With the return to distance learning during the third wave of the COVID-19 pandemic, parents and students are embracing risky data collection practices and invasive privacy technologies.
The Auditor General’s 2018 report on cyber security raised many concerns about technology in schools. Many, if not most, Ontario school boards find it difficult to understand the basic concepts of cyber security and privacy, let alone ensure that teachers are properly trained to protect student knowledge. The report reveals that an astonishing 74% of respondents indicated that they do not provide formal or privacy training for staff using technology in councils and schools.
Fifty percent of the school boards surveyed did not have “adequate oversight of their classroom IT assets, such as laptops and tablets, to keep an eye on. In some cases, council staff were unable to verify if there was any equipment lost.
If keeping track of physical assets is such a challenge, even less likely is the care and security of the vast amount of information collected and shared with technology companies and their partners.
Student data is no longer limited to student name and number. It now contains accurate location information, sensitive communications, classroom photos, contact information and health condition details. Many other aspects of children’s identity are collected and tracked in the student’s academic life and shared with anyone who has access to the technologies adopted by school administrators.
Many of these technologies are the brainchild of opportunistic entrepreneurs, developed by interface designers with little or no understanding of privacy or security. Worse still, they were adopted by untrained school board administrators using procurement processes that not only date before the pandemic, but also on the Internet itself.
Most students are already enrolled in online classes, recorded with video conferencing equipment, and continue to be monitored using invasive data collection methods. In fact, student information systems or student management systems often aggregate all identity and academic information and store it outside the traditional confines of school board administrators. This cloud-based data processing allows vendors to collaborate with unknown parties to analyze the data collected.
Although the early years of educational technologies (edtech) were difficult, with widespread crime affecting millions of students worldwide, the industry did survive.
Many of the companies that built their data collection models are still around, now priced at hundreds of millions of dollars.
This situation turned into a different beast, with privacy regulations and legislation hardening around edac rapacious companies. Publicly funded education committees that have received no regulatory oversight have now begun to review their practices.
Here, the expansion of school board authority is presented under the guise of privacy and security. Rhetoric such as “concurrent learning tools”, “digital tools” and “communication tools for student and family involvement”.
Fearing that their information gathering and sharing practices might make them accountable, school board administrators are suddenly putting their feet on the ground. However, parental consent applications do not include an option to refuse or submit a suitable alternative. This compulsion has disciplinary implications for students whose parents give up.
School boards refer to the Education Act, preceding the Internet, for authority to share student data as they see fit and without the need for further consent.
Parents should stand up and protect their families by requiring school boards to provide enough information to feel comfortable transmitting their children’s digital identity to a variety of strangers. Parents can also request an urgent investigation into the major threats of discipline and marginalization made by school boards against students.
Claudiu Popa, author and professor of Fintech Cybersecurity, Information Risk and Enterprise Privacy Management, University of Toronto
This article was republished by The Conversation under a Creative Commons license. Read the original article.