Will Your Kid’s School Data be the Next Privacy Breach?

disc-reader-reading-arm-hard-drive.jpg

The Facebook Data Privacy problem is bad, but it didn’t necessarily include very personal information collected by your child’s school district.  One product heavily engaged in student data collection that includes social networking and learning analytics is Edsby.  Edsby is a cloud-based software application developed by CoreFour Inc., based in Canada.

What Does Edsby Collect?

Two years ago, Hillsborough County Public Schools (HCPS) started collecting 1.3 million records every day in Edsby, according to an article in The Journal:

Hillsborough County Public Schools in Tampa, FL was a beta test site for Edsby’s learning analytics and has been capturing data about its 206,000 students for the entire 2015-16 school year, with 1.3 million records entering the district’s Edsby analytics system every school day.

Hillsborough County Schools is the eighth largest school district in the country and has been a customer of Edsby since 2013.  How many records are being stored daily in Edsby now, more than two years after becoming the beta test site for Edsby’s learning analytics?

In January 2018, Tech & Learning described just what kind of qualitative data might be stored on children in Edsby without parental consent.  It appears to include arguably non-academic data:

Edsby’s new…features enable teachers to easily take pictures or record videos, tag them by standards or learning goals, share them with parents and organize them to document growth and streamline reporting on student progress.

The new features’ strong performance on mobile devices enable teachers to capture digital artifacts in the classroom from phones and tablets.

What exactly does the author mean by “digital artifacts”? Is this designed to collect video and audio recordings of student and teacher interactions?  What are the Terms of Use and Privacy Policies of the mobile applications being used to capture “digital artifacts”? If a child is not tagged in the “digital artifact” or the teacher doesn’t share the media, does that mean the parent won’t even know the media exists?  What studies show that this type of invasion of privacy is significantly improving student education?

What personal data could be stored in Edsby? Does it include a student’s medical conditions? Does it include personal information about Exceptional Student Education (ESE) or pexels-photo-236215.jpegIndividual Education Plans (IEP)? Does it include disciplinary actions, student surveys, or psychological test results? What data will districts collect under Social-Emotional Learning  programs? Does it include private messages between parents and teachers? Grades? What are all the fields and media this platform stores?  How is Edsby data accessed when one doesn’t want a user account (FERPA)?  Are parents notified before personal information is included in any Edsby directory (FERPA)?

Five Data Privacy Concerns

Does Hillsborough County Public Schools (HCPS) require contractors like Edsby to follow the U.S. Department of Education’s (USDOE) Protecting Student Privacy While Using Online Educational Services: Model Terms of Service?  Citizens Lighthouse asked about the data privacy policies on Twitter.  While the tweet was directed at Hillsborough County Schools, only Edsby replied.  Based on the information provided in that reply, Citizens Lighthouse has at least five concerns with the district’s use of Edsby:

First, the terms of service (TOS) 1 or terms of use (TOU) provided in the reply from Edsby states:

By posting that content on the Site or through the Services you grant CoreFour Inc. a limited royalty-free, perpetual, world-wide non-exclusive license to store, use, reproduce, publish, translate, distribute, and display the content in any media or medium, or any form, format, or forum now known or hereafter developed subject to the restrictions of our privacy policy.

The U.S. Department of Education’s Student privacy model terms of service CLEARLY provides a “WARNING!” that the phraseology below should NOT be included in the TOS (see here):

Providing Data or user content grants Provider an irrevocable right to license, distribute, transmit, or publicly display Data or user content.

Those two TOUs (TOS) sound similar, should we be concerned?

Second, the USDOE’s student privacy model terms of service also warns here that the school district should maintain control over changes in the TOU.  Edsby explains:

CoreFour Inc. may make changes to these Terms of Use from time to time. We suggest you check these Terms of Use periodically for changes. Any modifications will take effect one month after being posted on the Site and in the Services. By your continuing use of the Site and/or Services after changes are posted, you will be deemed to have accepted such changes.

Third, and even more alarming, there is no explanation in Edsby’s TOU1 or its Privacy Policy1 detailing how well personally identifiable information (PII) is de-identified.  The purpose of de-identification is so that when your data is shared with someone else or analytics are performed, they cannot identify who you are and associate it with your private data; it is supposed to be anonymous.  The problem it seems is that when an entity really wants to figure out who you are, they can try to merge their database with another database acquired elsewhere or use other methods to attempt re-identification of those who were loosely de-identified.  The USDOE explains the challenges of de-identification here:

De-­identification typically requires more than just removing any obvious individual identifiers, as other demographic or contextual information can often be used to re-identify specific individuals. Retaining location and school information can also greatly increase the risk of re‐identification.

As a result, the USDOE specifies some details that should be included in agreements:

…because it can be difficult to fully de-­identify [PII] data, as a best practice, the agreement should prohibit re-identification and any future data transfers unless the transferee also agrees not to attempt re-identification.

There is no mention in Edsby’s TOU1 or Privacy Policy1 how it de-identifies student data.  As it was understood from a conversation with one representative at Hillsborough typography-white-door-fence.jpgSchools, there is not any requirement in their contract or data sharing agreement detailing how the data should be de-identified, or what fields should be removed, and that part of a data-sharing agreement is “trust”. What degree of trust did Facebook assume in its agreements with third parties?  

According to the Tampa Bay Times, HCPS blew through almost half ($146 million) of its financial reserves in three years and purportedly without the school board’s knowledge – given that, some feel trust is long gone.

Edsby seems to have no problem letting you know that they know your geographic location when asking probing questions on their website chat tool.  It makes one wonder what could happen to your child’s data?  Are they trustworthy? Was Facebook trustworthy?

Edsby does have this clause in their policy1:

You may have other agreements with CoreFour Inc. Those agreements are separate and in addition to these Terms of Use. These Terms of Use do not modify, revise or amend the terms of any other agreements you may have with CoreFour Inc.

But then again based on the conversation with HCPS it is understood that de-identification and re-identification clauses do not exist in separate agreements between the Hillsborough County School District and Edsby.

Fourth, what about “educational” researchers? According to The Washington Post that is how Cambridge Analytica “broke Facebook’s rules”— it was “under the pretense of academic use”. What is Hillsborough County Schools Policy on allowing access to student data for “academic use”?

And Last, The Washington Post reported that developers were encouraged to “build their businesses off Facebook’s data” via the Facebook feature “log-in through Facebook”.

What happens when HCPS integrates Edsby with Google G Suite or Microsoft Office 365 for HCPS students and HCPS staff and one logs into Edsby using those Google or Microsoft credentials? According to Edsby’s Privacy Policy1:

When Edsby integrates with these systems it provides a way for you to log in to Edsby by using your Microsoft or Google authentication credentials.

Does that integration give Microsoft or Google access to student data?

In June 2017, Microsoft updated the OneNote Class Notebook add-in to include “Assignment and grade integration with Edsby”.  OneNote is available to HCPS teachers and students for free under the district’s enterprise agreement with Microsoft. OneNote’s list of education partners is long.

The student data in the Edsby platform is stored in Microsoft’s Azure Cloud.  Aside from the risk hackers pose, like this recent example at Bay District Schools, data might be accessible by not only the district but also by Edsby and Microsoft Azure.  Having more parties managing and engaging with the data creates more opportunity for mistakes and subversive behavior.

Getting Answers?

If Hillsborough Schools has a different TOU under its contract or data sharing policy with Edsby then HCPS should publish the Edsby contract and data sharing policy online for transparency and trust.  Those whose personal data is being collected, the students and their parents, have a vested interest in knowing if their data is safe and follows the USDOE’s student privacy model terms of service guidance.

There should be public oversight and total confidence that our data is safe from mining, profiling, and sharing.  There should be transparency about what the district is doing, how they are doing it, and what they are collecting.  Why should citizens have to jump through time-consuming hoops to get complete answers about the privacy of student data?

One district representative suggested speaking with IT Security regarding Edsby privacy questions but refused to provide a single name or contact number for that department, instead the phone call was forwarded to an “IT Security” line that rang endlessly with no voicemail.  Why has the district not published a single contact for the IT Security and Privacy department?

Conclusion

Unfortunately this isn’t the only student data collection engine in the state, there is also Florida’s Statewide Longitudinal Data System (SLDS) or Education Data Warehouse (EDW).  At least the FLDOE tells you what fields or data elements they collect on students, see here if you want to peruse that list, they even include a field for “Teenage Parent Program: Birth Weight of Child”.  Should we be asking the FLDOE similar questions about student data privacy?

According to the Florida Department of Education (FLDOE) the SLDS has “multiple initiatives…to support…federal long-term goals” and is jointly funded by a Race to the Top (RTTT) grant, Federal SLDS grants, and the Florida Legislature.

How much is Hillsborough County School District paying Edsby annually for all services, licensing, training, etc. for the creation of a major data mining and analytics opportunity that might one day risk the privacy of student personal information?

Have all the possible loopholes been dutifully plugged with indecipherable legal jargon?  Or is this just a data breach time bomb waiting to go off?

There are too many questions left unanswered about our children’s data privacy and it seemed safer when we had grades in a teacher (pen and paper) grade book and got paper report cards from a district printer with data likely pulled from a local mainframe every quarter.  It would probably be a lot cheaper if we eliminated some of the district’s software and licensing, maybe even get the district out of their reported deficit.  But the state and federal government want access to all that data, some highly invasive, for research on our children without parental consent.  We should get back to the basics and reclaim local control of education and your children’s personal data.

In the meantime, who is really protecting your child’s data?

pexels-photo-696407.jpeg

1Edsby’s Privacy Policy and Terms of Service (TOS) dated 1/5/2018

 

Posted in Data Privacy, Hillsborough Schools, PII | Leave a comment

Kids Need Better Books: How Did Mabry Elementary’s Library Perform Against Four Other Hillsborough Schools?

Public School Library books should exude quality content with morals and ethics; after all schools are for educating students.  Should children’s desires be what guides the books procured for school libraries? Is that what guides the classroom?

Mabry Elementary is considered one of the best schools in Florida’s Hillsborough County and is used here to discuss unabridged elementary library (physical) holdings.  The findings from a review of Mabry’s unabridged holdings in Fall 2017 were not good.

books-reading-series-narnia-159778.jpeg

Continue reading

Posted in Uncategorized

Kids Need Better Books: When Schools Fail What Can You Do?

Why aren’t more schools consistently providing quality literature from a young age? Encouraging children to read excellent books might help address some of society’s problems.

Children should be guided onto a path where they can eventually take on works by Fyodor Dostoyevsky, Alexandre Dumas, and Victor Hugo. Offering pointless and culturally void novels for leisure reading at school does not serve the purpose for which they are schooled, to be educated.  Books written with shock value are often bad models and do not help children learn how to write well, or understand nuance and complex sentence structure.

19-2571a

Source: NARA

In 1876 ten to thirteen-year-old students were assigned reading material including Longfellow, Tennyson, and Hawthorne. How do these readings compare to in-class readers, Scholastic News, or other materials used as informational texts? How does an engaging story by Nathaniel Hawthorne compare to the messages of Captain Underpants, which is sometimes read in school during independent reading? How do thought provoking pieces like “I-Have and O-Had-I” get tossed aside?

Rather than handing out classroom magazines (sometimes containing age-inappropriate and unbalanced agenda-driven material), schools should select readings from high quality literature including historical events and poetry.  When did the goal become to teach language arts with selected agendas (e.g. starving polar bears or Occupy Wall Street) in place of unbiased excerpts from great literature? Does deep thinking occur when children are told what to think about controversial topics without balanced views being presented? Continue reading

Posted in Uncategorized

Books Promoted by a Hillsborough County Public Library

Are these books, pictured below, the best recommendations to promote on a children’s bookshelf in a Hillsborough County Public Library?

BookPromoHC

Let’s consider the Timmy Failure series by Stephan Pastis.  The first book in this series, Timmy Failure: Mistakes Were Made has a Lexile Score of 520 and is recommended for ages 8-10.

A Lexile Score is a measurement that should represent the complexity of the material, the higher the number the more complex the material.

The third book in the series is titled Timmy Failure: Sanitized for Your Protection, picturing a cover graphic of a young child in a toilet.  The title of chapter three is “Let’s Do the Timmy Warp Again”, is that intended to be a reference to Rocky Horror?  Its Lexile Measure is lower, 500L, and for ages 8-12.

By the time a child reaches third grade, typically 8-years-old, a 520 Lexile is already at the very bottom of the recommended Lexile Range (520-820L) for College and Career Readiness.  A 12-year-old is typically in grades 6-7, with a recommended Lexile Range spanning 925-1120L.  Part of that range is double this book’s Lexile.  So does that mean once a child is mature enough for the content, the material is way too easy?

I am beginning to wonder if authors are writing graphic novels with little prose or depth so that readers will fly through the books.  That strategy could increase sales.

There are so many better books out there to recommend.  Sideways Stories from Wayside School would be one better option for children that need or want easier books.

Lexile Measures should not be relied on too heavily for a number of reasons.  However, for the purposes of this post it gives you the gist of one problem with these books — the complexity is not impressive, especially for its suggested reading age.  And that doesn’t even address the quality of the material in general. 

Posted in Uncategorized

Kids Need Better Books: Can U.S. Students Compete Internationally?

The average reading literacy score of the United States is 24th on the list of countries ordered by average score.  These scores are based on the 2015 Program for International Student Assessment (PISA), an international assessment performed on 15-year-old students every three years.  There are fourteen countries notated as having higher average scores than the United States when considering statistical significance.  Still, that is fourteen education systems whose 15-year-old students perform better in reading literacy than the United States.  Canada, Finland, and Ireland had scores that were ordered third, fourth, and fifth on the list.

In 2016 a different international reading assessment on fourth graders was performed by the Progress in International Reading Literacy Study.  Again, U.S. reading scores are not that impressive.  Twelve education systems were notated as outperforming the United States (with a statistical significance of .05).

The point is we are not at the top.  We aren’t even in the top 10.  It doesn’t feel like the culture surrounding our kids is aiming for excellence, especially with best-selling books like Captain Underpants and Dork Diaries generously offered at school libraries.

When an elementary student can read a 120+ page “book” loaded with graphics in about 20 minutes, it is probably lacking something important like quality and depth.  Children learn from what they are reading (grammar, spelling, etc.).  Are poor quality books helping K-12 students improve critical thinking skills, and reading or writing scores?  This problem might be hindering the common goal of improving academic achievement and literacy in our nation’s schools.

Billions of tax dollars are spent to support in vogue and intensely debated educational standards like Common Core (the set of goals that a child is expected to achieve in each grade) with “new” curriculum (the books and educational materials).  Yet, when walking the halls after school one might notice that too many children are reading books riddled with thought bubbles, thoughtless commentary, and offensive content.  What use is spending billions on adopting new standards with more “rigor” if the bar is lowered for leisure reading?  The goal cannot be to constantly feed children easy and absurd reading material.

There is a mainstream desire for our children to compete with the best education systems in the world.  Here is one thing you can do: Channel that energy around improving the education system into encouraging children to read quality books.  Set an expectation and ask for better books in reading award programs, school classrooms, and libraries.

This is the second post of the series, Kids Need Better Books.
Posted in Kids Books, Uncategorized

Kids Need Better Books: Have You Looked Inside?

We want our children to be critical thinkers and good citizens.

The prevalence and popularity of offensive children’s books is astounding.  These books do not inspire critical thinking skills, good behavior, or develop a child’s knowledge in general.  While it is okay that children might read some of these books occasionally, series after series are flooding our libraries and classrooms, displacing high quality literature. Where is the outrage over these poor quality books marketed to our children?

Crude books encourage children to do things like make arm farts or burp and laugh at it!  When children need humor give them a book of funny and tasteful jokes and riddles (e.g. Laugh-Out-Loud Jokes for Kids and National Geographic Kids Just Joking) or quality literature with humor like The Stranger Next Door.   At least then they are learning to read between the lines and contemplate the intricacies of language and usage while they laugh!

16-2809a

Children in primary grades looking at books, NARA

We need educated and thoughtful citizens in our country.  This is not encouraged when children are rewarded for reading books that end with pictures suggesting that “birds are practicing target shooting at the human below” — as described by a child commenting on a current Sunshine State Young Readers Award (SSYRA) book.  This type of crass humor targeted at young children does not take much thought.  It’s the least common denominator in the world of humor, potty-talk, and a low bar to set for our children.

Many of these poor quality books contain Continue reading

Posted in Kids Books, Uncategorized

Dork Diaries: Concerns from a Cursory Review

Dork Diaries, authored by Rachel Renée Russell, depicts awful behavior toward others.  For example, in Tales From a Not-So-Perfect Pet Sitter, one character (MacKenzie) rants about the narrator breaking rules.  The narrator responds “OMG! I was SO angry, I wanted to slap that girl into tomorrow…” (63).  This is just one snippet of a book riddled with this kind of dialogue.

This material sells, presumably, because it reads more like a script for a kids’ tabloid talk show than a quality piece of literature with good dialogue and messages.

Below are two more examples of poor behavior from this book, not immediately identified for the young reader as wrong:

Max’s grandma insists her archfrenemy, Trixie Claire Jewel-Hollister, is behind it.  They’ve been rivals since high school.  Mrs. Wallabanger [Max’s grandma] has been winning first place in all the local flower shows lately, and she says Trixie Hollister is a rich, spoiled, jealous SORE LOSER. (143)

“Sorry, but MacKenzie totally deserved every fun-filled puppy poopy moment!” (260)

Such mean statements; and one coming from a grandmother!

What value does anger and gossip written on paper for children to read offer?  What does it teach about communication and civil behavior?  What does it teach to children girl-person-human-female.jpgwho need good role models?  What does it teach about positive and healthy friendships?

While adults are pushing anti-bullying campaigns, many simultaneously hand them books that illustrate bullying and vindictive behavior, sometimes for children who have not yet even considered the behaviors.   While I don’t agree with the book contents, the problem sits with the schools (e.g. libraries, book fairs) that are placing a large number of these books in libraries in lieu of quality literature.

Dork Diaries ¹ is riddled with negative language and descriptions that feel endless; spreading from one page into the next, and most often accentuated in bold letters and caps.  Words and phrases like Continue reading

Posted in Kids Books, Uncategorized