“The control of information is something the elite always does, particularly in a despotic form of government. Information, knowledge, is power. If you can control information, you can control people.” – Tom Clancy

Electronic information certainly hurt Missouri Republicans this week. We all got to see how dangerous and powerful digitized information is and how little control over it we have once it is digitized.  And though Clancy’s quote above refers to powerful governments, in today’s world the line between business and government has become extremely blurred. The Supreme Court ruled that NSA collection of private phone information violated the constitution. But phone companies’ collection of that data as part of their normal course of business was not questioned. All the NSA will have to do is subpoena that information from the phone companies if they have probable cause to investigate those records. In fact, they don’t even need to have the subpoena. Companies like Google regularly turn over data without being legally required to. Government now has an incentive to make sure that private companies hold on to data for longer periods, too.

google requests
Phone and internet companies are not the only ones collecting data. Why  should you be concerned?
Ed WeekMillions of Student Records Sold in Bankruptcy Case
Data in education is the wild wild west. Technology and business are moving so fast that public policy has not been able to keep up. The ConnectEDU case provides the ultimate cautionary tale to districts and individuals who think their data is safe because there are policies and contractual terms in place to protect it. Those policies and procedures failed in the end at ConnectEDU, even with conscious knowledge of the situation.

ConnectEDU had amassed, in its college- and career-ready technology platform for students from middle school through college, millions of data records. The company filed for bankruptcy this year. Of course, in bankruptcy, part of the process is to liquidate assets to satisfy debt. Those data records were a tremendous asset. As Silicon Valley is likely to say, “If the software is free, you are the product.” Not that ConnectEDU’s products were free, unlike Google’s education apps, but the greater value to many of these companies is the data that those products can collect from users. What happened in the bankruptcy case was the sale of that data to two other companies, a sale which violated ConnectEDU’s own privacy policies and ignored federal warnings.

The Federal Trade Commission’s Consumer Protection Bureau was aware of the potential exposure of the millions of records while the case was working its way through the court. They sent a letter to the court that states that, “the terms of the sale of the company and its subsidiary Academic Management Systems, Inc., in bankruptcy do not provide consumers the notice and choice set forth in the privacy policy and could potentially run afoul of both the FTC Act and the Bankruptcy Code.”    They asked the court to have ConnectEDU  “1) provided users with notice of the sale of their personal information and opportunity for its removal; or (2) destroyed the personal information. Alternatively, under Section 363(b)(1)(B), the Court could appoint a privacy ombudsman to ensure that the privacy interests of ConnectEDU’s customers are protected.”

Sadly for the millions of students and their families who potentially had their student’s test scores, grade point average, learning disability, email and home addresses, phone number,  date of birth and more collected by ConnectEDU,  none of the FTC recommendations were acted on  because, by that time, there were no ConnectEDU employees to do the work. The data were sold to both Academic Management Systems Inc. and Graduation Alliance.

ConnectEDU’s bankruptcy is not a fringe event for education suppliers. “Many ed-tech companies today are small startups, collecting lots of data. Many of them are not going to succeed. What’s the protection when these companies go bankrupt?” said Joel R. Reidenberg, a law professor at Fordham and Princeton universities.

The Software and Information Industry Association thinks the solution lies in their public pledge to protect student privacy. This pledge made its way to Missouri via SB546 (Schaefer-R) and had many issues that the Missouri Coalition Against Common Core brought to the sponsor’s attention.  The bill was not passed this session. SIIA says their pledge is enforceable by the FTC since it is a public pledge. But given what happened with ConnectEDU, one has to wonder whether that promise really means anything.

Quantified StudentJames P. Steyer, CEO and founder of Common Sense Media, a San Francisco-based nonprofit that advocates for safe technology use for children said, “You cannot always leave it up to the industry to do the right thing or even stand by their own privacy policies,” You might remember them from their “Day In The Life of A Data Mined Kid” which they put out in September of last year.  According to SIIA, sales of educational technology software for kids in kindergarten through high school reached nearly $8 billion last year.  Knewton is one of the biggest companies collecting this data. They are supposed to have “five orders of magnitude more data on you than Google.” That data weighs heavily on Knewton’s asset sheets. Most companies cannot afford to leave large assets untouched, especially when those assets can be used to provide more income. It is common business practice to sell data, in various forms. Sometimes this side of the business can provide more income than the main product of the business.

Senator Vitter (R-LA) has introduced the Student The Student Privacy Protection Act in response to various cases of data mismanagement and outright violation of student’s privacy in the name of commerce.

“Parents are right to feel betrayed when schools collect and release information about their kids. This is real, sensitive information – and it doesn’t belong to some bureaucrat in Washington D.C.,” Vitter said. “We need to make sure that parents and students have complete control over their own information.”

Vitter’s legislation would:

• Reinstate protections originally outlined under the Family Educational Rights and Privacy Act (FERPA) by clarifying who can access student data and what information is accessible.

• Require educational agencies to gain prior consent from students or parents and implement measures to ensure records remain private. Any educational agency, school, or third party that fails to get consent will be held liable through monetary fines.

• Extend FERPA’s protections to ensure records of homeschooled students are treated equally.

• Prohibit educational agencies, schools, and the Secretary of Education from including personally identifiable information obtained from federal or state agencies through data matches in student data.

Read more here

Several states and grassroots organizations have signed a statement of support for the legislation. It reads as follows:
We; the undersigned groups that have grave concerns about the loss of student and family data privacy, psychological profiling, and career tracking related to the Common Core standards, aligned state tests and longitudinal data systems; are grateful to Senator David Vitter for introducing and do strongly support The Student Privacy Protection Act.
This legislation provides important protections in the following areas:
  • Rolling back the disastrous extra-congressional regulatory changes that vastly expanded access of third parties to our children’s personally identifiable data, now limiting that access and requiring parental consent in all cases
    Holding educational agencies, schools, and third parties liable for violations of the law through monetary fines, damages, and court costs
  • Prohibiting psychological or attitudinal profiling of students or gathering of sensitive family information via any assessments, including academic assessments or surveys
    Extending data protections for homeschooled students required to submit educational data to public school districts
  • Prohibiting educational agencies, schools, and the Secretary of Education from including personally identifiable information obtained from Federal or State agencies through data matches in student data.
    Banning Federal education funds to states or districts that film, record, or monitor students or teachers in the classroom or remotely without parent or adult student and teacher consent.

We strongly urge the senators of our respective states to co-sponsor this critically important piece of legislation and our congressional representatives to author and co-sponsor this bill in the US House.

The only thing that is clear right now is that parents are the only ones who have the ability to protect their children’s privacy by not giving over information or allowing their child to use education software. No pledge, policy or contractual term seems strong enough to override the voracious profit appetite of private business. For all the districts who have been adopting policies that MSBA drafted allowing your personnel to override parental objections to the use of educational software, get ready for parents to come back at you hard with proof that your promises of protecting student data are completely unfounded.
Anne Gassel

Anne has been writing on MEW since 2012 and has been a citizen lobbyist on Common Core since 2013. Some day she would like to see a national Hippocratic oath for educators “I will remember that there is an art to teaching as well as science, and that warmth, sympathy and understanding are sometimes more important than policy or what the data say. My first priority is to do no harm to the children entrusted to my temporary care.”

Facebook Twitter 

Share and Enjoy !

0Shares
0 0