Monday, June 02, 2014

Mining Student Data

 Stories from KUOW and Politico (highly recommended) and information I learned about what's in a TFA contract today about student data. 

One is the KUOW piece about ConnectEDU and SPS.  It fleshed out what I had reported and had a couple of interesting comments.   Again:

For the past three years, the school district has uploaded middle and high school students’ names, grades, addresses and demographic data to the website ConnectEDU. Students were able to add additional information, such as where they’d like to go to college, and how much they want to spend on tuition.

The ConnectEDU privacy policy said that if the company was ever sold, users would be notified and allowed to remove all personally identifiable data from the site.

After learning that the company had filed for bankruptcy and was looking to sell, Rahm said the district tried to end its contract with ConnectEDU and have all student data on the site deleted.
The company’s lawyers refused, citing bankruptcy protections.

Rahm said that’s troubling.

"I’m not concerned at this time that the sale of the company is going to result in student data being lost, or being misused, but it definitely is in violation of the agreement that all the schools had with ConnectEDU in their contract, and that’s a little bit frustrating and concerning," Rahm said.

Really?  It's "a bit concerning" that that data could be sold off to the highest bidder?  Not to the FTC.

In a letter to the bankruptcy judge, the FTC said that the proposed ConnectEDU sale could violate FTC rules that bar "deceptive acts or practices."

The FTC also said that "information about teens is particularly sensitive, and may warrant even greater privacy protections than those accorded to adults."

Here's what Connect EDU had to say:

A ConnectEDU attorney has promised Seattle Public Schools that any company that buys the student data will have a privacy policy at least as strong as the original.

If ConnectEDU would not honor its own contract, why should the district (or parents of students) believe in any so-called privacy policy that comes out the sale of this information?

Still, the FTC said such a sale would likely be illegal unless the 20 million students nationwide with data on the ConnectEDU are first notified and allowed to remove their personally identifiable information from the site.

I'll try to keep up and let you know if Seattle Schools' student data is protected or sold to the highest bidder.  The least the district could do is notify parents whose students enrolled (because I'm pretty sure that the majority of parents have no idea about any of this).

Speaking of student data, here's is what we find embedded in the Teach for America contract that is now standard.  Teach for America likes to videotape its teachers and review their "instructional technique."  Nothing wrong with that except that nowhere do we see if parents are notified that their children may be taped and those tapes go out of that district.

Further,  TFA has its own "on-line data storage services including transfer and storage of personally identifiable student information on Teach for America's proprietary software and servers."  

Meaning, TFA wants access to "student records" for their own purposes of professional development and data storage services."  Further:

School District acknowledges that Teach for America may re-disclose Student Records to third parties pursuant to Teach For America's provision of the Professional Development Data Storage Services....provided that Teach for America shall, in advance, provide to School District the names of such parties and a brief description of such parties legitimate educational interest in receiving such information.  

Districts are told they should include notification of FERPA rights to parents that TFA is "a school official with a legitimate educational interest."

I found this in contract after contract. 

So TFA can give away information, without needing a district's permission.

Here's what I wrote about the TFA contract with SPS in 2010:

The motion has some new info in it and at least one thing I think we can count as a win. That is that two of the more onerous FERPA issues are gone. TFA can still use student identifiable data but cannot disclose it to any third parties. And, they have to return or destroy any student educational records obtained through the District, in its possession, upon request from the District. I think we better make sure that every year the District makes that request.

I have no idea if that remains true to this day.  One more good reason for NOT hiring TFA in our district.

More on data mining students from Politico.   This is a GREAT article on this issue and one that all parents should read. 

And the Obama administration has encouraged it, even relaxing federal privacy law to allow school districts to share student data more widely.

The goal is to identify potential problems early and to help kids surmount them. But the data revolution has also put heaps of intimate information about school children in the hands of private companies — where it is highly vulnerable to being shared, sold or mined for profit.

A POLITICO examination of hundreds of pages of privacy policies, terms of service and district contracts — as well as interviews with dozens of industry and legal experts — finds gaping holes in the protection of children’s privacy.

The amount of data being collected is staggering. Ed tech companies of all sizes, from basement startups to global conglomerates, have jumped into the game. The most adept are scooping up as many as 10 million unique data points on each child, each day. That’s orders of magnitude more data than Netflix or Facebook or even Google collect on their users.

“When you really start digging in… they start getting antsy. It’s ‘Why are you asking this?’” said Lenny Schad, chief information technology officer for the Houston Independent School District.

“This is a problem we can’t ignore,” Schad said. It is, he said, “the wild, wild West.”

And who else is big in this field? Knewton.

The NSA has nothing on the ed tech startup known as Knewton.

The data analytics firm has peered into the brains of more than 4 million students across the country. By monitoring every mouse click, every keystroke, every split-second hesitation as children work through digital textbooks, Knewton is able to find out not just what individual kids know, but how they think. It can tell who has trouble focusing on science before lunch — and who will struggle with fractions next Thursday.

 Knewton CEO Jose Ferreira finds such concerns overblown. 

When parents protest that they don’t want their children data-mined, Ferreira wishes he could ask them why: Is it simply that they don’t want a for-profit company to map their kids’ minds? If not, why not? “They’d rather the NSA have it?” he asked. “What, you trust the government?”

The conclusion from Politico:

There’s no conclusive proof any company has exploited either metadata or official student records. But privacy experts say it’s almost impossible to tell. The marketplace in personal data is shadowy and its impact on any one individual can be subtle: Who can say for sure if they’re being bombarded with a certain ad or rebuffed by a particular employer because their personal profile has been mined and sold?

Ed tech insiders will not name bad actors in their industry. But they will say this: It’s quite possible to exploit student data — and there can be a great deal of pressure to do so, especially for startups that are giving away their product for free in hopes of gaining a toe-hold in classrooms.

As I have mentioned, I am working very hard on learning about this issue.  There are now - sad to say - health records involved as HIPAA and FERPA do NOT overlap and while some student health data may be protected by HIPAA, it may not be under FERPA.  That means the district can give it away to anyone they deem having "a legitimate educational interest."  

Might want to start giving this some real thought. 

8 comments:

Anonymous said...

Troubling. My district has opted to go for google for education, giving all teachers and students basically g-mail addresses, and expecting us to use google drive to send and receive student work. I don't think there's any way for parents to opt out of it, students can choose not to sign in to their account if it's not necessary, but any teacher who puts their work on drive is pretty much demanding students log in and be tracked heavily (using chrome as a browser) while they work.
On top of that my district is starting to push us toward eVAL WA, with no guides as to how long digital records will be kept, and as far as I know no informed consent from parents.

glad I left

Melissa Westbrook said...

Glad, I'm pushing to change that. I want parents to have the ability to know who sees their child's data and why. That the district and others seem to want to push back should make any parent suspicious.

dw said...

dglad I left,

Unbelievable. What district is this? What age are the kids they're foisting this on? COPPA laws may be helpful if they are doing this to kids under the age of 13.

Raise some hell. Short of suing them, what can you do? The biggest thing is to publicize the heck out of what they're doing. Go to every meeting that you can and speak out. Make sure every last parent in your district knows that your administrators are giving away their children's personal data to a data-mining company. The only way to stop this crap is for parents to rise up en masse and complain. Very loudly.

Anonymous said...

I'm a teacher, not a parent, and unfortunately I'm still waiting out (barely) my 3-year probationary period. I've been asking questions of our union about guidelines, and I'm putting notice of the situation in my syllabus, but I need to keep a low profile until I'm out of the fire-without-cause part of my career. I expect though that the move toward outside companies housing data is not as limited as I hope. By posting here I hope to make others in other districts aware of some of the technologies to keep an eye out for, I doubt discussion of eVAL will ever go public as it is supposed to be an internal evaluation tool.

dw, I'll see how fare down the accounts extend, I think to middle school but I'm not sure as I'm in high school.

glad I left

seattle citizen said...

1) Lots of discussion in this post (in the excerpts from articles) about SHARING data, meaning who private companies might voluntarily share data with, but nothing about hacking.

I can only assume that any student data put on any website or drive or computer is subject to theft - Look at how many big, well-funded corporations, who one would assume to be savvy and wealthy enough to prevent hacking, have had millions of pieces of data stolen. And our kids' data won't be hacked and resold? Right.

2) glad I left writes: "I need to keep a low profile until I'm out of the fire-without-cause part of my career."
At least you have now, and will have, some slight degree of protection in your union. Educators at charter schools are "fire-at-will" and will certainly toe the line and do what the master says without a peep of complaint...and these schools, such as those in New Orleans, serve some of our most vulnerable children.

seamom said...

Thank you so much for posting. So much to think about. Amazing public service job you are doing.

tom cooper said...
This comment has been removed by the author.
tom cooper said...

135Hello !
This is a really really great post .i found many good informations here and would like to recommend to everyone to read the post and get the information about bankruptcy lawyer in seattle
and please see this site to get more info about this type of help please click here: http://startfreshnorthwest.com