Microsoft published a blog on March 10 that reiterated its concern for how student data is handled, even as the company noted that gathering personal information from students is necessary to create personalized learning experiences, particularly using cloud-based tools. This intersection between technology and education is both complex and fraught — and likely will remain so for some time — but the language of the debate over how much tech to introduce in the classroom reflects a growing awareness of the potential problems, e.g., what kinds of technology to use, what regulation is needed, and how to ensure positive effects on students.
U.S. President Barack Obama begun 2015 by proposing the Student Data Privacy Act, which would prohibit companies from using data collected on students in the classroom for any purpose related to behavioral marketing. Tech giants like Google and Microsoft signed their names to a pledge to meet that goal, and Obama reinforced his intention to make student privacy a prominent piece of his legislative year during his State of the Union address in late January. Easier said than done, however.
While internet access is widely seen as a great boon for education, the major players involved differ as to what extent certain technologies should become part of the teaching process. Particularly when it comes to security. In February, following Obama’s call for legislators to update online safeguards for students, members of Congress studied how to make the 41-year-old Family Education Rights and Privacy Act (FERPA) more modern in terms of the collection and usage of education data. The aim here is to not bog down policy so that it stifles the proliferation of new technologies, but to enable tech to flourish in the classroom while adhering to federal law. Representative Marcia Fudge from Ohio, a member of the Subcommittee on Early Childhood, Elementary and Secondary Education, stated: “As we examine FERPA, we need to balance privacy and innovation … Congress must ensure student data is being used only for defined educational purposes and cannot be sold or used for private companies’ financial gain.”
Her words reflect the core debate among legislators: How should policymakers view the correlations between device permeation in the classroom, use of internet-based tools, privacy for students, and productive learning? Are there sufficient laws in place to prevent the online theft of minors’ confidential information? Does the growing prevalence of the cloud bolster education tools at the price of compromising student information?
In February, Joel Reidenberg, a Fordham University law professor, testified in a congressional hearing about the relationship between student data and the cloud. According to a study conducted by Reidenberg in 2013, as well as subsequent research, student data is being stored indefinitely and that cloud service agreements between schools and technology companies are not sufficient to ensure such data remains private.
Nonetheless, cloud technology is increasingly attractive to school systems, which can use it to relieve their servers of the burden of file storage and the use of some services. In early March, the Cal State Fullerton Department of Information Technology announced that it would provide each of its students with a Dropbox account in order to store files for free and off of the school’s servers, as well as to facilitate teacher-student file-sharing. This is but one example of how many U.S. school systems work directly with technology companies to integrate cloud-based services, despite infrastructural deficiencies that hinder comprehensive protection of students’ private information. In an op-ed published by Blouin News, Jean Camp, Director of the Security Informatics Program at Indiana University Bloomington, noted:
Lack of privacy and inability to secure our own digital properties makes not only adults but also children easier to target, surveil, and act against. Criminals will subvert others’ accounts, use botnets, and otherwise obtain anonymity. All the current surveillance and weakening of the infrastructure achieves is a weak infrastructure. This means greater vulnerability for us all, including the children who are suffering or at risk.
Indeed, it comes as no surprise that the government is lagging when it comes to regulating technologies that appear to surpass its understanding in terms of both usage and capability.
That said, there are a few silver linings. Camp notes that while technology is easily subverted, it can also be used to pinpoint exploitation; law enforcement and technologists can and should work together to identify criminal activity, particularly as it relates to online abuse of children. Furthermore, several companies are making strides towards adherence to certain cloud computing standards. In February, Microsoft revealed that it had adopted the first international cloud privacy standard developed by the International Organization for Standardization. While setting an important precedent, however, such steps are not enough.
As Camp puts it:
As automobiles (like information technologies) have become more powerful and complex, we have added safety and security measures. These include seatbelts, airbags, and anti-lock brakes as we understand that a safer infrastructure means a safer world. The same applies online. Security and privacy protect everyone, from teens who unwisely post on Snapchat to young people who can be caught up in webs of deceit. Many schools offer driver education classes. More schools should offer online safety classes.
Boosted by support from Washington, new rules on how schools and tech companies integrate cloud-based services into the classroom may be on the horizon. What is needed now is policy designed to both nurture technology while protecting its most vulnerable users.