Tracking Your Child’s Data: Who Has it, Why is it Being Gathered, Where is it Going?
As you read the article below from techdirt.com on police departments data mining information on citizens, you can get a good idea on how data mining and transmission is occurring with your child’s data from public school. Data is being gathered and transmitted on your child without your knowledge and probably without your consent. Substitute the phrase ‘educational agencies’ for ‘law enforcement agencies’ and you will understand how the data grabbing and tracking game is played.
The article details
- how the police department is inviting other departments to access this data (akin to Arne Duncan granting access to third party researchers/organizations with the rewriting of FERPA)
- how police data is gathered (how is YOUR child’s data gathered…active vs passive permission and expressed permission)
- the police database has no oversight regarding its use (who controls the access on your child’s data and do you even know what data is being gathered and why)
- how this information is being stored (ask your local school board questions about data gathering, usage and retention)
If there are concerns about the police using vehicle tracking data for reasons unknown with no expressed permission, knowledge or accountability, certainly the use and accessing of your children’s data should raise serious questions. The expansion of the Longitudinal Data System was a mandate necessary for states to adopt for one time state stabilization funds in 2009. It’s connected with the common set of standards and determining evaluation measures for ‘effective teachers’. It’s an agreement with the Federal Government that proves the Common Core State Standards is so much more than ‘just standards’.
The privacy expectations may have been minimal (vehicles parked in public places), but the implications of what could be done with this sort of data were much larger. Plate-and-location records could be read to determine likely political affiliations, and the state police’s obvious desire to fill its database efficiently makes large gatherings of any sort attractive targets for automatic license plate readers. The revelation of the State Police’s actions prompted a strong response from the State Attorney, as well as a clarification of rules governing the collection and retention of license plate data.
Now, news has emerged that a handful of law enforcement agencies in Virginia have constructed their own ad hoc phone record database and are inviting others to sign up for access.
The database, which affects unknown numbers of people, contains phone records that at least five police agencies in southeast Virginia have been collecting since 2012 and sharing with one another with little oversight. Some of the data appears to have been obtained by police from telecoms using only a subpoena, rather than a court order or probable-cause warrant. Other information in the database comes from mobile phones seized from suspects during an arrest.
The five cities participating in the program, known as the Hampton Roads Telephone Analysis Sharing Network (HRTASN), are Hampton, Newport News, Norfolk, Chesapeake and Suffolk, according to the memorandum of understanding that established the database. The effort is being led in part by the Peninsula Narcotics Enforcement Task Force, which is responsible for a “telephone analysis room” in the city of Hampton, where the database is maintained.
What it looks like is what it is: a dumping ground for any phone/phone-related records obtained by law enforcement through other means. Rather than being used in an investigation and disposed of upon conclusion, these agencies are dumping it all into a searchable pile and inviting other law enforcement agencies to do the same. The resulting mess is almost certainly illegal, and at least one invited agency — the Virginia State Police, no less — has refused to take part in it.
The HRTASN agreement presents the database as a fully legal operation while still writing itself a blank check for haystacking.
To the extent permitted by law, all participating agencies operating under this MOU agree to share telephone intelligence information derived from any source with the PNETF including: subpoenaed telephone call detail records, subpoenaed telephone subscriber information, and seized mobile devices.
“Derived from any source” is an incredibly open statement. And as for the database being “permissible by law,” the legislative changes prompted by the Virginia State Police’s abuse of its license plate readers seem to make this sort of unstructured, untargeted collection illegal.
The ACLU’s [Rob] Poggenklass said the database runs afoul of a privacy law in Virginia known as the Government Data Collection and Dissemination Practices Act, designed to curb the overcollection and misuse of digital personal information by state and local agencies…
While law enforcers enjoy some exemptions from privacy laws during the course of an investigation, according to the opinion, those exemptions don’t apply when collected data “is of unknown relevance and not intended for prompt evaluation and potential use.” In other words, there must be a clear law enforcement need. Without it, Poggenklass said, police should not be permitted to collect and retain records indefinitely in a database for future queries.
Right now, the database operates with no outside oversight. Worse, it operates with the explicit permission of the five communities whose representatives signed off on their local PD’s participation. There’s also no information forthcoming about the contents of the database — whether it’s just simple phone records, or if actual content (text messages, photos, contact lists, etc. pulled from seized phones) has made its way into long-term storage as well.
Unexpected daylight altered the State Police’s use of its license plate readers. There’s a good chance exposure will do the same to Peninsula Narcotics Enforcement Task Force’s database.
The ACLU should start investigating public school databases and the practices of schools gathering personally identifiable information on their students. Maybe some ‘unexpected daylight’ will alter the school districts sending your child’s data into the great cloud on high for access by unknown entities for unknown purposes.
Published on November 6, 2014