Next month in Indianapolis, the Network for Public Education will be holding our annual conference on Saturday and Sunday, Oct. 20-21.  More info and how to register here.

I will be participating in two amazing panels focused on how protect students and teachers from the growing threat to data privacy and resist the  the expansion of online learning which is undermining the quality of public education.

The first workshop, to be held on Saturday Oct. 20 morning at 10:50 AM is entitled Outsourcing the classroom to ed tech & machine-learning: why parents & teachers should resist .  Presenting with me are two brilliant bloggers and thinkers whose work I never fail to learn from, Audrey Watters and Peter Greene. 

Audrey has single-handedly and fiercely taken on the ed tech industry for many years and  critiques their claims on her essential blog,  Hack Education.  If you haven’t subscribed to her newsletter, you absolutely should do so.  She is currently writing a book to be published by MIT Press called Teaching Machines.

Peter is a Pennsylvania teacher who retired last year, but even while teaching was among the most prolific and incisive education bloggers at Curmudjucation. He also now writes a regular column for Forbes.    In his writings, he deconstructs and eviscerates the agenda of the corporate reformers and faux philanthropists, whether it be the promotion of online education, Common Core, high-stakes testing or any of the other snake oil  disseminated by private interests bent on disrupting public education.  He shows how they are based neither on research, common sense, or the experience of teachers or parents.

During the second workshop, held later the same day, our panel will present A Teacher Data Privacy Toolkit: How to protect your students’ privacy and your own.  Marla Kilfoyle and Melissa Tomlinson of the Badass Teachers Association, Rachael Stickland co-chair of the Parent Coalition for Student Privacy and I will offer some of the highlights and practical tips of our yet-to-be released Toolkit, the product of  a year-long collaboration between the PCSP and the BATs, with support from the Rose Foundation, the NEA and the AFT.

From responses to an online survey and focus groups of teachers, administrators and other school staff, we heard loud and strong how educators were deeply frustrated by the lack of training and knowledge they had about how to minimize and safeguard the increasing amount of personal data being collected by schools and vendors, and how they can work to ensure it isn’t breached or improperly used.  This toolkit, like the Parent Toolkit for Student Privacy we along with Campaign for a Commercial Free Childhood released in 2017, represents an attempt to provide the support and information that teachers need to act as responsible guardians of their students’ privacy — and their own.

Please join us in Indianapolis – more amazing speakers and panels are described here. — Leonie Haimson

On Thursday, September 13th, the Federal Bureau of Investigation’s Internet Crime Complaint Center issued an important public service announcement (PSA) titled Education Technologies: Data Collection and Unsecured Systems Could Pose Risks to Students.

The PSA warned school districts and parents that sensitive student data collected via the rapid adoption of educational technology in U.S. schools  can threaten children’s privacy and security. The announcement also included recommendations to parents, including:

• • Research existing student and child privacy protections of the Family Educational Rights and Privacy Act (FERPA), the Protection of Pupil Rights Amendment (PPRA), the Children’s Online Privacy Protection Act (COPPA), and state laws as they apply to ed-tech services.

  • Discuss with their local districts about what and how educational technologies and programs are used in their schools.

  • Conduct research on parent coalition and information-sharing organizations which are available online for those looking for support and additional resources. [emphasis added]

Rachael Stickland, co-chair of the Parent Coalition for Student Privacy co-chair, told EdWeek, “We’re thrilled the FBI is clearly articulating the many risks association with ed-tech use in schools, and we’re especially excited to see a recommendation encouraging the public to reach out to parent organizations for information and support.”

You can read more at:

FBI Raises Alarm on Ed Tech and Student Data Privacy and Security, Ed Week, by Benjamin Herold, September 13, 2018

FBI Memo: Ed Tech Data Collection Poses Risk to Student Privacy, Security, The 74, by Mark Keierleber, September 13, 2018

Testimony from Cassie Creswell from Raise Your Hands Action IL and Parent Coalition for Student Privacy in front of the Illinois House Cybersecurity, Data Analytics, and IT Committee.  News articles about these hearings and her testimony are posted here and here.    Video of Cassie and other parents testifying is here.

For Consideration By: Cybersecurity, Data Analytics and IT Committee, in hearing, August 7, 2018, at 10 AM.

Testimony for subject matter hearing on student data privacy

Thank you to the committee and Chairman Andrade for holding this hearing. My name is Cassie Creswell, and I’m the co-director of Raise Your Hand Action. We are a grassroots parent group that advocates for policy that supports a high-quality public education system for Illinois.

RYH Action continues to hear from parents about concerns posed by ever-increasing technology use and data collection in public schools. As you heard from the parents on the previous panel, the security and privacy of educational data is lacking.

CPS has had at least six major known data breaches since spring of 2015 with tens of thousands of students’ personal data, including in some cases health conditions and Individualized Education Program information for students with disabilities, improperly disclosed, and in several cases posted publicly on the web. A national database of publicly reported K-12 cybersecurity incidents includes at least 9 other instances in Illinois outside Chicago in the last two and a half years, including ransomware incidents.

We have also heard from parents about online surveillance, where students’ web history—and that of anyone they share a computer with—outside of school hours, off school grounds and off school-owned devices is being stored and monitored.

Parents are rarely told who their child’s data is being shared with beyond school walls and almost never asked for consent for that sharing. This data collection begins as early as preschool where teachers upload detailed records of children’s behavior to a third-party for-profit software vendor, including things like whether they hit another child, have a tantrum, wet their pants, etc.

Families who inform schools that they are not willing to have their child’s data harvested via apps and software have been told that there is no alternative way to receive instruction and even been told that they should consider private school or homeschooling.

Essentially, in order to receive an education, public school students are being forced to forfeit their right to privacy and a secure digital footprint.

Our group has attempted to advise parents how to navigate the aftermath of a data breach, how to respond to the school’s surveillance of their home computer or their child’s laptop, how to get info on what data is being collected via ed tech products or via surveys administered with state-mandated assessments or even via the software that has replaced college counseling services.

But this simply is not a problem that can be solved by individual parents armed with the advice from a parent group or privacy advocates.

Childhood is a time of growth, experimentation and development. The mistakes and challenges of childhood should not be part of a record that follows a child into adulthood and hamper the chance of future success.  With the rapid pace of technological change, personal data that’s collected and shared today may have significant negative consequences in years to come.

And so, legislators must fully consider the implications of data collection, not only how data might be used in positive ways to enhance a child’s education in the present or near term, but how data might be used in negative ways in the long term. The convenience of tracking and recording every food item a fifth grader buys in the cafeteria for that child’s parent or the school or the food vendor should be balanced with the implications for that fifth grader, 20 years in the future who could be blacklisted for health insurance due to poor nutritional choices in the past. Detailed observations of behavior in preschool might be used for evaluating the effectiveness of preschool programs, but not if they risk being used for input to predictive algorithms for college admissions decisions.

Protecting student data encompasses a huge area of complex policy decisions. But there are some clear places to begin, and we think it’s imperative that the the following components are addressed in legislation next session:

• Full transparency: Operators, whether for-profit or non-profit, and whether selling a product or providing a product for “free” without a contract with a school or district, must all be subject to the same rules. Parents should know what organizations beyond the school district have possession of their children’s data, including government agencies, researchers, non-profits and companies.

• Freely given consent: Parents should be provided with an opportunity for informed consent before PII is transferred to any non-school officials. And this consent must be freely given: students and families must not be coerced into providing sensitive data to non-school official third-parties in exchange for a free and appropriate public education. The price of a public K-12 education should not be your personally-identifiable information.

• Control remains with the data’s owner: Even after consent is granted for data to be shared, control of the data must remain in the hands of students over 18 or parents of students under 18. Control means that the data can be reviewed, corrected and deleted at an owner’s request. And it means that consent for holding the data can be withdrawn.

• No Commercialization: Children should not be subjected to ads while using educational software nor have any of their online data used to target ads.  SOPPA prohibited targeting ads based on stored profiles of children, but targeting ads to children in public schools based on data they are providing on the spot—their IP address, the particular e-book they are reading—is no more acceptable and should be prohibited. The push by Hobsons and the College Board to grant exceptions to the Student Online Personal Protection Act’s ban on targeted advertising and the sale of student profiles should be resisted. It wouldn’t be acceptable for a school counselor to accept payment for promoting a particular university or scholarship provider; it shouldn’t be allowed in career and college counseling software either. Student data should not be used to train or develop predictive algorithms for commercial software or apps.

• Security: The GA should establish detailed minimum requirements for how student data must be handled and how breaches are responded to and replace the vague “reasonable security procedures and practices” language in SOPPA. Districts should be held liable for not taking sufficient, reasonable precautions to keep data secure: encouraging the use of student ID numbers as usernames and passwords, using software that can create public webpages containing PII, storing health information on shared drives, collecting social-emotional survey data via google docs. Until districts are held responsible for negligent security practices, children will suffer the consequences.

• Privacy: Students own devices should not be surveilled, even if in use on school networks. And outside of school hours and school grounds, there should be no tracking of students–even on school owned devices. In addition, research has shown that de-identified or anonymized data research is an inadequate to protect privacy. The exceptions made in SOPPA for de-identified data should be removed.

Technological innovation in the field of education has promise, but that promise will be squandered if there is not parallel innovation in establishing norms for regulating information privacy and encoding them statute. This is not something that should be left to technology companies or school administration. Their interests in this area are to maximize profits in the case of the former and hold down costs in the case of the latter.

Right now, this leaves the onus of protecting our children’s digital footprint on parents. In fact, the onus is on you, our elected legislators, to serve as stewards of the public good by making sure that the cost of a public education in the 21st century is not our children’s right to information privacy.

An interview below with Leonie Haimson, co-chair of the Parent Coalition for Student Privacy.

Watch at #CRTV:https://t.co/x0VfMvUgcu pic.twitter.com/AcnuGD0l7o

— CRTV (@CRTV) April 10, 2018