Note: Click here for a link to share a shorter, easier to share, version of this blog: SHARING STUDENT DATA 101: Connecting the Dots But please do use the full blog below for reference and in depth documentation. See Colorado's SLDS grant application Sept 2015 here.
Connecting the Dots
WHAT KIND OF INFORMATION IS BEING SHARED ABOUT A STUDENT?
During a February 2015 Congressional Hearing on "How Emerging Technology Affects Student Privacy", Rep. Glenn Grothman asked the panel to "provide a summary of all the information collected by the time a student reaches graduate school."
Joel Reidenberg, The Center on Law & Information Policy Fordham Law School Director, had this to say:
"Just think George Orwell, and take it to the nth degree," Reidenberg said. "We're in an environment of surveillance, essentially. It will be an extraordinarily rich data set of your life."
Allyson Knox, Microsoft Representative, said they peek at student email :
"If students are using certain cloud infrastructures, and it's held by a third party, it is possible for [the vendors] to trend through the data," said Allyson Knox, director of education policy and programs for Microsoft. "When [information] is flowing through a data center, it's possible to take a peek at it and find trends and put it on the market to other businesses who want to advertise to those students."
It is public knowledge that Google is used in most classrooms, but did you know that Google has been sued for deceptive practices and for marketing, and reading student emails? You can read more about privacy loopholes in Google Apps for Education Here. Twitter has also been hit with a lawsuit for reading private messages, and, strangely, use of twitter has been promoted in classrooms. ACT and SAT have also been sued for selling student data.
As this Learning Exchange Resource document so beautifully explains, "Each time a teacher or a learner [student] interacts with an [online] Open Educational Resource (OER), these interactions produce data." This glut of data, Big Data, and "personalized online learning" is what has the edtech world so interested in digital education.
Connecting the Dots
WHAT KIND OF INFORMATION IS BEING SHARED ABOUT A STUDENT?
During a February 2015 Congressional Hearing on "How Emerging Technology Affects Student Privacy", Rep. Glenn Grothman asked the panel to "provide a summary of all the information collected by the time a student reaches graduate school."
Joel Reidenberg, The Center on Law & Information Policy Fordham Law School Director, had this to say:
"Just think George Orwell, and take it to the nth degree," Reidenberg said. "We're in an environment of surveillance, essentially. It will be an extraordinarily rich data set of your life."
Allyson Knox, Microsoft Representative, said they peek at student email :
"If students are using certain cloud infrastructures, and it's held by a third party, it is possible for [the vendors] to trend through the data," said Allyson Knox, director of education policy and programs for Microsoft. "When [information] is flowing through a data center, it's possible to take a peek at it and find trends and put it on the market to other businesses who want to advertise to those students."
It is public knowledge that Google is used in most classrooms, but did you know that Google has been sued for deceptive practices and for marketing, and reading student emails? You can read more about privacy loopholes in Google Apps for Education Here. Twitter has also been hit with a lawsuit for reading private messages, and, strangely, use of twitter has been promoted in classrooms. ACT and SAT have also been sued for selling student data.
As this Learning Exchange Resource document so beautifully explains, "Each time a teacher or a learner [student] interacts with an [online] Open Educational Resource (OER), these interactions produce data." This glut of data, Big Data, and "personalized online learning" is what has the edtech world so interested in digital education.
THE U.S. DEPARTMENT OF DEFENSE and YOUR CHILD'S DATA PROFILE
Why would the U.S. Department of Defense have a database with your child's data? The Federal Learning Registry is a joint student data gathering project between the Department of Defense and the Department of Education.
Why would the U.S. Department of Defense have a database with your child's data? The Federal Learning Registry is a joint student data gathering project between the Department of Defense and the Department of Education.
Click here to watch this Learning Registry video.
He talks about inserting EMITTERS into classrooms, via SmartBoards, to capture what is happening in classrooms.
Partial transcript, The U.S. Dept of Ed / Dept of Defense Learning Registry, Steve Midgley, Open Nottingham Seminar 2011
11:14 "Amazon for example, has all these different pieces and they collect a ton of data at every level. If we go to Amazon and say would you give me all your user click trails, all your pricing models, all your supplier data....They say no. It's a fairly short conversation up and that's perfectly reasonable cause they're making a ton of money on that. But the observation in education, is as far as I can tell, I fail to find the person [raise your hand or talk to me later] who doesn't want to share these data in public barring issues on anonymity and privacy and those sorts of things which I think we can resolve."
11:59 What's important is right now [2011] we collect only a little bit of data and really realistically how many fields are filled out in that massive structure for each individual resource? only 4 or 5 and very thinly at that. So there's really not that much data coming out at the resources. But then if we track what how the services are interacting with the resource, what people are connecting to the resource, how are they deploying it, how long did the stream it. These kind of questions, that's a bit more data about the resource, right, and then, the application: We can actually find out this teacher assigned this material; this teacher emailed this to someone else; this teacher dragged it onto a smart board for 18 minutes. Right? This kind in information is coming out in the community data. Which is: these teachers are talking about this thing; these teachers are assembling things into larger structures that can be actually captured and seen in the digital community that we exist in.
12:49 In a print-based world the best you can do is head into the class from the clipboard and start checking boxes, right. That's as good as we had. We have a much better opportunity here to go much much deeper with the relationship between the resources and the deployment of other source because the world is digital.
13:08 Amazon and these institutions are making billions of dollars on this observation right and i think that it's a simpler problem for them print them for us so it is to their credit that there early but I think that there's a big opportunity in the education space to go after this type of data collection. it's going to take significant research effort to develop the right ways to do this because it will not work like Amazon it will be something different but I think that the University research our community is the one that's going to develop a lot a reason to be honest I think there's a lot of money to be made as well."
14:36 "A Common meta data timeline--that is the Learning Registry, a very simple piece of infrastructure; it doesn't do a lot and that's really important to say. We require a lot of other partners if this thing is going to work at all. It does not work on its own it and its not an application; it has no user interface. It has no user community, has no search capability. right. It doesn't do many things that the user will need; so it's these intermediaries institutions on the outside at the time line who are going to be intermediating the data that goes into the registry with the user base ." -Steve Midgley, Learning Registry 2011, Nottingham Seminar
HOW DO THEY COMPARE ALL THE DATA? ==> COMMON STANDARDS, TESTS, DATA, META DATA
He talks about inserting EMITTERS into classrooms, via SmartBoards, to capture what is happening in classrooms.
Partial transcript, The U.S. Dept of Ed / Dept of Defense Learning Registry, Steve Midgley, Open Nottingham Seminar 2011
11:14 "Amazon for example, has all these different pieces and they collect a ton of data at every level. If we go to Amazon and say would you give me all your user click trails, all your pricing models, all your supplier data....They say no. It's a fairly short conversation up and that's perfectly reasonable cause they're making a ton of money on that. But the observation in education, is as far as I can tell, I fail to find the person [raise your hand or talk to me later] who doesn't want to share these data in public barring issues on anonymity and privacy and those sorts of things which I think we can resolve."
11:59 What's important is right now [2011] we collect only a little bit of data and really realistically how many fields are filled out in that massive structure for each individual resource? only 4 or 5 and very thinly at that. So there's really not that much data coming out at the resources. But then if we track what how the services are interacting with the resource, what people are connecting to the resource, how are they deploying it, how long did the stream it. These kind of questions, that's a bit more data about the resource, right, and then, the application: We can actually find out this teacher assigned this material; this teacher emailed this to someone else; this teacher dragged it onto a smart board for 18 minutes. Right? This kind in information is coming out in the community data. Which is: these teachers are talking about this thing; these teachers are assembling things into larger structures that can be actually captured and seen in the digital community that we exist in.
12:49 In a print-based world the best you can do is head into the class from the clipboard and start checking boxes, right. That's as good as we had. We have a much better opportunity here to go much much deeper with the relationship between the resources and the deployment of other source because the world is digital.
13:08 Amazon and these institutions are making billions of dollars on this observation right and i think that it's a simpler problem for them print them for us so it is to their credit that there early but I think that there's a big opportunity in the education space to go after this type of data collection. it's going to take significant research effort to develop the right ways to do this because it will not work like Amazon it will be something different but I think that the University research our community is the one that's going to develop a lot a reason to be honest I think there's a lot of money to be made as well."
14:36 "A Common meta data timeline--that is the Learning Registry, a very simple piece of infrastructure; it doesn't do a lot and that's really important to say. We require a lot of other partners if this thing is going to work at all. It does not work on its own it and its not an application; it has no user interface. It has no user community, has no search capability. right. It doesn't do many things that the user will need; so it's these intermediaries institutions on the outside at the time line who are going to be intermediating the data that goes into the registry with the user base ." -Steve Midgley, Learning Registry 2011, Nottingham Seminar
HOW DO THEY COMPARE ALL THE DATA? ==> COMMON STANDARDS, TESTS, DATA, META DATA
METADATA: little pieces of data, thousands or millions of pieces of data, that in themselves might not identify you but put together can create a comprehensive picture. (ie: a telephone number, and all the calls that phone made (to pharmacy, to OBGyn, to along with credit card purchases, tells us the person's identity and that she is pregnant. Ask Germany and Europe how anonymous meta data is. It's not anonymous at all and gives a heap of information. -OR-- take a student x with 3 siblings, had x teacher last year, x teacher this year, scored x on this PARCC/SBAC test, and lives in this x town, in this grade, this school, transferred from x school, lives in x house, takes x medications.... even easier to identify if s/he has an IEP, gifted talented, or in a demographic that is double tracked (ie: Hispanic, African American , In these groups, pii data is tracked. ) Think of how easy it is to identify a student with millions of data points daily. Meta data is what the SLDS (data dictionary) is based on. Edtech vendors rely on meta data collection too. It is the linking together of data that is so powerful., and dangerous.
"Metadata are structured information that describes, explains, locates, or otherwise makes it easier to retrieve, use, or manage an information resource... a robust metadata system improves the accuracy of data use and interpretation, as well as the efficiency of data access, transfer, and storage." This U.S. Dept. of Ed report also states that "metadata is what drives a tool like a data dictionary ... it is "a metadata model that links metadata items to existing data elements and data sets;" |
|
WHO DELIVERS DATA TO LEARNING REGISTRY / U.S. Dept of Defense and Dept of Ed?
Many of the larger technology, software companies are tied into the Federal Learning Registry and share CEDS aligned data with the federal government. Over 120 edetch companies with access to our classrooms (Pearson, PARCC, SBAC, Microsoft, Questar, Air, Google) are also tied into the Learning Registry via IMS Global.
IMS Global is key to the data sharing and has partnered with the U.S. Dept of Defense/ U.S. Dept of Ed's Learning Registry (in the video above) to deliver student data via online sources. See a list of IMS Global members here.
IMS Global created a standardized interoperable test system, (APIP) with funding from the US Dept of Ed. This ensures that all the test content, whether SBAC or PARCC, AIR or Questar is the same and is aligned with CEDS, coded data elements. This APIP platform literally ensures that all tests are interoperable, using common standards, common data: all the tests are the same.
IMS announced in 2013, Recently, IMS Global Announced its initiative to Establish Digital Badges as Common Currency for K-20 and Corporate Education partnering with Mozilla to collect data on both students and teachers.
"We are pleased that IMS has decided to partner with us to help with the evolution, adoption and promotion of Mozilla Open Badges," remarked Mark Surman, Executive Director, Mozilla Foundation. "IMS has a unique focus on educational technology worldwide that we’re sure will enable substantial progress." http://openbadges.org/
*************************************************************************************************************************************
WHO are WICHE, SEEDS, SHEEO, WFDQI and Data Quality Campaign (DQC) how do they interact with USDoE, CEDS, SLDS, the Learning Registry? Look at this 4 page document highlights how they are all partners and integral parts of data sharing and is a must read for anyone trying to understand how data is shared. (Be sure to also look at DQC- started by 10 organizations, they have a page all their own.)
************************************************************************************************
These agencies listed above are only a FEW of the federally linked, student data collecting /sharing, organizations that exist. It is a good place to start piecing together the puzzle, connecting the dots of how small pieces of data are collected, handled, shared and combined to create a startling complex profile of every child. For example, SEED -The State Exchange of Education Data (SEED), is a coalition similar to WICHE, that enables participating states to track, monitor, and share information for transfer students who cross state lines. Then see this document from WICHE, (excerpt below).
WICHE (partnered with DQC) helped connect SLDS databases across states and in doing so, needed FERPA to be changed. (FERPA was changed in 2011 to allow pii data to shared across states, without parental consent.)
U.S. LAW PROHIBITING A NATIONAL DATA BASE OF STUDENT INFORMATION
After seeing the many organizations collecting and sharing student data (pii, non-pii, meta data, etc) with the Federal government, and each state having an SLDS database, several multi-state data exchanges, increased interoperability, and aligning student data to CEDS for ability share across states and with agencies in the federal government, it makes you wonder if in fact we do already have a national database of student information.
This Arizona legislator, Mark Finchem, reminds us (scroll down to comments section) of the EXISTING law prohibiting the Federal government from having a national database on student information. He, along with many privacy advocates also question whether it is legal or ethical to collect and share a child's personally identifiable information (pii) without parental consent. As
Diane Ravitch, professor and former Assistant Secretary of U.S. Education points out, and also two former Counsels of the U.S. Department of Education Talbert and Eitel point out, the U.S. Dept of Ed is prohibited from directing local education.
The Electronic Privacy and Information Center (EPIC) sued the Education Department for changing FERPA without Congressional authorization, sadly the case ended on procedural grounds. The case was not reopened, but does beg the question as to whether the government has the right to take student data without parent consent. Additionally, this Congressional report shows that most parents aren't told, are not even aware that student data collection, sharing is happening.
Parents, here is one for you to remember. This "secret data" is in direct violation of
The Code of Fair Information Practices, FIPs, established in the United States, 1972.
The Code of Fair Information Practices is based on five principles:
There must be no personal data record-keeping systems whose very existence is secret.
There must be a way for a person to find out what information about the person is in a record and how it is used.
There must be a way for a person to prevent information about the person that was obtained for one purpose from being used or made available for other purposes without the person's consent.
There must be a way for a person to correct or amend a record of identifiable information about the person.
Any organization creating, maintaining, using, or disseminating records of identifiable personal data must assure the reliability of the data for their intended use and must take precautions to prevent misuses of the data.
CURRENT FEDERAL AND STATE LAWS ARE LACKING
There are three Federal laws meant to protect children's privacy: COPPA (protecting certain online activity for children under 13yrs), PPRA and FERPA but as pointed out in this Congressional hearing, these laws are outdated, weakened or often overlooked.
For instance, COPPA does not always cover classroom activity because government institutions are exempt from COPPA, as are non-profit institutions. (PARCC and SBAC assessments are non-profit institutions and as such, they are not protected by COPPA.)
FERPA has many loopholes, has no provisions for security, and has been weakened numerous times to allow sharing of private, personal information (see below about FERPA changes for a program called WICHE.) After these changes in 2008 and 2011, FERPA allows a student's Personally Identifiable Information (PII) to be shared outside of the school, across state lines, with vendors, with "researchers", for marketing, development and research purposes, without parental consent or notification.
There are currently 5 federal bills in Congress, addressing student data privacy and updating FERPA. You can see a comparison of these bills here. There is no guarantee if any of these bills will be passed into law and they will most assuredly be amended by the edtech lobby.
State legislatures have tried to address the lack of student data privacy regulation and oversight; there was a wave of student data privacy legislation in 2014. The majority of these state bills failed, meeting huge opposition by the well funded education technology (edtech), data collection industry. However, even more bills were introduced in 2015; 177 bills were introduced in 45 states dealing with student-data privacy and protection in 2015. That's up from 110 bills that were introduced in 36 states in 2014. Again, the majority of 2015 bills either failed to pass out-right, or were derailed by amendments from the K-12 technology industry.
Almost exact wording appeared in anti-privacy amendments introduced in Oregon and Maryland, Colorado, WA, GA, AZ and they all bear striking resemblance to this model legislation from ExcelinEd that:
allowed targeted advertising to students based on their internet usage and search patterns,
Rather than support strong, enforceable privacy legislation, many in the edtech / student data industry are now offering to police themselves, by signing onto a national SIIA pledge; this is 'the fox guarding the hen house.' This pledge is not enforceable, is merely a promise and offers no transparency, no way for parents to see what data is shared, no ability to track if data is shared or sold. Take note of industry giants like Pearson, and K12inc, and Amazon who have NOT signed even this weak privacy pledge.
WHERE IS THE DATA BEING GENERATED OR COLLECTED?
Most of the data about a child is being gathered at school-via multiple routes, including a large education related database (SLDS) in each state, online data tracking, a student's education record which can include medical information, surveys, and to a lesser extent, data is also shared via opting-in to the student directory /directory information. So, let's have a look.
STUDENT RECORD
To start with, one piece of the data puzzle is a student's education record, which can include student demographics, discipline records, grades and scores, IEPs, mental health, medical history. [Under FERPA, medical records (including counseling records) are generally considered to be education records. HIPPA does not protect a student's medical records. Medical records can be shared outside of the school without parent consent under FERPA.] Parents CAN opt out of directory information **which in today's cloud sharing world, is a smart move. **However, opting out of the directory will do NOTHING to stop data sharing from student records or much, MUCH larger data collection from SLDS and online data. Read on.
SLDS - STATEWIDE LONGITUDINAL DATA SYSTEM- IN EVERY STATE
SLDS-Statewide Longitudinal Data Systems: Every state has a Longitudinal Data System that collects and shares data (both pii and non pii, both academic and non-academic data) from schools. The SLDS is also called a P20 database (pre-K to 20 years of age) some are called P12, B-20(as in data tracking from birth). This site lists states that have received Federal SLDS grants (AL, WY, NM are not listed on this site). However, Alabama's Governor recently declared by executive order: "Alabama P-20W Longitudinal Data System is hereby created to match information about students from early learning through postsecondary education and into employment." Wyoming's P-20 Longitudinal Data System uses a data dictionary (Fusion) that includes information from birth. New Mexico's technology plan shows that NM moved their P-20 SLDS service to production status in 2014 and planned to expand in 2015. This site run by American Institutes of Research (AIR) tracks the status of the 50 state longitudinal databases, as does this site run by the Data Quality Campaign.
This U.S. Dept of Ed document interviewed state "Data Leaders" (Information Technology CEO's) from Colorado, Oregon Maine, Montana, and Washington. The report is helpful in showing how SLDS works as a business model, with power users of student data.
Each SLDS has a data dictionary filled with hundreds of common data elements so they can share student data from birth or pre-school through 20 years of age. This record of data, some of it, Personally Identifiable Information -pii (pii is information that can identity an individual either directly or indirectly through linkages with other information.), is stored in your state Department of Ed's SLDS database and can also be shared with any agency or person doing education related "research". Every SLDS uses the same coded data points, the goal is to align all the data elements with Federal CEDS, a joint effort by CCSSO and the State Higher Education Executive Officers (SHEEO) in partnership with the United States Department of Education, so the data systems are interoperable, and can easily share student data with all 50 states, agencies, the federal government, and with the MANY companies (like Pearson, Google, Facebook, Microsoft, ) who use this data for marketing, development, research. This U.S. Dept. of Ed report states that "metadata is what drives a tool like a data dictionary." SLDS are aligned, shared Longitudinal Data Systems and are mandatory if states "won" Race to the Top (RTTT) grant money to adopt Common Core standards, via the Race to the Top, 4 assurances, which had to agree to.
"The competition required applicants to address four key areas: standards and assessments, teachers and leaders, data, and turning around low-performing schools."
The former Chief of the Federal RTTT program, Joanne Weiss, further explains how this education reform, which relies on data collection, was accomplished:.
"First, we forced alignment among the top three education leaders in each participating state—the governor, the chief state school officer, and the president of the state board of education—by requiring each of them to sign their state’s Race to the Top application. In doing so, they attested that their office fully supported the state’s reform proposal. -Joanne Weiss
EXPANDING SLDS DATA SHARING, LINKING DATA ACROSS STATES
Parents, your state likely applied for a recent federal SLDS grant to beef up its existing student data collecting, linking and sharing abilities. You can see the grant application here, paying attention to Section V, the Data Use purposes of the grant (what you must promise to do if your state "wins" the grant.) This grant will link and share Early Childhood (toddler) data, make all state databases more interoperable, and create a Multi-State Technology Collaborative for data exchanges and deliverables across states. "Winning" states were announced Sept. 17, 2015, and are posted here. Ask your state if they applied for this grant and ask them how they are encrypting and securing the data at rest and in transit; ask to see the data they collect and who has access to it. Other parents have asked to see their children's data and have been denied and even billed $10,000 to access data in their state's SLDS.
Parents CANNOT opt out of their state's SLDS, why is that?
Parents send their children to public school--yet, have no way to opt out of this preschool/birth through 20 profile that is being created and shared? Open-Data is a $3 TRILLION dollar per year industry. There are very powerful edtech groups and investors who spend millions lobbying for testing and data collection. Existing laws are either ignored, have either been weakened multiple times or don't cover student data. These edtech billionaires oppose data privacy and transparency legislation; concerned more about their bottom line than the future and safety of children, they are endorsing lesser protections and that continue to allow data mining and marketing of student data.
There is a misconception, promoted by those who use and want student data, that student data is "safe" and is only about grades or teddy bears. There is no transparency about the massive profile of (often identifiable) student data, stored in a cloud and shared widely, often with unknown security. They also say it is aggregated and anonymous or de-identified. however, data experts agree, with today's technology, it takes only a few data points to re-identify data. There is no such thing as anonymous data and it is important to think about security and encryption, as data breaches happen daily. This is especially important for student data, since "education is the most datamineable industry by far".
After seeing the many organizations collecting and sharing student data (pii, non-pii, meta data, etc) with the Federal government, and each state having an SLDS database, several multi-state data exchanges, increased interoperability, and aligning student data to CEDS for ability share across states and with agencies in the federal government, it makes you wonder if in fact we do already have a national database of student information.
This Arizona legislator, Mark Finchem, reminds us (scroll down to comments section) of the EXISTING law prohibiting the Federal government from having a national database on student information. He, along with many privacy advocates also question whether it is legal or ethical to collect and share a child's personally identifiable information (pii) without parental consent. As
Diane Ravitch, professor and former Assistant Secretary of U.S. Education points out, and also two former Counsels of the U.S. Department of Education Talbert and Eitel point out, the U.S. Dept of Ed is prohibited from directing local education.
The Electronic Privacy and Information Center (EPIC) sued the Education Department for changing FERPA without Congressional authorization, sadly the case ended on procedural grounds. The case was not reopened, but does beg the question as to whether the government has the right to take student data without parent consent. Additionally, this Congressional report shows that most parents aren't told, are not even aware that student data collection, sharing is happening.
Parents, here is one for you to remember. This "secret data" is in direct violation of
The Code of Fair Information Practices, FIPs, established in the United States, 1972.
The Code of Fair Information Practices is based on five principles:
There must be no personal data record-keeping systems whose very existence is secret.
There must be a way for a person to find out what information about the person is in a record and how it is used.
There must be a way for a person to prevent information about the person that was obtained for one purpose from being used or made available for other purposes without the person's consent.
There must be a way for a person to correct or amend a record of identifiable information about the person.
Any organization creating, maintaining, using, or disseminating records of identifiable personal data must assure the reliability of the data for their intended use and must take precautions to prevent misuses of the data.
CURRENT FEDERAL AND STATE LAWS ARE LACKING
There are three Federal laws meant to protect children's privacy: COPPA (protecting certain online activity for children under 13yrs), PPRA and FERPA but as pointed out in this Congressional hearing, these laws are outdated, weakened or often overlooked.
For instance, COPPA does not always cover classroom activity because government institutions are exempt from COPPA, as are non-profit institutions. (PARCC and SBAC assessments are non-profit institutions and as such, they are not protected by COPPA.)
FERPA has many loopholes, has no provisions for security, and has been weakened numerous times to allow sharing of private, personal information (see below about FERPA changes for a program called WICHE.) After these changes in 2008 and 2011, FERPA allows a student's Personally Identifiable Information (PII) to be shared outside of the school, across state lines, with vendors, with "researchers", for marketing, development and research purposes, without parental consent or notification.
There are currently 5 federal bills in Congress, addressing student data privacy and updating FERPA. You can see a comparison of these bills here. There is no guarantee if any of these bills will be passed into law and they will most assuredly be amended by the edtech lobby.
State legislatures have tried to address the lack of student data privacy regulation and oversight; there was a wave of student data privacy legislation in 2014. The majority of these state bills failed, meeting huge opposition by the well funded education technology (edtech), data collection industry. However, even more bills were introduced in 2015; 177 bills were introduced in 45 states dealing with student-data privacy and protection in 2015. That's up from 110 bills that were introduced in 36 states in 2014. Again, the majority of 2015 bills either failed to pass out-right, or were derailed by amendments from the K-12 technology industry.
Almost exact wording appeared in anti-privacy amendments introduced in Oregon and Maryland, Colorado, WA, GA, AZ and they all bear striking resemblance to this model legislation from ExcelinEd that:
allowed targeted advertising to students based on their internet usage and search patterns,
- allowed companies to use and retain student information,
- offered no transparency about what data points, what student information was collected
- placed all burden of data governance on schools rather than vendors
- See Electronic Frontiers Foundation Letter from National EFF opposing the edtech amendment
Rather than support strong, enforceable privacy legislation, many in the edtech / student data industry are now offering to police themselves, by signing onto a national SIIA pledge; this is 'the fox guarding the hen house.' This pledge is not enforceable, is merely a promise and offers no transparency, no way for parents to see what data is shared, no ability to track if data is shared or sold. Take note of industry giants like Pearson, and K12inc, and Amazon who have NOT signed even this weak privacy pledge.
WHERE IS THE DATA BEING GENERATED OR COLLECTED?
Most of the data about a child is being gathered at school-via multiple routes, including a large education related database (SLDS) in each state, online data tracking, a student's education record which can include medical information, surveys, and to a lesser extent, data is also shared via opting-in to the student directory /directory information. So, let's have a look.
STUDENT RECORD
To start with, one piece of the data puzzle is a student's education record, which can include student demographics, discipline records, grades and scores, IEPs, mental health, medical history. [Under FERPA, medical records (including counseling records) are generally considered to be education records. HIPPA does not protect a student's medical records. Medical records can be shared outside of the school without parent consent under FERPA.] Parents CAN opt out of directory information **which in today's cloud sharing world, is a smart move. **However, opting out of the directory will do NOTHING to stop data sharing from student records or much, MUCH larger data collection from SLDS and online data. Read on.
SLDS - STATEWIDE LONGITUDINAL DATA SYSTEM- IN EVERY STATE
SLDS-Statewide Longitudinal Data Systems: Every state has a Longitudinal Data System that collects and shares data (both pii and non pii, both academic and non-academic data) from schools. The SLDS is also called a P20 database (pre-K to 20 years of age) some are called P12, B-20(as in data tracking from birth). This site lists states that have received Federal SLDS grants (AL, WY, NM are not listed on this site). However, Alabama's Governor recently declared by executive order: "Alabama P-20W Longitudinal Data System is hereby created to match information about students from early learning through postsecondary education and into employment." Wyoming's P-20 Longitudinal Data System uses a data dictionary (Fusion) that includes information from birth. New Mexico's technology plan shows that NM moved their P-20 SLDS service to production status in 2014 and planned to expand in 2015. This site run by American Institutes of Research (AIR) tracks the status of the 50 state longitudinal databases, as does this site run by the Data Quality Campaign.
This U.S. Dept of Ed document interviewed state "Data Leaders" (Information Technology CEO's) from Colorado, Oregon Maine, Montana, and Washington. The report is helpful in showing how SLDS works as a business model, with power users of student data.
Each SLDS has a data dictionary filled with hundreds of common data elements so they can share student data from birth or pre-school through 20 years of age. This record of data, some of it, Personally Identifiable Information -pii (pii is information that can identity an individual either directly or indirectly through linkages with other information.), is stored in your state Department of Ed's SLDS database and can also be shared with any agency or person doing education related "research". Every SLDS uses the same coded data points, the goal is to align all the data elements with Federal CEDS, a joint effort by CCSSO and the State Higher Education Executive Officers (SHEEO) in partnership with the United States Department of Education, so the data systems are interoperable, and can easily share student data with all 50 states, agencies, the federal government, and with the MANY companies (like Pearson, Google, Facebook, Microsoft, ) who use this data for marketing, development, research. This U.S. Dept. of Ed report states that "metadata is what drives a tool like a data dictionary." SLDS are aligned, shared Longitudinal Data Systems and are mandatory if states "won" Race to the Top (RTTT) grant money to adopt Common Core standards, via the Race to the Top, 4 assurances, which had to agree to.
"The competition required applicants to address four key areas: standards and assessments, teachers and leaders, data, and turning around low-performing schools."
The former Chief of the Federal RTTT program, Joanne Weiss, further explains how this education reform, which relies on data collection, was accomplished:.
"First, we forced alignment among the top three education leaders in each participating state—the governor, the chief state school officer, and the president of the state board of education—by requiring each of them to sign their state’s Race to the Top application. In doing so, they attested that their office fully supported the state’s reform proposal. -Joanne Weiss
EXPANDING SLDS DATA SHARING, LINKING DATA ACROSS STATES
Parents, your state likely applied for a recent federal SLDS grant to beef up its existing student data collecting, linking and sharing abilities. You can see the grant application here, paying attention to Section V, the Data Use purposes of the grant (what you must promise to do if your state "wins" the grant.) This grant will link and share Early Childhood (toddler) data, make all state databases more interoperable, and create a Multi-State Technology Collaborative for data exchanges and deliverables across states. "Winning" states were announced Sept. 17, 2015, and are posted here. Ask your state if they applied for this grant and ask them how they are encrypting and securing the data at rest and in transit; ask to see the data they collect and who has access to it. Other parents have asked to see their children's data and have been denied and even billed $10,000 to access data in their state's SLDS.
Parents CANNOT opt out of their state's SLDS, why is that?
Parents send their children to public school--yet, have no way to opt out of this preschool/birth through 20 profile that is being created and shared? Open-Data is a $3 TRILLION dollar per year industry. There are very powerful edtech groups and investors who spend millions lobbying for testing and data collection. Existing laws are either ignored, have either been weakened multiple times or don't cover student data. These edtech billionaires oppose data privacy and transparency legislation; concerned more about their bottom line than the future and safety of children, they are endorsing lesser protections and that continue to allow data mining and marketing of student data.
There is a misconception, promoted by those who use and want student data, that student data is "safe" and is only about grades or teddy bears. There is no transparency about the massive profile of (often identifiable) student data, stored in a cloud and shared widely, often with unknown security. They also say it is aggregated and anonymous or de-identified. however, data experts agree, with today's technology, it takes only a few data points to re-identify data. There is no such thing as anonymous data and it is important to think about security and encryption, as data breaches happen daily. This is especially important for student data, since "education is the most datamineable industry by far".
QUESTIONING TECHNOLOGY IN THE CLASSROOM
In this push for data driven instruction and personalized learning, it is interesting and important that a recent study by OECD found that technology use in the classroom does not improve pupil results:
"One of the most disappointing findings of the report is that the socio-economic divide between students is not narrowed by technology, perhaps even amplified," said Mr Schleicher.
If technology isn't leading to more learning, WHY then are we allowing technology to reach into our classrooms and our students’ private lives, without informing parents of the privacy and security risks? Privacy experts agree, Student Data Collection Is Out of Control. Personal information about your child is being shared with strangers. With an emphasis on data driven instruction, and personalized learning (gathering data algorithms about your child) and increased use of computerized curriculum, surveys, and competency based, data-collecting embedded assignments and tests, data from state (and RTTT) mandated tests, we are Grooming Students for a Lifetime of Surveillance. Information like your mailing address, child's name, child's height and weight, parent's name, even your pet's name can be in this shareable profile. But it gets creepier, much creepier. Your toddler's emotional traits, her personality, even toileting behavior are being measured against emotional standards in every state, and shared. His developmental history--since birth-- how fast she can read or write, WHAT she writes about or how often your child gets in trouble for talking at school, what your child eats at home or at school-- is collected, stored in a cloud and can all be added together to create a massive personal and predictive cloud of data that will follow your child from birth to grave.
Remember, it only takes a few data points to re-identify someone; think about all the millions of data points collected and stored on each child, from preschool (or birth) through age 20.
DOWNLOADING APPS AND THE PRIVACY "CONTRACTS"
As this NYT article reports, companies are now marketing new data collecting classroom Apps, "directly to teachers. But the new digital tools have also left school district technology directors scrambling to keep track of which companies are collecting students’ information — and how they are using it."
"A teacher can sign up for anything, without the knowledge of anyone else in the district. Already, some districts have experienced data breaches with software they purchased from vendors; in a few cases, student records have been publicly posted on the Internet. And online security researchers have discovered weaknesses in a couple of dozen popular digital learning services. Some legal scholars contend that the practice of signing up teachers directly — rather than their school districts — skirts federal privacy laws.
These concerns are likely to widen as education technology proliferates. Last year, the market for educational software aimed at prekindergarten through 12th-grade students amounted to nearly $8.4 billion, up from $7.5 billion in 2010, according to the Software and Information Industry Association, a trade group." - Before downloading that app, READ about Privacy Pitfalls as Education Apps Spread Haphazardly
In this push for data driven instruction and personalized learning, it is interesting and important that a recent study by OECD found that technology use in the classroom does not improve pupil results:
"One of the most disappointing findings of the report is that the socio-economic divide between students is not narrowed by technology, perhaps even amplified," said Mr Schleicher.
If technology isn't leading to more learning, WHY then are we allowing technology to reach into our classrooms and our students’ private lives, without informing parents of the privacy and security risks? Privacy experts agree, Student Data Collection Is Out of Control. Personal information about your child is being shared with strangers. With an emphasis on data driven instruction, and personalized learning (gathering data algorithms about your child) and increased use of computerized curriculum, surveys, and competency based, data-collecting embedded assignments and tests, data from state (and RTTT) mandated tests, we are Grooming Students for a Lifetime of Surveillance. Information like your mailing address, child's name, child's height and weight, parent's name, even your pet's name can be in this shareable profile. But it gets creepier, much creepier. Your toddler's emotional traits, her personality, even toileting behavior are being measured against emotional standards in every state, and shared. His developmental history--since birth-- how fast she can read or write, WHAT she writes about or how often your child gets in trouble for talking at school, what your child eats at home or at school-- is collected, stored in a cloud and can all be added together to create a massive personal and predictive cloud of data that will follow your child from birth to grave.
Remember, it only takes a few data points to re-identify someone; think about all the millions of data points collected and stored on each child, from preschool (or birth) through age 20.
DOWNLOADING APPS AND THE PRIVACY "CONTRACTS"
As this NYT article reports, companies are now marketing new data collecting classroom Apps, "directly to teachers. But the new digital tools have also left school district technology directors scrambling to keep track of which companies are collecting students’ information — and how they are using it."
"A teacher can sign up for anything, without the knowledge of anyone else in the district. Already, some districts have experienced data breaches with software they purchased from vendors; in a few cases, student records have been publicly posted on the Internet. And online security researchers have discovered weaknesses in a couple of dozen popular digital learning services. Some legal scholars contend that the practice of signing up teachers directly — rather than their school districts — skirts federal privacy laws.
These concerns are likely to widen as education technology proliferates. Last year, the market for educational software aimed at prekindergarten through 12th-grade students amounted to nearly $8.4 billion, up from $7.5 billion in 2010, according to the Software and Information Industry Association, a trade group." - Before downloading that app, READ about Privacy Pitfalls as Education Apps Spread Haphazardly
Click here to enlarge the wheel image and look at the outside of this wheel to see what permissions these popular Apps allow. credit ShareLab
APPS collect data. Are you aware of the permissions allowed by downloading apps? See above for a few popular apps and how they are able to access your microphone, recorder, camera and remotely dial your phone. Of course, all this data can be shared and marketed. Interesting and concerning that Apps are being promoted in the classroom, as seen in EdSurge's recent newsletter and website, AppsList, AppAdvice and 'Apps Gone Free'.
MILLIONS OF DATA PER DAY, PER CHILD
This video of Jose Ferreira, CEO of the classroom technology company Knewton, explains how they know what a student ate for breakfast because they can get "five to ten million actionable data per student per day. Now we do that because we get people, if you can believe it, to tag every single sentence of their content." "We literally know everything about what you know and how you learn best, everything because we have five orders of magnitude and more data about you than Google has. We literally have more data about our students than any company has about anybody else about anything, and it's not even close."
Knewton and other companies are able to collect data anytime a child goes online, connects to the internet. Computer software captures MetaData and programs can be written to track your activity (sort of like internet cookies that track what you have searched for, the algorithms can link different clouds of data together by scanning or "scraping" the web.); these computer algorithms can track how fast you type, facial expression, your eye movements, identify your mood through keystrokes, can measure how focused you are, how long you spend reading a word or phrase, what you type, what you search for today, and tie it all in with what you did on previous visits, on previous programs.
Student data is like a predictive diary of sorts that can be scanned by future employers, colleges, insurance providers, banks, creditors to help them choose to hire, admit, accept your application--or not. Our U.S. Secretary of Education takes it step further, Arne Duncan says,
"We should be able to look every second grader in the eye and say, ‘You’re on track, you’re going to be able to go to a good college, or you’re not,"
DOES BIG DATA WORK, IS IT ACCURATE?
There is no proof that this big data experiment will work. Is the data being collected, calculated accurate? This Harvard review warns of the hidden bias in big data. Can big data truly predict a child's success? Are you willing to test that experiment predicting your child's future?
WHAT CAN YOU DO? DO SOMETHING! SPEAK UP, ASK QUESTIONS, SHARE!
We need legislation to embrace these basic principles of student privacy, transparency and security. Ask your legislator to support TRUE data privacy and transparency legislation, to protect children, not legislation geared at protecting edtech vendors. Parents deserve to know the data points collected and shared on their children and they should be guaranteed that children's data is secure.
Law firms are starting to take notice and say that School Districts and Schools must address student data privacy and security: "The risk for liability is growing, whether based on lawsuits from parents who believe their student data has been improperly shared or breached or contractual disputes with vendors attempting to deflect blame when a breach or other misconduct involving student data occurs."
Ask your school what data is collected, how it is protected, encrypted and who it is shared with. Ask your school not to do business with edtech companies and Apps who won't agree to strong contracts that protect student privacy and minimize data, and instead partner with businesses who are protecting children's privacy.
It is time we protect children.
For more information, visit Student Privacy Matters
GLOSSARY
METADATA: "Metadata are structured information that describes, explains, locates, or otherwise makes it easier to retrieve, use, or manage an information resource... a robust metadata system improves the accuracy of data use and interpretation, as well as the efficiency of data access, transfer, and storage." This U.S. Dept. of Ed report states that "metadata is what drives a tool like a data dictionary" ... it is "a metadata model that links metadata items to existing data elements and data sets;"
DATA DICTIONARY: "is an agreed-upon set of clearly and consistently defined elements, definitions, and attributes—and is indispensable to any information system." Every state has a data dictionary in their SLDS database and are part of a multi-state data exchange. The defined data elements in the dictionary are called Common Education Data Standards (CEDS). The Federal Government has created over 1,500 individual CEDS, tagged in a standard way, so they are comparable and sharable across all computer systems, because there is an agreed upon code to tag each piece of data put into every data dictionary in the country.
Common Education Data Standards (CEDS): CEDS are tied to the Federal Learning Registry, in a joint data gathering project between the Department of Defense and the Department of Education. Many of the larger technology, software companies are also tied into the Learning Registry and share CEDS aligned data with the federal government. Over 120 edetch companies with access to our classrooms (Pearson, PARCC, SBAC, Microsoft, Questar, Air, Google) are also tied into the Learning Registry via IMS Global. See a list of IMS Global members here.
APIP: new technology from IMS and USDoE that allows all test content and results to be interoperable. The tests are all part of the same standardized coded data consortium, Assessment Interoperability, since 2013 (beta 2010)
APIP was paid for by U.S. Dept of Ed; APIP is created by, maintained by IMG Global (Part of CEDS project--defined data elements in SLDS dictionary are called Common Education Data Standards (CEDS). The Fed Govt has created over 1500 unique CED codes/ data tags.)
IMS Global delivers test data to Federal Learning Registry,
Learning Registry is a joint student data gathering project between the Department of Defense and the Department of Education.
See IMS Global members here: http://www.imsglobal.org/membersandaffiliates.html
(Pearson, PARCC, AIR, SBAC, Questar, DRC ...126 partners so far)
Feb 2013: IMS announces APIP, a standard for the digital interchange of assessment content and results. IMS has been collaborating with the Schools Interoperability Framework (SIF Association and the U.S. National Center for Education Statistics (NCES) to enable a mapping from the U.S. Common Education Data Standards (CEDS) to IMS APIP and to SIF. These mappings will be released in CEDS 3.0 (see https://ceds.ed.gov ) and IMS will be publishing additional materials to make the translation from CEDS to APIP easier for developers. http://www.imsglobal.org/pressreleases/pr130219a.html and APIP FAQs http://www.imsglobal.org/apip/apipfaqs.html
SLDS-Statewide Longitudinal Data Systems. Every state has an SLDS database that collects and shares data from schools. The SLDS is also called a P20 database (pre-K to 20 years of age) some are called P12, B-20(as in data tracking from birth). Each SLDS has a data dictionary filled with hundreds of common data elements so they can share student data from birth or pre-school through 20 years of age. Every SLDS uses the same coded data points, the goal is to align all the data elements with Federal CEDS, a joint effort by CCSSO and the State Higher Education Executive Officers (SHEEO) in partnership with the United States Department of Education, so the data systems are interoperable, and can easily share student data with all 50 states, agencies, the federal government, and with the MANY companies (like Pearson, Google, Facebook, Microsoft, ) who use this data for marketing, development, research. SLDS and aligned, shared data are mandatory if states "won" Race to the Top (RTTT) grant money to adopt Common Core standards, via the Race to the Top, 4 assurances, which had to be met before states could "win" back tax dollars. The Chief of the Federal RTTT program explains how this education reform, which relies on data collection, was accomplished:. "First, we forced alignment among the top three education leaders in each participating state—the governor, the chief state school officer, and the president of the state board of education—by requiring each of them to sign their state’s Race to the Top application. In doing so, they attested that their office fully supported the state’s reform proposal. "
APPS collect data. Are you aware of the permissions allowed by downloading apps? See above for a few popular apps and how they are able to access your microphone, recorder, camera and remotely dial your phone. Of course, all this data can be shared and marketed. Interesting and concerning that Apps are being promoted in the classroom, as seen in EdSurge's recent newsletter and website, AppsList, AppAdvice and 'Apps Gone Free'.
MILLIONS OF DATA PER DAY, PER CHILD
This video of Jose Ferreira, CEO of the classroom technology company Knewton, explains how they know what a student ate for breakfast because they can get "five to ten million actionable data per student per day. Now we do that because we get people, if you can believe it, to tag every single sentence of their content." "We literally know everything about what you know and how you learn best, everything because we have five orders of magnitude and more data about you than Google has. We literally have more data about our students than any company has about anybody else about anything, and it's not even close."
Knewton and other companies are able to collect data anytime a child goes online, connects to the internet. Computer software captures MetaData and programs can be written to track your activity (sort of like internet cookies that track what you have searched for, the algorithms can link different clouds of data together by scanning or "scraping" the web.); these computer algorithms can track how fast you type, facial expression, your eye movements, identify your mood through keystrokes, can measure how focused you are, how long you spend reading a word or phrase, what you type, what you search for today, and tie it all in with what you did on previous visits, on previous programs.
Student data is like a predictive diary of sorts that can be scanned by future employers, colleges, insurance providers, banks, creditors to help them choose to hire, admit, accept your application--or not. Our U.S. Secretary of Education takes it step further, Arne Duncan says,
"We should be able to look every second grader in the eye and say, ‘You’re on track, you’re going to be able to go to a good college, or you’re not,"
DOES BIG DATA WORK, IS IT ACCURATE?
There is no proof that this big data experiment will work. Is the data being collected, calculated accurate? This Harvard review warns of the hidden bias in big data. Can big data truly predict a child's success? Are you willing to test that experiment predicting your child's future?
WHAT CAN YOU DO? DO SOMETHING! SPEAK UP, ASK QUESTIONS, SHARE!
We need legislation to embrace these basic principles of student privacy, transparency and security. Ask your legislator to support TRUE data privacy and transparency legislation, to protect children, not legislation geared at protecting edtech vendors. Parents deserve to know the data points collected and shared on their children and they should be guaranteed that children's data is secure.
Law firms are starting to take notice and say that School Districts and Schools must address student data privacy and security: "The risk for liability is growing, whether based on lawsuits from parents who believe their student data has been improperly shared or breached or contractual disputes with vendors attempting to deflect blame when a breach or other misconduct involving student data occurs."
Ask your school what data is collected, how it is protected, encrypted and who it is shared with. Ask your school not to do business with edtech companies and Apps who won't agree to strong contracts that protect student privacy and minimize data, and instead partner with businesses who are protecting children's privacy.
It is time we protect children.
For more information, visit Student Privacy Matters
GLOSSARY
METADATA: "Metadata are structured information that describes, explains, locates, or otherwise makes it easier to retrieve, use, or manage an information resource... a robust metadata system improves the accuracy of data use and interpretation, as well as the efficiency of data access, transfer, and storage." This U.S. Dept. of Ed report states that "metadata is what drives a tool like a data dictionary" ... it is "a metadata model that links metadata items to existing data elements and data sets;"
DATA DICTIONARY: "is an agreed-upon set of clearly and consistently defined elements, definitions, and attributes—and is indispensable to any information system." Every state has a data dictionary in their SLDS database and are part of a multi-state data exchange. The defined data elements in the dictionary are called Common Education Data Standards (CEDS). The Federal Government has created over 1,500 individual CEDS, tagged in a standard way, so they are comparable and sharable across all computer systems, because there is an agreed upon code to tag each piece of data put into every data dictionary in the country.
Common Education Data Standards (CEDS): CEDS are tied to the Federal Learning Registry, in a joint data gathering project between the Department of Defense and the Department of Education. Many of the larger technology, software companies are also tied into the Learning Registry and share CEDS aligned data with the federal government. Over 120 edetch companies with access to our classrooms (Pearson, PARCC, SBAC, Microsoft, Questar, Air, Google) are also tied into the Learning Registry via IMS Global. See a list of IMS Global members here.
APIP: new technology from IMS and USDoE that allows all test content and results to be interoperable. The tests are all part of the same standardized coded data consortium, Assessment Interoperability, since 2013 (beta 2010)
APIP was paid for by U.S. Dept of Ed; APIP is created by, maintained by IMG Global (Part of CEDS project--defined data elements in SLDS dictionary are called Common Education Data Standards (CEDS). The Fed Govt has created over 1500 unique CED codes/ data tags.)
IMS Global delivers test data to Federal Learning Registry,
Learning Registry is a joint student data gathering project between the Department of Defense and the Department of Education.
See IMS Global members here: http://www.imsglobal.org/membersandaffiliates.html
(Pearson, PARCC, AIR, SBAC, Questar, DRC ...126 partners so far)
Feb 2013: IMS announces APIP, a standard for the digital interchange of assessment content and results. IMS has been collaborating with the Schools Interoperability Framework (SIF Association and the U.S. National Center for Education Statistics (NCES) to enable a mapping from the U.S. Common Education Data Standards (CEDS) to IMS APIP and to SIF. These mappings will be released in CEDS 3.0 (see https://ceds.ed.gov ) and IMS will be publishing additional materials to make the translation from CEDS to APIP easier for developers. http://www.imsglobal.org/pressreleases/pr130219a.html and APIP FAQs http://www.imsglobal.org/apip/apipfaqs.html
SLDS-Statewide Longitudinal Data Systems. Every state has an SLDS database that collects and shares data from schools. The SLDS is also called a P20 database (pre-K to 20 years of age) some are called P12, B-20(as in data tracking from birth). Each SLDS has a data dictionary filled with hundreds of common data elements so they can share student data from birth or pre-school through 20 years of age. Every SLDS uses the same coded data points, the goal is to align all the data elements with Federal CEDS, a joint effort by CCSSO and the State Higher Education Executive Officers (SHEEO) in partnership with the United States Department of Education, so the data systems are interoperable, and can easily share student data with all 50 states, agencies, the federal government, and with the MANY companies (like Pearson, Google, Facebook, Microsoft, ) who use this data for marketing, development, research. SLDS and aligned, shared data are mandatory if states "won" Race to the Top (RTTT) grant money to adopt Common Core standards, via the Race to the Top, 4 assurances, which had to be met before states could "win" back tax dollars. The Chief of the Federal RTTT program explains how this education reform, which relies on data collection, was accomplished:. "First, we forced alignment among the top three education leaders in each participating state—the governor, the chief state school officer, and the president of the state board of education—by requiring each of them to sign their state’s Race to the Top application. In doing so, they attested that their office fully supported the state’s reform proposal. "