Home » Data Collection » Trust Us – Your Data Is Safe

Trust Us – Your Data Is Safe

DQC1

The Data Quality Campaign, whose mission is to “make the case for education data while ensuring state policymakers meet their moral and legal responsibilities to safeguard this information and ensure its appropriate and ethical use,” has released a Primer on data safety that includes myths and facts about data collection.

Data Myth: The federal government collects academic and other information about individual students.

The primer goes on to describe all the reasons why this statement is false.

  • There are federal laws prohibiting the development of a federal database.

Reubttal – True, no federal database has been developed. But there has been considerable effort and money spent to get the states to create databases that all collect the same data coded in the same way. If the federal government had no interest in individual student data, why all the focus on the P20, state longitudinal data systems? At the end of the day someone has a goal for all those databases to talk to each other. And if all the states have access to each other’s data, why would the feds not as well?

  • The federal government does not have access to the student-level information housed in state data systems.

Rebuttal- True they do not currently have access to the state data systems. But they do have access to student level data collected by the assessment consortia according to the memorandum of understanding signed by SBAC and the US Dept of Education January 7, 2011

“A. Recipients Responsibilities (5) Comply with, and where applicable, coordinate with teh ED staff to fulfill the the program requirements established in the RTTA Notice…including but not limited to working with the Department to develop a strategy to make student-level data that results from the assessment system available on an ongoing basis for research, including for prospective linking, validity and program improvement studies”

In essence, only pay attention to what actually exists today and ignore everything we have said about our intentions. After all, it is only federal law which prohibits us from doing these things and we have discovered that, as a regulatory agency, we can simply change that law when we need to, as we did with FERPA.

Myth – Federal grant programs such as the Statewide Longitudinal Data Systems program and Race to the Top are a way to create one database that will house a national collection of student information.

  • States that receive federal grants are not allowed to report student-level data to the federal government.
  • These data systems were often under construction before federal grants became available.

Alternate Reality – The data systems created in the states were made possible by federal money. The states did not all spontaneously decide to create statewide databases with their own limited education funds. It was a coordinated effort as could be seen in the DESE presentation on the P20 system which said,

•Drafted an Interagency Memorandum of Understanding (a Show-Me Data Sharing Agreement).
•The MOU is currently “in process” for signature by each agency’s legal counsel.
•The MOU generally is premised upon FERPA changes coming to reality.
They KNEW the federal government was going to relax the FERPA limitations which would allow them to share data between agencies. It would only take another regulatory change to allow that Interagency sharing to include the federal government.
If the federal government did not want individual student level data, then why did the Department of Education  establish the Committee on Measures of Student Success “to advise the Secretary of Education in assisting two-year degree-granting institutions of higher education” who then recommended to Secretary Duncan that the department create “a coordinated, public, and privacy-protected student unit record system?”
It was once believed that a federal unit record system was “inevitable.” It is only through Congressional action, the reauthorization of the Higher Education Act in 2008, that such federal tracking of individual students was not only blocked, but explicitly forbidden.
The debate rightly centers around the ability to protect student privacy in the collection of such data. Where the federal government fails in this debate is their cocky assuredness that they can protect the data adequately. We have only to look at the problems already cropping up with the health insurance database to see how completely false this sense of security is. Beth Givens, director of the nonprofit Privacy Rights Clearinghouse, which tracks data breaches said of the Southern California Medical-Legal Consultants data breach which allowed the public to view over 300,000 Californian’s private medical records, “Even the most well-designed systems are not safe. … This case is a good example of how the human element is the weakest link.”
Even at the state level, data security is more like the promise of a phone call after the first date.  On Long Island, the Sachem school district had a data breach that allowed personal student information to be seen on-line. An anonymous hacker has been slowly leaking the information in an effort to get the school district to own up to the breach, which occurred two years go, and provide students with credit protection because of the risks such a breach caused. One mother who started to investigate this claim found this information briefly available:

I saw medical records (immunization, allergy, etc) and a letter from a doctor stating the child was prescribed Ritalin and his dosage.  I saw a list of student ID’s with their names and whether they were receiving free lunch or not.  I saw report cards.  District registration documents (including name, address, date of birth, parent info.)  I saw disciplinary records – a letter to a parent (name and address included) stating their child had been suspended for smoking marijuana on the bus.  BOTH the parent’s and child’s name and address were on the letter.

The hacker’s complaint read,
One particular concern is that throughout the last two years running up to the end of this year, Sachem will have spent $2,337,881 on central data processing. These are more or less the maintenance, support and protection costs that are required to keep the schools computer network running and secure. Unfortunately, the money was either completely wasted or embezzled, as Sachems network does not have a two million dollar security infrastructure. The extremely minimal security that was in place was defeated in a very trivial manner, and the system administrators were informed of the issue multiple times. They were unable to fix the issue, as the districts networks utilize mostly free tools and are extremely vulnerable. After repeated attempts to get the problems corrected were practically ignored, it was discovered by many users that extremely sensitive personnel and private information could be accessed with little effort.
How many other school districts are in exactly the same situation, relying on free or low cost software solutions to manage the large amounts of data they are now collecting on students? How many can afford to employ top notch IT professionals who can provide truly adequate security measures? Not many.
I have spoken to people with the NSA and CIA and they have told me that there is no such thing as protected data. Even in aggregate form, the one that is supposed to make us all feel better, they tell me that a dedicated hacker only needs 4-5 related sources and they can disaggregate data.
Data security is a concern when we consider the sophistication of today’s hackers and the value of the data collected on the credit fraud market. But what about those who want to sell the data collected legitimately? Nathaniel Custer wrote in the Georgetown Law Journal (Failed Justifications: Why Privacy and Federalism Do Not Support the Ban on a Federal Unit-Record System) about the value of data,

“Over a postsecondary academic career, every student leaves a wealth of data in her wake concerning the schools she attended, her performance at those schools, her ultimate graduation, the financial cost of her attendance, and her success in moving from school to the work force. In the quest to usefully compile this information, the Holy Grail for researchers is a federal unit-record system.”

Parents in New York have filed a lawsuit against ACT Inc. for selling their children’s personal information.  ACT is a private business who, in the course o their business, collects student information and has found a lucrative market  in selling this information to other vendors. They regularly collect information such as a child’s name, home address, self reported GPA, date of birth, extracurricular interests, social security number, phone number etc. The suit claims the price ACT charged was 33 cents per child which netted them over $5 million.  If the ACT can’t resist the profit motive to use this data, how can we expect the government to do otherwise should they ever have access to it.

The federal government wants the public to stop complaining about data collection. They want us to feel safe and simply agree that it is a normal request for them to have access to our children’s data. Will they ever recognize that the public just doesn’t see it that way? Will the be able to see the difference between their “desire” to have such information and the lack of a “right” to have it? When it comes to data collection, abstinence is the only safe option.

Share and Enjoy

  • Facebook
  • Twitter
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS
  • Google Plus
The following two tabs change content below.
Anne Gassel
Is a stay at home mom of two children in the public school system in the St. Louis area. She has been writing on MEW since 2012 and has been a citizen lobbyist on Common Core since 2013. In the summer she works with a group to provide Vacation Liberty School for middle schoolers to understand our country's founding principles of personal and economic freedom. Some day she would like to see a national Hippocratic oath for educators "I will remember that there is art to teaching as well as science, and that warmth, sympathy, and understanding may outweigh the policies of those above me and the findings of data mining ventures."

Comments

Be sure to click on each social media tab to see all comments. We hope to integrate these soon.

2 Responses to Trust Us – Your Data Is Safe

  1. Christina

    November 14, 2013 at 12:12 pm

    Once again Anne – you are right on top of the issue. The Lawyerspeak being used to circumvent the truth and throw people off is appalling. It’s like setting your kitchen on fire so no one will notice the orgy in the living room. DQC must think we are all stupid!

  2. Beth

    November 14, 2013 at 5:50 pm

    Yes and we will keep complaining, over controllers try to wear you down, dictators derive their power from the people but tyranny only thrives when we give up. This is so illegal that someone will eventually get a new orange jumpsuit for it.