The week of August 17, 2014

When privacy hysteria cripples education

By Greg Stevens

InBloom could have revolutionized our national educational infrastructure. Instead, it’s been taken down by paranoia and misunderstanding, a move that’s stalled significant progress in the realm of edtech.

The fall of inBloom is a sad tale about political activists latching onto conspiracy theories and using scare tactics to advance their own agendas, all under the guise of protecting privacy.

Make no mistake: Privacy is important. Parents should keep a watchful eye on how our educational system handles personal and sensitive information about their children. But as privacy activists punch the air and revel in their success in taking down one of the “bad guys,” we have to ask the question: Is student privacy in the United States any safer as a result?

To understand what happened with inBloom, you have to start by understanding the ties between the Common Core initiative and big data.

O, Brave New World!

“In our district, the whole idea of the core curriculum was a dream,” says Rebecca Krueger, who taught for 38 years in Richland School District Two in Columbia, S.C. Now retired, Kruger was involved in the district’s Action Planning Committee and Curriculum Development Committee for Mathematics, and she had a close view of Common Core’s impact as it was gradually rolled out in her district.

“What made it so attractive for us, in particular, is that Richland School District Two buttresses right up against Fort Jackson,” explains Krueger. “We have so many military families, and they are moved from place to place. So kids will come in for a year or two, and then they are gone. With Common Core, when these students were transferred from California, or wherever, we could just go online and get all of their records, and we could continue where they left off.”

Online access to student records provides teachers with crucial tools for guiding their day-to-day work.

Much of the media attention for Common Core focuses on the curriculum: the topics and teaching methods to be standardized across the country. Closely tied to this—but receiving less attention—is the big data side of the Common Core initiative. From the very beginning, the reforms were intended to take advantage of the massive technological advances of the last decade. The vision for the future of education was that the entire system, from test scores to homework assignments to attendance history, would be available online to students, teachers, and parents.

Richland School District Two has embraced the technological advance. “Now we have smart boards in every room, and they record everything,” Krueger explains. “So if a kid misses a class, they can get notes and something to read when they get home. They could log in, see what was written on the board, what was discussed, and what the assignment was.” Parents can also log into the system any time and see their child’s test scores, homework assignments, and attendance records.

Online access to student records provides teachers with crucial tools for guiding their day-to-day work. “When you log on, the class roll comes up. You have your computer sitting on your desk, you check your roll. I had one class where 80 percent of the kids hadn’t passed the basic skills test. I needed to look up which skills a particular student didn’t meet.” Teachers are able to click on the name of a student, enter their password, and pull up reading scores, comprehension scores, and math scores. They could then use this information to help them guide individual students, or even direct the curriculum for the class.

Online storage and sharing of student data can also be used to evaluate educational programs. “Hopefully, someday, we can track children from preschool to high school and from high school to college and college to career,” Secretary of Education Arne Duncan said. “We want to know know whether Johnny participated in an early learning program and then completed college on time and whether those things have any bearing on his earnings as an adult.”

Currently, 44 states are involved with syncing data between schools and colleges, and 19 have connected student data to workforce data. However, the technology is currently handled by a patchwork of private companies that have regional footholds in different parts of the country. As a result, problems can still arise when students move from one district to another.

A longtime advocate of the Common Core, the Bill Gates Foundation has tried to help fix this problem. In 2011, it announced a new project, the Shared Learning Collaborative, designed to be a marketplace for developing software tools that could use student data to help teachers in school districts across the country.

In the years that followed, the project evolved into a nonprofit organization called inBloom, which received a total of over $100 million in seed money from both the Gates Foundation and the Carnegie Corporation. The vision of inBloom was to gather student-tracking data from school districts across the nation, store it all in a common format in the cloud, and use it to drive a common set of comprehensive dashboards and reports to be used by teachers and administrators.

The inBloom project officially launched in 2003. Just over a year later, it abruptly collapsed. The people involved in Common Core and inBloom were taken completely off-guard, although the cause was an issue had been simmering for a long time: The project was brought down by ideologically and politically motivated privacy activists.

Mischief, thou art afoot

DDK_4_PermanentRecordHysteria-Storybreak1 (1)

To be fair, inBloom made plenty of blunders. For example, it initially said it would identify students using Social Security numbers, until activists objected, leading to a rapid and awkward backpedalling of language in inBloom’s FAQ page.

InBloom also ran into problems with public perception of “the cloud.” Kathleen Styles, the chief privacy officer at the Department of Education, has tried to explain that “there’s nothing inherently more or less secure about cloud storage compared to traditional data storage—it all depends on the specific approach and the contract terms.”

But inBloom’s efforts at public education were too little, too late. Many parents still don’t understand what “in the cloud” means but know that it sounds neither private nor secure.

These small missteps probably could have been overcome in isolation. However, inBloom quickly found itself to be a target, and in many ways a scapegoat, of a fierce crusade against the Common Core.

There is a small but vocal minority in the United States that distrusts anything having to do with the federal government. The Department of Education (DOE) knows this, having encountered this ideological roadblock with No Child Left Behind. The DOE specifically tailored the Common Core approach to ameliorate concerns of federal overreach: The Common Core curriculum is voluntary, state-sponsored, and developed completely by local school districts.

Nonetheless, anti-federal government groups have rallied against Common Core, calling it an attempt to take power away from local communities. Glenn Beck sponsored big media events to fight against the Common Core under the banner “We will not conform!”

To these activists, any attempt to create a national database or national standards reeks of government tyranny. Indeed, according at least one report in Politico, strategists at Beck’s events had to explicitly coach activists to not describe Common Core standards as a “communist plot,” for fear that such language might “turn off” people of a moderate political bent.

What have the privacy activists achieved by forcing the collapse of inBloom?

So when inBloom appeared, with a plan to create a national student database, it automatically became target. The most obvious avenue that these organizations could use to attack inBloom was the fact that it was a private corporate contractor. As early as 2012, organizations like Class Size Matters, a nonprofit organization in New York City that takes up a number of education-related causes, began spreading suspicion that inBloom might be illegally sharing student data.

It was a coincidence that in 2011, the same year that inBloom was spinning up, the Department of Education amended the Family Educational Rights and Privacy Act (FERPA) to slightly broaden the language concerning who could be granted permission to view and use student data. The change was nothing major, but it was exactly the excuse that anti-Common Core activists needed. They went ballistic.

Local activist groups lobbied and petitioned their Congressmen to pass new state-level laws requiring expressed parental consent before giving up any student data to “shared data providers.” One nonprofit organization even tried to sue the Department of Education over the amendment to FERPA, based on the belief that it would grant organizations like inBloom unlimited ability to share student information with other companies.

Momentum escalated as local activists, spurred on by conservative media events like “We will not conform,” held rallies and town hall meetings, repeating the same set of questions over and over again. Why aren’t parents being asked to give consent? Why can’t parents opt out of inBloom’s national database? And most importantly: Shouldn’t it be illegal for inBloom to create such a massive national database to begin with?

In the wake of such strong opposition, school districts began pulling their support. Local and state legislatures began passing laws to soothe parents with security concerns. In the end, the entire initiative crumbled.

Full of sound and fury, signifying nothing

DDK_4_PermanentRecordHysteria-Storybreak2-CloudMischief (1)

All of this activism, however, was based on a fundamental misunderstanding of FERPA. Since 2008, schools have been allowed to release student records, without parental consent, to any body designated as a “school official with a legitimate educational interest,” including for-profit contractor companies. That is how small software companies across the nation have been brought on board to create the tools that teachers are already currently using in their districts.

Chief Privacy Officer Kathleen Styles explained that as long as the school or district uses “reasonable methods” to ensure that the contracting company only uses the data in the manner specified by the contract, it is completely legal for schools to allow access to student information, without any notification or consent from parents. It is not only legal, it is commonplace. It is going on right now in a majority of school districts across the country.

Douglas A. Levin, the executive director of the State Educational Technology Directors Association, had this to say about the collapse of inBloom: “The problems inBloom sought to fix haven’t gone away, but now we’re back to having a variety of competing technical standards, with a variety of competing platforms and middlemen trying to address the issues.”

What have the privacy activists achieved by forcing the collapse of inBloom? They have opened the door for more private, for-profit players to control student information. These companies will still legally store information in the cloud, and will still not require consent from parents. The only difference between them and inBloom is that inBloom was promoting a national standard, and these companies will be fighting to maximize their own individual profits.

So now the question goes back to you: Do you think this makes our children’s student records more secure?