How my original “Opt Out Letter” was converted to a “form”

At the June 18th BESE meeting John White relayed that he did not recall seeing my opt-out letter and did not reply because it was something he characterized as a “form letter.”  Technically this was true.  Mine was the first letter to get sent, so it was not a form letter, however Tom Aswell at the Louisiana Voice republished it after redacting my personal info so other parents could likewise opt their children out of any data sharing using my letter as a template.  (I subsequently learned there was much swearing of my name by John White, as a result of my letter and privacy petition and campaign, but we must pick and choose our battles, right?)

A form letter type approach was adopted because Louisiana has not provided an organized method of transmitting or submitting opt-out requests and some very specific information needs to be submitted for Louisiana to identify children that are opted out, while not revealing too much information (like DOB and SSN) which could be used by identity thieves that might intercept the e-mail making the opt-out procedure as dangerous as the data sharing.

My son will be starting pre-k this year in EBR so I will be updating my opt-out request in a few weeks with his info.

Feel free to use this letter as a template for your own, or simply write your own and simply make sure to send the bolded data elements.  Since John White did not recall seeing my letter, even thought I sent it to him and most of his senior staff and legal counsel, I would recommend making sure you send it to more folks than just John White.  I asked him to provide a method by which parents could opt-out their children without this hassle, but White did not address any future plans to make this process easy in the meeting.

Feel free to send your opt outs to any or all of:

John.White@la.gov (state Superintendent of Education)

Erin.Bendily@la.gov (Governor Jindal’s handpicked DOE handmaiden )

Joan.Hunt@la.gov (DOE chief legal counsel)

Kim.Nesmith@la.gov (Data Quality and collections director)

My name is (PARENT’S NAME) and I am a parent of children in Louisiana public schools. This is to formally inform you that you do not have my permission to share my children’s personally identifiable student information with any external agency, researcher, non-profit group, vendor or government or quasi-government agency under any circumstances (specifically, name, DOB, SSN). They are public students in the (parish/city/parochial) school system and you have not asked my permission to share their information as required by law. I am purposefully informing you that you do not have permission to share their information unless I provide appropriate parental guidance. Their/his/her name(s) is/are (STUDENT’S OR STUDENTS’ NAME[S]). If you already have, I would like you to promptly request that his/her/their information be expunged from any data set you have already shared.

Mr. White, on the basis of your e-mails it appears you are planning on sharing this data and I will hold you personally responsible for any subsequent violations. I will be recommending that other parents likewise notify you if they do not wish their information to be shared with corporations/vendors whom you have agreed to not hold liable for any security breaches or unauthorized releases (which I don’t believe you have a legal right or authority to do). Moreover, any such release of personally identifiable information without each parent’s express permission will be a direct violation of the Family Educational Rights and Privacy Act (FERPA) and a willfully unnecessary one since you have non-personally identifiable student identifiers and have taken great pains to claim FERPA exclusions for all other releases of de-identified student data to the media, researchers, and the general public.

Please note the section in the last paragraph below. Schools may disclose, without consent, directory information. But you must notify us when doing so. You, however, do not have my consent and you are not a school. You have my absolute, unequivocal, official refusal on record.

You also do not have a legal right to require social security numbers from any student in Louisiana. I will be recommending parents and school districts to promptly stop providing them as you seem unwilling to guard this information as required by law.

Thank you for your prompt attention to this matter.

(PARENT’S NAME)

Family Educational Rights and Privacy Act (FERPA)

The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.

FERPA gives parents certain rights with respect to their children’s education records. These rights transfer to the student when he or she reaches the age of 18 or attends a school beyond the high school level. Students to whom the rights have transferred are “eligible students.”

• Parents or eligible students have the right to inspect and review the student’s education records maintained by the school. Schools are not required to provide copies of records unless, for reasons such as great distance, it is impossible for parents or eligible students to review the records. Schools may charge a fee for copies.

• Parents or eligible students have the right to request that a school correct records which they believe to be inaccurate or misleading. If the school decides not to amend the record, the parent or eligible student then has the right to a formal hearing. After the hearing, if the school still decides not to amend the record, the parent or eligible student has the right to place a statement with the record setting forth his or her view about the contested information.

• Generally, schools must have written permission from the parent or eligible student in order to release any information from a student’s education record. However, FERPA allows schools to disclose those records, without consent, to the following parties or under the following conditions (34 CFR § 99.31):

o School officials with legitimate educational interest;

o Other schools to which a student is transferring;

o Specified officials for audit or evaluation purposes;

o Appropriate parties in connection with financial aid to a student;

o Organizations conducting certain studies for or on behalf of the school;

o Accrediting organizations;

o To comply with a judicial order or lawfully issued subpoena;

o Appropriate officials in cases of health and safety emergencies; and

o State and local authorities, within a juvenile justice system, pursuant to specific State law.

Schools may disclose, without consent, “directory” information such as a student’s name, address, telephone number, date and place of birth, honors and awards, and dates of attendance. However, schools must tell parents and eligible students about directory information and allow parents and eligible students a reasonable amount of time to request that the school not disclose directory information about them. Schools must notify parents and eligible students annually of their rights under FERPA. The actual means of notification (special letter, inclusion in a PTA bulletin, student handbook, or newspaper article) is left to the discretion of each school.

Excellent Letter sent to BESE by one of my readers about data sharing and inBloom

Dear BESE member, I am writing to voice my concern over the massive student data sharing scheme with InBloom and whomever else is on track to receive information on our students, and even teachers and parents.

Please understand our concerns for this unprecedented and massive information sharing by companies and individuals who may or may not have the best interests of our children in mind. When For Profit companies are given access to private and confidential information, it begins a slippery slope of loosening our rights to privacy. As has already been proven, once this information is out, as so called data, what these companies do with it is now out of our control. We have no idea what they will eventually do with it and who will later have access to it. It is your responsibility to take back control of our children’s education and private information. It seems as if our state is being sold a bill of goods at the expense of our children. For Profit companies are taking over the education of our children. These unregulated, unaccredited ,and uncredentialed “schools” and “teachers” are allowed to “teach” our children, while public schools are left with minimal funding and more regulations. Yet it is amazing that there is always money for more tests for the testing companies, and now more money for Data companies to do what they will with confidential student information.

Please hear our cries for adequate funding for public schools so that our children can receive the education they deserve with certified and credentialed teachers in accredited public schools. Many of these charter and RSD schools are allowed to segregate students, with no oversight, and dismal test scores. This is a horrible, unresearched experiment being inflicted on our most vulnerable children in the name of reform. It is time to take back our neighborhood schools from the profit barons and put the decision making back into the hands of the tax paying citizens who support our public schools.

Please stop this massive data sharing scheme and put the funding back into our public schools.

Please stop this unfair attack on our public schools and public school teachers.

Please respect the professionalism of teachers.

I am an educator, a parent, and a concerned citizen.

Privacy Advocates Take Heed!

Recently I (as well as a dozen or so student and parent activists) testified at the June 18th Louisiana BESE meeting about our concerns related to the inBloom data sharing and selling project Superintendent John White secretly entered into on behalf of all Louisiana citizens. Our spot came up 4 hours late, and without an outcry from one of our tireless privacy advocates named Debbie Sachs would have been pushed back another 3 hours or postponed to another day (when most of us would not be able to be there.)

I believe Debbie and her group arrived at 8:30 and stayed until 5 or later for their chance to speak their 2 minutes and because they knew I had to leave to pick up my children they arranged so I could speak first so we all owe Debbie and her folks a debt of gratitude.

For a quick synopsis of this meeting you can review this article courtesy of the Associated Press. Although it really fails to convey the passion and concerns of the other children and parents who testified. While they did capture some of my points from the meeting. . .

Jason France is a former Department of Education employee who worked on data collection for the agency and a parent of public school children. He said the state’s contractual arrangement with inBloom runs through 2014 unless the department sends a certified letter ending it, and he said the deal contained no opt-out clause for parents.

“The contract is still in force and that data can be sent back at any time,” he told BESE members.

White said he’ll send the certified letter to inBloom, but he said he’s sent several letters already notifying the organization that Louisiana’s data-sharing had ended.

. . .due to time constraints and the meeting format I was not able to pose questions nor respond to all the answers given.  I could probably go on for days about why this is a foolish and dangerous enterprise, but I will stick to some of what I felt were more important points.  By all means I encourage you delve into the agreements appended to the end and make your own observations.  (My classes in contract law were several decades ago, but I did my best and I don’t charge as much as lawyers 🙂 )

In an earlier post I expressed the desire to finally see the MOU, or Memorandum of Understanding between the Louisiana Department of Education and inBloom which also apparently does business under a number of other names and with a number of different partners, including Ed-Fi, Wireless Generation, SLI (Shared Learning Infrastructure), and the Shared Learning Collaborative, LLC. It’s not clear why these folks have to use so many subcontractors and go by so many different names except to make data available to all these parties and to perhaps confuse anyone trying to investigate these folks. . . In the event of a massive release of protected information, how would anyone even begin to figure out who was responsible? Speaking of responsibility, this SLI/SLC/InBloom entity accepts none, nor do they back up Superintendent White assertions that inBloom is compliant with FERPA, the federal law defining student privacy rights.

11.2 Privacy and Security Limitations. Service Provider does not warrant or represent that by using the SLI Service, Customer will be in compliance with Data Privacy and Security Laws, FERPA or any other federal or state law or regulation. Service Provider does not warrant that its electronic files containing Customer Data are not susceptible to intrusion, attack, or computer virus infection,

Of course in the event of gross negligence, contract assertions that a service provider is not responsible are sometimes found to be unenforceable. In those cases plaintiffs can seek damages from insurance or assets of the company. InBloom is seeking not only student data from Louisiana, which numbers around 7 hundred thousand students, but students across the United States and perhaps the world. The current level of insurance they have promised to retain seems woefully inadequate:

13. Insurance. Service Provider, at Service Provider’s expense, will procure and maintain during the Initial Term, a minimum $2,500,000 per occurrence/$5,000,000 aggregate limit of Professional Liability, covering technology errors and omissions, privacy liability, network security and liability, and network extortion.

Recently another Service Provider named Living Social using the same cloud technology and same cloud vendor that inBloom is using (Amazon) was hacked and fifty million users accounts were stolen, or about 1/6th of the entire population of the United States or around 17 Louisiana’s.

 (At the BESE meeting I mistakenly quoted 500,000, which was off by a factor of 100. Oops. One of the benefits of blogging is the ability to research and revise your work.)

With a similar breach inBloom or SLC would only be able to compensate each student 10 cents before exhausting the insurance they have promised to carry. This would not exactly buy a lot of credit monitoring, let alone begin to compensate anyone except maybe a lawyer or two – obviously the 5 mill is the max before any legal fees were paid to bring such a class action suit. Boy, this makes me feel safer.  How ’bout you?

If this is such a safe technology why is this all the insurance they can afford? The amount of money insurance companies charge to insure an activity is often a pretty good indication of how risky “professionals” have determined that activity to be. Sheesh, I have almost that much insurance on myself and I’m not the healthiest or youngest person on the planet. Clearly we can take this as evidence that the “industry” sees this is a very risky endeavor that is very likely to result in claims being filed.

Where will you spend you 2/3 of 10 cents (after legal fees)?

I found this next section to be interesting as well. Apparently InBloom/SLC/SLI, whatever it calls itself today, can hand off this agreement to any other non-profit entity it wants to, without input from the State.

Isn’t it nice that our children and their data are simply a tradable, transferable commodity?

Non-profits can still be quite “profitable” for those who running them. They can simply pay themselves whatever salary they feel is appropriate.

14.1 Assignment, Successors. Service Provider may freely assign this Agreement, in whole, to a not-for-profit entity that expressly assumes the Service Provider’s rights and obligations hereunder arising after the date of assignment

We are allowed to peek behind the curtain, every 6 months, so long as we foot the entire bill. Since John White has laid off most of DOE’s IT staff I wonder who he will subcontract that work out to, or if he will even bother? It’s not like he’s worried too much about such things in the past I suppose since previous audits of his lack of audits by legislative auditor Daryl Pupera clearly indicate as much.

14.2 Audit.

(a) Customer shall have the right, at Customer’s expense, to conduct independent code and network security reviews following each major release (i.e., Alpha Release, Release 1.0, etc.), and no more than once every six (6) months thereafter, upon reasonable notice to Service Provider and at reasonable times. Notwithstanding the foregoing, if Customer has reasonable cause to believe Service Provider is not in compliance with this Agreement, Customer may perform an independent code and network security review up to once every three (3) months.

Did you think your data was only going to be available to the half dozen initial vendors plus all the third party vendors inBloom expects “Customers” to subcontract with? Guess what, they can subcontract with anyone they choose for anything they choose, as much as they choose.

At the State we limited who had access to student data to direct staff, and only those that had a need. How will these guys keep track of all the folks that will have access to student data through all the complex vendor relationships they plan to engage? When recording studios can’t keep bootleg copies of music CDs hitting the internet before official release dates, and can’t track down pre-releasers, how can we really expect to keep our data safe once so many vendors and eyes have access to it?

14.3 Subcontracting. Service Provider may freely subcontract its duties and obligations under this Agreement. In the event that Service Provider subcontracts any of its duties and obligations, Service Provider agrees that: (i) the third party contractor shall execute an agreement regarding confidentiality consistent with the terms of this Agreement to the extent that such third party contractor has access to Confidential information of Customer and an agreement relating to any other obligations of such contractor as required to comply with Data Privacy and Security Laws, the Data Privacy and Security Policy and FERPA, and (ii) any such permitted subcontracting shall not release Service Provider from any of its obligations under this Agreement.

So just how long is this agreement and how binding?

8. Term and Termination.

8.1 Term. This Agreement will be effective for a term ending on December 31, 2014 (“Initial Term”). The parties may mutually agree to extend the term of this Agreement with such amendments to this Agreement as are appropriate and mutually agreed to for making available the SLI Service after the Initial Term.

This contract is in place until at least 12/31/14, but unless inBloom violated some of the contractual provisions it takes 90 days to cancel this contract, but only with written notice.

8.2 Termination.

(a) Each party will have the right to terminate this Agreement upon thirty (30) days’ prior written notice if the other party is in material breach of this Agreement and the breaching party fails to remedy such breach within thirty (30) days after notice from the other party; provided, however: (i) if the failure stated in the notice cannot be corrected within the applicable period, the non-defaulting party will not unreasonably withhold its consent to an extension of such time if corrective action is instituted by the defaulting party within the applicable period and diligently pursued until the default is corrected; and (ii) such extension shall not exceed ninety (90) days after the initial notice.

(b) Each party will have the right to terminate this Agreement for any reason upon ninety (90) days’ prior written notice.

And not just any notice. All written notices must be as follows. John White asserted he sent numerous letters to inBloom, but did not turn any over in response to multiple FOIA requests expressly asking for this letter or any other official communique.

14.6 Notice. All notices required or permitted under this Agreement will be in writing and sent by certified mail, return receipt requested, or by reputable overnight courier, or by hand delivery. The notice address for Service Provider is Iwan Streichenberger, Manager, 3451 Flabersham Road NW, Atlanta, GA 30305; and the notice address for Customer is John C. White, State Superintendent, Louisiana Department of Education, P.O. Box 94064, Baton Rouge, LA 70802. Any notice sent in the manner set forth above shall be deemed sufficiently given for all purposes hereunder (i) in the case of certified mail, on the third business day after deposited in the U.S. mail, and (ii) in the case of overnight courier or hand delivery, upon delivery. Either party may change its notice address by giving written notice to the other party by the means specified in this Section.

I don’t think I mentioned this before, but this is all information from a separate Service Contract.  The actual MOU is merely an attachment, not unlike your appendix, and about as useful.

Attachments

This Agreement includes: Attachment A (Terms & Conditions)

Attachment B (SLI Service)

Attachment C (Support Services)

Attachment D Reserved

Attachment E (Additional Terms applicable to SEAs)

Attachment F (MOU)

Attachment G (Super Administrator(s))

There was an MOU that was defined and signed by DOE, but it was sent as an attachment to this Service Contract. Within this service contract is a section that converts the MOU, such that it is, into nothing more than a poor toilet paper substitute.

14.8 Entire Agreement; Amendments; Memorandum of Understanding.

(a) This Agreement, together with the attachments hereto, constitutes the entire agreement between Service Provider and Customer with respect to the subject matter hereof. There are no restrictions, promises, warranties, covenants, or undertakings other than those expressly set forth herein and therein. Except as provided in Section 14.8(b), this Agreement supersedes all prior negotiations, agreements, and undertakings between the parties with respect to such matter. This Agreement, including the exhibits hereto, may be amended only by an instrument in writing executed by the parties or their permitted assignees. (b) If Customer is a School District, the MOU is attached for reference purposes only. If Customer is the State Educational Agency that is party to the MOU, Customer and Service Provider agree that: (i) notwithstanding Section B.6 of the MOU to the contrary, the term of the MOU shall survive execution of this Agreement and expire on December 31, 2014; and (ii) the terms of this Agreement, together with its other attachments, shall prevail over any conflicting terms contained in the MOU, including but not limited to MOU Paragraphs B.2.c (Privacy and Security), B.3.d (Test Data), B.3.e (Notice), B.3.f (SLI Implementation), B.6 (Term), and B.7 (Confidentiality and Publicity), and MOU Exhibit C (Data Privacy and Security Plan).

I have provided a copy of this agreement in full, as well as the toilet paper substitute, at the bottom of this post. There is more here you need to be aware of that alarmed me when I saw it and feel I would be remiss if I did not point this out in this post. However before I get there, let’s examine some more of John White’s claims. When John White made the claim he had requested that inBloom “destroy” our data, he merely exercised the following section of the agreement. He did not terminate the agreement as he has tried to imply, and any assertion to the contrary is completely disingenuous, and actually contractually impossible – such is the agreement he signed us onto.

10.4 No License; Destruction of Customer’s Confidential Information.

(a) Nothing in this Section shall be construed as a grant or assignment of any right or license in the Disclosing Party’s Confidential Information. The Disclosing Party’s Confidential Information shall at all times remain the property of the Disclosing Party. (b) At any time Customer reasonably requests, and in any event when Customer determines that the Confidential Information of Customer is no longer needed to obtain SLI Service, or upon the termination or expiration of this Agreement, Service Provider shall promptly destroy the Customer’s Confidential Information in Service Provider’s possession; provided that (i) if Customer is a School District, Customer may request or approve that Confidential Information of Customer not be destroyed and be made available to Customer’s State Educational Agency for its use in performing their functions for evaluating and overseeing compliance in federal and state-supported educational programs in accordance with Section 444(b)(3)&(5) of FERPA and State Data Privacy and Security Laws, and (ii) at Customer’s request, Customer shall be provided up to thirty (30) business days, according to Customer’s request, to export Confidential Information of Customer prior to its destruction.

(c) Notwithstanding anything contained in this Section 10.4 to the contrary, during Alpha Release, Service Provider may delete Customer Data without notice.

At April’s BESE meeting, John White attempted to characterize his relationship with inBloom and other similar providers was a partnership, a collaboration, and not subject to the needs of an MOU. This was notwithstanding the fact that he had already signed an MOU as well as actual Contractual Service Agreement with his partner. It took him almost 6 months to finally produce this document and the Service Contract and based on even the most cursory review of the contract you can easily see why he was trying so hard to conceal this relationship. However I found this next passage particularly funny. (By funny, I mean in that infuriating way when you find your children sitting in the middle of a pile of a broken “something” playing with the broken pieces, all the while claiming someone else broke it or they simply “found” it that way.)

14.7 Independent Contractor. Service Provider is acting as an independent contractor in its capacity under this Agreement. Nothing contained in this Agreement or in the relationship of the Customer and Service Provider shall be deemed to constitute a partnership, joint venture, or any other relationship between the Customer and Service Provider except as is limited by the terms of this Agreement.

Keep in mind John White was claiming this was merely a partnership, months after he signed this contract and after dozens and dozens of e-mails and other internal correspondence – up to and including the submission of all of our student data to inBloom. So either White is ridiculously forgetful, (We’re talking “50 First Dates” with Drew Barrymore and Adam Sandler forgetful) and should not be signing contracts and instead living in an assisted living facility, or he is shamelessly lying in the most egregious ways possible, on camera and in print, to BESE, his theoretical bosses, and all of us.

But now that that is out of the way, take a look at this.

ATTACHMENT E

Additional Terms Applicable to SEAs

A State Educational Agency that participates by accessing the SLI Service in accordance with this Agreement and discloses Personally Identifiable Information derived from student records to the SLI to assist it in performing evaluation and compliance activities related to federal- and state-supported education programs is subject to the following additional terms:

1. The State Educational Agency hereby designates the Service Provider (and its contractors that perform services to carry out this purpose) as its authorized representative to assist it in carrying out evaluation and compliance activities related to federal- and state-supported education programs.

2. The State Educational Agency will disclose Personally Identifiable Information to the SLI Service from source systems maintained by the Louisiana Department of Education and its authorized representatives including (i) student demographic, enrollment, program service, and assessment data; and (ii) educator assignment, certification, performance, and other related data. The State Educational Agency will only disclose SEA Data: (i) when the SEA is the authoritative source of data needed for applications that Schools, Districts, or Parents have elected to utilize; (ii) when utilization of SEA Data will avoid or limit redundant data entry or verification on behalf of School District Customers; or (iii) when necessary to support an evaluation or compliance activity by an authorized representative of the State Educational Agency related to federal- and state-supported education programs.

3. The State Educational Agency intends for the SLI Service to serve as a technology platform to support its overall evaluation and compliance activities. SEA Data maintained within the SLI Service may be utilized to support state evaluation or compliance activities to the fullest extent permitted by state and federal law.

Despite John White’s contentions to the contrary that only basic student demographic data was to be stored, this contract makes it quite clear we were sending enrollment, program, assessment info, teacher info including certifications and “other related data” which disturbed me when I located what some of this other data was. The other interesting section here is that John White appears to be relying on inBloom to start submitting all federally required data, and to produce all necessary state reports. This was intended to be the final privatization piece of the LDE IT puzzle, but we have no idea what the cost for all that would be. I have no doubt one way to defray some of those costs would have been to allow this student and teacher data to be used for marketing purposes. This “cost recapture” strategy has actually been mentioned by inBloom as a way to reduce costs for services. However once we have signed on with inBloom for all our state and federal reporting, any guesses as to which direction those costs will go?

Hold onto your checkbooks folks, it’s gonna’ be an expensive ride, White’s signed us up for.  And by the looks of this next section, it looks like we’ll be riding naked.

3.0 Data Domains. The Company intends the following with respect to data domains and is working with its vendors to incorporate these features and functions into the SLI consistent with the terms of the vendor agreements:

a. The SLI Model defines a total of 250 types or entities. The domain types contain over 400 granular data elements and the flexibility to add more as needs evolve. However, these are captured in 39 high-level “Domain Types:”


The MOU did reveal something more “informational” as the Service Contract described it. This company also intends to capture information on parents and teachers. We’ve already seen how teachers were treated when high-stakes testing was introduced. If their students did not improve, they were held accountable and subject to sanctions and termination. Some states like Tennessee have already started punishing parents by taking them off foodstamp rolls, and many states, including Louisiana, fine or jail parents when their children are truant. While I am not suggesting truancy is a good thing, or something to be encouraged, I can easily see a scenario after the Reformers realize making teacher scapegoats for all the ills of our society has failed, their next logical target to focus their ire and blame on will be parents. This database, and databases like it, will be how that new lynch movement starts. Because many of these folks refuse to factor in the effects of poverty and disabilities, any guesses who these punishments will disproportionately fall upon?

Tell BESE and John White to shut this down. John White promised to send me copies of the letters he theoretically sent to inBloom cancelling this agreement Tuesday the 18th, as well as confirmation as to whether or not he honored my opt-out request for my children. It is now the 22nd and I still have not received a response. Perhaps some of you could remind him for me?

Service Contract with inBloom/SLC/SLI: SLI SaaS

MOU: SLI MOU (2)  I wonder what happened to MOU 1?  I wonder what that one looked like. . .

 

Update:

BESE Contact and video info courtesy of Geauxteacher:

James.garvey@la.gov, Kira.orange-jones@la.gov, Lottie.beebe@la.gov, Walter.lee@la.gov, jay.guillot@la.gov, chas.roemer@la.gov, holly.boffy@la.gov, Carolyn.hill2@la.gov, Connie.bradford@la.gov, Judith.miranti@la.gov, Stephen.waguespack@la.gov

Go for it. You can find more info on BESE and meetings and view the video archives of meetings at the Louisiana Dept of Ed website.  Little difficult to negotiate after the TFA child wonders redesigned it.  http://bese.louisiana.gov/

inBloom, Ed-Fi, Cloud Computing, China, Nazi-Germany and the new Eugenicists

inBloom, Ed-Fi, Cloud Computing, China, Nazi-Germany and the new Eugenicists

Believe it or not, these concepts and words are all related. inBloom and Ed-Fi are two vendors that use cloud computer to store massive quantities of student data (the Louisiana is currently doing business with.) The information these vendors plan on storing will be used to classify, sort and allocate children by their skills and early proficiencies, much as they do in Communist China. It’s no coincidence that many education reformers point to China as an example of education success and something to emulated, not shunned despite what many Chinese themselves thinkEugenicists advocated the conscious elimination of “inferior” human being from the gene pool and promotion of the superior specimens. Eugenics is generally considered a discredited and bankrupt philosophy and social movement, pioneered by a cousin of Charles Darwin – seeking to apply his relative’s research in what he considered a productive manner, but which most of us would consider abhorrent and unconscionable, except when dressed up in a pretty package or advocated as a social need such as is occurring in China. Perhaps one of the most infamous eugenics campaigns was undertaken by Adolph Hitler. Hitler undertook perhaps the largest eugenics campaign in the history of mankind. Hitler had plans and delusions of creating master Aryan “super-race”

Those humans were targeted who were identified as “life unworthy of life” (German: Lebensunwertes Leben), including but not limited to the criminal, degenerate, dissident, feeble-minded, homosexual, idle, insane, and the weak, for elimination from the chain of heredity. More than 400,000 people were sterilized against their will, while 70,000 were killed under Action T4, a “euthanasia” program.

Hitler also actively engaged in genocides, tracking down and exterminating millions of Jews, Gypsies, Russians, Poles and Ukrainians or anyone else who disagreed with him. However eugenics campaigns were not limited to countries like Nazi Germany.  The inspiration for Germany’s heinous program actually started here and was sponsored by a philanthropic organization, just as the Education Reform movement is sponsored today.

After the eugenics movement was well established in the United States, it was spread to Germany. California eugenicists began producing literature promoting eugenics and sterilization and sending it overseas to German scientists and medical professionals. By 1933, California had subjected more people to forceful sterilization than all other U.S. states combined. The forced sterilization program engineered by the Nazis was partly inspired by California’s.

The Rockefeller Foundation helped develop and fund various German eugenics programs, including the one that Josef Mengele [perhaps the closest thing to Satan in human form ever to walk the earth] worked in before he went to Auschwitz.

Upon returning from Germany in 1934, where more than 5,000 people per month were being forcibly sterilized, the California eugenics leader C. M. Goethe bragged to a colleague:

“You will be interested to know that your work has played a powerful part in shaping the opinions of the group of intellectuals who are behind Hitler in this epoch-making program. Everywhere I sensed that their opinions have been tremendously stimulated by American thought . . . I want you, my dear friend, to carry this thought with you for the rest of your life, that you have really jolted into action a great government of 60 million people.”

Eugenics researcher Harry H. Laughlin often bragged that his Model Eugenic Sterilization laws had been implemented in the 1935 Nuremberg racial hygiene laws. In 1936, Laughlin was invited to an award ceremony at Heidelberg University in Germany (scheduled on the anniversary of Hitler’s 1934 purge of Jews from the Heidelberg faculty), to receive an honorary doctorate for his work on the “science of racial cleansing”. Due to financial limitations, Laughlin was unable to attend the ceremony and had to pick it up from the Rockefeller Institute. Afterwards, he proudly shared the award with his colleagues, remarking that he felt that it symbolized the “common understanding of German and American scientists of the nature of eugenics.”

Even today, China is one of the few countries with both an explicit and implicit eugenics policy. The explicit “One Child” policy has exceptions that can be purchased or granted based on political connections or, individuals can ignore the policy if they have the wherewithal to pay the fines. The implicit policy involves testing children for sex (male children are more desirable leading to numerous female baby abortions) or aborting children for deficiencies and in many cases forced abortions.  Is it any coincidence China is often cited as prime example of what our education policies and programs should look like?  China classifies students as either college bound or menial labor bound from an early age using assessment data that determines which path is most suitable for a child.  This path ultimately determine how far in society a child will be able to progress, how often they will be allowed to procreate, how much education they will be allowed to receive.  This is the “Reformer” vision of the future of US education.

Current US law has outlawed the use of genetic testing for placement of employees, pricing of insurance, or admissions to primary schools or colleges. However test scores, and background checks have long been used and upheld as a way to discriminate against employees and enrollees. High test scores and grades can even be used to give discounts on auto-insurance and prior to the implementation of the Patient Protection and Affordable Care Act of 2009 (more commonly known as Obamacare), insurers could discriminate and price products based on pre-existing conditions, age, gender, etc. Life insurance products are currently priced based on general health, blood pressure, medical history, whether a person is or has ever been a smoker, gender, age, etc.  For the time being, instead of using children’s actual DNA, which would be costly to store, evaluate and classify, the government is seeking to collect student’s educational DNA.  This ed-DNA will be used to start classifying students based on what computers and researchers believe are children’s potential.  It will be linked to income tax returns to see how much money children make, criminal databases to see how often they tangle with the law, doctor’s records to examine how often they avail themselves of health services and what types of diseases and conditions they develop.  With the recent decision of the Supreme Court that ruled DNA information is not patentable, expect bazillions of fly-by-night genetics testing providers to spring up offering discount rates on gene testing and storage.  This will initially be a boon for patients, but also for future government eugenics programs, and embryonic screening of children for desirable traits and exclusion and abortion of children with less desirable ones. (For an interesting window into the possible future of this type of genetic screening and profiling of children based mathematical projections and expectations I’d recommend watching the movie Gattaca.  We’re not as far removed from this future as you might think and this inBloom database LDOE is pushing is a necessary first step towards this future.)

Today instead of the Rockefeller Foundation funding eugenics programs with have the Bill and Melinda Gates foundation funding inBloom, a database that can be used to capture information on potential test subjects. We have Pearson conducting field tests on millions of children without their parents’ permission or knowledge. We have Michael and Susan Dell running a rival database called Ed-Fi that operates identically now, to the way inBloom is trying to operate in the future. We have the Walton family, heirs to the Wal-Mart fortunes, funding a pared down pauper’s education to the masses, so they are easier to control and convert into future Wal-Mart employees and customers. The Koch brothers have influence over PBS (the Public Broadcasting System) which in theory is a media watchdog that only theoretically keeps watch over our liberties and infringement upon the same. All other media sources are beholden and censored by corporate and government interests, save independent bloggers who are now under siege by these government and corporate interests seeking to silence us so you only get a single “sponsored” narrative.

Gun control opponents fight tooth and nail against the regulation of firearms sales, and electronic documentation of gun ownership, for fear of what the government can do with such a list and such information. Unbeknownst to them, the State (their states and the United States) are sponsoring a much more insidious data collection that will start with their children and follow them throughout their life. A federal database, called EDEN, is the first step toward knowing everything about you, forever. Currently EDEN does not collect personally identifiable information, but The US Department of Education is pushing national database collections SDLCs like inBloom and Ed-Fi because they will be able to quietly change a few policies and suck in all their information these providers collect. FERPA, the Familiy Educational Right Privacy Act, specifically exempts federal agencies from having to comply with it. Federal agencies that can request information at any time without parental notification or consent: 

 to authorized representatives of the Comptroller General of the United States, the Attorney General of the United States, the U.S. Secretary of Education, and State and local educational authorities for audit or evaluation of Federal or State supported education programs, or for the enforcement of or compliance with Federal legal requirements that relate to those programs;

The Federal government will be able to tie this information into the all the other databases they use to keep tabs on you at all times. As recent leaks about PRISM by Edward Snowden reveal, the NSA (National Security Administration) gathers everything on you that search engines like Google possess, anything you post on Facebook, anything you do with your cellphone and anything you save on your cellphone. Google actually physically drives their Google-mobiles through everyone’s neighborhood photographing your actual houses, sucking up your local network names, your cars’ license plates, and any signal they can. This information gets included in Google maps, but also gets tied to a profile of you. From census information you are required to report every 10 years, the government gets more. Google was recently fined for their privacy invasion tactics to the tune of just 7 million dollars, or less than 1/3rd of a day’s profits. (My guess is this is because the Federal Government wants this data, perhaps even requested Google compile this data, but needed to issue a token enforcement in response to the public outcry.)



While I think we were all impressed with how quickly the Boston bombers were identified and brought to justice, on some level most of you probably had a slightly queasy feeling. The amount of technology brought to bear, the speed with which that data was analyzed and actual pictures isolated and released, the subsequent identification of these bombers through a convenience store camera, the infrared heat signal tracking . . . it was all a bit spooky to me. Not long after there was the strange lethal shooting of the unarmed interview subject related to this case by the FBI, in the presence of 6 FBI agents, including what may be once in the back of the head.

So in addition to the criminal types and unscrupulous corporations that will have access to your children’s data as I covered here, you will have to worry about the Federal government getting a hold of your data and using for whatever suits their fancy. But let’s get to the meat of this initial matter, the handing over of student data to external data storage providers using Cloud Computing.

Here are some of the key things to keep in mind when your DOE comes knocking with a proposal to use a cloud storage provider like inBloom or Ed-fi for handling all your data storage and dissemination needs.

  • Most IT pros do not trust cloud services with sensitive data. (There’s a reason banks don’t conduct financial transactions using cloud computing and the military doesn’t store top secret weapons designs on something called CloudNuke.)

    Some 86% of those polled by Lieberman Software said they do not trust the cloud for their organization’s more sensitive data, and 88% said that they believe that there is a chance that the data their organization keeps in the cloud could be lost, corrupted or accessed by unauthorized individuals.

  • Clouds consolidate data, making it easier for criminals and governments to access this data, especially secretly. Vendors have a vested interest it concealing whether your data has been compromised, and as recent and historical events have shown, even the US government spies on its own citizens and allied nations.
  • Clouds make your data a bigger, tastier target, in much the same way shopping malls attract patrons, gold rushes attract miners, and dung attracts flies.
  • Storing data on inBloom and Ed-Fi Clouds adds an addition level of risk. These vendors are not suggesting they will replace your internal data systems, they are “in addition to” your existing systems. Sharing student data on Clouds is like passing out your spare house key to everyone on the block, including ones you don’t know well or at all, instead of just a single well known neighbor – in case of an emergency.
  • Storage of student data is expected to cost 5 dollars per student, but could be more. With 700,000 current students in Louisiana that comes to 3.5 million dollars per year. If this figure includes all students that total surges to 15 million dollars per year, or roughly the cost of this year’s entire Voucher private school expansion that was recently ruled unconstitutional to fund from the public school MFP formula by Louisiana’s Supreme Court.
  • LDOE has not proposed any specific use for this data, or this 15 million dollar annual expenditure. Wouldn’t this money be better spent on students, pre-k education programs, teaching supplies, professional development, anything else?
  • FERPA was weakened by USED to allow vendors to use data for non-educational purposes. Just as your iPhone terms and conditions change almost daily, so could the terms and conditions under which these vendors operate. They claim they will not share this data initially, but they also indicate they will provide discounts to states that provide date to third party vendors from whom inBloom will “recapture costs.”

    “As a non-profit organization, inBloom is exploring cost recovery partnerships with select vendors, which are contracted by states and districts, for the services that it provides. These recovered costs will ultimately be passed on to participating districts through lower annual fees.”

    (This is fancy schmancy talk for selling your data but instead of money changing hands they will give “discounts” in much the same way sleazy car salesmen and fly-by-night furniture sellers mark up their prices before offering 30-50% discounts on everything in their store!)

But don’t take my word this.  Ask LDOE and BESE at tomorrow’s BESE meeting (June 18th), about what they feel it is necessary to spend upwards of 15 million dollars to endanger your children’s futures and allow the federal government, hackers and pedophiles easy access to your children’s private information and future.  They will tell you to make things easier for school districts to work with 3rd party vendors, they will tell you to take advantage of teacher dashboards not teachers unaffiliated with this administration are asking for, they will tell you this is to take a step into the future.

 

But I ask you, is this a future you want for yourself or your children and grandchildren?

gattaca-review-valid

Where we are nothing more than what our DNA and data says we are?

 

 

 

 

 

 

 

 

 

 

 

 

 

. . .In the Name of the Children

. . .In the Name of the Children

I’ve been getting regular reports on progress and events taking place in the local and national arena in relation to the illegal student data sharing situation. One of the things that have been revealed recently in other states is that the costs associated with this inBloom project could become astronomical both from a direct annual fee based cost as well as from liability issues that will be created. The State of New York, the only other state as far along as Louisiana in the data sharing situation, revealed in a town hall style meeting that the state and local school districts would be on the hook for any liability related to intentional or accidental exposures of student data because:

‘If there is a data breach from inBloom (as many people believe is nearly inevitable) the state will be legally and financially liable, since the Gates Foundation has insulated itself and inBloom from responsibility.”

This will leave parents and children impacted with a difficult decision in the event of misuse from hacking or irresponsible behavior on inBloom’s part. They can either deal with the repercussions themselves (and eat any costs associated with it) or they can sue their own state and local school district which will have an impact on them in the form of reduced funding for schooling and services. A large class action settlement could lead to the discontinuation of significant public services, or increased taxes, or both.

Despite what inBloom and the provider of the data cloud inBloom will be using (which is Amazon) clouds are very easy to penetrate and hack into. Just this past week an Amazon cloud client you have probably all heard of called LivingSocial suffered a massive breach from a data cloud. Living Social is partially owned by Amazon. If Amazon really had a magic bullet to prevent such disclosures don’t you think they would have protected one of their own companies?

I’ve been collecting various new clips on the inBloom situation from various publications across the United States (mostly from people forwarding them to me.) This is not an issue that will simply go away, nor should it. John White has claimed he cancelled Louisiana’s contract with inBloom, but the CEO of inBloom, Iwan Streichenberger, has repeatedly and publically denied these claims to which John White has made no comment when asked such as during this interview with EdWeek, (one of the nation’s premier education information publications.)

The privacy and security section of inBloom’s website states that, “inBloom, Inc. cannot guarantee the security of the information stored in inBloom or that the information will not be intercepted when it is being transmitted.”

When I asked White about this language, he responded, “I don’t know. I’m not a lawyer and I can’t speak for them.”

According to a letter inBloom’s CEO Iwan Streichenberger sent to districts it was working with (and posted on Twitter by education writer Audrey Watters), Louisiana has decided to “pause” its “fast-track implementation” to talk further with the state board and others. Louisiana only got on the “fast-track” implementation recently, after initially being on a “slower” one, he wrote. He referred to White’s action as a “pause,” and that inBloom supported his decision.

“The pause also supports Louisiana’s efforts to transition from using Social Security numbers (SSNs) to randomized student I.D. numbers, in keeping with inBloom’s requirements and with industry best practices,” Streichenberger wrote.

In response to Streichenberger’s comments about a “pause,” White said, “I don’t really know what it means,” and stressed that the state no longer had student data stored with inBloom.

How can John White consider forcing Louisiana to partner with someone as disingenuous and untrustworthy as White is making Iwan Streichberger out to be? If Iwan is lying publicly and repeatedly about this, he and his organization should never be trusted by anyone for anything, not for hauling trash, not for cleaning windows, not for sweeping floors, and most definitely not for protecting highly sensitive and potentially life-altering student data. To do so would be the epitome of irresponsibility. However if John White is lying, that is even worse. To date John White has not released the original data sharing MOU/contract he promised to share promptly, nor has he shared the statement/cancellation notice of the contract he has claimed to have made with inBloom. Lawsuits have now been filed to force him to release what he has promised to our State Board of Education, BESE, to release promptly, and which he has a legal obligation to provide under the Freedom of Information Act. Failing to do so is illegal and will cost the state money. Refusing to do so is not the action of an honest person asking us to believe he has our best intentions at heart. John White has been entrusted with our children and their future’s and has a blank check to buy whatever he wants with our money in the name of our “children.”
Jesus_and_Children011

Reformers like White are almost all liars and manipulators of data as well as emotions. One of their favorite tactics is to claim they are doing everything “for the children.” They love to name their organizations things like “Children First” when the reality has always been putting themselves and their greed first, foremost and exclusively. Anyone and everyone who gets in their way, including children, are just obstacles to be overcome or eliminated. They are unable to handle different opinions, truthful disclosures of data, or dissent, because the foundation they have built their empires upon is the same shifting sand I was reminded of from Matthew 7:26

7:24 Therefore whosoever heareth these sayings of mine, and doeth them, I will liken him unto a wise man, which built his house upon a rock:

7:25 And the rain descended, and the floods came, and the winds blew, and beat upon that house; and it fell not: for it was founded upon a rock.

7:26 And every one that heareth these sayings of mine, and doeth them not, shall be likened unto a foolish man, which built his house upon the sand:

7:27 And the rain descended, and the floods came, and the winds blew, and beat upon that house; and it fell: and great was the fall of it.

When you build your Department of Education upon the sands, as White has done, it cannot withstand even the slightest tremor or breeze. Even now John White is purging the last of the bedrock from this agency. He has laid off nearly all of the experienced educators and eliminated almost all off the programs that support schools districts. If you have a gray hair or in an in-state license plate, John White has no use for you. Just this week White eliminated senior staff from the arts, teacher certification, and much, if not all, of our Special Education personnel. John White will be replacing them with grains of TFA sand. If you try and call the agency now, you will not be able to contact anyone of substance; just the overpaid, foreign grains White has imported from other states to own strict allegiance to him, and not to Louisiana. Anyone who looked after Louisiana (or Louisiana children is gone) or about to be shown the door. This was done to ensure we get no further disclosures of the inBloom sort.

John White must be fired now before he does anymore damage, betrays our trust anymore, or causes us many millions in damage Louisiana taxpayers will have to foot the bill for. If you look at the list of questions below, it is obvious that John White is trying to find cover from some of our local school districts for things he has already done or committed us too. He has called the SAC, Superintendent’s Advisory Council together for May 16th in the hopes of providing some cover for the illegal actions he has already done, and the amoral contracts he has already committed us too.

“Below is a note from BESE President Chas Roemer, sharing a request from the Board for discussion of a specific topic at the SAC meeting on May 16th. If you have any questions or concerns, please do not hesitate to reach out to Chas (or me) directly.

Best,

Heather

——————————————-

Members of the Superintendents’ Advisory Council,

Thank you for your service on BESE’s advisory council. The Board values the insight, guidance and feedback you all provide as we all strive to increase opportunities and outcomes for the children of Louisiana.

As you may have heard, data use and collection received quite a bit of interest at the most recent BESE meeting. BESE members are interested in continuing the conversation, and before we move too far along, the Board would like to learn more about how local districts collect and use student data. Specifically, the Board is hoping to learn:

What student data is collected by local districts

Who has access to identifiable and non-identifiable data

How data is stored, including names of any third-party and/or outside vendors used

How student privacy is protected

How student data is used, for academic and non-academic (e.g. bus routes) purposes

As an advisory council to the Board, we are hoping you can provide us with a snapshot of what is occurring across the state. We are not looking to nitpick specific districts, rather the Board would like to receive a general summary of current practices in districts at its June meeting to help inform the conversation at the state level. The Board is requesting you all discuss data collection and use at the May 16th SAC meeting, allowing staff to summarize your discussion and current practices for presentation to the Board in June. Supt. Faulk is prepared to guide the conversation at your May meeting and will be asking you to share information about the above. I am writing to ask you to arrive to the May 16th meeting prepared to participate in this conversation.

Please do not hesitate to reach out to me or BESE staff if you have any questions or concerns.

Chas”

If any districts divulge that they are providing data for non-educational purposes (I would consider bus route info an educational purpose) I would expect that district’s parents and children would be very interested in learning that info. You see, even if the law allows something, which it is questionable whether a policy change can undermine a law, that does not mean it is safe, ethical, necessary, wise, or in the best interest of children.

Chas and White may try to spin bus routes as an example of a non-educational use of data, but don’t let them.

Here are some other questions superintendents attending the SAC meeting need to ask, because we will be asking them the answers.

  • Why is DOE sharing actual name dob and SSN instead of just the de-identified GUID built internally for the LEDRS project and used currently for accountability scores, dropout counts, COMPASS/VAM grad index, etc.
  • What assurances do parents and districts have that once the state enters into this contract with directory data, that more/all data won’t be shared?
  • What assurances do we have vendors won’t change their terms, just like Apple does every day, and allow this data to be shared for non-educational purposes since USED has ruled this OK?
  • Where will the 3-5 dollar fee paying for this storage come from? (This is supposed to be charged to states in 2014 or 2015 and on an annual basis thereafter.) (5 dollars times 700,000 children is a minimum of 3.5 million dollars per year or the cost of the entire internally built data warehouse that DOE has already built with Federal tax dollars.)
  • Where will the student data end up after students graduate? What is the disposal policy?
  • Will parents be allowed to opt out? How do they to that in an orderly verifiable fashion?
  • Why is the state insisting on doing this rather than allowing districts the choice?
  • How many other vendors than just inBloom are involved and what are their roles? (we already have info on Ed-Fi, Alvarez Group, Amplify, Course Choice, Celt, Wireless Generation. Where are their contracts?)
  • Will the state always be sending this data or will districts be expected to send data eventually?
  • Who gets the reports and how much do they cost?
  • What other fees are associated with this plan and who pays them (MFP?) Or DOE budget?
  • If inBloom is not responsible for accidental exposures, misuse or hacked data, who is and what recourse do parents have? (New York has stated they are responsible, which would mean Louisiana and Louisiana taxpayers.)
  • How can parents/students get records of everything contained/stored on them and request corrections or deletions? (IF this is just directory information, this should not be a problem.)
  • Exactly which person, board or other made the decision to share student data without parental consent with an outside entity? Does this person understand technology enough to appreciate the risks and are they willing to be personally responsible for misuse and exposures?
  • Does this person, board, or other also have the authority to restrict student data sharing?
  • Was the public ever notified that the approximately 4 million dollar state-of-the-art LEDRS database( paid for with their tax money) was dismantled to be replaced by another data base (Gates)? Who made this decision?
  • Will parents receive free copies of the information and/or be able to view the information for free that InBloom and possibly others intend to store, share, sell. How often will parents be updated on the data of their children as it continues to accumulate?
  • Who is going to pay for any anxiety/and or psychological repercussions that children may incur after realizing that information (which may be unflattering/ embarrassing/or even erroneous ) is now available for scrutiny; i.e. psychiatric or psychological treatment?
  • Is Race and/or Religion included in the collected Data. If so WHY and for WHAT PURPOSE? What other non-academic information (photographs, social security numbers, addresses, phone numbers, teacher comments, etc.) is included and why?
  • Should any suicide of children occur over unflattering or mistaken data attached to their name, who are we to hold responsible?
  • Should any abductions/molestations, rape, etc. of children be facilitated as an unintended consequence of release of this data (i.e. pictures, addresses, phone numbers ,etc. who is going to be held accountable, both criminally and civilly?

Other recent articles on the inBloom issue include:

Here are also some recent videos and newsclips that capture the intense anger expressed by many parents nationwide.

John White has built his DOE agency on the bed of sand; it’s time for us to blow it down and start over with bedrock and granite.

Two brave Mandeville High students fighting John White and BESE for their futures

I recently had the privilege of chatting with one of the two brave Mandeville High School students that participated in a BESE meeting about student privacy at the Louisiana Department of Education on Wednesday the 17th. (I only wish I could have been there myself but was not able to get away at that time.) However I feel like was more than adequately represented by these two young adults. Below is the statement made at this meeting by Rachael Sachs, a 16 year old student from Mandeville High School.

How would you feel if your house got broken into and all of your personal belongings were stolen? And later when you went on the Internet, you discovered that your belongings were being sold to the highest bidder?

How you would feel then, is how we feel now. Our personal information is being sold to anybody who has money, whether it is a company, or a predator, not to mention hackers. We are being put in danger.

I don’t have a Facebook for this reason. These companies are treating us as though we are theirs to sell to make a profit off of . . . it is almost as if we are being prostituted.

How would any of us feel?

I am just beyond the window of having my personal data stolen and sold, by my kids are not. I can tell you I am outraged. . . but I have time to try and put a stop to it before it causes them permanent harm. However students, young adults, like Rachael and her schoolmate Grant Barker, are just about to leave the confines of their schools for college, work, credit cards, house notes and hopefully bright futures if they are not sabotaged enroute.

Rachael has made a conscious choice not to share her personal and private information through Facebook so as not to become a target for hackers, spammers, marketers and ruthless predators. That is a choice she was allowed to make to protect herself. John White and the State of Louisiana have taken the irresponsible step of sharing her details anyway, and more private and damaging information that Facebook requires for participation.

Facebook does not require Social Security Number, and has no place to even store that number, know the potential for abuse. Facebook allows users to provide date of birth, but that is left to the discretion of the individual user. You can provide your full real name, although you can actually set up an account under an alias. I know someone who has a page for her cat, and I set up a page for a crawfish in addition to my real page. Plenty of my Facebook friends have pages without their last name or under nicknames. You don’t need to provide a phone number or mailing address or even a picture if you don’t want to, and if you do provide a picture for an icon you have control over what picture you want to represent you to the Facebook community.

To contrast, John White and his “vendors” want your real address, phone number, picture, date of birth, full name and social security number just to get your account started. Going forward they will record and link as much information as they can. Students have no choice and no control over what gets sent, and that information may be very unflattering and incorrect and there will be nothing they can do to fix it. This information will be available to the staff at these companies; these vendors even mention this fact in their disclaimers. Anyone who tells you they won’t need to view this data is absolutely lying. There is no way to maintain such a system without giving access to the actual data to report writers, data evaluators, and system administrators.

inBloom was started with a 100 million dollars in start up cash. Think about that. This company will have to make money somewhere, just like Facebook, Google and any other company that provides services. The only question is how will they do this? Initial fees for storing data on inBloom have been quoted in the 3-5 dollars per student per year range. We have records for 2.5 to 3 million unique students and around close to 700,000 public school student records and another 20 or 30 thousand private school student records for students located in our Special Education Reporting system and Student Transcript system. For just this one vendor, we have knowledge of LDE “sharing” data with as many as 3 or 4 such “vendors” we could be incurring expenses of anywhere from 8.5 to 60 million dollars annually. So not only is John White giving student data away, endangering our student’s futures, he’s will be stealing funding that would otherwise go to educating these same students. They get the privilege of paying for this violation of their privacy.

And that’s just the start of the gravy train.

Local education officials retain legal control over their students’ information. But federal law allows them to share files in their portion of the database with private companies selling educational products and services.

Entrepreneurs can’t wait.

“This is going to be a huge win for us,” said Jeffrey Olen, a product manager at CompassLearning, which sells education software.

All of this brings us to this video of Grant Barker being lied to and bullied by BESE president Chas Roemer and Superintendent of Education John White.

http://www.youtube.com/watch?v=jKgny3red4I

White claims there is no money attached to participation in the grant, but the Louisiana Department of Education has taken plenty of Gates grants in the past, and the Gates foundation has pledge 70 million in grants to participants in this program.

In addition to its $100 million investment in the database, the Gates Foundation has pledged $70 million in grants to schools and companies to develop personalized learning tools.

Grant Barker makes a good point about Google, users are notified that their queries and information will be used for additional marketing and stored in databases, and their participation in using this search engine is contingent upon accepting that agreement. They don’t have to use Google, and they certainly don’t have to share such personal details as SSN, DOB, name, picture, phone number and address to use Google. John White has shared everyone’s data without notifying them, endangering them, and without compensating them. In fact this scheme will likely cost these students quite a bit in loss of privacy, will lead to inevitable abuse (inBloom even mentions remedies for types of abuse it anticipates in their privacy agreement), not to mention the tax dollars and education dollars that will be permanently dedicated to these “vendors” to store our private data while these vendors also make money selling this same data to others.

inBloom, Inc, each inBloom, Inc Contractor, and Customers, as applicable, will consistently enforce this Policy with appropriate discipline for its own employees. inBloom, Inc,  each inBloom, Inc Contractor, and each Customer, as applicable, will determine whether violations of this Policy have occurred and, if so, will determine the disciplinary measures to be taken against any director, officer, employee, agent or representative who violates this Policy.

The disciplinary measures may include counseling, oral or written reprimands, warnings, probation or suspension without pay, demotions, reductions in salary, or termination of service or employment, as well as criminal referral to law enforcement, if appropriate.

Persons subject to disciplinary measures may include, in addition to the violator, others involved in the wrongdoing such as (a) persons who fail to use reasonable care to detect a violation, (b) persons who withhold material information regarding a violation, and (c) supervisors who approve or condone the violations or attempt to retaliate against employees or agents or representatives of inBloom, Inc or the inBloom, Inc Contractor for reporting in good faith violations or violators

Grant brings up a point about whether it is necessary to share all this info. It is not. For starters we have an internal unique id that cannot be used to apply for credit cards, or steal someone’s identity like a Social Security number can. Sharing SSN was a decision John White made that serves no purpose except to endanger students, many of whom are already voting adults and should have been provided the opportunity on whether they want to share their own data. What’s more, even inBloom thinks this is a problem which they informed John white about many months ago and which he ignored. Here is a statement from inBloom which also directly contradicts John White’s statements and assurances.

Last month, we learned that Louisiana was utilizing SSN as their local student ID for enrollment for their Course Choice platform which is currently leveraging inBloom services.  We have since been working with the LADOE team to expedite the rollout of a new state-wide student ID.  The Louisiana team felt it best to suspend their use of inBloom services while they assess long-term alternatives to storing SSN’s in inBloom.  We are supportive of this decision given our sensitivity to hosting SSN’s, as described in the Software as a Service Agreements we have already signed with several of you.  Louisiana is the only state or district partner where SSN’s were a concern.  Louisiana remains part of the inBloom consortium and is evaluating the path toward reconnecting the data services in a time and manner aligned with their state instructional improvement goals. 

Why is John White allowed to make such irresponsible decisions, repeatedly, without any oversight, and without any reprimands or consequences?

Chas Roemer and John White have continued to spin another lie about school districts contracting with outside vendors to store their data, and that their arrangement is no different. This was a ridiculous self-serving oversimplification when it was first made, and continues to be one. LEAs (school districts) contract with vendors to hold their data for their own purposes. Usually this data is actually housed internally at larger districts because economies of scale make it both safer and less expensive to do this than to contract with a multitude of private unmonitored vendors. This data is housed on servers only school districts and their student information system vendors have access to, to be used by their internal data reporters and staff.  School district’s data is not strored on “clouds” designed to allow easy access to data from any point in the world. This data is not shipped out to unsupervised warehouses for thousands of out-of-state vendors to peek and tweak for whatever reason they see fit. Just because FERPA (the federal student privacy act) was changed to allow state agencies to provide data (any and all data) to vendors for non-educational purposes, that does not mean it is a good idea to do so. That does not make it necessary to do so. This is a far cry from the safest idea, even according to John White’s own vendor, inBloom, as they note in the passage above. And with costs of up to 60 million or more (just for starters) this is not the least expensive option either.

I wonder how much of this 60 million of Louisiana tax payer money will go towards John White’s salary when he leaves LDOE? This amount dwarfs what Bobby Jindal wanted to trim form the state budget to eliminate the State’s hospice program, which was pegged at 8.3 million over two years, versus the 120 million for two years of the SLC vendors we’ve learned of just by accident.

My thanks go out to Grant Barker and Rachael Sachs. They showed great courage, not many of us have today, let alone at their young age. This may also speak to how outraged and offended they were upon discovering their state Department of Education was selling their data, and selling them out, rather than teaching them. Maybe this was a lesson of sorts? If they don’t already, I know they will recognize that their participation in our government was one of the greatest lessons they could have learned during any class day, and more valuable than any test score or individual school grade they may have earned. I’m just sad they had to speak out, because so many of the adults don’t. I’m sad at how I saw Grant treated by Chas Roemer, who didn’t seem to want to be bothered with a very serious issue to Grant and hundreds of thousands of Louisiana’s public school children. Chas kids’ attend private school, so did not have their data shared this way. Chas did not have his own future put in jeopardy, but apparently felt justified in trivializing Grant Barker’s concerns while trying to rush him out of the BESE meeting.

I wonder if Chas would have felt any different if it was his SSN, or his kids’ SSNs and private data floating around on thousands of unsupervised servers on multiple data clouds that no adults will take any responsibility if the data is stolen or abused? Our kids and their parents will be the ones ultimately paying the consequences, shouldn’t our kids and their parents have the final say since Chas Roemer, John White and inBloom refuse to accept any responsibility or even acknowledge the risks?

Has John White lied to BESE and the State of Louisiana, or is inBloom lying?

Has John White lied to BESE and the State of Louisiana, or is inBloom lying?

Regular readers of this blog may be aware that I am fighting the unlawful sharing of private student data to unsupervised private unaccountable vendors. I’ve even started a petition to support this effort. Friday morning I got some good news, or at least I thought I had. John White seemed to come to his senses and agreed to withdraw the student data he supplied to inBloom.

For those not in the know, inBloom is a privately operated data cloud that advertises its ability to host all personal student data, from Social Security Numbers, to names, dates of birth, pictures, medical information, discipline records and history, test scores, etc. John White tried to simply spin his inBloom “partnership” (his word not mine) as a data garage housing “cars” he likened to our students. White claimed like all garages, once the cars are parked there, no one can get the keys so our cars (kids) are perfectly safe.

inBloom cannot see or use any information regarding students or schools in Louisiana. This is like renting space in a parking garage. The garage company may house the car for a while, but it may not touch or use the cars in the garage. While inBloom stores information, inBloom does not have access to the information

At first I thought this was an overly simplistic, condescending analogy, perhaps something thought up by a small child, but the more I thought about it, the more I realized he may actually be on to something. So let’s go with it.

Virtual garages, like real garages in real life, can have cars stolen from them all the time at any moment. Putting a car in a garage does not magically make it safe, and actually makes it less safe by virtue of placing it into someone else’s custody who does not have as much vested interest in taking care of your car as you do. What’s more, the “garage” inBloom and similar vendors are proposing will eventually hold all the cars. They want to hold everyone’s data, all their data, in one place. While it’s true cars can be stolen from personal garages, thieves have to go to each garage and steal each car. . . one at a time.  In the virtual garage scenario all thieves have to do is get access to one garage, (the garage) and they can steal everyone’s car (actually all their cars, and any car they’ve ever owned.)

What’s worse is while a car thief might have to go physically to your home or to a real garage and steal a car in the flesh, drive it away manually, and find a buyer one at a time. . .well most hackers actually live in countries outside of the United States like Russia, China, Iran, North Korea, etc. They don’t have to travel to the car (the student data) to steal it. They can steal it from the privacy of their home or “professional” hacking corporation composed of career and sometimes government sponsored and supported hackers.  Their “jobs” are to find vulnerabilities to exploit an steal data and trade secrets. Many foreign governments like China, Iran, and North Korea actually support these efforts.  These foreign “car” thieves can steal all the cars in the blink of an eye and sell them to millions of other criminals just as fast.

So yeah, a virtual garage is a horrible idea, for us. It’s a great idea for criminals and whatever companies like inBloom would like us to believe they are.

Every public garage I’ve parked in has a big disclaimer on the wall when you drive in that the owner of the garage cannot be liable for thefts, damage or stolen property left in the automobiles. When you give the keys to a valet to park your “car” they can damage your car, take it for a joy ride, forget to lock the doors, any number of unpleasant things. . .  And cars have been hot-wired at least since episodes of Starsky and Hutch originally ran on television.

MyParkingSign.com

. . .inBloom has a disclaimer too.

“[inBloom] cannot guarantee the security of the information stored in inBloom or that the information will not be intercepted when it is being transmitted.”

Pretty familiar, eh? Would you trust a car for permanent storage under such an agreement? Would you trust your child to an establishment that made you sign such an agreement. . . that they are not responsible if your child gets kidnapped, or injured. . .  but they will take “reasonable precautions

Yeah, you’re not taking my kids, you freaks, and I’m not trusting you with their future either, inBloom.  But I digress.

A number of parents, students and legislators have been alerted to this violation of our privacy and an emergency item was placed on the BESE agenda by BESE member Lottie Beebe.  This meeting was held Wednesday the 17th.

Shortly after what has been reported as a “lively” BESE meeting (who knew they had those?) John White promised to release all MOUs and contracts related to data sharing agreements like inBloom or Agilix (another vendor that was uncovered from internal e-mails.)  White then sent out this letter (I mentioned above) to Superintendents and school districts to try and spin and sell his garage idea.  It did not seem to work because the next day he informed BESE members he was withdrawing the state’s data from inBloom.  White implied he was cancelling the contract until he was able to alleviate fears and run such agreements by BESE. He issues this letter to BESE to that effect.

Update
04/18/2013 06:16 PM

Subject

Members:

At Wednesday’s meeting we heard some compelling testimony regarding the state’s and school districts’ data storage practices. It’s an issue worth continued discussion with the board.

The data storage agreement with the inBloom database was undertaken with caution and a sense of responsibility. However, because of the concerns expressed by some parents, and because we have not yet had an in-depth discussion with the board and public about data storage at the agency or district level, I think that it is best for now that we withdraw student information from the inBloom database. I have told our staff to do so and have informed inBloom of our decision.

We have protected student information for decades and take security very seriously. Given the concerns expressed by our most important constituents — students and families — I’d like a chance to discuss our policies and procedures with you before we enter into new relationships with partners providing this service.

Thanks as always for your time. Have a great weekend.

John

John White

Louisiana Department of Education
Twitter @LouisianaSupe

Barbara Leader, with the Monroe News Star, has been investigating this story for the last week and calling folks all over the state (including yours truly) and had interviewed White earlier in the week about inBloom and Louisiana’s role/partnership with this private company. As Barbara was preparing to run a story on Friday, John White contacted her out of the blue to announce his decision to “seemingly” rescind his agreement.

Louisiana Department of Education Superintendent John White says he is withdrawing Louisiana student information from a non-profit database, just two days after he assured Board of Elementary and Secondary Education members that the data was safe and could not be distributed without DOE approval.

This seemed like good news and I was grateful to Barbara for covering this story that was so dear to so many parents and children. While I was unable to make the Wednesday meeting I heard there was a robust turnout and even some brave students from Mandeville High School showed up to testify against this unlawful data sharing. I can’t speak for these students, but many of our students are 18 or older and had no say and no knowledge of the inBloom agreement and did not give permission to share their details with private vendors. The only folks who seemed aware of these agreements of questionable legality were White’s inner circle but not BESE which is supposed to review and approve such contracts by law.

However just when I thought things might be going well I was forwarded this tweet from inBloom’s official twitter account that got me to thinking. . .

inBloom@inBloomEdu

.@frankcatalano
@audreywatters Louisiana still part of inBloom community. Many inaccuracies in coverage

I asked inBloom to explain this cryptic tweet that they sent to other education reporters, but so far they have not elaborated. Nevertheless it brought to mind a question. I never did see what John White actually sent to inBloom to cancel his legal agreement with them – to withdraw “student information from the inBloom database.”  Did you?

Did he withdraw it all?

Did he simply tell inBloom to lay low while he “handles” those yokels in Louisiana?

Did John White make a jaded calculation that if he placated us on a Friday release, he could take advantage of the Boston Bombing coverage and people would simply forget about this come Monday? Later he could go back to BESE and get them to rubberstamp his agreement while no one was watching?

I wonder who is lying?

Did John White actually lie to BESE, to the Monroe News Star, to our legislators, to all the citizens of Louisiana?

Is this inBloom’s desperate attempt to stop other states from pulling out of the inBloom project? Perhaps. . . but if they are shown to be lying that will only further damage their credibility. Would inBloom risk lying about something that is easily disproved with the simple production of the John White cancellation notification?

I would ask that John White clears this up right away. He still has not produced the MOU that he promised to produce at the April 17th BESE meeting. Surely to cancel such a contract (which by law he would have been required to create to share student data like name, Date of Birth and Social Security number) he would have had to review it to determine how exactly to go around cancelling that agreement? White could not have shared the data in the first place (even under the weakened FERPA laws) without this legal document, a contract or MOU (Memorandum of Understanding) describing duties, uses, what data was to be shared, and under which circumstances the agreement could be cancelled.

I strongly encourage John White to produce the MOU with inBloom that he promised to punctually produce at Wednesday’s meeting and to produce the subsequent cancellation notification this contract would have required that he sent to inBloom. That’s all it will take to demonstrate that inBloom is lying, or at least in error, and they he did not lie to all of us, over and over.

However it occurred to me that maybe John White is lying, if not about this, maybe something else.  So just to be on the safe side, I felt this warranted me looking into John White’s other claims at this point. I contacted Barbara Leader, who produced the article for the Monroe News Star that announced John White was withdrawing from his inBloom agreement to ask for something she mentioned in her article. . .the file layout John White provided to back up his claim he only provided:

In an email to The News-Star, White said that “the only student info we are storing in this garage: local student ID, first name, last name, gender, date of birth, ethnicity and race.”

You see, I know a little bit about data, especially Louisiana Department of Education data, having worked in that area for almost 9 years, so there was something that bothered me about this statement. You see, local student ID is optional, and most school districts don’t send it. State ID is required, and is about 98% of the time the student’s Social Security Number. The local ID field did not seem like it could possibly be correct since most of them are blank.. Then when I looked at the rest of the fields, and looked at this description of who John White said would be using this or a similar database (if a similar database it’s one he did not cancel yet) in this statement:

John White, Superintendent of Louisiana Schools, says, “By connecting to IBDS, Agilix opens a lot of doors for our Course Choice product not only for registration but also for detailed analysis of student performance. We expect this will assist greatly in tracking and reporting results of Course Choice adoption to state authorities.”

Did you catch it? J Probably not, but let me explain. White said this would be used for registration. This information would have to be sent to school districts and registration through school districts to keep track of student performance and what their kids have register for unless LDE plans to handle all that in-house. Even then you would need to know a few more basic things, like grade level, where the child is enrolled, if they are still enrolled, etc. You can’t get all that from those 7 elements. You’d need more. The News Star Reported John White provided documentation that only those 7 elements were shared, so I figured I’d just check myself. I asked Barbara to forward the file John White sent to her to me. This is it, and I’ll explain what I found.


<?xml version=”1.0″ ?>

<InterchangeStudentParent xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance” xmlns=”http://ed-fi.org/0100” xsi:schemaLocation=”http://ed-fi.org/0100 ../../../../../../domain/src/main/resources/edfiXsd/Interchange-StudentParent.xsd“>

<Student>

<StudentUniqueStateId>999999999</StudentUniqueStateId>

<Name>

<FirstName>JANE</FirstName>

<LastSurname>DOE</LastSurname>

</Name>

<Sex>Female</Sex>

<BirthData>

<BirthDate>2005-05-19</BirthDate>

</BirthData>

<Address>

<StreetNumberName>No Data Exists</StreetNumberName>

<City>No Data Exists</City>

<StateAbbreviation>LA</StateAbbreviation>

<PostalCode>0000000</PostalCode>

</Address>

<Telephone>

<TelephoneNumber>0</TelephoneNumber>

</Telephone>

<ElectronicMail>

<EmailAddress>No Data Exists</EmailAddress>

</ElectronicMail>

<ProfileThumbnail>No Data Exists</ProfileThumbnail>

<HispanicLatinoEthnicity>false</HispanicLatinoEthnicity>

<Race>

<RacialCategory>White</RacialCategory>

</Race>

</Student>


<StudentSchoolAssociation>

<StudentReference>

<StudentIdentity>

<StudentUniqueStateId>999999999</StudentUniqueStateId>

</StudentIdentity>

</StudentReference>

<SchoolReference>

<EducationalOrgIdentity>

<StateOrganizationId>032023</StateOrganizationId>

</EducationalOrgIdentity>

</SchoolReference>

<EntryDate>2012-08-09</EntryDate>

<EntryGradeLevel>Twelfth grade</EntryGradeLevel>

</StudentSchoolAssociation>

John White unwittingly sent us a file for yet another (third?) data aggregator he shared student data with and did not run by BESE. You see, these xml files look like they came from and/or go to Ed-Fi if you read the header for this file. Ed-Fi is yet another data aggregation company owned by a different set of billionaires, Michael and Susan Dell. inBloom is a company created by another pair of billionaires, Bill and Melinda Gates. A third company, Amplify, which partnering with inBloom was set up by yet another billionaire named Rupert Murdoch of News Corp and child phone hacking fame.

This is how Ed-Fi describes itself.

The Ed-Fi Solution

The Ed-Fi solution is an educational data standard and tool suite (unifying data model, data exchange framework, application framework, and sample dashboard source code) that enables vital academic information on K-12 students to be consolidated from the different data systems of school districts while leaving the management and governance of data within those districts and states. Ed-Fi components act as a translator of academic data, integrating and organizing information so that educators can start addressing the individual needs of each student from day one, and can measure progress and refine action plans throughout the school year.

This Ed-Fi tidbit reminded me of some internal e-mails I’d obtained some time ago but had not figured out how to connect to anything, until now.  These are correspondence from John White, and Ed-Fi where he was exploring a relationship with Ed-Fi.  This was done either before or while simultaneously working with inBloom.

Here’s some of the correspondence from over a year ago with Ed-Fi. (DOE apparently provides their FOIA requests as a sideways oriented image files to make use very difficult. You will have to orient them image one rotation clockwise to view.)

To summarize this set of emails: it appears the Louisiana Department of Education was sending data to Ed-Fi too, long before inBloom. I wonder how many other groups like this John White has been sharing with? Agilix seems like another one as well as the Course Choice providers. Did White simply sacrifice inBloom to save all these other relationships, perhaps 4 that we know of at this point?

It seems quite likely we’ve been duped and inBloom was offered up as a sacrificial lamb.

Now to get back to the Ed-Fi file John White has characterized as the inBloom file. Let’s assume these are the same elements that were actually provided to inBloom. . . too. I notice that Grade level is included, site code is included of which the first three characters are the school district ID, entry date is include, and State ID (the student’s SSN) not the local ID was sent to Ed-Fi and or inBloom. That’s a shame, EdFi was only asking for a unique ID, not SSN, but John White decided to send a less accurate number for tracking unique students but more dangerous for students. I can tell we sent the SSN because they DOE shows they are sending a 9 character number and our unique internal state ID is 10 characters to make differentiation readily apparent. SSN is a totally unnecessary bit of info that can be used for identity theft especially with the date of birth and name John White is also helpfully (for criminals) providing.

What I find intriguing is that there are empty spots for the student’s address, their picture, their phone number and e-mail address. I can’t think of a reason to leave those in the file unless you’re leaving them as placeholders to fill later.

To summarize:

  • John White can prove he did not falsely inform BESE and the state of Louisiana about cancelling a contract with inBloom he has no intention of cancelling by production of the cancellation agreement.
  • John White can prove he did not lie to BESE that he would produce the inBloom MOU and all other sharing/partnership agreements by doing so quickly and in good faith.
  • We need to know how many vendors has John White shared date with already and not recalled . . . but it appears to be at least 3 more. . . (Ed-Fi, Course Choice, Agilix)
  • John White may not have cancelled the inBloom contract as he claimed. InBloom has publicly claimed otherwise.
  • John White sent more than the 7 data elements he claimed to BESE and the Monroe News Star that he sent. It also looks like he plans to send much more sensitive data at a later date.
  • John White has definitely already sent private student data to Ed-Fi, an inBloom like operation, as much as a year ago, based on the internal e-mail trail and file spec. He did not notify school districts or BESE about this agreement to my knowledge.  (I will be happy to amend this statement if somone can show me that I’m wrong.)

Now, what are we going to do about this?

Though it may not show yet, massive progess is being made about the illegal student data sharing thanks to your efforts!

Quick Update:

I and my colleagues have been working with a number of groups behind the scenes, including school district IT directors and superintendents, Tea Party groups, legislators and BESE members. I hear some folks even contacted David Vitter and this issue got his attention.

This illegal data sharing is now on the BESE agenda for the 17th of April. We have notified a number of media contacts to pay attention, and this meeting is open to the public, so if you happen to be in town and want to show up to register your concern with BESE members and other DOE staff there should be plenty available.

(BESE meetings are held on 3rd Street across of the Hollywood Casino in the Claiborne building in the Louisiana Purchase room, which is in the center of the building across of the elevators.)

Note: There is a big national Education Summit. . .

http://leadershipforchangesummit.com

. . .conference held in the morning at the Crown Plaza Hotel in Baton Rouge that will host John White, Jindal, Jeb Bush, Condolezza Rice etc. It is invitation only (even though it claims to be open to the public), but I imagine if anyone figured out a way to cause a “purely legal” ruckus. . .  that might be a good way to draw attention to this issue with most of the rest of the nation watching.  Unfortunately this summit may  take attention away from the BESE meeting and media coverage, so we are trying to move this item to the afternoon, after the conference is over.

Let it me known that the legislative session is in session!

Contact those legislators!

http://www.legis.la.gov/legis/FindMyLegislators.aspx

Register your concern right now and maybe we can get a privacy bill passed and action taken to remedy this situation before the school year is over!

Here is the petition again for you to sign and refer back for periodic updates on our progress.

http://www.ipetitions.com/petition/stop-sharing-our-student-data/

Thanks!

 

PS: I found some more groups involved in what I believe are illegal transfers of student data.  There may be other SLC vendors than just inBloom, such as Ed-Fi.  You may need to click on this image to read it. If it is too difficult to read I will transcribe.

Agilix and a gatesfoundation "Alvarez group" is involved in the transfers of student data
Agilix and a gatesfoundation “Alvarez group” is involved in the transfers of student data