Slashdot Mirror
Parents' Privacy Concerns Kill 'Personalized Learning' Initiative
theodp writes: "You may recall that inBloom is a data initiative that sought to personalize learning. GeekWire's Tricia Duryee now reports that inBloom, which was backed by $100 million from The Bill and Melinda Gates Foundation and others, is closing up shop after parents worried that its database technology was violating their children's privacy. According to NY Times coverage (reg.), the inBloom database tracked 400 different data fields about students — including family relationships ('foster parent' or 'father's significant other') and reasons for enrollment changes ('withdrawn due to illness' or 'leaving school as a victim of a serious violent incident') — that parents objected to, prompting some schools to recoil from the venture. In a statement, inBloom CEO Iwan Streichenberger said that personalized learning was still an emerging concept, and complained that the venture had been 'the subject of mischaracterizations and a lightning rod for misdirected criticism.' He added, 'It is a shame that the progress of this important innovation has been stalled because of generalized public concerns about data misuse, even though inBloom has world-class security and privacy protections that have raised the bar for school districts and the industry as a whole.' [Although it was still apparently vulnerable to Heartbleed.] Gates still has a couple of irons left in the data-driven personalized learning fire via his ties to Code.org, which seeks 7 years of participating K-12 students' data, and Khan Academy, which recently attracted scrutiny over its data-privacy policies."
I already feared that every parent of today is on the "total surveillance" trip, teaching their children to kneel before their corporate overlords from their infancy.
But then again, maybe those parents were only concerned about the collecting of data associated with themselves, not their children...
Parents have shown times and times again that they do not know what's best for the children, always living in their past thinking only the way they were bought up is good and everything else is junk.
He can grow 'em in tanks, for his personal slave army.
"Flyin' in just a sweet place,
Never been known to fail..."
Every so often, a little glimmer of good news comes my way. This would be one of them!
Won't let my kid be ID'ed. No law says I have to get my kid an ID. Nor a social security number. Nor lots of other things. School may be required, but letting the school ID my child is not one of them.
Somebody has already cooked up a term for that: https://en.wikipedia.org/wiki/...
You're no longer paranoid. Being concerned about your privacy became just a wee bit more fashionable. Why surrender more data to Big Data that will only end up in the data dungeons of the three letter agencies?
'It is a shame that the progress of this important innovation has been stalled because of generalized public concerns about data misuse,'
OK, so quit whining and fix it. Go talk to Bill and Melinda and ask them to fund some lobbying to get privacy laws with sharp teeth put in place. Simple laws that say something like, "Any company says they won't abuse your data gets shut down and all their assets siezed if they sell, transfer, share with a parter, or in any other way distribute your data, or if they sell the use of your data as a service, or use your data for any purpose or in any way other than what is explicitly stated on the front page of their web site, above the fold, in bold 14 point type."
All we want is to be able to trust you. Since it would be silly to trust an American company that didn't have its financial ass on the line, what we need is for your financial future to be directly coupled to you doing what you claim you were going to do anyway. Put your money where your mouth is; if you're not trying to pull something, it won't cost you a thing.
Stop-Prism.org: Opt Out of Surveillance
Well, knowing that amount of information about the children extends well to the parents.
The organization response does appear to be tone-deaf. I wouldn't care if they had perfect security. I care about what they're going to do with the information.
Don't give them your data... have them give you the engine.
Then you feed the data into it locally, and it generates a customized learning profile which is anonymoized.
Then you anonymously download profile XJ2221LP4-123 whatever and then you get the best of both worlds.
Why are people so stupid... its so fucking easy.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
...how many of these 'concerned parents' are spewing that same data daily over facebook, without a care?
Tangentially related: the other day, my neighbour called up her niece concerned - facebook update informed her that both she and her mother had went to a hospital, and had been there for a few hours. The niece's opening response: "who told you?". She was convinced someone blabbed, when all along was 'use geolocation services' or some such on their phones. They simply had no idea what information they were freely handing out. Have to wonder if some kids had tried to sneak into a bar before, only for their phones to rat them out.
Excuse me while guesstimate the hypocrisy inherent in them refusing something that actually might be of (good) use.
But the simple fact that between US corporations and the US government, privacy abuses have been so bad (although admittedly still better than some other countries) that there is no chance people would willingly opt into any such system. Even if the current incarnation is honest, there is 0% chance that it will stay that way, for one reason or another.
Everyone older than a teenager should remember the whole Google 'do no evil' thing, and many of us honestly hoped that they would stay that way. Unfortunately, reality had a way of crushing Google's desires to be honest and innocent, and to make a long story short they now they play hard ball just like everybody else.
The idea is great. But the reality would have never worked. Just like both Communism and Democracy.
First of all, the summary is misleading. It wasn't parents that "shut this down" (and that would simply happen by parents not utilizing the service in the first place). It was the governments that own and operate the schools. The passed laws that will not allow the schools to share the data in the first place. Big difference. Especially since there was no breach. Nothing "bad" happened to warrant this ruling.
Whether this has always the case, or is simply more apparent in this day and age, I'm not sure. But at this point in time, public schools are operated by cowards. I'm talking about the school boards and superintendents who operate the school districts at the highest levels (where these kinds of decisions are made). I'm talking about everything from their policies regarding "threats" (like how you hear in the news about 10 year olds being suspended from school because they made their fingers into the shape of a gun and made a sound), to locking down schools with video cameras at the entrances so parents have to show their ID and be buzzed in just to have lunch with their child. An event happens at one school in the entire nation, and suddenly that is somehow a realistic threat to that every other school in the nation too. It's because those operating the schools at the highest levels are cowards. They say they have "zero tolerance" for many things now (like the whole "gun" threat nonsense), which really means "We absolve ourselves from having to think or make decisions in any way, so that we, the school board, have zero liability at all in the event, no matter how remote, that something bad happens at our schools." Cowards .
Now this whole inBloom thing, whether a good idea or not, is dead because of those cowards. Parents no longer have this option, in the 21st century, to simply consolidate their children's educational data to a single 3rd party service. Why? Because school officials, in their fear and ignorance, assume that somehow it's all going to be breached - and here's the key part - and that they will be responsible and bear some degree of liability.
Better known as 318230.
Am I the only one who hears "personalized" in a "database" and smells bullshit?
Personalized learning is nothing new... The documentation and tracking of everything is what is new. To have these privacy concerns is also kind of naive. Schools, in order to do their jobs well, need to know everything about a child. In Illinois, many (I am a little skiddish about saying all) schools use the states SIS (Student Information System) It is nothing more than a data base of the student: All Demographics, All grades, All Courses, All Teachers, All attendances, All comments by teachers, etc.) This SIS is run by The State Board of Education (Kind of a lame duck body that just blows Madigan whenever the need arises.) The teachers in schools may not knowingly use SIS, but all schools are required to use this (Or say goodbye to funding: Schools are basically whores for cash in order to operate at the students expense.) At my school teachers use STI (I've no clue what it stands for, Student-Teacher-Information?) that must "sync up" all data with the State's SIS. This SIS system has way more than 400 data fields.
it sounds as if parents thinks that privacy is a possibility any more in schools. It isn't. The government requires too much documentation of everything. The schools must comply. Blah, I am gonna quit while I am remembering to check "post anonymous" for reasons of tenure being a joke. (This is exactly what tenure is for:. having a contrary belief than the local government and being protected. Not for keeping a jack-off-of-a-teacher employed.)
I agree that it is good to hear.
I would also add that it is actually dirt simple for companies to assure "security" of this kind of personal data: all they have to do is not collect it in the first place.
The organization response does appear to be tone-deaf. I wouldn't care if they had perfect security. I care about what they're going to do with the information.
Exactly... And being US based, you can't trust what they say anyway, because they can be legally order to lie to you.
It really, doesn't matter what they say... At the end of the day, the US doesn't have a legal framework to support safe use of private data for good, without risks that it may end up at NSA (or big insurance companies).
Closing this was the only way, given the current political landscape in the US big data is never safe.
Being close to this whole mess, I can tell you that it was parent and union advocacy groups that shut down InBloom, not districts or schools. The privacy activists worked with sympathetic legislators to kill this. Schools and districts had a range of opinions from strongly opposed to strongly supporting. It was the vocal, minority activism of a small group of NY citizens working with their legislators that killed this thing.
Whether it should have been killed or not is another question. I can say for sure that the data elements to be tracked in InBloom *were already being tracked* inside systems around the state. There was no new data collection. These data were *already being aggregated at the state level* as well so there was no new centralization going on either. The only new feature of InBloom was a set of programmer friendly api's to make creating apps on top of the data easier. That's it. Everything else was already in place, and remains in place. The difference is that to access the data, you now will have to use painful bulk api's and transfer formats, which makes it harder for innovative companies to provide services. The big, old enterprise school software companies will be able to continue with business as usual.
So when the governor agreed to kill this as part of a budget deal with the activists and their legislators, the deal was struck as narrowly as possible - killing InBloom, but leaving the rest of the collection and data management infrastructure in place. Status quo won.
Nothing good has been done as a result, in my opinion (being in favor of using digital tools and data to help kids learn), but not much has been done to protect kids from having their data spread into many different systems either, so the activists won the battle but have probably lost the war, at least in NY.
Well, I think the problem with a lot of people not being concerned about privacy is because, we've all already had our data stolen. Most people didn't even know it was a "thing" until it was too late. Kind of like going to church or exercising. As an adult you think back "I wish I had gone to church or exercised instead of doing all that coke and killing that hooker... hey... I could make my kid do it the right way though!" and viola...
I worked at inBloom.
A couple things worth mentioning.
The code is completely open source: https://github.com/inbloom/secure-data-service
We did not have access to the student data (its encrypted) nor could we ever sell it (unless we all wanted to go to prison because its against the law). An alternative to shoving student data into our system was to simply run the system yourself (hey the codes available! anyone could run it!). The objective was really about interoperability. Schools now have data in a myriad of systems all with really poor security. What if we had a single location (could even be on site) that housed this data with a modern RESTful API. That was the goal of making it easy as hell for developers to write apps against this data to benefit teachers and students.
Everyone that works for the company is really passionate about helping students. Nothing more and nothing less. I know thats hard to believe but its true.
Projection?
I work with various schools on technology projects. Literally every school has a school management system and most a learning management system. These systems already track all of that information. Many states in the US have these systems at the district level, so people do not even know they are being tracked and what data is going in. I work with Private schools where parents have a portal, normally, and they have some core info to enter and the rest is "optional" depending on what country the project is in.
These systems are expensive and many are tied to curriculum materials, so if a school has access to the technology they need for free - and all the alternatives are the same but are going to impact the budget - then reacting this way is not going to change anything.
Even schools with proprietary databases and management systems commonly use the data for government projects and to populate other databases that add additional functions.
I agree with the idea in principle, but the reality is that the cost of education rises for families if the opt out of sponsored or subsidised programs.
Common Core Sucks :)
We were fighting it like crazy and it was our kids' data we were concerned about. One of the big problems was that it wasn't opt-in. It wasn't even opt-out. It was "the government has decreed that parents aren't allowed to opt out." So you couldn't make an informed decision about InBloom. Your child's data was going there whether you liked it or not. Add in the fact that InBloom stated that they would release the data to "third parties" and you can see why parents like my wife and I were fighting it as much as we could.
We were happy to hear that InBloom was being shut down. The only problem with the shut down? What about the data that was already uploaded? Who is getting that and what are they going to use it for?
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
They retained the right to sell information to third parties. So that data on your child that you couldn't opt out of giving inBloom could go to some marketing agency so they could sell something better to your child.
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
FTA:-
Wow. Sounds like a gross invasion of privacy. If I was the student, I wouldn't want my teacher to know that I was a "victim of a serious violent incident". Not to mention once this kind of data gets into a database, its pretty dang hard to get it permanently scrubbed. So, what do the students get out of giving away their personal details?
Do teachers really need all this information to teach effectively? Do teachers even have the time to prowl through these thick databases to "tailor" their teaching methods? And what's wrong with teachers getting this information they need the old fashioned way -by winning the trust and confidence of the student/parent and being told directly? And is the student's teacher the only one privy to this information?
Even more fundamentally, it is fair to pigeonhole the students, each of whom are unique individuals with their own feelings, drives, desires and motivations into anonymous datasets and discrete categories so that they can be dealt with by the numbers?
This initiative seems to have been very badly thought out. Humans are not machines.
So they got caught with their pants down, okay. Not the first group this happened to.
It would be better to hear their logic for collecting this data to begin with. If they wanted personalized learning, I'm pretty sure a student ID unique to each student make more sense than gathering data on parents, their partners, reasons they missed class, etc...?
If they really and truly only wanted to help personalize learning why not trim off the data people took issue with? They obviously wanted that data more than they want to really wanted help people.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
I'm sure the data will be of interest to any individual or organization targeting vulnerable children, and their fearful parents.
Some possibilities off the top of my head:-
Quacks selling miracle cures for sick children.
Organisations selling therapy/schemes/camps/training for out of control children.
Quasi-religious entities recruiting impressionable members.
Criminal organizations seeking malleable stooges.
Adults seeking children with less adult supervision for more nefarious activities.
In contrast, marketing would be the least of my concerns, actually.
The ultimate poison pill for any startup company. This would effectively prohibit any future funding or merger. "Gee, guys, you have a great idea and we'd love to buy you out to bring your idea to a larger audience, but our lawyers won't let us assume the liability of dealing with your data."
You're overlooking the fact that if there was such a law, it would apply to everyone, not just startups. Want to deal with existing established companies? Same problem. So now you have the interesting choice of either accepting the risk, or leaving the market entirely.
And there will be some companies who are willing to accept the risk, provided the rewards are commensurate.
...how many of these 'concerned parents' are spewing that same data daily over facebook, without a care?
She was convinced someone blabbed, when all along was 'use geolocation services' or some such on their phones. They simply had no idea what information they were freely handing out.
You contradict yourself. First you claim that the parents spew data "without a care". But in your example, the niece clearly did care about the loss of data, she was simply technologically inept at securing her phone.
And, even that is understandable. Frankly speaking, can you honestly claim that you know and approve of every bit of data that leaves your phone? That you are fully conversant and familiar with the multitude of information that is being broadcasted from your phone, right this minute, by the OS, the various apps, the underlying hardware itself?
Hypocrisy is also evident when you accuse others of sins being committed by yourself.
And beyond that, it doesn't matter what they say or how sincere they are today. Tomorrow they may unilaterally change the agreement without notice. Why the courts don't shred any contract claiming that right, I don't know.
kill education like they killed this site earlier with their coordinated DoS attack. It's sad when anti-tech people can so easily kill a tech site.
The government (and their private sector lobbyists) has made it quite clear that they don't give a shit about anyone's rights or privacy. Parents have a right to be concerned. These days there is a 'permanent record', and with ever growing numbers of data points being added, the probability of having your career torpedoed for out-of-context events that happened decades ago is growing radically.
We don't need more tracking for a goverment to abuse.
US doesn't have a legal framework to support safe use of private data for good
What possible good comes from collecting a person entire life? If ti is for bettering their health that shit solely stays with a health care provider/doctor, which would bring your comment US doesn't have a legal framework to support safe use of private data for good back into the fray.
Two problems, the governments spying and collection of personal data including possible DNA, and advertisers.
I don't want to here some BS over bettering kids educations, when the only goals that hack Gates and the rest have is to create worker drones. Not to free up minds and better the f'in planet.
I'm not sure if this is a nation wide change, but in Pennsylvania their changing the report card grading, on top of the typical ABC, ect. The will use additional lettering, the lettering along with small memo descriptions that are underlining what subjects a child is doing well on, and which subjects he/she needs to improve on. Or what parts of a subject they are understanding and which parts their not.
That keeps privacy in what we call the analog world, and it will help teachers/students/parents better understand how to "HELP' a student.
inBloom has world-class security and privacy protections
Oh, yeah. And I have an e-mail in my inbox from Yassir Arafat's widow promising to transfer $100 MILLION to my account.
How credible do those folks think they are?
Which, of course, it is not, that still leaves the entirely reasonable objection that they have the data for any reason at all. Why should they be trusted with it?
Exactly... And being US based, you can't trust what they say anyway, because they can be legally order to lie to you.
No.
They can be ordered to lie, and even intimidated with the threat of a legal procedure.
That doesn't mean that it is legal in any way.
In order to ascertain whether a learning program works well the first item needed is solid testing so that you know where a child is at in his learning path. Sadly efforts to do real testing get sabotaged by the powers that be. For example we have the F-Cat testing which is sort of an anti learning device. The reason it is negative is that schools know what will be on the tests and when the tests will take place. The S.A.T. tests have suffered a similar fate. These days it is normal to study for the S.A.T. exams and the announced date of the testing is made known well in advance. That negates the entire testing process. Imagine that a whistle blows and the school is informed that the test is right now. Imagine that the test is confined to one, narrow subject. Further there a numerous versions of tests for each subject such that study in advance simply can not be done. This way you can quickly and easily find out what a student knows in a particular subject. The next semester the probability would be that an entirely different subject would be thrust at the students. This would allow inexpensive and fast testing and no group could gain an edge by simply hiring a specialized tutor or buying focused books on the tests. So this year little Johny happened to be tested on long division. Both Johny and his school can be evaluated on the students ability to do long division. Next year it might be grammar or geography. The truth is that schools do not want their real success to be known just as the city mayor also does not want the quality of the school to be known.
Interesting comment, but I think there is one fact to get straight on around inBloom... inBloom's data service was set up so that the data was encrypted against inBloom via keys held by the school districts or education agencies. So how were they going to mine student data if they couldn't read it? Even metadata except for who accessed the student data and when would be relatively unavailable to them. Their code base is open source so you can see how they were encrypting it against themselves and that there were no mechanisms for exporting the data that were unencrypted unless you had that special key to unlock it.
A lie. They did not retain the right to sell it to 3rd parties. It is illegal to do so.
Fact. Data on inBloom's data service was encrypted against inBloom. There is nothing they could do with the data since they couldn't read it without the keys held by the education agencies. So even if they didn't completely scrub the data from the systems (which I am sure they were contractually required to do) the data would be useless to them since they couldn't read it.
I have spoken to inbloom employees quite a bit at conferences. Everyone is so quick to vilify and paint inBloom as the evil data mining company that wanted your student data and wanted to sell it. Inbloom's code reveals that their data service encrypted the data against their viewing or manipulation. Decryption of this data required a key that was controlled by the school districts and agencies. So what was inbloom even going to do with garbage data? This was done by design by people who wanted you to feel safe around your student data because inbloom didn't actually control access or readability to it. Only educational agencies controlled it. They open-sourced it so anyone could read it or install it themselves. They made themselves a non-profit so that everyone would know that they were not in it for the profit. They also distanced themselves from Amplify because everyone suspected a conspiracy. I imagine they couldn't get away from the Gates foundation because they were funding everything. The thing though is that I met most of the inbloom people at various conferences and they were passionate and in integrity about what they were doing. They wanted to help teachers teach students better by using technology to simplify the teacher's lives. Nothing more nothing less. I even spoke to the head of their server team last year in Portland (Michael?) and he clearly stated that he controlled access to the computers that housed the data and even for the secure data only 4 people in the entire company had access. He looked me in the eye and said that absolutely no one was selling data, analyzing data, or doing anything with the data at inbloom and that they never would. He said not only was the data unreadable to them, but that if he was ever forced to give even the encrypted data to anyone he and his entire team would quit the company. He also stated that his executive team from president to tech all felt the same. He said it with such certainty that I knew it was true. I wish them all well and thank them for at least attempting to help teachers and students.
These parents are idiots. I found their kids on Facebook, as well as the candy van stalkers that have been trying to meet up with them.
Support my political activism on Patreon.
Yes you are lying...
From here https://www.inbloom.org/privacy-security-policy.html
The privacy and security provisions in this Policy do not apply by the terms of this Policy to Customers' contractors and Third Party Application Providers.
"Personally Identifiable Information" (or "PII") means any information defined as personally identifiable information under FERPA. The personally identifiable information of teachers and other educators will also be treated as PII under this Policy. Some identifying information of teachers and other educators (such as name, role, subjects taught, and similar publicly available school-related information) may be made available through inBloom to Customers and Third Party Application Providers solely for the educational purposes of inBloom.
It would be better to hear their logic for collecting this data to begin with. If they wanted personalized learning, I'm pretty sure a student ID unique to each student make more sense than gathering data on parents, their partners, reasons they missed class, etc...?
Yeah, cause you can tell so much about a person by an arbitrarily assigned ID. The ID tells you all you need to know about what kinds of learning materials might work best for someone, or what wouldn't be appropriate. Yeah, you know from the ID that a child is in a single parent home so you might want to tailor the material towards examples that he will be familiar with (because you also know that the student is a boy from his student ID.)
And when the next arbitrarily assigned ID shows up on the system, you can tell from just the ID that this girl (which you know because of the ID, of course) is in a similar situation as half a dozen other students (which you know by just matching IDs, of course) and would be better served by materials similar to the ones that work well for them.
The whole concept of personalized education is that YOU NEED TO KNOW THINGS ABOUT THE PERSON YOU ARE EDUCATING so you can, you know, personalize it. In the Good Old Days of single room schoolhouses the teacher knew every student and the parents and kept a database in his head. In the online world that means the database is ...
They obviously wanted that data more than they want to really wanted help people.
Yeah. Obvious. It couldn't be because the entire concept of what they were doing is based on knowing things about the student so they can, you know, personalize the education.
The standardized testing systems are being criticized because they assume a common cultural knowledge and some students don't do well because they don't have that experience. An impersonal test asks Billy the farmer's son the same kind of story problems it asks Martha the single-mom-in-the-tenement-house's daughter. If you're going to remove those biases in the tests (and in the education behind them) you need to know "where does Billy/Martha live?", "parents?", "income?", etc.
Given that the uploaded data would have included IEP information (including medical diagnoses), disciplinary information, and even teen pregnancy information, all those would have been possible.
Of course, InBloom has been shut down but some of the data had been uploaded. What happened to that data? Who has it now and will it be deleted or used for "other purposes"?
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
No actually they didn't. This is against the law. They cant even if they wanted to.
Where does it say anything about selling data? Isn't that illegal for them to do under Federal law? Also those Contractors and Third Party Application providers are authorized by the Customer so ultimately it is still the Customer (school,district, etc) who dictates who gets access, not inBloom. So again if you have a problem with where your information is going talk to your school. inBloom was never at fault, in my eyes, in that they did the right thing. They were never about controlling the policies of school districts and education agencies. Notice also that it says already "publicly available school related information" so if it already publicly available then why find fault with inBloom's privacy policy?
You are telling me it's impossible to gauge someone's knowledge or tailor learning to something like testing and progression, and you have to know who a kids parent is sleeping with? Seriously, hold that thought a minute.
Hahaha, haha, hahahaha, OMFG! Hahahaha.
Okay, sorry. Have a nice day sir.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
It's not a "pinkie swear" that prevents release, it's FERPA - the federal education data privacy law on the books since the seventies and actively enforced by US Dept of Ed. Large corporations in education pay serious attention the rules under FERPA and do not, in my experience, sell out student data to anyone. It's against the law and the penalties are real and very significant to these corps. The loss of credibility on the management of data could very quickly put any one of a number of large educational publishers out of business, so the minor benefits of selling out to lowlife advertisers etc is not worth it, given how lucrative their existing lines of businesses are.
This would be a significant point if the data weren't already collected and used by the state and contracted third parties already. Parents can't opt-out of the data systems today, and InBloom didn't change that situation one way or the other. Other third parties already maintain the same data as InBloom would have, and will continue to do so today. And there is no opt-out of that.
Put another way, for example, if a parent wants to opt-out of data systems, it becomes very hard to make sure that every kid arrived safely on the buses because the rosters of students who are in school are digital. So the principal and teachers would have to maintain a paper opt-out list of students who are non-digital and manage them on ledger books while all the other students are tracked via digital systems. It's pretty unreasonable to offer parents opt-outs from digital tracking for these reasons. If the school is offering all digital assessments, same thing: a small percentage of kids have to take the test on paper and have it hand graded? I just can't see how this makes any sense if you want to run a school effectively in the modern age. It would be like offering employees an opt-out from email, telephone or source control or something..
The best way you Americans can fight this shit is to just pack your shit and move to another country. Every time you pay your taxes it goes towards all kinds of things like this. Just go.
If they "personalize" learning the same way Facebook "personalizes" ads. Then I don't blame them for not wanting it.
while