I recently had the privilege of chatting with one of the two brave Mandeville High School students that participated in a BESE meeting about student privacy at the Louisiana Department of Education on Wednesday the 17th. (I only wish I could have been there myself but was not able to get away at that time.) However I feel like was more than adequately represented by these two young adults. Below is the statement made at this meeting by Rachael Sachs, a 16 year old student from Mandeville High School.
How would you feel if your house got broken into and all of your personal belongings were stolen? And later when you went on the Internet, you discovered that your belongings were being sold to the highest bidder?
How you would feel then, is how we feel now. Our personal information is being sold to anybody who has money, whether it is a company, or a predator, not to mention hackers. We are being put in danger.
I don’t have a Facebook for this reason. These companies are treating us as though we are theirs to sell to make a profit off of . . . it is almost as if we are being prostituted.
How would any of us feel?
I am just beyond the window of having my personal data stolen and sold, by my kids are not. I can tell you I am outraged. . . but I have time to try and put a stop to it before it causes them permanent harm. However students, young adults, like Rachael and her schoolmate Grant Barker, are just about to leave the confines of their schools for college, work, credit cards, house notes and hopefully bright futures if they are not sabotaged enroute.
Rachael has made a conscious choice not to share her personal and private information through Facebook so as not to become a target for hackers, spammers, marketers and ruthless predators. That is a choice she was allowed to make to protect herself. John White and the State of Louisiana have taken the irresponsible step of sharing her details anyway, and more private and damaging information that Facebook requires for participation.
Facebook does not require Social Security Number, and has no place to even store that number, know the potential for abuse. Facebook allows users to provide date of birth, but that is left to the discretion of the individual user. You can provide your full real name, although you can actually set up an account under an alias. I know someone who has a page for her cat, and I set up a page for a crawfish in addition to my real page. Plenty of my Facebook friends have pages without their last name or under nicknames. You don’t need to provide a phone number or mailing address or even a picture if you don’t want to, and if you do provide a picture for an icon you have control over what picture you want to represent you to the Facebook community.
To contrast, John White and his “vendors” want your real address, phone number, picture, date of birth, full name and social security number just to get your account started. Going forward they will record and link as much information as they can. Students have no choice and no control over what gets sent, and that information may be very unflattering and incorrect and there will be nothing they can do to fix it. This information will be available to the staff at these companies; these vendors even mention this fact in their disclaimers. Anyone who tells you they won’t need to view this data is absolutely lying. There is no way to maintain such a system without giving access to the actual data to report writers, data evaluators, and system administrators.
inBloom was started with a 100 million dollars in start up cash. Think about that. This company will have to make money somewhere, just like Facebook, Google and any other company that provides services. The only question is how will they do this? Initial fees for storing data on inBloom have been quoted in the 3-5 dollars per student per year range. We have records for 2.5 to 3 million unique students and around close to 700,000 public school student records and another 20 or 30 thousand private school student records for students located in our Special Education Reporting system and Student Transcript system. For just this one vendor, we have knowledge of LDE “sharing” data with as many as 3 or 4 such “vendors” we could be incurring expenses of anywhere from 8.5 to 60 million dollars annually. So not only is John White giving student data away, endangering our student’s futures, he’s will be stealing funding that would otherwise go to educating these same students. They get the privilege of paying for this violation of their privacy.
And that’s just the start of the gravy train.
Local education officials retain legal control over their students’ information. But federal law allows them to share files in their portion of the database with private companies selling educational products and services.
Entrepreneurs can’t wait.
“This is going to be a huge win for us,” said Jeffrey Olen, a product manager at CompassLearning, which sells education software.
All of this brings us to this video of Grant Barker being lied to and bullied by BESE president Chas Roemer and Superintendent of Education John White.
White claims there is no money attached to participation in the grant, but the Louisiana Department of Education has taken plenty of Gates grants in the past, and the Gates foundation has pledge 70 million in grants to participants in this program.
In addition to its $100 million investment in the database, the Gates Foundation has pledged $70 million in grants to schools and companies to develop personalized learning tools.
Grant Barker makes a good point about Google, users are notified that their queries and information will be used for additional marketing and stored in databases, and their participation in using this search engine is contingent upon accepting that agreement. They don’t have to use Google, and they certainly don’t have to share such personal details as SSN, DOB, name, picture, phone number and address to use Google. John White has shared everyone’s data without notifying them, endangering them, and without compensating them. In fact this scheme will likely cost these students quite a bit in loss of privacy, will lead to inevitable abuse (inBloom even mentions remedies for types of abuse it anticipates in their privacy agreement), not to mention the tax dollars and education dollars that will be permanently dedicated to these “vendors” to store our private data while these vendors also make money selling this same data to others.
inBloom, Inc, each inBloom, Inc Contractor, and Customers, as applicable, will consistently enforce this Policy with appropriate discipline for its own employees. inBloom, Inc, each inBloom, Inc Contractor, and each Customer, as applicable, will determine whether violations of this Policy have occurred and, if so, will determine the disciplinary measures to be taken against any director, officer, employee, agent or representative who violates this Policy.
The disciplinary measures may include counseling, oral or written reprimands, warnings, probation or suspension without pay, demotions, reductions in salary, or termination of service or employment, as well as criminal referral to law enforcement, if appropriate.
Persons subject to disciplinary measures may include, in addition to the violator, others involved in the wrongdoing such as (a) persons who fail to use reasonable care to detect a violation, (b) persons who withhold material information regarding a violation, and (c) supervisors who approve or condone the violations or attempt to retaliate against employees or agents or representatives of inBloom, Inc or the inBloom, Inc Contractor for reporting in good faith violations or violators
Grant brings up a point about whether it is necessary to share all this info. It is not. For starters we have an internal unique id that cannot be used to apply for credit cards, or steal someone’s identity like a Social Security number can. Sharing SSN was a decision John White made that serves no purpose except to endanger students, many of whom are already voting adults and should have been provided the opportunity on whether they want to share their own data. What’s more, even inBloom thinks this is a problem which they informed John white about many months ago and which he ignored. Here is a statement from inBloom which also directly contradicts John White’s statements and assurances.
Last month, we learned that Louisiana was utilizing SSN as their local student ID for enrollment for their Course Choice platform which is currently leveraging inBloom services. We have since been working with the LADOE team to expedite the rollout of a new state-wide student ID. The Louisiana team felt it best to suspend their use of inBloom services while they assess long-term alternatives to storing SSN’s in inBloom. We are supportive of this decision given our sensitivity to hosting SSN’s, as described in the Software as a Service Agreements we have already signed with several of you. Louisiana is the only state or district partner where SSN’s were a concern. Louisiana remains part of the inBloom consortium and is evaluating the path toward reconnecting the data services in a time and manner aligned with their state instructional improvement goals.
Why is John White allowed to make such irresponsible decisions, repeatedly, without any oversight, and without any reprimands or consequences?
Chas Roemer and John White have continued to spin another lie about school districts contracting with outside vendors to store their data, and that their arrangement is no different. This was a ridiculous self-serving oversimplification when it was first made, and continues to be one. LEAs (school districts) contract with vendors to hold their data for their own purposes. Usually this data is actually housed internally at larger districts because economies of scale make it both safer and less expensive to do this than to contract with a multitude of private unmonitored vendors. This data is housed on servers only school districts and their student information system vendors have access to, to be used by their internal data reporters and staff. School district’s data is not strored on “clouds” designed to allow easy access to data from any point in the world. This data is not shipped out to unsupervised warehouses for thousands of out-of-state vendors to peek and tweak for whatever reason they see fit. Just because FERPA (the federal student privacy act) was changed to allow state agencies to provide data (any and all data) to vendors for non-educational purposes, that does not mean it is a good idea to do so. That does not make it necessary to do so. This is a far cry from the safest idea, even according to John White’s own vendor, inBloom, as they note in the passage above. And with costs of up to 60 million or more (just for starters) this is not the least expensive option either.
I wonder how much of this 60 million of Louisiana tax payer money will go towards John White’s salary when he leaves LDOE? This amount dwarfs what Bobby Jindal wanted to trim form the state budget to eliminate the State’s hospice program, which was pegged at 8.3 million over two years, versus the 120 million for two years of the SLC vendors we’ve learned of just by accident.
My thanks go out to Grant Barker and Rachael Sachs. They showed great courage, not many of us have today, let alone at their young age. This may also speak to how outraged and offended they were upon discovering their state Department of Education was selling their data, and selling them out, rather than teaching them. Maybe this was a lesson of sorts? If they don’t already, I know they will recognize that their participation in our government was one of the greatest lessons they could have learned during any class day, and more valuable than any test score or individual school grade they may have earned. I’m just sad they had to speak out, because so many of the adults don’t. I’m sad at how I saw Grant treated by Chas Roemer, who didn’t seem to want to be bothered with a very serious issue to Grant and hundreds of thousands of Louisiana’s public school children. Chas kids’ attend private school, so did not have their data shared this way. Chas did not have his own future put in jeopardy, but apparently felt justified in trivializing Grant Barker’s concerns while trying to rush him out of the BESE meeting.
I wonder if Chas would have felt any different if it was his SSN, or his kids’ SSNs and private data floating around on thousands of unsupervised servers on multiple data clouds that no adults will take any responsibility if the data is stolen or abused? Our kids and their parents will be the ones ultimately paying the consequences, shouldn’t our kids and their parents have the final say since Chas Roemer, John White and inBloom refuse to accept any responsibility or even acknowledge the risks?