Parents expect schools to keep track of their kids. But in the digital era, keeping track is vastly different than it was a generation ago, thanks to Big Data analytics.
According to its advocates, this is a very good thing. Gathering individual information on students can lead to “personalized” and “adaptive” learning platforms. If technology can help students become more successful, what’s not to like?
A lot, say privacy advocates, since the collection of information on students goes well beyond data used to shape individual curriculums.
That data collection is, “out of control,” according to Khaliah Barnes, director of the student privacy project at the Electronic Privacy Information Center (EPIC).
In a recent blog post in the New York Times, Barnes said data collection is not just about attendance, grades, disciplinary records and learning aptitudes.
“Data gathering includes health, fitness and sleeping habits, sexual activity, prescription drug use, alcohol use and disciplinary matters. Students attitudes, sociability and even ‘enthusiasm’ are quantified, analyzed, recorded and dropped into giant data systems,” she wrote.
Add to that anything that might suggest a student is a threat. Gaggle, a “Human Monitoring Service” (HMS) vendor to schools, says on its website that it, “discovers millions of inappropriate words and images in student email, text messages, discussion boards, email attachments and computer files, leading to thousands of warnings sent to school district administrators and law enforcement every year.”
All that monitoring, Gaggle says, still complies with, “all U.S. privacy and safety laws, particularly those involving children. These include the Children’s Online Privacy Protection Act (COPPA), Children’s Internet Protection Act (CIPA) and the Family Educational Rights and Privacy Act (FERPA).”
Rob Yoegel, vice president of marketing at Gaggle, said the company monitors only email accounts "issued by the schools," but noted that if a student sends an email from a private account to a school-issued account, which happens frequently, "then we would see that."
Yoegel said it is up to school districts to notify students of monitoring of those accounts. He said Gaggle notifies school districts of "questionable content, which we define as not promoting digital citizenship."
Compliant or not, Jessy Irwin, in a post on Model View Culture, argued that such rampant data mining is, “grooming students for a lifetime of surveillance.”
One could argue that data collection on adults is just as rampant. Bruce Schneier, author, security guru and CTO of Co3 Systems observes, as he has many times before, that, “the model of the Internet is surveillance.”
It also seems that today’s students are already well groomed, given what they voluntarily share on social media. The November cover story in The Atlantic magazine is, “Why kids sext.”
Still, as privacy advocates note, there is a large and qualitative difference between what students share voluntarily and data collected by schools that they and their parents do not control, or even know about.
According to Schneier, “the thing about students that’s different and worth talking about is that they're are marginal populations, like the elderly, where bad things tend to happen first.”
Jules Polonetsky, executive director of the Future of Privacy Forum, agreed. “At home or when doing business, adults or kids have some ability to make decisions about what information they share,” he said. “In school, however, kids are a captive audience and deserve higher protections.”
Rebecca Herold, CEO of The Privacy Professor and a former middle- and high-school math teacher, said that higher protection should include parental control over, “data collected about teens and children through tracking devices and areas outside the school’s responsibility.”
Privacy advocates agree that schools have a legitimate and necessary interest in ensuring the safety of children in school and at school activities. But concerns about activities or relationships outside of school should be addressed, “with the parents or guardians of the specific student in question,” Herold said, arguing that blanket monitoring, “is a huge invasion of all students’ privacy, and complete disregard of parent/guardian wishes.
“Much of the data that may be collected by schools through connected devices students use, such as smartphones and tablets, is absolutely none of the school's business,” she said.
There are multiple legal limits on how student data can be collected and used. Bret Cohen, an associate with the Washington law firm Hogan Lovells, agrees that, “children are compelled to go to school, so in some cases there may not be the opportunity to ‘opt out’.” But he adds that laws now in place, “restrict what schools and their service providers can do with student information.”
In addition to COPPA, CIPA and FERPA, Cohen said the Protection of Pupil Rights Amendment (PPRA), “requires school districts and schools, with certain exceptions, to notify parents if students are scheduled to participate in activities that involve the collection, disclosure, or use of student personally identifiable information (PII) for marketing purposes, and gives parents the opportunity to opt out of such activities.”
Cohen added that there are a number of states that have passed laws to regulate the use of student data.
Polonetsky said in addition to those laws, FPF and the Software and Information Industry Association (SIIA) are asking companies involved in the collection of student data to sign the “Student Privacy Pledge,” – a legal commitment that, “any personal data they have access to will only be used for educational purposes and only as directed by schools.”
Gaggle is one of the firms that has signed the pledge.
There are also legislative efforts in the works to increase controls on the use of data collected on students. The Protecting Student Privacy Act (PSPA) of 2014, sponsored by senators Edward Markey, D-Mass., Orrin Hatch, R-Utah, John Walsh, D-Mont., and Mark Kirk, R-Ill., would deny federal funds to any educational institution that doesn’t implement security measures to protect the PII of students or that “knowingly” allows that information to be shared for marketing purposes.
The proposal would also give parents access to any PII of their children held by schools, let them challenge and correct or delete any inaccurate information and let them know of any other individuals or organizations that are allowed access to that data.
However, the last action on the bill was three months ago, when it was referred to the Committee on Health, Education, Labor and Pensions.
And privacy advocates like Herold say both current and pending laws don’t go nearly far enough to protect student privacy, because they don’t address the more recent types of data collection.
While FERPA covers educational records and PII, it “generally does not include the privacy-invasive data that is used for monitoring/tracking students,” Herold said.
And she contends that enforcement of FERPA is suspect. “Without audits and active regulatory oversight of school systems, it is likely that a large portion of schools do not follow the requirements,” she said, noting that the law, “allows for ‘research’ activities for student information, so that is a broad, generally subjective loophole,” and it doesn’t cover private schools that are not government funded.
“Thousands of schools are doing pretty much anything they want to with student data, unless there are state or local laws prohibiting such uses – and there are very few of these,” she said.
Schneier is also unimpressed. “The laws suck,” he said, adding that the fact that Gaggle complies with those laws offers some proof. “I would use the fact that they’re in compliance to condemn them,” he said, noting that the “thousands of warnings” the company sends to school departments are, “pretty much all false alarms.”
"The whole “bull---- about safety – that’s what the NSA (National Security Agency) says when it collects information on all of us," he said.
Cohen said he thinks the PSPA would improve on FERPA, which was enacted 40 years ago. But he agreed with Herold that enforcement is a problem. “Even if the bill is enacted, I don’t know if it corrects the problem of the lack of enforcement,” he said.
When it comes to safety, Polonetsky argues that schools need to remain sensitive to privacy. “We want schools be attuned to clues that a particular student is a danger to others, but we need to be vigilant that we don’t criminalize kids for the sometimes irresponsible or provocative things they may say or write,” he said.
Still, he also cautions against an overreaction in the form of legislation or regulations that might hamstring schools’ ability to provide the best possible education.
Cohen agreed, saying parents should have control over data collected on their children that goes beyond educational or administrative purposes. But he believes they should not be able to block data collection if it would, “effectively interfere with the functioning of the school.”
Polonetsky made a similar point, saying FPF supports the collection of data on students that, “are needed to help educate (them) and measure performance.”
An FPF white paper coauthored by Polonetsky titled “Student Data: Trust, Transparency and the Role of Consent” argues that even parental choice, “may do little to actually protect student privacy, since data policies can be too complex for some to understand.
Parents who choose to opt out, “could end up unintentionally excluding their children from critical services necessary for their education,” it said.
Cohen added that while he doesn’t believe schools should “meddle in students’ private interactions outside of the classroom,” he thinks if schools discover something that, “has the real possibility of affecting student safety at the school, the school should have the right to act."