What’s Stored in your School Google Drive Account? You Might be Surprised.

Reposted with permission from Missouri Education Watchdog.

Don't Be Evil

If you or your child have a Google account through school, you are going to want to read this.

WATCH THIS FOX 5 NEWS CLIP from Springfield, MO. They show one teacher log into her school issued Google Drive account where her personal information, including 139 passwords and audio of voice to text messages and Siri searches were stored, allegedly unencrypted.

While many have questioned Google’s invasion of the classroom and how Google Apps for Education, (now called G-Suite), collects and uses student or teacher information, few have really gotten much in the way of answers. What is reportedly happening with Springfield Missouri Public School’s use of Google Drive offers a rare glimpse into Google’s potential to collect data. School-issued student Google accounts connect to Google Drive which can allow for the ability to Auto-Sync devices to Auto-Save passwords, browsing history and other digital data points from numerous devices used by a single user. For students in SPS this could include digital data from non-school related accounts.  This July 17, 2018 Fox 5 KRBK  news story explains how one family discovered this practice and reported it to the school district.

“The Elys claim that the SPS Google Drive, given to all SPS employees and students, automatically begins to store information from any device the drive is accessed on. This includes browser history, but also personal information such as files and passwords. They add that even if you log out of the drive, it stays running and recording in the background.

After bringing their concerns forward this past May, they say that despite the evidence presented, no serious action has been taken on behalf of the district.

“They have a lot of evidence and have had it since December, and we have not heard one word from any of them, said Dianne Ely.

With more searching, the Elys have now found even more sensitive information that’s been stored to their daughter’s Google Drive, including 139 passwords to both her and her husband’s different accounts and also voice recordings of both her and her children.

“My voice to text was being stored as well as any search my kids did, and I could say ‘sure my daughter was searching on Google,’ but my phone uses Safari. When I used my texting app on my iPhone, it recorded my voice, as well as typing out the words and saving it on my Google Drive,” said Brette Hay, the Ely’s daughter and a teacher at Pershing Middle School.

The Elys hope with this new evidence, not only will parents, employees and students take action to check what private information of their own could be stored on the drive, but that the school district will also take the appropriate steps to make their Google Drive safe.” [Emphasis added]

Parents want to know: Why is Auto-Syncing of devices and Auto-Saving of passwords allowed on any school-issued Google account?

Google changed its Google Drive syncing in September 2017. This new policy raises several questions:

  • How does this Google change affect privacy and security and access to school-issued Google Drive accounts? Does it allow cross device tracking?
  • Are students, parents, school employees, (who are often required to use the school-issued Google Drive), informed that their devices could be automatically synced, and remain synced even when the log out? Are  users informed of what information, including personal passwords, could be stored on their school-issued Google Drive?
  • Since district administrators can set permissions, do districts have the ability to disable the Google Auto-Sync and Auto-Save function?

Each state has consumer protection laws and state privacy laws that may prohibit the collection or reporting of individual’s biometric information such as facial or voice recognition. There are also several federal privacy laws, highlighted below, that apply specifically to student information.

PPRA  The law requires that schools obtain written consent from parents before minor students are required to participate in any U.S. Department of Education funded survey, analysis, or evaluation that reveals information concerning the eight protected areas.

FERPA    34 CFR § 99.3 defines an education record as “The term education record means those records that are: (1) Directly related to a student; and (2) Maintained by an educational agency or institution or by a party acting for the agency or institution.  Generally, schools must have written permission from the parent or eligible student in order to release any information from a student’s education record.” However, FERPA allows schools to disclose covered information in education records, without consent, in certain situations.

The auto-syncing capability of Google Drive raises additional concerns for schools using this technology:

  • If personal devices are synced and passwords stored, and if a student’s personally identifiable (PII) is collected, does the district’s or Google’s access to student Google Accounts meet the requirements of federal and state laws? Should the district be required to obtain informed written parental consent prior to this PII data being aggregated on the Google Drive?
  • Has covered information stored on the Google Drive ever been accessed by anyone other than the student, parent, or school official?
  • Is posting a student’s ID on each school device, and generating a uniform password for all students, in compliance with best practices and FERPA? (See Dr. Ely’s May testimony for an example of this practice.)
  • If parents feel their student’s personally identifiable information has been disclosed improperly, they can file a FERPA complaint.

COPPA  “The primary goal of COPPA is to place parents in control over what information is collected from their young children online. The Rule was designed to protect children under age 13 while accounting for the dynamic nature of the Internet. The Rule applies to operators of commercial websites and online services (including mobile apps) directed to children under 13 that collect, use, or disclose personal information from children, and operators of general audience websites or online services with actual knowledge that they are collecting, using, or disclosing personal information from children under 13. The Rule also applies to websites or online services that have actual knowledge that they are collecting personal information directly from users of another website or online service directed to children.”

  • If personal information of children under the age of 13, such as their browsing history or location was collected when they were online (including when they accessed non-educational websites outside of school, while not actively logged into their synced Google Drive) and if the information from this synced device was stored on the school-issued Google Drive, along with saved passwords, who has access to this information? Is informed parental consent required?
  • Can this personal information in the Google Drive ever be accessed by anyone other than the student and their parent?

HIPAA  “The Health Insurance Portability and Accountability Act of 1996 (HIPAA) required the Secretary of the U.S. Department of Health and Human Services (HHS) to develop regulations protecting the privacy and security of certain health information. To fulfill this requirement, HHS published what are commonly known as the HIPAA Privacy Rule and the HIPAA Security Rule.”

While information contained in a student’s education record is generally not covered by HIPAA, it is generally covered by FERPA.  This leads to a larger set of questions when Auto-syncing devices and storing  information in a school-issued Google Drive:

  • Is a student’s personal information stored in a school-issued Google Drive considered part of a student’s education record? What if the personal information was obtained outside of school, without the student’s or parent’s knowledge?
  • Does HIPAA apply if information stored on a school-issued Google Drive, is personal information about someone other than a student?
    • Is access to your family’s health record part of a student’s educational record, both FERPA and HIPAA compliant if you did not knowingly supply the information to the school?
    • Is audio of a parent discussing personal medical information considered part of a student’s education record?
    • If a relative or friend is a medical professional and you used his/her computer to log into your Google Drive, and now the device is synced, are the auto-saved passwords and medical information on this personal computer part of the student’s education record?
  • In general, is Google Drive HIPAA compliant? If passwords are exposed, does the district and Google follow the necessary steps to ensure Google HIPAA compliance?

Best Practices

In the Fox 5 news story, the School District claims that they followed best practices and there is no breach within the SPS system.  In response to these allegations, SPS stated:

“We believe that our data systems remain safe and secure. In reviewing the concerns brought forward, no data breach has been identified within the SPS system, nor are we aware of any personal information on our servers beyond the appropriate staff and student information provided to the district. We want to assure our community that SPS will always support any investigation into allegations, such as these, in order to address concerns. SPS is committed to doing all that is necessary to keep our staff and students safe and secure. This is true for both facility and cyber security. We work with third-party vendors to regularly monitor and evaluate our procedures and information systems. We implement ongoing updates to our best practices and information systems to maintain and strengthen, wherever appropriate. Our IT Department continues to review best practices in the industry, refining and enhancing district procedures on a regular basis, while also strictly adhering to the manufacturer’s terms of use for any software or other product. We know that ongoing training is essential to protecting the security of each individual and the district-at-large. Over the past three years, we have focused on new training for both staff and students regarding how to be responsible digital citizens. Because this is a personnel matter, we are limited in the details that we can provide, but we remain vigilant in our work to protect the safety and security of our systems, in the best interest of all SPS constituents. At this time, our internal and independent assessments do not indicate that there is a reason for the community to be concerned.”

Screenshot of teacher checking passwords saved on the SPS Google Drive account. The teacher has shown that if you click on the eye icon of any of these accounts, the passwords are exposed. (We redacted the email addresses and the Amazon account that shows the password has been deactivated.)

We wonder about the reported non-school related information and non-school related passwords to accounts (including accounts with personal banking information, medical accounts) that are allegedly stored unencrypted on school-issued Google Drive accounts?  Would this situation comply with Missouri’s new law, HB1606,  on student cybersecurity and breach reporting?

Regardless of the school district’s claim that there is no reason for concern, many people are concerned and are questioning the ethical and legal implications. Many are wondering if Google Drive Auto-Syncing and Auto-Saving is happening in other school districts across the nation. We have posted videos and links to public testimony presented at Springfield Public School Board meetings with detailed explanations from people who have experienced this first hand and have reported it both to the school district and have filed a police report. We have also posted instructions at the bottom of this blog for you to check what is in your (or your child’s) school-issued Google Drive account.

 

Public testimony of the July board meeting begins at the 4 minute mark.

 

Public testimony of the May board meeting begins at the 18 minute mark.

 

What do you think?  

If personal, non-education related information is being stored in school-issued Google Drives, would that data collection cross the line? After reading this blog and reviewing the testimony etc, let us know what you think and let us know what you find in your school Google Drive. 

(You can post a comment on this blog but please do not share your passwords or personal log-in information that would leave you open to hacking; just tell us the types of information you found in your Google Drive.)

We wonder why any school district would want the liability and security risk associated with storing personal information and allegedly unencrypted passwords to personal accounts. With cyber hacks targeting schools at an alarming rate, think of the security issues and potential for harm.

Ask your school district how their Google Drive is set up and look at the information stored in your school-issued Google Drive.

Here’s how to see what is in your school-issued Google Drive, according to May 2018 testimony provided by Dr. Ely. (It may look slightly different depending on the device you are using. )

Steps for checking your/your child’s/your grandchild’s SPS Google Drive Account

Sign- in and security (passwords and devices)

  1. Log into your account.
  2. Once into the Google Drive click on the top left the 3 lines, which pops open your Google drive account info. Look all the way at the bottom and click on the round picture of the round circle with your initial in it.
  3. Click on my account
  4. Click Sign-in & security
  5. Scroll all the way to the bottom of the sign in and security page to where it says saved passwords. This is where you can see all of the passwords stored to the SPS Google Drive Account. For the passwords, it might look like an eye but you just need to click on it to reveal the password.
  6. From the sign in and security screen you can also see what devices have been used to log into your sps Google account and allow you to see what devices have been synced with your account.
  7. You may need to click on “Mange My Activities” to see stored voice to text speech, location tracking, YouTube and search history.

 

References and related links:

May 15, 2018 Springfield Public Schools Board Meeting. Public comment starts at about 18 minutes https://www.youtube.com/watch?v=WIbjpjsKAc8

May 15, 2018 Written testimony from Dr. Norman Ely https://drive.google.com/open?id=1HKBAAvyZ39pSxASq2p6OCM-EoL9BbU2L

July 17, 2018 Springfield Public Schools Board Meeting. Public comment starts at about 4 minutes https://www.youtube.com/watch?v=kDREN3CCO3E 

July 17, 2018 Written testimony from parent and teacher Brette Hay https://drive.google.com/open?id=1PdFLlqaR-gvUB32nFsz-_ILoEt3fkpPA

July 17, 2018 Written testimony from Dr. Norman Elyhttps://docs.google.com/document/d/14Ikjd8TkQhhnGnwh7RdLdGGlo6VnFzKQ2GdXEjImPjs/edit?usp=sharing

July 17, 2018 Written testimony from Brooke Hendersonhttps://docs.google.com/document/d/1zvqD2p54Co1zStAkj7AoH1RDxx8Ys3LdwXtDSEkHHDQ/edit?usp=sharing

FOX 5 KRBK Family claims SPS Google Drive is storing personal information http://www.fox5krbk.com/story/38669634/family-claims-sps-google-drive-is-storing-personal-information#.W09T9C4KOr0.facebook

KOLR10 Parents of SPS Employee say Their Family was Hacked  https://www.ozarksfirst.com/news/parents-of-sps-employee-say-their-family-was-hacked/1181643101

Computer hacking, massive data breach revealed to Springfield Board, Attorney General reportedly investigating https://rturner229.blogspot.com/2018/05/computer-hacking-massive-data-breach.html

Springfield Public Schools 2017-18 School Handbook  https://isharesps.org/websitedoc/CommunityRelations/Student%20Handbooks/2017-2018%20handbook%20final%20complete.pdf

Springfield Public Schools 2018-19 School Handbook https://www.sps.org/Page/2623

How Google Took Over the Classroom https://www.nytimes.com/2017/05/13/technology/google-education-chromebooks-schools.html

EFF: Google’s Student Tracking Isn’t Limited to Chrome Sync
https://www.eff.org/deeplinks/2015/12/googles-student-tracking-isnt-limited-chrome-sync

State Attorneys General are next headache for Google 2017 https://www.wired.com/story/state-attorneys-general-are-googles-next-headache/

37 Attorneys General settle against Google for Consumer tracking violations 2013 https://www.privacyandsecuritymatters.com/2013/11/google-pays-big-to-state-attorney-generals-for-improper-consumer-tracking/

YouTube is Improperly Collecting Children’s Data, Consumer Groups Say  https://mobile.nytimes.com/2018/04/09/business/media/youtube-kids-ftc-complaint.html?smid=tw-share

Transparency and the Marketplace for Student Data
https://www.fordham.edu/info/23830/research/10517/transparency_and_the_marketplace_for_student_data/1

U.S. Education Dept. responds to TheDarkOverlord attacks with new cyber advisoryhttps://www.databreaches.net/u-s-education-dept-responds-to-thedarkoverlord-attacks-with-new-cyber-advisory/

Missouri Consumer Protection Law https://ago.mo.gov/civil-division/consumer/identity-theft-data-security/identity-theft

New Student Data Breach Reporting Requirements in Missouri  https://k12cybersecure.com/blog/new-student-data-breach-reporting-requirements-in-missouri/

Missouri Student Privacy Bill  HB14-1490 as found on the Missouri Department of Elementary and Secondary Education Data System Management website.   https://dese.mo.gov/data-system-management/data-access-sharing-and-privacy

HB-1490:

(4) Develop a detailed data security plan that includes:

(a) Guidelines for authorizing access to the student data system and to individual student data including guidelines for authentication of authorized access;

(b) Privacy compliance standards;

(c) Privacy and security audits;

(d) Breach planning, notification and procedures;

(e) Data retention and disposition policies; and

(f) Data security policies including electronic, physical, and administrative safeguards, such as data encryption and training of employees;

 3. The department of elementary and secondary education shall not collect nor shall school districts report the following individual student data:

(1) Juvenile court delinquency records;

(2) Criminal records;

(3) Student biometric information;

(4) Student political affiliation; or

(5) Student religion.

4. Any rule or portion of a rule, as that term is defined in section 536.010, that is created under the authority delegated in this section shall become effective only if it complies with and is subject to all of the provisions of chapter 536 and, if applicable, section 536.028. This section and chapter 536 are nonseverable and if any of the powers vested with the general assembly pursuant to chapter 536 to review, to delay the effective date, or to disapprove and annul a rule are subsequently held unconstitutional, then the grant of rulemaking authority and any rule proposed or adopted after the effective date of this section shall be invalid and void.

5. Each violation of any provision of any rule promulgated pursuant to this section by an organization or entity other than a state agency, a school board, or an institution shall be punishable by a civil penalty of up to one thousand dollars. A second violation by the same organization or entity involving the education records and privacy of the same student shall be punishable by a civil penalty of up to five thousand dollars. Any subsequent violation by the same organization or entity involving the education records and privacy of the same student shall be punishable by a civil penalty of up to ten thousand dollars. Each violation involving a different individual education record or a different individual student shall be considered a separate violation for purposes of civil penalties…

 

Missouri Student Privacy Bill  HB14-1490 as found on the Missouri Department of Elementary and Secondary Education Data System Management website.   https://dese.mo.gov/data-system-management/data-access-sharing-and-privacy

HB-1490:

…The department of elementary and secondary education shall develop criteria for the approval of research and data requests from state and local agencies, researchers working on behalf of the department, and the public
(3) Shall not, unless otherwise provided by law and authorized by policies adopted pursuant to this section, transfer personally identifiable student data;

(4) Develop a detailed data security plan that includes:

(a) Guidelines for authorizing access to the student data system and to individual student data including guidelines for authentication of authorized access;

(b) Privacy compliance standards;

(c) Privacy and security audits;

(d) Breach planning, notification and procedures;

(e) Data retention and disposition policies; and

(f) Data security policies including electronic, physical, and administrative safeguards, such as data encryption and training of employees;

 3. The department of elementary and secondary education shall not collect nor shall school districts report the following individual student data:

(1) Juvenile court delinquency records;

(2) Criminal records;

(3) Student biometric information;

(4) Student political affiliation; or

(5) Student religion.

4. Any rule or portion of a rule, as that term is defined in section 536.010, that is created under the authority delegated in this section shall become effective only if it complies with and is subject to all of the provisions of chapter 536 and, if applicable, section 536.028. This section and chapter 536 are nonseverable and if any of the powers vested with the general assembly pursuant to chapter 536 to review, to delay the effective date, or to disapprove and annul a rule are subsequently held unconstitutional, then the grant of rulemaking authority and any rule proposed or adopted after the effective date of this section shall be invalid and void.

5. Each violation of any provision of any rule promulgated pursuant to this section by an organization or entity other than a state agency, a school board, or an institution shall be punishable by a civil penalty of up to one thousand dollars. A second violation by the same organization or entity involving the education records and privacy of the same student shall be punishable by a civil penalty of up to five thousand dollars. Any subsequent violation by the same organization or entity involving the education records and privacy of the same student shall be punishable by a civil penalty of up to ten thousand dollars. Each violation involving a different individual education record or a different individual student shall be considered a separate violation for purposes of civil penalties…

 

-Cheri Kiesecker

Advertisements

Dear Congress, you are being duped. HR4174-S2046 is a Privacy Fail. Here’s why. ( And please no more suspended rules and voice votes on these bills. )

Reposted with permission from  Missouri Education Watchdog.

not_for_sale

I will say it again… When it comes to their own children, parents have little to no say in education matters. Parents are not invited to fancy conferences, we often aren’t even allowed to attend them. Parents don’t have a travel budget, a lobby budget, or a paid assistant to help write rebuttals and policy briefs. Nope, we are moms and dads and grandparents doing the best we can to protect our children. And that is why I am responding to the federal government’s response to my blogpost opposing their bill(s) HR4174 and S2046, Foundations for Evidence-Based Policymaking Act of 2017.

Dear  Congress,

The GOP Majority Staff of the Congressional House Committee on Oversight and Government Reform wrote and distributed a response to my November 12  blogpost  that opposed HR4174.  This response, which folks can see here begins with,

The Eagle Forum and other groups representing interests such as home schooling have raised concerns about H.R. 4174, the Foundations for Evidence-Based Policymaking Act of 2017The concerns relate to how the bill would affect the privacy of citizens (especially school-aged children) whose data  is being stored by the federal government. Those concerns arise from a misunderstanding of what the bill does to the personal data that the government already has.”

Let me clear something up.  I am not a member of Eagle Forum nor am I a member of a home school group, not that I have anything against them; I just don’t want them to be responsible for what I say.  Missouri Education Watchdog lets me write on their blog but my views are my own. I am a mom. My special interests are my children. I write as a parent, because like many parent advocates, blogging is the only (small) way to be heard.

And No.

My concern DOES NOT “arise from a misunderstanding of what the bill does to the personal data that the government already has.”  You have it sort of right;  let me restate it:

MY CONCERN IS THAT THE GOVERNMENT HAS CITIZENS’ AND ESPECIALLY SCHOOL-AGED CHILDREN’S PERSONAL DATA, WITHOUT PERMISSION…AND IS EXPANDING ACCESS, ANALYSIS OF THIS DATA, AGAIN WITHOUT PERMISSION.

It’s not your data. Data belongs to the individual. Data is identity and data is currencyCollecting someone’s personal data without consent is theft. (When hackers took Equifax data, that was illegal. When the government takes data… no different.)

If you support parental rights, you should not support HR4174 or its sister bill S2046.  Parents are often left out of the conversation about laws affecting their children.

I will say it again… When it comes to their own children, parents have little to no say in education matters. Parents are not invited to fancy conferences, we often aren’t even allowed to attend them. Parents don’t have a travel budget, a lobby budget, or a paid assistant to help write rebuttals and policy briefs. Nope, we are moms and dads and grandparents doing the best we can to protect our children. And that is why I am responding to the federal government’s response to my blogpost opposing their bill(s) HR4174 and S2046, Foundations for Evidence-Based Policymaking Act of 2017.

I invite members of Congress and policy makers, rather than refute, or ignore, please have a discussion with those closest to the children: parents.

You impose legislation that directly impacts our children and our families, without our input. We elected you to represent us, “we the people”.    Please hear us, the parents. These are our children, not your human capital, not your data, not your property.

What follows are sections on:

  1. Brief status of student data collection
  2. History and mission of CEP Commission, current linking of IRS data, Census Data, Education data.
  3. China, the US, tech companies and collection, analysis of citizens’ data, dangers of algorithms, metadata profiling.
  4. Status of HR4174, voice votes and suspended rules (why this controversial bill should have had neither)
  5. FACTS. Links to bill text, refuting the House Oversight rebuttal.
  6. Here is a two pager citing only facts, bill text.   http://tinyurl.com/HR4174twopage

The current state of student data collection– You need to know this.

Bill Gates, who has spent billions on reforming education, creating and sharing standardized data, state databases, also wants a national student database, linking k-12 and higher ed data. According to The Gates Foundation 2016 Priorities, this is the national database infrastructure he has in mind. Coincidence?

Gates data infrastructure

State agencies currently maintain personally identifiable data about citizens, including  k-12 school children. My focus is on student data because student data are collected and shared  and analyzed without parent consent. Parents have a right to direct our children’s education and citizens have a right to be secure in their property.  …or do we?  Taking personal information about a child, and sharing it, without the parents’ knowledge or consent is (SHOCKINGLY)  legal, thanks to a 2011 executive rule change that weakened FERPA.

Any Congressperson who would like to spend his or her Thanksgiving dinner explaining to friends and relatives why you think taking personal information about a child and sharing it without parent consent is ethical or principled, please go ahead. Also, let them know that you passed a bill giving more access to this ill-gotten, personal information of students. Be my guest.

As for me, I find HR4174 collection, sharing of a school child’s personal data without parent consent, unconstitutional and unethical and a violation of children’s privacy and parental rights.

The Electronic Frontier Foundation also challenged nonconsensual sharing of students’ personal information and the weakening of FERPA. See the EPIC lawsuit against the US Department of Education here.

Very personal information about k-12 students (ie: personal background info on kindergarten-12  registration forms, demographics, race,  health records, disability status, income status, a multitude of invasive surveys, even personality tests, etc.)  is currently collected at all public k-12 schools and can be shared outside of the school, without the parents’ knowledge.  Many have said for years,student data collection is out of control and we are not protecting children:  Asleep at the Switch: Schoolhouse Commercialism, Student Privacy, and the Failure of Policymaking.

Meta data and mouse-clicks to predict a child, measure their behavior. Amazon and Facebook and Google and Microsoft and many other edtech companies are invading the classroom. Edtech companies like  DreamBox, Khan Academy, and Knewton use adaptive or “personalized” online programs that collect large amounts of data on each child.  Knewton claims 5- 10 million data points per child, per day.  DreamBox claims 50,000 data points per hour on each student. These  “Personalized” software programs embedded in education technology are collecting data about a student, secretly determining which questions students will see, measuring how fast a child reads, what he or she clicks on, how long he or she takes to answer a question. This meta data is sometimes being used to measure a child’s  “social emotional learning” and engagement. One assessment company, NWEA, measuring test item response times, says if a child responds to a test question too quickly, this will give him/her a low engagement score.  NWEA thinks a child’s rapid response means the child is guessing and this disengagement can be applied to other “deep rooted problems” in a student’s life such as,

“a student’s likelihood of disengaging on a test was associated with his or her self-management and self-regulation skills, the ability, for example, to show up for class prepared and on time. “As they disengage from tests and the course material, a whole host of other things come up … attendance, suspensions, course failure … that have been connected to risk of dropping out of school,”

In a digital environment, everything a child does online can be captured, connected and catalogued. The LearnSphere project funded by the National Science Foundation and handled by Carnegie Mellon, explains this project which began in 2014:

“There are several important initiatives designed to address these data access challenges, for individual researchers as well as institutions and states. LearnSphere, a cross-institutional community infrastructure project, aims to develop a large-scale open repository of rich education data by integrating data from its four components.[17] For instance, DataShop stores data from student interactions with online course materials, intelligent tutoring systems, virtual labs, and simulations, and DataStage stores data derived from online courses offered by Stanford UniversityClick-stream data stored in these repositories include thousands and even millions of data points per student, much of which is made publicly available to registered users who meet data privacy assurance criteria. On the other hand, MOOCdb and DiscourseDB, also components of LearnSphere, offer platforms for the extraction and representation of student MOOC data and textual data, respectively, surrounding student online learning interactions that are otherwise difficult to access or are highly fragmented. By integrating data held or processed through these different components, LearnSphere will create a large set of interconnected data that reflects most of a student’s experience in online learning.” http://www.sr.ithaka.org/publications/student-data-in-the-digital-era/

Shouldn’t parents be able to see and consent to this information being collected and analyzed about their children? Will researchers and edtech companies be granted MORE access to the personal student data held by theDataShop, that HR4174 creates? (Yes, according to the bill excerpts below.)

Personal information about a student is already shared to a state longitudinal database, SLDS. See here for what data elements are stored in the state data dictionary. The states share this personal student data (personally identifiable information, pii) with other agencies, corporations, researchers–again without parent notification or consent, and parents cannot opt out. See here for example of state agreements to share student pii with companies, researchers, agencies, etc.

The Department of Defense also has access to student data through the Federal Learning Registry is a joint student data gathering project between the Department of Defense and the Department of Education. The Learning Registry and US Department of Education are also “encouraging districts and states to move away from traditional textbooks” and instead use the Learning Registry’s openly-licensed online materials, (Online Educational Resources, OERs), facilitated by Amazon, Microsoft, Edmodo, ASCD, Creative Commons. Can parents see this data or opt out? Nope.

The safest way to protect data, is minimize its collection. HR4174 does not minimize data collection, nor does it decrease disclosures. Schools and student databases across the country are currently being hacked and held for ransom, students threatened by cyber terrorists. With the federal government’s track record of failing FITARA security scores,  and recent data breaches, the thought of the federal government coordinating and maintaining expanded access to state level student data is concerning.

History and mission of CEP Commission

HR4174 is a result of the CEP (Commission for Evidence-based Policy); as stated in the bill and in the CEP final report, its purpose is identifying and reducing or removing barriers to accessing state-level data. The CEP commission held several meetings and three public hearings.  I suggest you review the minutes, video and audio of these meetings and hearings. You can read about the history of the CEP commission, watch the first public hearing, see written testimony submitted here.

The testimony from Oct 21, 2016 CEP hearing panelists is enlightening:

 For example: RK Paleru of Booz Allen Hamilton’s testimony, said that BAH supports, among other things, linking student data from surveys and multiple agencies, public-private partnerships, and data analytics, and “bringing the private sector perspective to the conversation.” He also stated the need for a data clearinghouse to be self-service and like a “Pinterest for data“, or data as paid service, and wanted to promote inter-agency data sharing.

Another Oct 21 CEP hearing panelist, Rachel Zinn, Workforce Data Quality Campaign, WDQC, said because of the current ban on a federal student database, “stakeholders” don’t have access to student information, she goes on to say in order to link and share data, stakeholders often have to use “non-standard processes, often goes through personal relationships or particular capacities within agencies at particular times” .   

Panelists at Feb 9, 2017 CEP hearing (listen to Audio at 57 min to 1hr14min mark):

Panelists discuss making it easier to link personally identifiable information from IRS records and personal information from Census population survey, personal information from education records and SLDS. With the CEP Commission making this personal data more accessible, more available, the researcher feels “like a kid in candy store“.  There are great barriers that prevent researchers from getting this data, currently researchers have to get it by “hook or crook” or  “by leveraging personal relationships”… CEP questions the coercive nature of obtaining this data.  At 1hour 11 minutes, they discuss how currently they can link Census population survey data and personal IRS data, with persistence any academic researcher can access these data, you just have to know the steps to get there and I think that’s the Commission’s charge“…

The Feb 24, 2017 CEP meeting:

Again, panelists discuss how they are already linking personally identifiable state-level education records with IRS records, but cite it is difficult and barriers need to be removed to make it easier to link this pii data between agencies.

IRS and student data.jpg

CHINA and US: Meta data, predictive algorithms, analyzing and generating data, social engineering

Linking all this personal data on citizens reminds me of why I mentioned that China collects and links data about its citizens.  Is there anything in HR4174 that says personal data cannot be used to rank a person, create a reputation score, or profile a person? HR4174 allows meta data analysis, generation of new data that can be  used to predict and profile. Algorithms can be biased and wrong. HOW can you possibly police this? A good start would be Europe’s General Data Protection Rule.

Tech companies in the US are ramping up their use of predictive analytics, artificial intelligence, despite dire warnings of existential risk  . This article on Twitter, Facebook and Google analytics is a warning on why we should be concerned. Do Facebook and Google have control of their algorithms anymore? A sobering assessment and a warning,

““Google, Twitter, and Facebook have all regularly shifted the blame to algorithms when this happens, but the issue is that said companies write the algorithms, making them responsible for what they churn out.”

Algorithms can be gamed, algorithms can be trained on biased information, and algorithms can shield platforms [tech companies] from blame.”

YET, have you ever heard of Yet Analytics? To quote this article,  Yet, HP and the Future of Human Capital Analytics: AI and your reputation score,

“querying of big data comprising information on learning, economic and social factors and outcomes gathered by the World Bank, the World Economic Forum, the United Nations and elsewhere. The outcome is the ability to predict multi-year return on investment on a great variety of learning, economic and social measures. We knew that variables including adolescent fertility rates, infant mortality rates and the balance of trade goods all had significant relationships with GDP per capita.”

Microsoft of course uses artificial intelligence and analytics with Cortana technology, but also has MALMO built in the MINECRAFT platform, “How can we develop artificial intelligence that learns to make sense of complex environments? That learns from others, including humans, how to interact with the world? Project Malmo sets out to address these core research challenges, addressing them by integrating (deep) reinforcement learning, cognitive science, and many ideas from artificial intelligence.”  Microsoft also has PROJECT BRAINWAVE capturing real time artificial intelligence data.

Facebook and your credit score? Facebook reportedly has a patent for technology that could potentially be used for evaluating your credit risk, which they say could be used to view your social network connections and determine your credit worthiness.

Status of HR4174

HR4174 was introduced on 10/31/2017 and was passed on voice vote in the House Oversight and Government Reform.  Yesterday, the US House of Representatives suspended their rules, something that, according to this document, is only done on non-controversial bills. Judging by the public outcry and the rebuttal response from House Oversight, I would argue this bill is controversial and should not have been voted on suspended rule. With rules suspended and another voice votethe House unanimously passed HR4174 on 11/15/2017. Watch the vote, starting at 4hr 52min mark here.

Myth or Fact?  You decide.

myth or fact

The rebuttal

FACT:  Parents cannot opt students out of this state data collection that is obtained without consent.

HR4174 will increase access to this state-level student data, allowing data to be linked or disclosed with government agencies, researchers, again without consent.

  • If HR4174 does allow parental consent, does allow parents to opt out of student data collection and sharing, please correct me. It would be imperative to specifically state parental consent and opt out rights in the bill, so schools and parents are aware of this provision. There’s still time to add this opt out provision in the Senate.

FACT: HR4174 removes barriers to state-level data access and creates a National Secure Data Service (NSDS) with a Chief Evaluation Officer in each federal department; the NSDS will be coordinated through the Office of Management and Budget (OMB). Data officers in each agency oversee the dissemination and generation of data between state agencies and private users, contractors, researchers while finding new and innovative ways to use technology to improve data collection and use.

Does that sound like a national  system to manage and disclose data?  …Keep reading.

  • § 3520A. Chief Data Officer Council

“(a) Establishment.—There is established in the Office of Management and Budget a Chief Data Officer Council (in this section referred to as the ‘Council’).

“(b) Purpose and functions.—The Council shall—

“(1) establish Governmentwide best practices for the use, protection, dissemination, and generation of data;

“(2) promote and encourage data sharing agreements between agencies;

“(3) identify ways in which agencies can improve upon the production of evidence for use in policymaking;

“(4) consult with the public and engage with private users of Government data and other stakeholders on how to improve access to data assets of the Federal Government; and

“(5) identify and evaluate new technology solutions for improving the collection and use of data.

FACT: HR4174 requires each agency (see list of 17 different agencies, A-Q below, who will maintain and disclose data) and will make any data asset maintained by the agency available to any statistical agency. The head of each agency shall …make a list of data the agency intends to collect, use, or acquire. This data may be in an identifiable form and may include operating and financial data and information about businesses, tax-exempt organizations, and government entities. 

  • HR4174 PART D—ACCESS TO DATA FOR EVIDENCE

    § 3581. Presumption of accessibility for statistical agencies and units

    “(a) Accessibility of data assets.—The head of an agency shall, to the extent practicable, make any data asset maintained by the agency available, upon request, to any statistical agency or unit for purposes of developing evidence.

  • § 312. Agency evidence-building plan

    “(a) Requirement.—Not later than the first Monday in February of each year, the head of each agency shall submit to the Director and Congress a systematic plan for identifying and addressing policy questions relevant to the programs, policies, and regulations of the agency. Such plan shall be made available on the public website of the agency and shall cover at least a 4-year period beginning with the first fiscal year following the fiscal year in which the plan is submitted and published and contain the following:

    “(1) A list of policy-relevant questions for which the agency intends to develop evidence to support policymaking.

    “(2) A list of data the agency intends to collect, use, or acquire to facilitate the use of evidence in policymaking.

    “(3) A list of methods and analytical approaches that may be used to develop evidence to support policymaking.

    “(4) A list of any challenges to developing evidence to support policymaking, including any statutory or other restrictions to accessing relevant data.

Agencies involved in the HR4174 Federal evidence-building activities.

HR4174 “SUBCHAPTER II—FEDERAL EVIDENCE-BUILDING ACTIVITIES

§ 311. Definitions

“(1) AGENCY.—The term ‘agency’ means an agency referred to under section 901(b) of title 31.

901(b) of title 31 :
(b)
(1) The agencies referred to in subsection (a)(1) are the following:
(A) The Department of Agriculture.
(B) The Department of Commerce.
(C) The Department of Defense.
(D) The Department of Education.
(E) The Department of Energy.
(F) The Department of Health and Human Services.
(G) The Department of Homeland Security.
(H) The Department of Housing and Urban Development.
(I) The Department of the Interior.
(J) The Department of Justice.
(K) The Department of Labor.
(L) The Department of State.
(M) The Department of Transportation.
(N) The Department of the Treasury.
(O) The Department of Veterans Affairs.
(P) The Environmental Protection Agency.
(Q) The National Aeronautics and Space Administration.

https://www.law.cornell.edu/uscode/text/31/901

FACT: Data is shared between designated statistical agencies and can be personally identifiable data. Agencies and the Director can promulgate their own rules about data disclosure and sharing. The overseers of disseminating and generating can make their own rules.

  • “(c) Sharing of business data among Designated Statistical Agencies.—

    “(1) IN GENERAL.—A Designated Statistical Agency may provide business data in an identifiable form to another Designated Statistical Agency under the terms of a written agreement among the agencies sharing the business data that specifies—

    “(A) the business data to be shared;

    “(B) the statistical purposes for which the business data are to be used;

    “(C) the officers, employees, and agents authorized to examine the business data to be shared; and

    “(D) appropriate security procedures to safeguard the confidentiality of the business data.

 

  • “(e) Designated Statistical Agency defined.—In this section, the term ‘Designated Statistical Agency’ means each of the following:

    (1) The Census Bureau of the Department of Commerce.

    (2) The Bureau of Economic Analysis of the Department of Commerce.

    (3) The Bureau of Labor Statistics of the Department of Labor.”.

  • “(3) BUSINESS DATA.—The term ‘business data’ means operating and financial data and information about businesses, tax-exempt organizations, and government entities.  [Note: Schools are tax-exempt and government entities.]

 

  • “§ 3562. Coordination and oversight of policies“(a) In general.—The Director shall coordinate and oversee the confidentiality and disclosure policies established by this subchapter. The Director may promulgate rules or provide other guidance to ensure consistent interpretation of this subchapter by the affected agencies. The Director shall develop a process by which the Director designates agencies or organizational units as statistical agencies and units. The Director shall promulgate guidance to implement such process, which shall include specific criteria for such designation and methods by which the Director will ensure transparency in the process.
  • “(b) Agency rules.—Subject to subsection
  • (c), agencies may promulgate rules to implement this subchapter. Rules governing disclosures of information that are authorized by this subchapter shall be promulgated by the agency that originally collected the information.

FACT: Data is linked between agencies.

  • § 316. Advisory Committee on Data for Evidence Building  During the first year of the Advisory Committee, the Advisory Committee shall—

    “(B) evaluate and provide recommendations to the Director on the establishment of a shared service to facilitate data sharing, enable data linkage, and develop privacy enhancing techniques,

FACT: Data may be shared with private organizations, researchers, consultants, contractors, employees of contractors, government entities, individuals who agree in writing to comply with provisions.

  • “(e) Designation of agents.—A statistical agency or unit may designate agents, by contract or by entering into a special agreement containing the provisions required under section 3561(2) for treatment as an agent under that section, who may perform exclusively statistical activities, subject to the limitations and penalties described in this subchapter.

 

  • “(2) AGENT.—The term ‘agent’ means an individual

    “(A)(i) who is an employee of a private organization or a researcher affiliated with an institution of higher learning (including a person granted special sworn status by the Bureau of the Census under section 23(c) of title 13), and with whom a contract or other agreement is executed, on a temporary basis, by an executive agency to perform exclusively statistical activities under the control and supervision of an officer or employee of that agency;

    “(ii) who is working under the authority of a government entity with which a contract or other agreement is executed by an executive agency to perform exclusively statistical activities under the control of an officer or employee of that agency;

    “(iii) who is a self-employed researcher, a consultant, a contractor, or an employee of a contractor, and with whom a contract or other agreement is executed by an executive agency to perform a statistical activity under the control of an officer or employee of that agency; or

    “(iv) who is a contractor or an employee of a contractor, and who is engaged by the agency to design or maintain the systems for handling or storage of data received under this subchapter; and

    “(B) who agrees in writing to comply with all provisions of law that affect information acquired by that agency.

  • SEC. 202. OPEN Government Data.(a) Definitions.—
  • Section 3502 of title 44, United States Code, is amended—
  • “(15) the term ‘data’ means recorded information, regardless of form or the media on which the data is recorded;
  • “(16) the term ‘data asset’ means a collection of data elements or data sets that may be grouped together;
  • “(17) the term ‘machine-readable’, when used with respect to data, means data in a format that can be easily processed by a computer without human intervention while ensuring no semantic meaning is lost;
  • “(18) the term ‘metadata’ means structural or descriptive information about data such as content, format, source, rights, accuracy, provenance, frequency, periodicity, granularity, publisher or responsible party, contact information, method of collection, and other descriptions;

FACT: You are correct that HR4174 does repeal E–Government Act of 2002 (Public Law 107–34744 U.S.C. 3501 and re-insert it in title 44. However, the CIPSEA penalty of $250,000 fine or 5 years prison is not new; it has been in place since 2002. Student data has been collected and shared without consent since 2012-CIPSEA was not applicable or not enforced. Ironically, HR4174 weakens CIPSEA.

CIPSEA is amended to expand access to data. Additionally, once again, the Director can promulgate regulation on what data to share.

  • 3582. Expanding secure access to CIPSEA data assets

“(a) Statistical agency responsibilities.—To the extent practicable, each statistical agency or unit shall expand access to data assets of such agency or unit acquired or accessed under this subchapter to develop evidence while protecting such assets from inappropriate access and use, in accordance with the regulations promulgated under subsection (b).

“(b) Regulations for accessibility of nonpublic data assets.—The Director shall promulgate regulations, in accordance with applicable law, for statistical agencies and units to carry out the requirement under subsection (a). Such regulations shall include the following:

“(1) Standards for each statistical agency or unit to assess each data asset owned or accessed by the statistical agency or unit for purposes of categorizing the sensitivity level of each such asset and identifying the corresponding level of accessibility to each such asset. Such standards shall include—

“(A) common sensitivity levels and corresponding levels of accessibility that may be assigned to a data asset, including a requisite minimum and maximum number of sensitivity levels for each statistical agency or unit to use;

“(B) criteria for determining the sensitivity level and corresponding level of accessibility of each data asset; and

“(C) criteria for determining whether a less sensitive and more accessible version of a data asset can be produced.

“(2) Standards for each statistical agency or unit to improve access to a data asset pursuant to paragraph (1) or (3) by removing or obscuring information in such a manner that the identity of the data subject is less likely to be reasonably inferred by either direct or indirect means.

“(3) A requirement for each statistical agency or unit to conduct a comprehensive risk assessment of any data asset acquired or accessed under this subchapter prior to any public release of such asset, including standards for such comprehensive risk assessment and criteria for making a determination of whether to release the data.

Continually saying that you aren’t collecting new data is meaningless – because the data was illegally obtained in the first place. HR4174 allows personal data to be shared without consent and importantly, allows generated data, meta data analysis of citizens without consent.  Personal data belongs to the individual. Data collection without consent is theft. It’s time the US updated our privacy laws  – not to further weaken them. Instead, it’s time for Congress to be a leader: minimize the data collected, protect privacy and security,  and look to Europe’s General Data Protection Rule, the strictest privacy law in the world.

-Cheri Kiesecker

Dear Teachers Using Google Classroom,

Reposted with permission from Wrench in the Gears

Don't Be Evil

I really need you to keep in mind that all the data run through those programs (your intellectual property, student work, correspondence, etc.) is being used to refine the AI systems destined to replace you. There is a price for this “free” convenience. The bill may come due after you leave the profession, but I beg you to consider the implications of your actions now.

If you don’t know about the NSA Data Center in Bluffdale, take 8 minutes and watch the video below.  The center, located in the Utah desert, has the capacity to store 100 years of global electronic communications. The NSA says they won’t “look” until such a time as you or a student fall under suspicion and trigger a FISA order.

Pushing education into the cloud had consequences. Digital devices should be considered tools of surveillance and treated with great care. Those valuing freedom of expression in educational settings would do best to take a moment and consider Google’s relationship to the state, their profit motives, and the power they wield globally. Remember, if it’s “free,” YOU’RE the product.

Sincerely,

A Concerned Parent Who Values HUMAN Teachers.

 

PS: Some of us are exercising our legal right to opt our children out of Google Classroom, so please have non-burdensome options for them to get homework information, class communications, and turn in assignments outside this corporate platform, ok?

An Interview with Alison McDowell: KEXP’s Mind Over Matters Community Forum

headphones

On August 5th Alison McDowell was a guest on KEXP’s news program Mind Over Matters. You can listen to the interview by clicking on the link below ( be patient – it takes a little bit of time for the file to load). A transcript of the interview follows.

Alison McDowell Interview

My concern as a parent is within these adaptive learning systems, I don’t want an online system that has to learn my child to work. I don’t want a system that has to know everything my child did for the last six months, to operate properly. Because I think that becomes problematic. How do you ever have a do over? Like, is it just always building and reinforcing certain patterns of behavior and how you react…it’s, they, I think they present it as flexible and personalized, but in many ways I think it’s limiting.

Mind Over Matters – KEXP

Community Forum

Interview with Alison McDowell

Mike McCormick:  It’s time once again for Community Forum, and we’re very lucky to have with us live in the studios this morning, Alison McDowell. Alison McDowell is a parent and researcher, into the dangers of corporate education reform. She was presenter this last March this year here in Seattle. The talk entitled Future Ready schools: How Silicon Valley and the Defense Department Plan to Remake Public Education. Alison, thank you very much for coming in and spending time with us this morning.

Alison: Oh, I’m very glad to be here. Thank you so much for having me.

Mike:  So, tell us, how did you get interested and involved with the issue of corporate education reform?

Alison: Well, I’m a I’m a parent. I have a daughter who is sixteen in the public schools of Philadelphia. And we’re sort of a crucible for many different aspects of education reform. We’ve had multiple superintendents from the Broad Academy. We’ve been defunded. Our schools have been, numerous of our schools have been closed, teachers laid off and about three years ago I became involved in the Opt Out movement for high stakes testing. Because at that point I felt that if we were able to withhold the data from that system we would try to be able to slow things down. Because they were using that testing data to close our schools. So I worked on that for a number of years until I saw that the landscape was starting to change. And a lot of it was leading up to the passage of the Every Student Succeeds Act. That that passage. And it seemed at that time that our school district, which is challenging in many respects, was all of a sudden actually interested in Opt Out, and making that, sharing information and materials… Pennsylvania has a legal Opt Out right on religious grounds…and making materials available in various languages. And something just didn’t compute in my head. I’m like, well, even if, if we’re entitled, the fact that they were interested in engaging with us on that, made me sort of question why that was. And then so post ESSA, it became clear that the shift that was going to be taking place was away from a high stakes end of year test and more towards embedded formative assessments. So in our district we’ve seen an influx, even though there isn’t funding for many other things, lots of technology coming in, lots of Chromebooks. Every, all of the students have Google accounts. Google runs our school district. Even though they say philsd.org, their Google accounts, and each student, their email address is actually their student id number. So to access a Chromebook as soon as you login, you know all of that information is tied back into their id number. So the technology was coming in. Many schools were doing multiple benchmark assessments. So there was less and less time for actual meaningful instruction throughout the school year and there were more and more tests taking place, many computerized. So, at that point, we were looking into like, what did this mean, what is the role of technology and the interim testing, in this movement And so, I had come across my…I have a blog. It’s called Wrench in the Gears. It’s a wordpress blog. So you, I have a lot of information there, and it’s all very well documented and linked. My colleague Emily Talmage, who’s a teacher in Maine, who has seen this first-hand. She has a blog: Save Maine Schools. And so I had found her blog and at one point she said, you know…you know, only click on this link, you know, if you’re willing to go down the rabbit hole. And at that point it was, it was a website called Global Education Futures Forum, and they have this agenda for education up to 2035. And it is their projection. And it’s a global…global membership led by Pavel Luksha, who’s connected with the Skolkovo Institute, in Russia. But the local person here, actually he’s very local, is Tom Vander Ark, is one of the US representatives. And so he was former Gates Foundation. And has his own consulting firm now. And it’s based out of Seattle. And, but anyway, so they have sort of what they call a foresight document, a sort of projecting based on trends and patterns, where they see things going for education, like over the next 20 years. And so really, they have a very sophisticated map. And all you have to do is sort of look at their map. And then match it up to current events. And you can see, like, where they’re pretty much on target where things are headed. And there, they have some really interesting infographics and, one of them, it’s a very decentralized system. So education is just like the individual at the center. So everything you’re hearing, personalized learning, and and individual education plans, like it’s one big person and you’re the center of your own universe. And sort of around you, there aren’t teachers or schools. It’s it’s many sort of digital interfaces, and devices, and data-gathering platforms. And this idea that education is a life-long process. Which I think all of us generally agree with, but the idea that you’re sort of chasing skills in this new global economy, and like constantly remaking yourself. Or like the gig economy and what that means. And managing your online reputation. Not just your skillsets. But your mindset. And your social outlook. And your behaviors. And the role of gamification. So there are many many elements to this, that if you look into it, I think raise a lot of questions. And increasingly, really over the past five years there’s been a lot of discussion about remaking education. Re-imagining education. You know, education for the 21st century. Future Ready Schools. And I think for the most part, parents and community members have been left out of this conversation, of what really does Future Ready Schools mean? And the folks who are running the conversation, are running the agenda, are largely coming from a tech background. And this is something that’s built up since the mid-nineties, when the Advanced Distributed Learning Program was set up within the Defense Department, and the Department of Education.  To have like you know, Tech Learning for all Americans. Which, you know, again  I think we all need to be tech knowledgable, I, the question is, how is the tech used and how in control of of your education are you, and your educational data. So anyway, a lot of this is being driven by interests of digitizing education. And really, through austerity mechanisms, pulling out more human interaction, out of the equation. So we’re, we’re seeing things that a number of years ago, Detroit, had a kindergarten, where they would have a hundred kindergarteners, with like one teacher and a couple of aides, and a lot of technology. So there’re lots of questions increasingly about the use of technology especially in early grades, and I know in, in Washington State there’ve been a big push for tablets down to the kindergarten level. Our children are being part of this sort of larger experiment that has health considerations that have not been closely examined. In terms of eyestrain, audio components, even hygiene with earphones. The wifi aspects. And then also the data collection. So, there’s this grand experiment going on for Future Ready Schools, and parents and community members aren’t really aware of the fact that it is an unproven experiment, and what the implications are long-term.

Mike: And it’s being driven heavily by corporations that are producing these platforms, this software, the electronics, kind of behind the scenes, because no one knows this is going on except a select group of administrators and teachers?

Alison: Yeah, well so they have, there are a number of like pilot districts. So the idea is sort of, you get a beachhead, and then you, you roll it out. You convince, I mean they have very sophisticated marketing manuals. Like Education Elements, they say, this is how you do it. You know first you, you have a social media campaign, you get the young teachers who are really into tech and you train them up in the way that you wanna do things, and then they mentor all the veteran teachers and you get the principal on board and then you have the parent meetings and it’s…again…with…if you understood it as, like selling a corporate product as opposed to public education, it might not be so disturbing. Like for me, I find having this sort of corporate approach to marketing, a new approach to public education. That’s, that’s what, what I find disturbing. I’ve called this Education 2.0, because I think we’re, we’re about to see a shift from the earlier version of privatization, which was the high stakes, end of year high stakes testing, vouchers, charter schools. Those things will all still continue, but they’ve, they were never the end game.  So they have been used as a way to de-stabilize the, the landscape of neighborhood schools. And in many cases they’ve been used to, you know, acquire real estate, further sort of gentrification, insider contracts, like there are many aspects that allow that to become a profit center. But there’s going to be a point of diminishing return. Where sort of like all the easy pickings have been taken. And if you’re pursuing sort of a tailoristic model , like the ultimate efficiency, lean production, Cyber-Education is the end game. So creating a system of education that really has very little in human resources.  There’s lots of folks within Pearson and IBM and Microsoft who are looking at AI, like everyone will have your own artificial intelligent, like learning sherpa for your life. You know, and this isn’t just K12, this is forever.  You know, someone on your shoulder telling you what you should be doing next. But removing the humans out of the equation and putting more technology in place. So I think that’s what this shift to Education 2.0 is going to be about, is largely cyber but I think most parents at this point are not comfortable with that model. They wouldn’t say, you know, and I will admit, like there, there’s a small group of kids who are highly motivated for whom a cyber, exclusively cyber model may work. I mean a lot of the research shows that for most kids the outcomes are not great. So what they will be selling is project based learning. And that’s what you’ll hear a lot about, coming up, like in the next couple of years. But those projects won’t necessarily be linked to schools. So you’ll hear more and more about, anytime, anyplace, anywhere, any pace learning. So they’re looking to de- disconnect education from physical school buildings, and actual teachers in classrooms, to sort of what’s called a learning eco-system model. So something that’s more free-flowing, you’re just out in the world collecting skills. And that’s what was so interesting about, like the Common Core State Standards set-up. And I know a lot of states have sort of rolled back or renamed them. But the idea of having education tied to very specific standards, was a way of atomizing education and making it available for digitization. So if, if education is a human process of growth and development, that’s very murky to try to put in a metric, right? You need bits and bytes. And so if you create an education that’s strictly around standards and like sub standards and little sets, you can just aggregate those, and collect them or not collect them, and run that as data in a digital platform. So that push toward standards, yes it allowed for school report cards and value added modeling and things that hurt schools and teachers, but it also normalized the idea that education was less a human process and more people collecting things. Like collecting skills and standards, which is what you need for like a competency based education approach.

Mike: So, talk about some of the specific examples…one of the advantages to going into your site is you have links to so many different documents from the very corporations and people that are producing these systems. And one of the examples you’ve talked about in your talk back here in March was something called Tutormate? That was involved, kids getting pulled out of class, to go see, basically AI icons talking to them and they become attached to them…

Alison: Yeah…

Mike: …it’s disturbing.

Alison: Well there were a couple of, there’s a couple of interesting things. I had sort of a slide saying who’s teaching your children? Because increasingly it’s not necessarily their classroom teacher. The chatbot was actually Reasoning Mind, which is a math program. It was developed in Texas. And so it’s been like long-running and gotten a lot of funding, both from public and private sources. About refining sort of a personalized learning towards math. But kids were interacting with these online chat bots and developing connections and relationships to these online presences in their math program. I’m in Pennsylvania. So a lot of, a lot of things are developing in Pittsburgh. They have a whole initiative called Remake Learning in Pittsburgh which I believe is sort of early-stage learning ecosystem model and a lot of that is coming out of Carnegie Mellon because Carnegie Mellon is doing a lot of work on AI and education. And they have something called Alex. So they like the idea of peer-based learning. That sounds attractive like, yeah, kids like to learn from their peers. This, their version of peer-based learning is that you have a giant avatar cartoon peer on a screen and the children interact with this peer on a screen. So that’s something that’s being piloted in southwestern Pennsylvania right now. And then Tutormate is actually a different variation but they were pulling kids out of class, away…these were young children, from their classroom setting to put them in a computer lab to do tutoring with a corporate volunteer via skype, and an online platform. So in this case it actually was a human being, but this was during school hours. This was not a supplement to classroom instruction, this was in lieu of having direct instruction with a certified teacher. They were being put into an online platform with a corporate volunteer and you know, it turns out a number of the sponsors of that program had ties to defense contracting industries. You know, Halliburton, and Booz Allen Hamilton. You know, things that you might wanna question, is that who you want your second grader spending their time chatting with? You know, in lieu of having their second grade teacher teach them reading. So again, there is this shift away from, from teachers. There’s, there’s a model that’s going on right now, within many one-to-one device districts, so districts where every child has their own device. Young kids often have tablets, older kids have Chromebooks, in high-end districts you might have an actual laptop, with some hard-drive on it. The Clayton Christensen Institute, or Innosight Institute, they’ve been pushing blended learning. So blended learning is this new model. Where, there are a number of different ways you can…flipped classrooms, which many people have heard of…but there’s one called a rotational model. So children only have direct access to a teacher a third of the time. Like the class would be split into three groups. And you would be with a teacher for a third of the time, doing peer work a third of the time, and doing online work a third of the time. So again, it’s a way of increasing class size supposedly, like supposedly the quality time you have when you’re with the teacher with the ten kids instead of thirty is supposed to be so great even though maybe you only get fifteen minutes. What’s happening in other districts is they’re saying the time where kids are not with their teachers, and they’re just doing online work, they don’t really need a teacher present, they could just have an aide. So that’s again, in terms of pushing out professional teachers, is that, well if kids are doing online learning, maybe you just need an Americorp volunteer, in the room, to make sure that no one’s  hurting them…each other. You know, and that they’re on, supposedly on task. You know I think that’s a worrisome trend. And even though they’ll sell blended learning as very tech forward and future ready, the kids don’t love spending time on these devices, like hour after hour after hour. And my concern as a parent is…we’re all starting to realize what the implications are for big data. And how we interact with online platforms, either in social media, or other adaptive situations. And how, that these devices are actually gathering data, on ourselves.. .so, they they gather information through keystroke patterns, they all have cameras, they all, you know, the tablets have TouchSense, so theoretically there’s body temperature and pulse sensors. Like there’s many many elements, are they all being used now? No, but there is that capacity for using them to develop that level of engagement. To understand how you’re interacting with these programs. And that’s being developed through, with the Army Research Lab and USC, their Institute for Creative Technologies. And they are developing, a lot of this is being developed in conjunction with the Defense Department, for their interactive intelligent tutoring systems and with the Navy actually, which is relevant to Seattle. A lot of these early prototyped intelligent tutoring systems have been developed specifically with the Navy in mind. Training very specifically on computer programs, and optimizing that. But once they develop the infrastructure, then they’re able to apply that in non-military settings. And so it’s, it’s making its way out. So there’s a lot of data that can be collected and the other, the other push that you’ll start to see is gamification. So games, like gaming in schools. And kids love games, like parents love games. It sounds so fun. But I think what we have to realize is there’s a lot of behavioral data that’s coming out of the gaming too. That we’re not necessarily aware of.  And so this push for gamification, or sometime…like gamified classroom management systems. So Google has something called Classcraft. And all the kids have avatars. And like if they’re behaving in class, they can, you know they earn points, or have points deducted, and you’re on teams, and you can save your team member or not. And with ESSA, having passed, you know, they’ll tell the story that like we care about more than just test scores, we really wanna care about the whole child, we wanna, you know we we care about children as individuals. Really they wanna collect all of this data, not just on your academic skills, but on your behaviors, and your mindset. And are you gritty, and are you a leader, or are you, you know, flexible, are you resilient. And these, these gamified platforms, whether they’re run by the teacher, or gaming that’s done with the students in these simulations, and also AR/VR, augmented reality/virtual reality games that you’re starting to see. There’s just a lot of information going through, and you have to wonder, how is it being used, what are the privacy implications, and also what are the feedback loops being created? In terms of how you interact with a platform. Is it reinforcing aspects of your personality that you may or may not want reinforced. My concern as a parent is within these adaptive learning systems, I don’t want an online system that has to learn my child to work. I don’t want a system that has to know everything my child did for the last six months, to operate properly. Because I think that becomes problematic. How do you ever have a do over? Like, is it just always building and reinforcing certain patterns of behavior and how you react…it’s, they, I think they present it as flexible and personalized, but in many ways I think it’s limiting.

Mike: In some of the documentation you present, they have systems that wanna pay attention to whether a person that is working with the program is getting bored, or falling asleep, or whatever, so they were like watching like you know, the eye, literally to see if it’s like where it’s wandering off to…you said they potentially could be checking your, your temperature, your heart rate…

Alison: I mean, you know, are they doing it right now? I don’t know that they, but the capacity is there. And…

Mike: And all that data is being saved somewhere. And shared. In some capacity. We don’t know.

Alison: W…and I think it’s very unclear. And I think they’re, they’re many parents who are very concerned about privacy and working that angle of controlling what data goes in…I mean I think all of us are aware that once something is up in the cloud, even if there are promises made about privacy and protections, that nothing is really safe up there. In terms of from hacking, or even just legal. Like FERPA is very, the education records, sort of, privacy has a lot of loopholes. You know anyone who, many of these organizations, companies are third parties are designated agents of school districts. So they have access to this information. And I will also mention Naviance, because the other shift that we’re seeing happening is the shift towards creating an education system that is geared towards workforce development. That, that, that children at younger and younger ages should, should be identifying their passions, and finding their personal pathways to the workforce and the economy. And so Naviance is one of a number of companies that does strengths assessments and surveys. And many states you can’t get your diploma unless your child does a complete battery of assessments, personality assessment through Naviance, which is this third-party program. Also linking towards like their future college plans, and other things linked in, and very detailed information about people’s family situations. So again, the, the amount of data that’s being collected on many many different levels to supposedly like guide students moving forward into the economy, I think it merits a larger conversation. And I’m not saying that everyone needs to agree with my position, but I think that the, the agenda that’s being moved forward is being done in a way that for the most part, parents and community members, there’s not been a consensus reached, with us. That this is okay. That this new version of school is, is what we desire.

Mike: And being a parent in the Philadelphia School District, when these new systems are, have been implemented, you know, and the potential use of all, gathering of all your child’s data, I mean, have you been consulted on that prior? Did, every time they bring in a new system did they let you know, oh, we have another piece of software here that potentially could be, you know, data-mining your kid, are you okay with that?

Alison: So I think on the, on the plus side, because we have been so severely defunded, we haven’t seen quite as much of an influx of tech yet. Although I, I anticipate it’s coming. We’ve just had a big roll-out of Minecraft I think in schools. That’s their new thing that they’re, they’re all…there are a number of schools, like within turnaround sort of, that, that are being piloted for these one-to-one devices. I will say that there was an opt-out form for Google Apps for Education. Which is, and I so I opted, I opted my child out of Google Apps for Education. I may have been the only parent in the Philadelphia School District who did that, and it, it makes it complicated because again, there, it’s convenient, you know, it’s a nice, you know, way for teachers not to have to carry around lots of papers, and they have kids put it all on their Google drive. But I, I think we’re all starting to be a little wary about the amount of information and power that Google has, you know, in the world and what the implications are for that. So I think if, if people have concerns around some of these privacy aspects, you know, that’s, that’s a potential starting, starting place, is to opt out of Google Apps for Education, and see where that goes. Or even have targeted like device and data strikes, during the school year. So we don’t get a notice every time there’s a new program. I guess long story short.

Mike: Just a few minutes left. And again, some of the companies, in addition to Defense Department having early hooks into education reform, and online learning, some of the companies involved, and heavily investing in this, as an example, like Halliburton and Booz Allen, which to me, let’s say Booz Allen which is also heavily tied into doing, they have access to data bases that the NSA does and, Edward Snowden worked for Booz Allen.

Alison: I would say like right now, like the Chan Zuckerberg Initiative, LLC, is huge and they’re pushing Summit Basecamp. I know we just have a few min…minutes in closing so I also wanna mention, in addition to tech, we also have global finance interests involved, because in ESSA there are provisions for Pay for Success. Which is where they’re looking to use private venture capital to affect educational outcomes. Either right now it’s in universal pre-k, also early literacy. So we need to be aware of the role that Pay for Success is going to play in this, and that’s essentially like “moneyball” for government. Where they’re looking to save money. I mean there’s a conference that they, they’ve put this together. Evidence based policy. That’s what they call it. That’s sort of the code word. Is that if you can come up with a computerized program that will give you specific success metrics, venture capital can make money on that. So a lot of global finance interests, and impact investing interests are looking, I believe at education as a market, a futures market in student education data. So I have more information on that on my blog. But social impact bonds and Pay for Success are a critical piece to understanding why education is being digitized. Also Hewlett Packard, Microsoft, IBM, the tech interests, Summit Basecamp, AltSchool, Micro Schools are another big component of this. These value-model private schools, if vouchers go through, that, we’re gonna be seeing a lot more of that. The tech is also focusing on Montessori school models, and, and very high-end. So you have Rocketship Academy, which are sort of stripped down versions for low-income districts and, but they’re also marketing tech to affluent families and aspirational families as being sort of future-ready. So it’s really a, there’s many different branded versions of education technology.

Mike: So long story short, you have a kid in, going through school, or, you know, anyone you care about then, this would be something to look into.

Alison: Yes. Understand how much time they’re spending on devices. Advocate that school budgets prioritize human teachers, and reasonable class sizes, and not data-mining, not adaptive management systems. And and have this conversation in your community. Is education about creating opportunities for students to learn and grow together as a community, or is it these isolating personalized pathways, where people are competing against one another. And and I think that’s a larger conversation we all need to have in our school districts.

Mike: Alright. We’re speaking with Alison McDowell. She is a parent and researcher in the Philadelphia school system. Produced a series,  Future Ready Schools: How Silicon Valley and the Defense Department Plan to Remake Public Education. And again, your website is…

Alison: Wrenchinthegears.com

Mike: Wrenchinthegears.com. And with that we’re unfortunately out of time. I want to thank you for coming and spending time with us this morning.

Alison: Thank you.