STE WILLIAMS

Parents win against cloud storage of US students’ private information

inBloom logoPeople are a little touchy about data collection nowadays.

They were most certainly touchy about inBloom, a non-profit that was offering to house and manage student data for public school districts across the US by extracting a dizzying array of information – we’re talking 400 data fields – from disparate school databases as well as from new, optional, sometimes intrusive categories that inBloom also offered.

Since inBloom’s rollout in 2013, privacy and security experts and parents have been aghast at schools sucking up everything from students’ tax ID numbers to intimate family details (including options to identify family members as “foster parent” or “father’s significant other”) with inBloom.

That outrage spelled doom for inBloom, which announced on Monday that it’s closing up shop.

inBloom CEO Iwan Streichenberger said in a post that the progress of the platform – which stored the extracted student data in the cloud and then fed it back via dashboards for teachers to track the progress of individual students – was hamstrung by the fact that the public furrowed its brow over data misuse:

It is a shame that the progress of this important innovation has been stalled because of generalized public concerns about data misuse, even though inBloom has world-class security and privacy protections that have raised the bar for school districts and the industry as a whole.

InBloom was a well-funded endeavor designed as a kind of glue to hold together products coming from what the New York Times says is a $8 billion prekindergarten through 12th-grade education technology software market.

The big names behind it were the Bill and Melinda Gates Foundation, the Carnegie Foundation, Carnegie Corporation and others, who donated some $100 million as seed money.

inBloom began rather brightly, signing on districts in seven client states: Colorado, Delaware, Georgia, Illinois, Kentucky, North Carolina, and Massachusetts.

For their parts, Louisiana and New York signed on whole-hog to use inBloom on a statewide basis.

According to Reuters, inBloom’s database held details on millions of children by 3 March 2013.

Things quckly turned sour when savvy parents began to realize the security and privacy implications.

In Louisiana, parents over the summer were incensed to find that the state had uploaded their children’s Social Security Numbers to inBloom in spite of inBloom’s policies, which explicitly prohibit storage of SSNs.

Louisiana subsequently declared that they would remove all student data from the database.

According to the NYT, as of October 2013, only three of the nine states that had originally signed up to participate were actively pursuing the service.

Like Louisiana, New York also backed out of plans to use the service earlier this month, after legislation was passed that prohibited the state department of education from giving student information to data aggregators like inBloom.

Of course, parents had every right to scream like hell about this technology, which many thought had been embraced without due consideration of the risks involved in storing such a vast array of private information.

Despite the “world-class security and privacy protections” that CEO Streichenberger cited in his note on Monday, before the service was taken offline, the privacy and security section of inBloom’s website stated:

inBloom, Inc. cannot guarantee the security of the information stored in inBloom or that the information will not be intercepted when it is being transmitted.

Much of the information was already collected by schools and shared with software or service companies, including grades, attendance records, academic subjects, course levels, and disabilities.

Other information concerned more intimate areas, including reasons for enrollment changes (“withdrawn due to illness” or “leaving school as a victim of a serious violent incident”).

Before inBloom’s site shuttered most of its pages, it contained a video suggesting one scenario of how student data would be used.

One image, captured by the NYT, shows a sample of how (fictional) students’ data could be presented, including bar graphs measuring how much a given student “actively participates”, “shows enthusiasm” and “resists distractions”.

inBloom example image, courtesy of NYT

Is that labeling something we want big-data crunching software companies to do to our children?

Parents and privacy experts said no.

The Electronic Privacy Information Center (EPIC) keeps tabs on the war to protect students’ privacy.

Whether it’s Google admitting to data-mining students’ emails to target advertisements at them, the Education Department’s weakening of privacy law to allow private companies and government agencies to access student records without obtaining student consent, or a myriad other privacy-weakening government and corporate actions, it’s very clear to see that inBloom is just one battle won.

The war rages on.

inBloom is down, but the concepts of using big data in this way, to facilitate educators’ jobs and to enhance individualized teaching of students, aren’t dying with it.

Expect more battles to come.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/nXw8DWh3Njo/

Comments are closed.