The act of looking at something changes it.fs.blog, The Observer Effect: Seeing Is Changing
(I am not a lawyer. I figure that I should say that up front.)
As an automated fingerprint identification system (AFIS) product manager, and in other roles related to AFIS, I have dealt with the concept of expungement.
The American Bar Association (ABA) defines expungement as follows:
In law, “expungement” is the process by which a record of criminal conviction is destroyed or sealed from state or federal record. An expungement order directs the court to treat the criminal conviction as if it had never occurred, essentially removing it from a defendant’s criminal record…
This post looks at various aspects of expungement, including its applicability outside of government (both in the US and in GDPR-land), the difference between sealing and destruction of records, how your (above) average technology product manager deals with expungement, and my huge philosophical question regarding the DOCUMENTING of expungement.
You can’t expunge the public record
Now obviously there are limits to the effects of expungement. If the California court system were to declare that some notorious criminal’s conviction were to be expunged, it would be impossible to treat the conviction “as if it had never occurred,” at least in the public eye. Millions of websites, newspaper and magazine articles, and books would have recorded the conviction for posterity, and it isn’t like you can go from house to house and remove every copy of the relevant People magazine article or New York Post article that mentioned the conviction.
Well, at least you can’t remove them in my country.
Or maybe you can
It’s a different matter in the countries where the General Data Protection Regulation (GDPR) is in force, where at least the online public record of a conviction CAN be removed. Article 17 of the GDPR (the “right to erasure” or the “right to be forgotten”) says in part:
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies…
…the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject…
So in this case an expungement order CAN be extended beyond government records.
Or at least to the online search record. In late 2019, Google was ordered to remove record of three 1999 Der Spiegel articles that mentioned a convicted murderer.
But in a 2018 case, web archives did NOT have to remove records of a 1991 murder.
But perhaps there are dark web samizdat records that detail all of these non-forgotten facts, far from the prying eyes of the enforcers in Brussels.
The difference between sealing and destroying a record
Let’s return to government records in the U.S.
Because expungement is (mostly) a state process, the specific details of expungement differ from state to state. As the ABA notes, different states have different definitions of how records should be expunged.
- The ABA notes that in Kentucky, it is sufficient to seal the record, which means that only certain privileged people can view the record, but the record still exists. (I was unable to independently confirm that this is still the case in Kentucky, but it appears that Arkansas generally only offers sealing, with the exception of juvenile records.)
- The state of Washington, however, requires all expunged records to be destroyed so that NO ONE can see them. RCW 13.50.270 details how and when records should be destroyed when destruction is required.
How to implement expungement
As an AFIS product manager, I had to think about the consequences of expungement. For a live AFIS, the method for handling this varied.
- In the cases where it was sufficient to seal a record, the whole process could be handled by role based access control. My products (Omnitrak and Printrak BIS) had long lists of access privileges, and different access privileges could be assigned to different roles. So, for example, the privilege to view a sealed record could be given to a “supervisor” role, but denied to a “trainee” role.
- In the cases where you actually needed to destroy an expunged record, you would of course handle things differently. Someone whose role had the privilege to delete records would simply go to the record in question, double-check and triple-check to make sure that the right record was selected, ask the system to delete the record, and answer the inevitable “Are you sure?” question to actually delete the record.
Note that the descriptions above apply to a live AFIS. If you REALLY wanted to be thorough about this, you’d need to think about the backups. Any critical system such as an AFIS is backed up on multiple levels, with the backups stored in different areas. So perhaps an underground bunker several hundred miles from the AFIS site might contain a year old backup that may include an expunged record. Something to think about.
How to document expungement
But these concerns paled in comparison to the philosophical one that surrounds any mention of expungement.
Let’s say that I was convicted of burglary, my state allows me to expunge my burglary conviction, and my state is one of the states that requires destruction of expunged records. (For the record, I was never convicted of burglary. But how would you know?)
To start the process, I or my lawyer would have to fill out a form (here’s Illinois’ form) listing the case numbers of the records that I want expunged.
After I (or my lawyer) submitted my request, some process would need to take place to approve the request to expunge.
After that, the records would be expunged in accordance with the relevant state laws.
So far so good.
But what happens next?
From my perspective, I would want to make sure that the records were expunged as I requested. From the state’s perspective, the state would want to ensure that the expungement order was carried out.
But if I file a question with the state that asks whether my burglary conviction was expunged, I am acknowledging within state records that I was convicted for burglary. And if the state produces a report of the records that were expunged, and my burglary conviction is listed on it, then the state is acknowledging within state records that I was convicted for burglary.
I guess the workaround is for me to ask the state, “Hey state, could you provide me with a list of my criminal convictions?” At this point the state would respond, “Here’s your list of criminal convictions…hmm, you don’t have any.”
At this point I would ask, “Are you sure?”
So the state would respond, “Well, let’s check the backups.”