Press release cross-posted here.

For Immediate release: February 3, 2022

Contact: Cassie Creswell, [email protected], 716-536-9313;
Leonie Haimson, [email protected], 917-435-9329

Parent Coalition for Student Privacy and Congressman Jamaal Bowman Oppose College Transparency Act to be Voted  Tomorrow

Overturning Federal Ban on Student Unit Record System Endangers Privacy and Equity

The College Transparency Act, now appended to the America Competes Act, is coming to a rushed vote today or tomorrow in the US House of Representatives.  This bill would overturn the long-standing ban on the federal government amassing a comprehensive database of personal student information, and instead would require that the US Department of Education collect the personal information of every student attending a post-secondary institution and potentially track them throughout their lives. There is no allowance for students to opt out of inclusion in this massive federal data system.

“The Parent Coalition for Student Privacy strongly opposes this bill and urges Congressional Representatives to vote against it, as any attempt to authorize the collection of such data by the federal government would create an unaccountable surveillance system that would place the privacy of all higher education students at an unacceptable risk,” said Leonie Haimson, co-chair of the Parent Coalition.

As one of the Coalition’s core principles, we hold that extremely sensitive personal student data should not be shared without consent, and especially without clear evidence that this is necessary. The CTA language would allow the government to not only collect data directly from colleges and universities for all full-time and part-time students, including their enrollment status, attendance, age, gender and race, but also to potentially include information pertaining to their “status as a confined or incarcerated individual”, disabilities, and/or first-generation college student.

The bill also allows the collection of nearly any other additional personal student data elements that can be justified as “necessary to ensure that the postsecondary data system fulfills [its] purposes”. This data will then be matched to other federal data from the Department of Defense, and Veterans Administration, the Census Bureau (for earnings), and the Social Security Administration, to continue throughout their lives.

“Our number one priority should be empowering our students with the resources they need to be well-rounded members of our society and influence positive change in their communities, not collecting their data and empowering the federal government to unnecessarily track them for the rest of their lives,” said Congressman Jamaal Bowman, Ed.D. (NY-16). “We have been down this road before and know how people’s personal data can be abused. Under the Trump Administration we saw this play out in the form of ICE stakeouts in our communities that put people in danger of being deported, separated from their families, and having their lives completely destroyed from one day to the next. The College Transparency Act raises serious concerns about how the data of our students can be used and abused. If making these systems more fair and equitable for all is our goal, there are interventions that would make a material, positive difference in people’s lives starting with canceling student debt.”

In recent years it has become clear that data held by local, state and federal agencies are under increased threat of breaches and cyberattacks. Even our “best protected” national data stores have been breached, including the well-known Education Department FAFSA breach in 2017, and top-secret NSA and Army data.

According to the US Department of Education’s own Inspector General’s  2020 data security audit of the Department, there were weaknesses in 11 of the 12 areas of their operations, which “did not meet the Managed and Measurable level of maturity or an effective level of security.”  The audit also found there was insufficient progress since previous audits: “We had findings in all eight metric domains within the five security functions—Identify, Protect, Detect, Respond and Recover…findings with the same or similar conditions identified in OIG reports issued from FYs 2017 through 2019.”

In addition, the College Transparency Act says in section (H) that “nothing in this paragraph shall be construed to prohibit third-party entities from using publicly-available information in this data system for commercial purposes.” Thus, companies could not only use the aggregate data for advertising, but also could match the data with other sources of data to exploit particular students and target them with ads.  Hackers could also combine with other databases for illegal purposes.

Lisa Rudley, the Executive Director of NY State Allies for Public Education and a school board member in New York pointed out, “Any college rating system that is developed from such a federal database may not just be subject to breaches, but also have unintended consequences, by discouraging schools from accepting the highest needs students – including those with disabilities or from low-income families.  Data of this magnitude and sensitivity needs to be handled with care and integrity.  We have not seen evidence of this from the US Department of Education.”

“The focus on earnings may also dissuade colleges from promoting career paths of great value to society but that typically yield lower salaries (e.g., early childhood or K-12 education) or discourage them from accepting students who on average may be relatively lower earners: female students, students of color, and/or pregnant or parenting students,” added Jeanette Deutermann, founder of Long Island Opt Out.

There are much less intrusive options that could be used to analyze and evaluate higher ed outcomes, including data sampling and use of aggregate data. See for example the recent Brookings report which used information drawn from the College Scorecard Data and the Opportunity Insights Mobility Report Cards. The Department of Education also already has access to vast amounts of data from their federal student loan system which could be used for similar analyses, but to our knowledge has not been employed for such purposes.

“Technology and data collection far out-pace the current federal and state protections for students. Congress should be seeking to strengthen those protections before engaging in further data collection that will potentially put our students at risk. We urge our Representatives to vote no on the College Transparency Act,” said Julie Larrea Borst, Executive Director, Save Our Schools NJ Community Organizing.

Another bill reintroduced in the last Congress, called the Student Right to Know Before You Go Act, would be far more protective of students’ sensitive data by employing a system called secure multiparty computation, which would enable these sorts of analyses without giving the federal government direct access to personal student data, as the American Association of State Colleges and Universities has pointed out.

“Why is any legislation being proposed to enable the government to collect more personal data before comprehensive data protection legislation has been enacted? There are several bills in Congress to do just that, but they have been stalled for more than a decade. To see the federal government rolling back protections of student privacy instead of bolstering them is very disheartening for me as a parent and student privacy advocate,” said Cassie Creswell, co-chair of the Parent Coalition for Student Privacy and director of Illinois Families for Public Schools.

Diane Ravitch, the founder of the Network for Public Education, said, “I urge Congress to vote NO on this bill. The federal government must continue to protect the privacy of students, rather than amass giant databases, full of highly sensitive information for the purposes of ratings systems, which by their nature will be highly unreliable and may have negative consequences for our most vulnerable students.”

###

Additional Resources

Cassie Creswell’s testimony on behalf of Parent Coalition for Student Privacy and Raise your Hand before the Commission on Evidence-Based Policymaking, January 5, 2017

Cassie Creswell’s response to follow-up questions from the Commission, February 10, 2017

PCSP press release opposing the CTA, November 1, 2017

The College Transparency Act: What Are Future Use Cases of Student Data? EdTech Magazine. September 21, 2021

College Database Bill Raises Concerns About Student Privacy Inside Higher Ed. April 26, 2021

Despite Decades of Hacking Attacks, Companies Leave Vast Amounts of Sensitive Data Unprotected ProPublica January 25, 2022

For immediate release: May 14, 2020

More information: Fatima Geidi, [email protected];   (646) 373-1344
Leonie Haimson, [email protected]; 917-435-9329

 

Eva Moskowitz and Success Academy found guilty of violating NY State student privacy Law

 

The Chief Privacy Officer of the NY State Education Department issued a ruling on Tuesday May 12 that Eva Moskowitz and Success Academy had violated Education Law 2d, the state student privacy law, that prohibits the disclosure of personal student information without parental consent except under specific conditions required to provide a student’s education.

In 2015 and thereafter, Success Academy officials published exaggerated details from the education records of Fatima Geidi’s son when he was attending Upper West Success Academy, and shared them with reporters nationwide.  They did this under Eva Moskowitz’ direction to retaliate against Ms. Geidi and her son, when they were interviewed on the PBS News Hour in 2015, about his repeated suspensions and the abusive treatment he suffered at the hands of school staff from first through third grade.

Ms. Geidi filed a student privacy complaint to the State Education Department in June of last year.  In response to her complaint, Success Academy attorneys made a number of claims, including that the statute of limitations had lapsed, that charter schools were not subject to Education Law 2D,  and that school officials have a First Amendment right to speak out about her child’s behavior.  All those claims were dismissed in the decision released yesterday by the NYSED Chief Privacy Officer, Temitope Akinyemi.

The State Education Department has now ordered Success Academy to take a number of affirmative steps, including that administrators, staff and teachers must receive annual training in data privacy, security and the federal and state laws on student privacy, that they must develop a data privacy and security policy to be submitted to the State Education Department no later than July 1, 2020, and that after that policy is approved, it must be posted on the charter school’s website and notice be provided to all officers and employees.

As Fatima Geidi said, “ I am happy that my son’s rights to privacy and hopefully all students at Success Academy from now on will be protected, and that Eva Moskowitz will be forced to stop using threats of disclosure as a weapon against any parent who dares speak out about the ways in which their children have been abused by her schools.  However, I am disappointed that the Chief Privacy Officer did not order Ms. Moskowitz to take out the section of her memoirs, The Education of Eva Moskowitz, that allegedly describes the behavior of my son.  I plan to ask my attorney to send a letter to Harper Collins, the book’s publishers, demanding that they delete that section of the book both because it contains lies and has now been found to violate both state and federal privacy law.  If they refuse, we will then go to the Attorney General’s office for relief.”

Last year, the US Department of Education also found Ms. Moskowitz and Success Academy guilty of violating FERPA, the federal student privacy law.  The official FERPA findings letter to Ms. Moskowitz is here.  Yet Ms. Moskowitz launched an appeal of that ruling on similar First Amendment grounds, with the help of Jay Lefkowitz of Kirkland and Ellis to represent her in the appeal.  Lefkowitz is the same attorney who negotiated a reduced sentence for Jeffrey Epstein, the notorious child sex abuser, in a controversial plea deal in Palm Beach County in 2007. Though Ms. Geidi has repeatedly asked the U.S. Department of Education about the outcome of this appeal, she has heard nothing in response.

As Leonie Haimson, co-chair of the Parent Coalition for Student Privacy, pointed out: “Fatima’s son is not the only child whose privacy has been violated by Success Academy.  Last year, Success shared details from the private education files of Lisa Vasquez’ daughter with reporters from  Chalkbeat without her consent, after Ms. Vasquez spoke about how her daughter had been unfairly treated at Success Academy Prospect Heights.  The SUNY Charter Institute also noted unspecified violations of FERPA by SAC Cobble Hill, SAC Crown Heights, SAC Fort Greene, SAC Harlem 2, and SAC Harlem 5 during site visits, noted in their Renewal reports.  The time for Eva Moskowitz to comply with the law and stop violating the privacy of innocent children whose parents dare to reveal her schools’ cruel policies has long passed.”

###

Parent Coalition for Student Privacy signed onto this complaint to the FCC about Facebook’s violation of children’s privacy and the federal law known as COPPA via its Messenger for Kids app.
Contact: David Monahan, CCFC: [email protected]; 617-896-9397

BOSTON – Wednesday, October 3, 2018 – Today, a coalition of 17 public health advocacy groups called on the Federal Trade Commission (“FTC”) to investigate and take action against Facebook for violations of the Children’s Online Privacy Protection Act (“COPPA”). The groups filed a complaint asserting that Messenger Kids, a controversial messaging application for children as young as five, collects kids’ personal information without obtaining verifiable parental consent or providing parents with clear and complete disclosures of Facebook’s data practices.

Messenger Kids is the first major social platform designed specifically for young children. The FTC complaint says that Facebook’s parental consent mechanism does not meet the requirements of COPPA because it’s not reasonably calculated to ensure that the person providing consent is actually the child’s parent. Any adult user can approve any Messenger Kids account, and testing confirmed that even a fictional “parent” holding a brand-new Facebook account could immediately approve a child’s account without proof of identity. The complaint also asserts that Facebook Messenger Kids’ privacy policy is incomplete and vague. The policy allows Facebook to disclose data to unnamed third parties and the “Facebook Family of Companies” for broad, undefined business purposes. The policy does not specify what companies are in the “Facebook Family.” COPPA requires that privacy policies list the name and contact information of any third parties who have access to children’s data.

The complaint was organized by the Campaign for a Commercial-Free Childhood (CCFC) and drafted by the Communications & Technology Law Clinic in the Institute for Public Representation (“IPR”) at Georgetown University Law Center. “Despite Facebook’s promises to the contrary, Messenger Kids blatantly violates COPPA’s protections for children’s privacy by collecting children’s personal information without informed, verifiable parental consent,” said Jim Graves, Staff Attorney and Clinical Teaching Fellow at IPR. “In fact, Facebook’s parental verification method is similar to one the FTC rejected in 2013. The FTC should act quickly to stop Facebook’s violation of children’s privacy.”

Earlier this year, CCFC sent Facebook CEO Mark Zuckerberg a letter signed by over 100 experts and advocates, asking him to pull the plug on Messenger Kids because it undermines children’s healthy development. CCFC also launched a petition calling on Facebook to scrap the app.

“While evidence shows that excessive social media use negatively impacts the wellbeing of children and teens, Facebook is trying to get kids hooked at the tender age of five,” said CCFC’s Executive Director Josh Golin. “They tell parents that Messenger Kids was designed to be safe for children, but they don’t even comply with the most basic privacy requirements of the law. The best choice for parents is clear: keep young kids away from Facebook.”

Organizations which signed today’s complaint along with Campaign for a Commercial-Free Childhood were Badass Teachers Association, Centre for Child Honouring, Consumer Federation of America, Defending the Early Years, EPIC Privacy, Media Education Foundation, MomsRising/MamásConPoder, New Dream, Parent Coalition for Student Privacy, Parents Across America, Peace Educators Allied for Children Everywhere (P.E.A.C.E.), Public Citizen, The Story of Stuff, TRUCE (Teachers Resisting Unhealthy Childhood Entertainment), United Opt Out National, and USPIRG.
CCFC is the home of the Children’s Screen Time Action Network, which provides resources for parents and professionals who want to reduce the time children spend on digital devices.

Read the full complaint here: https://www.commercialfreechildhood.org/sites/default/files/devel-generate/wab/FTC%20FB%20Messenger%20Kids%20Letter.pdf

###

Here is background on this issue, with instructions on how to send your own comments to the Commission on Evidence-Based Policymaking, due December 14, 2016.  Here is the letter, signed by several parent, education and privacy organizations, sent  to the Commission today.

For Immediate Release

November 14, 2016
For more information: Leonie Haimson, [email protected]; 917-435-9329

This morning a letter was sent to the federal Commission on Evidence-Based Policymaking from parent groups, education advocates, and privacy experts, urging them not to propose that the ban on a centralized federal database of student personal data be overturned.

Recently, several DC-based groups testified before the Commission, urging that this ban be lifted, which was established by Congress as part of the Higher Education Act in 2008.  The Gates Foundation has also announced that the creation of a centralized federal database to track students from preK through college, the workforce and beyond is one of their top advocacy priorities for 2017.

In the letter, parent, privacy and education organizations warned that eliminating this ban would risk that highly sensitive information would breached, as has occurred with sensitive data held by many federal agencies in recent years.  A hack into the Office of Personal Management released personnel records of about 22.1 million individuals. More recently, an audit of the US Department of Education found serious security flaws in their data systems, and a government security scorecard awarded the agency an overall grade of “D.”

Moreover, K-12 student data currently collected by states that would potentially be incorporated in the federal database often include upwards of 700 specific personal data elements, including students’ immigrant status, disabilities, disciplinary records, and homelessness. Data collected ostensibly for the sole purpose of research would likely be merged with other federal agency data and could include information from their census, military service, tax returns, criminal and health records.

Said Leonie Haimson, co-chair of the Parent Coalition for Student Privacy, whose members led the fight against inBloom, designed to capture and share the personal student data of nine states and districts, “A centralized federal database containing the personal data of every public-school student would pose an even greater risk to individual privacy than inBloom.  It would allow the government to create dossiers on nearly every United States resident over time, and if breached or abused would cause immeasurable damage.”

As privacy advocates in England recently discovered, the personal information in a similar national student database that the government promised would be used only for research purposes has been secretly requested by the police and by the Home Office, in part to identify and locate undocumented children and their families.

“Our disastrous data privacy situation here in England should serve to warn Americans of the grave dangers of this sort of comprehensive student surveillance and database. The personal confidential information in our National Pupil Database was supposed to be used only for research, but we found out recently that data on thousands of students and their families has been secretly requested by the police and for the purposes of immigration control in just the last 15 months. It would be unwise and irresponsible for the United States to create a similar database, which can so easily be used for political purposes which are not in all children’s best interests,” said Jen Persson, coordinator of defenddigitalme, a privacy and digital rights group in the UK.

Chad Marlow, Advocacy & Policy Counsel of the American Civil Liberties Union, said: “Improving educational opportunities for children and protecting student privacy are not mutually exclusive goals.  In fact, it is our responsibility as parents, educators, and Americans to doggedly pursue both objectives.  Creating any type of centralized database for personally identifiable student data would pose real and significant risks to the privacy of America’s students, and that is why such databases have consistently been rejected in the past.  With education policy, as with privacy, ‘do no harm’ is a reasonable place to start, and here, doing no harm clearly requires rejecting any attempts to establish a universal database that compiles and tracks students’ most sensitive information.”

Diane Ravitch, President of the Network for Public Education and NPE Action pointed out, “Whether Democrat or Republican, the one thing parents agree on is the importance of their child’s privacy. To allow the federal government to collect personal and sensitive data on every public-school student in the nation risks that this information would be misused by the government and corporations. “

“Parents Across America opposes any effort to establish a national student record system. Ever since the federal government weakened protections for student privacy, parents have been in a crisis mode. Our children are exposed every school day to a growing mish-mash of screen devices and online programs that capture mountains of their data. We know that the threat to privacy will only get worse if there’s a national record system; education profiteers will line up to tap into an even more convenient source of private student information. But we are determined not to let that happen to our children’s data,” said Julie Woestehoff, Interim Executive Director of Parents Across America.

Lisa Rudley, Executive Director of the NY State Allies for Public Education, observed, “Data collection and sharing of our children’s personally identifiable information should require a parent’s informed consent. Just because the technology of data mining is here, it doesn’t mean children’s privacy rights should be sacrificed.”

“Our children and their families deserve protection of their data.  More importantly, we must understand that protecting our children relies upon protecting their personal information from breach or abuse,” concluded Marla Kilfoyle, Executive Director of the Badass Teachers Association.

The Commission on Evidence-Based Policymaking is accepting public comment on this matter until December 14, 2016. For more information, visit https://studentprivacymatters.org/federaldatasystem/

####