Court rules IU’s access of data on ID cards did not violate Constitution

Four Indiana University students failed to persuade a federal court that their privacy rights were violated when the school tracked their movements through the data gathered from their university identification cards as part of an investigation into a suspected fraternity hazing incident.

However, with its order, the U.S. District Court for the Southern District of Indiana provided a path for the plaintiffs to refile one of their claims in state court.

The men were pledges to Beta Theta Pi on the Bloomington campus in 2018 when IU accessed the “swipe data” from their CrimsonCards. Each student is given a card which is not only an ID but is also a keycard, library card and meal ticket. IU used the information from the cards belonging to the four plaintiffs to corroborate their testimony that they were in their dorm rooms at the time of the reported hazing at the fraternity.

Ultimately Beta Theta Pi was sanctioned but the four pledges were found to have not done any wrongdoing.

In their lawsuit — Tyler Cameron Gutterman, et al. v. Indiana University, Bloomington and Pamela S. Whitten, in her official capacity as President of Indiana University, 1:20-cv-02801 — filed in the Southern Indiana District Court, the men argued the school violated their Fourth and 14th Amendments, in part, by conducting an unreasonable search.

The court was not convinced. It held that even though the CrimsonCard does not explicitly state that swipe data would be used to verify the plaintiffs’ whereabout, they could surmise the card would provide a record of their movements.

“…it is not reasonable to conclude that Plaintiffs expected their use of the CrimsonCard – which, in turn, reflected which IU facilities and services they accessed – to be private,” Judge Jane Magnus-Stinson wrote. “The Court finds that this is particularly true in today’s day and age, when Plaintiffs were likely carrying cell phone which also could be used to track their locations to some extent, and where cameras on buildings, traffic lights, and businesses were likely to capture many Plaintiffs’ public movements.”

In addition, the court noted IU only examined at the data from a short period of time to see where the plaintiffs were during the incident.

“…the limited nature of the Defendants’ use of the Swipe Data, as alleged in the Complaint, indicates that the Swipe Data does not provide ‘an intimidate window into [a student’s] life, revealing … his familial, political, professional, religious, and sexual associations’ to the degree the United States Supreme Court has recognized as unreasonable,” Magnus-Stinson wrote, citing Carpenter v. U.S. 138 S.Ct. 2206, 2217 (2018).

The men also made a breach of contract argument. They asserted IU breached its own policies by using the swipe data to check the alibis of students during an investigation.

Pointing to the quintessentially local nature of the issue, the court held the claim would be best decided by a state court. IU accessed the swipe data to track the plaintiffs’ movements on the Bloomington campus and likely the witnesses and evidence would be located in Bloomington as well.

The court denied the defendants’ motion to dismiss the breach of contract claim. However, declining to exercise supplemental jurisdiction, the court dismissed the remaining state law claim without prejudice, allowing the men to refile that claim in state court.