Schools and EdTech Need to Study Up On Student Privacy: 2022 in Review


powered by Surfing Waves
Schools and EdTech Need to Study Up On Student Privacy: 2022 in Review

In 2022, student privacy gets a solid “C” grade. The trend of schools engaging in student surveillance did not let up in 2022. There were, however, some small wins indicative of  a growing movement to push back against this encroachment. Unfortunately, more schools than ever are spying on students through EdTech software and other means. 

In an important decision by a federal judge, a remote proctoring “room scan” by a public university - Cleveland State University in Ohio -  was deemed an unreasonable search under the Fourth Amendment. “Room scans,” where students are forced to use their device’s camera to give a 360-degree view of everything around the area in which they’re taking a test, are one of the most invasive aspects of remotely proctored exams. Often, these scans are done in a personal residence, and frequently a private space, like a bedroom. 

The district court recognized that room scans provide the government (public schools are government entities) with a window into our homes—a space that “lies at the core of the Fourth Amendment’s protections” and long-recognized by the Supreme Court as private. There are few exceptions to this requirement, and none of the justifications offered by the university—including its interests in deterring cheating and its assertion the student may have been able to refuse the scan—sufficed to outweigh the student’s privacy interest  in this case. Though this decision isn’t binding on other courts, any student of a state school hoping to push back against room scans in particular could now cite it as persuasive precedent. The school is expected to appeal to the Sixth Circuit. 

EFF began looking more closely at student activity monitoring software, which is basically indistinguishable from spyware, and is used to filter, block, and flag vast amounts of student activity on their school-issued, and sometimes personal, devices. We already know that the machine learning algorithms in this software that filter, flag, and block content routinely misclassify any LGBTQ+ content as “Adult” content. We know that Securly flags “Health” sites (like WebMD) as “needs supervision,” andGoGuardian blocks access to reproductive health materials. It isn’t difficult to see the harms that will occur as more anti-trans laws pass and the legal right to abortion is overturned: students who use their devices to research topics such as trans healthcare or abortion-related material could find those devices weaponized against them, potentially resulting in criminal charges. Moreover, there are already examples of these apps outing LGBTQ+ students.

In 2021, we fought an uphill battle against schools such as Dartmouth, whose administration unjustifiably accused students of cheating based on a misinterpretation of data from Canvas, a “Learning Management Software” (LMS) platform that offers online access to class material. . Though the Dartmouth administrators backed down, we’ve heard from multiple students at other schools with similar issues since then. To continue educating schools on the inaccuracy of LMS activity logs, we called on both Canvas and Blackboard to put clearer disclaimers on their log data and publicly defend any student accused of misusing these platforms based on similar data misinterpretations. We asked schools to remove any marks on any student records that were based on LMS data, and make a clear policy not to use it in the future. We will continue to call for these changes; schools still over-value the reliability of these logs, and though Canvas and Blackboard have confirmed to us or on their sites that they do not recommend using them for disciplinary investigations, they have not made these disclaimers clear. 

Although many students have gone back to in-person learning, remote proctoring is still a concern because we don’t believe it is going away. Along with Privacy Rights Clearinghouse, we sponsored legislation in California, the Student Test Taker Privacy Protection Act (STTPPA), that would have directed proctoring companies to follow reasonable data minimization practices, meaning they cannot collect, use, retain, or disclose test takers’ personal information except as strictly necessary to provide proctoring services. With STTPPA codified into law, if a student’s data was processed beyond what was required to proctor the exam, the student would have the opportunity to take the proctoring company to court. Unfortunately, this bill was weakened before it was signed into law, and it no longer offers individual students the right to bring suit against companies for violations. EFF dropped our support of the bill, because we believe strongly that a private right of action is necessary for consumer privacy laws such as this to have teeth. 

In another remote proctoring fight, EFF client Erik Johnson, a Miami University computer engineering undergraduate, reached a settlement in the lawsuit we brought on his behalf against exam surveillance software maker Proctorio, in a victory for fair use of copyrighted material and people’s right to fight back against bad faith Digital Millennium Copyright Act (DMCA) takedowns used to silence critics. Johnson, who is also a security researcher, sued Proctorio after it misused the copyright takedown provisions of the DMCA to remove his comments about security flaws with the service that he posted on Twitter. Under the settlement, Proctorio dropped its copyright claim and other claims it had filed blaming Johnson’s advocacy for damaging its reputation and interfering with its business. In return, Johnson dropped his claims against Proctorio. Johnson’s tweets, which were restored by Twitter through the DMCA’s counter-notice process, will remain up.

In an expansion of our student privacy advocacy, EFF also honed in on young students—those in daycare. EFF’s investigation found early education and daycare apps have several troubling security risks, and in addition to detailing these flaws, we also urged the Federal Trade Commission to look into the issue. Learn more about our fight to improve daycare app privacy in 2022.

We have big plans for the coming year’s fight to protect student privacy, and look forward to further highlighting the problem of student activity monitoring software, in particular. For now, if you’re interested in learning more about protecting your privacy at school, take a look at our Surveillance Self-Defense guide on privacy for students.

This article is part of our Year in Review series. Read other articles about the fight for digital rights in 2022.



* This article was originally published here

PUBLISH WITH US!

The Washington Gazette works at our discretion with businesses, non-profits, and other organizations. We do not work with socialists, crony capitalists, or disinformation groups. Click the green button below to view our services!



HTML Button Generator

powered by Surfing Waves

HELP STOP THE SPREAD OF FAKE NEWS!

SHARE our articles and like our Facebook page and follow us on Twitter!




Post a Comment

0 Comments