Slashdot Mirror
Ask Slashdot: Explaining Cloud Privacy Risks To K-12 Teachers?
hyperorbiter writes "With the advent of Google Apps for Education, there has been a massive uptake by the K12 schools I deal with on signing students up with their own Google powered email address under the school domain. In addition, the students' work when using Google Apps is stored offshore and out of our control — with no explicit comeback if TOS are breached by Google. It seems to me that the school cannot with integrity maintain it has control over the data and its use. I have expressed a concern that it is unethical to use these services without informing the students' parents of what is at stake e.g. the students are getting a digital footprint from the age of seven and are unaware of the implications this may have later in life. The response has often been that I'm over-reacting and that the benefits of the services far outweigh the concerns, so rather than risk knee jerk reactions by parents (a valid concern) and thereby hampering 'education', it's better to not bring this stuff up. My immediate issue isn't so much about the use of the cloud services now, but the ethics over lack of disclosure in the parental consent process. Does anyone have ideas about defining the parameters of 'informed consent' where we inform of risks without bringing about paranoia? (Google Apps is just an example here, I think it applies to many cloud services.)"
This question needs a bit more detail. What *are* the implications of using these Google services? Is Google using the same boilerplate contract? Does it sweep emails for words and phrases to show advertising? Is it collecting anonymous data?
I think you probably need some school-specific clauses to address the particular privacy and safeguards but you haven't articulated any specific examples of areas where you think Google is falling short or why this might become a problem. Kids are going to have digital footprints as children. I might not like that very much, and as a parent I may try to limit it, but you can't stop it.
Fear mongering is what the rest of your country runs on why not education
What gives you the idea that data is safer stored within the US? In reality, I think it is less likely to fall into the 'wrong hands' (someone who wants to embarrass or blackmail your child later in life) stored overseas.
>The response has often been that I'm over-reacting
Because you are.
If you can't articulate what the implications are of using Google Apps for Education, then at least one of the following is true.
1) You don't actually have sufficient understanding of the situation
2) You're the wrong person to attempt being the spokesperson for the "opposition"
You need to be able to articulate your specific concerns regarding use of the service - not just make hand waving statements. If its bad that students have a "digital footprint" from age seven, explain *why*. And, even then, be aware that others may not share your concern (or may have adopted a fatalistic attitude about the situation).
#DeleteChrome
We already have groups of people afraid of wifi, vaccines, and a host of other things that are non-issues. They are also disproportionately afraid that their child will be abducted (by strangers, or even by aliens).
Pretty much whatever you say will either be misunderstood by some subgroup, or deliberately misconstrued by another - and then a school faces the problem of providing a special exception* for some group of students that have been opted out.
* Note that I'm generally in favour of special exceptions in schools because children do have different learning styles and paces - but this would be a crazy addition
If you're worried about it, why not have the kids use an alias instead of their real names. That way there is nothing to link it back to them
Obviously there are valid issues. The question is not IF we should teach them, but HOW.
Right now there are few ways to articulate the risk. There is the vague handwaving education of "bad guys will steal it".
Even when doing this professionally it is difficult to fully understand what the risks are, who exactly the "bad guys" includes, the kind of stuff they want to take, and the reasons they want it. The bad guys may include governments, vandals, corporate espionage, advertisers, news agencies, and more. The stuff they want may include not just credit card numbers, but also patterns of what you like, where you go, and who you are with. That stupid-looking photo may be cute today, but it may destroy your bid for public office two decades later. The fact that your facebook friends have some overlap with a suspected terrorist may put you on a watch list. Knowing the bad guys, and knowing the data they are looking for, is hard.
Then you have the difficulty of explaining it clearly. It is hard enough to explain to a teenager that their quick goofy photos (or much worse, sexting) might, twenty years from now, prevent them from getting their dreams fulfilled. Sometimes it is easier to point out that public stupidity can prevent them from getting a job in three years, but even that seems difficult to teach.
Since that wasn't quite asked, here's the evolved question:
HOW do you teach K12 students about the risks in the digital world?
//TODO: Think of witty sig statement
You have this belief of a boogieman in the closet, but have nothing that actually backs it up. But because you think you are so smart you can't possibly imagine that your beliefs aren't true and you are over reacting you expect us to back you up as surely everyone with half a brain must believe what you do.
In the cloud, or any other computer network, you have no privacy. What is there to explain, other than you voted for this?
“He’s not deformed, he’s just drunk!”
And what precisely are the implications and risks according to you?
What precisely do you think isn't being disclosed?
It is an interesting point...
Sugget you do some research, (look into the big G's T&Cs), and write down exactly what you think the issue may be.
Try and be balanced, then fire it off to yor boss.
Your duty is then done, and your ass covered.
Why the quick assumption that students' data is stored overseas? Six of Google's data centers are in the USA, one is in South America (not exactly "overseas", but still out of the country), three are in Europe and three are in Asia. I would think that most data in North America is stored on North American servers, which is probably best for speed and access.
Why is "bringing about paranoia" a problem? Where security is concerned, I generally consider paranoia to be a good default reaction to any situation until I understand it well enough to relax.
Explain the situation well and allow the parents and others to be as paranoid as they consider prudent. Don't try to manipulate them into being more or less paranoid just because you or the system think they should adopt a different mindset. You provide facts then it's their choice to make.
If, OTOH, you're excessively concerned about and wish to avoid creating paranoia you'll hamstring your efforts to be intellectually honest and technically accurate when you "define the parameters of informed consent."
It's not a matter of explaining the privacy risks. It's a matter of trying to convince them to weigh each bit of the moral and causative puzzle more like you do. At least, that is a clearer rephrasing of the question you really are asking.
They know that when data is stored somewhere else there there is a non-zero possibility that it's lost, which compares with a non-zero possibility that someone hacks into your network or steals a server. They just don't care that much.
It's easy to explain cloud privacy issues. We'll do it in terms of purses and wallets as those are common items of value that people understand can contain very private information:
Someone is doing the digital equivalent of asking you to keep your purse (or wallet) securely and have it available at all times for you. They won't try to steal the money or credit cards, etc in it (or whatever else of value if you choose to store it). Yes, there may be a security breach, but it's less likely than you dropping or forgetting your purse or wallet.
On the other hand, it means that if you put them in your purse (or wallet) they know how many birth control pills or condoms you kept in it and by when you used them what part of your menstrual cycle you're on or when you had a hot date that turned into an all night.
Now, extend that to your son or daughter that will have records on them from the time they enter grade school until, well... forever.
(In some ways it's not a big deal, but in some ways it is, and that rather graphic example gets across the level of info that can be mined from long term records.)
Like on many occasion, the word cloud is missuses here. It really is software as a service (or SaaS) that we are talking about.
Can I mod the article as a troll ?
You provide facts then it's their choice to make.
Given OP's original tone, I'm highly skeptical of the chances that facts will be the only thing provided. Perhaps OP could get somebody who doesn't have a tinfoil hat collection to write up some information...
If you can't articulate what the implications are then at least one of the following is true.
1) You don't actually have sufficient understanding of the situation 2) You're the wrong person to attempt being the spokesperson for the "opposition"
I very much agree with this. Unlike the IT worker in the headline I can articulate many of those implications. Unfortunately getting it through a child's view is difficult. Even communicating it to an ADULT is difficult.
We see these things on /. all the time:
* Goofy pictures as a teen, but as 47 year old fired from executive job due to bad public response.
* Seemingly innocent banter about being insane, Texas teenager in jail.
* Picture of children in a bathtub, ten years in prison for child porn.
* "Why would I want to live there?" to your friends, fired from Microsoft.
* Sexting images go public, lives ruined.
And those are the EASY cases.
On their surface none of them seem like threatening issues. I post pictures of myself, friends and, family. I publicly chat with friends. I hope that they never come back and bite me, but in this world even the smallest innocent thing can be taken out of context and destroy lives.
How exactly do you communicate rational responses (not just fear) for these actual risks that we read about daily without sounding crazy?
//TODO: Think of witty sig statement
You also need to be able to explain why "their cloud" is less secure than "your cloud". The data / work is being stored on servers somewhere, and if students can access it there is ALWAYS the chance for some misconfiguration or breach that exposes their information. So with that understanding, you need to justify why storing stuff in house would be more secure than with google-- and the truth is, a lot of the time, its not.
This may vary depending on where you are, but in some places it is not legal to put information on students (or photographs of students) on-line or on third-party servers. In other places it's government policy to not upload student data (or photos) to a place where that data can be viewed by people not directly connected to school. So, depending on your local laws and the policy of the education department in your region the school board may be breaking the law by using cloud services for things like e-mail and documents. Might want to bring this up with the school board's legal team.
There may be valid concerns, of course: people should know who has access to the information, whether real names are being used with those gmail accounts, what, if, any filtering is being done, etc. But you haven't been forthcoming with who you actually are in relationship to these multiple organizations: are you a school board member, a concerned community leader, or...?
Speaking of paranoia, this sounds just a little like astroturfing by someone else, to get people to brainstorm negative things. Are you a person who's trying to sell competing services, like discrete servers and software?
I do see someone using that same "hyperorbiter" username in New Zealand, a Stu McGregor, associated with http://www.definitive.co.nz/, which is "is a support company for Mac/Linux oriented schools and businesses. We offer comprehensive support at competitive rates and we are committed to your interests being met."
Coincidence, or?
Every group of common people (in this case, teachers and/or school administrators in your particular area) tends to have one or two "hot button" issues; things that, when they hear, alarm bells go off in their head and they cannot be swayed otherwise due to past experience or ingrained culture.
Home in on whatever that hot-button is for these particular teachers and find a way to press it hard. Figure out how gmail and cloud services could be exploited against them in that context.
I know it's kind of a dirty political tactic -- and we Slashdorks believe ourselves above such means, preferring to generalize, establishing rationality and understanding -- but sometimes people incapable of unwilling to consider such foresight need to be jerked around for their own good. Otherwise, you'll just come off sounding paranoid and delusional, which is amazing considering recent revelations.
In other words, find out how to be on their side; to align this issue align with the issues in which they already collectively believe.
Don't forget the bit about posting comments insulting religious or political views, and then potential employers not hireing you over it. The annoying thing is it can't be proven: If an employer looks you up and finds you've been insulting his religion, he isn't going to give that as the reason in your rejection letter - you'll just get a generic form rejection saying 'your application has not been successful on this occasion.' It probably happens all the time.
Should we get rid of blackboards, too, because anyone can read what a student writes on it? This is the current reality. You cannot protect students from this type of technology. However, you can prepare them for it.
Create a policy to let students know that everything they do on their account should be assumed to be readable by anyone, so treat it as if you are writing on the classroom blackboard.
In that proper context, it is still a wonderful tool, if used properly. I am sure any school would also support such a policy to avoid unwanted incidents.
Sdelat' Ameriku velikoy Snova!
...except you, me, some other people that realise the full implications and the paranoid.
I work at a Further Education College (14 years upwards) with some Higher ed students (mature) and everyone's all very interested in my opinions about privacy and footprints in exactly the way any educated, engaged person might be about any interesting and important topic but they don't think it applies in their case.
I also stand up at my desk to work. If anyone asks, I'll tell them why. Everyone is interested and thinks it's a good idea but I'm still the only person in the whole college that stands up at my desk.
Read the TOS...filter out the specifics that people need to be aware of...write a report...move on.
My university (U of Hawaii) uses Google's email, but I prefer it to using HotMail, Yahoo Mail, Facebook, or my ISP's email! I never use my hawaii.edu email account, but instead set it to forward everything to my personal email account.
If you're thinking that the schools could just offer their own email systems, have you figured out how much that will cost?
It sounds like you work as the school's email administrator. Since it sounds like you have a financial interest in the outcome of this, you should just be honest and up front about that.
Google has a remarkably good track record regarding security. They may be the best company (of Apple, Microsoft, Facebook and Yahoo) in their industry, and if they aren't #1, then they aren't far behind.
One of the issues you raise is that you are assuming that students will use Gmail for their personal and private use.
In fact, they are free to use whatever they want for their personal email, and simply configure their Gmail account to forward and delete after forwarding. I've investigated quite a few other email providers, and this is rarely a feature they're willing to offer, so in this respect Gmail is way ahead of the competition.
BTW, do you think the schools should also have to disclose that they're using Microsoft software, that it has a such a long and poor security history?
Maybe you could ask one of them to teach you how to write. Combined by" my arse.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
there was a magic cloud. It was mostly hype and a stupid idea, but hype and stupidity are the cash cows of IT.
Then the big bad NSA, created a big nasty evil monster called PRISM that chased away all the pretty little clouds.
The clouds were scared and did not want to be eaten by the big bad PRISM monster.
Moral: Don't get eaten. Don't be a cloud.
People change their appearances a lot as they grow up. Teenagers, especially girls, look so much alike that 10 years later it's virtually impossible to say "here, it's Jody Smith my coworker, taken 10 years ago when she was 16".
A successful API design takes a mixture of software design and pedagogy.
Don't forget the bit about posting comments insulting religious or political views, and then potential employers not hireing you over it. The annoying thing is it can't be proven: If an employer looks you up and finds you've been insulting his religion, he isn't going to give that as the reason in your rejection letter
He doesn't have to, because that's not the only reason a rational adult wouldn't hire an internet warrior. He might choose not to hire you because you've made it clear that the majority of the people in your own culture are beneath contempt in your mind. That may not be a desirable quality in an employee, even if the potential employer doesn't disagree with your anti-religious views.
...the average elementary school IT admin (er...assuming it even has one) can put together services even remotely as useful, reliable, and secure as Gmail. Not to say that Gmail is by any means ironclad, but honestly, most IT (mil, gov, com, edu, take your pick) departments have absolutely no meaningful grip on security at all!! If Slimey Joe wants to get at little Polly's schoolwork, he's certain to have an easier time at it through a slipshod school network than Google's infrastructure. Sure, be paranoid about security, but have some practical solutions, too. While I do think that cloud services fielded in schools should remove direct marketing (similar to M$ofts recent no-add version of Bing) for schools,Google (or Microsoft, I grudgingly suppose) will provide better security than virtually every lone heroic admin is likely to field on a public school budget.
Unfortunately majority of people don't know damn thing about technology or information security for that matter... Most school teachers fall into this category. Sad thing is they are teaching our next generation. We should have brightest minds teaching our children, not these dim minds..
I have found healthy level of paranoia is good when it comes to internet and its workings. On data storage in cloud services, problem is you have no control where data is. If its not encrypted there, even worse.
Why have the owners of Slashdot repeatedly ignored the biggest schoolchild privacy scandal- namely the collecting of intimate data about EVERY child in the US public school system by Bill Gates, using a software system especially developed for the purpose by Tony Blair's chief propagandist, Rupert Murdoch.
The depraved Gates, an active proponent of old school eugenics, has used his incredible wealth, political influence, and the power of his foundation to craft a Stasi spy project for Team Obama that dwarfs any previously attempted. Every school within the public sector is to track, monitor and interrogate every school child on as regular a basis as possible, and enter this data into Gate's database system. The information even includes the current sexual development of the child. Teachers are paid fees for all extra information they collect on their own initiative.
Bill Gates has promised the database will be available to any third party (that pays the requisite amount and has Team Obama's approval).
At the moment, Bill gates is rolling out this project in selected (which means politically subservient) States and cities, including New York, of course. The intention is to have the system running on a nationwide basis within 5 years (when Team Obama will become the different-in-name-only Team Bush or Team Clinton or whatever). It will be illegal for parents to withhold information, encourage non-cooperation by their children, or to challenge the school over the data collection.
Let me make this clear for you dim bulbs. In those states that allow sexual abuse of 18-year-old women in the name of school corporal punishment, teachers are given complete immunity in law for any school beatings they dish out. Parents who even attempt a prosecution of a teacher are heavily fined in court for doing so. Bill Gates already has the agreement of US law-makers to implement a similar legal protection for his school-children database. Your child's teacher (or nurse or any other member of staff) can extract and record ANY information about your child, or his/her family that they desire, including their medical records AND your medical records.
Stalin was a monster, but his real power came from the expert monsters who served him in various capacities. Bill Gates is a deeply disturbed psychopath who craves to be a monster in the vein of those who served Stalin so well. He knows that the key to societal control is winning control of the nation's children, and humiliating the parents when the parents discover they have no ability to protect their kids.
In those US schools that beat the kids, mothers who suffered the most appalling abuse from male teachers frequently find their daughters are going to have to attend the same school and suffer the same abuse (often even from the same teachers). You can imaging what that does to the will of such communities. Bill Gates isn't going to beat your kids into submission. Sophisticated psychopaths know that psychological abuse is vastly more effective and long lasting.
How many of you Yank parents have gone to your child's school and demanded that your Child will NEVER appear on Bill Gate's database? What's your excuse? That the vast majority of you are so dumb that you've never heard of the project?
QUOTE
inBloom is receiving $50 million for their services from the New York Education Department through a contract awarded last fall. Data analyzing firms, educational software designers and other third-party venders, both for and not-for-profit, will be granted access to student information.
GOOGLE inBloom, Bill Gates, Rupert Murdoch. Anyway, time for Slashdot's owners to moderate this comment down to -1 so as few of you as possible read it.
'Why is "bringing about paranoia" a problem?'
Seriously. I do research with human subjects. If I don't have at least some people choose to decline participation at the point of informed consent, then I assume my consent isn't good enough - participating in any given research project is *always* not a good choice for at least one person.
Then again, you have the interesting situation that formal school-based education is not the correct solution for every single human; using google apps (or whatever cloud-based system a school is considering) is not the correct situation for every child, yet in both cases the benefits to society (shared childhood experience, guaranteed minimum education level; cheaper infrastructure) may wildly outweigh the relatively minor risks for the individuals.
I think the OP would like some help articulating the problem and that's why he posted here. Beating him to death asking him to articulate is a waste of time. If he could articulate it reasonably at all he wouldn't be HERE!
My $0.02 on the cloud and the reason why I will never store information there, encrypted, overseas, or not. However, I do see things like SaaS via the cloud as a boon. Allow me to explain with the comparison of using the cloud for services and storing information in the cloud.
I have a fundamental belief that our individual intellectual property should be protected as much as our freedom. I believe that our individual digital data should reside with us, be our individual responsibility to safeguard, and be ours to share with whomever we wish, whenever we wish.
I do not believe that your data is ever safe in the hands of someone else, especially, if that someone else is a for-profit business. I do not see encryption being a viable option for data that is stored for long periods of time. Why? Well the people storing your data and that of thousands if not millions of others will most likely have the compute ability to break that encryption. Plus, all encryption does is draw more attention to your data in a for-profit environment. "What are they hiding?"
I do believe that software as a services, e.g., Office365, Google Apps, et al, are a good thing if implemented well. Tools to use in the cloud are good because data is not stored for long periods of time, and if the terms of service are good your data remains private while it is being manipulated in the cloud.
I do believe that storing items in the cloud temporarily because you are sharing them with someone is ok, again, terms of service become the deciding factor. If the data is with you and you have a machine attached to the Internet it's really silly to use an external service to share things, but it may be more secure as you are not compelled to run a service on your home machine where the whole of your data resides. That all depends on your level of server admin competency. Regular home users should probably use a service.
It is difficult to ride the line between privacy and having a life in the modern digital society. If you choose the way of privacy in today's world you will most likely alienate a major group of friends. The drive for young adults to belong and form peer groups is not easily bounded. I think the best the OP could hope to do is to try to educate the parents of the privacy and future implications and hope that gets passed onto their children at home. The teachers and administration will also need to be educated about the possible issues. The bottom line here is educate people so they can make an informed decision on their own. I did say that freedom was also equally important to protect. If people still choose to be reckless after knowing the dangers then they will have to live with the consequences of that choice. I do believe there will be a large segment of our population that will deeply regret how reckless they have been with their privacy.
No. In the summary, OP said that this was being done 'without informing the students' parents of what is at stake'.
The summary also says there is a "lack of disclosure in the parental consent process." Just getting parental consent to "use the internet" or "use Google Apps" is not enough. Unless the parents are explicitly giving their consent to the disclosure of identifying information, then this school is breaking the law.
Maybe the OP is being alarmist, and he certainly doesn't appear to be very competent, but the obvious solution is to read the applicable law (which is COPPA), go down the legal checklist, and make sure his school complies.
Just because a child is enrolled in Google's "Apps for Education" as a matter of allowing their coursework to be monitored, have analytics applied to it by a teacher or their parents, and have the progress tracked by a teacher or parent in a uniform and API transparent way, doesn't meant that their schoolwork is being posted to reddit. You can search your ass off, and you will not find the kids work online, or even their name, unless they put it some place else, like Facebook or Slashdot, where the information *is* public.
The OP is being asinine and alarmist in the extreme: "Oh noes! The clouds, the clouds are going to eat you! All parents should be informed that the clouds are about to eat their children so that we can get a reasonable backlash going, and continue to sell copies of Office on heavyweight, brandy-new Windows 8.1 PCs! 'Case a bad guy has never yet compromised a Windows PC!".
And yeah, maybe an external audit by a competent domain expert might be a good idea, but as long as we are auditing, I;d like to know why we can afford to house the school administration in a new building in the expensive real estate part of tow, but supposedly can't afford to fix the roof in the place where tyhe students are actually being educated. That's an audit I could get behind.
Typically, outsourcing saves money, whether that's sending IT jobs to places where the workers are willing to take less money, or building PCs in places where the labor costs are relatively low and the environmental laws effectively non-existant - or not buying a metric buttload of Microsoft software because it happens to be tied to a particular machine, rather than a person who has to access their data in multiple locations from multiple machines (home, library, multiple classrooms).
Re-buying software to be able to access it on another device makes about as much sense as rebying an eBook to access it from another device, or rebuying an mp3 because you want to listen to it on the home stero, when you're out jogging, and in your car.
Put another way: licensing software to a machine instead of a person is another form of DRM.
I won't hire someone if they think they have a cavalier attitude about privacy. I don't want my company's internal documents being uploaded to Google, whose primary revenue stream is essentially charging for the accurate targeting of our competitor's advertisements. Similar concerns exist for any other cloud service; their IT employees haven't signed my company's employee agreement.
You are not overreacting in the slightest. A school district that doesn't do everything in its power to protect children's privacy and to teach them the importance of doing the same for themselves is doing those students a great disservice.
You have no business letting a private advertising company operate school functionality. You have no business putting parents in a position of needing to decide. That just amounts to shirking responsibility by essentially having them sign a disclaimer. Unfortunately, most parents and teachers don't understand the situation. And just like most people agreeing to sleazy TOS, they won't want to "make waves". You might not be able to do anything about that. But don't help everyone to stick their heads in the sand by settling for "informed consent".
When I objected to my daughters' high school's use of turnitin.com, I came in with their full TOS printed out (all 40 odd pages), and asked if any of the teachers and administrators had read the contract to which they were asking their students to agree to. And if they had read it, were they aware of what it meant and what they were giving up.
Crickets..
(leaving aside the enforceability or value of contracts entered into by minors, clickwrap or not)
My school uses Google Apps for Education and I was the first to question FERPA compliance. There is a contract involved with guarantees:
http://www.google.com/enterprise/apps/education/benefits.html
At this point, I am perfectly comfortable using Google with my students, but have other sites like Facebook blocked by my proxy (Untangle). As long as the cloud hosting company bears the burden of liability and has procedures for the handling, access, and destruction of data, in full compliance with FERPA, I am OK with it.
If you are wondering, I teach routing and switching (Cisco), and understand the technology well.
About all you can do if you can't get someone to listen (and I'll bet you can't, and I'll tell you why) is to refuse to give your permission for your child to use the Internet as school. So why won't they listen?
Money.
When I left, there was a ~4 million dollar budget to renew and expand the email system (All teachers and staff, all kids, plus all parents, maybe e-mail for life like some colleges do, mail boxes that hold more than 512 megabytes and anti-virus). Google came in and moved everything to Google for under $200,000, expanded coverage of users as we'd wanted, and freed up 3 staff members that were doing nothing but email for other tasks. Hard to argue that $3.8 million bucks that suddenly pops up for other uses isn't a good thing, especially when a lot of other money was cut off. What's going through the superintendents head goes something like this: "Someone worried about privacy -something I don't understand but sound like it's not that important- for kids versus like, 3.8 million I can put toward fixing X, or maybe keeping those 1,000 classroom teachers I was going to have to lay off..."
Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.
I am surprised by the response of the "slashdot crowd". I wouldn't have expected that the common opinion would be one that accepts data gathering by corporations (and the government) as a fact of life. I know that the catch phrase "privacy is dead" has been used a lot the last year, but I wouldn't have expected everyone to actively work towards that "goal". It should be obvious to everyone that the ramifications of all this data gathering will be in the future. I think we have only started to see the first results of their use (and abuse).
It all starts with data gathering. After that, only laws/regulations and adherence to it can protect you from abuse. Adult do a lot of crazy stuff that they are not proud of, that is not intended for the entire world, and that they would rather want the world to forget. For children this is much more the case. Children are still learning, and they are expected to make mistakes and act inappropriately at times.
From what I hear, the laws and regulations in the US to protect people's privacy concerning data gathering is at best a joke and at worst nonexistent. When you choose a cloud provider without a contract to protect your (children's) privacy, you are putting an unknown but unnecessary burden on your children's future.
A good contract would state that only the specified data is collected and used for the specified purpose (make sure to check both whether they are all essential) and will be destroyed once they are no longer needed to serve the specified purpose, that the provider is responsible for the confidentiality of any collected data and will inform the parents promptly of any breach of this confidentiality, and that the parents have the right to view all collected data of their child and the right to correct any faults in the data.
If the provider does not offer such contract, or has nonessential data collection of purposes, then I think a discussion on the pro's and con's of such a solution is in order.
No matter how paranoid you are, it's not paranoid enough.
A quick google search reveals various versions. One of my old friends used this 30 some years ago about living in modern society.
You've brought the issue to light, and then documented publicly that it was aired.
My 1st concern, who agreed to the TOS for the wee ones, and were the parents aware that such a contract was being entered into ? Not sure what state or what In loco parentis http://en.wikipedia.org/wiki/In_loco_parentis
status is in that particular area.
errr....umm...*whooosh* *whoosh* Is this thing on ?
That expires when they are 18, and uses the schools "Root Authority" as the issuer? Then they can live in the digital world, can even "sign" their online homework, and when they turn 18, they can let it expire. All the school has to do is issue a cert, and require encryption with the keys they issue and control.
If you are going to push technology to people that young, please do not insulot them by thinking they are stupid. Most of the ones I have met are way smarter than their teachers....
The concern is "My immediate issue isn't so much about the use of the cloud services now, but the ethics over lack of disclosure in the parental consent process. Does anyone have ideas about defining the parameters of 'informed consent' where we inform of risks without bringing about paranoia? (Google Apps is just an example here, I think it applies to many cloud services.)"
I think transparency is a good thing. If the school system provides information to the parents about what kind of information will and may be stored "in the cloud," along with a summary of whatever legal obligations the school system has placed upon the provider with whom they are contracting (or whatever legal promises the provider is making if not under contract), then the goal of transparency will be met. If the school system balks at providing that kind of information, then I would question the appropriateness of the school system's action. The school system's fear of what parents might think if they knew what was being stored in the cloud is not a good reason for the school system to avoid this disclosure. My $0.02.
If the school has based part or all of their educational approach on the use of a particular cloud service for which parental consent is required but for which parental consent might be withheld, then the school system has a lot at stake in getting consent. That might be clouding their judgement. If so, there are deeper problems here than just the need for full disclosure. If the law requires parental consent, it is probably for a good reason. The school system shouldn't be allowed to subvert the requirement for parental consent by creating a situation in which a lack of consent results in a major problem for the educational approach. If the school system doesn't like that, the school system should get the parental consent law changed first. One of the aspects of the USA constitutional system is preventing the tyranny of the masses (in this case the possibility that a parent who objects to a school system practice which they disagree being made to give their consent to it by limiting disclosure because the school assumed in its plans that everyone would go along) and even if the OP is not in the US, the principle is still valid (IMO).
The whole idea of a "digital footprint," corporate data mining, etc. is (I believe) a very valid concern and one that the parents should be allowed to control on behalf of their kids until such point as their kids are on their own. Personally, I think that at a minimum the same kinds of protections that HIPPA requires for health information should apply to information stored about minors. If data mining is going to happen, it should be done in a fashion that eliminate the possibility that specific information will be tied to specific individuals.
As a parent, I had this conversation. Our daughter was attending a private school and they decided that they were going to go with google apps for the students. They had come to the conclusion that it would help foster communication between the teacher and students, offload work that the current IT staff was handling, and reduce costs. They felt it was a win/win scenario.
And then I showed up.
I explained to them that it was quite simple. I executed a contract with the school. The contract that I executed was between my family and their school. When did I agree to allow a third party to get involved? What gave them the right to make a unilateral decision invalidating my contract. This had a little bit of an impact on them.
I then decided to raise the ante because I did not see them budging on the contract issue. I brought up a point that they are allowing a company, which I did not approve, to store and mine that data for eternity. They responded by stating . . . "Contract, EULA, DO NO EVIL" and various other lines of crap. I pointed out that they have no track record of adhering to the contracts. That the fines that they are paying for the violations are made up in about 30 minutes of revenue. That fines mean NOTHING to them. This started to have more of an impact on them.
I rose the bar again. I asked them why they wanted to put my daughters education in a bounded box. They looked confused. I said, what if my daughter decides that she wants to read Mein Kempf and write a paper about it. That this paper is NOW stored forever. Sure, she is only 15, and this means nothing at 15, but if she were to be the next Hilary Clinton and run for president, that paper could harm her. They thought they had me there and pointed out that it was on a server, protected. I explained to them, that if she were to hand the paper to the teacher, printed out, then the teacher graded and handed it back, that it could disappear forever. Well unless of course the teacher scanned it and saved it. But the control of the content was in my daughter's hand, not a third party. I explained to them, that if the paper were to be released, that they would have a serious liability case in their hand. This was having more of an impact on them.
I went to defcon 1 with them. The school had been broken into and items were taken. Someone at the school had chosen to post the security surveillance system images on the net. They did it without the approval of the school. This is a school where tuition is 30k a year. They NEVER wanted that information out. The content was posted for two hours. They called the place they had posted it and asked them to nuke it. They obliged and nuked the content. This break in had occurred about 3 years prior. I went on the net, found the photo and printed it out. I brought it to the meeting with me. I opened up my folder and brought out the picture. I handed it to the headmaster. I stated, look at the date and time this was printed, yes, 15 minutes prior to this meeting. He asked where I got it. I told him, "Off the internet." His mood was changing fast. I pointed out that if they didn't want their dirty laundry in the public eye, why are they forcing my daughter to have her work at a impressionable age stored on a computer that was not in their control.
I won. The voice of one person, who was sticking up not for his daughter today, but his daughter 30 years into the future convinced them that the savings was NOT worth it.
In closing, explain to the school, whether it is is private or public that they have liability. That by offloading the work to a third party, it does not indemnify them of any culpability. It just adds another person for the lawyers to go after. It means that if Google, for example, was haxxored, and your child's information was out and about, that they were now liable as well. That argument, the threat of having to spend money to defend themselves and with having to pay out, tends to end the conversation immediately.
I sincerely wish you the best of luck.
dave
So, questions like this are interesting, but what I feel is more important is how effective is it going to be in the classroom? What most teachers and students are really concerned about is how can this better the student's learning and save the teacher time. Administrators care about the bottom line- the budget. If this, or any, technology meets those needs, questions about cloud privacy, and a lot of other things, go out the door.
But a very big thing to focus on is making sure the teachers know how to use the technology. That's true of any elearning solution. I've seen cases where a really robust technology was given to a school, but without sufficient professional development, it fell flat. But as more and more teachers retire, and a new generation of teachers in their 20s replaces them, technologies like these will become ubiquitous, and while questions about privacy are scary, I feel that the ability for teachers to connect with students on multiple channels is overall a positive thing.
Point out something like this could happen to anyone of the children
http://www.wsws.org/en/articles/2013/06/29/cart-j29.html
Remember, think of the children.
Call them ignorant in return. Teachers respond well to challenges that they need to learn something. Bonus points if they think you're calling them stupid instead of non-knowledgable.
There is a real issue here. Minors cannot enter into contracts in most states, so they cannot technically agree to the TOS for Google. The school is requiring the minors to use the accounts as part of the enrollment. That in and of itself is not a problem, but in most states, school records are confidential and these accounts are a type of school record. Therefore, if Google or anyone else does mine the data, then the school is in violation of state statutes and could be held liable. Now, it is quite possible that the agreement entered into between Google and the school has safeguards to protect against this, after all, their for pay business accounts have those protections.
For the record, many colleges and universities also use these accounts for their student mail, but there the students are not minors and can enter into the agreement. But grade school kids, cannot.
In fact, by trying to fill this rule, you're doing more harm than good if you can't provide a convincing argument. Why? Because when someone appears who can provide such an argument, everyone will be like pshh it's like that other guy again. Lets ignore him he has nothing of use to say.
*role, got distracted while typing.
There are already laws and regulations in many states about what data can be stored where. Bringing up those rules, and pointing out how the work can be done more safely and follow those rules, can be far more useful than merely saying "we're at risk". The risks are very real, and your concerns well founded.
However, compare it to the security of most academic environments. The passwords are too often kept in the front office desks for easy access. The backup and recovery systems are often a sad joke, and the person responsible for the emaill is far too often someone who says "we trust the people we work with" and the dedicated bad people can't be stopped" and goes on to send passwords in plain text over email, in direct violation of the very policy they signed and published for the school. I've seen all of that happen, personally, at 3 different academic environments in the last decade.
For those people, getting their data into the Google based could is an enormous step _up_ in reliability and security.
Each student should have a pseudonym eg myelemschool_grade2_31415@gmail.com which should be burned after use. Simple.
I gather from your use of the "K-12" term that you're in the US (keep that in mind when you ask such questions).
Your challenge is that you're up against several decades of brainwashing to make you (and parents) believe that your privacy isn't worth anything that that it's somehow bad to insist that the state and companies respect the rights they signed up to when they accepted the Universal Declaration of Human Rights in 1948 (actually there's also such a thing as the right of the child, but both Somalia and the US declined to underwrite that - don't know enough about that to draw a conclusion).
You see, this is the origin of the term "free" in "free" services - all you need to give up is some privacy. So it's not free, you pay with your privacy. What is interesting is that the worst offenders have managed to turn the debate on its head.
You don't have to defend your right to privacy. It's yours, and it's supposedly inalienable. Those who want to invade your privacy have to explain themselves.
Bonus argument for parents: personal details on sites tend to be one programming mistake away from disclosure. Your guiding principle for providing anything to a 3rd party on the Internet is that it is equivalent to giving it to your worst enemy. What's worse, the Internet doesn't forget - this means you're giving information to enemies you haven't even made yet..
Insert
It's funny that OP obsesses over Google Apps. How about their using Facebook and the like? What a kid stores on Google Apps is much less likely to haunt him the rest of his life. How about using Microsoft Office online? Or how about the kids IM'ing, Twitter, texting, DropBox, etc? Or how about a kid using a Microsoft OS getting hacked and having his data compromised by bad guys? That's much more likely to be problematic for kids.
I don't usually mod up ACs, but this is informative and well presented.
We've wrestled with this Google Apps for Education issue as well for a small non-profit I am a trustee of. Is it worth it for the privacy issues? Of course, if the NSA spies on everyone, maybe that is a moot point?
See also John Taylor Gatto on why the system is so hard to change. From:
https://www.johntaylorgatto.com/chapters/17b.htm
------
Power à 22
PLAYERS IN THE SCHOOL GAME
FIRST CATEGORY: Government Agencies
1) State legislatures, particularly those politicians known in-house to specialize in educational matters
2) Ambitious politicians with high public visibility
3) Big-city school boards controlling lucrative contracts
4) The courts
5) Big-city departments of education
6) State departments of education
7) Federal Department of Education
8) Other government agencies (National Science Foundation, National Training Laboratories, Defense Department, HUD, Labor Department, Health and Human Services, and many more)
SECOND CATEGORY: Active Special Interests
1) Key private foundations.2 About a dozen of these curious entities have been the most important shapers of national education policy in this century, particularly those of Carnegie, Ford, and Rockefeller.
2) Giant corporations, acting through a private association called the Business Roundtable (BR), latest manifestation of a series of such associations dating back to the turn of the century. Some evidence of the centrality of business in the school mix was the composition of the New American Schools Development Corporation. Its makeup of eighteen members (which the uninitiated might assume would be drawn from a representative cross-section of parties interested in the shape of American schooling) was heavily weighted as follows: CEO, RJR Nabisco; CEO, Boeing; President, Exxon; CEO, AT CEO, Ashland Oil; CEO, Martin Marietta; CEO, AMEX; CEO, Eastman Kodak; CEO, WARNACO; CEO, Honeywell; CEO, Ralston; CEO, Arvin; Chairman, BF Goodrich; two ex-governors, two publishers, a TV producer.
3) The United Nations through UNESCO, the World Health Organization, UNICEF, etc.
4) Other private associations, National Association of Manufacturers, Council on Economic Development, the Advertising Council, Council on Foreign Relations, Foreign Policy Association, etc.
5) Professional unions, National Education Association, American Federation of Teachers, Council of Supervisory Associations, etc.
6) Private educational interest groups, Council on Basic Education, Progressive Education Association, etc.
7) Single-interest groups: abortion activists, pro and con; other advocates for
specific interests.
THIRD CATEGORY: The "Knowledge" Industry
1) Colleges and universities
2) Teacher training colleges
3) Researchers
4) Testing organizations
5) Materials producers (other than print)
6) Text publishers
7) "Knowledge" brokers, subsystem designers
Control of the educational enterprise is distributed among at least these twenty-two players, each of which can be subdivided into in-house warring factions which further remove the decision-making process from simple accessibility. The financial interests of these associational voices are served whether children learn to read or not.
There is little accountability. No matter how many assertions are made to the contrary, few penalties exist past a certain level on the organizational chartâ"unless a culprit runs afoul of the mediaâ"an explanation for the bitter truth whistle-blowers regularly discover when they tell all. Which explains why precious few experienced hands care to ruin themselves to act the hero. This is not to say sensitive, intelligent, moral, and concerned individuals arenâ(TM)t distributed through each of the twenty-two categories, but the conflict of interest is so glaring between serving
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
I agree with our points as far as they go, and your effort is something to be proud of, but here are some other things to consider which others have raised, plus my own spin.
Most schools do not have the IT staff needed to run secure networks. Neither do many big companies, judging by news reports of various cyber breakins that show up on slashdot regularly. It is not easy to keep on top of every emerging threat from outside or inside. So from a liability perspective, on might argue the school is safer with Google Apps.
Trying to run a local system well also may cost schools a lot of money that will then not go to other educational purposes.
Even when school networks are secure, they can be misused by school staff, such as in the articles a year or so back about a school using laptop webcams to spy on students. Of course, a Google Apps administrator can also read all email under the domain for any account.
I guess maybe the biggest issue is that, as John Taylor Gatto says, "Schooling is a form of adoption": ...".
http://www.the-open-boat.com/Gatto.html
"Schooling is a form of adoption. You give your kid up in his or her most plastic years to a group of strangers. You accept a promise, sometimes stated and more often implied that the state through its agents knows better how to raise your children and educate them than you, your neighbors, your grandparents, your local traditions do. And that your kid will be better off so adopted.
But by the time the child returns to the family, or has the option of doing that, very few want to. Their parents are some form of friendly stranger too and why not? In the key hours of growing up, strangers have reared the kid.
Now let's look at the strangers of which you (interviewer) was one and I was one. Regardless of our good feeling toward children. Regardless of our individual talents or intelligence, we have so little time each day with each of these kids, we can't possibly know enough vital information about that particular kid to tailor a set of exercises for that kid. Oh, you know, some of us will try more than others, but there simply isn't any time to do it to a significant degree.
Why did you let your daughter be thus adopted, and pay $30K a year for the privilege?
Also, sure, some paper could be used against her in a political career. But there is always something. And if it is not findable, people could just make it up. And everyone makes mistakes. So, yes, it could be an issue, but how big an issue may depend itself on power issues. Sometimes trying to dig up this stuff backfires, too. Remember, Hilary Clinton herself used to be a conservative. Did it really hurt her political future with democrats?
https://en.wikipedia.org/wiki/Hillary_Clinton#Wellesley_College_years
"In 1965, Rodham enrolled at Wellesley College, where she majored in political science.[16] During her freshman year, she served as president of the Wellesley Young Republicans;[17][18] with this Rockefeller Republican-oriented group,[19] she supported the elections of John Lindsay and Edward Brooke.[20] She later stepped down from this position, as her views changed regarding the American Civil Rights Movement and the Vietnam War.[17]'"
Tthe NSA and who knows who else apparently snoops on everything. An (older) kid probably has a facebook profile or other online presence. So, in that regard, focusing on internet privacy in schools may be focusing on the less important issue, even if your points may be 100% valid as far as they go.
If you want freedom for your kid long term, you could advocate for stuff like a basic income to level the social playing field instead of compulsory schooling.
http://en.wikipedia.org/wiki/Basic_income_guarantee
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
Is the concern is that a person in the future can see how far ahead or behind you were in elementary school? I can't see what a kid would produce that would interest anyone, except being a target for advertising or being used for marketing research. Toy company looking though kindergarten homework to see if the latest toy cartoon show is impacting the kids? Or future job applicants getting caught lying about where and when they attended kindergarten? It seems unlikely to me to be a problem.
Even so, couldn't a teacher just assign a number or fake name for every student. They could make up new google accounts each year or kids could keep using their online name as long as they want. Teachers will be the only ones with a list of fake = real names, and they would probably not keep them around after the kids move on.
Everybody agrees the Khan academy is a great thing, and doesn't it track your progress?
Its pretty easy to criticize Google without taking a good look at the alternative. Schools do not have the budget or expertise to operate data centers.They do not have the funds to retain staff with the level of technical skills that are mandated by today's cloud solutions. On top of this you have your classic school IT specialist who rejects any solution that does not come from Redmond and is afraid of Linux. Don't mention the "IT" guy who for the sake of maintaining control has access to everyone's password or worse, spends time perusing the email of anyone on the email system including the email of leaders and board members. Layer into this an utter lack of skill in securing the hardware platform and networks. There are absolutely some who are very qualified, but this is not the case for all schools and spending dollars on obtaining such technical skills is most likely an inappropriate use of funds in very many schools.
Contrary to popular belief, one can be concerned about multiple things and choose to discuss just one of them at a time.
And the CAPTCHA agrees with me, "savage".
Google owns 100% of cloud data and can do with it as it pleases.
Until enough of YOU get your head out of your asses and realize there is but only ONE fix... we are all screwed.
Individuals must own their "information property". End of story.
Until this happens we are screwed.
IMHO - use no cloud. Keep your data where you have control of it.
However schools MUST disclose to parents when child's data leaves the school district's control.
"google is too big to fail!"
And find no big difference between MS and Google concerning IT in education. They both behave as dope peddlers [*] on the schoolyard. First they give it away for free. Once the youngsters are addicted, the cash flows in. [*] As Tom Lehrer so eloquently explained in his 1'42" song "The Old Dope Peddler" in 1959. If you don't know the song or the artist, well, why not Google (or Bing) for it?
'Why is "bringing about paranoia" a problem?'
Seriously. I do research with human subjects. If I don't have at least some people choose to decline participation at the point of informed consent, then I assume my consent isn't good enough - participating in any given research project is *always* not a good choice for at least one person.
Then again, you have the interesting situation that formal school-based education is not the correct solution for every single human; using google apps (or whatever cloud-based system a school is considering) is not the correct situation for every child, yet in both cases the benefits to society (shared childhood experience, guaranteed minimum education level; cheaper infrastructure) may wildly outweigh the relatively minor risks for the individuals.
You are aware of these "risks" that you so cavalierly dismiss? I'd say err on the side of safety - if you must have children access cloud services, do so under a proxied account wholly controlled by the school, and regularly switch and delete content. If a single account cannot be tied to an individual reliably, then all data will most likely be "bad". But even so - the data itself is worth something to someone, and should probably not be available to them at all. This whole thing gives me shivers of 1984, Brave New World and Gattaca.
As for paranoia - you're not paranoid if they are watching you - and apparently "they" are, all the time, everywhere you go. At least that's the assumption I'm going with until that's proven incorrect. Given the current headlines that doesn't seem unreasonable anymore. And I used to think some people were paranoid.... What a simpler time that was.
The cesspool just got a check and balance.
The privacy issue isn't one we've given huge amounts of thought to, partly because I doubt even the NAS cares much about a story about a hungry rabbit written by a ten-year-old, but mainly because the issues with their use of mobiles, social media, gaming etc. strike us as much more serious, at least at their current age.
Would it not be possible to sign each student up using an internal annonymous identification number that only the K12 school knows?
If no real name is ever attached to the online school account then all your concerns are irrelevant! The only thing you'd need to teach the teachers (and students) is that they should never attach any personal information to the accounts - done!