Your Kid’s Educational Data: A Rich Target?

accomplishment accuracy accurate aim

Just before the end of the 2018-2019 school year a Tampa middle school cafeteria was bursting with parents attending a new student orientation. Rising sixth grade parents were told to use an online tool called Edsby for communicating with teachers.  They were repeatedly advised how vital it would be to check Edsby for student grades and assignments.  The presentation did not include material on student data privacy.

Edsby is a Canadian owned K-12 learning management system (LMS) and has been in use by Hillsborough Schools since 2013.

FERPA (a federal privacy law) is supposed to protect the privacy of student data, but does the existence of law actually create real protections or mean that the law is understood and followed?

Some parents in Ontario’s York Region School District were not passive about the implementation of Edsby in their district.  Dina Al-Shibeeb reported in “Stouffville parents fear potential breach, want kids’ information off education app” that parents who were informed of a “patched” security vulnerability in Edsby also “…fear it [Edsby] puts their children at risk of privacy violations.”

Why weren’t parents in Tampa’s Hillsborough County School District notified of this known vulnerability in Edsby? Should Hillsborough Schools regularly post its patched vulnerabilities and cybersecurity incidents that might compromise student (and parent) data?  Companies like Cisco do this; why should parents not be informed of the security issues related to their own personal student data?

If parents are not notified of security issues how will they know to take proactive steps to protect children, their identities, and their private information?  Some Hillsborough County Public School parents were not allowed to opt-out of student data collection in Edsby, nor have those parents been provided access to their student’s complete education data held by Education Technology (EdTech) applications like Edsby.

The Edsby product was selected by the district as an “online gradebook system”, but the cloud-based software is more than just an online gradebook. Hillsborough Schools uses Edsby for grades, report cards, parent/teacher communications, analytics, and possibly much more information on students.  According to a January 2018 Tech&Learning article, Edsby offers the capability to “capture pictures, conversations, audio clips and written observations”, tagging, etc.  Do parents get to access written observations if they are stored in Edsby?

Hillsborough Schools was an early adopter of Edsby and a beta test1 site for Edsby learning analytics. Was our district and student data the guinea pig for a new EdTech product in return for reduced pricing? A March 2018 letter indicates the district did receive reduced pricing (a 74% discount) for being an “early adopter” of Edsby.  Were any software vulnerabilities discovered during beta testing, putting student and parent data at risk?

In that same March 2018 letter, Aptiris (the service provider that implements Edsby for the school district) wrote: “One requirement that evolved over the initial contract period is the encryption of all data at rest.”  Remember, the initial Edsby contract was from 2013 and according to this document it apparently didn’t require that all data be encrypted2 at rest (stored). How many years was student data stored unencrypted?  Was sensitive school personnel data (social security numbers, credit card numbers, PINs, bank routing numbers, etc.) stored unencrypted?

The 2013 Hillsborough Schools RFP (request for proposal) evaluation criteria for selecting an “online gradebook system” did not include direct reference to the security of student data or vendor software.

The school district begins collecting student data from the point of registration and continues throughout their education.  That data is passed to the Edsby platform (including parent and family data). Does Edsby have access to student medical conditions, IEPs, behavioral records, attendance, etc.?  The Edsby privacy policy and terms of use raised concerns.

Data collected by software applications might include tracking your mouse clicks, what your mouse hovered over, time logged into reading a book, books accessed, assessment data, etc.

When K-12 student and teacher data for a district of over 200,000 students, is collected, aggregated, and stored online with little oversight or transparency, a responsible parent will have questions about data security and whether EdTech companies or their partners (or their partners…) are monetizing shared student data.

 

1beta test: The final stage in the testing of a new software or hardware product before its commercial release, conducted by testers other than its developers. (The American Heritage® Dictionary of the English Language, 5th Edition)

2encrypt: To alter (data)…to make the data unintelligible to unauthorized users while allowing a user with a key or password to convert the altered data back to its original state. (The American Heritage® Dictionary of the English Language, 5th Edition)

Posted in Uncategorized | Leave a comment

Was Angelina Jolie Elected To Hillsborough County School Board?

weird search results hcps0

A Hillsborough County Public Schools (HCPS) website posted a picture of Jolie as one of its school board members!  Maybe we can get an autograph if we attend a school board meeting!

Is this a joke? Was the website hacked?

This HCPS website was discovered by a citizen who performed an internet search for a list of current Hillsborough County School Board members and found Jolie gazing back.

Below is just one example (of many) where a search engine query returns a link to the HCPS staging website:

hcsb yahoo search result

This staging website for HCPS has clearly been indexed with search engines.  A staging website is a test environment that is not supposed to be public facing (published live on the internet) and if configured properly will not be indexed by search engines.  HCPS has nearly a $3B budget and does not appear to manage its website professionally.

How does the IT department have the time to play what has the appearance of a discourteous prank on a school board member?

The apparent ineptitude (the indexed live staging website) and lack of professionalism (posting a photo of Jolie for Dr. Hahn) is disappointing and it raises an important question.  The district IT department is responsible for managing seriously personal data about children, families, and personnel.  The school district is enabled by the Family Educational Rights and Privacy Act (FERPA) to make decisions about who they share that personal (and protected) information with – third parties like Edsby, Clever, i-Ready, etc.  School districts are enabled to do this without parental consent under FERPA (given certain requirements are met).  The question is: are those requirements actually being met by the school district and each third party (how would any parent know), and is it enough to protect the personal student data?

Students and parents are forced to trust that the district knows how to ensure and validate data is properly protected.  How do parents trust a school district that reportedly waited a year to tell parents that drinking water was contaminated with lead?

Examples like this website mess are concerning because of the picture it paints about the school district’s attention to detail and professionalism.  How well does the school district understand the complex world of information security and best practices for protecting student data (like prohibiting PII re-identification)?  The district is responsible for signing agreements with third parties that dictate what student data is shared and how the data is to be protected.

Managing a budget of nearly $3B of other people’s money (taxpayer money) is one thing – it is just money.  Managing and protecting (from harm and misuse) a child’s very personal information, that is collected and shared without consent, is an entirely different and complex matter dealing with your identity, safety, and privacy – and that data is something you can likely never delete or hide if it is revealed and propagated.

Posted in Hillsborough School Board, Hillsborough Schools, PII, Uncategorized | Leave a comment

Teachers, Parents, Countrymen: How Much of Your Personal Data Does the School District Share?

I wondered how much data Hillsborough County Public Schools (HCPS) shares. What I found was the below excerpt in an agreement that HCPS has with a third party. The document was obtained through a public records request.

AptirisExcerptHCPShighlight

“Recipient” is a third party software services company. The above paragraph seems to provide no limitations on what could be disclosed from personnel records.

What about student records? The agreement seems to contradict itself.  It says: “No other personally identifiable student information [PII] will be disclosed to Recipient.” But it also says disclosure is “not limited to” the confidential student information it lists.  “No other” of an unlimited list is still unlimited.

We can safely assume the vendor stores more student information than what is itemized in that list; for example: teacher name.  The U.S. Department of Education’s Privacy Technical Assistance Center (PTAC) explains in a 2013 document that student PII can include:

“…sensitive and non-sensitive information that, alone or combined with other information that is linked or linkable to a specific individual, would allow identification.”

Given that, it seems likely that teacher name is also personally identifiable student information (and parent name, parent phone number, etc.)

The school district has not provided any way for parents to opt their children out of data collection and aggregation products or services, and has refused to allow parents to opt out children when requested.

Hillsborough County School District must reconsider its agreement that allows a 3rd party’s bi-directional tool from having direct access to the school district’s system of record, especially if independent security experts have not inspected and validated the security and activities of that bi-directional tool.  This bi-directional tool seems to be described in a 2014 EdSurge article as a company secret.

If hackers or other malicious actors access a tool through potential vulnerabilities, they can continue probing for more software vulnerabilities and potentially gain access to even more data.  Should a bi-directional tool from an out of country vendor have access to “take data” from and write data to a U.S. school district’s system of record?  How secure is it?

Teachers, have you discussed this with your union?

Parents, ask the district exactly what specific data this bi-directional tool can access once in the district’s system(s) of record.  If this tool contains security vulnerabilities, then how secure is student data in the various systems of record against bad actors?  Is the privacy of your child’s sensitive information protected now, what about 15 years from now?

Posted in Data Privacy, Hillsborough Schools, PII, Uncategorized

Who Has Your Kid’s Data?

Below is a story written by a mom in central Florida about an under-reported and growing problem in public schools.  She is sharing this story to bring attention to the lack of control parents have over protecting their children’s privacy in public schools, magnified by the rapid and seemingly uncontrolled deployment of education technologies (EdTech). 

Two years ago we discovered our Florida public school district had shared our family’s personal data with a third party private company based in another country.  We were shocked our school district had done this without our knowledge or consent.  The district refused to allow us to opt out and also emailed that they did not believe the third party private company would remove the student data in their application.

And so began a long journey that revealed the full extent of our public school system’s monopolistic and self-serving behavior.  We became increasingly alarmed as we realized the school district:

  • Collects and shares personal and protected information on students, parents, and sometimes school personnel with for-profit third parties. At least one third party has a privacy policy that explicitly states they can transfer the information as an asset in a sale or merger.
  • Allows for-profit third parties to collect personal data on students.
  • Allows a for-profit private company based in another country to write to the school district’s system of record.
  • Creates student accounts with third party companies using easily hackable passwords and does not always tell parents the accounts exist.
  • Does not tell parents with whom these third parties share student data or whether the data is correct or if vendor software contains security vulnerabilities.
  • Has not been able to keep school district employees from posting what is apparently sensitive personal student information on social media and the internet.
  • Does not appear to monitor school app use for compliance with COPPA (a federal law).
  • Performs health screenings and records results without directly notifying parents.

We were not surprised to read the scary details in an FBI alert that recommended parents discuss with school districts the types of questions we have been asking.

When we formally insisted on a full accounting of data collected and shared on our children, our right under FERPA (another federal law), we were ignored.  We asked for this accounting of our student data repeatedly and eventually the school escalated our request to the district, involving the school district attorneys.  The unfortunate result of escalation was that our request was ignored and our children were forced, against their will and ours, onto yet another third party technology that collected even more data on our children.

I could get into the details of what has transpired and the poor behavior displayed by the school district but I will stop here and spare you dozens of pages of reading material and a year’s worth of research on the failures of school districts to protect or honor student and family privacy.

We were advised to go to the media or hire an attorney but we were also told an attorney might run us five figures.  We wondered: If the school district can hide behind unresponsive tax-payer funded lawyers—where are ours?

-A mom from central Florida

Posted in Data Privacy, PII, Public Schools, Social Media Privacy, Uncategorized

Hillsborough County Schools: Why Are Buses Still Late?

back bus education school

This year reports of late buses began the first week of school: frustrated, upset, and expect late buses.  Now some parents are fed up with continued problems of late or no-show buses into the seventh week of school, according to an ABC Actions News report.

History tells us one reason Hillsborough County school buses are late is driver shortages, yet in 2017 school district leaders were discussing how bell times were causing late buses.

On August 30, 2018 Candace Aviles reported that Tanya Arja, HCPS spokesperson, explained the district needed more drivers and was also trying to increase their pool of substitute drivers; that a driver shortage “could be adding to [bus] delays…”

On February 22, 2016 Sarah Rosario reported on late buses and Tanya Arja explained when drivers are on extended leave or call out sick and there are not enough drivers, then buses can be late.

In 2013, Danielle Hauser, Tampa Bay Times, reported what she was told about late buses:

A woman explained to me that they were short 10 bus drivers in our area, and until they could hire those drivers, some buses would do double runs.

Nothing seems to be different except bell times–buses have continued to be late or missing. Why isn’t the district reporting weekly late bus statistics compared to last year; is it better, the same, or worse?

CitizensLighthouse questioned the validity of changing bell times to fix late buses in April 2017, noting the causes for late buses summarized by Gibson Consulting Group did not appear to be fixed.  Are those problems fixed?  

Gibson Consulting Group (Gibson) made six recommendations “to achieve cost savings in Transportation” in their 2016 audit.  One of those six recommendations was “Increasing the staggering of bell schedules”.

Gibson Consulting Group (Gibson) also explains how changing bell schedules “to allow at least one hour between bell times” will cut costs:

…the Transportation Department could schedule more bus drivers and buses for three tiers [one driver serving three schools during the day], reducing the total number of bus drivers and buses required.  (145)

Then Gibson quantifies savings in bus drivers and attendants for staggering bell times, estimating savings of $2.7M annually (146).

While this could reduce the gap between the number of drivers needed and the number they have, the school district was still short drivers as of August 30.  Did changing bell times solve that problem?

According to Cindy Stewart, increasing the time between bells (elapsed time) is also a recommendation by the Council of the Great City Schools (CGCS), a national organization.  Their tagline is The Nation’s Voice for Urban Education.  Where is the report from CGCS that explains the reasons for that recommendation?

Susan Valdes, also on the Hillsborough County School Board, is listed as a 2017-2018 CGCS Executive Committee Member.

Cindy Stewart seemed to turn to CGCS in the School Board meeting on April 25, 2017 (time marker 2:16:47) before voting to approve the change in bell times:

I don’t believe the Gibson Report, Ms. Snively, is the first time that we’ve heard this…Council of Great City Schools brought this to us…the School Transportation Improvement plan had it in there as well…we will still have 10,000+ students late, next year [2017-2018], every day…

The problem with that statement is the Gibson Report recommended bell changes to cut costs.  Did some school board and district leaders conflate cost issues with late bus issues when this decision was made?  Melissa Snively was the only vote against changing bell times at this meeting.

Cindy Stewart also stated at that meeting “…bell times is not a transportation conversation.  This is an administrative conversation…”  

Bell schedule optimization is an operations problem because of its intimate relationship with bus routing.  In operations research these are commonly known as routing and scheduling problems.

When the district turns to state or national organizations (CGCS) for answers, the first question should be: Why can’t our staff solve the problem?

Has the bus driver absentee rate of 10% that Chris Farkas referenced in the April 25, 2017 board meeting been reduced?  How many students does that absenteeism rate impact if the district is still short both drivers and substitutes?

In April 2017 Superintendent Eakins posted a video implying the late bus problem was because certain bell times were too close together, referencing that we lack the standard number of minutes for drop-off and pick-up.

Eakins stated “across the State of Florida the standard is at least 55-75 minutes between bell times…”.  While some districts have instituted this hour-long (55-75 minute) elapsed time recommendation, not all districts have adopted this standard.

One size does not fit all.  We need winning solutions for getting students safely to and from school on time, and at a reasonable hour.

When the school district makes a change impacting all of its customers (change in bell schedule) they should provide the reports and statistics regarding the outcome of the communicated purpose. The purpose for the bell time change stated by Eakins: “At the heart of this decision is the need to secure appropriate instructional minutes for all our students”.  The concern is that students lose instructional minutes when buses are late.  Did the district establish a measurable target when they implemented this change? What are the results and have they met their stated goal?

Posted in HCPS Bell Schedules, Hillsborough School Board, Hillsborough Schools, Uncategorized

FBI Alert Encourages Increased Awareness of Student Data Collection and Cybersecurity Risks: Hillsborough Schools – Let’s Talk About It

StudentDataPrivacy

On September 13, 2018 the FBI released a public service announcement (PSA) and noted:

US school systems’ rapid growth of education technologies (EdTech) and widespread collection of student data could have privacy and safety implications if compromised or exploited.

The FBI lists the personal data that is at risk from data collection—and it isn’t just grades (it can include “…behavioral, disciplinary, and medical information…”).  They then provide several examples of actual malicious events and explain how the data was used:

…in late 2017, cyber actors exploited school information technology (IT) systems by hacking into multiple school district servers across the United States. They accessed student contact information, education plans, homework assignments, medical records, and counselor reports, and then used that information to contact, extort, and threaten students with physical violence and release of their personal information. The actors sent text messages to parents and local law enforcement, publicized students’ private information, posted student PII on social media, and stated how the release of such information could help child predators identify new targets.

In another example the FBI states “Cybersecurity issues were discovered in 2017 for two large EdTech companies, resulting in public access to millions of students’ data.”  One company “…suffered a breach and student data was posted for sale on the Dark Web.

Please read the PSA in its entirety, every parent should be made aware of this important information.  The FBI provides a list of recommendations for parents and families in the alert.

Aside from what was included in this alert, the data breaches and privacy concerns continue into 2018, here are two more events:

In March 2018 Politico reported a data breach at Florida Virtual Schools.  This breach was discussed in a post in which I also presented issues regarding how a third party obtained preschooler data to market a product.  Another question posed in that post was:  What independent studies exist that show data collection efforts are providing a statistically significant improvement in education outcomes?

Then there is this Google G-Suite (for education) privacy concern, posted by Missouri Education Watchdog.  This apparent invasion of privacy is very alarming.  In this post Cheri Kiesecker explains that:

School-issued student Google accounts connect to Google Drive which can allow for the ability to Auto-Sync devices to Auto-Save passwords, browsing history and other digital data points from numerous devices used by a single user…this could include digital data from non-school related accounts.

In our own district, Hillsborough County Public Schools collects student data in a variety of ways including: Continue reading

Posted in Data Privacy, Hillsborough Schools, PII, Social Media Privacy, Uncategorized

Hillsborough Schools Operational Problems Running Rampant

A new Tampa Bay Times article has shocking revelations about the state of our public school facilities.  The article summarizes the conditions and repercussions that failing AC units have had on students, classrooms, food, technology, instruments, and even band uniforms.

Could anyone have imagined the AC problems at Hillsborough Schools ran this deep?  Is this an extension of what appears to be operational mismanagement of district transportation?

What happened to school district reserves, routine maintenance, busing service, and safe drinking water? It is mind-boggling.  Did operations leaders see this coming?  Is school district leadership incompetent?  Why has facilities maintenance become backlogged so severely over the years (“nearly $1 billion” in deferred maintenance) when money was being spent reprehensibly?

Over $180 million of our district reserves was gone in 2015, triggering a potential downgrade with ratings agencies.  Bond ratings are like a credit score for the district.  When a downgrade occurs borrowing becomes more difficult and the cost to borrow can increase – meaning more interest expense.  Most of that $180 million was reportedly spent on the failed Gates-backed Empowering Effective Teachers (EET) project. Former district superintendent Elia was fired by the Hillsborough County School Board, but the school board should have known how and where money was spent: month over month, year over year, and actuals to budget on a monthly basis.   Now the school district wants to tax us after showing us their poor money management skills.

That is a lot of money reportedly wasted on the failed Gates Foundation project.  That money would have better served children by repairing and maintaining facilities.  Instead, the district pandered to the Gates Foundation’s latest education fad.  What is next?  Is Social Emotional Learning (SEL) a similar fad?

Questions about SEL spending have gone unanswered.  CitizensLighthouse questioned SEL spending in these tweets: materials and trainingdistrict time, and funding.  Many articles have been written criticizing SEL.

How much money is wasted on non-vital programs when this is the state of our facilities?  As usual, there is no response to questions on twitter.

CitizensLighthouse also asked if certain accounting problems reported in Gibson Consulting Group’s 2016 Operational Efficiency Audit have been fixed – there was no response.

Gibson summarized three problems with account codes in that audit: Continue reading

Posted in Hillsborough School Board, Hillsborough Schools, Uncategorized