Was Angelina Jolie Elected To Hillsborough County School Board?

weird search results hcps0

A Hillsborough County Public Schools (HCPS) website posted a picture of Jolie as one of its school board members!  Maybe we can get an autograph if we attend a school board meeting!

Is this a joke? Was the website hacked?

This HCPS website was discovered by a citizen who performed an internet search for a list of current Hillsborough County School Board members and found Jolie gazing back.

Below is just one example (of many) where a search engine query returns a link to the HCPS staging website:

hcsb yahoo search result

This staging website for HCPS has clearly been indexed with search engines.  A staging website is a test environment that is not supposed to be public facing (published live on the internet) and if configured properly will not be indexed by search engines.  HCPS has nearly a $3B budget and does not appear to manage its website professionally.

How does the IT department have the time to play what has the appearance of a discourteous prank on a school board member?

The apparent ineptitude (the indexed live staging website) and lack of professionalism (posting a photo of Jolie for Dr. Hahn) is disappointing and it raises an important question.  The district IT department is responsible for managing seriously personal data about children, families, and personnel.  The school district is enabled by the Family Educational Rights and Privacy Act (FERPA) to make decisions about who they share that personal (and protected) information with – third parties like Edsby, Clever, i-Ready, etc.  School districts are enabled to do this without parental consent under FERPA (given certain requirements are met).  The question is: are those requirements actually being met by the school district and each third party (how would any parent know), and is it enough to protect the personal student data?

Students and parents are forced to trust that the district knows how to ensure and validate data is properly protected.  How do parents trust a school district that reportedly waited a year to tell parents that drinking water was contaminated with lead?

Examples like this website mess are concerning because of the picture it paints about the school district’s attention to detail and professionalism.  How well does the school district understand the complex world of information security and best practices for protecting student data (like prohibiting PII re-identification)?  The district is responsible for signing agreements with third parties that dictate what student data is shared and how the data is to be protected.

Managing a budget of nearly $3B of other people’s money (taxpayer money) is one thing – it is just money.  Managing and protecting (from harm and misuse) a child’s very personal information, that is collected and shared without consent, is an entirely different and complex matter dealing with your identity, safety, and privacy – and that data is something you can likely never delete or hide if it is revealed and propagated.

Posted in Hillsborough School Board, Hillsborough Schools, PII, Uncategorized | Leave a comment

Teachers, Parents, Countrymen: How Much of Your Personal Data Does the School District Share?

I wondered how much data Hillsborough County Public Schools (HCPS) shares. What I found was the below excerpt in an agreement that HCPS has with a third party. The document was obtained through a public records request.

AptirisExcerptHCPShighlight

“Recipient” is a third party software services company. The above paragraph seems to provide no limitations on what could be disclosed from personnel records.

What about student records? The agreement seems to contradict itself.  It says: “No other personally identifiable student information [PII] will be disclosed to Recipient.” But it also says disclosure is “not limited to” the confidential student information it lists.  “No other” of an unlimited list is still unlimited.

We can safely assume the vendor stores more student information than what is itemized in that list; for example: teacher name.  The U.S. Department of Education’s Privacy Technical Assistance Center (PTAC) explains in a 2013 document that student PII can include:

“…sensitive and non-sensitive information that, alone or combined with other information that is linked or linkable to a specific individual, would allow identification.”

Given that, it seems likely that teacher name is also personally identifiable student information (and parent name, parent phone number, etc.)

The school district has not provided any way for parents to opt their children out of data collection and aggregation products or services, and has refused to allow parents to opt out children when requested.

Hillsborough County School District must reconsider its agreement that allows a 3rd party’s bi-directional tool from having direct access to the school district’s system of record, especially if independent security experts have not inspected and validated the security and activities of that bi-directional tool.  This bi-directional tool seems to be described in a 2014 EdSurge article as a company secret.

If hackers or other malicious actors access a tool through potential vulnerabilities, they can continue probing for more software vulnerabilities and potentially gain access to even more data.  Should a bi-directional tool from an out of country vendor have access to “take data” from and write data to a U.S. school district’s system of record?  How secure is it?

Teachers, have you discussed this with your union?

Parents, ask the district exactly what specific data this bi-directional tool can access once in the district’s system(s) of record.  If this tool contains security vulnerabilities, then how secure is student data in the various systems of record against bad actors?  Is the privacy of your child’s sensitive information protected now, what about 15 years from now?

Posted in Data Privacy, Hillsborough Schools, PII, Uncategorized | Leave a comment

Who Has Your Kid’s Data?

Below is a story written by a mom in central Florida about an under-reported and growing problem in public schools.  She is sharing this story to bring attention to the lack of control parents have over protecting their children’s privacy in public schools, magnified by the rapid and seemingly uncontrolled deployment of education technologies (EdTech). 

Two years ago we discovered our Florida public school district had shared our family’s personal data with a third party private company based in another country.  We were shocked our school district had done this without our knowledge or consent.  The district refused to allow us to opt out and also emailed that they did not believe the third party private company would remove the student data in their application.

And so began a long journey that revealed the full extent of our public school system’s monopolistic and self-serving behavior.  We became increasingly alarmed as we realized the school district:

  • Collects and shares personal and protected information on students, parents, and sometimes school personnel with for-profit third parties. At least one third party has a privacy policy that explicitly states they can transfer the information as an asset in a sale or merger.
  • Allows for-profit third parties to collect personal data on students.
  • Allows a for-profit private company based in another country to write to the school district’s system of record.
  • Creates student accounts with third party companies using easily hackable passwords and does not always tell parents the accounts exist.
  • Does not tell parents with whom these third parties share student data or whether the data is correct or if vendor software contains security vulnerabilities.
  • Has not been able to keep school district employees from posting what is apparently sensitive personal student information on social media and the internet.
  • Does not appear to monitor school app use for compliance with COPPA (a federal law).
  • Performs health screenings and records results without directly notifying parents.

We were not surprised to read the scary details in an FBI alert that recommended parents discuss with school districts the types of questions we have been asking.

When we formally insisted on a full accounting of data collected and shared on our children, our right under FERPA (another federal law), we were ignored.  We asked for this accounting of our student data repeatedly and eventually the school escalated our request to the district, involving the school district attorneys.  The unfortunate result of escalation was that our request was ignored and our children were forced, against their will and ours, onto yet another third party technology that collected even more data on our children.

I could get into the details of what has transpired and the poor behavior displayed by the school district but I will stop here and spare you dozens of pages of reading material and a year’s worth of research on the failures of school districts to protect or honor student and family privacy.

We were advised to go to the media or hire an attorney but we were also told an attorney might run us five figures.  We wondered: If the school district can hide behind unresponsive tax-payer funded lawyers—where are ours?

-A mom from central Florida

Posted in Data Privacy, PII, Public Schools, Social Media Privacy, Uncategorized | Leave a comment

Hillsborough County Schools: Why Are Buses Still Late?

back bus education school

This year reports of late buses began the first week of school: frustrated, upset, and expect late buses.  Now some parents are fed up with continued problems of late or no-show buses into the seventh week of school, according to an ABC Actions News report.

History tells us one reason Hillsborough County school buses are late is driver shortages, yet in 2017 school district leaders were discussing how bell times were causing late buses.

On August 30, 2018 Candace Aviles reported that Tanya Arja, HCPS spokesperson, explained the district needed more drivers and was also trying to increase their pool of substitute drivers; that a driver shortage “could be adding to [bus] delays…”

On February 22, 2016 Sarah Rosario reported on late buses and Tanya Arja explained when drivers are on extended leave or call out sick and there are not enough drivers, then buses can be late.

In 2013, Danielle Hauser, Tampa Bay Times, reported what she was told about late buses:

A woman explained to me that they were short 10 bus drivers in our area, and until they could hire those drivers, some buses would do double runs.

Nothing seems to be different except bell times–buses have continued to be late or missing. Why isn’t the district reporting weekly late bus statistics compared to last year; is it better, the same, or worse?

CitizensLighthouse questioned the validity of changing bell times to fix late buses in April 2017, noting the causes for late buses summarized by Gibson Consulting Group did not appear to be fixed.  Are those problems fixed?  

Gibson Consulting Group (Gibson) made six recommendations “to achieve cost savings in Transportation” in their 2016 audit.  One of those six recommendations was “Increasing the staggering of bell schedules”.

Gibson Consulting Group (Gibson) also explains how changing bell schedules “to allow at least one hour between bell times” will cut costs:

…the Transportation Department could schedule more bus drivers and buses for three tiers [one driver serving three schools during the day], reducing the total number of bus drivers and buses required.  (145)

Then Gibson quantifies savings in bus drivers and attendants for staggering bell times, estimating savings of $2.7M annually (146).

While this could reduce the gap between the number of drivers needed and the number they have, the school district was still short drivers as of August 30.  Did changing bell times solve that problem?

According to Cindy Stewart, increasing the time between bells (elapsed time) is also a recommendation by the Council of the Great City Schools (CGCS), a national organization.  Their tagline is The Nation’s Voice for Urban Education.  Where is the report from CGCS that explains the reasons for that recommendation?

Susan Valdes, also on the Hillsborough County School Board, is listed as a 2017-2018 CGCS Executive Committee Member.

Cindy Stewart seemed to turn to CGCS in the School Board meeting on April 25, 2017 (time marker 2:16:47) before voting to approve the change in bell times:

I don’t believe the Gibson Report, Ms. Snively, is the first time that we’ve heard this…Council of Great City Schools brought this to us…the School Transportation Improvement plan had it in there as well…we will still have 10,000+ students late, next year [2017-2018], every day…

The problem with that statement is the Gibson Report recommended bell changes to cut costs.  Did some school board and district leaders conflate cost issues with late bus issues when this decision was made?  Melissa Snively was the only vote against changing bell times at this meeting.

Cindy Stewart also stated at that meeting “…bell times is not a transportation conversation.  This is an administrative conversation…”  

Bell schedule optimization is an operations problem because of its intimate relationship with bus routing.  In operations research these are commonly known as routing and scheduling problems.

When the district turns to state or national organizations (CGCS) for answers, the first question should be: Why can’t our staff solve the problem?

Has the bus driver absentee rate of 10% that Chris Farkas referenced in the April 25, 2017 board meeting been reduced?  How many students does that absenteeism rate impact if the district is still short both drivers and substitutes?

In April 2017 Superintendent Eakins posted a video implying the late bus problem was because certain bell times were too close together, referencing that we lack the standard number of minutes for drop-off and pick-up.

Eakins stated “across the State of Florida the standard is at least 55-75 minutes between bell times…”.  While some districts have instituted this hour-long (55-75 minute) elapsed time recommendation, not all districts have adopted this standard.

One size does not fit all.  We need winning solutions for getting students safely to and from school on time, and at a reasonable hour.

When the school district makes a change impacting all of its customers (change in bell schedule) they should provide the reports and statistics regarding the outcome of the communicated purpose. The purpose for the bell time change stated by Eakins: “At the heart of this decision is the need to secure appropriate instructional minutes for all our students”.  The concern is that students lose instructional minutes when buses are late.  Did the district establish a measurable target when they implemented this change? What are the results and have they met their stated goal?

Posted in HCPS Bell Schedules, Hillsborough School Board, Hillsborough Schools, Uncategorized

FBI Alert Encourages Increased Awareness of Student Data Collection and Cybersecurity Risks: Hillsborough Schools – Let’s Talk About It

StudentDataPrivacy

On September 13, 2018 the FBI released a public service announcement (PSA) and noted:

US school systems’ rapid growth of education technologies (EdTech) and widespread collection of student data could have privacy and safety implications if compromised or exploited.

The FBI lists the personal data that is at risk from data collection—and it isn’t just grades (it can include “…behavioral, disciplinary, and medical information…”).  They then provide several examples of actual malicious events and explain how the data was used:

…in late 2017, cyber actors exploited school information technology (IT) systems by hacking into multiple school district servers across the United States. They accessed student contact information, education plans, homework assignments, medical records, and counselor reports, and then used that information to contact, extort, and threaten students with physical violence and release of their personal information. The actors sent text messages to parents and local law enforcement, publicized students’ private information, posted student PII on social media, and stated how the release of such information could help child predators identify new targets.

In another example the FBI states “Cybersecurity issues were discovered in 2017 for two large EdTech companies, resulting in public access to millions of students’ data.”  One company “…suffered a breach and student data was posted for sale on the Dark Web.

Please read the PSA in its entirety, every parent should be made aware of this important information.  The FBI provides a list of recommendations for parents and families in the alert.

Aside from what was included in this alert, the data breaches and privacy concerns continue into 2018, here are two more events:

In March 2018 Politico reported a data breach at Florida Virtual Schools.  This breach was discussed in a post in which I also presented issues regarding how a third party obtained preschooler data to market a product.  Another question posed in that post was:  What independent studies exist that show data collection efforts are providing a statistically significant improvement in education outcomes?

Then there is this Google G-Suite (for education) privacy concern, posted by Missouri Education Watchdog.  This apparent invasion of privacy is very alarming.  In this post Cheri Kiesecker explains that:

School-issued student Google accounts connect to Google Drive which can allow for the ability to Auto-Sync devices to Auto-Save passwords, browsing history and other digital data points from numerous devices used by a single user…this could include digital data from non-school related accounts.

In our own district, Hillsborough County Public Schools collects student data in a variety of ways including: Continue reading

Posted in Data Privacy, Hillsborough Schools, PII, Social Media Privacy, Uncategorized

Hillsborough Schools Operational Problems Running Rampant

A new Tampa Bay Times article has shocking revelations about the state of our public school facilities.  The article summarizes the conditions and repercussions that failing AC units have had on students, classrooms, food, technology, instruments, and even band uniforms.

Could anyone have imagined the AC problems at Hillsborough Schools ran this deep?  Is this an extension of what appears to be operational mismanagement of district transportation?

What happened to school district reserves, routine maintenance, busing service, and safe drinking water? It is mind-boggling.  Did operations leaders see this coming?  Is school district leadership incompetent?  Why has facilities maintenance become backlogged so severely over the years (“nearly $1 billion” in deferred maintenance) when money was being spent reprehensibly?

Over $180 million of our district reserves was gone in 2015, triggering a potential downgrade with ratings agencies.  Bond ratings are like a credit score for the district.  When a downgrade occurs borrowing becomes more difficult and the cost to borrow can increase – meaning more interest expense.  Most of that $180 million was reportedly spent on the failed Gates-backed Empowering Effective Teachers (EET) project. Former district superintendent Elia was fired by the Hillsborough County School Board, but the school board should have known how and where money was spent: month over month, year over year, and actuals to budget on a monthly basis.   Now the school district wants to tax us after showing us their poor money management skills.

That is a lot of money reportedly wasted on the failed Gates Foundation project.  That money would have better served children by repairing and maintaining facilities.  Instead, the district pandered to the Gates Foundation’s latest education fad.  What is next?  Is Social Emotional Learning (SEL) a similar fad?

Questions about SEL spending have gone unanswered.  CitizensLighthouse questioned SEL spending in these tweets: materials and trainingdistrict time, and funding.  Many articles have been written criticizing SEL.

How much money is wasted on non-vital programs when this is the state of our facilities?  As usual, there is no response to questions on twitter.

CitizensLighthouse also asked if certain accounting problems reported in Gibson Consulting Group’s 2016 Operational Efficiency Audit have been fixed – there was no response.

Gibson summarized three problems with account codes in that audit: Continue reading

Posted in Hillsborough School Board, Hillsborough Schools, Uncategorized

HCPS Operations Keeps Missing the Bus

bus stop printed on asphalt road

Hillsborough County Public Schools (HCPS) issues are stacking up: lead in the drinking water, non-functioning air conditioners, mold in schools, radon testing, late buses, and a first grader dropped 20 miles from home.  Is this because the state is underfunding school maintenance, as has been suggested by Superintendent Eakins, or is it mismanagement?

Accountability needs to sit with those responsible – local school district leaders (i.e. the School Board and leaders in Hillsborough County School District).  Would you continue to employ anyone whose actions lacked expertise, professionalism, or transparency?  How well would your family physician perform duties if you only required the physician to have a degree in biology? Likewise, you don’t hire a physician to be your auto mechanic.

Was the lack of transparency that occurred when the district started testing for lead without notifying parents due to a lack of state funding?  Parents should have been notified as soon as lead testing began, and as soon as any lead was found, so parents could consult their pediatricians in a timely manner with concerns.  Telling parents what is going on does not require money.  HCPS Operations seems to be in damage control mode.

In 2014 Chris Farkas was selected as the Chief of Facilities, heading the transportation, maintenance, custodian, and facilities departments.  The position was renamed Chief Operating Officer in 2015.  According to the Tampa Tribune, this position paid $137,248.  The operations department should be responsible for fixing transportation, a/c problems, mold remediation, and lead and radon testing.

An expensive audit in 2016 by Gibson Consulting Group (Gibson) identified a lack of credentials required for certain jobs in the school district.  The report noted that “operational leadership positions” needed upgraded job descriptions and that operational job descriptions were “generic” and lacked “technical requirements”.

In my opinion operational leadership positions (especially when logistics related) call for a degree in Operations Research, Industrial Engineering, or Industrial Management; an MBA would be an additional plus for this type of position.

What qualifications did the Chief of Facilities have in 2014? In 2014 the Tampa Tribune reported Chris Farkas has a “…secondary education bachelor’s degree in comprehensive social sciences. He has a master’s degree in educational leadership from National Louis University.”  Educational Leadership is also HCPS’s preferred degree for the General Manager, Transportation position—which is not a technical degree.  That job description specifies its preferred certification: “Certifications in appropriate technical field preferred” – which is not the name of any certification.  Can anyone in the HCPS Operations Department discuss queuing theory, game theory, or develop linear programming models?

In 2017 the district said they needed to change school start and release times to increase the time between bells (elapsed time), because that elapsed time was the root cause for late buses.  Where is the data-driven evidence to support that root cause?  Several other known and documented causes for late buses were identified in Gibson’s audit.  The district decided to go with a one-size-fits-all (standard) recommendation for all urban school districts (that does not consider local traffic patterns or area needs).  What happened to the clearly identified problems causing late buses—were they rectified?

While HCPS was deciding on new bell times in 2017, MIT’s Operations Research Center won a challenge to provide solutions to the busing and bell time problems at Boston Public Schools.  If this is a challenge for operations research (OR) experts, how should anyone expect leader(s) who apparently do not have a degree related to this field to solve or even fully understand the problem and effectively communicate the problem with the public?  If this is the scope of the problem in our district, then do we have OR expertise on staff?

A successful industry example on a larger scale is ORION, built by UPS.  According to UPS, it began a prototype in 2008 and didn’t launch until 2013, completing in 2016.  While student riders are not “packages”, the concept is similar; it is a classic optimization in operations research problem.  A case study by Business for Social Responsibility (BSR) explains who UPS had on their original team:

The development took place within the Operations Research and Advanced Analytics groups, starting with a small, diverse team: a PhD in operations research, an industrial engineer, a UPS business manager, and several software engineers. – BSR, March 2016

It is not coincidental that the composition of that UPS team reflects my recommendations for certain operational leadership positions.

Has the District Superintendent or Deputy Superintendent, Operations considered developing a partnership with the local INFORMS Chapter at USF or USF’s IMSE department?

If HCPS’s job description only requires an educational leadership degree, how should anyone expect the problem to be solved given the complexity?

The problem is not limited to late buses, fewer students being served can contribute to traffic problems and unsafe conditions, and the list of facilities concerns now includes a/c reliability, mold, lead, and radon.

In mid-2018 Chris Farkas was promoted to Deputy Superintendent, Operations, arguably the most important position in the school district.  The HCPS Operations Department now includes Transportation, Maintenance, Human Resources, Information Technology, Business Services, Growth Management and Planning, Student Nutrition, and Security and Emergency Management.

After rearranging school start times to fix late buses, are buses still late?  Check out one of Hillsborough School District’s tweets setting expectations for buses to be late up to 2.5 hours for two weeks; how is that acceptable?  Was this a poor solution that might not even work, placed on the backs of students and the families the district serves?

Are parents aware of the HCPS courtesy busing survey? How many buses are currently over-crowded? How many students have been picked-up or dropped-off late so far this year?  How much instructional time have students missed?  How many parents have been late to work because a bus was late picking-up?  Why aren’t bus statistics reported on the district website (transparency)?

The decisions that impact the success of student transportation and facilities conditions are impacted by the financial, business, and operational acumen of those managing district operations.  HCPS is the 8th largest school district in the nation. Its general fund exceeds $1.5 billion and the tentative budget recommended on August 1, 2018 exceeds $3 billion.  The qualifications of our leaders, responsible for managing the district operations for over 200,000 students, should be top-notch.

Remember—you don’t hire a physician to be your auto mechanic.  It is easier to blame money than to fix political, operational, and leadership problems.  It is time for a new approach to running the school district. Parents need to objectively study the issues, and rally together to hold the school district leaders accountable for their actions and decisions.

Posted in HCPS Bell Schedules, Hillsborough School Board, Hillsborough Schools, Uncategorized | 3 Comments