Education technology presents exciting new opportunities for students, teachers, and schools, but it also exposes young people to serious new risks. We must ensure that we both enable students to benefit from this technology and protect their privacy. That's why the ACLU of Massachusetts aims to carefully examine and advocate for effective policies, regulations, and laws governing youth privacy where technology meets student information.

Why does student privacy matter?

Young people today are growing up in a world of big data and even bigger surveillance, whether by corporations or the government. Contrary to the myth that today's youth don't care about privacy, studies show that they want their technology and their privacy, too. And they deserve that privacy—inside school, at home, and in the larger world around them.

School is where young people learn mathematics, literature, and the arts. But they also learn what to expect from institutions, one another, and the wider society. Instead of teaching children that they don't have—or don't deserve—any privacy in the digital 21st century, we must teach them to value and protect their rights and the rights of others. And we can begin by demanding policies that defend and expand student privacy rights. That conversation must take place in school districts, community meetings, the state legislature, and the courts, and with input and collaboration from students, parents, and teachers.

We as a society must protect student privacy and teach young people by example that they not only deserve to live free from unwarranted surveillance, but that they can. Every person deserves not only an expectation of privacy, but a right to it, no matter how advanced our technology becomes.

What's the problem?

The ACLU of Massachusetts is particularly concerned about four areas of student privacy:

• Student Information Systems
• School Controlled Technologies
• Corporate Data Collection in Schools and
• In-School Physical Surveillance.

Across the board, the primary problems are a lack of transparency, accountability, and parent/student participation in decision-making that affects a student's entire life.

Student Information Systems

Student Information System or SIS is a general term for software used by schools to manage student information. An SIS typically includes student identity and contact information, class schedules, grades, and attendance records, and may include discipline and behavior records, health records, and special education information. Data may be stored locally (i.e. at the school) or remotely (i.e. with the software provider or a third party) depending on the contract between the school and the software manufacturer. Some SIS software can export data to other third-party software systems. Most if not all school systems in Massachusetts and throughout the nation are now using Student Information Systems to manage student data. But all too often, student privacy concerns are not central to how these systems are managed and governed. Across the country, there are reports of schools keeping highly sensitive and sometimes unnecessary information about students and sharing it with outside entities—including for profit corporations—without parental consent.

In 2013, advocates including the ACLU of Massachusetts raised concerns about a Gates Foundation startup called inBloom—a state-wide SIS that would enable schools to easily share data with government and corporate entities. The program would have drastically increased public and private access to sensitive health, discipline, and behavioral data without any framework for student or parent consent. We organized with other groups in the state to successfully cancel a projected pilot program to roll out this data management system in Massachusetts schools.

But inBloom wasn't alone. Lots of other private corporations currently providing or managing Student Information Systems in Massachusetts offer similar functionality—with all the same problems.

School-Controlled Technologies

Schools in Massachusetts are increasingly offering what they call “1:1” technology programs to students and families. These are school initiatives that provide students with a personal tablet or laptop that they can use throughout the school year. Students are generally encouraged to take devices home after school, and in some schools may keep devices over the summer.

School-controlled technology programs give students access to exciting new technologies, but they require students to carry government-owned devices in and out of school—devices that can contain immense amounts of data. Some schools lack detailed privacy policies for their devices; others have policies that focus solely on security with no apparent consideration given to student rights. Among problems we've seen are:

• Invasive Searches: Schools often reserve the right to randomly inspect devices and the data stored on the devices, which can include emails, searches, browser history, and more. Some schools specifically allow for inspection via remote access, so students may not be aware that searches are taking place.

• Remote access: School-controlled technologies often come pre-loaded with software that enables remote access by school officials. For example, GoGuardian's “anti-theft” features allow schools to remotely turn on keystroke logging, location tracking, and even the laptop's built-in video camera. Students and parents often are not told about the invasive nature of these remote access applications, or who within the school has the authority to use them.

• Content filtering and tracking: Schools can limit what websites students can visit, and track their Internet use. While the Children’s Internet Protection Act (CIPA) requires all schools to use some sort of content filtering on campus, some schools also use device-based filtering that operates regardless of where the device is located. Some applications go far beyond the educational interests of the school, tracking every website a student visits, every search a student runs, and even how long they spend on different applications.

• Acceptable Use Policies: Not all schools have separate acceptable use policies, which are akin to terms of service for the student’s use of the device. Those that do usually provide that student emails and documents may be reviewed at any time. Many even allow the officials to monitor all traffic on the school network.

Another potential problem with these programs is the lack of meaningful opt-out provisions or alternatives. Some schools only allow students to opt-out if they can provide a similar, compatible device from home, a significant burden for low-income and working class students. Other schools allow opt-out, but warn students that doing so may adversely affect their grades if they cannot participate in class. Under these conditions, students do not have a meaningful choice not to subject themselves to monitoring.

Students should not be faced with a choice between participating fully in their own education on the one hand and their privacy rights on the other.

Corporate Data Collection in Schools

Another subject of concern is the corporate collection of advertising and profiling data in classrooms. Advertising giant Google claims that 30 million students nationwide use its products in school. In many schools, students are required to use a Gmail account and Google products as part of their public school education. When we consider the impact of these programs, we must remember that Google is an advertising company. The maxim that “When something is free, you're the product” applies broadly in the digital age. For years, Google was collecting student data to target personal accounts for advertising. Currently, Google states that it “cannot collect or use student data in Apps for Education services for advertising purposes.” But can Google use information about our children for other purposes? In addition, hundreds of other corporations sell ebooks, games, testing programs, and curriculum management software. The rapidly growing “Ed Tech” sector may be gathering more data than even the biggest advertisement engines. This growth should not outpace student civil rights.

In-School Physical Surveillance

Finally, we are concerned about the mass proliferation of physical surveillance technologies across every level of education in Massachusetts and nationwide.

According to the U.S. Department of Education, about 64% of public schools used security cameras in the 2011-2012 academic year. Unfortunately, the Massachusetts Department of Primary & Secondary Education does not provide any state-specific statistics. But we know that a number of Massachusetts schools are using security cameras without any apparent policies explaining who can access footage, how long it is kept, or whether students have a right to review footage that is used against them. Some schools have installed cameras over the objections of students that cameras cost too much, would not improve safety, and raise constitutional concerns.

Other physical surveillance methods, like biometric monitoring and RFID tracking, are making their way to Massachusetts as well. Parents’ concerns about these systems include information security, privacy, and the surveillance-friendly message sent to students by the school administration. Any expansion of surveillance should occur only after an informed discussion with students and parents and only after strong privacy protections are put in place.

Do you think your rights or your child's privacy rights were violated at school? Concerned about student privacy? Have a story to share? Please contact us.