Archives for category: Privacy and Privacy Rights
« Older Entries
Newer Entries »

Privacy Advocates: Néw Federal Proposal Falls Short

By dianeravitch
April 29, 2015 //
4

This just in:

For immediate release: April 29, 2015

Contact: Rachael Stickland, 303-204-1272, info@studentprivacymatters.org

Leonie Haimson, 917-435-9329, leoniehaimson@gmail.com

http://www.studentprivacymatters.org

Messer/Polis Privacy Bill Still Inadequate to Protect Children from Commercial Exploitation and Data Breaches

The student privacy bill just introduced by Representatives Messer and Polis is an improvement from their previous draft, but still has many loopholes that make it inadequate to address many parental concerns about their children’s privacy and safety.

Leonie Haimson, co-chair of the Parent Coalition for Student Privacy said, “The bill still doesn’t require any parental notification or consent before schools share personal data with third parties. It wouldn’t stop the surveillance of students, or the collection of huge amounts of highly sensitive student information by third parties, as inBloom was designed to do.”

“The bill still allows targeting ads to kids –as long as the ads are “contextual” or selected based on information gathered via student’s single online session. We strongly believe that there should be no advertising allowed in instructional programs assigned to students at school, as ads do not aid learning but is a huge distraction to kids. Moreover, how can a parent know if their child is subjected to an ad, whether it is based on data-mining during one session or over time?”

Rachael Stickland, Colorado co-chair of the Parent Coalition said: “We’re pleased to see some of our recommendations reflected in this draft, including enhanced transparency and some limitations on redisclosures. This bill allows parents to delete personal information from the data collected from their children, but it doesn’t require that parents be informed by either the vendor or the school that this data is being disclosed, collected and data-mined, so how would parents know to ask to delete it? It also allows vendors to data-mine personal information to improve their products or create profiles that could severely limit student’s success by stereotyping them and limiting their opportunities.”

Other remaining weaknesses of the bill:

There are NO specific security protections outlined in the bill, only that procedures should be “reasonable.”

We believe that any vendor collecting and using sensitive student personal information should be required to employ data encryption, undergo regular security audits, and other important measures to protect against damaging breaches.

Vendors would not have to inform parents or even school officials of data breaches unless they deem this “appropriate” without defining when that would be required, and there are no specific amounts required for fines.

Vendors could transfer the personal student data to another company if there is a merger or acquisition.

Vendors would be able to redisclose students’ personal information to an unlimited number of unspecified service providers, without the knowledge or consent of schools or parents

Vendors would be allowed to disclose de-identified and aggregate data, while using “reasonable” methods to ensure that the data could not be re-identified.

This again is inadequate protection, given how easy it has become to re-identify personal information with current methods and widely available data sets.

The bill’s protections would not apply to children in preschool and”K-12 Purposes” is only vaguely defined.
· Vendors could use student information for many commercial purposes including “maintaining, developing, supporting, improving, or diagnosing the operator’s school service.”

Rachael Stickland concludes: “This bill is clearly a step in the right direction but it needs to be further improved if it is going to protect our children from commercial exploitation and devastating breaches. Our children’s privacy and safety is invaluable and should not be put at risk by being handed off carelessly for profit or for gain.”

###

Categories Privacy and Privacy Rights, Students

California Parent Thanks Leonie Haimson

By dianeravitch
April 27, 2015 //
16

Leonie Haimson is a national treasure. She founded a group called Class Size Matters, which advocates for reduced class size. She is an unpaid worker for kids in Néw York and across the nation. She is also an expert on data-mining and student privacy. Through her research and testimony, she informed parents in seven states about the $100 million committed by the Gates Foundation and the Carnegie Corporation to create inBloom, a vast data mining plan. Once exposed, arents protested, state after state withdrew and inBloom collapsed.

Here is a public letter from a parent to Leonie Haimson:

The California parent wrote:

Leonie Haimson’s Opt Out Message Rang Out Loud and Clear on the West Coast

—What a small but mighty group can do—

—RestorePVEducation —

We had the privilege of hearing Leonie Haimson speak on April 12th in Rancho Palos Verdes, CA

Leonie spoke to the privacy issues, data mining and high stakes testing.

Parents heard loud and clear.

Today it was confirmed that 200 students out of a class of 464 Opted Out at Palos Verdes High School’s 11th grade class. Only approximately 40% are taking the SBAC.

Palos Verdes High School has a 98% rate of students going on to college.
We are already ‘College Ready’.

If Smarter Balanced thinks that CA parents have already been dumbed-down, think again.

Parents and community are waking up to the Smarter Balanced profiteering scenario and they don’t like what they are finding out.

Parents here questioned “Where is the Smarter Balanced Privacy Policy?” only to find out from Leonie that there is none. Absolutely no Privacy Policy to be found. How reassuring

Parents are questioning why Smarter Balanced has ‘locked out’ the public, school boards, administrators, parents and community from any information regarding the Smarter Balanced Executive Committee, its’ elections, decisions, agendas, minutes, etc.

There is no way to access the SB website for any of this type of information since September 1, 2014.

Yet Smarter Balanced is dictating policy decisions, lessons and testing to 17 states who have paid them with public funds.

Any decisions made by Smarter Balanced are done in secret, while Smarter Balanced functions on public funds.

Housed along with the CRESST center on the UCLA campus, parents fear, and rightly so, that the Hewlitt Foundation CRESST center is accessing our children’s data.

Why? And who else gets to see and use it?

Third party vendors are having a field day with our CA children’s data. We get the Big Data, Big Money Scheme. We don’t want that here.

While our local Palos Verdes Peninsula School District has been pouring funds to meet the unfunded mandates for technology, parents have stormed the Board room questioning why their children are in huge classes or combo classes.

Teachers have only seen a 2% raise over an 8 year period. There is no money for anything but technology to take the SBAC tests.

When asked parents will tell you that 1 teacher is worth a million computers to their child. We don’t need more tech to teach children–we need more teachers.

By 2012, 77 Palos Verdes teachers had lost their jobs, and have not been replaced.

What has come in instead is more computers and software.

Parents get it and will not stand for it any longer.

Thanks Leonie Haimson for bringing your message to CA. We are starting our chapter of Parents Across America.

Watch out Smarter Balanced–here we come!

Categories Common Core, Data and Data Mining, Opt Out, Privacy and Privacy Rights, Technology, Computers, Testing

Laura H. Chapman: The U.S. Department and Its Love of Data, Data, Data

By dianeravitch
April 15, 2015 //
6

The following comment was posted on the blog by Laura H. Chapman, who has been a teacher, author, and curriculum designer in the arts, now retired. We are very fortunate to have such a brilliant person regularly commenting here. In 2011, the U.S. Department altered regulations governing student privacy to make it easy for third parties to access confidential student data.

 

 

I have been looking into issues of data use and privacy. The US Department of Education has a new privacy czar… sort of.

 

If you want to register a complaint about the loss of privacy due to holes punched in the Family Educational Rights Privacy Act (FERPA) by Arne Duncan and his tech buddies, why not go to the top privacy official at the US Department of Education, Kathleen Styles? She is USDE’s first Chief Privacy Officer—Email: kathleen.styles@ed.gov. Or go to Michael Hawes, Email: michael.hawes@ed.gov who is her advisor and the person who oversees USDE’s Privacy Technical Assistance Center (PTAC).

 

What is PTAC? PTAC is supposed to be a “one-stop” resource for learning about “data privacy, confidentiality, and security practices related to student-level longitudinal data systems and other uses of student data. PTAC provides timely information and updated guidance on privacy, confidentiality, and security practices through a variety of resources, including training materials and opportunities to receive direct assistance with privacy, security, and confidentiality of student data systems.” This technical assistance is targeted to meet the needs of state and local education agencies and institutions of higher education.

 

What fascinates me is that these PTAC services—the production and review of “privacy technical assistance products”—are outsourced to an unnamed contractor. The contractor works under “the guidance of the Chief Privacy Officer and in close collaboration with the FERPA Working Group, which consists of representatives of the Office of Management, the Family Policy Compliance Office, and the Office of General Counsel.

 

PTAC also “regularly consults with the USDE’s Privacy Advisory Committee, whose members include Chief Statistician of National Center of Education Statistics, the program officer of the Statewide Longitudinal Data Systems (SLDS), and representatives from the office of Federal Student Aid, the Office of Civil Rights, and the Office of Special Education and Rehabilitative Services (among others).

 

Because the unnamed contractor is smack in the middle of this administrative and “technical assistance” architecture on privacy, I wanted to discover who had that contract.

 

It is a for-profit company, Applied Engineering Management Corporation (AEM). Since 2010, (AEM) appears to have been awarded about $12 million to set up the resources at PTAC.

 

AEM also has contracts with other federal, state, and local governments and agencies.. Their work for USDE includes management of data gathering required to support the “No Child Left Behind” legislation including the 180 data descriptions for EDFacts. EdFacts is the destination for AYP reports, all of those disaggregated test scores, and so on. That is heavy-duty data warehousing.

 

AEM has also operated the National Student Loan Data System receiving data from every college, university, and agency that participates in Title IV loan guarantees and related programs. AEM also designed the management system to track funds allocated to school districts for the National Math and Science Initiative.

 

AEM’s website also says it helps “educators in developing high quality longitudinal P-20 data warehouses and business intelligence solutions that stand the test of time and enable data-driven decision making.”

 

 

I could not find any of the full contracts with AEM. I suppose they are available somewhere. I am sure this company has expertise in data management.

 

The part that bothers me is the idea that “business intelligence solutions” might well be made with all of that P-20 data that is being warehoused, especially since AEM is functioning as if it is major branch of USDE and AEM’s name is not disclosed as the contractor that designed and operates the “Privacy Technical Assistance Center.”

 

AEM–the go-to corporation for USDE’s data management and privacy–has managed to suppress it’s identity as the conduit for USDE’s “big data” projects and guidance to state and local agencies on privacy. Use this phrase to get to the PTAC resources “Privacy Technical Assistance Center.”

Categories Privacy and Privacy Rights, U.S. Department of Education

Crazy Crawfish: How Louisiana Abandoned Student Privacy Law

By dianeravitch
April 9, 2015 //
8

Crazy Crawfish, a blogger also known as Jason France, used to work as a data analyst in the Louisiana Department of Education. He was recently shocked to discover that the department has released confidential student data to the research group CREDO. It even released the data of nonpublic school students.

France realized that the state released personal student data that CREDO didn’t need or use.

He writes:

“It’s only a combination of chance and persistence that I stumbled across the details of this agreement and am able to share my findings with you. How many more agreements like this are out there that are unknown to us? How poorly have they been reviewed? I can’t actually say. Someone outside of LDOE needs to review these types of disclosures (All of them) – before they happen. It is important for the public to have an accounting of both what was promised, but also what was actually delivered. Frankly, if LDOE doesn’t understand their own data, they shouldn’t be providing it to others. I also question whether they should be collecting it all or storing it for decades in the first place.”

Categories Louisiana, Privacy and Privacy Rights, Students

Jon Pelto: A Teacher in Connecticut Defends the Right of Parents to Opt Out

By dianeravitch
March 25, 2015 //
12

In this post, Jonathan Pelto prints the statement of a teacher who defends parents who choose to opt out, despite efforts by the State Education Department to intimidate them. The state takes the position that there is no law allowing opt-out. On the other hand, there is no law prohibiting opt-out. In the upside-down world of corporate reform, the absence of a law prohibiting opt-out means no one may opt out. Just imagine all the other activities that may be prohibited because there is no law on the books specifically permitting them!

 

Martin Walsh of Weathersfield teaches U.S. history. He writes:

 

This year, after several commentators across the state noted that parents had the right to opt out of the SBAC, Connecticut interim Commissioner of Education Dianna Wentzell sent a memo to superintendents stating that “These [CT] laws do not provide a provision for parents to ‘opt-out’ their children from taking state tests.” And that, “These mandates have been in effect for many years…”

 

Several superintendents used this memo to inform parents that they had no right to opt their children out of testing. That was wrong. Fortunately, Joseph Cirasuolo, Executive Director of the Connecticut Association of Public School Superintendents (CAPSS) has now acknowledged parental opt-out rights.

 

The statutes themselves are silent on parental rights. True, there is no opt-out provision, but neither is there a non-opt out provision nor any parental penalty for opting out. Additionally, many parents have opted out of testing over the life of this “mandate” without government interference.

 

The state may be denied Title I funding if the statewide participation rate falls below 95 percent, but no state has ever been punished in that manner. Government officials should provide citizens with facts, not misleading information designed to deprive them of their rights…..

 

Enter Pearson Education and American Institutes for Research (A.I.R.), the corporations responsible for the Partnership for Assessment of Readiness for College and Careers (PARCC) and SBAC respectively. Already free to use their tests for the purpose of data mining thanks to U.S. Secretary of Education Arne Duncan’s unilateral amendment of the Family Educational Rights and Privacy Act (FERPA), these companies demand more.

 

They are monitoring student use of social media in order to determine what is being said about them and their tests and attempting to punish students who run afoul of their rules. That’s right; Pearson and A.I.R. are spying on school children. Wow. Are we living in the United States or North Korea? What about First Amendment Rights?

 

If the state board of education and local school officials support this policy, I will no longer have to refer to the Pentagon Papers case to explain prior restraint; I will merely have to read students the SBAC test rules. These rules and practices constitute a “clear and present danger” to our children.

 

Who knew so many Constitutional rights would have to be trampled upon in order to accommodate the corporate for-profit testing juggernaut? But data collection and tracking are more than worth the trade-off, right?

 

Life in the PARCC police state or under SBAC (curiously similar to SAVAK, Iran’s secret police under the Shah) will be fine, as long as no one criticizes the regime. Sounds like totalitarianism to me.

 

I propose a better solution. The best and most effective way to protect the proprietary interests of these corporations, and more importantly our liberty, is to tell Pearson and A.I.R that they can keep their damned tests and opt our children out…..

Categories Connecticut, Opt Out, Parents, Privacy and Privacy Rights

Student Data for Sale, Thanks to Congress

By dianeravitch
March 23, 2015 //
19

Student privacy activists are outraged by the legislation that’s being rushed through Congress that would legalize industry’s right to confidential data about children without parental consent.

 

This is from Leonie Haimson and Rachel Strickland of Student Privacy Matters:

 

Rep. Luke Messer (IN) and Rep. Jared Polis (CO) are introducing a bill in the House that would allow vendors of online programs used in schools to collect, share and commercialize the personal information of students. Rep. Polis has said that they intend to rush this bill through the House, without amendment or debate. Parents and privacy advocates CANNOT let this happen.

We need your help. Please visit our action page to send a letter and then make a quick call to your US Representatives.

For more information, see articles in POLITICO and The New York Times, and read the comments of the Parent Coalition for Student Privacy available here.

Thanks,

Rachael Stickland and Leonie Haimson

Co-chairs, Parent Coalition for Student Privacy

http://www.studentprivacymatters.org

 

 

Here is today’s story in politico.com by Stephanie Simon:

 

 

“STUDENT PRIVACY BILL UNDER FIRE: A bipartisan student privacy bill to be introduced in the House today aims to reassure parents that their children’s data is safe. But the bill lets companies continue to collect huge amounts of intimate information on students, compile it into profiles of their aptitudes and attitudes – and then mine that data for commercial gain. It also permits the companies to sell personal information about students to colleges and potential employers, according to a near-final draft reviewed by Morning Education. Microsoft has already endorsed the bill. And the chief sponsors, Republican Rep. Luke Messer and Democratic Rep. Jared Polis, say they’re confident it will quickly earn bipartisan support in both chambers. It will likely get a push as well from the White House, which worked closely with Messer and Polis on the language. But privacy advocates and parent activists see the bill as deeply flawed. It’s riddled with “huge loopholes” and “escape clauses,” said Khaliah Barnes, director of the Electronic Privacy Information Center’s student privacy project.

 

– Consider a provision barring companies from selling personal information about students. That seems rock-solid. Yet there’s an exception: A company can sell data if a student or parent requests it be shared “in furtherance of post-secondary education or employment opportunities.” An online textbook, tutorial service or gaming app could likely fulfill this requirement by asking kids to check a box if they want to hear from colleges or employers interested in students just like them. I have more here: http://politico.pro/1CPMUf3

 

– Industry has opposed any federal privacy law, out of concern that it would stifle innovation. Hoping to showcase the benefits of that innovation, the Software Information and Industry Association and the trade association TechAmerica have launched the “Smarter Schools Project,” which highlights classrooms using technology wisely. More: http://bit.ly/1CHTPXw

 

– Some ed-tech start-ups, meanwhile, are moving aggressively to showcase their own commitment to protecting privacy. The company Kickboard is sharing privacy protection advice with other start ups. Clever posted its privacy policy on GitHub, which lets readers track any changes. And when parent activists took to Twitter to question how a startup called LearnSprout was using student data, the company responded by asking them for help making sure the data was protected. Months of dialog followed. LearnSprout unveils its new approach today: The company promises that it will never sell or rent personally identifiable information about students and will never use that information to improve or market its own products. Read more about the dialog from LearnSprout Marketing Director Paul Smith: http://bit.ly/1GCQUNw and from Rachael Stickland and Leonie Haimson of the Parent Coalition for Student Privacy: http://bit.ly/1CGVgnz.”

Categories For-Profit, Privacy and Privacy Rights, Students

Privacy Advocates: Proposed Student “Privacy” Bill in Congress Benefits Vendors, Not Students

By dianeravitch
March 23, 2015 //
10

Parent advocates say that the tech industry desperately wants to protect student privacy from being invaded, except when the tech industry finds it useful and necessary.  The tech industry wants to limit data mining, except under certain circumstances that permit data mining. The bill would make it unnecessary to obtain parental consent for invasions of student privacy.

 

Contact: Rachael Stickland, 303-204-1272, info@studentprivacymatters.org
Leonie Haimson, 917-435-9329, leoniehaimson@gmail.com
http://www.studentprivacymatters.org

 

Messer/Polis Student Privacy Bill Protects Commercial Interests of Vendors not Kids

 

 

The bill just introduced by Representatives Messer and Polis addresses few if any of the concerns that parents have concerning the way their children’s privacy and safety have been put at risk by the widespread disclosure of their personal data by schools, districts and vendors.
Leonie Haimson, co-chair of the Parent Coalition for Student Privacy said, “The bill doesn’t require any parental notification or consent before schools share personal data with third parties, or address any of the current weaknesses in FERPA. It wouldn’t stop the surveillance of students by Pearson or other companies, or the collection and sharing of huge amounts of highly sensitive student information, as inBloom was designed to do.”
“All the bill does is ban online services utilized by schools from targeting ads to kids – or selling their personal information, though companies could still advertise to kids through their services and or sell their products to parents, as long as this did not result from the personal information gathered through their services. Even that narrow prohibition is incomplete, as vendors would still be allowed to target ads to students as long as the ads were selected based on information gathered via student’s single online session or visit – with the information not retained over time.”
Rachael Stickland, Colorado co-chair of the Parent Coalition: “The bill doesn’t bar many uses of personal information that parents are most concerned about, including vendor redisclosures to other third parties, or data-mining to improve their products or create profiles that could severely limit student’s success by stereotyping them and limiting their opportunities.”
Other critical weaknesses of the bill:
Parents would not be able to delete any of the personal information obtained by a vendor from their children, even upon request, unless the data resulted from an “optional” feature of the service chosen by the parent and not the district or school.
The bill creates a huge loophole that actually could weaken existing privacy law by allowing vendors to collect, use or disclose personal student information in a manner contrary to their own privacy policy or their contract with the school or district, as long as the company obtains consent from the school or district. It is not clear in what form that consent could be given, whether in an email or phone call, but even if a parent was able to obtain the school’s contract or see the vendor’s privacy policy, it could provide false reassurance if it turns out the school or district had secretly given permission to the company to ignore it.
Vendors would be able to redisclose students’ personal information to an unlimited number of additional third parties, as long as these disclosures were made for undefined “K12 purposes.”
Vendors would be able to redisclose individual student’s de-identified or aggregate information for any reason or to anyone, without restrictions or safeguards to ensure that the child’s information could not be easily re-identified through widely available methods.
Rachael Stickland concludes: “This bill reads as though it was written to suit the purposes of for-profit vendors, and not in the interests of children. It should be rejected by anyone committed to the goal of protecting student privacy from commercial gain and exploitation.”
### 

Categories Data and Data Mining, Privacy and Privacy Rights, Students

Schneider Explains PARCC’s Security Policy

By dianeravitch
March 23, 2015 //
9

In response to the public outrage over Pearson monitoring of students’ social media, PARCC released a statement describing its fairness and security policy.

Mercedes Schneider discusses it here. Read her suggestion about the best way to protect test security.

Categories Common Core, Privacy and Privacy Rights, Students, Testing

Stephanie Simon: Who Is Spying on Your Children?

By dianeravitch
March 22, 2015 //
11

Ever wonder who does the fun job of reading your children’s tweets, Facebook pages, and Instagrams? Stephanie Simon has done the investigative work, on behalf of politico.com, but really on behalf of parents and children across America.

In the new age of Common Core and online testing, student privacy is dead.

Simon visits companies that do the “monitoring.” She calls them “Common Core’s cyber-spies.”

She writes:

“Pearson is hardly the only company keeping a watchful eye on students.

“School districts and colleges across the nation are hiring private companies to monitor students’ online activity, down to individual keystrokes, to scan their emails for objectionable content and to scrutinize their public posts on Twitter, Facebook, Vine, Instagram and other popular sites. The surveillance services will send principals text-message alerts if a student types a suspicious phrase or surfs to a web site that raises red flags.

“A dozen states have tried to limit cyber snooping by banning either colleges or K-12 schools, or both, from requesting student user names and passwords, which could be used to pry open social media accounts protected by privacy settings. Among those taking action: California, Illinois, Michigan and Utah.

“At least five other states, among them New York and Maryland, are considering similar laws this session, according to the National Conference of State Legislatures.

“But such laws protect only accounts marked as private. Many kids post publicly to build up their online followings.

“And when they do, companies with names like Social Sentinel, Geo Listening, Varsity Monitor and UDiligence are there to read them.
The rise of online student monitoring comes at a time of rising parent protests against other forms of digital surveillance — namely, the vast quantities of data that technology companies collect on kids as they click through online textbooks, games and homework. Companies providing those online resources can collect millions of unique data points on a child in a single day. Much of that information is not protected by federal privacy law.”

Think of it: these companies “can collect millions of unique data points on a child in a single day.”

And that’s not all:

“Some of the monitoring software on the market can track and log every keystroke a student makes while using a school computer in any location, including at home…..

“Sometimes the monitoring is covert: One company advertises that its surveillance software, known as CompuGuardian, can run on “stealth mode.” At the other extreme, some high schools and colleges explicitly warn students that they are being watched and advise them not to cling to “a false sense of security about your rights to freedom of speech.”

Privacy is dead. Privacy is dead. Yes, your children are being watched. Companies you never heard of have collected vast amounts of information about them.

As the CEO of Sun Microsystems famously said in 1999, “you have zero privacy anyway. Get over it.”

Read more: http://www.politico.com/story/2015/03/cyber-snoops-track-students-116276.html#ixzz3V4nbs8Jj

Categories Common Core, Pearson, Privacy and Privacy Rights, Technology, Computers, Testing

Reader: Word from a Test Monitor

By dianeravitch
March 21, 2015 //
4

Reader Chiara shares the following:

Politico has a good piece about the contractor(s) doing the monitoring.

“Chris Frydrych, the CEO of Geo Listening, says his service routinely alerts school principals to students whose posts indicate they’re feeling particularly stressed or angry. He also points administrators to students who share too much personal information online, leaving them vulnerable to cyber predators.

Boasts about cheating. Dares to act recklessly. Taunts. Threats. Trash talk about teachers. For $7,500 per school per year, his service will scoop it all up and report it all to administrators.

“Our philosophy is, if someone in China can type in your child’s user name and see what they’re posting publicly on social media, shouldn’t the people who are the trusted in adults in a child’s life see that information?” Frydrych said.

He responds to critics who worry about privacy violations by quoting a student tweet he spotted while monitoring a school: “Twitter is not your diary. Get over it.”

Read more:

http://www.politico.com/story/2015/03/cyber-snoops-track-students-116276.html#ixzz3V24EuBKl

Someone should inform this guy that he works for, and is paid by, the students and parents he’s sneering at. The arrogance is just incredible. The contractors we’re all paying seem to be running the show.

Read more:

http://www.politico.com/story/2015/03/cyber-snoops-track-students-116276.html#ixzz3V23ajlPV

Categories Privacy and Privacy Rights, Students, Testing
« Older Entries
Newer Entries »