April 24, 2015
Dear Chairman Alexander and Ranking Member Murray,
We write on behalf of the Parent Coalition for Student Privacy to submit comments on the consumer information white paper that the Committee published on March 23, 2015. The coalition is a non-profit voluntary organization of concerned parents and educational privacy advocates across the nation. We are alarmed by the erosion of parental and student privacy rights, by the growth of longitudinal student-level data warehouses that collect and mine personally identifiable data from educational records for unspecified purposes, and by the encroachment of educational technology companies on records that have historically been entrusted only to school authorities with a legitimate educational interest in them.
As parents of current and future college students, we appreciate and applaud the Committee’s interest in producing actionable consumer information that, instead of drowning the public in incomprehensible minutiae, provides meaningful disclosures to guide the college selection process. We also recognize the legitimate data needs of the federal government for purposes of program management and institutional accountability of student aid programs authorized in Title IV of the Higher Education Act. As the Committee proceeds to identify these needs, we urge it to consider the views of parents and students, and to ensure that federal data collection and retention policies do not intrude on privacy rights of students.
We are concerned that various Washington advocacy groups may use the upcoming reauthorization of the Higher Education Act to press for the creation of a federal student tracking system to capture personally identifiable information on all students without notice, without consent, without the right to opt out or even to review their own records. As you are well aware, the feasibility of such a system was thoroughly studied some 10 years ago by the National Center for Education Statistics. Congress, having had the benefit of that extensive analysis, acted to explicitly ban the creation of any such system in the Higher Education Opportunity Act of 2008 due to privacy concerns. It is ironic that even as the privacy threats that a unit-record system would pose have grown exponentially, the pressure to lift the federal ban is greater than ever.
The enormity of the security threat posed by a massive data mart of sensitive personally identifiable information about every student is immediately obvious in light of the spectacular commercial and governmental breaches of the past several years. In fact, the original NCES assurances of security now look naive in their inadequacy. Specifically, NCES proposed (and many State Longitudinal Data Systems funded by the U.S. Department of Education apparently still believe) that the assignment of random identification numbers in lieu of social security numbers would suffice to de-identify records. This notion borders on the laughable in light of advances in computer science and statistical re-identification techniques. The second remedy offered back in 2004 was to “disconnect” the system from the Internet, which, even if it were a serious thought a decade ago, means little in light of the internal data breaches at the Department of Defense and the National Security Agency.
While safeguarding student data against unauthorized disclosures is a great concern for us, we are even more alarmed by the likely authorized disclosures that a unit-record system will inevitably accommodate. We believe that a federal data system with as much information as a unit-record system would quickly turn into a federal lending library available for interagency browsing for unspecified future purposes. Indeed, the high probability of mission-creep is quite obvious in the rhetoric of its advocates, who justify the system on its many–but unspecified–alleged edifying uses. Our coalition members insist that any such application of personally identifiable information can only be legitimated on the basis of the informed consent of the individuals themselves. It is quite unacceptable for policy elites, often in collaboration with technology firms seeking to mint fortunes, to argue that the government is entitled to gain nonconsensual access to our children’s records in pursuit of their policy priorities without so much as letting the students know, let alone soliciting and securing their agreement.
We urge you to ensure that any federal or federally funded collection, warehousing, and mining of personally identifiable information from education records honors fair information practices and provides explicit notice to, and obtains the informed consent of, the individuals involved. We appreciate the opportunity to submit our views for the Committee’s consideration and stand ready to work with you to improve consumer disclosures in a manner that is not violative of basic family educational privacy rights.
Leonie Haimson and Rachael Stickland, Co-chairs
Parent Coalition for Student Privacy