Indiana University Uses Student ID Cards To Track Student Movements

Tim Burke, Fraternal Law Partners, tburke@manleyburke.com

In 2018, Indiana University (“IU”) launched an investigation into allegations of hazing by the Beta Theta Pi chapter on campus. It ultimately resulted in sanctions against the chapter. What is now apparent, based on a lawsuit recently filed in United States District Court in Indianapolis, is that the University used the University student ID cards, which students were required to carry, in order to track the movements of at least some members of the 2018 pledge class of the chapter. The lawsuit filed by four students who were members of that pledge class alleges that the students “were subject to illegal surveillance by the University that violated the Fourth Amendment’s prohibition on unreasonable searches and breached the University’s contractual obligations to the Plaintiffs.”[1]The students are being represented by attorneys from the Liberty Justice Center, a Chicago, non-profit, public-interest law firm.

         “Students don’t give up their constitutional rights just because they live in public university dormitories,” said Jeffrey Schwab, senior attorney at the Liberty Justice Center. “If state universities are going to collect data on student movements in and out of college buildings and dorm rooms, then they must take steps to protect that data and establish a process to protect their student’s privacy before accessing it.”

         In setting up the two main claims in the Complaint—the Fourth Amendment violation and the University’s breach of contract—a detailed statement of facts is provided. Students are required as a “condition of their attendance at the University” to carry the ID card known as a “Crimson Card.” The University’s website explains that a card is “much more than a photo ID, it’s a print-release card, key-card to authorized University buildings, library card, and if your enrolled in the dining services plan, it is your meal plan.”[2]It can also be used to access parking garages, use parking meters, purchase sodas and snacks from campus vending machines, and use laundry machines. Like a credit card, it can also be used to make payments at numerous businesses near campus, including restaurants, grocery stores, pharmacies, airport shuttles, tanning salons, and wellness centers. And every time it is used, it creates a record maintained by the University.

         The four Plaintiffs, freshman pledges at the time, were part of the University’s investigation related to an off-campus hazing incident. The Plaintiffs had “testified they were in their dorm rooms at the time” of the alleged off-campus hazing incident. The University used the swipe data from the Plaintiffs’ Crimson Cards to check those alibies.

         The Plaintiffs were not found guilty of any wrong-doing by the University. The Complaint compares the University’s use of that swipe data to a warrantless search into the home of the Plaintiffs, making the point that University dormitory rooms enjoy the same constitutional protection of a home, and provides case law to support that.

         According to the Complaint, the University gives permission to access its institutional data to “all eligible employees and designated appointees of the University for all legitimate University purposes.” At the heart of the Complaint’s Fourth Amendment claim is the allegation that the University does not afford the subject of a search of the individual’s swipe data “the opportunity to obtain pre-compliance review before a neutral decision maker.”  

         By comparison, a search of an individual’s home or property typically requires a search warrant to be issued by a neutral decision maker to ensure that the constitutional rights of the individual(s) involved are being respected.

         One paragraph of the Complaint describes the potential abuse and intrusion into an individual’s private business this way:

            The privacy concerns in this sort of data are significant: IU officials could use this kind of swipe-card data to determine who attended the meetings of a disfavored political organization, or who is seeking medical services, or even who a student is romantically involved with. And since it could potentially be stored indefinitely, investigators need not determine that there is probable cause before tracking it—historical records could be consulted for anyone who falls under suspension.[3]

         Beyond the claim that the Fourth Amendment violation deprives the Plaintiffs of their reasonable expectation of privacy, the Complaint alleges that the manner in which the University uses the swipe data violates their own published policies and thereby breaches the University’s contract with their students. The University’s published policy on the use of swipe data does not entitle it to be used

to access, use or release this swipe data and the swipe data to check past entries to University buildings, to check the alibis of students during an investigation does not comport with the intended purpose of the card, to contemporaneously verify the identity and manage access to University services and facilities by cardholders.[4]

The Complaint relies on numerous prior cases to support the point that a university’s published student handbook, catalog, and regulations are a part of its contract with its students.

         Because Indiana University is a state university, its officials utilizing the swipe data are state actors. Therefore, when their actions violate the civil rights of the University students, they are subject to suit under the U.S. Civil Rights Act 42 U.S.C § 1983, and can be required to pay Plaintiff’s attorney fees under 42 U.S.C § 1988. Plaintiff seek only nominal damages of $1.00 as well as attorney fees but they also seek specific relief against the University, including both a declaratory judgment that the manner in which the swipe data is used is a violation of the Fourth Amendment and a breach of contract, and an injunction prohibiting the University from the use of such data in investigations, “except where the University has obtained a warrant or can demonstrate exigent circumstances.”[5]

         Given that the suit was only filed on October 29, 2020, this case is in its very early stages. It will deserve being closely watched as it progresses.

[1]Complaint at 1, Gutterman v. Ind. Univ., No. 1:20-CV-2801 (S.D. Ind. Oct. 29, 2020).

[2]CrimsonCard,https://crimsoncard.iu.edu(last visited Nov. 16, 2020).

[3]Complaintat ¶ 26, supra note 1.

[4]Id. at ¶ 33.

[5]Id. at 13.