Spying on Students: School-Issued Devices and Student
Privacy, April 13, 2017 | By Gennie Gebhart, by Frida Alim, Nate Cardozo, Gennie
Gebhart, Karen Gullo, and Amul Kalia, Download the report as a PDF.
EXECUTIVE
SUMMARY
Students and their families are
backed into a corner. As students across the United States are handed
school-issued laptops and signed up for educational cloud services, the way the
educational system treats the privacy of students is undergoing profound
changes—often without their parents’ notice or consent, and usually without a
real choice to opt out of privacy-invading technology.
Students are using technology in the
classroom at an unprecedented rate. One-third of all K-12 students in U.S.
schools use school-issued devices.1 Google
Chromebooks account for about half of those machines.2 Across
the U.S., more than 30 million students, teachers, and administrators use
Google’s G Suite for Education (formerly known as Google Apps for Education),
and that number is rapidly growing.3
Student laptops and educational
services are often available for a steeply reduced price, and are sometimes
even free. However, they come with real costs and unresolved ethical questions.4 Throughout
EFF’s investigation over the past two years, we have found that educational
technology services often collect far more information on kids than is
necessary and store this information indefinitely. This privacy-implicating
information goes beyond personally identifying information (PII) like name and
date of birth, and can include browsing history, search terms, location data,
contact lists, and behavioral information. Some programs upload this student
data to the cloud automatically and by default. All of this often happens
without the awareness or consent of students and their families.
In short, technology providers are
spying on students—and school districts, which often provide inadequate privacy
policies or no privacy policy at all, are unwittingly helping them do it.
Since 2015, EFF has been taking a
closer look at whether and how educational technology (or “ed tech”) companies
are protecting students’ privacy and their data. This paper presents what we
have observed and learned about student privacy in the course of our
investigation. We aim to more precisely define the problems and issues around
student privacy as they affect real students and their families, and to give
stakeholders—including parents, students, administrators, and teachers—concrete
steps they can take to advocate for student privacy in their own communities.
In Part 1, we report on
the results of a large-scale survey and interview study we conducted throughout
2016. In particular, we found that in an alarming number of cases, ed tech
suffered from:
·
Lack
of transparency. Schools issued devices to
students without their parents’ knowledge and consent. Parents were kept in the
dark about what apps their kids were required to use and what data was being
collected.
·
Investigative
burdens. With no notice or help from
schools, the investigative burden fell on parents and even students to
understand the privacy implications of the technology they were using.
·
Data
concerns. Parents had extensive concerns
about student data collection, retention, and sharing. We investigated the 152
ed tech services that survey respondents reported were in use in classrooms in
their community, and found that their privacy policies were lacking in
encryption, data retention, and data sharing policies.
·
Lack
of choice. Parents who sought to opt
their children out of device or software use faced many hurdles, particularly
those without the resources to provide their own alternatives.
·
Overreliance
on “privacy by policy.” School staff generally relied
on the privacy policies of ed tech companies to ensure student data protection.
Parents and students, on the other hand, wanted concrete evidence that student
data was protected in practice as well as in policy.
·
Need
for digital privacy training and education. Both
students and teachers voiced a desire for better training in privacy-conscious
technology use.
The data we collected on the
experiences, perceptions, and concerns of stakeholders across the country
highlights the need for ed tech companies to take seriously the privacy
concerns of students, parents, teachers, and administrators.
In Part 2, we provide in-depth
analysis of ed tech’s legal and policy framework in the U.S. State and federal
laws that are supposed to protect student privacy have not kept up with ed
tech’s rapid growth. We address:
·
Industry
self-regulation. The Student Privacy Pledge,
enforced by the FTC and voluntarily signed by ed tech companies, features
glaring loopholes in its definitions of what constitutes "student
information" and "educational service providers."
·
Federal
law. We provide legal analysis of
key federal laws the Family Educational Rights and Privacy Act (FERPA) and the
Children’s Online Privacy Protection Act (COPPA), highlighting major flaws in
each law—namely, FERPA’s “school official” loophole and questions about
parental consent in COPPA.
·
State
law. As states bring forward more
and more student privacy legislation, three have stood out: California,
Colorado, and Connecticut. We describe each state’s current legislation and the
ways in which they each take unique steps to protect student data, provide
resources to school districts, and rein in ed tech companies.
In Part 3, we turn our
analysis into a call for action and present our recommendations for: school
administrators, teachers, librarians, system administrators, parents, students,
and ed tech companies themselves.
Finally, we conclude by
bringing our survey reporting, legal analysis, and recommendations together to
briefly state the key problems and issues surrounding K-12 digital student
privacy in the U.S.
Want
to learn more about digital privacy? Readers
of this paper may be interested in digital privacy in general, not just in the
educational context. If so, check out EFF’s privacy work5 and our Surveillance
Self-Defense guide.6
For the entire report, see link
below:
Comments
We really
need internet content to preserve free speech and ensure that students have
access to factual sources. We could use a history curriculum that is fact based
rather than liberal propaganda-based. We need to know what our students are
being taught.
Norb
Leahy, Dunwoody GA Tea Party Leader
January 10, 2014 *500* Years of History Shows that Mass Spying Is Always Aimed at Crushing Dissent *It’s Never to Protect Us From Bad Guys*
ReplyDeleteNo matter which government conducts mass surveillance, they also do it to crush dissent, and then give a false rationale for why they’re doing it.
http://www.globalresearch.ca/500-years-of-history-shows-that-mass-spying-is-always-aimed-at-crushing-dissent/5364462