Wednesday, March 27, 2013

What happened at the REST of the meeting on inBloom and student privacy

Thanks to Josh Grolin at the Campaign for a Commercial-free Childhood, I've got more on how the rest of yesterday's Massachusetts Board of Education meeting regarding inBloom. I'm quoting here from his summary, and the parenthetical italics are mine:

Deputy Commissioner Jeff Wulfson, Sharon Wright, the Executive Office's chief information officer, and Rob Curtin, manager of education data services presented on "Using Student Data to Improve Instruction"
First of all, this presentation was one of several in which education officials enthused about the transformational powers of data.  In fact, on a number of occasions, officials talked about how excited they were that they would soon be able to track kids from preschool to medical school if they were in the Mass system that whole time.
 (Tracy here: yes, see my notes from yesterday. They sounded this drum constantly. You'd think that all is on the verge of collapse because we're not letthing them share everything)
Amazingly, they started their presentation by showing this inBloom promotional video: (At some point, I'll do a dissection of this, but for now, suffice to say: this looks a lot like remote control children.)
The crux of their defense of inBloom is this:  Data sharing is already "ubiquitous." School districts are already sharing this data with companies like Dibels, Gallileo, and Read 180.  Everett schools, for instance, shares its data with 14 different companies.  Each agreement costs the school $ and it's inefficient because the data is transmitted separately from each school to each company.  (This is not true; I'm going to ask for a list from Worcester, but the sharing we do is not expensive (certainly) and not at all "ubiquitous.") With inBloom, data would go from school system to state data system to inBloom and then be transmitted to the private companies at the discretion of the school district, saving data integration costs.  inBloom would also spur innovation because it would be easier for makers of educational apps to connect with school districts.
 (That last read as "vendors will know just what to sell you!") 
Sharon Wright emphasized that no commitment had been made to using inBloom but that they were exploring it. (So, we need to ask: how do we say no?)
Commissioner Chester said was not dismissive of data security issues, but that they couldn't "bury their heads in the sand" and ignore technological innovation. (This is the classic 'pat you on the head, "Oh, you ignorant little person"'argument. In this case, again, the Commissioner has bad information about technological security and he [and others] aren't being thoughtful in their use of technology. One need not ignore technology, just use it wisely.)
This brought a strong rebuke from board member Harneen Chernow who said there was a middle-ground between burying one's head in the sand and transmitting 400 pieces of student data to private companies.  She said she has been hearing a lot from concerned parents on this and there needed to be a public forum to discuss this.  She said the ed department was not providing clear answers and she had a lot of questions, among them why was disciplinary action included as the data that could be transmitted.  She also expressed her dismay that inBloom  ‘cannot guarantee the security of the information stored in inBloom or that the information will not be intercepted when it is being transmitted’ to third party vendors." (CHEERS for Ms. Chernow, and let's keep those comments from parents coming to the Board of Ed! )
Jeff Wulfson emphasized that the list of data fields were all possible data fields and that not all of that data would be necessarily collected by each district.  He said his department was responsible for drawing up the list of data fields.  That brought a lot of head shaking from the board. (I would say that Deputy Commissioner Wulfson leaves us the possiblity at a district level of not collecting particular information, or of not submitting it. I'm also not at all sure why the state would be empowered to decide which data fields would be used.)
Sharon Wright said that in any final agreement between inBloom and the state that inBloom would, in fact, be held responsible for data leakages, regardless of any language on inBloom's website. (This is tackling the wrong side of the question: this shouldn't be about whose fault a failure will be; it needs to be about who's responsible for the data. That's the districts and the state. Also, Ms. Wright, by my reading of 201 CMR 17.00, it certainly appears that the state, as the sharing agency, remains responsible for any breach of the security of the data.)
Unfortunately, it was the end of a very long meeting and no further board questions were allowed.
Let's keep this on their agenda!
More to come!

No comments: