Surveillance and EdTech Tyranny

The public comments below were delivered at the Hillsborough County School Board Meeting on November 16, 2021:

Privacy is a human right and essential to freedom

Today you propose a $2.5M contract for a Camera and Access Control system.  These products are capable of contact tracing; identifying the infected child, their “zone”, contacts, and other unspecified personal data.  The company offers the artificial intelligence [AI] services facial and emotional recognition.  Whose data are they using to train their AI?  Is this going to be a repeat of the Polk County Schools 2013 iris scanning fiasco? That mess ushered in a new law prohibiting districts from biometric collection.

You approved a GPS Bus proposal that included 100,000 student RFID trackers. Our children are NOT your property to track.  That company advertises future uses of their RFIDs include behavioral intervention programs.

This district refused our opt out of lunchroom meal tracking even when we paid cash.  What is the compelling governmental interest you have in that data and how is it narrowly tailored?

Our experience: Once this district adopts tracking technologies like iReady, MyPaymentsPlus, Edsby, PlanetHS, Canvas it does NOT ALLOW opt outs.

This school district forces EdTech that tracks medical, dietary, psychological, and other personal data that is stored in the cloud. These are dossiers on children! China weaponizes data and systems like these. EdTech companies often share data with more vendors and partners; one privacy policy reveals they store data overseas.  Do U.S. laws apply overseas?

No one to my knowledge from this district has the permission or skill to critically inspect proprietary vendor software for compliance with law.

Student data collected can be transferred in a sale or merger.  Edmodo sold their EdTech platform to the Chinese Company NetDragon.  It seems there are NO laws governing this; it has been referred to as a national security problem.

Florida politicians are a decade late and counting on meaningful privacy legislation. 

Cathryn Moering
Hillsborough County School District Parent

Hillsborough County School Board Meeting Comments
November 16, 2021

Posted in Data Privacy, EdTech Tyranny, Hillsborough School Board, Hillsborough Schools, Uncategorized | Leave a comment

Hillsborough Schools Blocks Girls’ Shot at Basketball

child carrying a basketball

The public comments below were delivered at the Hillsborough County School Board Meeting on November 2, 2021:

Privacy is a human right and essential to freedom. BigTech snoops in your personal matters in ways you are unaware. But you are not helpless.  Tell the school district to stop collecting so much data on your kids.  Ask to see ALL the data. Forced data collection is EdTech Tyranny; we were unable to opt out.

My girls were kicked out of public school basketball because we refused to digitize and give their medical data to a for-profit private company with a privacy policy we could not agree to. We did provide all required paper work on paper.

School district lawyers advised our district leadership not to accept paper paperwork. One reason: “student safety”. Children are NOT safer with private data stored online; it risks a child’s data to hacking and sale on the dark web.  We said NO.  You should too.  It is EdTech tyranny.

Public schools are not cyber experts. They are low hanging fruit cybercriminals go after, it’s a well-known problem and it’s why the White House just directed a U.S. CyberSecurity Agency to study this problem in public schools.

In 2018 the FBI’s EdTech alert reported that hackers had extorted parents “and threatened students with physical violence and release of their personal information.” 

In 2019 a Canadian college student discovered through an appeals process that Canvas, the same Canvas our district uses that we pay for, had collected around 400 million data points on him alone.

Data is collected with every mouse movement or click on some EdTech platforms. Read privacy policies.  Question and research what they mean; words like licensing, partners, and “not 100% secure”.  How do you know it isn’t 0% secure? Data isn’t kind of breached; it is or it isn’t. [End of public comments; allocated time cut in half at School Board Meeting]

How do you verify data collected on your children is correct when you don’t know what data exists? Think what havoc incorrect data could play in college admissions or algorithms.

My public records request for district EdTech data dictionaries has gone unfulfilled for over a year. Florida’s Department of Education publishes their data dictionary why can’t the school district?

We pay companies to collect data on our children that could be researched, aggregated, and licensed then hidden from parents?!  You know who hid data: The Stasi; and China does it today. The more they digitize about you, the more they can manipulate, limit freedom, or destroy your life.

Canvas, Clever, Edsby, iReady, BrainPop, Flipgrid, Seesaw, Kahoot, Lunchroom software, Khan Academy: Do you trust the district to oversee the security and safety of all these apps and more?  Who investigates where the data goes, who they share it with, and how secure their systems are.  Every message sent, completed assignment, artwork, picture posted, question asked, medical record, book read, and SEL survey stored in the cloud; it is all data at risk.

Cathryn Moering
Hillsborough County School District Parent

HCSD Special Called Board Meeting Comments
November 2, 2021

Posted in Data Privacy, EdTech Tyranny, Hillsborough School Board, Hillsborough Schools, Uncategorized | Leave a comment

A War on Parents and a Waste of Taxpayer Dollars: Social Emotional Learning

woman placing her finger between her lips

Hillsborough County School Board (ahem: IMO law breakers!) recently approved spending $362,500 annually on Panorama Social Emotional Learning (SEL) surveys.  It was not spent on reading, writing, or arithmetic; it was spent on a contract with Panorama Education for SURVEYS asking our children about personal social and emotional stuff.  SEL sounds good, but it’s not.

In 2020 Hillsborough schools described the Panorama SEL Survey as a “New district-wide tool to gather data to support student SEL needs.” 1

What do they mean by “data”? How sensitive are those questions in the survey? Here’s a thought: the school district should publish the survey online!  But does the company allow that?

The State of Florida publishes their student risky behavior surveys because parents and citizens have a right to see its’ content.

In August this year the school district explained: “Panorama will provide educators with a research-backed survey, and actionable data reports to support each student’s SEL needs” (Aug 12, 2021 School Board Agenda Item Details).

Oh…they’ve used the words “research-backed”; does that make surveying children on personal and sensitive topics a legitimate activity?

  • Will the children have “SEL needs” if their survey answers don’t conform to a specific ideology?
  • Educators get actionable reports? What about the parents?
  • What do they mean by “actionable data report”? Could children be manipulated through the actions taken from an “actionable data report”?
  • What will Panorama do with all that sensitive data? Could it get hacked? Because, hey, what data isn’t getting hacked and sold on the dark web these days? With whom is aggregate data shared (please don’t leave out any “trusted” partners or researchers)?

The school district conveniently forgot to mention educators are not trained mental health professionals or psychologists, but survey results will beAvailable to all district leaders, schools, and teachers to explicitly teach SEL skills and embed SEL strategies with academics.”

It would be nice know the school district’s definition of “academics”.

Were parents told about the survey with enough time to opt out?  Parents should know their PPRA rights to be informed prior to administration of surveys that collect certain kinds of information on students.

Panorama describes its’ Student SEL Survey as follows2:

PanoramaSOW2

Wow, that is quite a survey and, yes, Panorama misspelled social as “socials”; unless Panorama means they survey how students feel about social media apps they use? 🤷‍♀️ Is Panorama measuring a child’s self-perception on nebulous topics encompassed by the words “social and emotional skills”? Are they assessing students on their self-confidence and emotional state? What does “more” mean?

Are we in the Matrix, where up is coded as down, and feelings and data gathering are the new education?  Who needs to learn that Soh Cah Toa are acronyms used to remember trigonometric formulas when children can have their “socials” measured, assessed, and addressed with actionable reports?

This seems like another contract funding a private company to make big bucks off our children.  Remember all those collected bits and bytes are like gold.  But, is it worse than what seems like prying private eyes and money money makin’?

The district leader named on the Panorama Service Order (dated July 2021) was Hillsborough County School District (HCSD) Czar: Chief of Climate and Culture.  Why is that a leadership role in our district when we have had serious problems with literacy?

Where is the study substantiating that $10 million on digital platforms like “I-Ready, Achieve3000 and SIPPS” are (statistically significantly) helping our students?  Who is really benefitting from the $10 million in taxpayer dollars spent on platforms owned by for-profit private companies while we face financial crisis after financial crisis?

A $3 billion+ budget is very big.  As children, some were taught that pennies make nickels, nickels make dimes, and dimes make dollars.  Does someone need to explain how it all adds up to our school district?

Has the climate and culture in that ugly upside-down pyramid building in downtown Tampa (HCSD headquarters) caused the district to stray so far from its’ core purpose that the school board thinks we need Attorney General Merrick Garland’s son-in-law’s “woke” Panorama Education Surveys?

SEL has been a growing problem in our district for many years and has flown under the radar.  For those that don’t know, SEL has been taught in the sixth grade elective rotational program.  Did your school tell you that?

Hillsborough Schools even had a couple of district employees working on an SEL paper published in 2018 by the Aspen Institute, a progressive institute.  The paper was authored by Hillsborough School’s “SEL Coordinator” and the school district’s Assistant Superintendent was one of the paper’s “distinguished educators” that contributed to its’ “Consensus Statements of Practice”.

In 2018, I asked many questions about this SEL paper, like if the district was allowing employees to “[take] direction from” the institute while on district (taxpayer) time: no answer.  But let’s get back to Panorama.

According to Forbes, AG Merrick Garland’s son-in-law is co-founder and president of Panorama Education and:

“…Panorama Education sells surveys to school districts across the country that focus on the local “social and emotion climate.” These surveys are then used as justification for new curriculum from other providers that some parents call critical race theory and find objectionable.” [emphasis added]

See how that works: money money makin’ leads to more money money makin’. So now we need to BUY surveys to the tune of $362,000 annually, no wonder we can’t find enough money to fix air conditioners.  What can the school district do without third party for profit companies doing it for them?

This is the Attorney General of the United States, AG Merrick Garland.  Was it a good idea to use a letter from the National School Board Association (NSBA) as the reason to send a not so subtle message to moms and dads (that we felt was a threat to watch our mouths) because the FBI was on the case?!

When did it become OK for a school district to programmatically nose itself into a student’s personal thoughts and feelings while attempting to silence parents who disagree?  The U.S. government has no business in local education.  Parents are NOT “domestic terrorists” for speaking up against poorly managed and out-of-control school districts with board members acting like dictators over their fiefdoms.

It appears that thanks to actions of the NSBA and AG Merrick Garland, we now have a teacher calling parents domestic terrorists.  And by the way, it’s too late to retract your statement or apologize because your message was received:

But why do Florida school districts have so much power? The home rule powers given to school districts might be the answer.  Local elections are very important and should not be overlooked.

Social and emotional learning (SEL) surveys have nothing to do with the job of public schools: teaching math, language arts, sciences, and U.S. history (check out the price on that book and compare to the prices on the books the district purchases).

Will the school district respond to a records request for a copy of the Panorama Survey? After all, they have refused for over a year to fulfill a request for data dictionaries on all the EdTech companies they use.  That is like asking for the list of all the stuff these companies can possibly collect on your kids.

Private for-profit companies should not be designing surveys that collect our children’s personal beliefs, thoughts, or feelings. Parents are being pushed aside like they don’t matter.

Can’t wait for a copy!

 

P.S. If that wasn’t enough to peruse here is some extra reading on school surveys in Florida:

Next we will find out they’ve been surveying our kids on risky (wink wink) habits, asking them about activities many would not think of doing. Oh no, turns out schools already do that too!

The latest survey is linked from the Florida Department of Health.  The questions cover sex, drugs, etc. It is pretty disgusting to give this to a child; is it possible that shoving nearly 90 questions about risky behavior in front of the innocent teens might make a child wonder: if they are asking these questions, then kids do this stuff, if kids do this stuff then am I different and should I try this stuff like my peers?  Here we are again, gotta get that data!  Next thing they’ll be asking to track your kids too!

Here is another Florida Department of Health linked 2019 risky behavior survey linked for middle schools, and another middle and high school survey called the Florida Youth Tobacco Survey (FYTS).

1 The Dec 15, 2020 School Board Meeting Attachment includes the following language:

“Panorama SEL Survey: New district-wide tool to gather data to support student SEL needs. Available to all district leaders, schools, and teachers to explicitly teach SEL skills and embed SEL strategies with academics.”

2 The August 12, 2021 School Board Meeting attached statement of work with Panorama.

Posted in Data Privacy, PII, Public Schools, Uncategorized | Leave a comment

A Florida Controversy over Intelligence-Led Policing or is it Childhood Social Credit Scoring?

A model is described where children are scored for having been a victim of emotional or physical abuse—a score that increases the chance they will be identified and targeted by deputies; twice victimized.

One Florida county has created its own version of Chinese Social Credit Scoring—a rating system for American children.  Florida government agencies collect data on children such as abuse histories, intelligence, grades, GPA, health information, attendance records, etc.  Then a local government agency uses its data in a scoring model to identify, target, and reportedly harass its young citizens.  

The Pasco County Florida Sheriff’s Office intelligence-led policing (ILP) manual explains how they identify youth at-risk of falling into a “life of crime”.  A model is described where children are scored for having been a victim of emotional or physical abuse—a score that increases the chance they will be identified and targeted by deputies; twice victimized.  This sounds eerily like the dystopian Chinese Social Credit Scoring (SCS) system.  

Who is in This Law Enforcement System?

Children who are not “at risk” appear to have their identity fed into a law-enforcement system.  The ILP manual states:

“…we take the active rosters for each school in the county and match each student with data from the schoolboard’s early warning system (EWS), our records management system (RMS), and DCF’s Florida Safe Families Network (FSFN). Students who are on-track across all categories are removed from the analysis” [emphasis added]

If a student is not at risk is their data still fed into a law-enforcement database, and then only removed from the analysis? Does the “on track” child’s identity remain in a law-enforcement system? Does this mean every child in that public school system has a profile with law enforcement? Continue reading

Posted in Uncategorized | Comments Off on A Florida Controversy over Intelligence-Led Policing or is it Childhood Social Credit Scoring?

FortifyFL: Florida’s Misguided Communist-Style Student Reporting Tool

In 2018 Florida passed legislation requiring the rollout of a reporting app called FortifyFL.  This software was developed by AppArmor, a Canadian company.  The app promotes communist-style snitching on your neighbor but in this case students on students.  In communist Cuba and the former East Germany (DDR), reporting on your neighbor for activities like “participating in opposition movements” was encouraged and used against citizens.  

There is no way to know how data submitted about your children in FortifyFL or other Education Technology (EdTech) apps at school will be put to use by BigTech or authorities now or in the future.  The data entered into student reporting apps can be very personal and private.  This app can record what someone else claims you said.  “Your” words are stored in an online system and disseminated, without you ever knowing. 

The possibilities stemming from the collection of data are abundant, as evidenced in this report about children being harassed in Pasco County, FL.  The Sheriff’s Office claimed “its program was designed to reduce bias in policing by using objective data”.  Was there a statistically significant reduction in bias? How was bias defined? Does harassment qualify as bias?

In a Spiegel International article from 2015, the un-neighborly reporting that occurred in East Germany is discussed:

“No matter where one shared information, the state would put it to use. The East German reporting system kept track of the country’s citizens from kindergarten, throughout their working lives and even into retirement…Files were even kept on schoolchildren: “Wears Western clothes,” “exhibits affinity for punk music,” “demonstrates pacifist attitudes.”, and

“…they were totally normal citizens of East Germany who betrayed others: neighbors reporting on neighbors, schoolchildren informing on classmates, university students passing along information on other students, managers spying on employees…”

The East German reporting system sounds eerily like a combination of FortifyFL and Florida’s integrated database that collects and stores student (and family) data from multiple sources.  Many EdTech products, like the Canvas software, aim to store student data from kindergarten through post-graduate education.  If that isn’t enough, then companies track their employees with monitoring and surveillance software. 

Where does this end—in an Orwellian state, a Stasi-like state?

The Spiegel International article explains that many East Germans who felt their lives had been “de-railed” later learned that documents from factories and universities revealed that “making an ill-considered comment at the student union” or even simply lacking certain viewpoints could lead to one’s removal from university.    

This kind of report on your neighbor’s activity can be subjective, and officials encouraging its use might mislead the public into believing they are contributing to the good of society.  Reporting unverified suspicions into systems that can permanently document your behaviors, actions, beliefs, or hasty statements can get out of hand; as evidenced by Continue reading

Posted in Data Privacy, PII, Public Schools, Social Media Privacy, Uncategorized | Comments Off on FortifyFL: Florida’s Misguided Communist-Style Student Reporting Tool

Congratulations Hillsborough Schools: Your Skills in Stonewalling Parents are Superb!

closeup photo of brown brick wall

My jaw dropped when I came across School Board Member Cindy Stuart’s comments from the July 30, 2019 Hillsborough County Public Schools (HCPS) board meeting.  Given what I know from years of research on student data security, her comment swirled around in the back of my thoughts for a few weeks after reading the meeting transcripts.  Then I remembered something that sent chills down my spine.  But before I mention that something here is a little background.

During that school board meeting, Cindy Stuart brought up the district’s mainframe computer in the midst of a brief discussion on data security and stated: “We were about to shut the whole thing down for the RNC”.  The assumption here is that there was a security problem in our own school district server that was problematic for the Republican National Committee (RNC).

The Republican National Convention was held in Tampa in 2012 when Ms. Stuart was running as a candidate for Hillsborough County School Board.  In 2016 the nation was in a tizzy over Russian interference in the U.S. elections.

Did Ms. Stuart mean the Republicans were concerned about the security of the school district server in 2012 or in 2016? Not sure, but she did sound concerned about the security of the mainframe (which presumably held significant amounts of personal student data) even though she does not provide details.  Why would the security of a school district server be relevant to the RNC? Confused? I’ll explain my thoughts.

The something that I remembered was an article about “Russian” Florida hacking that wasn’t actually by Russia.  The hacking came from Continue reading

Posted in Data Privacy, Hillsborough School Board, Hillsborough Schools, PII, Public Schools, Uncategorized | Comments Off on Congratulations Hillsborough Schools: Your Skills in Stonewalling Parents are Superb!

Who Holds Florida School Districts Accountable?

cyclone fence in shallow photography

How useful is it to put a lock on an open gate?

On May 12 Boca News Now reported that a second grader hacked Palm Beach County School District’s student password system.  This isn’t the first time a Florida school system has had problems with security.  In 2018 Florida Virtual Schools “left the door open”, resulting in a breach of sensitive student and teacher information.

How useful is it to put a lock on an open gate or leave a key hanging in a locked door?

I warned Florida’s Department of Education about password problems in 2018. What action was taken to protect our children? Below is an excerpt from the document I sent in 2018 to the Florida Department of Education (both Commissioner Stewart and Commissioner Corcoran later in 2019), the Governor’s office (under Governor Rick Scott), and Hillsborough County Public School’s (HCPS) Superintendent Eakins.  The excerpt includes concerns about security and authentication practices.  In the fifth point I expressed concerns that this “…means young children’s [personally identifiable information] PII stored by the district in these systems is vulnerable to hacking”.

DocumentExcerpt_redactedThe bottom line: some Florida school districts have been creating and/or encouraging easily hackable passwords for very young children, and then impairing parents’ ability to create more secure passwords.

My experience with Hillsborough School’s default passwords and the recent limitations I faced to make passwords secure is shockingly similar to what Boca News Now reported about their district.  This year I was prohibited from changing an insecure password for a young child without Continue reading

Posted in Data Privacy, Hillsborough Schools, PII, Public Schools | Comments Off on Who Holds Florida School Districts Accountable?

Your Kid’s Educational Data: A Rich Target?

accomplishment accuracy accurate aim

Just before the end of the 2018-2019 school year a Tampa middle school cafeteria was bursting with parents attending a new student orientation. Rising sixth grade parents were told to use an online tool called Edsby for communicating with teachers.  They were repeatedly advised how vital it would be to check Edsby for student grades and assignments.  The presentation did not include material on student data privacy.

Edsby is a Canadian owned K-12 learning management system (LMS) and has been in use by Hillsborough Schools since 2013.

FERPA (a federal privacy law) is supposed to protect the privacy of student data, but does the existence of law actually create real protections or mean that the law is understood and followed?

Some parents in Ontario’s York Region School District were not passive about the implementation of Edsby in their district.  Dina Al-Shibeeb reported in “Stouffville parents fear potential breach, want kids’ information off education app” that parents who were informed of a “patched” security vulnerability in Edsby also “…fear it [Edsby] puts their children at risk of privacy violations.”

Why weren’t parents in Tampa’s Hillsborough County School District notified of this known vulnerability in Edsby? Should Hillsborough Schools regularly post its patched vulnerabilities and cybersecurity incidents that might compromise student (and parent) data?  Companies like Cisco do this; why should parents not be informed of the security issues related to their own personal student data?

If parents are not notified of security issues how will they know to take proactive steps to protect children, their identities, and their private information?  Some Hillsborough County Public School parents were not allowed to opt-out of student data collection in Edsby, nor have those parents been provided access to their student’s complete education data held by Education Technology (EdTech) applications like Edsby.

The Edsby product was selected by the district as an “online gradebook system”, but the cloud-based software is more than just an online gradebook. Hillsborough Schools uses Edsby for grades, report cards, parent/teacher communications, analytics, and possibly much more information on students.  According to a January 2018 Tech&Learning article, Edsby offers the capability to “capture pictures, conversations, audio clips and written observations”, tagging, etc.  Do parents get to access written observations if they are stored in Edsby?

Hillsborough Schools was an early adopter of Edsby and a beta test1 site for Edsby learning analytics. Was our district and student data the guinea pig for a new EdTech product in return for reduced pricing? A March 2018 letter indicates the district did receive reduced pricing (a 74% discount) for being an “early adopter” of Edsby.  Were any software vulnerabilities discovered during beta testing, putting student and parent data at risk?

In that same March 2018 letter, Aptiris (the service provider that implements Edsby for the school district) wrote: “One requirement that evolved over the initial contract period is the encryption of all data at rest.”  Remember, the initial Edsby contract was from 2013 and according to this document it apparently didn’t require that all data be encrypted2 at rest (stored). How many years was student data stored unencrypted?  Was sensitive school personnel data (social security numbers, credit card numbers, PINs, bank routing numbers, etc.) stored unencrypted?

The 2013 Hillsborough Schools RFP (request for proposal) evaluation criteria for selecting an “online gradebook system” did not include direct reference to the security of student data or vendor software.

The school district begins collecting student data from the point of registration and continues throughout their education.  That data is passed to the Edsby platform (including parent and family data). Does Edsby have access to student medical conditions, IEPs, behavioral records, attendance, etc.?  The Edsby privacy policy and terms of use raised concerns.

Data collected by software applications might include tracking your mouse clicks, what your mouse hovered over, time logged into reading a book, books accessed, assessment data, etc.

When K-12 student and teacher data for a district of over 200,000 students, is collected, aggregated, and stored online with little oversight or transparency, a responsible parent will have questions about data security and whether EdTech companies or their partners (or their partners…) are monetizing shared student data.

 

1beta test: The final stage in the testing of a new software or hardware product before its commercial release, conducted by testers other than its developers. (The American Heritage® Dictionary of the English Language, 5th Edition)

2encrypt: To alter (data)…to make the data unintelligible to unauthorized users while allowing a user with a key or password to convert the altered data back to its original state. (The American Heritage® Dictionary of the English Language, 5th Edition)

Posted in Uncategorized | Comments Off on Your Kid’s Educational Data: A Rich Target?

Was Angelina Jolie Elected To Hillsborough County School Board?

weird search results hcps0

A Hillsborough County Public Schools (HCPS) website posted a picture of Jolie as one of its school board members!  Maybe we can get an autograph if we attend a school board meeting!

Is this a joke? Was the website hacked?

This HCPS website was discovered by a citizen who performed an internet search for a list of current Hillsborough County School Board members and found Jolie gazing back.

Below is just one example (of many) where a search engine query returns a link to the HCPS staging website:

hcsb yahoo search result

This staging website for HCPS has clearly been indexed with search engines.  A staging website is a test environment that is not supposed to be public facing (published live on the internet) and if configured properly will not be indexed by search engines.  HCPS has nearly a $3B budget and does not appear to manage its website professionally.

How does the IT department have the time to play what has the appearance of a discourteous prank on a school board member?

The apparent ineptitude (the indexed live staging website) and lack of professionalism (posting a photo of Jolie for Dr. Hahn) is disappointing and it raises an important question.  The district IT department is responsible for managing seriously personal data about children, families, and personnel.  The school district is enabled by the Family Educational Rights and Privacy Act (FERPA) to make decisions about who they share that personal (and protected) information with – third parties like Edsby, Clever, i-Ready, etc.  School districts are enabled to do this without parental consent under FERPA (given certain requirements are met).  The question is: are those requirements actually being met by the school district and each third party (how would any parent know), and is it enough to protect the personal student data?

Students and parents are forced to trust that the district knows how to ensure and validate data is properly protected.  How do parents trust a school district that reportedly waited a year to tell parents that drinking water was contaminated with lead?

Examples like this website mess are concerning because of the picture it paints about the school district’s attention to detail and professionalism.  How well does the school district understand the complex world of information security and best practices for protecting student data (like prohibiting PII re-identification)?  The district is responsible for signing agreements with third parties that dictate what student data is shared and how the data is to be protected.

Managing a budget of nearly $3B of other people’s money (taxpayer money) is one thing – it is just money.  Managing and protecting (from harm and misuse) a child’s very personal information, that is collected and shared without consent, is an entirely different and complex matter dealing with your identity, safety, and privacy – and that data is something you can likely never delete or hide if it is revealed and propagated.

Posted in Hillsborough School Board, Hillsborough Schools, PII, Uncategorized | Comments Off on Was Angelina Jolie Elected To Hillsborough County School Board?

Teachers, Parents, Countrymen: How Much of Your Personal Data Does the School District Share?

I wondered how much data Hillsborough County Public Schools (HCPS) shares. What I found was the below excerpt in an agreement that HCPS has with a third party. The document was obtained through a public records request.

AptirisExcerptHCPShighlight

“Recipient” is a third party software services company. The above paragraph seems to provide no limitations on what could be disclosed from personnel records.

What about student records? The agreement seems to contradict itself.  It says: “No other personally identifiable student information [PII] will be disclosed to Recipient.” But it also says disclosure is “not limited to” the confidential student information it lists.  “No other” of an unlimited list is still unlimited.

We can safely assume the vendor stores more student information than what is itemized in that list; for example: teacher name.  The U.S. Department of Education’s Privacy Technical Assistance Center (PTAC) explains in a 2013 document that student PII can include:

“…sensitive and non-sensitive information that, alone or combined with other information that is linked or linkable to a specific individual, would allow identification.”

Given that, it seems likely that teacher name is also personally identifiable student information (and parent name, parent phone number, etc.)

The school district has not provided any way for parents to opt their children out of data collection and aggregation products or services, and has refused to allow parents to opt out children when requested.

Hillsborough County School District must reconsider its agreement that allows a 3rd party’s bi-directional tool from having direct access to the school district’s system of record, especially if independent security experts have not inspected and validated the security and activities of that bi-directional tool.  This bi-directional tool seems to be described in a 2014 EdSurge article as a company secret.

If hackers or other malicious actors access a tool through potential vulnerabilities, they can continue probing for more software vulnerabilities and potentially gain access to even more data.  Should a bi-directional tool from an out of country vendor have access to “take data” from and write data to a U.S. school district’s system of record?  How secure is it?

Teachers, have you discussed this with your union?

Parents, ask the district exactly what specific data this bi-directional tool can access once in the district’s system(s) of record.  If this tool contains security vulnerabilities, then how secure is student data in the various systems of record against bad actors?  Is the privacy of your child’s sensitive information protected now, what about 15 years from now?

Posted in Data Privacy, Hillsborough Schools, PII, Uncategorized | Comments Off on Teachers, Parents, Countrymen: How Much of Your Personal Data Does the School District Share?