackburn & Keith Simmons eds., 1999).

[116] It is certainly possible to argue that at least some theories of knowledge or truth are not themselves neutral with regard to the values, aims, interests, and priorities of minority communities on campus. If so, then to whatever degree a given campus reflects such theories, there is the possibility of either reduced or enhanced conflict between the uninhibited pursuit of truth, and the values and interests of minority campus communities. This Article will not, however, assume that concrete political, moral, or cultural implications are genuinely built into any popular theory of truth or knowledge. For broader discussion, see Simon Blackburn, Truth: A Guide (2007).

[117] The campus cultural contradiction between freedom of inquiry and responsibility in inquiry is not resolved merely by rhetorically pairing the ideas of freedom and responsibility conjunctively. See, e.g., Pelikan, supra note 109, at 58, 65. For an extended argument for supplementing and tempering a speaker’s freedom of expression with the values of civility, self-restraint, and respect, see Edward Shils, The Virtue of Civility: Selected Essays on Liberalism, Tradition, and Civil Society (Steven Grosby, ed.) (1997). See also Cheshire Calhoun, The Virtue of Civility, 29 Phil. & Pub. Aff. 251 (2000), and more broadly, the concept of a conversation, as developed in Sherry Turkle, Reclaiming Conversation: The Power of Talk in a Digital Age (2015). The idea of a genuine conversation might in turn be linkable to the idea of genuinely discursive public decision making, as in Jurgen Habermas, Moral Consciousness and Communicative Action (Christian Lenhardt & Shierry Weber Nicholsen trans., 1990) (1983).

[118] For present purposes, we set aside the otherwise increasingly important question of who is to count, in the first place, as a member of any relevant campus community. This question notably arises in the context of students whose connection with the physical or residential university campus is largely or entirely virtual, or online, and in the context of the increasing percentages of adjunct and temporary faculty, whose connection to any particular campus may in some respects be attenuated.

On the general question of virtual or remote college-level education, see, e.g., Nannerl O. Keohane, Higher Education in the Twenty-First Century: Innovation, Adaptation, Preservation, 46 PS: Political Science & Politics 102, 103 (2013); Frank B. McCluskey & Melanie L. Winter, Academic Freedom in the Digital Age, 22 On the Horizon 136, 127 (2014). See also Jonathan Haber, MOOCs (2014). On the role of adjunct or contingent faculty, see House Committee on Education and the Workforce Democratic Staff, The Just-in-Time Professor, available at www.mpsanet.org/portals (January, 2014) (visited January 15, 2016); Noam Chomsky, How America’s Great University System Is Being Destroyed (February 28, 2014), available at www.alternet.org/corporate-accountability-and-workplace/chomsky (visited January 15, 2016); Delbanco, supra note 59, at 4-6.

[119] Again, we do not herein emphasize the differences between public and private universities, or other differences within each of these categories. See supra note 1.

[120] We also set aside here questions of the increasingly murky, and as yet largely judicially unresolved, boundaries between on-campus and off-campus, but directly campus-related, speech. For a sense of some of the options at the pre-university level, see, e.g., Bell v. Itawamba Cnty. Sch. Bd., 799 F.3d 379 (5^th Cir. 2015) (en banc); Wynar v. Douglas Sch. Dist., 728 F.3d 1062 (9^th Cir. 2013); Kowalski v. Berkeley Cnty. Schs., 652 F.3d 565 (4^th Cir. 2011); J.S. ex rel. Snyder v. Blue Mt. Sch. Dist., 650 F.3d 915 (3d Cir. 2011) (en banc); Layshock v. Hermitage Sch. Dist., 650 F.3d 205 (3d Cir. 2011) (en banc); Doninger v. Niehoff, 527 F.3d 41 (2d Cir. 2008).

[121] Chaplinsky v. State, 315 U.S. 568, 572 (1942).

[122] Id. (quoting Cantwell v. Connecticut, 310 U.S. 296, 309 (1940)). More broadly, one might easily argue that some of the leading discussions of free and open discussion on campus are not at all logically committed to condoning the use of vulgar epithets. Consider, in this context, e.g., John Henry Newman, supra note 23, at 473.

[123] See supra notes 26, 35-37, 48, 53-54, 58, 88-90, 93-99 and accompanying text.

[124] See, e.g., supra notes 25, 34, 70 and accompanying text.

[125] See supra note 56 and accompanying text.

[126] See supra note 60 and accompanying text.

[127] See the authorities cited infra notes 131, 134.

[128] See supra note 121.

[129] Id. at 572.

[130] Consider the classic essay by W.H. Auden, Anger, in The Seven Deadly Sins 78, 83 (2002 ed.) (1962).

[131] See, e.g., Richard Delgado & Jean Stefancic, Understanding Words That Wound (2004); Jeremy Waldron, The Harm in Hate Speech ch. 1 (2012); Ronald Turner, On Free, Harmful, and Hateful Speech, 82 Tenn. L. Rev. 283 (2015).

[132] See Waldron, supra note 131, at 4-6.

[133] See Delgado & Stefancic, supra note 131, at 12, 117.

[134] For background, see Habermas, supra note 117; Michael Oakeshott, Rationalism in Politics and Other Essays 304, 312 (reprint ed., 1984) (1962) (education in general and the university in particular as crucially a matter of conversation); H.P. Grice, Logic and Conversation, available at http://edge.edx.org/asset-v1:Brown 45 (on “conversationally unsuitable” moves) (visited January 20, 2016); Michael Oakeshott, The Idea of a University 25-26, available at www.cse.cuhk.edu.hk/irwin/king (1989) (1950) (visited January 20, 2016) (“[t]he pursuit of learning is not . . . an argument or a symposium; it is a conversation”). See also R. George Wright, Traces of Violence: Gadamer, Habermas, and the Hate Speech Problem, 76 Chi.-Kent L. Rev. 991 (2001).

[135] William Shakespeare, Richard III, act 1, scene 2, line 59 at 25 (Folger ed., 2014) (~1623).

[136] Id. line 16 at 33.

[137] Id. line 75 at 25.

[138] Interestingly, the English medieval universities of very roughly Richard III’s time may have disciplined rather similarly what we might consider “scurrilous or offensive language” in general, and invidious comparisons among countries, races, and sciences in particular. See Robert S. Rait, Life in the Medieval University 65, 67 (Forgotten Books ed., 2015) (1912).

[139] See Chaplinsky, 315 U.S. at 572.

[140] Nor does the first, or verbal injury, prong invariably balance out the second prong’s lack of cultural neutrality.

[141] Note the assumption not so much that men will be doing the fighting, as that men, in whatever sense, will be doing the judging.

[142] Chaplinsky, 315 U.S. at 573.

[143] See id.

[144] Id.

[145] If not also an equal protection or civil rights violation.

[146] See, e.g., People v. Stamp, 2 Cal. App. 3d 203, 210, 82 Cal. Rptr. 598, 610 (1970); A.M. Honore, Review: Legal Cause in the Law of Torts, 77 Harv. L. Rev. 595, 600 (1964) (reviewing Professor Robert M. Keeton’s treatment).

[147] Note that courts have occasionally felt up to the task of distinguishing between appropriate sensitivity and legally unreasonable hypersensitivity in matters of religious response and belief. See, e.g., Books v. Elkhart Cnty, 401 F.3d 857, 867 (7^th Cir. 2005) (citing authority).

[148] Thinking of a victim in the most appropriate terms, somewhere between abstract, nearly empty universalism and detailed, concrete particularism, poses issues similar to those associated with the broader problem of a proper choice among levels of generality in description. See, e.g., Laurence H. Tribe & Michael C. Dorf, Levels of Generality in the Definition of Rights, 57 U. Chi. L. Rev. 1057 (1999).

[149] This language is borrowed from the American Civil Liberties Union discussion Hate Speech On Campus 2, available at www.aclu.org/hate-speech-campus (visited January 25, 2016).

[150] See, classically, Justice Brandeis’s nominal concurrence in Whitney v. California, 274 U.S. 357, 377 (1927) (Brandeis, J., concurring). See also Brown v. Hartlage, 456 U.S. 45, 61 (1982) (citing authority); ACLU, supra note 149, at 2; A.C. Grayling, Wimpering [sic] Students Need to Grow Up or Get Out of University 2, available at www.telegraph.co.uk/education/educationopinion (December 4, 2015) (visited January 25, 2016).

[151] See the authorities cited supra notes 131, 134.

[152] See id.

[153] See ACLU, supra note 149, at 2; Grayling, supra note 150, at 2.

[154] Grayling, supra note 150, at 2. Professor Grayling begins his argument, interestingly, by conceding that “[a] university . . . should be a safe place for diverse ethnicities, sexualities, and viewpoints. It should be a domain founded on tolerance and mutual respect, where no one feels excluded or marginalized.” Id.

[155] 547 U.S. 410 (2006).

[156] See id. at 419-22. The Garcetti majority thus built upon the foundations of Pickering v. Bd. of Educ., 391 U.S. 563 (1968) and Connick v. Myers, 461 U.S. 138 (1983). To see the logic of the Garcetti majority in this respect, one might think of speech within the scope of one’s job responsibilities as “hired” speech, with the content being bought, and specifiable, by the government employer, as distinct from, for example, a letter by the public employee to a general newspaper editor, or an occasional op-ed column.

[157] See Garcetti, 547 U.S. at 427, 438 (Souter, J., dissenting). Justice Souter cited a number of the most familiar academic freedom related cases, including Grutter v. Bollinger, 539 U.S. 306, 309 (2003) (“the expansive freedoms of speech and thought associated with the university environment”); Keyishian v. Bd. of Regents, 385 U.S. 589, 603 (1967) (“[o]ur nation is deeply committed to safeguarding academic freedom, which is of transcendent value to all of us”); Sweezy v. New Hampshire, 354 U.S. 234, 250 (1957) (academic freedom as an area “in which government should be extremely reticent to tread”). See also Healy v. James, 408 U.S. 169, 180 (1972) (“[t]he college classroom with its surrounding environs is peculiarly the ‘marketplace of ideas’”); Keyishian, supra, at 603 (“[t]he classroom is peculiarly the ‘marketplace of ideas’”). But see Urofsky v. Gilmore, 216 F.3d 401, 412 (4^th Cir. 2000) (en banc) (“[t]he Supreme Court, to the extent it has constitutionalized a right of academic freedom at all, appears to have recognized only an institutional right of self-governance in academic affairs”).

[158] Garcetti, 547 U.S. at 425.

[159] For a sense of the judicial division in this area, see the discussion in Klaassen v. Univ. of Kansas School of Medicine, 84 F. Supp. 2d 1228, 1251 (D. Kan. 2015). For a sense of the university reaction, see, e.g., Robert M. O’Neil, The AAUP in the Courts, available at www.aaup.org/article/aaup-courts (January-February, 2015) (visited February 21, 2016); Modern Language Association Committee on Academic Freedom, Ramifications of the Supreme Court’s Ruling in Garcetti v. Ceballos, available at www.mla.org/Resources/Research/Surveys (2010) (visited February 21, 2016).

[160] See Renken v. Gregory, 541 F.3d 769, 775 (7^th Cir. 2008) (“Renken made his complaints regarding the University’s use of NSF funds pursuant to his official duties as a University professor. Therefore his speech was not protected by the First Amendment”). Note, though, that the speech in question may seem more administrative than classically scholarly or pedagogical in nature. See Recent Case, 127 Harv. L. Rev. 1823, 1828 (2014) (emphasizing such a distinction).

[161] See Adams v. Trustees of Univ. of N.C., 640 F.3d 550, 563 (4^th Cir. 2011) (noting that the professional speech involved “scholarship and teaching” as distinct from “declaring or administering university policy”).

[162] See Demers v. Austin, 746 F.3d 402, 411-12 (7^th Cir. 2011) (Garcetti . . . consistent with the First Amendment, cannot . . . apply to teaching and academic writing that are performed ‘pursuant to the official duties’ of a teacher and professor”). Demers cites Adams, supra note 161, as well as the Grutter, Keyishian, and Sweezy cases, supra note 157. See also Leonard M. Niehoff, Peculiar Marketplace: Applying Garcetti v. Ceballos in the Public Higher Education Context, 35 J. College & U.L. 75 (2008) (noting critiques of the extensions of Garcetti into academic freedom contexts); Kermit Roosevelt, III, Not As Bad As You Think: Why Garcetti v. Ceballos Makes Sense, 14 U. Pa. J. Const. L. 631, 658-59 (2012) (Garcetti as it stands, or with only limited modification, as protecting the university’s institutional decision making autonomy, assuming the appropriate availability of tenure systems, civil rights and anti-discrimination statutes, and whistle-blower protection statutes).

[163] See Lochner v. New York, 198 U.S. 45, 76 (1905) (Holmes, J., dissenting) (“[g]eneral propositions do not decide concrete cases”).

[164] For background, see D.W. Hamlyn, The Concept of a University, 71 Phil. 205, 207-09 (1996) (noting certain inevitable limitations on a university’s institutional autonomy, given substantial external funding for partly externally chosen purposes).

[165] Legendarily, in a faculty hiring context, Professor Bertrand Russell’s potential interest in speaking freely about university campus lifestyle issues once came into conflict with particular conceptions of a university as promoter of civic responsibility and of student character and virtue. See the remarkable case of Kay v. Bd. of Educ., 18 N.Y.S. 2d 821 (Sup. Ct.), aff’d mem., 20 N.Y.S.2d 1016 (App. Div. 1940). See supra note 48. Or consider, say, a faculty member’s deep critique of a student’s basic abilities.

[166] Note the qualifications referred to in Roosevelt, supra note 162, at 658-59.

[167] See supra notes 25, 34 and accompanying text.

[168] See supra note 33 and accompanying text.

[169] See supra note 42 and accompanying text.

[170] See supra note 70 and accompanying text.

[171] See supra notes 39-41 and accompanying text, and classically, the designated foils critiqued in Thorstein Veblen, supra note 69.

[172] See supra note 52 and accompanying text.

[173] As in some interpretations of the sources cited in notes 60-61 supra and accompanying text.

[174] See supra notes 88-90 and accompanying text.

[175] See Robert J. Gordon, The Rise and Fall of Growth 649 (2016) (“the percentage of jobs subject to occupational licensing has expanded from 10 percent to 1970 to 30 percent in 2008”).

[176] 816 N.W.2d 509 (Minn. 2012). This discussion assumes that the student speech bears a sufficient nexus to the university, and that the speech cannot reasonably be attributed to the university itself.

[177] See id. at 516, 517, 520.

[178] See id. at 521, 523. For helpful commentary on Tatro and related cases, see Emily Gold Waldman, University Imprimaturs on Student Speech: The Certification Cases, 11 First Amend. L. Rev. 382 (2013); Mark A. Cloutier, Note, Opening the Schoolhouse Gate: Why the Supreme Court Should Adopt the Standard Announced in Tatro v. University of Minnesota to Permit the Regulation of Certain Non-Curricular Speech in Professional Programs, 55 B.C. L. Rev. 1659 (2014).

[179] Consider the more and less student speech-protective outcomes in Oyama v. University of Hawaii ____ F.3d ____ (9^th Cir. 2015); Ward v. Polite, 667 F.3d 727 (6^th Cir. 2012); Keeton v. Anderson-Wiley, 664 F.3d 865 (11^th Cir. 2011); Axson-Flynn v. Johnson, 356 F.3d 1277 (10^th Cir. 2004).

[180] See Oyama, ____ F.3d at _____.

[181] For an introduction to whether public high school student free speech rules should generally apply to more mature college and university students, see Hosty v. Carter, 412 F.3d 731 (7^th Cir. 2005) (en banc). See also Eric Posner, Universities are Right—and Within Their Rights—to Crack Down on Speech and Behavior, available at www.slate.com/articles (February 12, 2015) (visited February 21, 2016) (interrogating the distinction in maturity level between college and high school students). Much more broadly, see Butler v. Michigan, 352 U.S. 380 (1957) (adult speech not to be held legally hostage to only that which is fit for children).

[182] For a classic, if doubtless less than comprehensive, statement, see Brown v. Bd. of Educ., 347 U.S. 483, 493 (1954) (education as today linked to good citizenship, socialization, later training, and discharge of public responsibilities).

[183] Oyama, _____ F.3d at ______.

[184] Note that a graduate student in astronomy who intends solely to tout the explanatory and predictive power of astrology poses, in the absence of any fraud or deception, a much less disturbing case. Further afield, a professorial tenure candidate whose research and teaching interests universally strike institutional and external peers as bizarre, trivial, groundless, or eccentric, and as uninterestingly and unprovocatively so, should not rely on a sensible approach to individual academic freedom to save the tenure case. For background, see, e.g., the 1940 AAUP Statement of Principles on Academic Freedom and Tenure, available at www.aaup.org/report/1940-statement-principles-academic-freedom-and-tenure (visited February 4, 2016). On presumed academic competence, see Robert C. Post, Academic Freedom and Legal Scholarship, 64 J. Legal Educ. 530, 533 (2015).

[185] Hutchins, supra note 69 and accompanying text. See also Thaddeus Metz, A Dilemma Regarding Academic Freedom and Public Accountability in Higher Education, 44 J. Phil. Educ. 529 (2010) (noting possible conflicts between pursuing knowledge for its own sake and benefiting society).

[186] See supra note 25 and accompanying text.

[187] See supra note 26 and accompanying text.

[188] See supra note 34 and accompanying text.

[189] See supra note 43 and accompanying text.

[190] See supra notes 55-56 and accompanying text.

[191] See supra notes 39-41, 52 and accompanying text.

[192] See supra note 52 and accompanying text.

[193] The literature on individual and institutional academic freedom in general is of course immense. Beyond the works cited above, see, e.g., The Concept of Academic Freedom (Edmund L. Pincoffs ed., 1975); Judith Butler, Exercising Rights, in Who’s Afraid of Academic Freedom? 293 (Akheel Bilgrami & Jonathan R. Cole, eds.) (2015) (emphasizing the basic material prerequisites of academic freedom); J. Peter Byrne, The Social Value of Academic Freedom Defended, 91 Ind. L.J. 5 (2015); Stanley Fish, It’s Not About Free Speech or Academic Freedom, available at www.huffingtonpost.com/stanley-fish/its-not-about-free-speech (November 23, 2015) (visited February 5, 2016); Aziz Huq, Easterbrook On Academic Freedom, 77 U. Chi. L. Rev. 1055 (2010); Robert Post, Why Bother With Academic Freedom?, available at http://digitalcommons.law.yale.edu/fss_papers/4936 (2013) (visited February 5, 2016); Frederick Schauer, Is There a Right to Academic Freedom?, 77 U. Colo. L. Rev. 907 (2006); Ellen Schrecker, The New McCarthyism in Academe, Thought and Action 103 (Fall, 2005); Robert J. Zimmer, Address Delivered at Columbia University Conference on “What Is Academic Freedom For?,” available at https://president.uchicago.edu/page/address-delivered-columbia-university (October 21, 2009) (visited February 5, 2016).

Evidentiary Privilege for Researchers – OLD

11.23.2016  |  Comments Off on Evidentiary Privilege for Researchers – OLD

Its Present State and a Proposal for Its Future

 

Prof. Aman McLeod,
University of Idaho College of Law

This article addresses the importance of the ability of academics to maintain the confidentiality of the sources ued in their research. There are many academic disciplines (e.g., criminal justice, sociology, public health), in which the promise of confidentiality to research participants is essential to the discovery of information that might be of public or historic importance.   However, as this article reveals, academics in many jurisdictions enjoy little if any ability to protect the confidentiality of their sources from compulsory processes. A significant portion of this article surveys the current federal and state statutes and case law that allow scholars to protect the confidentiality of their sources. It then suggests the adoption of a decades-old, proposed statute that would erase the distinction between scholars and reporters in terms of whether they are legally entitled to protect their confidential sources. The article concludes with an assessment of the prospects for achieving reform on this issue.

Volume 43:1 Evidentiary Privilege for Researches

Abstract:

 

“If you have knowledge, let others light their candles in it.”

– attributed to Margaret Fuller[1]

For centuries, researchers have placed enormous importance on the freedom to research and write about what they choose.[2] It has long been understood that the advance of knowledge and the flourishing of artistic creativity are encouraged if researchers and artists are able to carry out their endeavors without fear of retaliation by institutions or governments.[3] Though researchers at universities and other institutions frequently speak out to defend academic freedom at universities from perceived threats like the elimination or weakening of tenure,[4] researchers have largely ignored an equally grave threat to their work, which entails being forced to divulge the identities of individuals who provide them with information for their academic work in legal or other governmental proceedings.

Reporters, and other persons who do investigative reporting, the results of which are published in newspapers, magazines, and other media, have considered their ability to protect the identity of those who provide them with information and their observations of them, to be of utmost importance.[5] Reporters argue that without the ability to reliably promise those who provide them with sensitive information that their identities will be protected from disclosure, such sources would be afraid to give the information to the press or to allow their activities to be observed.[6]   If the sources’ refuse to provide information to the press, it is further argued, that matters of vital public importance, such as corruption, threats to public health and safety, or worse will not come to the public’s attention.[7] However, all of these reasons apply with equal force to justify recognition of the right of academic researchers to keep their sources confidential as well.

Examples of the ways in which academic research serves a role similar to journalism in bringing matters of public concern to the light are not hard find. Academic studies of illicit subcultures or individuals engaged in illegal behavior help the public understand the history of conflicts, why people engage in criminal behavior, and how it can be prevented. However, such studies require academics to give their subjects assurances of confidentiality if the researchers are to secure the subjects’ participation in the study.[8] For example, researchers who interviewed participants in paramilitary groups in Northern Ireland argued in a recent federal court case that maintaining the confidentiality of their subjects was critical to their ability to document the course of the sectarian conflict that wracked that province for decades, so that future generations will have a better understanding of what occurred.[9] Similarly, the work of medical and psychological researchers alerts the public to threats to their health and leads to treatments for illnesses. However, to do their work, they also promise confidentiality to their subjects in order to secure their cooperation as a matter of course, given that subjects probably do not want information about their conditions made public.[10]   The need to promise confidentiality also extends to the study of government institutions. For example, researchers have noted that studies of police departments, including interviews with officers and observations of their activities while on duty, are often not possible without promising the participating officers that their identities will be protected by the researchers.[11]

A prominent case illustrating the need for laws protecting the confidentiality of research subjects, is that of sociologist Rik Scarse, who was incarcerated for 159 days for contempt of court because he refused to reveal information about a person that he had interviewed who was a member of a radical environmental group, and who was a suspect in a federal criminal investigation.[12] Scarce’s research into the radical environmental movement was the first of its kind, providing new insights into a branch of the environmental movement dedicated to “direct action,” a term describing tactics that diverged from more mainstream environmental groups to include civil-disobedience and property destruction.[13] Scarce’s ordeal stands as a reminder to all researchers who use subjects involved in criminal activities or who have sensitive or damaging information to divulge, that without protection from compelled revelation, they might face the difficult choice between contempt of court, and having to reveal information that could hinder future research into such topics.

The forgoing examples illustrate the point that without the ability to keep the identity of research subjects confidential, scholars would be impeded in their capacity to produce scholarship that serves the public interest, in the same way that failing to protect journalists’ ability to shield the identity of their sources impedes their ability to report news that is in the public interest. It follows that there is no logical reason for not protecting the subjects of academic research, if such protection should be offered to journalistic sources.

Arguments in favor of extending an evidentiary privilege to researchers that would permit them to keep their sources and subjects confidential have been made for many years,[14] but with little acknowledgment of the patchwork of existing law that protects researchers’ ability to maintain confidentiality.   The aim of this article is to survey the breadth of the evidentiary privilege that the work of academic researchers currently have in the United States, and to suggest the wide adoption of a proposed statute that erases the distinction between researchers and reporters in terms of whether they are legally entitled to protect their confidential sources and subjects, and grants a broad privilege to all information gained by researchers and journalists in the course of their work.

The article opens with a survey of state and federal law, which shows that the work of academic researchers probably enjoys some form of evidentiary privilege in at least seventeen states and in a minority of the federal circuits, and that this privilege is often grounded in two sources: 1) statutes and rules that were written to protect journalists, or 2) judicial opinions involving assertion of the journalist’s privilege by non-journalists. The article then discusses laws that allow government officers to extend privilege to researchers for specific projects, as well as the power that state and federal courts enjoy to privilege academic research under their rules of evidence and civil procedure. Finally, it will argue in favor of adoption, in modified form, of a model statute proposed by Profs. Samuel Hendel and Robert Bard,[15] at both the state and the federal level in order to erase the hard-to-justify distinction between journalists and researchers in terms of whose sources should be protected by an evidentiary privilege, and to eliminate the inconsistencies created by the multiplicity of laws that might offer some protection to researchers.

I. The Federal Constitutional Basis for Privilege: Branzburg v. Hayes

Branzburg v. Hayes[16] represents the U.S. Supreme Court’s primary exposition on the constitutional basis for the reporter’s privilege. This case arose when a reporter, Branzburg, observed the making of hashish from marijuana and was later called before a state grand jury to implicate the persons involved.[17] Two other petitioners, also reporters, both reported stories about the Black Panther Party, which, at the time, was a controversial revolutionary organization.[18] These two petitioners were later called to state and federal grand juries respectively to testify about what they had seen and heard while reporting their stories.[19] All three reporters claimed that the free flow of information protected by the First Amendment gave them a right not to divulge information about their confidential sources, and that being forced to give information about their sources would cripple their ability to gather and disseminate news.[20]

“In its holding, the Supreme Court refused to recognize a general privilege for reporters under the First Amendment’s guarantee of freedom of the press,[21] but made it clear that First Amendment rights were implicated when a reporter was forced to reveal confidential sources.[22] Furthermore, the Court specifically noted that a grand jury summons to a reporter to divulge information about a confidential source must be done in good faith,[23] and suggested that for the request to withstand constitutional scrutiny, the government must “convincingly show a substantial relation between the information sought and a subject of overriding and compelling state interest.”[24]

The Court’s reluctance to find a robust evidentiary privilege for journalistic sources was not surprising given judges’ general reluctance to recognize new evidentiary privileges.[25] In his article, Creating Evidentiary Privileges: An Argument for the Judicial Approach,[26] Raymond F. Miller noted that courts have generally justified the recognition of new privileges to protect the privacy of communications within important relationships, and to safeguard individual privacy.[27] Courts appear to take seriously the notion that new privileges should not be created unless they are strongly justified, given the importance of access to all relevant evidence in reaching just resolutions in criminal and civil cases. Accordingly, judges have generally left the creation of new privileges to legislatures.[28] However, the willingness of the Branzburg-Court to find that newsgathering enjoyed some protection under the First Amendment,[29] suggested the importance that the Court placed on this activity, and gave lower courts a precedent for the creation of a privilege for journalists’ sources.

In his opinion in McKevitt v. Pallasch,[30] Judge Richard A. Posner discusses the reception of Branzburg in the federal courts of appeals, and notes that many appeals courts that have considered the case have found that there is a reporter’s privilege.[31] Judge Posner inferred that one basis for these holdings is Justice Lewis F. Powell’s statement in his concurring opinion that claims of journalistic privilege should be decided on a case-by-case basis by balancing the freedom of the press against the obligation to assist in criminal proceedings,[32] along with the fact that the four dissenting justices in Branzburg would have gone further than Powell in protecting journalist’s sources under the First Amendment.[33] Judge Posner also notes that although many circuit courts recognize a reporter’s privilege, they do not agree as to its scope, with some, for example, recognizing the privilege generally, but not in cases, like Branzburg, that involved a grand jury proceeding.[34] Furthermore, according to Posner,[35] among the cases that recognize a journalist’s privilege, some do not refer to Branzburg as the source of the privilege,[36] some treat the “majority” opinion in Branzburg as a plurality opinion,[37] and some read as Branzburg as explicitly recognizing a reporter’s privilege.[38]

Some courts of appeals have been prepared to expand the definition of a reporter in terms of who is entitled to keep sources confidential. Von Bulow v. von Bulow,[39] which was decided by the United States Court of Appeals for the Second Circuit in 1987, exemplifies a case in which a circuit court extended the journalist’s privilege to a non-journalist. Von Bulow arose out of a civil suit that was filed against a wealthy man by his stepchildren who claimed he allegedly attempted to murder their mother.[40] During the discovery phase of the trial, the court ordered a close friend of the defendant to deliver to the plaintiff a copy of a manuscript that she was writing about the defendant’s earlier criminal trial for attempted murder.[41] When the friend refused to comply with the order claiming that she was entitled to the reporter’s privilege, the district court held that she was not entitled to such a privilege, and eventually cited her for civil contempt of court.[42] When the contemnor appealed the civil contempt ruling, the appeals court held that though she was not entitled to invoke the journalist’s privilege in her case,[43] that privilege extended to anyone who could demonstrate “…the intent to use material — sought, gathered or received — to disseminate information to the public and that such intent existed at the inception of the…process.”[44] As of 2015, four other circuit courts of appeals, the First,[45] the Third,[46] the Ninth,[47] and the Tenth,[48] appear to employ a definition of a journalist that it broad enough to encompass non-journalists who gather information for publication, which is a definition broad enough to include academic researchers.

By adopting a broad definition of who is entitled to protect their sources, all of these courts acknowledged, as did the Supreme Court in Branzburg,[49] that the process of newsgathering receives some protection under the First Amendment,[50] and that the source of this First Amendment protection is a strong belief in the importance of the free flow of information.[51]   This holding has led these courts to extend the protections of the First Amendment to all those who gather information with the intent to publish, just as reporters do, without requiring them to be affiliated with a traditional news corporation or to be explicitly identified as a journalist.[52] In other words, these courts saw no meaningful distinction between the work of journalists that was deserving of constitutional protection, and the work of the non-journalists at issue in the cases.

As Justice White pointed out in his opinion for the Court, this privilege had not been recognized by state courts.[53] However, by 1972, seventeen states had enacted statutes creating a privilege for journalists,[54] and, after Branzburg, some state courts used the Branzburg opinion in that case to justify recognizing a privilege.[55] In those states where a journalist privilege is protected by statute, state legislators and other officials have generally justified these laws by saying they are needed to protect the public’s right to receive information about matters of great importance specifically by facilitating journalists’ use of confidential sources.[56] Some officials have also cited the need to provide additional protection for whistleblowers who seek to expose corruption.[57] In the wake of Branzburg, at least one legislator spoke in support of her state’s shield law by saying that it was need to ensure protection for journalists’ First Amendment rights.[58] As of 2015, every state except Hawaii and Wyoming extended some privilege to journalists’ sources either by statute (thirty-seven states), court-made rule of evidence (two states) or state appellate court ruling (nine states).[59]

II. State Reporter’s Shield Statutes[60]

The fact that so many states have by one means or another decided to protect journalists from having to reveal their sources indicates that they place significant importance on the free flow of information that this protection facilitates. However, in finding a balance between protecting sources and facilitating discovery in the judicial process, states have adopted different definitions of who may protect their sources from court-ordered revelation. Although most of these statutes might have been written with journalists in mind, some employ a definition of journalist that is broad enough to encompass academic researchers. For the purposes of categorizing jurisdictions whose reporter’s shield laws extend to academic researchers, the term academic researcher follows the definition suggested in the Hendel and Bard article. Specifically, their proposed law would apply to any “…person regularly or occasionally engaged in the purposeful collection, collation, and analysis of information, when obtained under promise of confidentiality, with the intent of bringing such information, analysis, and/or recommendations to public attention.”[61] Obviously, this definition is very broad, and includes persons who are not affiliated with institutions of higher learning or organizations dedicated to research, but this definition accounts for the reality that there are people doing academic research who are not affiliated with such institutions.[62]

The states can be divided into two categories in terms of whether state law recognizes an evidentiary privilege for researchers. The first category includes states that have no statutes, rules, or appellate case law that could be plausibly read as extending an evidentiary privilege to researchers, and the second category includes states that have legislation or case law extending such a privilege. The following states have statutes or case law that arguably or explicitly create a researcher’s privilege: Alaska,[63] California,[64] Delaware,[65] Georgia,[66] Illinois,[67] Louisiana[68], Maine[69], Massachusetts[70], Michigan[71], Minnesota[72], Missouri[73], Nebraska[74], New Hampshire,[75] North Carolina,[76] South Carolina,[77] Tennessee,[78] Texas,[79] Utah,[80] and West Virginia.[81]

Georgia’s shield law is typical of those with language broad enough to protect researchers. Its protections extend to the following:

Any person, company, or other entity engaged in the gathering and dissemination of news for the public through any newspaper, book, magazine, radio or television broadcast, or electronic means shall have a qualified privilege against disclosure of any information, document, or item obtained or prepared in the gathering or dissemination of news in any proceeding where the one asserting the privilege is not a party….[82]

Conversely, Kentucky’s statute is a prime example of a narrowly focused shield law that extends its protection only to reporters who are associated with traditional media companies:

No person shall be compelled to disclose in any legal proceeding or trial before any court, or before any grand or petit jury, or before the presiding officer of any tribunal, or his agent or agents, or before the General Assembly, or any committee thereof, or before any city or county legislative body, or any committee thereof, or elsewhere, the source of any information procured or obtained by him, and published in a newspaper or by a radio or television broadcasting station by which he is engaged or employed, or with which he is connected.[83]

Even in states where the definition of a reporter is broad enough to extend to researchers, these statutes vary as to the situations in which their protections are applicable. For example, the Michigan shield statutes only protect reporters from subpoenas issued by grand juries and prosecutors,[84] while North Carolina’s shield law applies to all legal proceedings,[85] and Nebraska’s shield law applies to all state proceedings, including legislative hearings.[86] Note that some state shield laws provide a lower level of protection by providing for a host of conditions that make the privilege inapplicable,[87] while others provide apparently absolute protection for a reporter’s sources.[88]

III. Discretionary and Nondiscretionary Privilege for Research Subjects and Data

So far, the article has discussed the protection that researchers have acquired for their confidential sources and subjects under statutes and doctrines that were primarily devised with traditional reporters in mind. However, there are some state and federal statutes that allow government officials to provide evidentiary privilege to research subjects if they determine that such protection is necessary for the research to be conducted. The existence of these laws shows that policy makers understand the need for researchers to be able to credibly promise their subjects confidentiality if they are to glean information needed to make public policy.

For example, a federal statute gives the Secretary of Health and Human Services the right to do the following:

…authorize persons engaged in biomedical, behavioral, clinical, or other research that uses federal funds (including research on mental health including research on the use and effect of alcohol and other psychoactive drugs) to protect the privacy of individuals who are the subject of such research by withholding from all persons not connected with the conduct of such research the names or other identifying characteristics of such individuals. Persons so authorized to protect the privacy of such individuals may not be compelled in any Federal, State, or local, civil, criminal, administrative, legislative, or other proceedings to identify such individuals.[89]

Additional examples include a statute that authorizes the United States Attorney General to allow researchers studying matters related to the enforcement of federal narcotics laws to keep confidential the identities of the research subjects,[90] and a statute that prohibits federal employees and those engaged in research funded by the Office of Justice Programs from revealing the identities of research subjects.[91]

Some state officials also have the power to privilege the identities of research subjects who might not otherwise participate in a study without the promise of confidentiality. For example, a California law authorizes the state attorney general to privilege the identity of subjects that participate in research into the use of controlled substances,[92] and a New Hampshire law allows the state’s Commissioner of Health and Human Services to privilege information obtained for the purposes of medical or scientific research.[93] Minnesota[94] and Michigan[95] have laws that forbid, except in a few circumstances, the disclosure before any state tribunal of information that was collected by the state health department for the purpose of promoting public health.

IV. Rules of Civil Procedure

Federal and state rules of civil procedure provide some protection to researchers who do not wish to reveal sensitive information about their subjects, although not as comprehensively or with the same level of certainty as a shield law. The Federal Rules of Civil Procedure (FRCP) do this by limiting access to the normal tools of pre-trial discovery “…if the court determines that the discovery sought is unreasonably cumulative or duplicative, or is obtainable from some other source that is more convenient, less burdensome, or less expensive.”[96] Although this power granted by the FRCP does not formally privilege the information that researchers gather, it is a tool that provides some protection because it allows researchers to make the claim that turning over sensitive information about research subjects would be burdensome. This argument has succeeded on several occasions in federal court. For example, in In re Snyder,[97] the trial court granted a motion to quash a subpoena that had been served on a retired auto safety researcher to testify in a case against an auto manufacturer. Although the court rejected the researcher’s claim that his data were privileged under federal law,[98] it granted the motion to quash on grounds of burdensomeness, arguing, among other things, that forcing him to testify would set a precedent that could deter future research into topics where subjects would demand confidentiality, and could result in researchers having to answer many subpoenas regarding their work.[99]

Federal courts have also ruled that researchers may avail themselves of the courts’ power to issue protective orders limiting the scope of what they can be compelled to disclose in civil litigation under the Federal Rules of Civil Procedure.[100] Specifically, the rules allow courts to issue protective orders to shelter parties from, among other things, “…annoyance, embarrassment, oppression, or undue burden or expense” in the discovery process.[101] For example, in In re Bextra & Celebrex Mktg. Sales Practices & Prod. Liab. Litig.,[102] a federal district court issued a protective order that limited the information that the New England Journal of Medicine had to divulge regarding the identity and comments of its peer reviewers, since this would interfere with the journal’s peer review process.[103] Federal courts are divided on the question of whether and to what extent the confidentiality of the peer-review process should be upheld in litigation.[104]

The Federal Rules of Civil Procedure also allow courts to quash or modify subpoenas to “unretained experts,” if the subpoena requires disclosing the expert’s opinion, or information that does not relate to specific occurrences in the dispute and was not the result of a study requested by a party.[105] One of the intended effects of this rule has been to guard against experts having their intellectual property “taken” by being forced to testify,[106] but it also provides researchers with a tool to prevent the revelation of confidential sources that their work might have relied upon. Civil procedure rules like those in the Federal Rules of Civil Procedure that allow experts to quash or modify subpoenas or to issue protective orders also exist in state courts.[107]

V. Rules of Evidence

Federal and state rules of evidence provide yet another avenue for the protection of the confidentiality of research subjects. Specifically, the rules of evidence in federal courts and in the courts of several states give judges the discretion to recognize new evidentiary privileges, apart from any privileges that might exist in state statutes, or that are based on federal or state constitutional law. Accordingly, in these jurisdictions, there are three ways that the identity of research subjects might be protected.

Federal Rule of Evidence 501 is the most prominent example of a rule of evidence that allows for the recognition of new privileges. This rule reads as follows: “[t]he common law — as interpreted by United States courts in the light of reason and experience — governs a claim of privilege unless any of the following provides otherwise: The United States Constitution; a federal statute; or rules prescribed by the Supreme Court.”[108] Pursuant to this rule, the federal courts have recognized a host of privileges, including attorney-client, spousal, and clergy-penitent.[109]

To date, the federal courts have not been very receptive to claims that academic researchers deserve a privilege under Rule 501.   For example, in Wright v. Jeep Corp., a federal district court in Michigan rejected the notion that there was a common law evidentiary privilege for academic research, stressing the importance of access to evidence in the civil justice process.[110] On the other hand, in In re Grand Jury Subpoena, the Second Circuit Court of Appeals considered whether it was proper for the district court to have quashed a grand jury subpoena that would have required a graduate student, Mario Brajuha, to divulge information for his dissertation obtained from sources whom he had promised confidentiality.[111] Noting that Brajuha had not established a basis in the record for the court to rule on his request for recognition of an academic privilege under Rule 501, the court remanded the case to the district court for further proceedings.[112] However, it did not deny that an academic privilege might be protected under Rule 501, if Brajuha were able to establish an adequate basis for such protection.[113] No other federal court has suggested that a privilege for researchers’ sources might find protection under Rule 501.[114]

The states are split nearly evenly as to whether their trial courts are permitted to privilege evidence based on court rulings. Twenty-six states[115] allow their trial courts to create privileges, while the remainder and the District of Columbia explicitly prohibit their lower courts from issuing such rulings. In those states that allow their trial courts to create new privileges under state rules of evidence, none have used these provisions to protect a researcher’s privilege. Instead, such a privilege is protected, if at all, by state statute,[116] by rule of evidence,[117] or by appellate court decision based on a constitutional provision.[118]

Finally, it should be noted that some researchers can find sanctuary under the physician-patient[119] and psychotherapist-patient[120] privileges. Although these privileges were not intended to protect researchers, they might be available to physicians and psychotherapists who are basing their research on patients whom they have treated.

VI. A Proposal for Expanding Recognition of an Evidentiary Privilege for Researchers.

The foregoing discussion of the ways in which researchers are afforded privilege for their work reveals a makeshift system of protections that are available to researchers depending on the jurisdiction, and sometimes about the research or the researcher’s employer. The privilege for researchers’ sources is also not as widespread or as easily utilized as the privilege for journalists sources. The forgoing also suggests that efforts to expand the researcher’s privilege should be aimed at the adoption of legislation expanding the privilege, rather than seeking recognition of it in the courts.

The evidence supporting this conclusion is found in the judiciary’s reluctance to create new evidentiary privileges based on anything other than constitutional arguments.   When it comes to common law arguments for new privileges, the judges of American courts appear to be firm believers in the phrase popularized by Dean Wigmore in his treatise on evidence, that “[T]he public… has a right to every man’s evidence,”[121] and are, therefore, reluctant to find new privileges unless grounded in constitutional law.[122] For example, in the twenty-five years following the adoption of the Federal Rules of Evidence by the United States Supreme Court, “…the federal courts have exercised this authority [under FRE 501] to confirm the eight privileges which existed in the common law prior to 1973 and to introduce one new privilege [psychotherapist-patient].”[123] Over roughly the same time period, recognition of new privileges by state courts was negligible.[124]

Constitutional arguments for recognizing new evidentiary privileges have done better in courts. For example, important privileges and doctrines of exclusion in criminal cases are constitutionally based, as are doctrines that allow the exclusion of evidence that might reveal state secrets and the identity of government informers.[125] Furthermore, as was mentioned above, litigants have gotten at least some recognition of a privilege that would apply to researchers’ subjects in four of the federal circuit courts of appeals and in a few state appellate courts based on First Amendment arguments,[126] but only after the Supreme Court opened the door to this expansion with its Branzburg opinion when it noted that the First Amendment affords some protection to journalists from having to reveal their sources.[127] This suggests that Branzburg was the catalyst for these court opinions, as opposed to a general eagerness on the part of judges to create new privileges, and the fact that more courts have not used Branzburg to create a privilege for researchers is more evidence of this reluctance.

Since the Nineteenth Century, the legislatures have replaced the judiciary as the primary developers of privilege law,[128] given that the courts clear reluctance to create more evidentiary privileges. It follows from this conclusion that legislatures should be the focus of efforts to secure changes in the law that will provide researchers with an unambiguous evidentiary privilege for their subjects.[129]

V. A Legislative Proposal

Hendel and Bard’s 1973 proposal for a shield law for researchers is a useful proposal to build upon because of its breadth in terms of who enjoys its protections and because of the balance it strikes between protecting the identity of research subjects and the need for evidence in criminal and civil trials. Their proposal borrows from provisions in existing reporter’s shield laws to create a broad privilege for all of those who offer information in the public interest. For example, regarding its protections, the Hendel and Bard proposal is very similar to some reporter’s shield laws already in existence,[130] except that it eliminates any suggestion that the law’s protections are restricted to traditional journalists. Note also, that the proposal does not require anyone to be affiliated with a specific type of organization or institution to enjoy its protections. In this respect, the Hendel and Bard proposal is like the more liberal reporter’s shield laws that do not require affiliation with any traditional media organization, [131] and therefore, recognizes that independent researchers deserve the protection of the law as well.

Hendel and Bard would allow covered individuals to assert the privilege “… whenever there is a reasonable possibility that [compelled] testimony may compromise confidential sources of information relevant to public pursuits or require revelation of confidential information gathered in the course of his or her activities as a researcher.”[132] This language would appear to cover a range of information similar to that protected by some existing statutes,[133] in that it would protect the identities of a researcher’s sources and subjects, information obtained from them, and a researcher’s personal observations of sources and subjects. Hendel and Bard would also extend the privilege to non-confidential as well as to confidential communications, which also mirrors some existing statutes.[134] Finally, like some existing shield laws, the Hendel and Bard proposal would not require researchers to give a promise of confidentiality to their subjects and sources to invoke the privilege.[135]

The scope of the protection afforded by the Hendel and Bard proposal is also quite broad in terms of the fora in which it can be applied. For example, Hendel and Bard would allow researchers to assert the privilege before grand juries, legislative committees, and criminal and civil courts.[136] In this, the scope of the proposal’s protection mirrors some existing reporter’s shield laws,[137] and goes further than others which, for example, only protect against subpoenas in criminal investigations.[138] Extension beyond the civil and criminal justice context to legislative committees makes sense, in that these bodies have subpoena power,[139] and can force the revelation of confidential sources and subjects.

Hendel and Bard would allow assertion of the new privilege in all but the following circumstances:

• The government shows there is probable cause to believe that the [covered person] has information which is clearly relevant to a specific, probable, and imminent violation of law involving serious personal injury.
• He or she personally witnessed a crime involving serious personal injury.
• The material has actually been broadcast or published or otherwise publicly disseminated.
• The testimony is requested by a defendant charged with a felony and a judge determines that such testimony or records would have probative value in exculpating the defendant.
• The evidence is sought in a bona fide civil suit for libel or invasion of privacy against the [researcher] or his publisher.[140]

Furthermore, in all such cases, the authors would require that the party seeking disclosure of the information demonstrate that “…the information sought cannot effectively be obtained by alternative means less destructive of First Amendment rights.”[141] These provisions make the proposal less protective then some existing shield laws. For example, the Nebraska shield law has no exceptions,[142] but the proposal is similar to the North Carolina shield law in the exemptions that it lists.[143]

Although absolute protection for sources and subjects of academic studies might sound attractive, there are sound reasons why such a level of protection is problematic. First, privileges of all types interfere with one of the primary functions of the justice system, namely the search for truth,[144] which must be established for the courts to dispense justice under law. Some critics of broad evidentiary privileges point out the difficult position that a litigant can face if she cannot get access to evidence that could be very important to establishing her case.[145] Others argue that the lack of a reporter’s shield law does little to impede the flow of information from confidential sources to reporters,[146] and that such laws could have the effect of allowing confidential sources to use researchers and reporters to spread false information without being held accountable in court.[147]

For these reasons, the right balance must be struck between protection of sources, and the courts’ powers in discovery to bring the truth to light.[148] Hendel and Bard’s proposal was designed to strike a balance between these two imperatives,[149] and represents a middle ground between an absolute privilege for confidential sources (e.g. Nebraska’s shield law), and the case-by-case balancing approach advocated by some as an alternative to a shield law to protect researchers.[150]

Note particularly that the Hendel and Bard proposal gives the privilege to researchers, not to the subject that wishes to remain confidential.[151] Giving the privilege to the information gatherer is a common feature of reporter’s shield laws,[152] and stands in marked contrast to the attorney-client privilege, where the client holds the privilege.[153] There are practical reasons for this arrangement. First, researchers should be able to correct the record if sources make public statements that contradict information that was given in confidence to the researcher,[154] or if sources publicly attack the accuracy of researchers’ work.

The need to protect researchers by giving them the privilege weighs in favor of the deletion of two exceptions in the Hendel and Bard proposal: 1) the exception that allows a source who provided information to a researcher and who is facing a felony charge, to compel the researcher to provide exculpatory testimony, and 2) the exception that permits a researcher to be compelled to testify when the researcher has personally witnessed a crime involving serious personal injury. For reasons that will be discussed, these two exceptions have the potential to seriously undermine the benefits of the privilege that the proposal seeks to promote.

Hendel and Bard cite sensitivity to civil liberties as a reason for allowing researchers to be compelled to testify about confidential information provided by source when the source that provided the is facing a felony charge, and asks the researcher to provide exculpatory testimony;[155] however, the authors don’t consider the problems that this might cause for researchers. Some of the researchers who would need the privilege the most, particularly criminologists and sociologists studying individuals or groups that engage in criminal behavior would face the constant threat of becoming involved in criminal trials. Some researchers would certainly forgo studying certain subjects out of fear of becoming involved in a criminal case as a witness for the defense.

Similar reasons justify the deletion of the exception for situations in which researchers have witnessed a violent crime, given that some researchers would certainly forgo studying certain subjects if they thought it could result in having to testify about what they had seen. The extension of privilege to knowledge of another’s participation in a crime is well established in the law of evidence, such as in attorney-client privilege law.[156] Failure to extend the privilege to researchers in these situations could hamper the study of subjects who might regularly engage in violent activities, such as para-military groups or criminal gangs.

VI. Conclusion

This article has surveyed the condition of the privilege laws that enable researchers to protect the confidentiality of their subjects and sources and of their observations of them. It has also argued for the adoption of legislation that would extend this protection to researchers in the form of a law that would cover both researchers and reporters. Finally, the article has advanced the argument that efforts at reform should be aimed at legislatures as opposed to courts, given the latter’s reluctance to create new privileges.

Until most states modify their evidentiary privilege laws to include researchers, those who face having to reveal information about confidential sources should avail themselves of the protection of the laws of their jurisdiction, or take other steps to protect themselves from liability. For example, researchers should always fully inform their research subjects about the situations in which they will disclose, or might be forced to disclose, their identities and/or the information that the subjects have provided to the researcher. Reporters[157] and researchers[158] at most institutions are bound by ethical guidelines not to reveal the identity of sources who have been promised confidentiality subject to whatever conditions the parties agreed to without the permission of the source, and face civil liability for breach of contract if they violate a promise of confidentiality.[159]

A further precaution that can be taken to protect the identity of research subjects is to obscure the identity of the subjects in the data that is collected. Some of the measures that researchers have used to protect the identity of their subjects in this way include “…[the] immediate separation of identifiers from collected data; selective recording of information to reduce [the] potential for identifiability by inference; procedural controls, including rapid comingling of data to make linking responses to an individual more difficult; and technical controls like encryption to protect data in transit and storage.”[160] These techniques have the benefit of obscuring the identity of research subjects in the event that a researcher’s data are seized by the government[161] or by any unauthorized persons.

Still, adopting a shield law that covers researchers is a better option, given that the precautions listed above are not a substitute for laws that protect researchers from subpoenas and search warrants, and the legal problems these create. However, there are several reasons why it will be difficult to get any proposal to privilege researchers’ sources of information enacted in more jurisdictions. First, there does not appear to be any concerted lobbying effort by professional organizations that represent researchers in support of laws protecting a researcher’s privilege, although the American Sociological Association lent support to one of its members involved in a legal battle to keep his sources confidential.[162] This may be because the organizations, such as the American Association of University Professors, the Academy of Criminal Justice Sciences, and the America Public Health Association, prioritize changing policy in ways that are more closely related to the academic interests of their members,[163] or are focused on protecting academic freedom and tenure.[164] Second, researchers are a popular target for politicians, who frequently criticize them for laziness or irrelevance.[165] Until researchers make recognition of an evidentiary privilege for their confidential sources a priority, major changes will not happen.

 

 

 

[1] Margaretfuller.org http://www.margaretfuller.org/index.php?option=com_content&view=article&id=90:sermon-award-winner&catid=40&Itemid=82 (last visited December 30, 2014).

[2] See generally, Ralph F. Fuchs, Academic Freedom. Its Basic Philosophy, Function, and History. 28 Law and Contemp. Probs. 431 (1963).(discussing the history of protection of academic freedom in the academy).

[3] See generally id., and Stacey E. Smith, Note, Who Owns Academic Freedom?: The Standard for Academic Free Speech at Public Universities, 59 Wash & Lee L. Rev. 299 (2002).

[4] E.g., Evan R. Goldstein, Torture and Tenure at Berkeley, Chron. of Higher Ed., May 9, 2008, at 5.; Marianne M. Jennings & Stephen K. Happel, Op.-Ed., Don’t Eliminate Tenure Just to Trim Deadwood, Christian Sci. Monitor, Feb. 22, 1996, at 18; Aaron Petkov, Detroit’s Wayne State University Looks to Destroy Tenure, Labornotes (August 15, 2012), http://www.labornotes.org/2012/08/detroit%E2%80%99s-wayne-state-university-looks-destroy-tenure.

[5] See e.g., Hope Yen, Proposed Media Shield Law Offers Modest Shelter, Buffalo L. J., Mar. 20, 2008, p.18-22; SPJ Board Votes to Create Endowed Legal Defense Fund for Journalists, States News Service, Sept. 4, 2014.

[6] See e.g., Editorial, An Internet-Era Shield Law, L.A. Times, Dec. 31, 2009, p.28.; David B. Rivkin Jr., & Lee A. Casey, Reporters Need a Federal Shield Law, Wall St. J., Apr. 22, 2013, p. A15; Margaret Sullivan, A Blow for the Press, and for Democracy, N.Y. Times, Jul. 28, 2013, p.12; Editorial, Shielding Journalists, Wash. Post, Sept. 23, 2013, p.A14.

[7] Id.

[8] See e.g., Marvin E. Wolfgang, Confidentiality in Criminological Research and Other Ethical Issues, 72 J. Crim. L. & Criminology 345,350 (1981); Josine Junger-Tas & Ineke Haen Marshall, The Self-Report Methodology in Crime Research, 25 Crime and Just. 291, 349 (1999); Paul J. Draus, et. al., Cracking the Cornfields: Recruiting Illicit Stimulant Drug Users in Rural Ohio. 46 Sociological Q. 165, 196 (2005).

[9] See United States v. Moloney (In re Price), 685 F.3d 1, 16 (1st Cir. 2012).

[10] Ronald Bayer et. al., Guidelines for Confidentiality in Research on AIDS, 6 IRB: Ethics and Human Res. at. 1 (1984);   Christine Khosropour & Patrick S. Sullivan, Risk of Disclosure of Participating in an Internet-Based HIV Behavior Risk Study of Men Who Have Sex with Men, 37 J. of Med. Ethics 768 (2011); Ross A. Thompson, Vulnerability in Research: A Developmental Perspective on Research Risk, 61 Child Development 1, 2 (1990)

[11] See e.g., Richard J. Lundman & James C. Fox, Maintaining Research Access in Police Organizations, 16 Criminology 87, 92, 94 (1978).

[12] Rik Scarce, Researcherly Ethics and Courtroom Antics: Where Researchers Stand in the Eyes of the Law, 26 Am. Sociologist 87, 90-91, 95 (1995).

[13] Id. at 89-90.

[14] E.g. Kathleen Bond et. al., Confidentiality and the Protection of Human Subjects in Social Science Research: A Report on Recent Developments [with Comments and Rejoinders], 13 Am. Sociologist 144, 146-47 (1978); Robert H. McLaughlin, From the Field to the Courthouse: Should Social Science Research be Privileged?, 24 Law & Soc. Inquiry 927, (1999); Development in the Law- Privileged Communication in the Law: VI. Institutional Privileges, 98 Harv. L. Rev. 1592, 1610 (1985); Kathryn L. Steffen, Comment, Learning from our Mistakes: The Belfast Project Litigation and the Need for the Supreme Court to Recognize and academic Privilege in the United States, 3 Penn. St. J. of L. & Int’l. Aff. 324,326 (2014);

[15] Samuel Hendel & Robert Bard, Should there be a Researcher’s Privilege?, 59 AAUP Bull. 398 (1973)

[16] 408 U.S. 665 (1972).

[17] Id. at 668.

[18] See Garrett Albert Duncan, Black Panther Party, Encyclopaedia Brittanica, http://www.britannica.com/topic/Black-Panther-Party (last visited Jul. 7, 2015)

[19] Branzburg at 672-80.

[20] Id. at 679-81.

[21] Id. at 697.

[22] Id. at 707.

[23] Id.

[24] Id. at 700.

[25] See infra p.20-22.

[26] 31 Conn. L. Rev. 771 (1999).

[27] Id. at 782.

[28] Infra, p.20-22.

[29] Supra note 22.

[30] 339 F.3d 530 (7^th Cir. 2003).

[31] Id. at 532.

[32] Branzburg v. Hays, 408 U.S. 665, 709-10 (1972).

[33] McKeivitt at 531-32.

[34] Id. at 532. See e.g. In re Grand Jury Proceedings, 5 F.3d 397, 402-03 (9th Cir. 1993).

[35] Id.

[36] E.g., Titan Sports, Inc. v. Turner Broad. Sys., 151 F.3d 125, 128 (3^rd Cir. 1998).

[37] E.g., United States v. Smith, 135 F.3d 963, 968-69 (5^th Cir. 1998).

[38] E.g., Shoen v. Shoen, 5 F.3d 1289. 1292 (9^th Cir. 1993).

[39] 811 F.2d 136 (2nd Cir. 1987)

[40] Von Bulow Stepchildren Sue Him for $56 Million, N.Y. Times, July 20, 1985, http://www.nytimes.com/1985/07/20/us/von-bulow-stepchildren-sue-him-for-56-million.html

[41] Von Bulow v. Von Bulow, 652 F. Supp. 823, 824 (S.D.N.Y 1986).

[42] Von Bulow v. Von Bulow, 811 F.2d at 138.

[43] Id. at 146-47.

[44] Id. at 144.

[45] See e.g., Cusumano v. Microsoft Corp., 162 F.3d 708, 715 (1st Cir. 1998) (applying the privilege to an academic researcher).

[46] See e.g., Titan Sports, Inc. v. Turner Broad. Sys., 151 F.3d 125, 131 (3^rd Cir. 1998) (adopting the broad definition of a journalist used in von Bulow).

[47] See e.g., Shoen v. Shoen, 5 F.3d 1289, 1293 (9^th Cir. 1993) (applying the privilege to a book author in a civil case); but see, In re Grand Jury Proceedings, 5 F.3d 397, 399-400 (9th Cir. 1993) (refusing to apply the privilege to an academic researcher in a grand jury proceeding).

[48] See e.g., Silkwood v. Kerr-McGee Corp., 563 F.2d 433, 438 (10th Cir. 1977) (applying the privilege to a filmmaker).

[49] Branzburg v. Hays, 408 U.S. 665, 707 (1972).

[50] See Titan Sports, Inc., 151. F.3d at 128-30; Cusumano, 162 F.3d at 714; Shoen, 5 F.3d at 1293; Von Bulow, 811 F.2d at 144; Silkwood, 563 F.2d at 436.

[51] See Titan Sports, Inc., 151. F.3d at 128; Cusumano, 162 F.3d at 714; Shoen, 5 F.3d at 1292; Von Bulow, 811 F.2d at 142; Silkwood, 563 F.2d at 437.

[52] See e.g. notes 45-48.

[53] Id. at 685-86.

[54] Id. at 689 n.27.

[55] See e.g., Morgan v. State, 337 So. 2d 951, 953 (Fla. 1976); State v. St. Peter, 315 A.2d 254,255-56 (Vt. 1974); Brown v. Commonwealth, 204 S.E.2d 429, 431 (Va. 1974);

[56] E.g., Associated Press, Shield Law Balances Free Press, Fair Trial, May 7, 2009, available at 2009 WLNR 30344154.

[57] E.g., Jennifer Byrd, Reporter Shield Law Heads to WA Governor, Associated Press, Apr. 17 2007; Dee Hall, Wisconsin Shield Law Is Promising Step Forward, Green Bay Press-Gazette, May 7, 2010, at A10.

[58] See Henny Wallis, Reporter’s Shield Law Passes First Test, Eugene Register-Guard, Feb. 20, 1973, at 1A.

[59] This information was gathered by the author through a survey of state statutes, court rules and applicable precedents. Note that state appellate courts have based their rulings protecting journalists’ sources on both state and federal constitutional provisions.

[60] For the purposes of this study, the District of Columbia is considered a state.

[61] Hendel and Bard, supra note 15 at 399.

[62] See e.g., Audra Wolfe, Doing Scholarship from Outside Academe, Vitae, Dec. 4, 2014, https://chroniclevitae.com/news/824-doing-researchership-from-outside-academe, (last visited Jul. 21 2015).

[63] Alaska Stat. §§9.25.300-390 (2014).

[64] Cal. Evid. Code § 1040 (West 2015) (arguably giving academic researchers at public educational institutions a privilege against divulging confidential information related to researchership).

[65] Del. Code Ann. tit. 10 §4320 (2015).

[66] Ga. Code Ann. §24-5-508 (2015).

[67] 735 ILL. Comp. Stat. Ann. 5/8-902 (2015).

 

[68] La. Rev. Stat. Ann. §§ 45:1451-1459 (2015); See also Louisiana v. Fontanille, 1994 La. App. LEXIS 191, *3 (La. App. 5th Cir. 1994).

[69] Me. Rev. Stat. tit. 16 § 61 (2015).

[70] See Sinnott v. Boston Retirement Bd., 524 N.E.2d 100, 103-04 (Mass. 1988).

[71] Mich. Comp. Laws §§ 767.5a.,767A.6(6) (2015); See also In re Photo Marketing Assoc. Int’l., 327 N.W. 2d 515, 517-18 (Mich. Ct. App. 1982).

[72] Minn. Stat. § 595.023 (2015).

[73] See State ex. Rel. Classic III v. Ely, 954 S.W.2d 650, 655-56 (Mo. Ct. App. 1997).

[74] Neb. Rev. Stat. §§20-144-147 (LexisNexis 2015).

[75] See Mortgage Specialists v. Implode-Explode Heavy Indus., 999 A.2d 184, 189 (2010).

[76] N.C. Gen. Stat. § 8-53.11 (2015).

[77] S.C. Code Ann. § 19-11-100.

[78] Tenn. Code Ann. § 24-1-208 (2015).

[79] Tex. Civ. Prac. & Rem. Code § 22.021 (West 2015)

[80] Utah R. Evid. Rule 509.

[81] W. Va. Code § 57-3-10 (LexisNexis 2015).

[82] Ga. Code Ann. §24-5-508 (2015).

[83] Ky. Rev. Stat. Ann. § 421.100 (LexisNexis 2015).

[84] Mich. Comp. Laws Serv.§§ 767.5a.,767A.6(6) (LexisNexis 2015).

[85] N.C. Gen. Stat. § 8-53.11.

[86] See Neb. Rev. Stat. §20-146.

[87] See e.g., N.C. Gen. Stat. § 8-53.11(c)-(d).

[88] See e.g., NEB. REV. STAT. §20-146.

[89] 42 U.S.C.S. §241(d) (LexisNexis 2015).

[90] 21 U.S.C.S. § 872(c) (LexisNexis 2015).

[91] See 42 U.S.C.S. §3789g(a) (LexisNexis 2015).

[92] Cal. Health & Safety Code § 11603 (Deering 2015).

[93] N.H. Rev. Stat. Ann.§ 126-A: 11 (LexisNexis 2015)

[94] Minn. Stat. § 144.053 (2015).

[95] Mich. Comp. Laws Serv. §§ 333.2631 – 2632 (LexisNexis 2015).

[96] Fed. R. Civ. P. 26(b)(2)(B),(b)(2)(C).

[97] 115 F.R.D. 211 (D. AZ. 1987).

[98] Id. at 213.

[99] Id. at 215. See also, Morriss v. BNSF Ry. Co., 2014 U.S. Dist. LEXIS 3757 at *6-7, 17 (D.NE. 2014).

[100] Fed. R. Civ. P. 26(c)(1).

[101] Id.

[102] 249 F.R.D. 8 (D.Mass. 2008)

[103] See id. at 13-15.

[104] See Martin J. McMahon, Academic Peer-Review Privilege in Federal Court, 85 A.L.R. Fed. 691.

[105] F.R.C.P. 45(d)(3)(b)(ii).

[106] See F.R.C.P. 45 advisory committee’s note.

[107] E.g.,Fla. R. Civ. P. 1.280.(c) (FL); I.R.C.P. 45(d)(1) (ID); Mass.R.Civ.P. 26(c) (MA)

[108] F.R.E. 501.

[109] See 2 Christopher B. Mueller & Laird C. Kirkpatrick, Federal Evidence 384-961 (4^th ed. 2013)(discussing the evidentiary privileges that have been recognized in federal court).

[110] 547 F. Supp. 871, 875 (E.D. Mich. 1982).

[111] 750 F.2d 223, 224 (2nd Cir., 1984).

[112] Id. at 225-26.

[113] Id. at 225.

[114] See F.R.E. 501 case note 75.

[115] Arizona, Colorado, Connecticut, Delaware, Georgia, Illinois, Iowa, Kansas, Maryland, Massachusetts, Michigan Minnesota, Missouri, New Jersey, New York, North Carolina, Ohio, Oregon, Pennsylvania, Rhode Island, South Carolina, Tennessee, Utah, Virginia, Washington, West Virginia.

[116] E.g., Del. Code Ann. tit. 10 §4320.

[117] E.g., Utah R. Evid. Rule 509.

[118] E.g., State ex. Rel. Classic III v. Ely, 954 S.W.2d 650 (Mo. Ct. App. 1997).

[119] See Mueller & Kirkpatrick, supra note 109, at 765.

[120] See Jaffee v. Redmond, 518 U.S. 1, 7 (1996).

[121] United States v. Bryan, 339 U.S. 323, 331 (1950) (quoting Wigmore, Evidence (3d ed.) § 2192).

[122] See Branzburg v. Hayes, 408 U.S. 665, 688 (1972) .

[123] Miller, supra note 26 at 775.

[124] Id. at 780.

[125] See e.g., Mueller & Kirkpatrick, supra note 109 at 430-31.

[126] See supra notes 39 -48 and accompanying text.

[127] See e.g., von Bulow v. von Bulow, 811 F.2d 136, 142 (2nd Cir. 1987)(noting that Branzburg established that newsgathering enjoyed some First Amendment protection).

[128] See Development in the Law – Privileged Communication: I. Introduction: The Development of Evidentiary Privileges in American Law (p.1), 98 Harv. L. Rev. 1450, 1455-63 (1985).

[129] But see Miller, supra note 26, at 801 (arguing for greater involvement by the courts in the development of privilege law).

[130] See e.g., supra note 83 and accompanying text.

[131] See e.g., Minn. Stat. §595.023.

[132] Hendel & Bard, supra note 15, at 399.

[133]See e.g., Colo. Rev. Stat. §13-90-119(2) protects “…news information received, observed, procured, processed, prepared, written, or edited by a newsperson, while acting in the capacity of a newsperson.”

[134] See e.g., Colo. Rev. Stat. §13-90-119(1)(b); In re Paul, 513 S.E.2d. 219, 223 (Ga. 1999) noting that “…statutory language [of Georgia’s reporter’s shield law] does not distinguish between the source’s identity and information received from that source or between non-confidential and confidential information.”

[135] See e.g., Kurzynski v. Spaeth, 538 N.W.2d 554, 599 (Wi. 1995) (holding that a reporter’s right to keep information confidential does not depend on whether a promise of confidentiality was made to the source of the information).

[136] Hendel & Bard, supra note 15, at 399.

[137] See supra note 86 and accompanying text.

[138] See supra note 84 and accompanying text.

[139] Frank Arey, Legislative Subpoenas, 1, http://www.ncsl.org/documents/lsss/legislative_subpoenas.pdf (last visited Jul. 17, 2015).

[140] Hendel & Bard, supra note 15, at 399.

[141] Id.

[142] E.g.,Neb. Rev. Stat. §20-146.

[143] See N.C. Gen. Stat. § 8-53.11.

[144] See David A. Kaplan & Brian M. Cogan, The Case Against Recognition of a General Academic Privilege, 60 U. Det. J. Urb. L. 205, 216 (1983) (quoting In re Dinnan, 661 F.2d 426, 430 (5th Cir. 1981))

[145] See id. at 207-08. See also Mueller & Kirkpatrick, supra note 109, at 413-14.

[146] See John D. Castiglione, A Structuralist Critique of the Journalist’s Privilege, 23 J. L. & Pol. 115, 140 (2007).

[147] Cf. id. at 132-34.

[148] See generally Mueller & Kirkpatrick, supra note 109, at 409-14. (discussing the concepts underlying evidentiary privileges, and how privileges are balanced with the need for fact-finding).

[149] See Hendel & Bard, supra note 15, at 400.

[150] See Kaplan & Cogan, supra note 144, at 224, 235-37.

[151] See Hendel & Bard, supra note 15, at 399.

[152] See e.g., supra notes 63-69, 71-72, 74, 76-79.

[153] Mueller & Kirkpatrick, supra note 109, at 654.

[154] See Richard Sauber, When Can Reporters Reveal Sources?, Wash. Post, Apr. 10, 2006 at A17, suggesting that reporters have the right to reveal the identity of a source if the person publicly denies being a source in some situations.

[155] Hendel & Bard, supra note 15, at 400.

[156] See Mueller & Kirkpatrick, supra note 109, at 614.

[157] See e.g., Society of Professional Journalists, Anonymous Sources, http://www.spj.org/ethics-papers-anonymity.asp, (last visited Jul. 22, 2015)

[158] See e.g., Stanford University Human Research Protection Program Policy Manual, ch. 11, http://humansubjects.stanford.edu/hrpp/Chapter11.html (last visited Jul. 19, 2015).

[159] Cf. Cohen v. Cowels Media Co., 501 U.S. 663, 670 (1991).

[160] Brian Jackson et. al., Human Subjects Protection and Research on Terrorism and Conflict, 340 Science 434 (2013).

[161] Data from researchers might be admissible in court depending on its content and intended use. The seizure of such data is a possibility in states where the shield law only protects researchers from being compelled to divulge confidential information, as opposed to those that protect researchers from being compelled to testify and protect their data from compelled disclosure. Compare N.C. Gen. Stat. § 8-53.119(b) (protecting a journalist’s materials from disclosure) with Ky. Rev. Stat. Ann. § 421.100 (offering no protection to a journalist’s materials).

[162] Facing jail, a sociologist raises questions about a researcher’s right to protect sources, Chron. Higher Educ., Apr. 7, 1993, at A10.

[163] See e.g., American Public Health Association, Policy Statements, https://www.apha.org/policies-and-advocacy/public-health-policy-statements (last visited Jul. 21, 2015).

[164] See e.g., American Association of University Professors, About, http://www.aaup.org/about/mission-1 (last visited Jul. 21, 2015).

[165] See e.g., Karen Hertzog, Educators frustrated by Walker’s comments about Faculty Work, Milwaukee J.-Sentinel, Jan. 30^th 2015, 2015 WLNR 2941493. (discussing Wisconsin Gov. Scott Walker’s comment that University of Wisconsin faculty did not work hard enough); Kevin Kiley, Another Liberal Arts Critic, Inside Higher Ed., Jan. 30^th 2013, https://www.insidehighered.com/news/2013/01/30/north-carolina-governor-joins-chorus-republicans-critical-liberal-arts (last visited Jul. 21, 2015); Tyler Kingkade, Pat McCrory Lashes Out Against ‘Educational Elite’ And Liberal Arts College Courses, Huffington Post, Feb. 2^nd, 2013, http://www.huffingtonpost.com/2013/02/03/pat-mccrory-college_n_2600579.html (last visited Jul. 21, 2015).

The Risks and Liability of Governing Board Members to Address Cyber Security Risks in Higher Education – OLD

01.27.2017  |  Comments Off on The Risks and Liability of Governing Board Members to Address Cyber Security Risks in Higher Education – OLD

By Luis J. Diaz, Maria C. Anderson, John T. Wolak and David Opderbeck[1]*

 

Abstract

Cloud computing can be a highly effective means of avoiding information technology costs and are an attractive option to higher education institutions. Cloud computing also creates an incremental potential risk for data breaches and the accompanying privacy concerns that arise when personally identifiable information is stored on third party servers accessible over the internet. Officers and board members of an institution considering a move to the cloud are well-advised to engage in robust diligence and be adequately informed of the benefits and risks of migrating substantial amounts of sensitive data to the cloud. This article provides timely information to higher education institutions to assist the understanding of the nature of cybersecurity risks and preparedness, and how those risks may be mitigated so that the fiduciary duties owed by institutional officers and board members are properly discharged.

 

 

Volume 43:1 The Risks and Liability of Governing Board Members to Address Cyber Security Risks in Higher Education

I. Introduction

Technological innovation now makes it possible to conduct business at the speed of thought. The resulting mass of data resulting from the “internet of things”[2] is stored on remotely-connected servers located throughout the world. While the benefits of this innovation revolution undoubtedly benefit society, business, and institutions of higher education, it also creates incremental risks in the form of data breach disasters when personally identifiable information (PII) and other sensitive information about customers, employees, and business partners is inadvertently disclosed.

Today, the news is filled with horror stories of such data breach disasters at some of the world’s leading organizations. It seems that no one is immune from a data breach. In the aftermath of such an event, stock prices can plummet, public opinion shifts, and officers and directors can be terminated for failure to exercise best judgment in monitoring and mitigating those risks. The recent breaches at Target Corp.[3] and Parsippany, New Jersey-based Wyndham Worldwide Corp.[4] exemplify the tsunami of litigation that is likely to result when a major breach occurs. But, this is just the beginning as the duty of officers and directors relating to these global economy realities is just beginning to evolve. With the changing standards now emerging in the case law, it is reasonably foreseeable that there will be many more data breach related lawsuits in the future. As evidence of this fact, the Securities and Exchange Commission issued guidance in 2011 that it deems technology and privacy breaches as potentially material. SEC Chairwoman Mary Jo White has said that cyber threats are “of extraordinary and long-term seriousness. They are first on the (SEC’s) division of (market) intelligence’s list of global threats, even surpassing terrorism.”[5]

In light of these new world realities, officers and directors at all types of organizations, including colleges and universities, would be well advised to ensure that their organizations engage in a thoughtful process to implement adequate physical, electronic, and other security measures to prevent, manage, and respond to data breaches. The failure to do so can result in what happened at Target, where seven of ten directors were unseated because they failed to adequately manage cyber risks. Aside from the risk of breach-related litigation, it is also reasonably foreseeable that both federal and state regulators will become increasingly more aggressive in terms of regulatory compliance, fines, and monitoring activities.

Higher education institutions and their officers and directors are not exempt from these obligations. Many state laws impose a fiduciary duty upon boards of governors or trustees and administrators of public and private universities that require engaging in a robust due diligence process to ensure that cyber risks are properly identified and managed. This article seeks to provide some practical guidance concerning the federal and state laws applicable to higher education, and how officers and directors at these institutions can implement adequate policies, procedures, and practices to mitigate cyber risks and threats relating to potential data breaches.

II. Director and Officer Fiduciary Duties in the Face of Cyber Security Issues

Public awareness of director and officer liability for cyber attacks was elevated after a breach of consumer records at Target.[6] In reliance upon case law recognizing a board’s obligation to oversee corporate risk post-Target, commentators suggested that liability for failure to monitor cyber-risk could be imputed to individual board members who were not discharging their fiduciary obligations by either: (a) “utterly” failing to implement “any reporting or information system or controls”; or (b) if such reporting or information systems were in place, consciously failing to monitor or oversee them so that board members were “disabled from being informed of risks or problems requiring their attention.”[7] Therefore, University officials should be mindful of the legal risks posed to the members of their governing boards by ensuring they take an active role in the assessment of risk associated with information security systems selected for implementation and are regularly updated through reporting systems.[8]

In the United States, there are a multitude of sources that may impose liability upon board members for lapses in judgment related to cyber security. These sources may be found in federal laws – such as the Fair Credit Reporting Act, the Sarbanes-Oxley Act, the Health Insurance Portability and Accountability Act (HIPAA), Family Educational Right to Privacy Act (FERPA), and the Federal Information Security Management Act (FISMA) – or state and common laws. Potential plaintiffs include the Federal Trade Commission, the U.S. Securities and Exchange Commission, the Department of Justice, state attorneys general, and the individuals or companies whose data has been breached.[9] Higher education is particularly vulnerable to data breaches because, as the U.S. Department of Education has noted, “[c]omputer systems at colleges and universities [are] favored targets because they hold many of the same records as banks but are much easier to access.”[10]

In a survey conducted by the Association of Governing Boards of Universities and Colleges and United Educators found that, while full boards have been increasingly engaged in risk discussions, “conflicting answers on the amount and quality of information boards receive on risk raised questions about the value of that information.”[11] While 60 percent of respondents to that survey reported that the information boards received – particularly in connection with financial risks – was adequate, only 39 percent strongly agreed that enough information was shared to fulfill their legal and fiduciary duties.”[12] Accordingly, because the failure of a board to actively address cyber risk management and information security risks can impose liability upon individuals,[13] members of governing boards must be provided adequate information in order to discharge their fiduciary duties.[14]

Although the Sarbanes-Oxley Act has limited application to higher education, it has raised expectations of accountability in governance, regardless of whether a governing board manages a corporation or not-for-profit institution.[15] Members of not-for-profit governing boards who fail to meet the expectations of this Act may find themselves subject to removal or may not be indemnified in the event of suit by affected students, alumni, or employees.[16] Board members of not-for-profit institutions, whether public or private universities, may be subject to director and officer liability suits for failing to discharge their duties by broader classes of plaintiffs that may include other board members, donors, employees, students, vendors, contractors, other not-for-profit entities working in collaboration with the institution, and/or government agencies with regulatory authority over the institution.[17] While suits based upon such causes of action have thus far largely settled or been dismissed based upon failure to demonstrate causation or damages related to identity theft, suits continue to be filed, and the technological capacity to identify the use of such information continues to develop and requires constant monitoring to evaluate its evidentiary potential in damage claims.[18]

Governing boards of higher education institutions are commonly referred to as “the guardians” of the university and, as such, owe fiduciary duties of care and loyalty similar to their counterparts at for-profit corporations.[19] The degree of their fiduciary obligations vary, depending upon the institution’s bylaws. However, as a general rule, board members must promote the institution’s best interest, disclose to fellow board members any material information that may not be readily known, and exercise good faith duties of care and loyalty toward the institution.[20]

A. The Duty of Care

The duty of care relates to the governing board member’s competence in performing his/her functions and requires the use of care that an ordinarily prudent person would exercise in a like position under similar circumstances.[21] The duty of care also requires the board member to exercise his or her responsibilities and decision-making in good faith and with due diligence.[22] The duty of care does not allow a board member to fail to supervise the organization or, even when acting in good faith, neglect to make informed decisions.[23] Finally, the duty of care requires that board members are well-equipped with information that is required in order to make informed decisions.[24] A recent survey found that only 12 percent of board members frequently receive briefings and reports on cyber-threats.[25] If a board member is not regularly informed as to the institution’s cyber security policies, procedures, and risks, he or she may not effectively oversee or approve institutional initiatives that may result in a breach of the duty of care.[26]

B. The Duty of Loyalty

The duty of loyalty requires a member of a governing board for a higher education institution to act in what he or she reasonably believes to be in the best interests of the organization, in light of its stated purposes.[27] This requires the trustee to affirmatively protect the interests of the organization and to refrain from doing anything that would be injurious to the organization.[28] The duty of loyalty requires the board member to place the interests of the institution above his or her own, and is largely concerned with addressing direct or indirect conflicts of interest between the board member and the organization.[29] As with the duty of care, the vast majority of state laws provide that board members of a not-for-profit are subject to a duty of loyalty, just as board members of a for-profit corporation are.[30]

III .Summary of Legal Obligations to Facilitate A Board’s Duty of Care and Loyalty

 

A. The Applicability of FERPA, HIPAA, and FISMA to Higher Education

Higher educational institutions must comply with FERPA,[31] FISMA,[32] and, if applicable, HIPAA,[33] in order to regulate the security of their student records or other data.[34] FERPA sets the standard for student privacy, and federal funding may be withheld from any institution with a policy or practice of disclosing student information without authorization.[35] Because FERPA ensures that the privacy of student educational records[36] is protected by regulating to whom and under what circumstances such records may be disclosed, its provisions have important application when those records are shared with cloud software services providers.[37]

Directory information may be made public after an institution gives notice of the categories of directory information to all students and provides students an opportunity elect to keep such information private.[38] Non-directory information is all other information related to a student and maintained by a higher education institution, including, without limitation, social security numbers or student identification numbers.[39] The disclosure of non-directory information or PII to a third party is only permitted if it qualifies as one of FERPA’s defined exceptions.[40] Faculty, staff, and other officials of the institution may access non-directory information under FERPA if they have a legitimate academic interest to do so.[41] The school official exception applies to third party cloud providers who are given access to student education records regulated by FERPA[42] so long as they agree: (1) to not redisclose the information without the student’s prior consent,[43] and (2) to use the information only “for the purposes for which the disclosure was made.”[44]

Higher education institutions providing academic programs that include the operation of medical hospitals or other treatment centers and submit claims for reimbursement of medical expenses to third parties are generally subject to HIPAA.[45] HIPAA requires a receiving party to maintain the confidentiality of protected health information (PHI) that includes individually identifiable health information[46] transmitted by, or maintained in, electronic, paper, or any other medium.[47] The HIPAA Privacy Rule requires that a covered entity maintain reasonable and appropriate administrative, technical, and physical safeguards to protect PHI privacy.[48] The Privacy Rule also requires covered entities to enter into business associate agreements with third party vendors who create, receive, maintain, or transmit PHI on their behalf.[49] Under the Privacy Rule, covered entities may only use or disclose PHI without patient authorization for treatment, payment, or health care operations.[50] For other purposes, a covered entity must obtain patient authorization prior to using or disclosing PHI, albeit subject to certain exceptions.[51]

In addition, and pursuant to HIPAA, a national security standard for the protection of individually identifiable health information was established (“Security Rule”).[52] The Security Rule regulates electronic PHI (ePHI) and requires any entity subject to it to adopt policies and measures to ensure the confidentiality, integrity, and availability of any ePHI created, received, maintained, or transmitted.[53] As with FERPA, covered entities must also enter into written agreements with third parties who create, receive, maintain, or transmit ePHI on their behalf that are consistent with the obligations under the Security Rule.[54] Consequently, if a higher education institution is subject to HIPPA and intends to use cloud computing to manage its ePHI, the written agreement with the third party vendor must be drafted to protect the institution from liability from improper disclosures.

Notably, the Security Rule anticipates that covered entities will be permitted some “flexibility” in their approach to implement security protocols.[55] As part of that flexible approach, covered entities are required to consider the following factors: (1) the size, complexity, and capabilities of the covered entity or business associate, (2) the covered entity’s or business associate’s technical infrastructure, hardware, and software security capabilities, (3) the costs of security measures, and (4) the probability and criticality of potential risks to electronic protected health information.[56] Penalties for violations of HIPAA can be severe and may include criminal charges as well as significant civil penalties.[57]

B. State Laws and Data Security

In the United States, there is no comprehensive, uniform set of laws in either the federal or state systems to regulate data privacy and the collection, use, and disposal of personal information.[58] There are, however, hundreds of privacy and data security laws that govern the collection and use of personal information, all with varying obligations and degrees of scope.[59] States have individual data privacy and security laws directed toward the protection of student or employee PII.[60] For example, many states have adopted laws that govern the collection, use, and disclosure of Social Security numbers, and other states such as California, New Jersey, and New York have enacted laws requiring the proper disposal of records that contain personal information.[61] Additionally, some state laws are more stringent than the protections afforded by HIPAA and are not preempted by federal regulation, so long as the state’s laws are not inconsistent with the federal regulatory scheme.[62]

C. Cyber Security Compliance in Higher Education

Congress has debated comprehensive cyber security legislation since at least 2009.[63] Earlier proposals would have included a mandatory federal framework for cyber security compliance.[64] Later proposals have stressed voluntary public-private partnerships with liability protections and other incentives for compliance.[65] Comprehensive reform, however, has stalled in Congress for a variety of political and practical reasons.[66]

In February 2013, frustrated with Congress’ inability to pass comprehensive cyber security reform, President Obama issued Executive Order 13636, “Improving Critical Infrastructure Cybersecurity.”[67] This Order directed the National Institute of Standards and Technology (NIST) to develop a framework for cyber security compliance by owners and operators of critical infrastructure, although the Order does not impose any specific legal obligations on non-governmental entities.[68] NIST released its framework in February 2014, and it has become recognized as a “gold standard” in cyber security compliance.[69]

The NIST standards are arranged around what NIST calls the “Framework Core.”[70] The Framework Core identifies high-level cyber security functions, divides those functions into categories of outcomes, and relates the categories of outcomes to specific subcategories and informative resources:[71]

As the graphic from the NIST Framework illustrates, the core functions are “Identify,” “Protect,” “Detect,” “Respond,” and “Recover.”[72] If these core functions seem obvious, that is because they are in a sense obvious. The NIST Framework does not break any new ground concerning the basic requirements to prepare for and respond to cyber attacks. Rather, the Framework seeks to require organizations to think systematically and carefully about cyber risk. Surprisingly, even large organizations with significant information technology assets and professional IT staff often fail to engage in this kind of deliberate risk identification and planning.

The “Identify” function requires the organization to take an inventory of all of its “systems, assets, data and capabilities.”[73] The “Protect” function requires the organization to proactively develop safeguards to keep critical infrastructure services online in the event of a cyber emergency.[74] The “Detect” function requires the organization to implement procedures and technologies to identify adverse cyber security events,[75] including continuous, around-the-clock monitoring of security status and robust processes for detecting intrusions.[76] The “Respond” function focuses on containing the impact of adverse events;[77] this function recognizes that adverse cyber security events are inevitable despite robust protection and detection mechanisms, and the risk of such events cannot entirely be eliminated but often can be contained. The category responses under this function are among those most frequently overlooked in cyber security risk management. Finally, the “Recover” function requires plans to restore information capabilities lost during an attack. The category responses under this function should include restoration plans with definite timelines as well as plans to learn from the event and make improvements in the protect, detect, and respond functions.[78]

The NIST Framework includes a tier structure that enables an organization to assess its current state of compliance and to move towards higher levels of compliance.[79] A vital measure of which tier an organization has reached involves the formal approval and adoption at a policy level of organization-wide cyber security risk management practices. This means that cyber security should become elevated to a top institutional priority that entails functions across all business units from the executive level down. Cyber security is no longer an afterthought for only a few information technology functions. The following graphic from the NIST Framework illustrations this dynamic:[80]

Again, there is nothing particularly novel in this structure, but it illustrates that cyber security must become an executive level issue that receives constant attention and, importantly, budgeting.

Appendix A to the NIST Framework includes a coded tool that can be used to conduct a cyber security compliance assessment[81] in a methodical, standardized fashion, providing codes for specific subcategory designators and identifying specific published standards relating to each subcategory.[82] For example, here are the cells for the first function, category, and subcategory:[83]

Obviously, with 14 pages of such detailed mappings within Appendix A to the NIST Framework (pages 20 to 34), the work involved in becoming compliant can seem impossibly daunting.[84] Moreover, some of the standards referenced in the NIST framework may not map directly onto the unique circumstances of higher education institutions. For these reasons, some universities and university trade organizations have adopted or proposed simplified models that focus on particular standards.

For example, the Higher Education Information Security Council (HEISC) has published an Information Security Guide keyed to the ISO/IEC 27002:2013 standard, which is one of the standards referenced in the NIST Guidelines.[85] The HEISC Guide incorporates 15 compliance domains, ranging from cryptography to supplier relationships.[86] As another example, the University of Ohio Information Risk Management Program condenses the NIST Framework into 30 risk areas within seven business functions, and condenses the text into eight pages.[87] The business functions identified in the University of Ohio policy include management, legal, purchasing, human resources, facilities, and information technology.[88]

Other universities, colleges, and higher education providers similarly may benefit from information security planning that customizes the NIST Framework for application within their specific circumstances. Although cyber security compliance policies can become complex at the granular level of application, they all include some basic over-arching themes, including the following:

• Cyber security compliance involves more than adherence to a specific legal requirement. It includes multiple legal requirements as well as contractual obligations and institutional risk management practices.

• Cyber security compliance is an ongoing process, not a one-time project.
• Cyber security compliance involves both technological measures and human resource management measures.
• The risks of a cyber security incident cannot be entirely eliminated. Cyber security compliance therefore involves procedures to identify and remediate incidents as well as procedures aimed at preventing incidents.
• Cyber security compliance is an executive-level concern that requires coordination across every significant operational unit in the organization.[89]

These general principles are as true for higher education institutions as they are for any other kind of enterprise. Indeed, the wide variety of sensitive data handled by higher education institutions, including sources as diverse as confidential and trade secret technological research and student health information, together with the diffuse nature of governance in many university systems, suggests that such institutions must make particular efforts to develop comprehensive, meaningful cyber security compliance programs.

Finally, in addition to these overarching compliance themes, public attention recently has focused on legislation that would facilitate information sharing about security risks between the public and private sectors. The Cyber Information Sharing Act (CISA) was signed into law by the President on December 18, 2015 as part of the omnibus spending bill.[90] The CISA allows private entities to share cyber threat information with the federal government without incurring liability under other laws – such as, for example, FERPA and HIPAA – that require certain information to be kept confidential.[91] The new law apparently would include colleges and universities, as well as their officers, employees, and agents.[92] Information sharing proposals have been very controversial with cyber civil liberties advocates.[93] Now that the CISA has been signed into law, colleges and universities will need to think carefully about procedures for logging potential threat information and for whether and when an employee or officer should report such information to the federal government.

However, the recent onslaught of cyber security cases does not require board members to become experts in cyber security risk. In looking to the Wyndham, supra, case for guidance, there are several actions that the board can proactively take in advance of a cyber security event, which include making data privacy and data security regular topics of discussion at board meetings; providing that a specific committee has primary oversight on data security and ensures that data protection measures are discussed regularly at committee meetings; periodically retaining third-party consultants to assess the institution’s cyber security practices and remediating any deficient areas; and establishing a cross-functional incident response team that has primary responsibility for investigating and responding to a cyber security breach.[94]

IV. Risk and Mitigation

Through a comprehensive risk analysis, a University’s board of governors or trustees and administrators can ensure that organizational cyber risks are adequately mitigated through a combination of effective diligence, contract negotiation, and, in many instances, the purchase of cyber insurance coverage. These steps are necessary to provide effective governance and management of the university. Cloud vendor contracts are not yet associated with the typical collateral issues that are raised in outsourcing or shared control contracts. These models offer worthwhile guidance about risks created by shared responsibilities and possible liabilities, as well as ways to contract around common problems. As recent large-scale cloud failures demonstrate, a breach results not only in data recovery problems, but also in attendant unfavorable publicity and extensive remediation and legal costs.[95]

A.  Overview of Risks Associated with Cloud Computing

Cloud computing offers both benefits and risks that must be weighed. Educational institutions have employed cloud computing for a variety of needs, from hosting of simple applications to complex, enterprise-wide human resources and student information management systems.[96] Cloud computing frequently offers granular pricing that lets institutions optimize software or services utilization and tailor the same to meet the needs of students, alumni, or employees.[97] Moving system architecture to the cloud reduces the long-term costs of IT resources while increasing employees’ and students’ “anywhere, anytime” access to the resources the institution selects for common availability.[98] Resources hosted remotely are necessarily flexible, potentially including infrastructure, platforms, or even stacked software as a service, and these options offer cost savings through economies of scale, off-site hosting, and off-site maintenance.[99] The cloud’s modular, on-demand model permits educational institutions to reduce the sunk costs of quickly outdated hardware or data storage and to easily swap out software on a global level for more recent applications.[100] By enabling faster updates, with no delay for procurement or individual installation, the institution can more efficiently serve its various stakeholders while reducing overhead costs.[101]

Against these benefits, decision-makers must educate themselves about the associated cyber risks in order to exercise sound judgment before migrating PII to the cloud. The use of cloud computing forces an institution to rely on the policies and security of a third party vendor (and any affiliated data center utilized by the vendor), which creates incremental organizational risk that must be analyzed as compared to the inherent risk of the institution managing its own data and IT resources.[102] Here, we analyze the risks associated with the most common cloud service offered by vendors, that being public, multi-tenant cloud services, where remote data centers host multiple customers’ data on the same servers without segregation.

As stated earlier, cloud computing creates incremental risk by outsourcing an institution’s IT functions to third party vendors, which eliminates or impairs the institution’s control over its data, processing, and security.[103] This increased risk and the resulting increased liability from a breach by a third party vendor are frequently borne directly by the institution itself.[104] These new risks must be analyzed in addition to the familiar vulnerabilities associated with IT functions, such as cyber security threats from networked mobile media, hardware malfunction, software installations, and malicious insiders or external cyber attacks. As a result, some institutions, particularly those with a larger volume of PII, trade secrets, or confidential data subject to high levels of regulation (i.e., under HIPAA requirements, Department of Defense procedures, or SEC oversight), may choose to avoid cloud computing because the additional risks, requirements, and potential exposures are too great.[105] Alternatively, such institutions may choose to create private, self-contained cloud computing systems to increase the level of control retained over the security of the data centers.[106]

Other educational institutions, particularly smaller schools with more limited data sets, may find it is both safer and economically efficient to rely on the more advanced security provided by larger cloud vendors.[107] However, even these schools must ensure that such vendors can comply with the “school official exception” under FERPA.[108] For these smaller institutions, the incremental risk created by outsourcing the security of their student data is offset by the net benefits to overall security offered by more advanced security systems than those the smaller organizations can individually afford. Larger educational institutions with more robust security processes will have to find other benefits and methods of risk mitigation to offset the incremental risk and craft a positive net benefit bargain by switching to cloud computing.[109]

Universities may also face different risk levels depending on whether they are public or private institutions. With different appetites for risk or different security risk profiles, each institution must achieve an acceptable balance of risk against benefit by identifying the incremental risks associated with cloud computing that are germane to their programs and then finding ways to mitigate those risks.[110] Some of the risks that require consideration include:

• Educational institutions remain legally liable for data breaches, even though control over security shifts to the cloud vendor. Accordingly, data breaches can leave the institution subject to different laws for each jurisdiction implicated, by the location of either the data, compromised employee, student or alumnus/a, or cloud vendor’s citizenship.[111]
• Any single breach may put a cloud vendor out of business or in bankruptcy, while for young or small vendors, lack of significant assets and limited applicable or available insurance coverage may preclude full recovery of losses.
• PII may be compromised or commingled with third party data, including that of competitors, with respect to the university’s research or intellectual property.[112]
• Cloud vendors may impose unreasonable or otherwise unacceptable policies or terms of service, including: failure to provide adequate indemnity for claims resulting from security breaches; failure of transparency regarding third party data center security; limitation of liability to amounts inadequate to meaningfully remedy the loss; exclusion of consequential damages; refusal to limit future use of client data; refusal to secure client consent before transferring data overseas; refusal to provide service level agreements or damages for disruption during outage; refusal to return data in usable form to client after termination of agreement; or refusal to agree to abide by FERPA’s “school official exception” as it relates to direct control or the use and redisclosure of PII.[113]
• The physical location of cloud vendors’ servers around the world may result in trans-border information flow and could subject information to the laws of multiple foreign jurisdictions.[114]
• Cloud computing makes it difficult to administer enterprise-wide information security policies for risk mitigation, as well as resource mapping procedures for data forensics, preservation, and management.
• Because sensitive personal, financial, and other confidential information may be stored on the cloud vendors’ servers, risk of breach, loss, or liability must be analyzed in terms of publicity as well as the financial and legal consequences. Cyber attacks directed at cloud vendors may impact a large population of unrelated users and generate greater publicity.

Cloud vendors are reluctant to assume significant risks or the resulting liability because the pricing models are kept low through contractual provisions limiting liability and avoiding indemnification for breaches of data availability, security, or privacy.[115] While weighty bargaining power or competitive leverage can aid in bringing cloud vendors to the bargaining table to negotiate risk-sharing, these advantages likely will not be available to individual universities or smaller higher education nonprofits.[116] Because few institutions can individually lay claim to those bargaining advantages, universities may consider pooling resources and forming consortiums to collectively bargain with vendors, share the costs of due diligence, and secure insurance. Due diligence in determining which risks are the most vital remains the best method to shore up bargaining positions, as can be seen below.

B. Best Practices for Higher Education When Considering a Move to the Cloud

When an institution of higher education intends to make the strategic decision to move its data and information technology systems to a third party cloud provider and procure software as a service, it should first establish a team of stakeholders. The team should include the institution’s general counsel; the highest ranking officials charged with overall authority to oversee information technology and security, risk management, finance, and business administration; and the head of the business unit that will utilize the technology. These stakeholders should participate in the due diligence of the software service providers and the negotiation of their contracts, so that they are fully informed of and understand the nature of the risks to the institution by moving to a cloud environment. By involving key stakeholders in this manner, the institution will achieve consensus in making recommendations to its president and governing body to approve the individual contract and use of the particular technology resource, as well as to ensure that there is fully informed consent to the risks inherent in this type of transaction and that techniques have been developed by the institution to mitigate them.

The information technology stakeholder should develop a checklist soliciting information from the providers to assist in the evaluation of their security, and general counsel should also develop a form of agreement with the provider that contains the terms and conditions appropriate for the risks the institution is willing to accept. The institution should solicit a response to the checklist from those providers of software services that are appropriate for the institution’s needs. Because the checklist will solicit sensitive security information, the institution should be prepared to enter into a non-disclosure agreement with the provider prior to receiving its response. The responses to the checklist should then be evaluated by the individual assigned to oversee information technology security for the institution and make a recommendation to the stakeholders. If the responses are determined to create an acceptable level of risk to the institution, the vendor should be provided the institution’s form of agreement to begin negotiations.

The checklist is the first step in the institution’s due diligence of the provider and should focus on the vendor’s security policies and processes to maintain, monitor, and test the adequacy of security to protect data from disclosure to unauthorized parties.[117] The checklist should identify the type of institutional data to be shared with or stored by the provider and should specifically focus on whether it includes credit card information, health records, student records, and personally identifiable information, because federal and state law impose heightened obligations in the event of a breach. The checklist should inquire if the data will be stored outside of the United States so that the institution can determine if it would be subject to the laws of any foreign jurisdiction in the event of a breach.[118] The provider should also be asked to identify its methodology for exchanging the data, such as upload via a secure web interface, secure file transfer, etc., so that the institution can evaluate the security of the transfer. The checklist should solicit the policies of the provider (and any third party subcontractors of the provider) on data security, data storage and protection, network systems and applications, and disaster recovery; the procedures for review and updating of those policies; and policies that ensure compliance with laws applicable to PCI, HIPAA, and FERPA, so that the institution can verify the provider has a comprehensive plan for compliance. The checklist should request the provider’s SOC1 and SOC2 reports and the results of recent external audits and other tests, to determine the integrity of its system and penetration vulnerabilities. In addition, the checklist should inquire about the physical security and access restrictions to the provider’s data center, data storage area, and network systems; the provider’s response to security incidents; and the provider’s awareness training, so that the institution can evaluate the provider’s preparedness for a breach and strategies for prevention.[119]

In addition to the items on the checklist, the provider should be asked to provide its most recent audited financial statements and, if publicly traded, its 10K and 10Q reports, so that the institution may examine its assets and liabilities and the risks to it as an entity and within its industry. The stakeholders should also perform an independent assessment of the provider by conducting reference checks with existing customers, verifying the size of the provider’s customer base, and estimating the total amount of individual information stored within the provider’s services. In doing so, stakeholders will be able to project the potential losses the provider might suffer in the event of a system-wide breach and whether there is heightened risk of an attack if data is aggregated. An examination of the checklist and the additional information solicited will provide a clear picture of the potential risk of a data breach by using the vendor’s services; the vendor’s ability to prevent, detect, mitigate, and respond to a breach; and the vendor’s ability to withstand the financial impact of a significant breach.

If the institutional stakeholders are satisfied that the risks disclosed during due diligence of the provider may be adequately addressed through contract negotiation or other means, the provider should be forwarded the institution’s form of agreement.[120] While the agreement will contain standard provisions applicable to all purchase agreements, it should include the following key provisions relevant to the heightened risks associated with data security and breaches.

Specifically:

• The agreement should contain representations by the provider that service and support will meet specified levels of service, that security will be provided to prevent unauthorized access or destruction in accordance with industry standards, and that storage and backup will be maintained so that data is in retrievable form to ensure the institution’s continuity of use after contract termination.
• The agreement should clearly state that the data is owned by the institution and may be used by the provider only to deliver the services. Data that constitutes confidential information should be clearly defined in the agreement and include, at a minimum, passwords, institutional data, personally identifiable information, student records, and health records.
• The agreement should identify the actions to be taken in the event of a data breach, which should include, at a minimum, prompt notice to the institution, investigation of the cause and prevention of any reoccurrence, responsibility for all institutional losses as a result of the breach, and the granting to the institution of sole authority to determine if, when, how, and to whom notice of the breach should be sent.
• Moreover, the agreement should exclude from any limitation of liability clause the provider’s intentional or gross negligence and breach of data or confidential information.
• To adequately protect against the risk of a data breach, the agreement should require the provider to name the institution as an additional insured on the provider’s relevant insurance policies, including cyber insurance and commercial general liability insurance (which should have limits of liability of no less than $1 million per occurrence or per claim), umbrella or excess insurance, and professional liability insurance (with limits of liability of at least $10 million unless the amount of data to be stored with the provider demonstrates that a higher limit is appropriate).
• Finally, the agreement should require the destruction of the institution’s data after the agreement is terminated and certification that destruction has occurred.

Very often, a provider will seek to restrict its liability for data breaches through a limitation of liability and may be unwilling to agree to an absolute exclusion for a data breach. In that event, the institution should evaluate the potential costs it may incur and losses it may suffer as a result of a data breach by considering the total number of records and number of individuals related to the data that will be transferred to the provider. At a minimum, the institution should expect to incur, in the event of a breach, costs associated with providing notice to individuals, credit monitoring, undertaking forensic analysis to identify the cause of the breach, adequately and responsibly responding to media inquiries while protecting the institution’s reputation, and responding to or defending third party claims. Studies that examined the losses associated with responding to data breaches over the past few years estimate these costs are approximately $200 per individual or 57 cents per record, and institutions should annually reevaluate this information to determine if costs are increasing.[121] At the present time, these studies provide a guideline for institutions to negotiate secondary caps on limitation of liability clauses for claims arising out of data breaches. In the event the provider is unwilling to agree to a secondary cap that will limit its liability for data breaches in an amount that is acceptable to the institution, the purchase of cyber insurance by the institution provides an alternative for mitigating that risk.[122]

The risks inherent in storing personally identifiable information with a third party are an institutional risk, and the members of the governing body owe a fiduciary duty to the institution to be fully informed of and consent to these risks.[123] Therefore, it is recommended that the team of stakeholders present to the governing body, with participation and approval by the institution’s president, their summary of the due diligence undertaken of the selected cloud provider and the terms of the agreement, along with an explanation of how the agreement or a cyber insurance policy will mitigate the risks associated with cloud data storage. Upon approval by the governing body, the stakeholders’ work does not end. As we have seen in recent media associated with Rutgers University[124], Penn State University[125], and the Internal Revenue Service, the risk as to “if” a data breach will occur no longer exists; it is really a question of “when.” Consequently, institutions would be well served to prepare in advance of a data breach by creating a response team; implementing a response protocol and performing practice drills; establishing compliance activities to implement, monitor, review, and update data security policies; and regularly informing the governing body so it can properly discharge its fiduciary duties.[126]

C. Insurance Coverage for Cyber Security Breaches

The importance of investing the necessary time, effort, and expense to identify and establish appropriate IT solutions for an institution’s ongoing educational, research, or business operations – including cloud-based alternatives – cannot be overstated. But even after an institution completes a comprehensive due diligence process and negotiates maximum contractual protection, the vast majority of cloud-based IT opportunities will nonetheless expose the institution to additional (and potentially substantial) risk, which must be mitigated to satisfy the governors’ or trustees’ obligations to exercise sound judgment and risk management in university governance. Accordingly, an institution must pursue an in-depth analysis of its existing insurance coverage to determine whether additional coverage is required to transfer the risk of potential loss and damage in the event of a data security breach.

At the outset, it is important to recognize that reliance on existing commercial general liability (CGL) insurance to mitigate the risk of loss and damage from cyber security breaches is simply not appropriate without careful assessment, analysis, and decision-making with respect to potential risks the institution faces as a result of its data processing and data storage solutions, and the need for alternative risk mitigation and risk transfer mechanisms.[127] Recent developments regarding the availability of insurance coverage under a CGL policy for losses resulting from a cyber security breach demonstrate that the existence of coverage is far from certain. For example, the Connecticut Supreme Court recently affirmed an intermediate appellate court decision that there was no coverage available under a CGL policy for $6 million of costs incurred as a result of the loss of 130 back-up tapes that contained employment related data of more than 500,000 past and current employees.[128] Similarly, a New York trial court concluded that the insurance company had no duty to defend under a CGL policy because it was the acts of a third party – not the policyholder – that caused the release of personal information as a result of a data security breach.[129] Other courts, however, have reached the opposite result, concluding that insurance coverage was available because the disclosure of personal information was within the scope of the terms of the relevant CGL policy at issue.[130] Separately, the insurance industry has taken affirmative steps consistent with its steadfast position that the CGL policy was not intended to provide insurance for the losses and damage that may be suffered as a result of cyber security breaches, as evidenced by the introduction of specific exclusions for general liability policies that purport to eliminate coverage for liability arising out of certain data breaches.[131] Due to this “mixed bag” regarding availability, an institution relying on a CGL policy to provide insurance coverage in the event of a data breach might be successful, but its likelihood of actual success is increasingly narrow and depends on the jurisdiction and law applied to policy interpretation, the relevant facts, and the specific terms, conditions, and exclusions of the individual CGL policy.

Standalone cyber insurance policies can serve as an effective “gap filler” to cover some of the potential losses and damage that the educational institution may suffer from a data security breach that is not covered under other insurance. In general, cyber insurance provides coverage for certain losses arising out data breaches, but not all cyber insurance policies are created equal. Therefore, the terms of each policy must be carefully reviewed to verify that coverage is provided for potential losses identified in the due diligence process, including losses resulting from services of third party cloud providers. In this regard, insurance coverage is available for losses related to third party claims, notification to individuals, credit monitoring, forensic investigations, public relations and crisis management, data recovery, and government sanctions (within and outside of the United States). It is also very important to consider the appropriate geographic scope of coverage, particularly with respect to cloud computing, which, as noted above, may result in data being sent and/or stored outside a defined geographic location or area, including outside the United States. Finally, the cost of cyber insurance varies by insurer and the scope and amount of insurance desired, so focusing on the extent of necessary insurance is essential to obtaining appropriate, cost effective coverage. In addition, by keeping IT security and data policies up-to-date and ensuring that third party cloud vendors adhere to those updated policies, any requirements imposed by law, and the terms of the negotiated contracts, institutions can minimize the costs of cyber insurance coverage while also lowering potential exposure.

It should be emphasized, however, that any cyber security breach that results in wrongfully disclosed data carries hidden costs that are difficult, if not impossible, to quantify and are generally not insurable. In this regard, institutions must be concerned with damage to their endowments, enrollment, and reputations, both from those individuals directly affected and because large or sensitive breaches draw unfavorable media attention. Further, efforts directed at responding to a breach impair institutional productivity due to employee time and effort being redirected toward response instead of normal operations. Finally, a large breach erodes public trust, potentially further damaging future opportunities with prospective employees, potential students, alumni, and endowments.

In an effort to mitigate some of the risk associated with cloud-based data solutions, cyber insurance should be considered for the following categories of potential liability:

• Costs of notice, reporting, investigation, and credit monitoring in the event of a data security breach;
• Costs of defending third party lawsuits that may result from the loss of personally identifiable employee, alumni, or student information, in particular for public universities in the event the state attorney general’s office declines to defend;
• Statutory and/or regulatory investigation costs, penalties, and fees;
• Public relations and crisis management fees;
• Wrongful acts of outside vendors, consultants, or service providers;
• Data restoration costs to replace or restore a system that suffered a data security breach;
• Failure to prevent the spread of a virus or cyber attack within the institution’s network;
• Expenses required to respond to threats to harm or release data, as well as ransom payments; and
• Impairment or loss of data as the result of a criminal or fraudulent cyber incident, including theft and transfer of funds.

When evaluating the amount of coverage and the relevant terms, conditions, and exclusions, note that a recent study estimates that costs of a data breach per lost or stolen record for an educational institution could average as high as $300 per compromised record, which would quickly exhaust a $5 million policy with a breach of only 16,700 records (well below the average records per breach in 2015).[132] Moreover, educational institutions should insist on readily understandable policy wording – e.g., some policies make distinctions between “lost” and “stolen” data that can serve to exclude coverage.[133] In addition, as noted above, for an institution that was unable to secure sufficiently favorable terms with respect to a vendor’s obligations in that contract, negotiating with the insurer to include coverage for certain acts and omissions of cloud vendors may present a way to nonetheless mitigate some of that risk. Finally, since data breaches are a relatively recent phenomenon, and the costs and manner of resolving any resulting third party claims are evolving, purchasers of cloud services should reevaluate annually the limits of liability and the terms, conditions, and exclusions of their cyber insurance policy to verify that they are adequately insured.

V. Conclusion

Optimizing an educational institution’s cyber risk protection mechanisms involves a considerable commitment of resources to achieve focused preparation, analysis, and decision-making. Given the ever-increasing sophistication of cyber security threats and the expanding use of cloud-based alternatives to data processing and storage needs, educational institutions must take proactive steps to protect information and secure maximum protection against potentially crippling liability in the event of a data security breach. Even where high levels of security controls are implemented in response to high levels of risk, many educational institutions have been victims of data breaches or experienced serious system failures within the past year.[134] Appropriate cyber insurance thus should be considered an integral part of any institution’s cyber security protections. Cyber insurance is not a substitute for properly designed and implemented data security programs, but it can serve as effective supplementary protection that educational institutions and boards of trustees or governors may turn to when data security breaches occur despite best efforts at prevention.

 

 

[1] Maria C. Anderson is Associate University Counsel for Montclair State University. Luis J. Diaz is a Director and Chief Diversity Office for Gibbons P.C., and focuses his practice on a broad range of technology related matters. John T. Wolak is a Director at Gibbons who focuses his practice on a broad range of commercial and insurance related matters. David Opderbeck is a Professor at Seton Hall University’s School of Law and Director of the Gibbons Institute of Law, Science and Technology. In recognition of her extensive editorial assistance, the authors express gratitude to June Kim, Associate at Gibbons.

[2] Peter T. Lewis, Speech, CONGRESSIONAL BLACK CAUCUS FOUNDATION 15^TH ANNUAL LEGISLATIVE WEEKEND, September 1985. See also, International Telecommunications Union, ITU Internet Reports: The Internet of Things, November 2005, available at: https://www.itu.int/net/wsis/tunis/newsroom/stats/The-Internet-of-Things-2005.pdf.

[3] See, infra, n. 6.

[4] Federal Trade Commission v. Wyndham Worldwide Corporation, U.S. District Court for New Jersey, Civil Action No. 2:13-CV-01887-ES-JAD.

[5] Mary Jo White, Opening Statement at SEC Roundtable on Cybersecurity, U.S. SECURITIES AND EXCHANGE COMMISSION, March 26, 2014, available at https://www.sec.gov/News/PublicStmt/Detail/PublicStmt/1370541286468.

[6] After the breach of consumer records by Target, a shareholder derivative suit was filed in 2013 in the District of Minnesota alleging that board members breached their fiduciary duties to the company by failing to maintain adequate controls to ensure the security of data affecting as many as 70 million customers who shopped at Target between November 27, 2013 and December 15, 2013. See Kulia v. Steinhafel, No. 14-CV-00203 (D. Minn. July 18, 2014). An audit commissioned through Institutional Service Shareholders recommended seven out of Target’s ten board members be removed after the data breach. See Kavita Kumar, Most of Target’s Board Members Must Go, Proxy Advisor Recommends, Star Tribune, May 29, 2014, http://www.startribune.com/most-of-target-s-board-should-go-proxy-adviser-recommends/260960251/. The data breach required Target to defend its board members under public scrutiny in response to pressure from an influential shareholder. See Kavita Kumar, Target Board Defends its Role, Before and After Data Breach, Star Tribune, June 4, 2014, http://www.startribune.com/target-board-defends-its-role-before-and-after-data-breach/261527581/. Although the Board remained intact, Target replaced its Chief Executive Officer following the breach and appointed a new Chief Information Officer. See Kavita Kumar, Target’s 10 Member Board Survives Vote of Shareholders, Star Tribune, July 2, 2014, http://www.startribune.com/june-12-target-s-board-survives-vote-of-shareholders/262727811/.

[7] Eduardo Gallardo and Andrew Kaplan, Board of Directors’ Duty of Oversight and Cybersecurity, Delaware Business Court Insider, August 20, 2014 (citing Stone v. Ritter, 911 A.2d 362, 370) (Del. 2006) and relying upon In re Caremark Int’l Derivative Litigation, 698 A.2d 959 (Del. Ch. 1996)).

[8] Foley and Lardner LLP, Taking Control of Cybersecurity: A Practical Guide for Officers and Directors, March 11, 2015, available at http://www.foley.com/taking-control-of-cybersecurity-a-practical-guide-for-officers-and-directors-03-11-2015/.

[9] See Noah G. Susskind, Cybersecurity Compliance and Risk Management Strategies: What Directors, Officers, and Managers Need to Know, 11 N.Y.U. J. L. & Bus. 573, 603 (2015).

[10] Family Educational Rights and Privacy Act, 73 Fed. Reg. 74806, 74843 (Dec. 9, 2008) (codified at 34 CFR §99) available at http://www2.ed.gov/legislation/FedRegister/finrule/2008-4/120908a.pdf.

[11] See Association of Governing Boards of Universities and Colleges, A Wake-Up Call: Enterprise Risk Management at Colleges and Universities Today at 2 (2013), available at http://agb.org/sites/agb.org/files/RiskSurvey2014.pdf.

[12] Id.

[13] Susskind, supra note 5, at 603.

[14] Salar Ghahramani, Fiduciary Duty and the Ex Officio Conundrum in Corporate Governance: The Troublesome Murkiness of the Gubernatorial Trustee’s Obligations, 10 Hastings Bus. L.J. 1, 11 (2014).

[15] Lyman P.Q. Johnson & Mark A. Sides, Corporate Governance and the Sarbanes-Oxley Act: The Sarbanes-Oxley Act and Fiduciary Duties, 30 Wm. Mitchel L. Rev. 1149, 1223-1224 (2004).

[16] See N.Y. Not-for-Profit Corp. Law § 722 (2014). See also, Vacco v. Diamandopoulos, 715 N.Y.S. 2d 269 (N.Y. Sup. Ct.,1998) (defendants, as former university trustees, were held financially accountable for mismanagement of the university’s assets and held to violate the duties of care and loyalty owed to the university). See also, N.Y. Not-for-Profit Corp. Law § 717 (directors are required to discharge their duties in good faith and “with the care an ordinarily prudent person in a like position would exercise under similar circumstances”).

[17] Joseph Anthony Valenti, Know the Mission: A Lawyer’s Duty To a Nonprofit Entity During An Internal Investigation, 22 St. Thomas L. Rev. 504, 509 (2010).

[18] Erin Kenneally & John Stanley, Beyond Whiffle-Ball Bats: Addressing Identity Crime In An Information Economy, 26 J. Marshall J. Computer & Info. L. 47, 130 (2008). Although most data breach class actions have been unsuccessful because of the plaintiffs’ inability to plead an “actual or imminent” injury that is sufficient to establish Article III standing, on December 18, 2014, the U.S. District Court for the District of Minnesota ruled that a class of consumers could proceed with a majority of their claims against Target arising from the data breach it suffered in late 2013. See In re: Target Corporation Customer Data Security Breach Litigation, MDL No. 14-2522, U.S. Dist. LEXIS 175768 (D.M.N. Dec. 18, 2014). In addition, a class action filed against AvMed, Inc. settled for $3 million (after being dismissed twice by a Florida District Court and reinstated by the U.S. Court of Appeals for the Eleventh Circuit) and did not require class members to prove actual damages, suggesting damages may not require proof or causation. See Philippa Maister, After the Breach: Plaintiffs Secure a Settlement that Doesn’t Require Proof of Damages, Corporate Counsel, July 2014, at 15.

[19] Salar Ghahramani, Fiduciary Duty and the Ex Officio Conundrum in Corporate Governance: The Troublesome Murkiness of the Gubernatorial Trustee’s Obligations, 10 Hastings Bus. L.J. 1, 7 (2014).

[20] Id. at 13.

[21] Id.

[22] Id.

[23] Id.

[24] Id.

[25] Ponemon Institute LLC, Cyber Security Incident Response: Are We as Prepared as We Think?, January 2014, available at https://www.lancope.com/sites/default/files/Lancope-Ponemon-Report-Cyber-Security-Incident-Response.pdf.

[26] The vast majority of states provide that the members of a board of a not-for-profit are held to the same standards as those applicable to the board of a for-profit corporation. See 15 Pa. Cons. Stat. § 5712 (2014). See also Ariz. Rev. Stat. § 10-830 (LexisNexis 2014), Ark. Code Ann. § 4-28-618 (2014), Cal. Corp. Code § 5231 (Deering 2014), Colo. Rev. Stat. 7-128-401 (2014), Conn. Gen. Stat. § 33-1104 (2014) (director must discharge his duties “in a manner he reasonably believes to be in the best interests of the corporation); Fla. Stat. § 617.0830 (2014), Ga. Code Ann. § 14-3-830 (2014), Haw. Rev. Stat. § 414D-149 (2014), Idaho Code Ann. § 30-3-80 (2014), Ind. Code Ann. § 23-17-13-1 (2014), Iowa Code § 504.831 (2014), Ky. Rev. Stat. Ann.§ 273.215 (LexisNexis 2014), La. Rev. Stat. Ann. § 12:226 (2014), Me. Rev. Stat. tit. 13-B, § 717 (2014), Mass. Ann. Laws. ch. 180, § 6C (LexisNexis 2014), Minn. Stat. § 317A.251 (2014), Miss. Code Ann. § 79-11-267 (2014), Mo. Rev. Stat. § 355.001 (2014), Mont. Code Ann. 35-2-416 (2014), Neb. Rev. Stat. Ann. § 21-1986 (LexisNexis 2014), Nev. Rev. Stat. Ann. § 82.221 (2014), N.J. Rev. Stat. § 15A:6-14 (2014)(trustees and members of any committee designated by the board are required to “discharge their duties in good faith and with that degree of diligence, care and skill which ordinary, prudent persons would exercise under similar circumstances in like positions”); N.M. Stat. Ann. § 53-8-25.1 (LexisNexis 2014), N.C. Gen. Stat. § 55A-8-30 (2014), N.D. Cent. Code § 10-33-45 (2014), Ohio. Rev. Code Ann. § 1702.30 (LexisNexis 2014), 15 Pa. Cons. Stat. § 5712 (2014) (a director of a not-for-profit corporation is held as a fiduciary and must perform his or her duties in good faith and with such care as a person of ordinary prudence would use under similar circumstances); R.I. Gen. Laws § 7-6-22 (2014), Tenn. Code Ann. § 48-58-301 (2014), Tex. Bus. Orgs. Code Ann. § 22.221 (2014), Utah Code Ann. § 16-6a-822 (LexisNexis 2014), Vt. Stat. Ann. tit. 11B, § 8.30 (2014), Va. Code Ann. § 13.1-870 (2014), Wash. Rev. Code Ann. § 24.03.127 (LexisNexis 2014), W. Va. Code § 31E-8-830 (2014).

[27] Id. at 15.

[28] Id.

[29] Id.

[30] Supra note 24.

[31] 20 U.S.C. § 1232g. Regulations under FERPA are codified at 34 C.F.R. § 99 (2011). In addition to FERPA, some other federal laws also implicate the privacy of educational records and should be considered during the due diligence phase. See, e.g., Individuals with Disabilities Education Act, 20 U.S.C. §§ 1400-1487; Protection of Pupil’s Rights Amendments, 20 U.S.C. § 1232h (1978); USA Patriot Act, Pub. L. 107-56 (2001); Privacy Act of 1974, 5 U.S.C. Part I, Ch. 5, Subch. 11, Sec 552; and Campus Sex Crimes Prevention Act, Pub. L. 106-386.

[32] FISMA requires that every federal agency develop and implement an agency-wide program to provide information security for the information systems and information that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source. See 44 U.C.S.A. §3544, et. seq. This requirement is often passed through to higher education institutions as a condition of grants or contracts with federal agencies funding research. Charles H. Le Grand, Handbook for Internal Auditors §23.07 (Matthew Bender & Company Inc. 2014).

[33] See 42 U.S.C. §§ 1320d, et. seq. HIPAA required the Secretary of the U.S. Department of Health and Human Services (the “Secretary”) to adopt national standards to, inter alia, protect the privacy of individually identifiable health information and maintain administrative, technical, and physical safeguards for the security of health information.42 U.S.C. §§ 1320d-2(a)–(d). Health plans, health care clearinghouses, and health care providers who engage in standardized transactions and transmit financial and administrative claims electronically are covered entities under HIPAA and must comply with its standards and regulations. See 42 U.S.C. § 1320d-4(b).

[34] The U.S. Department of Education established a Privacy Technical Assistance Center as a resource to assist institutions with ensuring the protection of data, compliance with privacy laws, and development of confidentiality and security practices associated with technology systems. See U.S. Department of Education Privacy Technical Assistance Center, Home, http://ptac.ed.gov/. PTAC provides timely information and updated guidance on privacy, confidentiality, and security practices through a variety of resources, including training materials and opportunities to receive direct assistance with privacy, security, and confidentiality of student data systems.

[35] FERPA applies to all educational institutions that receive funding under any program administered by the Department of Education, which encompasses virtually all public schools and most private and public postsecondary institutions, including medical and other professional schools. See 20 U.S.C. § 1232g (requires higher education institutions that receive federal funds administered by the Secretary of Education to ensure certain minimum privacy protections for educational records); 34 C.F.R. § 99.1 (FERPA defines an educational institution to include “any public or private agency or institution which is the recipient of funds). See also, Jennifer C. Wasson, FERPA in the Age of Computer Logging: School Discretion at the Cost of Student Privacy?, 81 N.C.L. Rev. 1348, 1353 (2003).

[36] An educational record subject to FERPA is “directly related to a student” and “maintained by an educational agency or institution or by a party acting for such agency or institution.” See 34 C.F.R. § 99.3. Some examples of educational records include student files, student system databases kept in storage devices, or recordings and/or broadcasts. See 20 U.S.C. § 1232g(a)(4)(A).

[37] FERPA does not prohibit the use of cloud computing but requires higher education institutions to use reasonable methods to ensure the security of any information technology solutions, including cloud computing. See U.S. Department of Health & Human Services & U.S. Department of Education, Joint Guidance on the Application of the Family Educational Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to Student Health Records Nov. 2008, available at http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/hipaaferpajointguide.pdf. FERPA does not, however, affirmatively require schools to implement specific procedures for cloud computing or to provide notification in event of a data breach. Notification by the institution in the event of a data breach may nonetheless be required pursuant to state law or even the institution’s own internal policies.

[38] Directory information may include “the student’s name, address, telephone listing, date and place of birth, major field of study, participation in officially recognized activities and sports, weight and height of members of athletic teams, dates of attendance, degrees and awards received, and the most recent previous educational agency or institution attended by the student.” See 20 U.S.C. § 1232g(a)(5)(A).

[39] See, e.g., 34 C.F.R. § 99.3. See also, 20 U.S.C. § 1232g(b). Information disclosed in combination with a student ID number, rather than a student name, is considered PII under FERPA and subject to heightened protection; only when an education institution removes all PII and assigns the records non-personal identifiers are disclosures to outside parties permitted without prior consent. See 20 U.S.C. § 1232g(a)(5).

[40] One exception is pragmatic, permitting disclosures in connection with confidential and anonymous studies undertaken on behalf of the educational institution. See 20 U.S.C. § 1232g(b)(1)(F) (such studies must be “for the purpose of developing, validating, or administering predictive tests, administering student aid programs, and improving instruction”); see also 34 C.F.R. § 99.31(a)(6)). This information must be destroyed when no longer needed for the purposes for which the study was conducted. See 34 C.F.R. § 99.31(a)(6)(iii)(B). The educational institution must enter into an agreement with the organization conducting the study that limits the use of the PII and requires the organization to maintain confidentiality and anonymity and to destroy the PII once it is no longer needed. See 34 C.F.R. § 99.31(a)(6)(iii)(C)(1)–(4). Another exception provided by FERPA is in connection with audits and evaluations of programs conducted by local, federal, or state officials and their authorized representatives. See 20 U.S.C. § 1232g(b)(1)–(5).

[41] 20 U.S.C. § 1232g(b)(1)(A). See also, 34 C.F.R. § 99.31(a)(1).

[42] 34 C.F.R. § 99.31(a)(1)(i)(B) (third party must (i) “perform an institutional service or function for which the…institution would otherwise use employees”; (ii) “[be] under the direct control of the…institution with respect to the use and maintenance of education records”; and (iii) be subject to certain FERPA requirements governing the use and re-disclosure of PII in educational records.

[43] 34 C.F.R. § 99.33(a)(1).

[44] 34 C.F.R. § 99.33(a)(2).

[45] HIPAA established a national health information privacy rule, which required the Secretary to issue final Standards for Privacy of Individually Identifiable Health Information, known as the Privacy Rule. See 45 C.F.R. Part 164 Subpart E. The Privacy Rule applies to health plans, health care clearinghouses, and health care providers who transmit financial and administrative transactions electronically to third parties for reimbursement of medical expenses, including medical universities that offer health care to individuals in the normal course of business or the fulfillment of academic credentials (i.e., through a university medical hospital or faculty/physician practice). See U.S. Department of Health and Human Services and U.S. Department of Education, supra note 35.

[46] “The term ‘individually identifiable health information’ means any information, including demographic information collected from an individual, that – (A) is created or received by a health care provider, health plan, employer, or health care clearinghouse; and (B) relates to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual, and – (i) identifies the individual; or (ii) with respect to which there is a reasonable basis to believe that the information can be used to identify the individual.” 42 U.S.C. §1320d(6).

[47] 45 C.F.R. §160.103.

[48] 45 C.F.R. § 164.530(c). This regulation also provides specific requirements regarding the structure around such safeguards, including designating a privacy official, training the workforce, providing a mechanism for documentation of complaints, avoiding retaliation and sanctions, and other important structural components.

[49] Pursuant to the Privacy Rule, a covered entity must receive satisfactory assurances from its business associate that the business associate will appropriately safeguard the protected health information before sending PHI to the third party or having it create PHI on behalf of the covered entity. The satisfactory assurances must be in writing, whether in the form of a contract or other agreement between the covered entity and the business associate. See 45 C.F.R. §§ 164.502(e), 164.504(e), 164.532(d) and (e). For further information about business associates in the HIPAA context, visit the HHS website. Business Associates, U.S. Dep’t. of Health and Human Services, available at

http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/businessassociates.html.

[50] 45 C.F.R. § 164.506.

[51] 45 C.F.R. § 164.508. Among these exceptions, PHI may be used or disclosed without patient authorization or prior agreement for public health, judicial, law enforcement, and other specifically enumerated purposes. See 45 C.F.R. § 164.512(a)-(l). “When the covered entity is required by this section to inform the individual of, or when the individual may agree to, a use or disclosure permitted by this section, the covered entity’s information and the individual’s agreement may be given orally.” See 45 C.F.R. § 164.512. For some situations that might otherwise require authorization, a covered entity may use or disclose PHI without authorization so long as the individual was given the prior opportunity to object or agree. See 45 C.F.R. § 164.510 (e.g., for use in a directory, under emergency circumstances, for use in the care of the individual, for disaster relief, or for when the person is dead).

[52] 42 U.S.C. §§ 1320d-2 and (d)(4). HHS issued the these standards in 2003.

[53] 45 C.F.R. § 164.306(a). See also, 42 U.S.C. §§ 1320d-2(d) (requiring covered entities to protect the electronic PHI against any reasonably anticipated threats or hazards to the security or integrity of such information, as well as any reasonably anticipated uses or disclosures of such information that are not permitted or required under the Privacy Rule). See also, 42 U.S.C. §§ 1320d-2(d)(2)(C) (covered entities are also responsible for ensuring compliance by their employees).

[54] Under such agreements, the third party must: implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the covered entity’s electronic PHI; ensure that its agents and subcontractors to whom it provides the PHI do the same; and report to the covered entity any security incident of which it becomes aware. See 45 C.F.R. § 164.504 (e)(2). The contract must also authorize termination if the covered entity determines that the third party has violated a material term. See 45 C.F.R. § 164.504 (e)(2)(iii). Additionally, if a covered entity’s third party business partner violates the Security Rule, the covered entity is not liable unless it knew that the third party was engaged in a practice or pattern of activity that violated HIPAA and failed to take corrective action. See 45 C.F.R. § 164.504 (e)(1). The HITECH Act extended application of some provisions of the HIPAA Privacy and Security Rules to the business associates of HIPAA-covered entities, in particular, making those business associates subject to civil and criminal liability for improper disclosure of PHI; establishing new limits on the use of PHI for marketing and fundraising purposes; providing new enforcement authority for state attorneys general to bring suit in federal district court to enforce HIPAA violations; increasing civil and criminal penalties for HIPAA violations; requiring covered entities and business associates to notify the public and HHS of data breaches; changing certain use and disclosure rules for protected health information; and creating additional individual rights. See 78 Fed. Reg. 5566–5702.

[55] Covered entities and business associates may use any security measures that allow them to reasonably and appropriately implement the standards and implementation specifications as specified in this subpart.” See 45 C.F.R. § 164.306 (b)(1).

[56] 45 C.F.R. § 164.306 (b)(2)(i)–(iv).

[57] The Office of Civil Rights in HHS enforces compliance with the Privacy Rule. 65 Fed. Reg. 82381. The Secretary of HHS must assess a civil monetary penalty on any covered entity or person failing to comply with the national standards and regulations. See 42 U.S.C. § 1320d-5(a). The minimum fine for a violation is $100 per violation, but can be up to $25,000 for all violations of an identical requirement or prohibition during a calendar year. 42 U.S.C. § 1320d-5(a)(1). The maximum fine for a violation is $50,000 per violation and up to $1.5 million for all violations of an identical requirement or prohibition during a calendar year. See 42 U.S.C. § 1320d-5(a)(1). Criminal penalties may imposed if a person knowingly and in violation of HIPAA’s Administrative Simplification provisions uses a unique health identifier or obtains or discloses individually identifiable health information. See 42 U.S.C. § 1320d-6. Criminal penalties can be enhanced if the offense was committed under false pretenses, with intent to sell the information or reap other personal gain. The criminal penalties include a fine of not more than $50,000 and/or imprisonment of not more than one year for a violation. 42 U.S.C. § 1320d-6(b). If the offense was committed under false pretenses, the penalty will be a fine of not more than $100,000 and/or imprisonment of not more than five years. If the offense was committed with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm, then the violation will incur a fine of not more than $250,000 and/or imprisonment of not more than 10 years. See also Luis J. Diaz & David N. Crapo, The Cost of a Data Breach: The Health Care Perspective, The Metropolitan Corporate Counsel, Nov. 18, 2013, http://www.metrocorpcounsel.com/articles/26260/cost-data-breach-health-care-perspective.

[58] Ieuan Jolly, US Privacy and Data Security Law 27 (2014), available at Thomson Reuters Practical Law.

[59] Id.

[60] Nancy J. King & V.T. Raja, What Do They Really Know About Me in the Cloud? A Comparative Law Perspective on Protecting Privacy and Sensitive Consumer Data, 50 Am. Bus. L.J. 413, 445-446 (2013).

[61] Id.

[62] Id.

[63] These attempts included the Cybersecurity Act of 2009, S. 773, 111th Cong. (as introduced, Apr. 1, 2009); the Cybersecurity Act of 2010, S. 773, 111th Cong. (as reported by S. Comm. on Commerce, Sci., & Transp., Mar. 24, 2010); the Protecting Cybersecurity as a National Asset Act of 2010, S. 3480, 111th Cong. (as reported by S. Comm. on Homeland Sec. & Governmental Affairs, Dec. 15, 2010); the Cybersecurity and Internet Freedom Act of 2011, S. 413, 112th Cong. (2011); the Cybersecurity Act of 2012, S. 2105, 112th Cong. (as introduced, Feb. 14, 2012); the Cybersecurity Enhancement Act of 2014, S. 1353 (as introduced July 24, 2013); and the Data Security Act of 2015, S. 961 (as introduced April 15, 2015), among others. For a description of various proposals, see David W. Opderbeck, Cybersecurity and Executive Power, 89 Wash. L. Rev. 795 (2012).

[64] See Opderbeck, supra, note 61, at 801-12.

[65] Id.

[66] Id.

[67] Exec. Order No. 13,636, 78 Fed. Reg. 649 (February 19, 2013).

[68] Id. at § 7.

[69]See NIST Cybersecurity Framework website, available at http://www.nist.gov/cyberframework/; PWC, “Why You Should Adopt the NIST Cybersecurity Framework” (May 2014), available at http://www.pwc.com/us/en/increasing-it-effectiveness/publications/assets/adopt-the-nist.pdf (stating that “the Framework comprises leading practices from various standards bodies that have proved to be successful when implemented, and it also may deliver regulatory and legal advantages that extend well beyond improved cybersecurity for organizations that adopt it early”).

[70] See NIST Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0 (February 12, 2014), § 1.1, available at http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf.

[71] Id. at § 2.1.

[72] Id.

[73] Id.

[74] Id.

[75] Id.

[76] Id.

[77] Id.

[78] Id.

[79] Id. at § 2.2.

[80] Id. at § 2.4.

[81] Id. at Appendix A.

[82] Id.

[83] Id.

[84] Id. NIST also makes the core framework and coding tool available on its website in Excel and FileMaker formats. See http://www.nist.gov/cyberframework/csf_reference_tool.cfm and http://www.nist.gov/cyberframework/upload/framework-for-improving-critical-infrastructure-cybersecurity-core.xlsx.

[85] See HEIS Information Security Guide, Introduction, available at https://spaces.internet2.edu/display/2014infosecurityguide/Welcome+to+the+Guide.

[86] Id.

[87] See Ohio State University Information Risk Management Program website, available at https://ocio.osu.edu/itsecurity/riskmgmt.

[88] Id.

[89] For a similar list, see Joanna Lyn Grama, Understanding IT GRC in Higher Education: IT Compliance, Educause Review, February 23, 2015, available at http://er.educause.edu/articles/2015/2/understanding-it-grc-in-higher-education-it-compliance.

[90] Protecting Cyber Networks Act, H.R. 1560 (passed by House as amended April 22, 2015); Cybersecurity Act of 2015 (passed into law on December 18, 2015), available at https://www.congress.gov/114/bills/hr2029/BILLS-114hr2029enr.pdf.

[91] See, e.g., Cybersecurity Act of 2015, § 104(c)(1) (stating that, with certain exceptions, “notwithstanding any other provision of law, a non-Federal entity may, for a cybersecurity purpose . . . share with, or receive from, any non-Federal entity or the Federal Government a cyber threat indicator or defensive measure.”).

[92] See, e.g., id. § 102(14)(A) (stating that “ ‘non-Federal entity’ means any private entity, non-Federal government agency or department, or State, tribal, or local government (including a political subdivision, department, or component thereof)).”; id. § 102(15)(A) (stating that “ ‘private entity’ means any person or private group, organization, proprietorship, partnership, trust, cooperative, corporation, or other commercial or nonprofit entity, including an officer, employee, or agent thereof.”).

[93] See, e.g., Andy Greenberg, Privacy Critics Go 0-2 With Congress’ Cybersecurity Bills, Wired, March 26, 2015, available at http://www.wired.com/2015/03/privacy-critics-go-0-2-congress-cybersecurity-bills/.

[94] Data Breaches Hit the Board Room: How to Address Claims Against Directors and Officers, Hogan Lovells Chronicle of Data Protection, Jan. 23, 2015, available at http://www.hldataprotection.com/2015/01/articles/cybersecurity-data-breaches/data-breaches-hit-the-board-room/. See also, In re Heartland Payment Systems, Inc. Security Litigation, Case No. 09-1043. 2009 WL 4798148 (D.N.J. Dec. 7, 2009)

[95] Supra note 2.

[96] Cloud computing allows organizations to purchase and use technology services through the internet on an as-needed basis and is a cost-effective alternative to buying and maintaining expensive hardware or software. See Timothy D. Martin, Hey! You! Get Off of My Cloud: Defining and Protecting the Metes and Bounds of Privacy, Security and Property in Cloud Computing, 92 J. Pat. & Trademark Off. Soc’y, 283, 285 (2010).

[97] Id.

[98] Organizations can reduce or eliminate IT capital expenditures and decrease ongoing operating expenses by paying only for the services they use, which can result in reducing or redeploying IT staff. See Cisco, Cloud Computing in Higher Education: A Guide to Evaluation and Adoption 2 (2011). See also Steve Mutkoski, Cloud Computing, Regulatory Compliance, and Student Privacy: A Guide for School Administrators and Legal Counsel, 30 J. Marshall J. Computer & Info. L. 511, at 512 (2014).

[99] Melanie J. Teplinsky, Fiddling On The Roof: Recent Developments in Cybersecurity, 2 Am. U. Bus. L. Rev. 225, 238 (2013).

[100] Cisco, supra note 96, at 2.

[101] Martin, supra note 94, at 294.

[102] The complex nature of cloud computing services creates a “level of abstraction between the physical infrastructure and the owner of the information being stored and processed.” The organization that contracts with a cloud computing vendor no longer has any visibility into the operations of the physical infrastructure where the data is being stored, and it is argued that more transparency should be provided regarding service providers’ cybersecurity measures. See J. Nicholas Hoover, Compliance in the Ether: Cloud Computing, Data Security, And Business Regulation, 8 J. Bus. & Tech. L. 255, 260-261. See also Zacharis Enslin, Cloud Computing Adoption: Control Objectives for Information and Related Technology (COBIT) – Mapped Risks and Risk Mitigating Controls, Afr. J. Bus. Mgmt. Vol.6 (37), 10185-94 (2012).

[103] Teplinsky, supra note 97, at 238 (“characteristics of cloud computing – including system complexity, the multi-tenant environment, and loss of control – pose significant challenges to corporate cybersecurity”).

[104] Significant concerns by cloud users about shifting liability from the cloud users to the cloud vendors are not adequately addressed in the standard contract terms offered by most cloud computing vendors. These contracts typically heavily favor the cloud vendor, and, unfortunately, most cloud users lack the leverage to sufficiently bargain for a more balanced agreement. See T. Noble Foster, Navigating Through The Fog of Cloud Computing Contracts, 30 J. Info. Tech. & Privacy L. 13, 24-25 (2013).

[105] Aside from state laws, there are nine applicable sets of regulations, at least six industry-specific guidelines and requirements, and a wide array of international laws in the data security space. See James Ryan, The Uncertain Future: Privacy And Security In Cloud Computing, 54 Santa Clara L. Rev. 497, 506 (2014).

[106] In a “private cloud,” an organization develops or purchases its own cloud-computing environment, rather than using a multi-tenant platform that is available to the general public or a large industry group. See Cisco, supra note 96, at 3.

[107] Cisco, supra note 96, at 3. By contracting with a cloud computing vendor (that may even be another, larger university), smaller colleges can adopt state-of-the-art applications and services, thereby bypassing many of the costly challenges such as lack of high levels of computerization, recruitment of qualified IT personnel, and the ability to secure and protect PII and other sensitive data.

[108] U.S. Department of Education PTAC, supra note 11, at 2.

[109] Cisco, supra note 96, at 4.

[110] See Association of Governing Boards of Universities and Colleges, supra note 9, at 1 (“While institutional focus on risk has grown[,] . . . risk appetite and tolerance are less likely to be considered in decision making. In 2013, 31 percent ‘strongly agreed’ that risk appetite and tolerance are part of the institution’s culture, down from 47 percent in 2008.”).

[111] International students attending a U.S. educational institution may pose unique jurisdictional implications, especially as more and more countries adopt increasingly sophisticated data privacy laws intended to protect its citizens. See Cynthia Rich, Privacy Laws in Asia, A Special Report for Privacy & Data Security Professionals, Bloomberg BNA Vol. 13, No. 16 (2014).

[112] Public cloud services are delivered online, and the internet-based nature provides hackers with a larger “attack surface” to attack in comparison to private networks. See J. Nicholas Hoover, Compliance in the Ether: Cloud Computing, Data Security and Business Regulation, 8 J. Bus. & Tech. L. 255, 261 (2013).

[113] Cloud vendors typically exclude or restrict liability as much as possible, and it is generally difficult for large or global users to negotiate successfully for vendor liability, particularly for outages and data loss. See W. Kuan Hon, Christopher Millard & Ian Walden, Negotiating Cloud Contracts: Looking at Clouds From Both Sides Now, 16 Stan. Tech. L. Rev. 81, at 94 (2012).

[114] Id. at 103. Cloud vendors may provide round-the-clock “follow the sun services” and use support staff or sub-contractors outside the U.S. who have or are given access to data or metadata.

[115] Hon, supra note 111, at 94.

[116] John Soma, Maury Nichols, Melodi Mosley Gates & Ana Gutierrez, Chasing The Clouds Without Getting Drenched: A Call For Fair Practices In Cloud Computing Services, 16 J. Tech. L. & Pol’y 193, 211 (2011). Given their size and commensurate bargaining power, cloud vendors are able to dictate terms that are favorable for themselves, but risky for the purchaser.

[117] Congress recently created a compilation of citations that provide many available resources to assist in the development of appropriate due diligence in order to assess the apparent risks of cloud providers. See Cybersecurity Authoritative Reports and Resources, Congressional Research Service (June 10, 2015).

[118] See Privacy Laws in Asia: A Special Report for Privacy and Data Security Professionals, Bloomberg BNA, Apr. 21, 2014, available at http://www.bna.com/uploadedFiles/Content/Web_Forms/Real_Magnet_Form/Legal/Privacy_Law/11759-iapp-whitepaper.pdf (providing a comprehensive summary of privacy laws in major regions outside of the United States).

[119] In response to the number of cyberattacks suffered within the United States in 2014, Congress commissioned a study of the issues and challenges with cybersecurity, and the report can serve as resource to the stakeholders and institution’s governing body in assessing, understanding, and appreciating the current risks to data within the United States. See Cybersecurity Issues and Challenges: In Brief, Congressional Research Service (April 14, 2015).

[120] The U.S. Department of Education’s Privacy Technical Assistance Center issued guidance to education institutions to assess the use of cloud computing and develop standard contract terms. See “Frequently Asked Questions – Cloud Computing,” USDOE Privacy Technical Assistance Center (June 2012). See also “Protecting Student Privacy While Using On-Line Educational Services: Requirements and Best Practices,” USDOE Privacy Technical Assistance Center (February 2014). In addition, guidance and contract templates issued by the United States federal government can also serve as useful resources for public education institutions. See Creating Effective Cloud Computing Contracts for the Federal Government – Best Practices for Acquiring IT as a Service, CIO Council/Chief Acquisition Officers Council (February 24, 2012) (standard contract clauses can be found at: www.gsa.gov/graphics/staffoffices/FedRAMP_Standard_Contractual_Clauses_062712.pdf) .

[121] In 2015, Verizon commissioned a study with contributions from 70 entities around the world, and its findings are summarized in a report entitled the “Data Breach Investigation Report,” Verizon Risk Team (2015). In 2014, Verizon commissioned a similar global study with 17 partners from the audit, law enforcement, and security fields, and its findings were summarized in a report entitled “Data Breach Investigation Report,” Verizon Risk Team (2013). Verizon’s reports are located at: www.verizonenterprise.com/DBIR. Studies with similar findings were undertaken by Zurich Insurance and The Ponemon Institute. See Data Breach: The Cloud Multiplier Effect, Ponemon Institute (June, 2014); see also Diaz and Crapo, supra note 33; Data Breach Cost: Risks, Costs, and Mitigation Strategies for Data Breaches, Zurich General Insurance (2012).

[122] See discussion infra Section III.C.

[123] Gallardo and Kaplan, supra note 3.

[124] Ellen Wexler, Another Network Outage at Rutgers Leads to Frustration Among Professors and Students, The Chronicle of Higher Education, Sept. 30, 2015, http://chronicle.com/article/Another-Network-Outage-at/233483/. See also, David Gialanella, Universities Help Drive Need for Data-Security Advice, New Jersey Law Journal, October 3, 2014.

[125] Universities ‘Peculiar Creatures’ in Cybersecurity World, Cyber Security Caucus, May 22, 2015, http://cybersecuritycaucus.com/universities-peculiar-creatures-in-cybersecurity-world/.

[126] The U.S. Department of Commerce’s National Institute of Standards and Technology issued comprehensive recommendations to identifying confidential data, implementing safeguards to prevent breaches, and developing breach response protocol in a report entitled Guide to Protecting the Confidentiality of Personally Identifiable Information, Special Publication 800-122 (April 2010).

[127] Foster, supra note 102, at 27. Cyber insurance has been available for an extended period and has evolved to become suitable for both cloud users and cloud providers. Ideally, both the institution and the vendor will have completed appropriate due diligence and implemented comprehensive risk mitigation strategies that include cyber insurance coverage.

[128] See Recall Total Info. Mgmt. v. Federal Ins. Co., 83 A.3d 664 (Conn App. 2014), aff’d, 115 A.3d 458 (Conn. 2015).

[129] See Zurich American Insurance Co. v. Sony Corp. of America et al., 2014 N.Y.LEXIS 5141 (N.Y. Sup. Ct. 2014).

[130] See Travelers Indem. Co. v. Portal Healthcare, 35 F.Supp 3d 765 (E.D. Va. 2014); Hartford Cas. Inc. Co. v. Corcino & Assocs., No. 13-1328, 2013 U.S. Dist LEXIS 152836 (D. Calif. Oct. 7, 2013); see also Eyeblaster, Inc. v. Federal Ins. Co., 613 F.3d 797 (8th Cir. 2010) (coverage under CGL policy was available because insurer failed to establish that the policy terms applied to preclude coverage).

[131] See ISO Form Nos. CG 21 06 05 14 (Exclusion for Access or Disclosure of Confidential or Personal Information and Data-Related Liability – With Bodily Injury Exception); CG 21 07 05 14 (Exclusion for Access or Disclosure of Confidential or Personal Information and Data-Related Liability – Limited Bodily Injury Exception Not Included); CG 21 08 05 14 (Exclusion for Access or Disclosure of Confidential or Personal Information (Coverage B Only)).

 

[132] Ponemon Institute LLC, 2015 Costs of Data Breach Study: Global Analysis, 1 (2015). The Ponemon Institute’s study involved 350 companies from eleven different countries, and, while the global average per record costs of a data breach were estimated at $154, U.S. companies had the most costly per record costs at $217 per compromised record.

[133] For example, under Amazon’s standard contract for cloud computing services, it states that “Neither we nor any of our affiliates or licensors will be responsible for any compensation, reimbursement or damages arising in connection with…any authorized access to, alteration of, or the deletion, destruction, damage, loss or failure to store any of your content or other data.” See Foster, supra note 102 at 13.

[134] Warwick Ashford, Cyber Insurance Complements Security Controls, Says Aon, ComputerWeekly.com, Jul. 14, 2014, http://www.computerweekly.com/news/2240224437/Cyber-insurance-complements-security-controls-says-Aon.

Unresolved Conflicts of Interest in University Human Subject Research – OLD

01.27.2017  |  Comments Off on Unresolved Conflicts of Interest in University Human Subject Research – OLD

By Gabriela A. Weigel*

“They are not ignorant men. Most of them are trained physicians and some of them are distinguished scientists. Yet these defendants, all of whom were fully able to comprehend the nature of their acts, and most of whom were exceptionally qualified to form a moral and professional judgment in this respect, are responsible for wholesale murder and unspeakably cruel tortures.

It is our deep obligation to all peoples of the world to show why and how these things happened. It is incumbent upon us to set forth with conspicuous clarity the ideas and motives which moved these defendants to treat their fellow men as less than beasts. The perverse thoughts and distorted concepts which brought about these savageries are not dead. They cannot be killed by force of arms. They must not become a spreading cancer in the breast of humanity. They must be cut out and exposed for the reason so well stated by Mr. Justice Jackson in this courtroom a year ago–

‘The wrongs which we seek to condemn and punish have been so calculated, so malignant, and so devastating, that civilization cannot tolerate their being ignored because it cannot survive their being repeated.’”

Opening Statement in the Doctors Trial at Nuremberg by Brig. General Telford Taylor
(December 9, 1946)[1]

I. Introduction

It is almost unnecessary to say that with the advancement of science there has come a plethora of ethical dilemmas – dilemmas which lay bare questions about the boundaries of our human interaction. The drive for “progress” and knowledge for the “good of society,” as well as the age old desire for profit and power, continually create a conflict between the further advancement of the human race and respecting whatever meaning and value we ascribe to ourselves individually by virtue of our humanity. We only have to turn to this last century to find case after case – the horrors of the Nazi medical experiments, the shocking revelations by Henry Knowles Beecher of postwar abuses in the United States[2], the Tuskegee Syphilis Study (1932-1972)[3], the Jewish Chronic Disease Hospital study, the Japanese Army’s “Unit 731,” etc.[4] – of cringe-worthy experiments involving human subjects.

Each of these cases elicited a societal backlash and together they have prompted the creation of ethical codes which address and clarify the boundaries of research involving human subjects. In 1948, the Nuremberg Code gave an absolutist, natural law based condemnation of the Nazi experiments. The World Medical Association later issued the Declaration of Helsinki in 1964 and just over a decade later, in 1978, the National Commission for the Protection of Human Subjects of Biomedical and Behavioral Research issued the Belmont Report. The “Common Rule” eventually evolved from the Belmont Report and currently governs the regulation of human subject research in the United States. Embedded in each of these ethical codes is the principle of autonomy, primarily safeguarded through the application of informed consent.

However, the application of these ethical codes has been, needless to say, less than easy. Given the inherent conflicts of interest involved in human subjects research (the pursuit of knowledge and profit at the risk of undermining human rights, and by extension, dignity) and the speedy evolution of the nature of clinical research,[5] violations and problems in application still occur.[6] One particular arena affected by these conflicts of interest is the university system, which since the 1950’s has been the locus of federally funded research, particularly in the biomedical sciences.[7] Many of the most notable, and deadly, human subject research studies in the last 60 years have been located in university health and research centers and affiliates.[8] Though initially charged with the academic education of its students, since the advent of the research university system, universities have also been expected to be producers of cutting edge technology as partners working in close relationship with or in easy transferability to industry.[9] These expectations have magnified the conflicts of interest already inherent in human subject research and have raised additional questions about licensing, patents, and the meaning of a university’s academic mission.

This paper seeks to further explore the conflicts of interest inherent in the human subject research situation, particularly in light of the university context. To begin, it relays the historical development of the Common Rule and its emphasis on informed consent in greater detail. Additionally, the historical development of the American research university and its relationship to federal and industrial funding is further fleshed out. The current status of the Common Rule is then evaluated for possible deficiencies in regulating human subject research, particularly in the university setting. Examples of recent ethical violations help to exemplify these deficiencies. Finally, the recent Notice of Proposed Rulemaking issued by the Department of Health and Human Services is examined for what resolutions to the stated issues are proposed and what resolutions are still missing. This paper concludes that though the Notice of Proposed Rulemaking may close some gaps in the coverage of regulation, the focus of the Common Rule and the Notice of Proposed Rulemaking are still behind not only in adapting to the changing nature of clinical research, but more importantly in their premises and focus.

II. History and Context

A. The development of human subjects research regulation

The 20^th century ushered in a new type of government regulation, focusing on the ethical use of human subjects in research. The Food and Drug Administration’s (FDA) modern regulatory functions began with the passage of the Pure Food and Drug Act in 1906 (by 1991, the FDA would become a key player in the development and adoption of the Common Rule for regulating their own clinical drug trials and research[10]). Forty years later, an American military tribunal opened criminal proceedings against German physicians and administrators for their participation in war crimes and crimes against humanity. The atrocities of the Nazi experiments, conducted with unwilling human subjects, rocked the world, and the military tribunal responded with the well-known Nuremberg Code, outlining what the tribunal saw as ten basic principles necessary for ethical human subjects research: voluntary consent, fruitful results for the good of society, a basis in animal experimentation, avoidance of unnecessary physical and mental suffering and injury, avoidance of a priori reason to believe death and disabling injury will occur, reasonable degree of risk, proper preparation and adequate facility, limitation to scientifically qualified personnel, human subjects liberty to rescind consent and end the experiment, and the duty of the scientist to rescind an experiment that becomes excessively dangerous.[11]

Despite the American issuance of the Nuremberg Code in 1948, the U.S. Public Health Service conducted the infamous Tuskagee Syphilis Study from 1933-1972, until publicity surrounding the experiment forced the U.S. Department of Health, Education, and Welfare to end it.[12] Within that same timeframe, the Office of Scientific Research and Development (created by President Roosevelt in 1941) conducted dangerous dysentery vaccine experiments on mentally disabled children through the Committee on Medical Research in 1943-44.[13] In addition to these, multiple other U.S. agencies conducted highly hazardous plutonium experiments on unwitting human subjects.[14] Henry Knowles Beecher, in his 1966 article in the New England Journal of Medicine, further showed that much had not changed with regards to research abuses after the war.[15] It was clear that, as the historian David Rotham concluded, “Well into the 1960’s, the American research community considered the Nuremberg findings, and the Nuremberg Code, irrelevant to its own work.”[16]

At the same time, the World Medical Association reacted to growing awareness about the continuing problem of research abuse by developing the Helsinki Codes, I and II, in 1964 and 1975, respectively. These documents reiterated some of the basic tenants laid out in Nuremberg, but called for more specifics. They proposed that consent should be preserved in writing, that clinical research for patient care should be distinguished from clinical research for non-therapeutic purposes, and required that an ethical review committee monitor all research with human subjects.[17] The National Research Act of 1974 also stepped in just before the revision of the Helsinki Code in 1975, responding directly to the publicity surrounding the Tuskagee Syphilis Study by creating the National Commission for the Protection of Human Subjects of Biomedical and Behavioral Research, who in turn created the Belmont Report.[18] The Belmont Report would become “the foundational document for the ethics of human subject research in the United States.”[19]

The bedrock principle that can be found in each of these ethical codes is a respect for autonomy, verified through the use of consent. The Nuremberg Code states that “The voluntary consent of the human subjects is absolutely essential,”[20] and although it did not carry the force of law, the Nuremberg Code was the first international document which advocated for voluntary participation and informed consent in human subject research.[21] The World Medical Association followed with the Declaration of Helsinki in 1964[22], outlining recommendations for medical doctors involved in human subjects “research combined with clinical care” and “non-therapeutic [human subjects] research,” reiterating the necessity of informed, voluntary consent.[23] The National Commission for the Protection of Human subjects of Biomedical and Behavioral Research, in issuing the Belmont Report in 1979, outlined three basic ethical principles that should undergird all human subject research conduct: respect for persons (autonomy), beneficence, and justice.[24] Corresponding to each principle was the application of informed consent, assessment of risks and benefits involved in the research, and proper selection of research subjects.[25] A series of regulations following the issuance of the Belmont Report were eventually formally adopted by 17 agencies and the FDA in 1991 as the Federal Policy for the Protection of Human Subjects, or the “Common Rule.”[26] The Common Rule entails the current federal regulations for human subject research, requiring entities receiving federal funding to establish Institutional Review Boards to monitor and approve proper and ethical research and procedures.[27]

Since its inception in 1991, the Common Rule has been subject to little change. It was not until July 2011, after President Obama had issued an Executive Order requiring federal agencies to review and revise burdensome and ineffective significant regulations,[28] that the Department of Health and Human Services (HHS) issued an Advanced Notice of Proposed Rule Making (ANPRM).[29] Researchers welcomed the ANPRM, titled “Human Subjects Research Protections: Enhancing Protections for Research Subjects and Reducing Burden, Delay, and Ambiguity for Investigators,” as a much needed address to the growth and change in the nature of clinical research that had developed since the Common Rule’s inception.[30] After much anticipation, the ANPRM has finally translated into the Notice of Proposed Rulemaking, as proposed by the HHS on September 8, 2015.

B. The history of the American research university

The concept of the research university is barely older than the development of human research ethics and regulation. Beginning in the nineteenth century and notably guided by the ideas of Alexander Von Humboldt, “Research, as an experimental procedure conducted in a spirit of discovery, first appeared in German universities.”[31] By the end of the nineteenth century, the Humboltian model of the research university faced multiple hurdles, including how to properly integrate research and teaching under the same roof, resulting in the delegation by many universities of experimental research activities to in-house institutes of basic research under the aegis of individual professors.[32] However, by the beginning of the twentieth century, North American universities once again took up the ideal of combining and integrating teaching and research, with several institutions successfully asserting themselves as distinguished research universities.[33] One of the most notable of these institutions is Johns Hopkins University, which prides itself on being “America’s first research university.”

The experimental approach now integrated into the university system played a major role in the development of new scientific knowledge and technologies. In realizing this value of the new research university model, and prompted primarily by the post-World War II era concerns, the federal government established a comprehensive policy on the role of the federal government in supporting research.[34] This policy was initialized in Vannevar Bush’s Science, The Endless Frontier in 1945, building an overarching objective of cultivating a “steady stream of scientific knowledge to ensure economic growth.”[35] By 1950, Congress had established the National Science Foundation (NSF) as an agency devoted to the support of basic research and education in all scientific and engineering disciplines. The 1958 launch of Sputnik and the beginning of the space race further propelled U.S. investment in its research universities. Since the end of the Cold War, federal research policies expanded beyond defense-specific research and continued to increase funding for university based research.[36] Expansion included health-related research and basic research in a wide range of other disciplines, with total funding jumping from $31 million in 1940 to $3 billion in fiscal year 1979.[37] However, federal funding began to stagnate around the 1970’s and industry struggles with increasing competition from abroad and slowing productivity at home fostered interest in possible benefits from closer cooperation with universities.[38] The federal government encouraged such cooperation,[39] notably through the Bayh-Dole Act of the Patent and Trademark Amendments of 1980 which invigorated technology transfer from universities to business and industry by transferring federal government patent rights from the results of federally funded research to universities.[40] The Bayh-Dole legislation had a “significant impact,” creating a “compelling incentive for universities and industry to partner in the commercialization of scientific discoveries” and resulting in the number or patents awarded to university faculty to increase fourfold from 1988-2003.[41] Though the federal government remained the dominant source of funds for university research, the amount provided by industries rose since the 1970’s and into the 80’s, focusing especially in the fields of biology, chemistry, and engineering.[42] In recent years, funding has diminished, with funding through the National Institute of Health (NIH) and the National Science Foundation (NSF) being cut by 5% for the 2013 fiscal year[43] and industry funding slowing due to recent economic crisis.[44]

III. Conflicts of Interest and the Limits of the Common Rule

A. The basic conflict

The diminishment of funding sources poses an age old problem for researchers in the university setting: money. A criterion for being called a research university is the significant amount of basic research that must be conducted there, with the measure of that effort being “the magnitude of research grants received by its professional research staff from funding agencies.”[45] It is common knowledge that drawing in an adequate amount of funding is a tenure requirement for many professors in the sciences. The pressure to develop and produce successfully is only intensified by the limitation of resources.

However, the funding issue simply exacerbates what is already an issue in the field of human subject research. Inherent in the relationship between researchers and their subjects is a tension between the goals of the researchers – be it knowledge and the good of society, profit, or merely job security – and the dignity and autonomy of the subject. The Common Rule attempts to regulate these tensions by outlining the primacy and necessity of obtaining and documenting informed consent, establishing requirements for Institutional Review Boards (IRBs) and their analyses, adding protections for specified “vulnerable” classes, and including requirements for assuring compliance by research institutions.[46] Crafting an adequate regulatory scheme is no easy feat, particularly in an area as large and diverse as human subject research, but it is an absolute necessity. Unfortunately, the laws currently in place fall short of the task.

B. Experiments gone awry

The ineffectiveness of IRBs and the current Common Rule system is most starkly felt when death is the result, and particularly when death is the result at a highly regarded institution, expected to be the hallmark of not only successful, but also ethical research. The unfortunate reality is that every experiment involving human subjects will involve some level of risk of death, but when the regulatory system designed to protect against unacceptably high levels of that risk fails to do so, the results can be tragic.

Notable recent examples include Johns Hopkins University and the University of Minnesota. In 2011, Johns Hopkins, who received at the time more federal research money than any other research university at a hefty $310 million in 2010, had almost all of its federally financed medical research suspended after a federal oversight committee investigated the death of young volunteer in a research study at the university.[47] The agency cited a failure by the university’s IRB to take proper precautions to protect the research subjects and required the university to structure a new program to ensure their IRB was properly educated on federal human subject research regulations.[48] The young volunteer died a month after inhaling hexamethonium, an unapproved drug being used to test the causes of asthma.[49]

In an even more disastrous experiment, the University of Minnesota became the subject of public scrutiny after the violent death of a young man taking part in a clinical study at the university became widely publicized. Dan Markingson was a psychotic patient enrolled into a university led study of the drug Seroquel after having been involuntarily committed as a violent threat to himself and others in 2004. Despite his mother’s protests and a previous determination that Dan was incapable of consent, Dan was made to partake in the study for five months until he committed a bloody suicide with a box-cutter.[50] The case of Dan Markingon was particularly egregious not only for concerns with informed consent, but also for the relationship between the university researcher in charge of Dan’s case and AzraZeneca, the drug company seeking to promote Seroquel. It was only after several years of intense prompting by Markingon’s mother and others that the case came to light after having been successfully hushed and hidden from the public, reportedly by university officials.[51] Such an instance more potently demonstrates the conflict of interest that can arise where both the researcher and an industry stand to make a profit.

In less death-ridden cases, the courts have attempted to address the issue of informed consent, though the amount of case law in this area is very limited.[52] (Dan Markingon’s case was dismissed on the grounds of immunity.[53]) In the 2001 case Grimes v. Kennedy, the court addressed the issue of children being enrolled in clinical trials after parents filed suit for negligence in a study conducted by a “prestigious research institute, associated with Johns Hopkins University.”[54] The study was a non-therapeutic research program investigating the effect of different lead abatement procedures for apartments containing lead dust and paint which required children to be exposed to varying levels of lead dust. After the study had been ongoing for some time, several of the children were found to have accumulated hazardously high levels of lead in their blood to the knowledge of the researchers who then failed to notify parents. The Maryland court concluded that parents or other surrogates could not consent to the participation of a child in nontherapeutic research where there is any risk of injury or damage to the health of the subject.[55]

In a 2014 class action against members of the University of Alabama Institutional Review Board, children who had been members of a clinical trial involving research on premature infants with extremely low birth weights filed suit for injury as a result of the study. The clinical trial had two aspects: 1) “exploring treatment with continuous positive airway pressure”; and 2) “determining the appropriate levels of oxygen saturation in extremely low-birth-weight infants by comparing a lower versus higher range of levels of oxygen saturation in such infants.”[56] The plaintiff’s parents contended that they “would not have enrolled the Plaintiffs [in the study] had they been informed of the true risks, benefits, and nature of the [Trial] [sic].”[57] This case granted defendants a motion to dismiss, again highlighting the lack of solid case law dealing with Common Rule violations and also emphasizing issues with the accountability of IRBs, who are often guarded on the grounds of immunity.[58] Where it can be difficult to hold IRBs accountable for failing to adequately safeguard human subjects, a stronger regulatory system is needed upfront.

Some research studies involve bodily harm, but others can be less threatening physically while still giving pause to the conflict of interest at hand. A more recent case involved the University of Maryland and chocolate milk. The University collaborated with industry partners through a program called the Maryland Industrial Partnerships Program, the goal of this collaboration being to foster job creation. The milk manufacturer whose chocolate milk was being tested funded approximately ten percent of the study, which proved to be favorable in showing the manufacturer’s brand of chocolate milk as contributing to improvement in concussion related injuries. Several have called out the University’s study for being “shoddy” and unscientific as the study was released in 2015 without having been published or peer reviewed first. Others point to it as yet another example of the “commercialization” of university research. As one review in BioMed Central put it, “The growing emphasis on commercialization of university research may be exerting unfound pressure on researchers and misrepresenting scientific research realities, prospects and outcomes.”[59]

C. Important tenants of the Common Rule and their limitations

Designed to prevent against disastrous cases, the two most impactful tenants of the Common Rule are the establishment of the IRB and the use of informed consent. In application, however, the Common Rule seems to have collapsed into a system where the IRBs focus primarily on consent forms and significantly less on the other elements highlighted.

The Common Rule specifies that IRB’s focus on seven elements: risk minimization, risk/benefit comparison, equitable subject selection, informed consent, data monitoring to ensure safety, privacy protection and confidentiality, and protection of vulnerable subjects.[60] However, one study of 20 IRB meetings across 10 leading academic medical centers showed that on the low end, only 40% of the IRBs discussed equitable subject selection, whereas on the high end, 98% of IRBs discussed informed consent extensively.[61] The second highest after informed consent was 87% of IRBs having discussed protection of vulnerable populations, with the remaining Common Rule criteria falling between the 40% and 87% discussion rates, the result being a lack of uniformity in application of essential elements of human subjects protection across IRBs.[62]

In addition to problem of inconsistent IRB coverage of the basic protections required in the Common Rule, the adequacy of informed consent has been called into question. Some would say using informed consent as “anything goes so long as there is consent” is a flawed basis[63] and others discuss the difficulty in establishing exactly what informed consent means. While the Common Rule calls for the inclusion of pertinent information,[64] it has regularly been the case that researchers bury important aspects of the research experiment within lengthy and convoluted documents, difficult for the lay person, who is in many cases the research subject, to understand.[65] Also, questions of whether certain classes of persons can consent at all, including children, the mentally disabled, and those particularly vulnerable to coercion, such as prisoners, remain, as do questions about whether it is ethical for such vulnerable persons to have others consent for them.

Essentially, the current limitations of the Common Rule come from the internal nature of the IRBs, their lack of uniformity due to a lack of resources and education, and the inadequacy of informed consent. While ideally human subject research will occur between educated and aware subjects who are given full access to all necessary information to make a legitimately consenting decision, the reality is that informed consent documents are often dense and hide necessary information. This issue is further exacerbated by the fact that IRBs focus entirely too much on informed consent alone and hardly enough on the ethical quality of the research experiment itself and the vulnerability of the subjects taking part in the study. Furthermore, they are often swamped with reviewing a multitude of research projects ongoing at their own institutions. Unfortunately, though, informed consent standing alone, especially as it is currently applied, can hardly safeguard persons from the often deadly risks associated with poorly regulated clinical trials.

IV. The Common Rule Going Forward

A. The Notice of Proposed Rulemaking

On July 2011, the U.S. Department of Health and Human Services (HHS) took a giant step towards the first general overhaul of the Common Rule since it was first issued in 1991 by publishing the Advanced Notice of Proposed Rulemaking (ANPRM).[66] The ANPRM was much awaited by many who believe modernization of the Common Rule is desperately needed but it did not advance anywhere until four years later, on September 8, 2015, when the Notice of Proposed Rule Making (NPRM) made its debut. The Office of Human Research Protections stated that the focus of the NPRM was to elaborate particularly on two of the three key concepts upheld in the Belmont Report, autonomy and beneficence,[67] in addition to the last of the concepts, justice.[68]

In order to achieve this, eight major proposals have been included in the NPRM, some new and some adapted from the ANPRM, which hope to streamline the entire process and give greater protection and control to participating human subjects. The NPRM “sets forth proposals to modify informed consent for biospecimen research, improve the understandability of consent forms, mandate single institutional review board (IRB) oversight of research, and establish data security safeguards.”[69] In addition, the NPRM seeks to extend the scope of the policy to cover all clinical trials conducted as an institution that received federal funding for human subjects research, regardless of their particular funding source.[70] Finally, the NPRM adds exemption and exclusion categories, as well as categories for which continued IRB review throughout the life of the research experiment can be eliminated.[71]

Four of these proposals particularly impact the situation of the research university. The most major (logistically speaking) proposed change has been to almost always require informed consent for the secondary use of biospecimens,[72] regardless of their identifiability.[73] Essentially, the proposal would expand the definition of a human subject to include biospecimens.[74] Previously the definition of human subject for purposes of the common rule only included a living person about whom a researcher obtains personal data or private information that can be connected to the person;[75] de-identified biospecimens were not included. Two alternative proposals call for expanding the definition to either include whole human genome sequencing or to include only certain biospecimens used in particular technologies.[76] Under the NPRM, consent will almost always be needed to conduct research with even de-identified biospecimens. In order to help cover the magnitude of specimens this change would include, the NPRM allows for “broad consent” to be given for the unspecified future use of biospecimens in research, as opposed to specific consent for a specific study. Additionally, the IRB’s ability to waive the consent requirement for the use of biospecimens is further limited under the NPRM.[77] These changes are designed to further the Belmont goal of autonomy, giving persons control over the use of their biospecimens.[78]

The second major proposal the NPRM makes is to simplify the informed consent document. Also in keeping with the goal of enhancing autonomy, the NPRM calls for information to be presented in sufficient detail and organized and presented in a way that facilitates prospective subject’s understanding of the reasons why one might or might not want to participate.[79] One key new feature is the addition of the reasonable person standard, designed to be akin to the legal understanding of the reasonable person.[80] The NPRM emphasizes that essential information that a reasonable person would want to know should be given to prospective participants upfront in consent documents before any other supplemental information is provided.[81] Additionally, supplemental information is encouraged to be organized into an Appendix to further organize and clarify the informed consent document. Finally, to achieve greater transparency, the NPRM calls for a one-time requirement that consent forms of clinical trials be posted on a designated government website sixty days after the recruitment process for the study closes, making the forms accessible to the public eye.[82]

Particularly of interest to university researchers, a third major proposal seeks to bring more clinical research under the Common Rule regulations. It requires U.S. institutions which receive any sort of federal funding for non-excluded, non-exempt human subject research to subject all of their clinical trials to the Common Rule, regardless of any other funding sources. The only exception for this proposal would be clinical trials already subject to FDA regulation.[83] This proposal thus impact not only the universities conducting the research, but also the sponsors who partner with university researchers to conduct clinical trials.

Finally, advantageous to researchers moving between universities, the NPRM calls for only one IRB to review multi-site research conducted at U.S. institutions. Previously, the IRB from each location where the research was being conducted had to independently review the research project. Exceptions to this proposal are made where more than one IRB is required by law or where a federal department or agency determines more than one IRB is needed. As a part of this proposal, independent IRBs will be held directly accountable for compliance with the Common Rule.[84]

B. Analyzing the changes in light of university conflicts

The NPRM is over 130 pages of dense and sometimes vague proposals – covering about eighty-eight different issues within eight major changes – making it difficult even for experts to digest and understand the changes and what impacts they will have.[85] From what can be discerned, four of the eight proposed changes included in the NPRM are specifically related to the issues highlighted in this paper. In sum, they are the proposal to sometimes require consent for certain biospecimens, the proposed reorganization of the informed consent document, the proposal to require only one IRB review research taking place at multiple different U.S. locations, and the proposed expansion of the Common Rule’s coverage regardless of funding source.

The proposal to require consent for the use of certain biospecimens poses a massive logistical problem for researchers everywhere, including at universities. The vast majority of biospecimens are collected during clinical service, rather than specifically for the cause of research. Broad consent upfront helps to blanket all of the biospecimens moving from collection in clinical service to the research arena, but in practice it will make the process more expensive, requiring researchers to track the type of consent and which biospecimen it is linked to.[86] This tracking is key particularly where consent waivers are involved. IRBs have the authority to waive the consent requirements where there is compelling scientific reasons for the use of the biospecimens and the research cannot be conducted with other biospecimens for which consent can be or was obtained. However, IRBs will not be permitted to waive the consent requirement if the individuals providing the biospecimens were asked to give broad consent and declined.[87] Adding additional cost burdens such as these tracking requirements will impose can only contribute to the funding burdens of university researchers.

Next, the proposals look to the consent document to attempt to give human subject participants greater awareness and control over their involvement in the human subject research. The NPRM added the reasonable person standard, stated that information important to the reasonable person should be placed upfront and in a clearly organized manner in the consent document, encouraged that other supplemental information be organized neatly in an appendix, and required that the consent document be posted on a government website once the recruitment period closes. However, these changes not only minimally improve the issue of informed consent, but also create new problems. Nowhere in the NPRM is the definition of the reasonable person expounded upon,[88] causing confusion about what information and even what reading levels satisfy that standard, particularly among different demographics of human subject populations.[89] The Common Rule and the NPRM provide mandatory elements which should be included in the consent form,[90] but some argue not all of these elements are pertinent to different subject populations.[91] Secondly, no templates or specific guidelines are given for what constitutes “clearly organized,” other than a general suggestion to include important elements upfront and supplemental information in an appendix. Finally, the posting requirement is expected to be burdensome without providing any clear benefit. It is a one-time posting requirement, taking place after the recruitment process concludes, meaning it neither benefits those interested in being recruited to participate in the study nor does it provide up to date information once the study commences as the study may be changed or updated as it progresses.[92]

Moreover, some experts complain that the protections of informed consent should not be focused on the document but rather on the process.[93] While some would argue that the move to streamline the document is an effort to reduce paternalistic attitudes in how researchers deal with participants, others would say the move actually enhances those paternalistic notions because ultimately the IRB will still be the only entity to fully review consent documents.[94] Dr. Ross McKinney, Director of Bioethics at the Trent Center, said in response to the NPRM consent form proposals that, “what we were urged to do in Belmont was respect for persons, and autonomy is one element of that respect, but when you present information to people that they cannot understand in a format that they will not bother to go through, you are not respecting persons. The NPRM as best I can see it does nothing to further our respect for persons.” In addition, this development still misses a major factor relating to informed consent, and that is the effectiveness of the IRB’s reviewing the study itself for inherent ethical dilemmas.[95] If the IRBs do not effectively review the consent process in the first place, even the supposed protection of a paternalistic method falls flat.

Furthermore, the NPRM does not discuss who has the final say with regards to the consent documents. This is a major problem for the legitimacy of the consent process because sponsors can and do use this gap to push for the inclusion and exclusion of certain information and formats.[96] Particularly where an IRB is attached to a certain organization rather than functioning independently, they are often placed under enormous pressure to compromise lest the industry sponsor bows out and the researchers are left with inadequate resources and funding.[97] Currently the NPRM and Common Rule do nothing to hold sponsors accountable in the consent process, including having no requiring that sponsors be divulged.[98] This harkens to the NPRM sub-proposal to hold independent IRBs directly accountable for compliance with the Common Rule. The overall proposal to streamline the process for multi-site research by allowing for only one IRB to review is a welcome change because it reduces the existence of conflicting IRB opinions about one research project. Unfortunately, however, the sub-point holding IRBs directly accountable moves the Common Rule further from addressing the real culprit: the sponsors.

Despite this gap, the last of these four proposals, namely the proposal to expand the Common Rule’s impact by subjecting all research at a federally funded institution to the federal regulation, does help to address previously untouched problems. The inherent conflict in human subject research is success and profit versus individual human dignity and safety. Where human subject research is conducted in a competitive market system, the drive for success and profit can easily begin to overcome the rights of the individual human person involved as a human subject. Given that many universities and other research institutions receive at least some portion of their funding from the federal government, this proposal would very quickly expand the scope of the Common Rule to almost all areas of human subject research conducted in the U.S.

C. Going Forward

The period for notice and comment regarding the NPRM closed, after an extension, on January 1, 2016.[99] 2,189 comments have been filed concerning the NPRM, up from the roughly 1,000 comments that were received concerning the ANPRM.[100] From this point, the comments will be addressed by the Department of Health and Human Resources before the release of a final rule which will officially update the Common Rule for the first time since 1991. The final rule is expected to be released sometime in the year 2016.[101]

V. The Unresolved Conflicts of Interest

The unfortunate reality is the NPRM as it stands is a hugely lost opportunity. Technology has been progressing at unprecedented rates, but the Common Rule needs to address more than just the security and privacy issues that have evolved with technology.[102] As one commenter put it, the “Henrietta Lacks concern over commercialization” is being overblown,[103] and the real issues at hand are not being addressed.

Much of the inherent conflicts of interest embedded in human subject research surrounds the idea and implementation of informed consent. Informed consent has positioned itself as the hallmark principle of each of the major ethical codes; Nuremberg, Helsinki, Belmont, and now the Common Rule. As one critic[104] of informed consent noted, consent “is intimately connected to our ideas of ‘liberty’ (I may do what I choose to do, and may refuse to consent to actions in which I do not wish to be involved); ‘equality’ (we all get to consent); ‘autonomy’ (I and only I may make these choices and decisions); and ‘dignity’ (I may make these decisions because of who and what I am).”[105] He continues, “Perhaps because consent is so embedded in our moral thinking, we put it to at least two different tasks. First, consent is a basic fundamental prerequisite of our political and social institutions and of our dealings with one another. We have lost the premodern vision of the world as an organic whole, and so consent, rather than nature or design, structures the coming together, binding together, and living together of modern master-less men. This side of consent animates the political ‘consent theory’ and permeates the rhetoric of the American founding. It is a necessary first condition for the legitimacy of the institution or end-state that proceeds from the act of consenting.”[106] Without proper conducted and adequately informed consent, the validity of researcher actions is highly suspect, and society cries injustice.

Despite our recognition that informed consent is a defining principle in valid human subject research, we have yet to agree on what informed consent exactly is or what it should look like. Currently, the Common Rule places great emphasis on the actual consent document itself, much to the dismay of many well-meaning practitioners in the research field.[107] However, there is little to no empirical research on informed consent and what constitutes an effective method of ensuring the participants in the research study have actual comprehension of the study and the ramifications of being a part of it.[108] Lists of required elements, like the one contained in the Common Rule (which is being added to by the NPRM) are only minimally effective since the focus for IRBs and researcher potentially becomes meeting data requirements rather than improving understanding. What instead needs to be done is to look at informed consent as a process rather than a single document with a signature. The objective, after all, is “to provide adequate information in a dispassionate style so that a reasoned decision about participation can be made.”[109] Ultimately, the informed consent process should be about making sure the participant is fully aware, autonomous, and competent to ensure they can give an authentic response about their desire to participate or not participate in a research study.

Sponsors or industry partners, however, can destroy the validity of informed consent in two ways: by cloaking or omitting certain information from a participant in order to obtain human subjects for their research, or by designing studies that are inherently wrong. Given that the Common Rule and NPRM are silent as to who has the final say in the consent documents, the former is still a very real issue. The latter, however, has been untouched by the NPRM and only minimally discussed by the Common Rule or the researchers who function under it. “The first and most important question is whether the experiment should be done at all.”[110] Richard W. Garnett writes that in every case of human subject experimentation, there are three interests, and not just the two of the researcher and the human subject. That third interest is our interest in preserving human dignity in our community. We as humans, though not necessarily the human subject of the moment, either suffer or benefit from the performance or non-performance of certain experiments.[111]

The Common Rule does seek to protect human subjects from studies that could be seen as inherently wrong or dangerous through the use of the IRB. As we have seen, however, IRBs have not been effective in implementing a holistic understanding of the Common Rule and instead tend to zero in on the informed consent documents.[112] The reality is, responsibility should extend beyond IRB. Sponsors who provide funding, as well as often unwanted pressure to increase chances of success for marketing purposes, must be held accountable, as well as the researchers themselves. The remarkable lack of case law concerning human subject research, contrasted with the relatively high number of even just recent cases of death and injury from poorly run clinical trials, is a testament to the lack of accountability currently in the system.

If anything, the Common Rule should be updated to deal with the changing nature of research relationships, particularly on university campuses. The pressures of funding and achieving success only add to the tension that already exists between the researcher and the human subject, and it is utterly unacceptable that sponsors to human research projects can maintain such a level of power and authority over the consent process – a process which plays such a vital role in the Common Rule’s scheme for the protection of human subjects. Unfortunately, the Common Rule has thus far seemed to limit itself, first by waiting so long to update its regulatory scheme, and second, because the NPRM only adds to already cumbersome and often complicated regulations, rather than providing any guidance to harken back to its roots in the Belmont Report. The principles of justice, beneficence, and respect for persons (or autonomy) have found their place, for good or ill, as the bedrock principles of the United States’ ethical understanding for dealing with human persons, and if they are to remain as such they must be couched in a regulatory system that enhances their understanding and effect rather than diminishing it.

VI. Conclusion

The arena of human subject research is nothing short of complicated, both in the rapidly ever-changing nature of the research conducted and the application of ethical principles to such a fluid field. Isaac Asimov succinctly described this issue when he wrote, “The saddest aspect of life right now is that science gathers knowledge faster than society gathers wisdom.”[113] History has showed us the high stakes that can come with advancing the cause of science through human subject research, from atrocities in Nazi war camps to seemingly preventable deaths in modern clinical trials at prestigious universities like Johns Hopkins. The Common Rule and the most recent NPRM work to prevent some of the negative ramifications of poorly conducted human subject research through outlining new procedures that should further guide the actions of researchers. However, the NPRM is already long overdue and as of yet, is still missing some key components to adequate protection of human subjects in research. A strong, core understanding of the meaning of the informed consent process and a robust structure to deal with the tensions between funding sources and the goodwill of researchers is desperately needed. Without either of these core principles, the conflict inherent in human subject research is hardly dealt with and abuses are sure to continue with more frequency than is acceptable.

The research university is uniquely positioned concerning these issues, not only because it has become the host of a large quantity of modern research, including human subject research, but because it also has always been a place of advancing human wisdom and not just human knowledge. The university campus is where we frequently challenge our notions of human existence, of human trial and suffering, of human joy and prosperity. Where we see the university advancing towards the goals of consumerism and the marketplace rather than the higher goods of man’s dignity and identity, we must build a firm wall. The advancement of human knowledge should not come at the price of human life or human dignity, and universities are distinctively suited to guard those goods as they have always done.

 

 

*J.D. Candidate, Notre Dame Law School, 2017

[1] Brig. General Telford Taylor, Opening Statement in the Doctors Trial (1946), http://law2.umkc.edu/faculty/projects/ftrials/nuremberg/doctoropen.html.

[2] Daniel Callahan, What Price Better Health? Hazards of the Research Imperative at 135 (Univ. of Cal. Press 2006).

[3] Mary Faith Marshall, Born in Scandal: The Evolution of Clinical Research Ethics, Sci., Apr. 26, 2002 at, http://goo.gl/rV8Qhv.

[4] Richard W. Garnett, Why Informed Consent? Human Experimentation and the Ethics of Autonomy, 36 Cath. Law. (1996) at 465

[5] Leslie Meltzer Henry, Revising the Common Rule: Prospects and Challenges, 41 J. of Law, Med. & Ethics 386, 386-389 (2013).

[6] Steinbrook R. , Protecting Research Subjects – the Crisis at Johns Hopkins, 2002 New Eng. J. Med. 716-720 (2002); Carl Elliot, Why the University of Minnesota Psychiatric Research Scandal Must Be Investigated, MinnPost, Mar. 28, 2013 at, https://goo.gl/YxD3gI.

[7] Robert LaCroix & Louis Maheu, The Emergence of the Research University, in Leading Research Universities in a Competitive World 3-11 (McGill-Queen’s Univ. Press 2015).

[8] Supra note 6

[9] Michael M. Crow & Christopher Tucker, The American Research University System As America’s De Facto Technology Policy, 1999 (1999).

[10] U.S. Department of Health & Human Services, Federal Policy for the Protection of Human Subjects (‘Common Rule’), http://www.hhs.gov/ohrp/humansubjects/commonrule/

[11] The ten principles of the Nuremberg Code, infra, in full are as follows:

1. The voluntary consent of the human subject is absolutely essential. This means that the person involved should have legal capacity to give consent; should be so situated as to be able to exercise free power of choice, without the intervention of any element of force, fraud, deceit, duress, overreaching, or other ulterior form of constraint or coercion; and should have sufficient knowledge and comprehensions of the elements of the subject matter involved as to enable him to make an understanding and enlightened decision. This latter element requires that before the acceptance of an affirmative decision by the experimental subject there should be made known to him the nature, duration, and purpose of the experiment; the method and means by which it is to be constructed; all inconveniences an hazards reasonably to be expected; and the effects upon his health or person which may possibly come from his participation in the experiment. The duty and responsibility for ascertaining the quality of the consent rests upon each individual who initiates, directs, or engages in the experiment. It is a personal duty and responsibility which may not be delegated to another with impunity.
2. The experiment should be such as to yield fruitful results for the good of society, unprocurable by other methods or means of study, and not random and unnecessary in nature.
3. The experiment should be so designed and based on the results of animal experimentation and a knowledge of the natural history of the diseases or other problem under study that the anticipated results        will justify the performance of the experiment.
4. The experiment should be so conducted as to avoid all unnecessary physical and mental suffering and injury.
5. No experiment should be conducted where there is an a priori reason to believe that death or disabling injury will occur; except, perhaps, in those experiments where the experimental physicians also serve as          subjects.
6. The degree of risk to be taken should never exceed that determined by the humanitarian importance o the problem to be solved by the experiment.
7. Proper preparations should be made and adequate facilities provided to protect the experimental subject against even remote possibilities o injure, disability, or death.
8. The experiment should be conducted only by scientifically qualified persons. The highest degree of skill and care should be required through all stages of the experiment of those who conduct or engage in the      experiment.
9. During the course of the experiment the human subject should be at liberty to bring the experiment to an end if he has reached the physical or mental state where continuation of the experiment seems to him            to be impossible.
10. During the course of the experiment the scientist in charge must be prepared to terminate the experiment at any stage, if he has probable cause to believe, in the exercise of good faith, superior skill, and careful judgement required of him, that a continuation of the experiment is likely to result in injury,     disability, or death to the experimental subject.

Reprinted in Wendy K. Mariner, AIDS Research and the Nuremberg Code, in The Nazi Doctors and the Nuremberg Code: Human Rights in Human Experimentation 286-304 (George J. Annas & Michael A Grodin eds., 1992).

[12] Office of the Vice Chancellor, Research and Economic Development, 2015 (2015), http://ors.umkc.edu/research-compliance-%28iacuc-ibc-irb-rsc%29/institutional-review-board-%28irb%29/history-of-research-ethics.

[13] Supra note 2, at 139

[14] Id. 140

[15] Id. 142

[16] Supra note 2, at 140

[17] Id. 142

[18] Supra note 12

[19] Id.

[20] The Nuremberg Code, in 2 Trials of War Criminals Before the Nuremberg Military Tribunals Under Control Council Law No. 10 at 181-182 (U.S. Gov’t Printing Office 1949), http://www.hhs.gov/ohrp/archive/nurcode.html.

[21] Supra note 12

[22] WMA Gen. Assembly, WMA Declaration of Helsinki – Ethical Principles for Medical Research Involving Human Subjects (1964), http://www.wma.net/en/30publications/10policies/b3/.

[23] Id.

[24] The Nat’l Comm’n for the Prot. of Human Subjects of Biomedical & Behavioral Research & U.S. Dep’t of Health & Human Services, Office of the Sec’y, The Belmont Report: Ethical Principles and Guidelines for the Protection of Human Subjects of Research (1979), http://www.hhs.gov/ohrp/humansubjects/guidance/belmont.html.

[25] Id.

[26] Called the “Common Rule” because it is common to 18 departments and agencies, namely the Department of Commerce (15 CFR 27), The Department of Defense (32 CFR 219), the Department of Education (34 CFR 97), the Department of Energy (50 CFR 745), the Department of Health and Human Services (45 CFR 46), the Central Intelligence Agency (45 CFR 46), the Department of Homeland Security (45 CFR 46), the Social Security Administration (45 CFR 46), the Food and Drug Administration (45 CFR 46), the Department of Housing and Urban Development (24 CFR 60), the Department of Justice (28 CFR 60), the Department of Transportation (49 CFR 11), the Department of Veterans Affairs (38 CFR 16), the Consumer Product Safety Commission (16 CFR 1028, the Environmental Protection Agency (40 CFR 26), the Agency for International Development (22 CFR 225), the National Aeronautics and Space Administrations (14 CFR 1230), the National Science Foundation (45 CFR 690) and the Department of Agriculture (7 CFR 1c); The Department of Labor will join for first time under the NPRM.

[27] “The Common Rule,” 45 C.F.R. § 46 (2009).

[28] Supra note 5

[29] Id.; Summary, Doug Lederman, Updating the Common Rule, 2011 Inside Higher Ed (2011) at, https://goo.gl/EvUYpU.

[30] Supra note 5

[31] Supra note 7, at 1

[32] Id. at 4

[33] Supra note 7, at 5

[34] Arden L. Bement Jr. & Angela Phillips Diaz, U.S. Public Research Universitites: A Historical Perspective, Purdue Univ. (2011), at 1.

[35] Id. at 2.

[36] Id. at 4; Judith Jarvis Thomson et al., Academic Freedom and Tenure: Corporate Funding of Academic Research, 69 Academe 18a (1983) available at http://www.jstor.org/stable/40249083.

[37] Academic Freedom and Tenure, supra note 36.

[38] Supra note 37.

[39] Supra note 37.

[40] Supra note 34, at 4

[41] Id. at 5; Jerry G. Thursby & Marie C. Thursby, Faculty Participation in Licensing: Implications for Research, 40 Res. Pol’y 20, 20-29 (2011).

[42] Supra note 37.

[43] Michael Price, Funding Cuts Ravage Academic Laboratories, 2013 Sci. Careers: The Job Market (2013), http://www.sciencemag.org/careers/2013/09/funding-cuts-ravage-academic-laboratories.

[44] Yudhijit Bhattacharjee, Industry Shrinks Academic Support, 312 Sci. (2006), http://www.sciencemag.org.

[45] Supra note 7, at 8

[46] Supra note 27; Supra note 12; Carl H. Coleman, Vulnerability as a Regulatory Category in Human Subject Research, 2009 J. of Law, Med. & Ethics (2009).

[47] G. Kolata, Johns Hopkins Death Brings Halt to U.S.-financed Human Studies, 2001 N.Y. Times A1 (2001).

[48] Id.

[49] Id.

[50] Carl Elliot, “I Was Just Following Orders”: A Seroquel Suicide, a Study Coordinator, and a “Corrective Action”, 2012 Mad in America Science, Psychiatry & Community (2012) at, https://goo.gl/QdWVCU; Carl Elliot, University of Minnesota Blasted for Deadly Clinical Trial, Mother Jones, Apr. 3, 2015 at, http://goo.gl/9aobJb.

[51] Carl Elliot, Why the University of Minnesota Psychiatric Research Scandal Must Be Investigated, MinnPost, Mar. 28, 2013 at, https://goo.gl/YxD3gI.

[52] Grimes v. Kennedy Krieger, 782 A.2d 807 (Md. 2001), see footnote 1.

[53] Supra note 50.

[54] Grimes v. Kennedy, supra note 51.

[55] Grimes v. Kennedy, supra note 51.

[56] Looney v. Moore, (2014), (slip Copy).

[57] Id.

[58] Id.

[59] Julia Belluz, The Incredible Tale of Irresponsible Chocolate Milk Research at the University of Maryland, 2016 Vox, Jan. 16, 2016 at (2016), http://www.vox.com/2016/1/16/10777050/university-of-maryland-chocolate-milk; (citing 2015 review in BioMed Central at http://bmcmedethics.biomedcentral.com/articles/10.1186/s12910-015-0064-2).

[60] Supra note 27, Charles W. Lidz et al., How Closely Do Institutional Review Boards Follow the Common Rule?, 87 Acad. Med., May 22 (2012).

[61] How Closely, supra note 60.

[62] Supra note 61.

[63] See generally, Richard W. Garnett, Why Informed Consent? Human Experimentation and the Ethics of Autonomy, 36 Cath. Law. (1996) at 465

[64] Supra note 37.

[65] Grimes v. Kennedy, supra note 51.

[66] U.S. Department of Health & Human Services, NPRM 2015 – Summary, http://www.hhs.gov/ohrp/humansubjects/regulations/nprm2015summary.html.

[67] Video: Office of Human Research Protections: Webinars on the Notice of Proposed Rulemaking (NPRM) (Sept. 30, 2015) at, https://www.youtube.com/watch?v=ykxT25ze-rg&list=PLrl7E8KABz1FtLMpK2zPa8nqV-F-xhW2C&index=1.

[68] Proposed Rules, Fed. Reg. (Sept. 8, 2015) (to be codified at 45 C.F.R.) at 11.

[69] Ropes & Gray, Alert: HHS Proposes Major Overhaul of the Common Rule, , Sept. 8, 2015 at https://www.ropesgray.com/newsroom/alerts/2015/September/HHS-Proposes-Major-Overhaul-of-the-Common-Rule.aspx

[70] Sweeping Changes Proposed to Common Rule Governing Human Subjects Research, Quorum Blog, Sept. 4, 2015 at, http://www.quorumreview.com/2015/09/04/nprm-2015-summary-post/.

[71] Supra note 67.

[72] Id.; Video: Research Match, Enhancing and Clarifying Consent Forms and Establishing Standard Safeguards (Streamed Live Nov. 18, 2015) at, https://www.youtube.com/watch?v=FBTHKkkOP5E.

[73] Supra note 67.

[74] “Biospecimens are materials taken from the human body, such as tissue, blood, plasma, and urine that can be used for cancer diagnosis and analysis. When patients have a biopsy, surgery, or other procedure, often a small amount of the specimen removed can be stored and used for later research. Once these samples have been properly processed and stored they are known as human biospecimens.” National Cancer Institute, Patient Corner: What Are Biospecimens and Biorepositories?, Biorepositories & Biospecimens Res. Branch, July 28, 2014 at http://biospecimens.cancer.gov/patientcorner/.

[75] Research Match, supra note 72.

[76] Supra note 68, at 15.

[77] Supra note 67.

[78] Id.

[79] Id.

[80] Id.

[81] Supra note 68, at 6.

[82] Id.

[83] Supra note 67

[84] Supra note 68, at 51.

[85] Research Match, supra note 72 (citing Maureen Smith).

[86] Id. (citing Dr. Mark Schreiner).

[87] Supra note 67.

[88] Research Match, supra note 72; Supra note 67 (Only mentioned in this video that it is akin to the legal standard).

[89] Research Match, supra note 72 (citing Jeri Burtchell).

[90] The eight elements currently required in the Common Rule are as follows:

1. A statement that the study involves research, an explanation of the purposes of the research and the expected duration of the subject’s participation, a description of the procedures to be followed, and       identification of any procedures which are experimental;
2. A description of any reasonably foreseeable risks or discomforts to the subject;
3. A description of any benefits to the subject or to others which may reasonably be expected from the research;
4. A disclosure of appropriate alternative procedures or courses of treatment, if any, that might be advantageous to the subject;
5. A statement describing the extent, if any, to which confidentiality of records identifying the subject will be maintained;
6. For research involving more than minimal risk, an explanation as to whether any compensation and an explanation as to whether any medical treatments are available if injury occurs and, if so, what they consist of, or where further information may be obtained;
7. An explanation of whom to contact for answers to pertinent questions about the research and research subject’ rights, and whom to contact in the event of a research-related injury to the subject; and
8. A statement that participation is voluntary, refusal to participate will involve no penalty or loss of benefits to which the subject is otherwise entitles, and the subject may discontinue participation at any           time without penalty or loss of benefits to which the subject is otherwise entitled.

Supra note 27.

Elements to be added or changed by the NPRM are as follows:

1. The number of subjects to be included in the trial
2. Prospective subjects are to be informed that their biospecimens may be used for commercial profit and whether the subject will or will not share in this commercial profit.
3. Prospective subjects are to be informed of whether clinically relevant research results, including individual research results, will be disclosed to subjects, and if so, under what conditions.
4. Provide subjects or their legally authorized representatives with an option to consent, or refuse to consent, to investigators re-contacting the subject to seek additional information or biospecimens or to   discuss participation in another research study.

Research Match, supra note 72 (citing Carson Reider and Dr. Ross McKinney).

[91] Research Match, supra note 72. (For example, a patient population with diabetes would not necessarily need additional information about diabetes treatment or simplified language concerning diabetes since they are already familiar with the disease).

[92] Id. (citing Amy Schwarzhoff).

[93] Id. (citing Dr. Ross McKinney and Dr. Mark Schreiner).

[94] Id.(citing Carson Reider, Dr. Ross McKinney, and Amy Schwarzhoff).

[95] Supra note 60.

[96] Research Match, supra note 72 (citing Carson Reider and Dr. Mark Schreiner, etc.)

[97] Id. (citing Amy Schwarzhoff).

[98] Id. (citing Dr. Ross McKinney).

[99] U.S. Department of Health & Human Services, Federal Policy for the Protection of Human Subjects (2016) (docket Folder), http://www.regulations.gov/#!docketDetail;D=HHS-OPHS-2015-0008.

[100] Supra note 67.

[101] Id.; Research Match, supra note 72/

[102] Supra note 68, at 25, 35, 45.

[103] Research Match, supra note 72 (citing Dr. Ross McKinney)

[104] Richard W. Garnett gives an interesting discussion concerning whether informed consent is sufficient as a regulatory tool and safeguarding principle in the area of human interaction. He writes, “We might block the consented-to action, but we pay lip service to consent’s justifying role by assuring ourselves that had the consent been untainted, had it been ‘informed,’ it would have ha moral force. In fact, we pay lip service precisely because we often slightly suspect that consent cannot and foes not always justify. Therefore, in difficult situation, we declare that the decision maker did not or could not really consent, that the consent was not ‘informed’ or ‘knowing’ or ‘voluntary.’ Rather than admit that the consent does not and could not justify the act, we denigrate the consent and, necessarily, the consenter as well.

“This is cheating; it is a subterfuge designed to hide our unease and to allow us to profess simultaneous commitment to values that often conflict.”

Supra note 4, at 460 (citing Robin West, Colloquy, Submission, Choice, and Ethics: A Rejoinder to Judge Posner, 99 Harv. L. Rev. 1449, 1449-50 (1986)(arguing that readers would not believe that people should be allowed to sell themselves into slavery or prostitution) and Guido Calabresi & Philip Bobbitt, Tragic Choices 195-199 (1978)).

[105] Id. at 457.

[106] Id. at 458.

[107] Research Match, supra note 72.

[108] Cognitive scientists have shown in numerous experiments that the “phrasing” and the way that information is presented can severely affect the decision the human subject makes. A classic example is the consent for becoming an organ donor, which was given to patients before surgery. By changing the wording from “Check here if you want to become an organ donor” to “Check here is you do NOT want to become an organ donor,” scientists were able to get a much higher consent rate. However, there is little data on this with regards to informed consent in human subject research; an area arguably more complex than checking a box to become or not become an organ donor. The Common Rule provides no such data on the issue with regards to clinical trial informed consent documents, much less whether or not an informed consent document is the most apt method for ensuring proper informed consent.

[109] Research Match, supra note 72 (citing Dr. Ross McKinney)

[110] Supra note 4, at 493

[111] Id. at 498

[112] How Closely, supra note 60.

[113] Isaac Asimov & Jason A. Shulman, Isaac Asimov’s Book of Science and Nature Questions 281 (Weidenfeld & Nicolson 1988).

Reconsidering Graduate Student Unionization After Brown University – OLD

01.31.2017  |  Comments Off on Reconsidering Graduate Student Unionization After Brown University – OLD

Matthew Wesley[1]

I. Introduction

Graduate students at Brown University, Cornell University, The New School, Yale University, and Columbia University have initiated unionization drives within the last year. At Columbia, the student group who initiated the unionization drive claimed that it had gotten 1,700 of Columbia’s 2,800 graduate teaching and research assistants to sign forms declaring that they wanted a union to represent them and had petitioned the regional office of the National Labor Relations Board for an election.[2] However, despite a majority of Columbia’s graduate students expressing a desire to be represented by a union, the regional office refused to recognize the bargaining unit because of National Labor Relations Board precedent holding that graduate students are not employees under the National Labor Relations Act, and therefore cannot unionize.[3]

Graduate students often take on multiple roles while enrolled in their programs of study. In addition to completing the required coursework and writing, graduate students are often asked to carry out a significant portion of the teaching and research load for their universities. As teaching assistants, graduate students typically teach lecture courses for a professor or preside over smaller discussion sections, whereas research assistants conduct field and laboratory research under the supervision of a professor and aid in furthering that particular professor’s research.[4] Graduate students generally receive some form of compensation, tuition remission or both in return for performing these duties.[5]

Similar to other workers, graduate students are concerned about wages, hours, and other working conditions and have sought to engage in collective bargaining under the National Labor Relations Act (“NLRA”) in order to address these concerns. [6] Efforts by graduate students to gain union representation under the NLRA are complicated due to the employee status issue – specifically, whether an individual can simultaneously be a student and employee and therefore covered under the NLRA.[7] While the issue of whether a graduate student can be both a student and an employee is not new,[8] it has taken on greater significance as universities are increasingly relying on graduate students as a cost effective way of avoiding the higher wages demanded by full-time faculty.[9]

For much of the National Labor Relations Board’s history, it has either side-stepped the issue of whether graduate students at private universities were employees under the National Labor Relations Act or has ruled for one reason or another that graduate students could not simultaneously be employees. However, in 2000, the National Labor Relations Board (“NLRB” or “the Board”) reversed nearly three decades of precedent regarding graduate student status when it addressed the issue in New York University.[10] There, the Board determined that graduate students were employees under the NLRA. The New York University decision had the effect of allowing graduate students at all private universities the possibility of forming a union in order to engage in collective bargaining. However, the New York University decision was short-lived. Four years later, the Board reverted to its prior doctrine in Brown University, denying graduate students the right to unionize on the rationale that they were primarily students and not employees.[11] Currently, the holding articulated in Brown remains good case law and the precedent by which all graduate student unionization efforts are evaluated.

This note begins with an overview of the Board’s history and structure. Part III discusses a series of cases in which the Board gradually adopted jurisdiction over private universities and incrementally developed its community of interest doctrine as that doctrine relates to graduate students. Part IV provides an in-depth history of the NLRB’s jurisprudence as it grappled with whether graduate students were employees under the meaning of the NLRA. Part V addresses the Board’s turnaround in New York University and Part VI examines the Board’s most recent decision in Brown. Part VII entertains criticisms of Brown and argues that Brown was wrongly decided because it deviated from prior interpretations of the statute and previous Board precedent.

II. The National Labor Relations Board’s History, Structure, and Jurisdiction

A. History

With the passage of the National Labor Relations Act in 1935, Congress created the National Labor Relations Board.[12] The NLRA was the second attempt by the Roosevelt administration to create a nationwide uniform right to organize. It displaced a complex body of state common law governing labor relations which emanated from judicial doctrines of conspiracy and tortious conduct.[13] The previous legislation, the National Industrial Recovery Act, had been struck down by the Supreme Court the preceding year holding it exceeded Congress’ authority under the Commerce Clause.[14] The constitutionality of the NLRA was also challenged, but this time the Court upheld the law as a legitimate exercise of Congressional authority under the Commerce Clause.[15]

The NLRA delegated to the NLRB two distinct functions: the prevention and remedying of unfair labor practices[16] and the determination of questions concerning representation.[17] In both kinds of cases, the processes of the NLRB are begun only when requested. These requests must be made in writing and filed with the proper Regional Office. Further, while performing these functions, the NLRB is to represent the public rather than any particular private right or interest.[18] In enacting the NLRA, Congress sought to “obtain ‘uniform application’ of its substantive rules and to avoid the ‘diversities and conflicts [which were] likely to result from a variety of local procedures and attitudes toward labor controversies.’”[19] Therefore, Congress submitted NLRB actions and decisions to judicial review by federal courts of appeal only.[20] When reviewing Board decisions on appeal, the Supreme Court has articulated that appellate courts should give the Board’s decisions great deference.[21] This deference is due in large part to the Board’s composition of experts who have specialized knowledge of labor law.[22]

B. Structure

The National Labor Relations Board includes the Board, the General Counsel, and the regional and sub-regional offices. The NLRB has a bifurcated structure consisting of the General Counsel and the Board. The General Counsel is responsible for the investigation and prosecution of unfair labor practice cases and for the general supervision of the thirty-three NLRB field offices.[23] The General Counsel is appointed by the President, with consent of the Senate, to a four-year term. The Board is the NLRB’s judicial branch and is comprised of five members who serve five-year terms and are nominated by the President and confirmed by the Senate.[24] Each member is appointed to a staggered, five-year term.[25] The process allows each administration to have the opportunity within one term to almost entirely reshape the membership of the Board and to align the Board’s views on labor relations policy with that of the administration.[26] Consequently, the nomination process has taken on enormous significance and has become increasingly politicized.[27] This process, coupled with a high turnover rate of the Board, makes decisions unpredictable and may help to explain why the Board recently has reversed itself within short periods of time.

The Board hears appeals from unfair labor practice cases and challenges pertaining to the elections process. These appeals are derived from decisions in representation cases by Regional Directors and cases prosecuted by NLRB regional field office attorneys around the country and adjudicated in front of an NLRB administrative law judge.[28] In order for the Regional Office to process a representation petition for an election, workers must establish that at least thirty percent[29] of the individuals within an appropriate bargaining unit[30][31] have signed authorization cards or some other indicia which proves that the employees have an interest in having a particular entity serve as the employees’ sole representative for purposes of collective bargaining. If there is a thirty percent showing of interest, the NLRB Regional Director will process the petition and determine issues which may arise concerning the election process. In order to become the bargaining unit’s sole representative, the union must receive a majority of the votes cast from an appropriate bargaining unit. If the union obtains such a majority and there are no valid objections to the conduct of the election, the Regional Director will certify the union as the unit’s representative.[32] Following certification, the employer and union are required to meet and confer and to bargain in good faith over wages, hours, and other terms and conditions of employment.[33] The failure to bargain with the union at this point would constitute an unfair labor practice.[34]

C. Jurisdiction

As noted above, Congress legitimized its authority to enact the NLRA under its commerce power. In order for an employer to fall under the purview of the NLRB, it must be demonstrated that the employer engages in a minimum amount of interstate commerce.[35] The NLRB’s jurisdiction is very broad and covers a great majority of non-government employees within the workplace. Thus, in the college and university setting, the ability of graduate students to organize will depend on whether the university is engaged in interstate commerce and is public or private. The NLRA regulates only private sector employers; state law governs the organizational rights of graduate students at public universities.[36]

State labor laws vary greatly in their permissibility of collective action by employees. Some states have recognized graduate student as employees as well as their right to organize and negotiate collective bargaining agreements.[37] Currently, approximately fourteen states permit public university graduate students to engage in collective bargaining.[38] In approximately eleven states, public university employees are allowed to collectively bargain, but the eligibility of graduate students has yet to be determined.[39] In these instances, state statutes are usually silent and the determination of whether graduate students are employees eligible to unionize has been left to the courts and state labor boards.[40] In another twenty-three states, collective bargaining rights are denied to all university employees, including graduate students.[41] Given the significant variation among state labor laws, graduate students must look to the specific statutory scheme of the state where their institution is located in order to determine which policies and procedures govern their right to organize for purposes of collective bargaining.

Unlike public universities which are governed by their state labor laws, private universities fall under the domain of the NLRB. However, the NLRB has historically refused to recognize graduate students at private universities as employees.[42] As the following cases demonstrate, the NLRB was slow to extend its jurisdiction to include private universities per se, much less students at such universities.

1.Columbia University

In the decades following its enactment, the NLRB refused to extend collective bargaining rights to anyone employed by private universities under the theory that colleges and universities were not engaged in interstate commerce, and therefore were beyond the reach of the Board. This view was first expressed in 1951 concerning Columbia University. In Columbia University, a group of clerical employees for the various libraries at the university sought recognition as a unit. The Board acknowledged that the activities of the university sufficiently affected commerce “to satisfy the requirements of the statute and the standards established by the Board for normal exercise of its jurisdiction. . . .”, however, it was deeply concerned about extending jurisdiction to a not-for-profit educational institution.[43] The Board had identified a Senate Committee Conference Report which explained that not-for-profit corporations and associations operating as hospitals were not meant to be covered by the NLRA.[44] It reasoned that extending jurisdiction to a not-for-profit university would not effectuate the policies of the NLRA, “where the activities involved are not commercial in nature and intimately connected with the charitable purposes and educational activities of the institution.”[45]

2. Cornell University

This doctrine persisted for nearly twenty years until the Board revisited the issue in Cornell University. In Cornell University, the Board reversed its holding in Columbia University and extended the NLRB’s jurisdiction to include private universities. Similar to Columbia University, Cornell did not involve graduate students, but rather was an attempt by Cornell and Syracuse University employees to obtain bargaining rights under the NLRA. The Board began its opinion by noting the aggregate operating budget of each institution, its expenditures, government appropriations, and profits from ancillary services provided by the University – each exceeded hundreds of thousands or millions of dollars. It also noted each universities’ significant interactions outside the state. The Board then acknowledged its previous holding in Columbia, but asserted that “the Board’s discretionary standards for asserting jurisdiction [are] not fixed. . . . ”[46] Congress was content to “leave to the Board’s informed discretion . . . when to assert jurisdiction over nonprofit organizations whose operations have a substantial impact on interstate commerce.”[47]

The Board explained that the dividing line between purely commercial and noncommercial activity, as it related to university activity, had not been easily defined. While universities’ primary goals were still educational in nature, in order to carry out their educational functions, universities had “become involved in a host of activities which [were] commercial in character.”[48] Consequently, it was no longer appropriate to extend universities the same exemptions as not-for-profit hospitals. Despite determining that the universities had engaged in commercial activity affecting interstate commerce, the Board refused to establish a precise threshold for when it would exercise jurisdiction and left such a determination for a later date.[49]

With their newly expanded jurisdiction, the NLRB was now able to hear challenges from graduate students at private universities seeking to unionize.

3. Adelphi University

Two years after Cornell, the Board decided a case involving graduate students in Garden City, New York, who attempted to join a faculty union in order to collectively negotiate their working conditions. The Board began its analysis in the same way it began its Cornell opinion, by noting that the University had gross revenues exceeding $1 million and had purchased materials valued in excess of $50,000 from sources outside the State of New York. Given these factors, the Board concluded that the university had “engaged in commerce within the meaning of the Act. . . [and] it [would] effectuate the purpose[] of the Act to assert jurisdiction.”

The Adelphi University graduate students received free tuition in addition to receiving a stipend, which ranged from $1,200-$2,900. In exchange for the stipend, the graduate students were required to perform various duties for approximately twenty hours per week which included teaching classes, preparing examinations, and grading.[51] Because the graduate students sought to join the same bargaining unit as faculty, the Board performed a “community of interest” analysis in which it highlighted the differences between faculty and graduate students.

The graduate assistants are graduate students working toward their own advanced academic degrees, and their employment depends entirely on their continued status as such. They do not have faculty rank, are not listed in the university’s catalogs as faculty members, have no vote at faculty meetings, are not eligible for promotion or tenure, are not covered by the University personnel plan, have no standing before the University’s grievance committee. . . Unlike faculty members, graduate assistants are guided, instructed, assisted, and corrected in the performance of their assistantship duties by the regular faculty members to whom they are assigned.[52]

Thus, the Board determined that there were significant differences between the type of work and functions performed by graduate students and faculty. These disparities were significant enough that a bargaining unit comprised of graduate students and faculty would not share a similar “community of interest”, but rather they would likely have divergent interests, making it nearly impossible for a single labor organization to represent the interests of both faculty and graduate students in one unit. These divergent interests existed because the Board determined that the graduate students were “primarily students” and therefore it was inconceivable that they could have a sufficient community of interest with the regular faculty.[53]

III. Refinement of the NLRB’s Jurisdiction and the Community of Interest Doctrine

The decisions in Cornell and Adelphi firmly established the NLRB’s jurisdiction over private universities as it relates to collective bargaining. In a series of early 1970’s decisions, the Board began to articulate which members performing which job functions qualified as workers under the NLRA for purposes of joining a faculty union. At the conclusion of these cases, one thing was apparent – all students were excluded for purposes of collective bargaining.

C.W. Post Center was the first case in the series to address graduate students’ ability to be included in a collective bargaining unit.[54] In that case, the Board had to determine the appropriate bargaining units for a number of traditional employees within the university system, including: full-time faculty, associate and adjunct professors, librarians, a research associate, laboratory personnel, and guidance and admissions counselors. The Board ultimately found that all professional employees constituted an appropriate bargaining unit but explicitly excluded “student assistants” and “graduate students”.[55] However, the Board’s rationale for permitting the lone “research associate” to join the collective bargaining unit was most telling. The research associate position was distinct from that of graduate students because he had already obtained a doctoral degree and did not teach classes. Rather, he conducted research supported by a grant given to the university. The position was similar to faculty in that he was able to receive tenure and therefore had a sufficient community of interest with other faculty members.[56] C.W. Post Center solidified the distinction between graduate students and faculty for purposes of joining the same bargaining unit – they had different qualifications and different interests in pursuing collective-bargaining, which meant that the two groups would never have a sufficient community of interests.

College of Pharmaceutical Sciences in New York was the second case in the early 1970s in which the Board fleetingly addressed graduate students’ ability to join a faculty union.[57] The bulk of the Board’s opinion addressed the appropriateness of including extended faculty, instructors in the institutional and clinical programs, and laboratory assistants to join a full-time faculty bargaining unit. In the course of that opinion, the Board did take time to refute the notion that graduate students would share the same community of interests as faculty because “their continued employment depends upon satisfactory academic progress toward their respective degrees.”[58] It conceded they received a stipend and worked approximately sixteen to twenty hours a week, but made a distinction that the graduate students were “primarily students” and therefore did not “share sufficient community of interest with faculty members to warrant their inclusion in the unit.”[59] In making a determination that the graduate students were primarily students, the Board was not making a ruling on their status as employees under the Act, but rather was making a distinction for purposes of evaluating a community of interests.

The following year the Board found yet another distinction between teaching assistants and a university-wide union which represented part-time employees. Teaching assistants at Georgetown University attempted to join a collective bargaining unit which included clerical, technical, and hospital employees.[60] The Board noted that student employees were paid differently from regular part-time employees because their pay was diminished by the amount of financial aid each received via academic grants and federal aid.[61] The Board also noted that student employees typically only worked for nine months out of the year and therefore were unlike traditional part-time employees who worked year-round.[62] Thus, the students had “many facts particular to themselves, and [did] not appear to have a community of interests with other regular part-time employees.”[63]

Just a year later in Barnard College, the Board held that ten students – eight graduate students and two undergraduate students – who were employed as resident assistants and bowling alley operators could not be included in the collective bargaining unit of office clerical and other nonprofessional administrative staff employees.[64] The Board again distinguished between traditional university employees and student employees in determining that there was no community of interest. The Board reasoned that student employees are not permitted to remain permanently in their position of employment. However, the largest factor appeared to be that the students’ employment was “only incidental to their educational objectives.”[65] Also notable in Barnard College was the Board’s recognition of an emerging question of whether students who worked at the university were employees under Section 2(3) of the NLRA.[66] The Board did not address the issue of students being both students and employees because the students lacked a sufficient community of interest and therefore the question was moot. However, it was the first time the Board acknowledged the possibility of such an argument and one the Board would repeatedly have to address in the future.

The primary lesson learned from the preceding cases was that graduate students, or even students for that matter, could never share the same community of interests as faculty members or other university employees. Notable differences in their job description, their qualifications, and pay prevented graduate students from sharing a sufficient community of interests with lifelong academics who had obtained terminal degrees and occupied tenured positions at their institutions or with other university employees. If graduate students were going to establish an appropriate collective bargaining unit, with a sufficient community of interest, they would have to stop looking beyond their own ranks. They could avoid problems of community of interest only by forming their own unit.

IV. Graduate Students As Employees under the NLRA

In the mid-1970s, after years of unsuccessfully seeking recognition in units which included faculty or other university staff, graduate students sought employee status and recognition exclusively as graduate students. Because graduate students generally encounter similar working conditions within the university, employers were unable to challenge the request for recognition on community of interest grounds. Rather, the Board had to address whether a student could in fact be an employee under the Act.

A. Leland Stanford University

In 1974, eighty-four graduate students in Stanford University’s physics department sought recognition as employees and the right to form a union.[67] They did not seek to join a faculty union, but rather planned to start their own. The community of interest test as applied in the previous cases was not applicable; not only were all of the members within the unit graduate students, but they also were in the same course of study and therefore distinctions based on academic discipline were also out of the question.

The graduate students claimed that they were student-employees. In support of that statement, they noted that they were paid through Stanford’s normal payroll machinery for their work and as such were employees under the NLRA.[68] However, Stanford insisted, and the Board agreed, that the physics graduate students were not employees. There were several notable characteristics of a traditional employer-employee relationship absent in the relationship between the graduate student research assistants and the university.

First, the research that the graduate students were required to engage in was a necessary part of the PhD program because it helped prepare the students to select a topic for their dissertation and they received academic credit for this work which counted towards their degree.[69] Second, the money received by the students was a stipend which was meant to make the pursuit of an advanced degree possible.[70] While it is true that the graduate research assistants received their stipend through Stanford’s payroll machinery, the actual source of the funding was obtained through contracts or grants by government agencies or third parties. Research assistants did receive some benefits such as health care. They were not, however, extended traditional fringe benefits such as sick leave, vacation, or retirement benefits. Third, because the money received was a stipend, there was no correlation between the type of research done and the amount received by the student, nor was there a correlation between the hours spent conducting research and the amount received.[71] Finally, because the source of the stipend was from government contracts or grants, it was not taxed as part of the research assistants’ income, but rather was tax-exempt.

Each of the above-described factors lent credence to the Board’s conclusion that the research assistants were “primarily students” and “not employees within the meaning” of the Act.[72] In subsequent cases, these factors would form the basis of the “primary purpose” test. The primary purpose test would be used to determine whether the individual had achieved employee status under the Act or whether they were primarily a student.

B. Cedars-Sinai Medical Center

In 1976, the Board dismissed a petition for an election among interns, residents, and clinical fellows at Cedars-Sinai Medical Center in Los Angeles, California.[73] While these individuals were not students per se, they were similar to graduate students because they were enrolled in programs which had a practical element which was required to obtain professional status. The interns, residents, and fellows had already completed the classroom portion of their medical degree requirements and were now engaged in the hands-on, or internship, component of their graduate degree. The internships, residencies, and clinical fellowships ranged from one year to five years, with an average length of less than two years. Upon completion of these programs, the majority left the training hospital and entered into practice elsewhere.[74]

The individuals enrolled in these programs received a stipend of $20,000. The Board determined that they did not participate in these programs in order to earn a living, but rather for the primary purpose of pursuing a graduate medical education, of which internships, residencies, and fellowships were a requirement.[75] Similar to graduate students in Stanford University, the number of hours worked or the quality of the work rendered had no bearing on the monetary compensation paid in the form of a stipend.[76] While the students did receive fringe benefits such as health care and vacation, they were not eligible for the employee retirement plan.[77] Finally, the Board determined that these programs were not designed for the purpose of meeting the hospital’s staffing needs, but rather to allow the students to develop the skills necessary to practice medicine in the area of the student’s choosing.[78] These factors, the Board believed, highlighted the “fundamental difference[s] between an educational and employment relationship.”[79]

The stinging dissent written by member Fanning accused the majority of “exploit[ing] semantic distinctions between the terms ‘students’ and ‘employees.’”[80] Fanning argued that the NLRA did not require the relationship between student and employee to be mutually exclusive. Rather, the NLRA was meant to include any employee, unless explicitly excluded by the statute. Students, moreover, were not meant to be among those groups excluded from the statute. In rejecting the majority’s primary purpose test, he noted that an individual could be “’primarily a carpenter’ or ‘primarily a student’, but “nevertheless, an ‘employee’ under the Act.”[81]

Fanning believed that the students were undoubtedly employees under the Act. He argued that the term “employee” was at least as broad as it was understood under the common law.[82] Moreover, the conventional meaning of the word implied “someone who works or performs a service for another from whom he or she receives compensation.”[83] Fanning also noted that the hospital would be vicariously liable for the conduct of the students. For Fanning, this was indicative of an employee-employeer relationship. Fanning also tried to diminish the majority’s classification as a student by emphasizing that they spent the majority of their time providing care for the hospital’s patients and received no grades. He further argued that the mere fact that an individual is learning while performing a service could not possibly serve as a justification for classifying the individual primarily as a student and not an employee.[84]

C. St. Clare’s Hospital

The following year, the Board addressed the ability of graduate students working in a teaching hospital to organize for the purpose of collective bargaining. Realizing that some considered Cedars–Sinai to be an aberration in national labor policy, the St. Clare’s Hospital decision began by reaffirming the holding in Cedars-Sinai as consistent with prior precedent.[85] The Board sought to clarify that Cedars-Sinai was not primarily a decision about the health care industry and therefore only applicable in that setting, but rather Cedars-Sinai was much broader in its application and was primarily a decision about students.[86]

Summarizing its previous case law, the Board noted that student employment can be classified into four general categories. The first category consists of students employed by a commercial employer in a capacity unrelated to the students’ course of study. In this category, the status of individuals as students is sufficiently remote from their employment interests and therefore the distinction between employee and student is inconsequential for purposes of determining the appropriate bargaining unit.[87] The second category involves students who are employed by their own educational institution in a capacity unrelated to their course of study. The Board has excluded students from units which include nonstudent employees and has not afforded them the privilege of being represented separately because in these situations employment is incidental to the student’s primary interest of acquiring an education. In this category, the student’s employment is directly related to their continued enrollment at the educational institution and their transitory status excludes them from being included in bargaining units with full-time employees.[88] The third category consists of students employed by a commercial employer in a capacity related to the student’s course of study. The Board has concluded that the student shall be excluded from a bargaining unit of full-time nonstudent employees because in this instance, the commercial employer is acting as a surrogate for the educational institution, and thus, the student’s interests in their employment is primarily educational in nature. The final category consisted of students performing services at their educational institutions which are directly related to their educational program. In such instances, the Board has excluded students from units which include nonstudent employees and has denied their right to be represented separately.[90]

The majority concluded that the situation at St. Clare’s Hospital was directly analogous to the fourth category. There, graduate students were rendering services which were directly related to and constituted an integral part of their educational program. The services performed by the graduate students were therefore predominantly academic in nature and unsuitable for the collective bargaining process which is fundamentally economic.[91]

The Board was particularly concerned that academic matters, such as curriculum and teaching methods, would become the subject of collective bargaining. The Board feared that there would be a change in emphasis from the quality of education to economic concerns and that this shift would ultimately have a detrimental effect on both labor and education. The detrimental effects were particularly relevant in the educational setting because graduate education consists of largely personal relationships between the student and instructor.[92] Collective bargaining does not result in personalized treatment, but rather implies collective treatment for all those represented, and therefore permitting collective bargaining at the graduate level would be “the very antithesis of personal individualized education.”[93] Furthermore, the superior knowledge and experience possessed by the instructors places them in the best position to determine the most appropriate course of instruction. Thus, the Board reasoned that the instructional methods and, by implication, graduate education in general, should not be the subject of collective bargaining.

D. Boston Medical Center

The precedents established in Cedars-Sinai and St. Clare’s Hospital were expressly overruled in Boston Medical Center.[94] The facts of Boston Medical Center were nearly identical to Cedars-Sinai and St. Clare’s Hospital – a unit of interns and residents in a teaching hospital sought representation. In reaching its conclusion, the Board was persuaded by Member Fanning’s definition of employee advocated in Cedars-Sinai and St. Clare’s Hospital which was rooted in the common law concept of servant.[95] The Board, relying on a recent Supreme Court decision, stated that Section 2(3) created a “’broad statutory definition of employee.’”[96] The fact that the interns may also be students has no bearing on their employee status because “nothing in the statute suggests that persons who are students but also employees should be exempted from the coverage and protection of the Act.”[97] All of the essential elements necessary to define an employer-employee relationship were present in the relationship between the housestaff (interns and residents) and the hospital.

In support of the conclusion that the housestaff could simultaneously be students and employees, the majority pointed to the fact that the housestaff worked for a statutorily covered employer and were compensated for their services in the form of the stipend. Additionally, the hospital withheld federal and state taxes on the stipend and provided an array of fringe benefits, including: worker’s compensation, paid vacation, sick leave, health, dental, life and malpractice insurance. These were the same benefits that other hospital employees received. Further, the majority observed that housestaff spend nearly eighty percent of their time at the hospital engaged in direct patient care. The fact that housestaff “also obtained educational benefits from their employment does not detract” from their status as employees because their “status as students is not mutually exclusive of a finding that they are employees.”[98] Thus, the Board concluded that the housestaff held positions more closely similar to an apprentice, rather than a student, and fell within the definition of employee under Section 2(3) of the NLRA.

This more expansive reading of the NLRA overturned precedent, at least as it pertained to medical interns and residents. The Boston Medical Center decision enabled, at least for the time, these types of students to occupy a position in which they were both a student and employee. The decision, however, was unclear in its application to teaching assistants and research assistants at research universities. Such uncertainty regarding the application of the NLRA set the stage for a further shift in the Board’s jurisprudence.

V. New York University

Just months after its decision in Boston Medical Center, the Board sought to clarify whether all students or only medical interns and residents could be employees under the NLRA. New York University involved a subset of graduate students who served as graduate assistants, graders, and tutors.[99] Within this subset of graduate students, more than a majority sought recognition as employees under the NLRA. As in other cases, the university took the opposite position. The University also argued that there were a number of policy concerns which should prevent the Board from certifying the graduate students as a unit.

Similar to Boston Medical Center, the Board began by applying the common law master-servant test. That doctrine states that the master-servant relationship exists when a servant performs services for another, under the other’s control or right of control, and in return for payment.[100] Adopting the same broad interpretation of Section 2(3) of the NLRA as in Sure-Tan and Boston Medical Center, the Board explained graduate assistants are not in a category of worker who are excluded from the definition provided in that section. Rather, they perform services under the control and direction of the university, for which they are compensated by the university and are carried on the university’s payroll.[101] Thus, the graduate assistants’ relationship with the university was “indistinguishable from a traditional master-servant relationship.”[102] The Board rejected NYU’s attempt to distinguish this case from Boston Medical Center on the basis that the graduate students here only spent approximately fifteen percent of their time performing graduate assistants’ duties for the university. The Board also declined to adopt NYU’s argument that graduate assistants receive only financial aid and not compensation for their services. NYU also attempted to distinguish Boston Medical Center by noting that the housestaff had already obtained their degree which was unlike the graduate students here who performed the work in furtherance of their degree. Rather, the Board concluded that the graduate assistants who spent fifteen percent of their time performing services for the university were no less employees than part-time employees would be under the NLRA. In rejecting the argument that graduate students were not compensated for their work, the Board stated:

It is indisputable, however, that the graduate assistants, unlike the students receiving financial aid, perform work, or provide services, for the Employer under terms and conditions. . . controlled by the Employer. That this is work in exchange for pay, and not solely the pursuit of education, is highlighted by the absence of any academic credit for virtually all graduate assistant work. . . Thus, however the Employer may wish to characterize a graduate assistant position, the fulfillment of the duties of a graduate assistant requires the performance of work, controlled by the Employer, in exchange for consideration. . . .

[W]e disagree with the Employer’s argument that graduate assistant work is primarily educational. . . We recognize that working as a graduate assistant may yield an educational benefit, such as learning to teach or research. But . . . [that] is not inconsistent with employee status. . . Therefore, notwithstanding any educational benefit derived from the graduate assistants’ employment, we reject the premise of the Employer’s argument that graduate assistants should be denied collective bargaining rights because their work is primarily educational.[103]

By applying the common law tests for employee status, the traditional arguments against graduate student unionization would no longer succeed. The Board refused to accept NYU’s policy arguments concerning the collective-bargaining process’ potential chilling effect on academic freedom. Concerns over the chilling effect that collective bargaining could have on academic freedom were used to bolster many pre-Boston Medical Center cases, particularly St. Clair’s Hospital.[104] The Board classified NYU’s fears regarding academic freedom as speculative and noted that faculty members had been permitted to engage in collective bargaining for over thirty years. The parties could “’confront any issues of academic freedom as they would any other issue in collective bargaining.’”[105] The Board concluded by reminding those concerned about any potential infringements upon academic freedom that the NLRA did “not compel agreements between employers and employees,” rather it provides a forum to bring about adjustments or agreements concerning issues but the Act did not compel such agreement.[106]

VI. Brown University

The NYU decision was seen by many as a victory for graduate students across the country.[107] As graduate students were now employees under Section 2(3) of the NLRA, they could now hold elections and vote to bargain collectively with a particular university. The wages, hours, and terms and conditions of employment which had previously been negotiated on an individual basis, if at all, would now be subjected to collective bargaining. The right to unionize lasted for nearly four years until Brown University. The Brown decision was a 3-2 split decision decided along party lines.[108]

Graduate students at Brown University sought to exercise their statutory rights extended in NYU. However, the university argued that the current situation was factually distinguishable from NYU because the majority of the university’s departments at Brown required a student to serve as a teaching assistant or a research assistant in order to obtain his or her degree.[109] The Board, in rendering its decision, did not stop at merely analyzing the factual distinctions between NYU and Brown, but rather concluded that NYU was wrongly decided and that graduate students were not employees under the NLRA.[110]

The Board reverted to its pre-NYU decisions and readopted the primary purpose test articulated in Adelphi University.[111] To support its conclusion that these individuals were primarily students rather than employees, the Board noted that all of the individuals needed to be enrolled at Brown in order to be awarded a teaching assistant, research assistant, or proctor position. Only those enrolled at Brown could be eligible for the position. Also of significance to the Board was the fact that only a limited number of hours were spent performing these duties; their principal time commitment was the pursuit of their degree.[112] However, some of the most persuasive evidence indicating that these positions were primarily educational was the fact that completing a teaching assistant or research assistant position was a necessary component in twenty-one of the thirty-two departments which offered PhD degrees. This constituted sixty-nine percent of all graduate students enrolled.[113] Therefore, the Board determined that being a graduate student assistant and pursuing a PhD were “inextricably linked, and thus, that relationship. . . clearly educational.”[114]

The Board also rejected the argument put forth by the graduate students that the financial support they received was a form of compensation for work performed. Rather, the Board rationalized the financial support as a means to help defray the cost of graduate education. The Board noted that nearly eighty-five percent of continuing graduate students received this assistance and that the amount received was comparable to those students who received funds for a fellowship, which did not require any teaching or research.[115] Reaffirming the rationale espoused in St. Clare’s Hospital, the Board explained that collective bargaining rights could not be extended to students who perform services at their educational institutions that are “directly related to their educational program.”[116]

Because the majority viewed the relationship between students and the university as primarily educational rather than economic, the traditional employer-employee framework was inappropriate.[117] Following the line of reasoning adopted in St. Clare’s Hospital, the NLRB concluded that the collective-bargaining process – a fundamentally economic process – would be of “dubious value” because educational concerns were largely irrelevant to the traditional mandatory bargaining subjects of wages, hours, and working conditions.[118]

The NLRB also addressed the issue of academic freedom in the context of collective bargaining. Permitting graduate students to engage in collective bargaining, the Board thought, would devolve from a discussion of wages, hours, and working conditions into an attempt to bargain over fundamental academic decisions traditionally left to the university and its faculty; these included course length and content, standards for advancement, administration of examinations, and other administrative concerns.[119] Allowing such a discussion would “have a deleterious impact on the overall educational decisions by the Brown faculty and administration. . . [because it] would intrude upon decisions over who, what, and where to teach or research – the principal prerogatives of an educational institution like Brown.”[120]

The dissent in Brown argued that the Board should continue to follow the precedent established only four years prior in NYU. To that end, they believed that graduate assistants in Brown were statutorily employees under the NLRA, to whom collective bargaining rights should be extended.[121] The dissent also argued that the majority had “minimiz[ed] the economic relationship between graduate assistants and their universities. . . [and that their holding] rest[ed] on fundamental misunderstandings of contemporary higher education.”[122] In responding to the minority’s criticism, the majority asserted that “the ‘academic reality’ for graduate student assistants has not changed, in relevant respects, since our decisions over twenty-five years ago.”[123]

In sum, the Board determined that students could not be both students and employees if their work was related to, or a necessary component to, obtaining their degree. In making this determination, the Board acknowledged a number of policy considerations. Among these considerations was the unsuitability of collective bargaining in the educational setting and the effects that collective bargaining could have on academic freedom.

VII. Reconsidering Brown

More than a decade after Brown was decided, it remains binding precedent and all Regional Offices, when confronted with requests for recognition by graduate students, have acknowledged Brown’s constraint.[124] This reliance on precedent is problematic because the Brown decision was premised on the misunderstanding that academic realities for graduate students had remained constant for more than twenty-five years. Further, its holding cannot be reconciled with the language or intent of the statute, and is inconsistent with relevant Board and Court decisions. Given these flaws and shortcomings, Brown needs to be reconsidered.

1. Misunderstanding of Academic Realities

In its departing words, the majority in Brown determined that its analysis should remain faithful to the primary purpose test first articulated in Cedars-Sinai Medical Center because the academic realities for graduate students had not changed since its decision in Cedars-Sinai and therefore there was no justification for upholding NYU.[125] This conclusion, however, was made on a faulty understanding of the current state of higher education. From the time of the Cedars-Sinai decision in the 1970s, to the Brown decision in 2004, there had been a significant upheaval in the way that colleges and universities were managed, and as a result how graduate students were treated and utilized within the university setting.

In the time spanning the two decisions, tuition costs had risen significantly. The National Center for Education Statistics indicates that during that time there was greater than a fivefold increase in college attendance costs.[126] Consequently, colleges and universities had received increased criticism and resistance on the part of consumers and were forced to find ways to increase efficiency and reduce expenses – to operate like a business.[127] One of the means used to constrain costs has been the increased reliance by colleges and universities on graduate students and non-tenure-track instructors. By the late 1990s, the presence of graduate students and adjunct professors had grown to comprise more than forty percent of the teaching force in post-secondary education.[128] This number was significantly higher at some institutions, where graduate assistants and adjuncts can handle over seventy percent of undergraduate classroom hours.[129] Thus, unlike the situation in Cedars-Sinai where the Board indicated that the hospital’s use of student interns was not designed to meet staffing needs, the modern university is using graduate students to meet the instructional staffing needs.

For universities operating on businesslike models and looking to become increasingly more financially efficient, graduate students and adjunct faculty are an attractive alternative to higher paid faculty members because they generally receive lower pay and sub-par benefits.[130] For example, part-time faculty receive about a third of what a full-time faculty member earns per course taught. Further, only seventeen percent of part-time faculty received employer subsidized health insurance as compared to ninety-seven percent for full-time faculty.[131] These figures are likely even lower for graduate students.[132] Thus, for the majority in Brown to argue that there had been no significant changes in the realities of graduate students’ situation since the 1970s was to ignore the modern trends in higher education which had increasingly begun to rely on graduate students and adjunct faculty to meet their employment needs and to reduce their operating costs.

2. Inconsistent With Statutory Definition

The statutory definition of employee provided in Section 2(3) of the National Labor Relations Act is broad in its application. An employee for purposes of the NLRA is defined as “any employee”.[133] In interpreting the Act, the Supreme Court has repeatedly held that that phrase is to be read broadly. For example, in Sure-Tan, Inc. v. NLRB, the Supreme Court wrote that the “breadth of §2(3)’s definition is striking: the Act squarely applies to ‘any employee.’” [134] A unanimous Court in NLRB v. Town & Country stated “[t]he ordinary dictionary definition of ‘employee’ includes any ‘person who works for another in return for financial or other compensation.’”[135] In that decision, the Court looked at congressional reports and floor statements in order to determine the purpose of the NLRA. The Court noted that it was “fairly easy to find statements to the effect that an ‘employee’ simply ‘means someone who works for another for hire’[136] and includes ‘every man on a payroll.’”[137] Statements to the contrary, or statements suggesting a narrow or qualified view of the word are “scarce or nonexistent-except, of course, those made in respect to the specific exclusions written into the statute.”[138] These exceptions include: agricultural laborers, domestic workers, individuals supervised by their spouses or parents, individuals employed as independent contractors or supervisors, and individuals employed by a person who is not an employer under the NLRA.[139] Notably absent from the exemptions listed are students; there is no exception in the statute for employees who also happen to be students or are primarily students.

Prior Board decisions have been consistent with this broad reading of the definition of an employee authorized by the statute and approved by the Supreme Court. For example, in Sundlund Construction Co., the Board held that paid union organizers were employees when they attempted to obtain jobs to try to organize other employees. In so holding, the Board noted the absence of an express exclusion. “Under the well-settled principle of statutory construction – expressio unius est exclusio alterius – only these enumerated classifications are excluded from the definition of employee.”[140] The Board also gave a broad reading to the statutory definition of employee in Seattle Opera Association by permitting auxiliary choristers at a nonprofit opera company to be included in the Act.[141] In adopting the Supreme Court and the Board’s earlier broad reading of the statute and the common law master servant relationship test, the DC Circuit stated:

[I]t is clear that – where he is not specifically excluded from coverage by one of Section 152(3)’s enumerated exemptions – the person asserting statutory employee status does have such a status if (1) he works for a statutory employer in return for financial or other compensation; and (2) the statutory employer has the power or right to control and direct the person in the material details of how such work is to be performed.[142]

Thus, Brown is inconsistent with Supreme Court and Board precedent that has interpreted the meaning of employee to be broad and all-encompassing. Instead, the Board has crafted an exclusion that does not appear in the statute. This is an aberration from its own precedent and a departure from congressional intent which was meant to exclude from the statute only those who are expressly listed.

3. Inconsistent with Prior Court Cases and Board Decisions

Finally Brown’s holding, that an individual cannot be both a student and an employee, is irreconcilable with the long history of cases holding to the contrary. An apprentice, by its very definition, is simultaneously a student and employee.[143] As part of their training, apprentices work for an employer while receiving instructions in their craft. This type of on-the-job training is vital to learning the craft and nearly always accompanied by classroom training. The Board has repeatedly treated apprentices as employees, despite the fact that the work is part of their training for a career. As early as 1944, the Board held that apprentices who attended a school as part of the four or five year training program and worked under the supervision of training supervisors for two and a half years while learning shipbuilding skills were employees under the NLRA.[144] In General Motors Corp., the Board also found apprentices who are required to complete a set number of hours of on-the-job training, combined with the related classroom work necessary to achieve journeyman status, were also employees under the NLRA.[145] Similarly, in Boston Medical Center, the Board found that medical interns, residents and fellows were “employees,” despite also being students.[146] The Board explained that “their status as students is not mutually exclusive of a finding that they are employees.” The fact that students engaged in “long-term programs intended to impart and improve skills and knowledge,” did not jeopardize their status as employees.[147]

In each of these cases, the apprentices were simultaneously students and employees. They engaged in work that was related to their schooling. The Board has never suggested that the work of an apprentice was “primarily educational” and therefore incapable of achieving employee status. Thus, given the striking similarities between apprentices and the work of graduate students, the Board’s distinction that the work of the graduate student is “primarily educational” is a departure from its own precedent established for apprentices.[148]

The Board in Brown purported to substantiate its decision on Adelphi University and Leland Stanford Junior University. However, these cases do not support the proposition that graduate students cannot simultaneously be employees. In Adelphi the Board held that graduate teaching and research assistants were “primarily students.”[149] This determination does not indicate that the Board believed that the graduate students could not also be employees under the NLRA. Rather, the Board had distinguished teaching assistants from regular faculty members for purposes of determining a community of interests. Because the graduate students were primarily students, they did not share a sufficient community of interest with full-time faculty to “warrant their inclusion in the unit.”[150] The Board in Brown did not return to the holding in Adelphi, but instead distorted the holding of that case. At a minimum, Adephi held that graduate students and faculty have different community of interests, but it does not preclude a finding that graduate students are also employees; it simply was not addressed in the decision.

In the same vein, Leland Stanford did not hold that a graduate student could not be simultaneously a student and an employee. The Board found that the graduate students were not employees based on the particular facts of the case. There, the graduate students received academic credit for their work and such work was needed in order to help the student explore potential thesis options. However, the most significant factor was that the students received the tax-exempt stipends from outside funding agencies, not from the university. The Board concluded on these facts, that “the relationship of RA’s and Stanford is not grounded on the performance of a given task where both the task and the time of its performance is designated and controlled by the employer.”[151] Leland Stanford’s holding does not support Brown’s holding that a graduate student cannot be an employee when he or she performs a task under the direction of, and for the benefit of, the university.

To support its finding that student employees are not covered under the NLRA because their relationship to the university was “primarily educational,” the Board relied heavily on St. Clare’s Hospital. This is because there was nothing in Adelphi or Leland Stanford to support a conclusion that one cannot be simultaneously a student and an employee. This line of reasoning had been rejected by Boston Medical Center and decades of case law finding apprentices to be employees under the Act. Because the Board could not find precedent within its jurisprudence to support its conclusion in Brown, it had to rely on St. Clare’s Hospital; this decision, however, had been overruled by Boston Medical Center and thus the Board in Brown relied upon bad case law in order to substantiate its decision.[152]

VIII. Conclusion

The recent efforts by graduate students at Brown, Cornell, The New School, Yale, and Columbia University indicate that the desire for graduate students to be represented for purposes of collective bargaining is still present, despite the ruling in Brown. As colleges and universities continue to use graduate students as a means to defray ever-increasing costs, it is unlikely that their requests for recognition are going to cease any time soon. Because graduate students’ working conditions are unilaterally dictated to them by their employer, they seek a unified voice in order to engage with the employer concerning a discussion over wages, hours, and other terms and conditions of employment. As the reliance on graduate students increases, it is likely that the number of classes that they are required to teach or the number of exams they are required to grade will increase, while their compensation in the form of stipends and other financial aid will remain stagnant.

For those sympathetic to the graduate students’ cause, there is hope. President Barack Obama, during his tenure, has had the ability to replace Board members with those more likely to favor a reversal of Brown. Consequently, as graduate students at Columbia, The New School, and other universities appeal their regional office decisions, they are likely to encounter a Board much more favorable to their plight and willing to reconsider Brown. Those who favor Brown’s holding are likely to argue that constant reversals and overturnings will undermine the Board’s integrity and lead to further unpredictability in the Board’s jurisprudence. However, a Board willing to overturn Brown can support its decision on more than partisan politics. The need to reconsider and overturn Brown can be substantiated on the basis that the Board failed to follow Congress’s intent by declining to read Section 2(3) broadly. A broad reading of the definition of employee is supported both by Supreme Court decisions and prior Board precedent. Additionally, the cases cited in Brown for the proposition that there is some inconsistency between being simultaneously a student and an employee do not support that conclusion. Rather, Adelphi and Leland Stanford reach their conclusions because the graduate students did not share an appropriate community of interest with other unit members and did not directly receive their compensation from the university. Moreover, the Board’s decision completely ignores its previous history of finding apprentices to be employees under the Act. Finally, the Board relied on a decision which had been expressly overruled just a few years prior. Thus, there are compelling reasons to reconsider Brown.

 

 

 

[1] J.D. Candidate, Notre Dame Law School, 2017; B.A. Political Science, Purdue University Northwest, 2014. This note is dedicated to my parents and family who have given me their unyielding support throughout law school and in all of my endeavors. I also wish to thank Professor Barbara Fick for her editorial assistance.

[2] Steven Greenhouse, Columbia Graduate Students Push for a Labor Union, N.Y. Times, March 4, 2015, at A23.

[3] Columbia Univ., 02-RC-14301 (2015).

[4] Adelphi Univ. 195 NLRB 639, 640 [(1972) (categorizing graduate students into teaching assistants and research assistants and differentiating their respective roles).

[5] For example, graduate students at Columbia University receive stipends varying between $20,000-$40,000 depending on the department. Greenhouse, supra note 1.

[6] Grant M. Hayden, “The University Works Because We Do”: Collective Bargaining Rights for Graduate Assistants, 69 Fordham L. Rev. 1233, 1237 (2001).

[7] Robert A. Epstein, Note, Breaking Down the Ivory Tower Sweatshops: Graduate Student Assistants and Their Elusive Search for Employee Status on the Private University Campus. 20 St. John’s J. Legal Comment. 157, 162 (2005); Brown Univ., 342 NLRB 483, 483 (2004) (declaring that the issue to be decided was whether or not graduate student assistants must be treated as employees for purposes of collective bargaining).

[8] Graduate student unionization was first addressed in Adelphi University in 1972. Adelphi Univ., 195 NLRB 639 (1972).

[9] Epstein, supra note 6 at 181.

[10] New York Univ., 332 NLRB 1205 (2000).

[11] Brown Univ., 342 NLRB 483 (2004).

[12] Modjeska ET AL, Federal Labor Law: NLRB Practice §1:1 (2015).

[13] Raymond L. Hogler, The Historical Misconception of Right to Work Laws in the United States: Senator Robert Wagner, Legal Policy, and the Decline of American Unions, 23 Hofstra Lab. & Emp. L.J. 101, 104 (2005).

[14] A.L.A. Schlechter Poultry Corp. v. United States, 295 U.S. 495 (U. S. 1935).

[15] NLRB v. Jones & Laughlin Steel Corp., 301 U. S. 1 (U. S. 1937).

[16] “Congress ensured that collective bargaining would go forward by creating the Board and giving it the power to condemn as unfair labor practices certain conduct by unions and employer that it deemed deleterious to the process. . . .” First Nat’l Maint. Corp. v. NLRB, 452 U.S. 666, 674 (U. S. 1981).

[17] Modjeska, supra note 11.

[18] Id.

[19] NLRB v. Nash-Finch Co., 404 U.S. 138, 144 (U. S. 1971) (quoting Garner v. Teamsters, Chauffeurs and Helpers Local Union No. 776 (A.F.L.), 346 U.S. 485, 491 (U. S. 1953)).

[20] Modjeska, supra note 11.

[21] See, e.g., NLRB v. Curtin Matheson Scientific, Inc., 494 U.S. 775 (U. S. 1990); NLRB v. J Weingarten, Inc., 420 U.S. 251, 266 (U. S. 1975) (stating the Board’s “special competence in this field is the justification for the deference accorded its determination.”).

[22] Modjeska, supra note 11; Lechner, Inc. v. NLRB, 502 U.S. 527, 536 (U. S. 1992).

[23] National Labor Relations Board, General Counsel, https://www.nlrb.gov/who-we-are/general-counsel (last visited Nov. 5, 2015).

[24] 29 U.S.C. §153 (2015).

[25] Modjeska ET AL, Federal Labor Law: NLRB Practice §2:1 (2015).

[26] Ryan Patrick Dunn, Comment, Get a Real Job! The National Labor Relations Board Decides Graduate Student Workers at Private Universities Are Not “Employees” under the National Labor Relations Act, 40 New Eng. L. Rev. 851, 861 (2006).

[27] See, e.g., NLRB v. Noel Canning, 134 S.Ct. 2550 (U. S. 2014), in which an employer challenged a ruling by the Board which consisted of three members who had been appointed by the President using his recess appointment powers. The employer challenged the ruling on grounds that the Board lacked a quorum because the three members were inappropriately appointed. The Senate had met in pro forma sessions in order thwart the appointment process.

[28] National Labor Relations Board, The NLRB Process, https://www.nlrb.gov/resources/nlrb-process (last visited Nov. 5, 2015).

[29] 29 U.S.C. §159(e)(1) (2015).

[30] 29 U.S.C. §159(b) (2015).

[31] In determining the appropriate bargaining unit, the Board often looks at whether the employees have a “community of interests.” A community of interests analysis will look at whether the employees in the proposed bargaining unit share: similarity in the scale and manner of determining earnings; similarity of employment benefits, hours of work and other terms and condition of employment; similarity in the kind of work performed; similarity in the qualifications, skills and training of the employees; frequency of contact or interchange among the employees; geographic proximity; continuity or integration of production process; common supervision and determination of labor relations policy; relationship to the administrative organization of the employer; history of collective bargaining; desires of the affected employees; extent of union organization. NLRB v. St. Francis Coll., 562 F.2d 246, 249 (3d Cir. 1977).

[32] National Labor Relations Board, Conduct Elections, https://www.nlrb.gov/what-we-do/conduct-elections (last visited Nov. 12, 2015).

[33] 29 U.S.C. §158(d) (2015).

[34] See National Labor Relations Board, supra note 21.

[35] There are varying dollar thresholds depending on the type of business the employer engages in. For example, retailers must have an annual gross volume greater than $500,000 and non-retailers’ inflow and outflow of goods across state lines must exceed $50,000 in order for the Board to have jurisdiction; the NLRB also has a “special categories” which includes transportation, health care, and child care facilities. The threshold for colleges, universities, other schools, museums, or symphony orchestras is $1 million annually. National Labor Relations Board, Jurisdictional Standards, https://www.nlrb.gov/rights-we-protect/jurisdictional-standards (last visited Nov. 12, 2015).

[36] The NLRA excludes from its coverage employees of the United States and of any State or political division. 29 U.S.C. §152(2); see also Neal Hutchens & Melissa Hutchens, Catching the Union Bug: Graduate Student Employees and Unionization, 39 Gonzaga L. Rev. 105, 108 (2004).

[37] Id.

[38] Id. at 108.

[39] Id.

[40] Hayden, supra note 5 at 1243.

[41] Hutchens, supra note 24 at 108.

[42] Rogers ET AL, Effects of Unionization on Graduate Student Employees: Faculty-Student Relations, Academic Freedom and Pay, 66 Indus. & Lab. Rel. Rev. 487, 488 (2013).

[43] Trustees of Columbia Univ., 97 NLRB 424, 425 (1951).

[44] Id. at 427.

[45] Id.

[46] Cornell Univ., 183 NLRB 329, 331 (1970).

[47] Id.

[48] Id.

[49] Id. at 334.

[50] Adelphi Univ., 195 NLRB 639, 639 (1972). See 29 C.F.R. §103.1: “The Board will assert jurisdiction in any proceedings. . .involving any private nonprofit college or university which has a gross annual revenue from all sources (excluding only contributions which, because of limitation by the grantor, are not available for use for operating expenses) of not less than $1 million.”

[51] Id. at 640.

[52] Id.

[53] Id.

[54] Long Island Univ., C.W. Post Ctr., 189 NLRB 904 (1971).

[55] Id. at 908.

[56] Id. at 907.

[57] Coll. of Pharm. Sci. in the City of New York, 197 NLRB 959 (1972).

[58] Id.

[59] Id. at 960.

[60] Georgetown Univ., 200 NLRB 215, 215 (1972).

[61] Id. at 216.

[62] Id.

[63] Id.

[64] Barnard Coll., 204 NLRB 1134 (1973).

[65] Id. at 1135.

[66] Id. at n. 5.

[67] The Leland Stanford Junior Univ., 214 NLRB 621 (1974).

[68] Id.

[69] Id. at 622.

[70] Id. at 621.

[71] Id.

[72] Id. at 623.

[73] Cedars-Sinai Med. Ctr., 223 NLRB 251 (1976).

[74] Id. at 253.

[75] Id.

[76] Id.

[77] Id. at 252.

[78] Id. at 253.

[79] Id. at 254 (Fanning, dissenting).

[80] Id.

[81] (emphasis in original) Id.

[82] Id.

[83] Id.

[84] Id. at 256.

[85] St. Clare’s Hosp. & Health Ctr., 229 NLRB 1000, 1000 (1977).

[86] Id.

[87] Id. at 1001.

[88] Id. See, e.g., the discussion of Georgetown Univ., supra.

[89] St. Clare’s Hosp., 229 NLRB at 1001. This would likely to arise in an external internship situation.

[90] Id. at 1002. See, e.g., the discussion of CW Post and Stanford, supra.

[91] St. Clare’s Hosp., 229 NLRB at 1002.

[92] The Board attempted to provide context by noting that the subject of hours is a mandatory bargaining subject under the NLRA. Part of a graduate education in medicine includes working as a resident or intern. These positions are necessary to provide the student with a broad educational experience and such experiences do not necessarily occur during ideal working hours. Permitting students to bargain over these hours could result in decreased educational opportunities. Id.

[93] Id.

[94] Boston Med. Ctr. Corp., 330 NLRB 152 (1999).

[95] Id.

[96] Id. at 160, quoting Sure-Tan, Inc. v. NLRB, 467 U.S. 883, 891-892 (U. S. 1984).

[97] Boston Med. Ctr., 330 NLRB at 160.

[98] Id. at 161.

[99] New York Univ., 332 NLRB 1205 (2000).

[100] Id. at 1206 citing NLRB v. Town & Country, 516 U.S. 85, 90-91, 93-95 (U. S. 1995).

[101] New York Univ., 332 NLRB at 1206.

[102] Id.

[103] Id. at 1207.

[104] See supra notes 94-96.

[105] New York Univ., 332 NLRB at 1208 , quoting Univ. of Pa. v. EEOC, 493 U.S. 182, 195-202 (U. S. 1990).

[106] New York Univ., 332 NLRB at 1208.

[107] Gerilynn Falasco & William J. Jackson, Note, The Graduate Assistant Labor Movement, NYU and Its Aftermath: a Study of Attitudes of Graduate Teaching and Research Assistants at Seven Universities, 21 Hofstra Lab. & Emp. Law J. 753, 753 (2004).

[108] At the time of the Brown decision, President George W. Bush had been in office for three years and had appointed three members to the board – the three-member majority. The two members of the minority had been appointed by President Bill Clinton and voted in the majority in the NYU decision.

[109] Brown Univ., 342 NLRB 483, 484 (2004).

[110] Id. at 486.

[111] “[The] principles developed for use in the industrial setting cannot be imposed blindly on the academic world. . . It is clear to us that graduate student assistants. .. are clearly students and have a primarily educational, not economic relationship with their university .” Id. at 487 (internal quotes omitted).

[112] Id. at 488.

[113] Id.

[114] Id. at 489.

[115] Id.

[116] Id., citing St. Clare’s Hosp., 229 NLRB 1000, 1002 (1977).

[117] “[It] ‘is important to recognize that the student-teacher relationship is not at all analogous to the employer-employee relationship.'” Brown Univ., 342 NLRB at 489.

[118] Id.

[119] Id. at 490.

[120] Id. In the most recent NLRB decision regarding university students, the NLRB refused to assert jurisdiction over Northwestern University football players who sought collective bargaining rights. The Board did not determine whether the players were statutory employees under the NLRA, but rather held that asserting jurisdiction over a single team would not promote stability in labor relations across the NCAA. The overwhelming majority of college football teams in Division I football (108 of 125 teams) are state-run institutions and therefore collective bargaining rights are determined at the state level. Moreover, Northwestern is the only private institution in its athletic conference, the Big Ten. Northwestern Univ., Case 13-RC-121359 (2015).

 

[121] Brown Univ., 342 NLRB 483, 497 (2004).

[122] Id.

[123] Id. at 492.

[124] See e.g., Columbia Univ., Case 02-RC-14301 (2015), stating “To date, Brown remains controlling on the issue of graduate assistants as employees and I am compelled to follow that precedent.”

[125] See Brown Univ., 342 NLRB at 492.

[126] The data, adjusted to current dollar amounts shows that the average cost of attending a four year university in 1976-77, the same year as the Cedars-Sinai decision cost roughly $2577. Conversely, the adjusted average tuition in 2004, the same year as the Brown decision, was $16,509. National Center for Education Statistics, Average Undergraduate Tuition and Fees and Room and Board Rates Charged for Full-Time Students in Degree Granting Institutions, by Type and Control of Institutions: 1964-65 through 2006-07, https://nces.ed.gov/programs/digest/d07/tables/dt07_320.asp (last visited Jan. 15, 2016).

[127] Bettinger & Long, Does Cheaper Mean Better? The Impact of Using Adjunct Instructors on Student Outcomes, The Review of Economics and Statistics, 598 (2010); Hutchens, supra note 25 at 126.

[128] Gregory M. Saltzman, Union Organizing and the Law: Part-Time Faculty in Graduate Teaching Assistants, NEA 2000 Almanac of Higher Education, 44 (2000).

[129] At Yale University, seventy percent of undergraduate courses are taught by non-full-time faculty members, including graduate students and part-time or adjunct faculty. Id.

[130] Id.

[131] Id.

[132] The students in Brown received a $12,800 stipend per year. Some graduate students were also fortunate enough to have their university health fees for on-campus health services included in the stipend. However, not all graduate students received this benefit and no graduate students received traditional fringe benefits such as sick leave, retirement, vacation, or traditional comprehensive health insurance. Brown Univ., 342 NLRB 483, 486 (2004).

[133] 29 U.S.C. §152 (3) (2015).

[134] Sure-Tan, Inc. v. NLRB, 467 U.S. 883, 891 (U. S. 1984).

[135] NLRB v. Town & Country, 516 U.S. 85, 90 (U. S. 1995), quoting American Heritage Dictionary, 604 (3d ed. 1992).

[136] NLRB v. Town & Country, 516 U.S. at 91, quoting H.R.Rep. No. 245, 80^th Cong., 1st Sess., 18 (1947).

[137] NLRB v. Town & Country, 516 U.S. at 91, quoting 79 Cong. Rec. 9686 (1935).

[138] Id.

[139] Sure-Tan, Inc. v. NLRB, 467 U.S. 883, 891 (U. S. 1984).

[140] Sundlund Constr. Co., 309 NLRB 1224, 1226 (1992).

[141] Seattle Opera Ass’n, 33 NLRB 1072 (2000), enforced 292 F.3d 757 (D.C. Cir. 2002).

[142] Seattle Opera v. NLRB, 292 F.3d 757, 763 (D.C. Cir. 2002) (emphasis in original).

[143] Black’s Law Dictionary defines an apprentice as, “a person, usually a minor, found in due form of law to a master, to learn from his art, trade, or business, and to serve him during the time of his apprenticeship.” That definition highlights that an apprentice is there to learn, indicating student status, but also uses the traditional master servant relationship indicative of an employer-employee relationship. Black’s Law Dictionary 80 (7th ed. 1999).

[144] Newport News Shipbuilding and Dry Dock Co., 57 N.L.R.B. 1053, 1058-59 (1944).

[145] General Motors Corp., 133 NLRB 1063, 1064-65 (1961).

[146] Boston Med. Ctr., 330 NLRB 152 (1999).

[147] Id. at 161.

[148] The Department of Labor would likely reach a similar conclusion regarding the status of graduate students. The DOL has established criteria for when interns must be compensated under the Fair Labor Standards Act. Among the criteria the DOL looks at to determine whether a student intern must be compensated under the FLSA are: whether the internship is similar to training which would be given in an educational environment; whether the internship experience is for the benefit of the intern; whether the intern displaces regular employees and works under the close supervision of existing staff; the employer providing the training derives no immediate advantage from the activities of the intern and on occasion its operation may actually be impeded; whether the intern is entitled to a job at the conclusion of the internship; and whether the employer and intern understand that the intern is not entitled to wages for the time spent in the internship. Graduate students undoubtedly benefit from the teaching experience, but in doing so, displace faculty or other instructors that the university would have to hire to teach those courses. The Department of Labor, Fact Sheet #71: Internship Programs Under the Fair Labor Standards Act, http://www.dol.gov/whd/regs/compliance/whdfs71.pdf (last visited Feb., 4, 2016).

[149] Adelphi Univ., 195 NLRB 639, 640 (1972).

[150] Id.; see also supra notes 49-52.

[151] The Leland Stanford Junior Univ., 214 NLRB 621, 623 (1974).

[152] Boston Med. Ctr. Corp., 330 NLRB 152, 152 (1999).