Advocates Say State Program Could Compromise Student Privacy

Tuesday, March 26, 2013

Adam Joseph Drici, GoLocalWorcester Contributor

The American Civil Liberties Union and Bay State education groups have raised the alarm over potential privacy and security issues stemming from the use of student data in the Department of Elementary and Secondary Education's Shared Learning Initiative, but Commissioner Mitchell Chester has maintained that the concerns are unfounded.

The initiative, on tap for discussion at Tuesday's state Board of Education meeting, will partner the Commonwealth with eight other states to collect and store student data, which can then be harnessed to develop personalized learning experiences for students as well as educational content and instructional tools.

Initial funding for the project, currently in a pilot program at Everett Public Schools, has been provided by the Bill and Melinda Gates Foundation and the Carnegie Corporation.

Cloud-based data store

The privacy concerns voiced by the state PTA, ACLU, Citizens for Public Schools and the Campaign for a Commercial-free Childhood in a letter to the state Board of Ed center on inBloom, the non-profit established to administer the database of student information.

Student information collected for the initiative would include names, test scores and grades, as well as disciplinary and attendance records, addresses, demographic data and special education status, all to be stored remotely where education companies can work with inBloom to develop new tools and instructional content.

In their letter to the Board, the groups note that inBloom's own privacy and security policy states that the company cannot guarantee the security of the information it stores or that such information will not be intercepted when en route to developers.

"The Massachusetts Board of Elementary and Secondary Education should be leading the effort protect this data, rather than involved in facilitating its disclosure," the organizations wrote. "The Board should have as its top priority securing the privacy rights of the state's schoolchildren and their families, rather than serving the interests of private corporations."

The groups also outlined a series of steps the Board could take to ensure the full protection of student privacy rights.

State says in full compliance

Commissioner Chester issued a letter in response to the ACLU, including the memorandum of understanding between the state and the Shared Learning Collaborative (SLC), and reaffirmed his commitment to ensuring that all of the ESE's work is in full compliance with state and federal requirements for student records.

"This memorandum makes clear that the participating school districts retain full control over how their confidential student data is to be used and shared, and it obligates all parties to comply fully with the Family Educational Rights and Privacy Act and other applicable data privacy and security laws," Chester wrote, noting that the same provisions are in the SLC's own operating policies.

In a separate memo to the Board, Chester pointed out that the Shared Learning Initiative is still in the research and development stage.

"We will continue to evaluate the project both for its ability to ensure the confidentiality of student data and for its ability to deliver worthwhile services to our educators," he said.

However, Lisa Guisbond, vice president of Citizens for Public Schools, said that the memorandum of agreement did not address all of the concerns of the groups and that the Family Educational Rights and Privacy Act (FERPA) has been substantially changed in recent years, and not for the better.

"Telling us it's going to be fully compliant with a weakened privacy law is also not very reassuring," she said.

The two major issues, said Guisbond, are invasion of privacy and the failure to give parents the option of consenting or declining the use of their student's data.

A violation of trust

Worcester School Committee Vice Chair Tracy Novick characterized the use of student data by inBloom as a violation of the trust established between parents and educators when they send their children to school.

"Simply by virtue of the work we do, we have access to a great deal of information about our students, and we are extremely careful with it," she said. "The state, too, in the past, has been very careful with their information; allowing access, for example, to only gender and race, but not to school codes, or the reverse. No one had access to enough information to put a complete picture together.

"This not only puts the whole picture together, it puts it out in a location that is enormously vulnerable to hacking. And of course, it will be a target. It seems very clear to me that the states are not getting good advice about technological security."

Novick said there is no need for all of the information to be together, and it definitely should not be stored in the cloud.

"I really hope that this comes to a screeching halt before this goes through statewide."

"I'd much rather invest our education resources on the ground, in the schools, with the people who work with our children and know them best," said Guisbond. "I don't have a lot of faith that all of this expensive gadgetry is going to result in our kids getting better instruction."