Student privacy experts poke holes in Electronic Frontier Foundation report


A technology school staffer has taken issue with a recent report from an influential anti-surveillance group that charged technology providers are “spying” on students, while school districts offer insufficient policies and protections around student data.

Jim Siegl, technology architect for Fairfax County Public Schools in Virginia, published a blog post raising questions about the Electronic Frontier Foundation’s findings that edtech companies overwhelmingly do not safeguard data. The research was gathered by the San Francisco-based international nonprofit, which acts as a government surveillance watchdog, over the course of the year.

The EFF report‘s authors looked at the offerings of 152 edtech services used in classrooms, and found most “lacking in encryption, data retention, and data sharing policies.”

Siegl, who is co-chair of CoSN’s Privacy Toolkit and a contributor to Common Sense’s Privacy Evaluation Project, did his own probe of the survey data and found the opposite to be true. “lacking in encryption, data retention, and data sharing policies.”

“I was able in all but a few cases to identify the vendor, a testable login URL, privacy policies and terms of service links,” he wrote. On closer inspection, he found that 82 percent of the apps used encryption.

His post was flagged by Amelia Vance, policy counsel for education privacy at the Future of Privacy Forum, a Washington D.C.-based think tank. Vance also found some faults with the EFF’s report.

“It is also noteworthy that there are many additional aspects to the student privacy landscape that aren’t included in the EFF report,” she wrote in an email. “For example, the report only mentions three of the 106 student privacy laws passed in 39 states since 2013, and does not mention the overwhelming number of parents who have said they want ed tech in the classroom in numerous other surveys.”

EFF found that edtech companies collect more information on kids than is necessary or required – including their browsing history, search terms, location data, contact lists and behavioral information – and store that data indefinitely.

“Some programs upload this student data to the cloud automatically and by default,” according to the report. “All of this often happens without the awareness or consent of students and their families.”

The implications of student data going unprotected reach beyond students, the report’s authors argue: They also affect school administrators, teachers, parents and other education stakeholders.

With one-third of all K-12 students across the country using laptops and tablets issued by schools, questions arise about what sort of data is being collected by companies that entice administrators with low costs and bundled packages.

The EFF filed a complaint last year about Google’s G Suite for Education, claiming that more than 30 million students and teachers use the tool, but little is known about what kind of personal information the company has and how that data is maintained.

The report frequently takes a dark view of the potentially shadowy practices edtech companies and vendors may employ. As the $8 billion business keeps booming, the authors say, “we risk placing
students under silent yet pervasive surveillance that chills their creative expression both
in and outside the classroom, and tracks their online behavior before they are old enough
to understand its consequences.”

Through interviews with more than 1,000 students, parents, teachers, administrators and others from 45 states and the District of Columbia, the authors narrowed down several trends that they found alarming.

Parents and students spoke of a lack of transparency from schools, and parents claimed that they did not know what technology their children were using in the classroom. When parents did find out which specific hardware, software and apps were being used, they complained that they were not able to have a say in whether they wanted their children to use it.

Teachers also need better training on digital literacy, and how to look for tell-tale signs about whether technology companies are keeping student records and data private.

Those surveyed singled out Google devices, since those are currently the dominant devices in many schools. Half of respondents said they use Chromebooks, while 32 percent of respondents said they use iPads, and 3 percent reported using Microsoft Surface tablets. Google’s G Suite for Education was the most popular platform.

Among those who participated, 45 percent said that their schools or districts did not provide parents written disclosure about companies’ data collection, or even whether schools created email accounts for students or posted pictures of them on school-related social media pages. Adding to the confusion is whether schools are adhering to the Family Educational Rights and Privacy Act, a federal law that states student data may not be collected by third-party vendors without parental consent.

About 32 percent of respondents reported that their schools or districts did not offer the chance to opt out of using certain technology, and 37 percent of families were not sure whether that option was available.

According to a public school parent of a first-grade student in Maryland who was not named in the report, families were not given any information about their kids receiving tablets. “And when we ask questions, there is little information given at every level,” the parent said.

The report’s authors recommend that, above all, parents should be given enough time to review and consider any materials from schools about classroom technology, and given the chance to opt out if they want.

They warn that schools should not “sign students up for any service without getting explicit permission from their parents.”

“Parents should have access to all relevant privacy policies of vendors and ample time to consider whether they feel comfortable with the proposed vendors’ data practices,” the report states.

Reach the reporter at and follow her on Twitter @clestch and @edscoop_news.