Superintendent Creg E Williams of Thornton Fractional High School District 215, based in Calumet City, Ill., recently posted a message on the district’s home page, officially directed to parents and guardians of the district’s 3,544 students:
Indeed, technology has fundamentally transformed our world. In particular, social networking sites like Facebook, Twitter, and Instagram – to name a few – have dramatically altered the manner in which we communicate. Many teens use these and other sites to converse with friends and family and to express their individuality and creativity. Unfortunately, there have been instances in which students’ online posts on social sites have created a substantial disruption to the school environment.
The Illinois Right to Privacy in the School Setting Act (Public Act 09-0129), which went into effect January 1, 2014, allows all public elementary and secondary school districts throughout the state to obtain the “password or other related account information” (which includes profile pages) of students if there is just and reasonable cause that the accounts contain evidence that school codes of conduct have been broken. Please note that the law applies to all posts on students’ social networking pages whether or not their profiles are public or private, or whether the posts were made from home or school.
Be advised that postings that include threats of violence against others, bullying, harassment, and intimidation, alcohol and/or substance abuse, weapon usage, and any other content that explicitly violates the student code of conduct could result in disciplinary action.
Please contact me or your child’s principal if you have any concerns regarding this new law.
Final approval for the publication of this disciplinary policy is likely to come at the next regular meeting of the school board on Feb 25.
What the law allows and doesn’t allow
The law doesn’t allow students’ email to be searched, but almost any other website where students maintain a profile or establish “connections” with other users on the system, such as Facebook friends or Twitter followers, is subject to search under this law.
According to the law, available here, school districts and their personnel have the right to search students’ social media accounts “if the elementary or secondary school has reasonable cause to believe that the student’s account on a social networking website contains evidence that the student has violated a school disciplinary rule or policy.”
The phrase “reasonable cause to believe” has a fairly specific meaning, so let’s take a look at it with regard to the Fourth Amendment of the US Constitution.
The district’s proposed policy claims that students “have no reasonable expectation of privacy for content they post on public or semi-public profiles on the Web,” according to an article about the issue in the Northwest Indiana Times.
I would argue that providing a password to an account will give school officials access not only to those “public or semi-public profiles” but to direct message or chat communications, status updates from friends who aren’t suspected of anything at all, and so on. The federal courts disagree with Mr Williams when it comes to Facebook accounts protected by password and the student’s decisions on what to make public.
One case that comes to mind was tried in Minnesota. As the 2010-11 school year began, an eighth-grade girl whose principal forced her to log into Facebook so he could view her profile and news feed sued him for violating her Fourth Amendment rights, among other issues. A federal judge denied the motion on the part of the school district to dismiss the case, citing a legal precedent established before Facebook came into existence.
In the Supreme Court of the United States, justices ruled in New Jersey v T.L.O., 469 U.S. 325, 336-37 (1985), that students do have a reduced expectation of privacy while they’re in school, but any court would still have to determine if a search is “reasonable” by considering, in order,
- the scope of the legitimate expectation of privacy at issue
- the character of the intrusion that is complained of
- the nature and immediacy of the governmental concern at issue & efficacy of the means employed for dealing with it
In reviewing the eighth grader’s case, the court pointed out that a person’s reasonable expectation of privacy depends mainly on her ability to exclude others from the place searched. The judge ruled that it is well-settled law that individuals enjoy protection from intrusions on their private electronic communications, such as emails.
As a result, the court agreed “that one cannot distinguish a password-protected private Facebook message from other forms of private electronic correspondence.” In the Minnesota case, “at least some of the information and messages accessed by the school officials were in [the girl’s] exclusive possession, protected by her Facebook password.”
Therefore, the girl did indeed have a reasonable expectation of privacy to her Facebook information and messages. The first test from TLO—expectation of privacy—clearly doesn’t agree with what Mr Williams wrote. I would tend to agree with the court here.
But on the remaining two questions, the chances are in the school’s favor. However, the “character of the intrusion” isn’t just something we can analyze before an intrusion actually occurs. I can imagine, though, searches that might be considered too intrusive, such as beating a password out of a kid. But asking a kid in a private office for his password probably wouldn’t be considered too intrusive. All the cases in the middle, such as threatening varying levels of discipline or applying humiliating tactics to a greater or lesser degree, would have to be decided on a case-by-case basis.
And as for the final test, I can imagine concerns school officials could easily have that represent clear and present threats to the school or the people in it. In these cases, the search should be tailored according to the threats school officials may expect to find.
The problem comes in when officials look at other posts unrelated to the illegal activity the student is suspected of having committed. For example, what if school officials find swearing, start to question the student standing there in a small room, as a police officer armed with a taser looks on? Is that too intrusive? Swearing isn’t against school regulations, I would assume, at least not on Facebook, but discussing the matter with the student in the presence of armed strangers could be too intrusive.
It may also be considered not sufficiently tailored to the immediacy and nature of the governmental concern. I mean, even if swearing does violate a school policy, conducting a search of a student’s Facebook news feed is probably overkill, since the threat level is low. Courts may have to draw these lines.
It’s potentially a slippery slope here, and I urge the people of District 215, and any other Illinois district planning a similar modification to their discipline code based on the new law, to tread carefully. Courts have found that students do have a reasonable expectation of privacy on their Facebook accounts, but if the search is not too intrusive or the school’s interests in maintaining an environment conducive to providing an education to other students outweigh the student’s privacy concerns, the search would most likely be found constitutional.
Court opinions still differ
Students whose principals ask for their passwords probably have to turn them over.
But as shown above, it’s much more complicated. A public school district has to follow a different set of rules than, say, a privately-owned business. In a school setting, students’ rights clash with the rights of the school to maintain a controlled, positive environment that is conducive to providing an education for all students.
In terms of final rulings, different courts have come to different conclusions about how to balance students’ First Amendment rights to criticize their school with the school’s right to discipline students for harming the education environment. But if you’re suspected of a crime like cyberbullying or making threats to a person, rather than just saying you “hate” your school or one of your teachers, the law’s pretty clear: You have to turn over your password, and you can be punished for whatever school officials find.
California, Maryland, and Illinois all passed laws in 2012 prohibiting employers from demanding access to private social media accounts, and other states are likely to follow suit in the next few years. Unfortunately, schools have rights, too, and sometimes—as in the case of students suspected of disruptive or illegal activity—the school’s interests trump the student’s privacy concerns every time.