A reader of a post this morning about a letter from John Kline to Arne Duncan asked for more information about the Department of Education’s change of regulations governing FERPA (the Family and Educational Rights and Privacy Act of 1974).
In a post two years ago, I described the lawsuit filed by EPIC (the Electronic Privacy Information Center), which sought to block the changes in federal regulations in 2011 that loosened the protections of student privacy.
Here is an explanation of the lawsuit that appeared on Valerie Strauss’s Answer Sheet blog.
The EPIC lawsuit was dismissed in 2013; the Court held that EPIC did not have standing to sue. Its ruling did not deal with the substantive claims.
Parent groups became concerned about FERPA when the Gates Foundation and the Carnegie Corporation funded the “Shared Learning Collaborative,” which was renamed inBloom. The plan was to aggregate personally identifiable student data from state data warehouses, store them in a cloud, and make them available for use by others. Whether those others included vendors, researchers, or commercial enterprises is not sure, but parents vehemently opposed the entire plan. The software was developed by Rupert Murdoch’s Wireless Generation (part of Joel Klein’s Amplify division) and the data would be stored in a “cloud” managed by amazon. Parent groups, fearful that their child’s personal data would be mined, testified against the data-sharing agreements in every state and district that agreed to join inBloom, and the effort collapsed. The last state to withdraw was New York, because Commissioner John King supported inBloom. The legislature compelled the state’s withdrawal. When there were no states or districts willing to share student data, inBloom had no reason to exist.
The organization to fight inBloom was led by Leonie Haimson of New York and Rachel Strickland of Colorado, who formed the Parent Coalition for Student Privacy. See here and here and here.
Diane Ravitch's blog 
Sometimes we need to cast a wider net to discover why.
Ronald Reagan’s policies (or those written for him) created the supply side, trickle down, ass backwards, form of “freestyle” capitalism we have had for 40 years. They have led to the downfall of the middle class and the destruction of Public Education.
Obviously, economic policies have far-reaching effects.
Too many Americans have too little knowledge of economics other than the crap they are sold by mostly Republican and Democratic propagandists, bought by corporate and financial world interests.
And what do Americans know to combat that propaganda? Not much.
https://dcgmentor.wordpress.com/2015/10/17/1073/
I neglected to mention that Race to the Top required states to create a longitudinal data warehouse to be eligible, so it seems to have been Duncan’s purpose from the start to make a national database of student information available. Even without inBloom, data mining continues. Whenever students take online tests, the corporations collect personally identifiable data about them.
Readers should be aware that the US Department of Education outsources its data collection to various companies. To give you an idea about the one company at the center of USDE’s Privacy Technical Center including the key officials in charge of FERPA, here is the name of that company:
APPLIED BUSINESS MANAGEMENT SOLUTIONS,INC is consulted by USDE on privacy matters and it provides the data collection point for just about everything at the heart of privacy deliberations. All of these contracts are still active.
$7,751,192. Provide support services for Privacy Technical Assistance Center (PTAC), which is a resource for State Education Agencies, Local Education Agencies, the postsecondary community, and other parties engaged with education data bases.
$26,983,303. Contract for work with State Longitudinal Data Systems (SLDS) Program Officers to provide assistance to State education agencies in the planning, development, expansion, and implementation of longitudinal data systems, including The Educational Data Technical Assistance Program (EDTAP), State Longitudinal Data Systems (SLDS)
$5,288,243. Contract for EdFacts State Education Information Support Services (SEIS)
$5,303,249. Contract for EDFacts Technology and Support Services II
$3,288,779. Contract to maintain and enhance technical solutions for Office of Civil Rights (OCR) stakeholders with efficient access to high quality information collected by the Civil Rights Data Collection (CRDC) and other ED collections (EDFacts).
$1,299,805. Contract for Civil Rights Data Collection (CRDC) Technical Assistance
$1,695,817. Contract for technical services to support the Office of Special Education Programs in managing and operating its Monitoring and State Improvement Program Monitoring Tool
$196,799. Contract for technical services to the Office of Elementary and Secondary Education for a workflow process and technical assistance tool to facilitate the monitoring of Elementary and Secondary Education Act Flexibility
$1,798,473. Contract for technical services to support the U.S. Department of Education initiative regarding analysis of assessment, graduation rate, and leading indicator data of School Improvement Grant schools
Now consider a few active contracts that illustrate current cybersecurity issues and obligations at USDE. Every one of these contractors moves data into a wider and wider circle of possibilities for breeches of security while seeming to offer up security solutions for USDE. How secure are the systems of the contractors? how will we know? USDE does NOT seem to know.
K2SHARE, LLC $787,105. Contact for cybersecurity training services in order to further enhance the Department’s understanding of the various information technology threats and, as a result of the received training, enhance the Department’s overall cybersecurity awareness and posture to defend against the various threats.
THE MITRE CORPORATION $1,375,284. Contract for specialized security support services that implement/enable a wide-array of the Department’s cyber security initiatives.
TRANSCENDENCE, INC. $1,848,917. Contract for administrative and technical Security Support Services within the areas of personnel, physical, communication, Continuity of Operations, and Information Technology (IT) for the Department’s Security Services Program.
PHACIL, INC. $1,863,261. Contract for Security Authorization (SA) support services that establishes and implements Department-wide processes and management controls that are necessary to enable effective risk decisions, enable tighter management and oversight of IA and security engineering practices, and improve program execution.
MATRIX LOGIC CORPORATION-$1,550,965. Contract to maintain the Case and Activity Management System (CAMS) on the Department’s infrastructure, and enhance the CAMS to fulfill the Office for Civil Rights (OCR) and the Office of the General Counsel (OGC) business requests, meet the requirements of accessibility standards by section 508 of the Rehabilitation Act of 1973, and comply with computer security requirements of the Federal Information Security Management Act of 2002 (FISMA).
DELOITTE CONSULTING LLP $17,344,319. Contract for technical services related to the Migrant Student Information Exchange (MSIX). Specific services include: (a) ensuring the MSIX remains fully functional and stable (e.g. bug-fixes, security upgrades, software patches), and complete all required system, hardware and software upgrades in a timely manner; (b) interfacing daily with customers and other MSIX personnel to maintain a high quality of support for MSIX; and (c) installing and maintaining all MSIX hardware components.
MAXIMUS Federal Services, Inc. $81,561,196. Contract to service Federal Student Aid’s (FSA) portfolio of defaulted student loans and grant overpayment debts, and perform operation and maintenance (O&M) of FSA’s portfolio management database, the Debt Management Collections System (DMCS). The servicing effort shall include: an in-bound call center, intake facility, correspondence unit, warehouse for securely storing the collateral and other documentation, a payment center for processing payment files, a servicing center for making account adjustments, a help desk, and a fulfillment center for generating and mailing hardcopy notices, forms, and responses.
QUALITY INFORMATION PARTNERS INC $6,476,963. Contract for the development and adoption of standard data definitions, quality control practices, and statewide longitudinal student data systems.
And here is a small sample, repeat, small sample, from one contract, of the quantities of data flowing in the USDE.
SRI INTERNATIONAL $6,181,003. The purpose of this contract is to obtain technical services and analytic support for the Department across a wide range of subject areas related to key Pre-Kindergarten through College (PK through 16) issues that may include but are not limited to: (a) College- and career-ready standards and aligned assessments; (b) State and local assessment and accountability systems, including measurement issues relating to assessing student and school performance; use of multiple measures, growth models, and value-added models; and inclusion of students with disabilities and English learners; (c) Achievement gaps and progress for disadvantaged students and all students, including economically disadvantaged students, students with disabilities, English learners, minority students, and other student subgroups; (d) Postsecondary educational attainment and employment outcomes for youth and adults, and (e) Teacher quality, including issues relating to pre-service and in-service teacher preparation and professional development; teacher recruitment and retention; assignment and distribution of highly-qualified teachers; and teacher evaluation and compensation.
Source of all.
https://www2.ed.gov/about/…/list/…/contracts/active_contracts_list.xls
below
Thank you for posting this little history lesson about FERPA. Just a couple of months ago I become aware of this law and how Duncan used his power to amendment it to make our children’s data vulnerable to the money hungry corporations. And with that my adventure to opt out of FERPA began. First I searched my districts website and found no mention of FERPA whatsoever. Then a friend suggested I check our schools hardcopy calendar (that I and many do not get because it must be purchased) and I found a small blurb hidden within the binding and it explained what was the ORIGINAL intent of the the law was to guarantee parental rights to student records (that we now call DATA). Understanding the full implications of the revised FERPA law I sent a clear and detailed letter to the district opting my children out of sharing their data with 3rd party vendors. I heard nothing back from them for 2 weeks. Not even an acknowledgement of receipt of my letter. I became concerned because I know that there is a limited window of time of about 2 weeks from the start of school to opt out of FERPA. Feeling ignored I asked at a board meeting if they were honoring opt out requests for FERPA. The superintendent said that they will follow law and the next day it was on the district website informing the parents of their right to opt out but still with not complete and correct information. I also at that time received an an email from the district “data person” asking me “exactly what did I want to opt my kids out of?” when it was very clear in my letter and I restated it. I still do not know for sure if my request is being honored. My experience is far from unusual. The vast majority of parents have no idea about this law and what it all means. All districts should be more transparent about this and send home letters on the first day of school informing parents in the same way they are now legally bound to do so with the “Code of Conduct”. Anyway, I wanted to share my experience and thoughts and frustrations about this with you. I will be posting your blog piece to my community parent page to continue to try and educate about this. Thank you again for all you do.
*amend the law 🙂
They sure seem to have gone about the whole thing rather surreptitiously.