People are a little touchy about data collection nowadays.
They were most certainly touchy about inBloom, a non-profit that was offering to house and manage student data for public school districts across the US by extracting a dizzying array of information – we’re talking 400 data fields – from disparate school databases as well as from new, optional, sometimes intrusive categories that inBloom also offered.
Since inBloom’s rollout in 2013, privacy and security experts and parents have been aghast at schools sucking up everything from students’ tax ID numbers to intimate family details (including options to identify family members as “foster parent” or “father’s significant other”) with inBloom.
That outrage spelled doom for inBloom, which announced on Monday that it’s closing up shop.
inBloom CEO Iwan Streichenberger said in a post that the progress of the platform – which stored the extracted student data in the cloud and then fed it back via dashboards for teachers to track the progress of individual students – was hamstrung by the fact that the public furrowed its brow over data misuse:
It is a shame that the progress of this important innovation has been stalled because of generalized public concerns about data misuse, even though inBloom has world-class security and privacy protections that have raised the bar for school districts and the industry as a whole.
InBloom was a well-funded endeavor designed as a kind of glue to hold together products coming from what the New York Times says is a $8 billion prekindergarten through 12th-grade education technology software market.
The big names behind it were the Bill and Melinda Gates Foundation, the Carnegie Foundation, Carnegie Corporation and others, who donated some $100 million as seed money.
inBloom began rather brightly, signing on districts in seven client states: Colorado, Delaware, Georgia, Illinois, Kentucky, North Carolina, and Massachusetts.
For their parts, Louisiana and New York signed on whole-hog to use inBloom on a statewide basis.
According to Reuters, inBloom’s database held details on millions of children by 3 March 2013.
Things quckly turned sour when savvy parents began to realize the security and privacy implications.
In Louisiana, parents over the summer were incensed to find that the state had uploaded their children’s Social Security Numbers to inBloom in spite of inBloom’s policies, which explicitly prohibit storage of SSNs.
Louisiana subsequently declared that they would remove all student data from the database.
According to the NYT, as of October 2013, only three of the nine states that had originally signed up to participate were actively pursuing the service.
Like Louisiana, New York also backed out of plans to use the service earlier this month, after legislation was passed that prohibited the state department of education from giving student information to data aggregators like inBloom.
Of course, parents had every right to scream like hell about this technology, which many thought had been embraced without due consideration of the risks involved in storing such a vast array of private information.
Despite the “world-class security and privacy protections” that CEO Streichenberger cited in his note on Monday, before the service was taken offline, the privacy and security section of inBloom’s website stated:
inBloom, Inc. cannot guarantee the security of the information stored in inBloom or that the information will not be intercepted when it is being transmitted.
Much of the information was already collected by schools and shared with software or service companies, including grades, attendance records, academic subjects, course levels, and disabilities.
Other information concerned more intimate areas, including reasons for enrollment changes (“withdrawn due to illness” or “leaving school as a victim of a serious violent incident”).
Before inBloom’s site shuttered most of its pages, it contained a video suggesting one scenario of how student data would be used.
One image, captured by the NYT, shows a sample of how (fictional) students’ data could be presented, including bar graphs measuring how much a given student “actively participates”, “shows enthusiasm” and “resists distractions”.
Is that labeling something we want big-data crunching software companies to do to our children?
Parents and privacy experts said no.
The Electronic Privacy Information Center (EPIC) keeps tabs on the war to protect students’ privacy.
Whether it’s Google admitting to data-mining students’ emails to target advertisements at them, the Education Department’s weakening of privacy law to allow private companies and government agencies to access student records without obtaining student consent, or a myriad other privacy-weakening government and corporate actions, it’s very clear to see that inBloom is just one battle won.
The war rages on.
inBloom is down, but the concepts of using big data in this way, to facilitate educators’ jobs and to enhance individualized teaching of students, aren’t dying with it.
Expect more battles to come.
10 comments on “Parents win against cloud storage of US students’ private information”
Kids’ personalities change, sometimes drastically. Maybe last year, Logan didn’t show much enthusiasm, as his family was going through a difficult time, but this year, he’s completely different. Those graphs look to me more like a “Label This Kid” than a “Knowing This Will Help You Teach This Kid Better.”
The one who understands the kids best is their teachers, not an algorithm.
“Whether it’s … the Education Department’s weakening of privacy law to allow private companies and government agencies to access student records without obtaining student consent … it’s very clear to see that inBloom is just one battle won.”
Yes. More to the point, the ED and schools should obtain the consent of both students and their parents BEFORE private and government agencies gain access to students’ personal data — and not via some click-through online agreement after the horse has left the barn.
There is no reason at all to track students personal data in a national data warehouse. The ideal would be a hybrid. Anonymized information is stored for data analysis which can only be unlocked locally and the key automatically expire at the end of the term for all non local data. Only Summary information should be available in a data warehouse.
Actually, there is at least one. But, it’s a nefarious one: some people want government to control all aspects of our lives. Putting people into a list and tracking them is one step in that process.
inBloom was never a national datawarehouse or database. Thats a huge misconception that was never addressed
Neither is Google, but that didn’t stop the Government from getting information from them. It’s a slippery slope, not matter how you look at it.
This is great – but why aren’t parents concerned about Google Apps for Education which is doing the same thing?
Digital parenting needs to include learning more about GAFE – and how they are using your child’s info, it might not be so different. Remember, nothing is really free.
Google apps doesn’t have anything to do with administrative systems. If nothing personal is kept in the google cloud then they have no access to admin info.
People were most certainly concerned about Google Apps for Education. Google was sued for data-mining students through this “free” (you’re absolutely right; nothing is really free) suite (http://nakedsecurity.sophos.com/2014/03/18/google-sued-for-data-mining-students-email/) and subsequently announced it was stopping the practice at the end of April (http://nakedsecurity.sophos.com/2014/04/30/google-stops-data-mining-students-email/).