I’ve tried to get inBloom CTO, Garret Suhm, to answer or respond to my questions debunking the propaganda he is spreading on Twitter under the twitter id @gsuhm. So far Garret has not responded to me, nor has inBloom ever responded to my comments, complaints or observations. I am more than willing to engage them in any medium they choose to discuss the very real concerns I and other parents have about their endeavor. The reason they choose to ignore me is because they have no answers, at least none that will fail to confirm what I have been saying for more than a year.

This weekend I took part in a Twitter Dialogue with Sheila Kaplan, Garret (who responded to others but not me) and others about FERPA, privacy regulations, interpretations and implications. What I learned form that dialogue is that there is a great deal of variation across the spectrum. Not all privacy advocates see things the same way. For some folks, no amount of data sharing should be allowed under any circumstance. Others take more pragmatic approaches and concede some amount of data access and sharing will be necessary, but our obligation to parents and students is to make it as safe as possible and limited in scope. I fall somewhere along the pragmatic side of the equation, but not as far as I believe Sheila has journeyed. Despite my fairly regular trouncings of inBloom on my blog, I don’t hold any special animosity towards them personally, or any company that seeks to use data for constructive purposes. I don’t believe “beating” inBloom will solve all our data sharing and access problems, other companies will fill in or have already filled in this role in less prominent ways. However, inBloom has taken a direct and confrontational stance that it should be one of the premier databrokers, and for that reason they have become a necessary target for privacy advocates. If they are successful in their mission, as they’ve described it to date, privacy laws and advocacy will be a largely moot endeavor. So while I don’t necessarily fault their mission of helping school districts and students through use of data, I do find their aggressive stance very threatening and dangerous and one that must be actively and prominently opposed.

Since inBloom is not responding to me and the New York State Department of Education, under Commissioner John King, is the last large declared district or state ally of inBloom and their student data sharing, storing and dissemination project (and has declared they are proceeding full speed ahead hell or high water) I feel it behooves me to confront their fallacious logic head-on. If inBloom is successful in their mission it may bode poorly for others trying to prevent them and those like them from obtaining confidential student data in our own states and from our own children and students.

Argument one: New York’s current data storage access and storage practices are much worse than inBloom’s. New York actually made this argument recently. This shows a complete lack of understanding of the entire concept. inBloom still has to get information from those same poorly maintained and monitored systems. Those systems do not disappear, they stay in all their crappy, poorly secured glory. Now, in addition to them (not instead of) inBloom is creating a very attractive one stop shopping mall for hackers, phishers and dishonest employees to access.

To illustrate:

Before inBloom:

Perhaps your databases and systems look something like this, with different users and offices over each system, and different people responsible for adding data to all these disparate systems.

After inBloom:

Now in addition to your crappy setup, which you still have to maintain to populate inBloom, you now have an inBloom database that is much more valuable, visible and vulnerable to hackers, and much more portable and complete, containing all of your students data, all stitched together in one neat place. Hackers can still get the data from your admittedly terrible systems which you are not addressing because you, mistakenly, believe inBloom will solve all your problems.

(Note: Golden statue image below not obscene because it is art, and clothed art at that.)

Argument two: The only way to provide a personalized experience is to store all data on inBloom’s servers. This is not accurate. InBloom could store a unique ID that links back to personal data retained by their clients. This ID would be a key that unlocks data for applications to retrieve from local servers. While it is true those local servers could be hacked, that is true regardless. Local School districts actually need the names and addresses of their students, but intermediary vendors do not. If inBloom did not store the most sensitive PII on their side, the potential for a massive breach of inBloom creating a crisis for children and families nationwide is greatly reduced. However this solution would be resource intensive and technically difficult and the data stored with inBloom would be less valuable for inBloom to find creative ways to leverage and exploit. The process I envision would be similar to how e-mail encryption works.

Argument three:
inBloom needs all this data from districts to resolve single sign-on authentication, which is a challenging problem no one else wants to tackle. This is one of the newest arguments I’ve seen made, and perhaps the most ridiculous. Having student addresses, pictures, phone numbers and Social security numbers will do nothing to resolve single sign-on authentication. For those of you wondering what this term means, in simple terms it means a teacher/user would only have to remember a single password and log into a single system to have access to a multitude of other systems without the need to log in again. This is generally handled by Microsoft Active Directory on PCs or Profile Manager with Apple based systems. There is zero need to obtain student information for single-sign on authentication unless you are providing this to a vendor to monetize so as to receive a discount for the single sign-on solution. What you need to this solution is user profiles and systems they have access to, and ways to point those systems to a single source security manager. Back in my programming days I wrote one of these for Amedisys Inc. to synch up all the in-house applications we’d built for our users. I did not need personally identifiable patient data for that. That argument is just plain ridiculous and evidence they are simply trying to confuse folks by promising them anything to get their hands on student data.

Argument four: Student data is safe because districts have total control over who they grant access, and only those individuals will ever be able to access the data stored on inBloom. Most data breaches and hacks are inside jobs (like Bradley Manning’s release of Pentagon records and Edward Snowden’s release of NSA records) or the result of clicking on unsafe links which almost everyone has done at one time or another. One of the things revealed by Edward Snowden is that many NSA folks use the data in their charge to investigate girlfriends, family members and people they want to hook up with. If the NSA and Pentagon can’t prevent employees from accessing and exposing their data, and abusing their access for nefarious purposes, what hope could a private company have? inBloom limits its liability for accidental and unintentional exposures to basically nothing, and simply states it complies or exceeds industry standards for privacy and security, and complies with FERPA, which basically means nothing for a private vendor. The reality inBloom recognizes, and you should recognize, is that any data stored with inBloom will inevitably be misused, stolen, and probably resold and used for non-educational purposes.

Argument five: inBloom is a non-profit so we are in this for the children, not to make money. The contract inBloom entered into with Louisiana actually allows them to sell themselves to another company and to transfer all of their data and contracts to that vendor without Louisiana having any recourse or say in the matter.

14.1 Assignment, Successors. Service Provider may freely assign this Agreement, in whole, to a not-for-profit entity that expressly assumes the Service Provider’s rights and obligations hereunder arising after the date of assignment

14.3 Subcontracting. Service Provider may freely subcontract its duties and obligations under this Agreement.

Just because a company is classified as a non-profit, does not mean it cannot make money for its owners and investors indirectly (such as in exorbitant salaries, providing services to other companies or access to assets and data at below market or no costs), or that it can’t be sold for a profit or to someone else who can make a profit off the non-profit’s assets and contracts, or that it can’t contract with external for-profit entities at very generous rates. One of the way non-profit mom and pop Home Health companies made money in the nineties was by hiring on the whole family as “executives”, giving them large salaries to go with their fancy titles, BMW’s to drive on the company’s dime, conventions in Hawaii and Barbados that doubled as family vacations, and purchases or expensive rare artwork to decorate their offices, and then convert to liquidated furnishings which they would sell to themselves or family members at greatly reduced rates.

The Challenge

If you can describe an actual benefit to how inBloom or other vendors like Ed-Fi are proposing to operate, please do so. I would enjoy reading about it and responding. I am not opposed to the idea of a data broker with limited access, and heavy restrictions on the use, storage, and retention of said data. I think most of us understand data is a necessary component of doing business these days and handling large and complex companies, tasks and systems. However, just because we can do something does not mean we should or have to do it (like human cloning.) Just because we feel we need to do “something”, that does not mean we have to do that something poorly and without adequate thought and planning spent towards minimizing the risks and consequences. Companies are good at minimizing costs and maximizing revenues, and I do not fault them for that. That quality can be a powerful tool to employ in organizing, mobilizing and employing resources efficiently. However companies are much less good at protecting privacy, protecting the environment, minimizing risks to others. Even if a company wanted to do all those things well, a company run by less scrupulous folks would be able to prosper and replace the good citizen company by engaging in less costly and perhaps more risky behaviors. Companies require folks like us to provide thoughtful regulations and guidance that evens out the playing field for all of them, while protecting our rights, privacy, and resources. In the right context, with the proper regulations and laws in place and enforced, I have no doubt inBloom and other vendors like them could produce efficiencies and products that could help our children and our society. However until such a time as we define a proper, fair and safe framework for them to operate in, I feel they will have to be opposed because of the threat they pose to our children, our society and ourselves.

(Corrections as of 1/5/14: King is the State Commissioner for New York State, not City.  King has decided the entire state will share/provide data to inBloom regardless of the wishes of districts or parents.  The new mayor of New York,  deBlasio, as a candidate, claimed he would cancel any agreement with inBloom which becomes a moot point if the State Commissioner shares New York City’s data for them.  I apologize for these errors.)


22 thoughts on “Debunking inBloom and New York’s data sharing arguments

  1. You are absolutely right. At this moment, the data within the source systems of the NYCDOE is so compromised. Because of password and other technical problems–which are rampant, people often use each other’s passwords. This is endemic within the Special Education Student Information System. Often, when people work in different offices on a temporary basis, because it takes so long to change someone’s security level, the employee has to be given someone’s password to complete the work. Because I am a data specialist and have citywide access, I can look at anyone’s confidential record on SESIS. When we had only paper special education records, they were either in locked filing cabinets within the school or a secure records room within a Committee on Special Education. In the old days, if someone wanted a record expunged, it would be physically destroyed. This is no longer the case. When someone is decertified, the record is inactive but the footprints still exist. Someday, this may bite someone in public life or someone who wants to get a sensitive job–let’s say, in the area of national security.

    1. New York is a state. It’s not just NYC. The needs across the state are diverse. Support S6007 & if NYC doesn’t want to use inBloom services, don’t. But don’t prevent tech poor schools from protecting their children’s data. Local control means local control. You do what you want in NYC & let other districts make the decision on their own based on fact.

      Garrett’s tweets were not propaganda.

      And thank you Crazy for not saying bad things about me. I appreciate that. : )

      1. Isn’t propaganda telling people only positive and misleading things, neglecting or ignoring all negative implications, to get people to believe or act a specific way for a company or group you work for?

        I do not agree with your sentiment.  Neither NYC nor tech poor districts should do whatever they please without oversight or objection. I cannot physically stop them, but I can warn them and their parents of the dangers of their course. I do not believe districts own the data they collect and should be free to use/sell it for any reason they see fit.  That data was provided for specific purposes (educating and caring for children) that does not mean they can trade it for technology or services or cash. Storing data on inBloom is not protecting data, that is the exact opposite.  If you are claiming otherwise perhaps we are much further apart than I realized.

        Sent via the Samsung Galaxy Note® 3, an AT&T 4G LTE smartphone

    2. So rather than address that they distract people with another company and erroneously claim it will magically solve all their problems. inBloom just stores records districts create and collect, districts still have to create and collect. All this would mean is yet another application, with another password and another set of data they can’t even fix if they discover an error.

        1. Sheila,

          Don’t you agree that PII should not be collected and shared? I saw a tweet from you the other day about opting out of directory information and that some aren’t advising the public of this. I’m not sure I understand you with this… Isn’t directory information very different from PII?? Most districts, by law, have to advise parents of their right to opt out of directory info. Ours does via the printed school calendar. However, my understanding is that they’re 2 very distinguishable items. PII has direct negative consequences for our children if shared along with their data while directory information is not connected to the grade/discipline/records data. Am I incorrect?

      1. They also are fond of lying, confusing, hiding and manipulating folks too Ive found.  Try to get a straight answer to a direct question and you get silence, a patronizing response or the run around.

        1. I concur. Also, their beliefs are almost religious in nature. No matter how much you confront them with facts, research, etc., they cannot be swayed. Is it because they really believe their ideas based on faith or is it because greed outweighs reason?

          1. Some of them. I may have been too obsessed and valuing of data at one point. I underestimated the risk and overestimated the benefits. I’ve changed. When that is your job and what you base you self-worth and esteem on, it can be hard to see yourself in a neutral light. Not everyone is greedy, although some certainly are. Some pride themselves on their work and want to believe they are helping because the alternative is to admit you are creating or contributing to a more hostile environment for teachers and kids and dangerous situatuon for children and their privacy. They are not inhuman, but they are inherently biased, just as most of us would be towards our work if we wanted to do something good and had the best intentions at heart. Unfortunately there are those that takw advantage of those best intentions and use our works counter to our wishes or visions or promises, as happened to me.

  2. Also, New York’s contract with InBloom essentially says the same as Louisiana’s… “May assign…” “No liability” for breach. See older blog post for contracts/memo’s for NY.

  3. Making inBloom a pariah has overshadowed the larger issue of student privacy. I’d encourage everyone here to take a moment to read recent posts on funnymonkey.com: http://goo.gl/IavLO2

    Consider Clever which connects into a school or district’s central student information system to access to all the data. They then move that data into the cloud and make it available to 3rd parties: http://goo.gl/Oh0ZRm Clever is a small startup in SF, just over a year old. They are now in more than 15,000 schools and growing exponentially.

    1. I agree inBloom is not the only danger and people are perhaps disproportionatlu preoccupied with opposing it. Thats not a new thing in American politics. Look at Acorn, ALEC, Planned Parenthood, Chik fil A, and other recent political bugaboos. Its a “thing” and easier for most folks to understand an inBloom enemy than a zillion existing and potential threats. However people’s opposition to inBloom will likely lead to greater regulation of data issues and vendors of all brands and stripes.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s