I’ve tried to get inBloom CTO, Garret Suhm, to answer or respond to my questions debunking the propaganda he is spreading on Twitter under the twitter id @gsuhm. So far Garret has not responded to me, nor has inBloom ever responded to my comments, complaints or observations. I am more than willing to engage them in any medium they choose to discuss the very real concerns I and other parents have about their endeavor. The reason they choose to ignore me is because they have no answers, at least none that will fail to confirm what I have been saying for more than a year.
This weekend I took part in a Twitter Dialogue with Sheila Kaplan, Garret (who responded to others but not me) and others about FERPA, privacy regulations, interpretations and implications. What I learned form that dialogue is that there is a great deal of variation across the spectrum. Not all privacy advocates see things the same way. For some folks, no amount of data sharing should be allowed under any circumstance. Others take more pragmatic approaches and concede some amount of data access and sharing will be necessary, but our obligation to parents and students is to make it as safe as possible and limited in scope. I fall somewhere along the pragmatic side of the equation, but not as far as I believe Sheila has journeyed. Despite my fairly regular trouncings of inBloom on my blog, I don’t hold any special animosity towards them personally, or any company that seeks to use data for constructive purposes. I don’t believe “beating” inBloom will solve all our data sharing and access problems, other companies will fill in or have already filled in this role in less prominent ways. However, inBloom has taken a direct and confrontational stance that it should be one of the premier databrokers, and for that reason they have become a necessary target for privacy advocates. If they are successful in their mission, as they’ve described it to date, privacy laws and advocacy will be a largely moot endeavor. So while I don’t necessarily fault their mission of helping school districts and students through use of data, I do find their aggressive stance very threatening and dangerous and one that must be actively and prominently opposed.
Since inBloom is not responding to me and the New York State Department of Education, under Commissioner John King, is the last large declared district or state ally of inBloom and their student data sharing, storing and dissemination project (and has declared they are proceeding full speed ahead hell or high water) I feel it behooves me to confront their fallacious logic head-on. If inBloom is successful in their mission it may bode poorly for others trying to prevent them and those like them from obtaining confidential student data in our own states and from our own children and students.
Argument one: New York’s current data storage access and storage practices are much worse than inBloom’s. New York actually made this argument recently. This shows a complete lack of understanding of the entire concept. inBloom still has to get information from those same poorly maintained and monitored systems. Those systems do not disappear, they stay in all their crappy, poorly secured glory. Now, in addition to them (not instead of) inBloom is creating a very attractive one stop shopping mall for hackers, phishers and dishonest employees to access.
Perhaps your databases and systems look something like this, with different users and offices over each system, and different people responsible for adding data to all these disparate systems.
Now in addition to your crappy setup, which you still have to maintain to populate inBloom, you now have an inBloom database that is much more valuable, visible and vulnerable to hackers, and much more portable and complete, containing all of your students data, all stitched together in one neat place. Hackers can still get the data from your admittedly terrible systems which you are not addressing because you, mistakenly, believe inBloom will solve all your problems.
(Note: Golden statue image below not obscene because it is art, and clothed art at that.)
Argument two: The only way to provide a personalized experience is to store all data on inBloom’s servers. This is not accurate. InBloom could store a unique ID that links back to personal data retained by their clients. This ID would be a key that unlocks data for applications to retrieve from local servers. While it is true those local servers could be hacked, that is true regardless. Local School districts actually need the names and addresses of their students, but intermediary vendors do not. If inBloom did not store the most sensitive PII on their side, the potential for a massive breach of inBloom creating a crisis for children and families nationwide is greatly reduced. However this solution would be resource intensive and technically difficult and the data stored with inBloom would be less valuable for inBloom to find creative ways to leverage and exploit. The process I envision would be similar to how e-mail encryption works.
inBloom needs all this data from districts to resolve single sign-on authentication, which is a challenging problem no one else wants to tackle. This is one of the newest arguments I’ve seen made, and perhaps the most ridiculous. Having student addresses, pictures, phone numbers and Social security numbers will do nothing to resolve single sign-on authentication. For those of you wondering what this term means, in simple terms it means a teacher/user would only have to remember a single password and log into a single system to have access to a multitude of other systems without the need to log in again. This is generally handled by Microsoft Active Directory on PCs or Profile Manager with Apple based systems. There is zero need to obtain student information for single-sign on authentication unless you are providing this to a vendor to monetize so as to receive a discount for the single sign-on solution. What you need to this solution is user profiles and systems they have access to, and ways to point those systems to a single source security manager. Back in my programming days I wrote one of these for Amedisys Inc. to synch up all the in-house applications we’d built for our users. I did not need personally identifiable patient data for that. That argument is just plain ridiculous and evidence they are simply trying to confuse folks by promising them anything to get their hands on student data.
Argument four: Student data is safe because districts have total control over who they grant access, and only those individuals will ever be able to access the data stored on inBloom. Most data breaches and hacks are inside jobs (like Bradley Manning’s release of Pentagon records and Edward Snowden’s release of NSA records) or the result of clicking on unsafe links which almost everyone has done at one time or another. One of the things revealed by Edward Snowden is that many NSA folks use the data in their charge to investigate girlfriends, family members and people they want to hook up with. If the NSA and Pentagon can’t prevent employees from accessing and exposing their data, and abusing their access for nefarious purposes, what hope could a private company have? inBloom limits its liability for accidental and unintentional exposures to basically nothing, and simply states it complies or exceeds industry standards for privacy and security, and complies with FERPA, which basically means nothing for a private vendor. The reality inBloom recognizes, and you should recognize, is that any data stored with inBloom will inevitably be misused, stolen, and probably resold and used for non-educational purposes.
Argument five: inBloom is a non-profit so we are in this for the children, not to make money. The contract inBloom entered into with Louisiana actually allows them to sell themselves to another company and to transfer all of their data and contracts to that vendor without Louisiana having any recourse or say in the matter.
14.1 Assignment, Successors. Service Provider may freely assign this Agreement, in whole, to a not-for-profit entity that expressly assumes the Service Provider’s rights and obligations hereunder arising after the date of assignment
14.3 Subcontracting. Service Provider may freely subcontract its duties and obligations under this Agreement.
Just because a company is classified as a non-profit, does not mean it cannot make money for its owners and investors indirectly (such as in exorbitant salaries, providing services to other companies or access to assets and data at below market or no costs), or that it can’t be sold for a profit or to someone else who can make a profit off the non-profit’s assets and contracts, or that it can’t contract with external for-profit entities at very generous rates. One of the way non-profit mom and pop Home Health companies made money in the nineties was by hiring on the whole family as “executives”, giving them large salaries to go with their fancy titles, BMW’s to drive on the company’s dime, conventions in Hawaii and Barbados that doubled as family vacations, and purchases or expensive rare artwork to decorate their offices, and then convert to liquidated furnishings which they would sell to themselves or family members at greatly reduced rates.
If you can describe an actual benefit to how inBloom or other vendors like Ed-Fi are proposing to operate, please do so. I would enjoy reading about it and responding. I am not opposed to the idea of a data broker with limited access, and heavy restrictions on the use, storage, and retention of said data. I think most of us understand data is a necessary component of doing business these days and handling large and complex companies, tasks and systems. However, just because we can do something does not mean we should or have to do it (like human cloning.) Just because we feel we need to do “something”, that does not mean we have to do that something poorly and without adequate thought and planning spent towards minimizing the risks and consequences. Companies are good at minimizing costs and maximizing revenues, and I do not fault them for that. That quality can be a powerful tool to employ in organizing, mobilizing and employing resources efficiently. However companies are much less good at protecting privacy, protecting the environment, minimizing risks to others. Even if a company wanted to do all those things well, a company run by less scrupulous folks would be able to prosper and replace the good citizen company by engaging in less costly and perhaps more risky behaviors. Companies require folks like us to provide thoughtful regulations and guidance that evens out the playing field for all of them, while protecting our rights, privacy, and resources. In the right context, with the proper regulations and laws in place and enforced, I have no doubt inBloom and other vendors like them could produce efficiencies and products that could help our children and our society. However until such a time as we define a proper, fair and safe framework for them to operate in, I feel they will have to be opposed because of the threat they pose to our children, our society and ourselves.
(Corrections as of 1/5/14: King is the State Commissioner for New York State, not City. King has decided the entire state will share/provide data to inBloom regardless of the wishes of districts or parents. The new mayor of New York, deBlasio, as a candidate, claimed he would cancel any agreement with inBloom which becomes a moot point if the State Commissioner shares New York City’s data for them. I apologize for these errors.)